Skip to Content

Foreword

In my last Blog SAP Analytics Cloud – Hybrid Customer Experience based on HANA Enterprise Cloud (HEC) I went over Customer experience with SAP Analytics Cloud and SAP HEC by focusing on project and best practices. I would now like to give a much more technical feedback about this experience especially regarding network settings.

Before reading this post please read my wiki : SAP Analytics Cloud Connectivity Guidelines which could help you to better understand SAP Analytics Cloud connectivity.

SAP HANA Enterprise Cloud is the standard SAP Infrastructure-as-a-Service to host on-premise customer applications. SAP HEC hosts more and more on-premise customer SAP Applications. We currently have customers requesting to connect HANA, BW, S4/HANA, etc. from SAP Analytics Cloud.

In the following chapters I am going to detail scenarios which have been proven in some customer Proof of concepts I currently did in past months..

For this blogs, Customer Business users could be located in three different domains:

  • Public domain
  • Customer domain
  • HEC domain

Data Sources are located in two different domains :

  • Customer domain
  • HEC Domain

HEC Data Acquisition scenario

HEC Data Acquisition Scenario

  1. In such scenario, SAP Cloud Connector is located in HEC domain. Customer Domain based data sources are accessed thru a dedicated VPN connection between HEC domain and Customer Domain.
  2. Outbound HEC Service ticket has to be requested to enable SAP Cloud Connector to connect SAP Analytics Cloud Tenants. See my wiki chapter 5.3.1.2 Network prerequisites
    to know more.
  3. Outbound HEC Service ticket has to be requested to enable HEC based Business User to access SAP Analytics Cloud application.

HEC Live Connection with CORS scenario

HEC Live Connection CORS Scenario

  1. In such scenario, specific Outbound HEC Service ticket has to be requested to enable HEC based Business User to access SAP Analytics Cloud application.
  2. Outbound HEC Service ticket has to be requested to enable HEC based Business User to access Customer Domain based data sources.
  3. Inbound HEC Service ticket has to be requested to enable Public Internet based Business User to access Customer Domain based data sources.
  4. Inbound HEC Service ticket has to be requested to enable Public Internet based Business User to access HEC Domain based data sources.

HEC Live Connection with Reverse Proxy scenario

HEC Live Connection Reverse Proxy Scenario

  1. In such scenario, specific Outbound HEC Service ticket has to requested to enable HEC based Reverse Proxy to access SAP Analytics Cloud application.
  2. Outbound HEC Service ticket has to be requested to enable HEC based Reverse Proxy to access Customer Domain based data sources.
  3. Inbound HEC Service ticket has to be requested to enable Public Internet based Business User to access HEC based Reverse Proxy.

HEC Live Connection with Reverse Proxy and SAML2 SSO scenario

SSO SAML2 federation protocol requires network settings to enable smooth flow between Browsers, Identity Provider and Service Providers.

To understand required network settings, find below a reminder of SAML standard flow (Keep in mind color coding).

Standard SAML 2 flow with SAC and Data Sources

HEC SAML Flow Live connection with Reverse Proxy Scenario

In Reverse Proxy configuration, Browser needs to connect SAP Analytics Cloud and Identity Provider through Reverse Proxy. It is not necessary for Back-end Data Sources.

  1. In such scenario, specific Outbound HEC Service ticket has to requested to enable HEC based Reverse Proxy to access SAP Analytics Cloud application SAML2 address (authn).
  2. Outbound HEC Service ticket has to be requested to enable HEC based Reverse Proxy to access Customer Domain based data sources SAML2 Address.

HEC Live Connection with CORS and SAML2 SSO scenario

HEC SAML Flow Scenario with CORS

In CORS configuration, Browser directly connect SAC and Identity Provider.  This configuration is quite simpler to set and administrate.

  1. In such scenario, specific Outbound HEC Service ticket has to requested to enable HEC based Business users to access SAP Analytics Cloud application SAML2 address (authn).
  2. Outbound HEC Service ticket has to be requested to enable HEC based Business users to access Customer Domain based data sources SAML2 Address.

I hope this blog post will help you to successfully connect SAP Analytics Cloud to SAP HANA Enterprise Cloud.

Thanks.

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply