Skip to Content
Technical Articles

[Part 2] Connect on-premise systems on SCP through Cloud Connector (Neo)

Hey, welcome back! This is the second part of our “The Dev Hero, a journey in the digital transformation” journey.

In today’s post, we’re going to connect a system – which is located in a on premise architecture, to a SCP account through SAP Cloud Connector. Regardless the type of account you owns (trial/paid), the procedure described here works for both, and at the end you will be able to connect SAP and non-SAP solutions on it.

Do not forget to like and to leave a comment,  help us to improve our work 🙂

The diagram below higlights SAP SCC in a simple architeture.

If you dont have any AS ABAP system installed, take a look at [Part 1] – Installing SAP NetWeaver AS ABAP Developer Edition 7.52 SP01 on VirtualBox (Ubuntu 16.04)

The high availability and failover mechanisms will be discussed in a different post. Failover and High Availability for SAP Cloud Connector (using Docker)

Glossary

1. What’s SAP Cloud Connector (briefly)
2. Before start, make sure that:
3. Use case
4. Configure SCC
4.1 Logon and first steps
4.2 Add System Mapping
4.2.1 Choose Back-end Type as ABAP System
4.2.2 Choose HTTP protocol
4.2.3 Internal<host>and<port>
4.2.4 Virtual<host>and<port>
4.2.5 Choose the Principal Type
4.2.6 Enter any description
4.2.7 Check host connection after finishing configuration
4.2.8 System reachable
4.2.9 Proxy configuration
4.3 Resources accessible on instance

1. What’s SAP Cloud Connector (briefly)

SCC – short of SAP Cloud Connector, is an on-premise agent that acts as a proxy (not a reverse one) by establishing a secure tunnel between on-premise system and SCP – short of SAP Cloud Platform. In this manner, is possible to expose local services to cloud efficiently, and use them in a chain of communiction.

2. Before start, make sure that:

3. Use Case

An AS ABAP system is up and running locally, business want to expose a few services outside company boundaries to be consumed in Apps, SAP cloud solutions and even third-party solutions. As most of the AS are SAP based – and the cloud system is also SAP based, the solution architect have decided the use of SAP Cloud Connector to establish secure tunnel between on premise system and cloud landscape.
*AS – Application Server

Take a look on the diagram below. The system to be exposed is the ECC, and only the Gateway part containing OData will be exposed. In this manner, ECC is securely connected to SCC, which provides a secure tunnel SAP Cloud Platform.

Also notice there’s another SCC server connected representing the failover instance for high availability. It won’t be discussed here today, but if you want to know more about it take a look at Install a Failover Instance for High Availability and Failover and High Availability for SAP Cloud Connector (using Docker).

Does the solution architect could decide to use a different tool than SCC ?
A: Surely, it’s possible to create a secure chain communication by using Nginx as reverse proxy instead.

4. Configure SCC

4.1 Logon and first steps

Pre requisite: the subaccount is already configure on Cloud Connector. Read more in Connect Cloud Connector with trial subaccount.

Log on to the SCC administration UI and choose Cloud To On-Premise under the subaccount menu option. When the left window opened, choose ACCESS CONTROL > Mapping Virtual to Internal System > Add (+).


4.2 Add System Mapping

In this step, a mapping of an existance system will be created by using the IP or hostname of the ABAP system. The Internal Host system will be mapped to an Virtual Host one hidding sensetive information and attributes of. Virtual Host itself can  be access through the SAP Cloud Platform Connectivity service.

  • Choose Back-end Type as ABAP System


  • Choose HTTP protocol


  • Internal<host>and<port>


For this example the AS ABAP system NPL – which is a free of charge instance, is used. If you’ve followed the [Part 1] – Installing SAP NetWeaver AS ABAP Developer Edition 7.52 SP01 on VirtualBox (Ubuntu 16.04), the hostname used is simply the same. Otherwise, you have to get further IP or hostname details of server in SAPGUI or with the IT administrator.

The FQNDvhcalnplciwas previously configured on /etc/hosts.Using server IP also works, but using the hostname approach turns the configuration IP indepedent, that means if the server configuration have change for any circunstance, the SCC connection won’t fail.

  • Virtual<host>and<port>


  • Choose the Principal Type


  • Enter any Description


  • Check host connection after finishing configuration


  • System reachable

Finally, the ABAP system is shown as reachable. If you notice for a different status than this one, review every step for some missing or wrong configuration. The most errors are related to host and port, but proxy errors might happen too, so make sure you’ve configured properly on Configuration.


  • Proxy configuration

Go through Configuration > Cloud > HTTPS Proxy


4.3 Resources accessible on instance

As mentioned previously, we want to expose only the Gateway part of the AS ABAP server, so it’s necessary to provide the appropriate configuration in order to make gateway objects accessible outside of SCC.

In Cloud to On-Premise > ACCESS CONTROL > Resources Accessible On abap-as-hanatrial:443 hit the Add (+) button

The Add Resource is displayed, so inform the OData Gateway path, and choose Path and all sub-paths. It will make services resources available at all.

Done! Now you have a fully secure tunnel established between on-premise and SCP subaccount. To make sure you’ve completed the configuration successfully, access your subaccount on browser and choose Cloud Connetors under Connectivity

As result, the Resource is shown as available.

Did you enjoy ? Don’t forget to comment below.

Cheers
Arthur Silva

 

12 Comments
You must be Logged on to comment or reply to a post.
  • Hi Arthur,

    I have followed the steps given above, i am having Not Reachable error while checking internal host.

    What to maintain in the internal host and proxy configuration?

     

    Thanks,

    Shan

    • Hey Shanmunga, hope you’re well.

      Make sure your internal host is reachable by SCC by pinging from the OS to the internal host.

       

      For a better understanding, please share your system mapping configuration.

      Cheers,
      Arthur Silva

  • Thanks for the Blog.

    Connection from Cloud Platform to S/4 STE system works.
    But how do we handle the following scenario?
    S/4 On premise <-SOAP-> CPI <-SOAP-> 3rd Party Application On premise

    I guess we will not use the address https://XYZ.hci.eu2.hana.ondemand.com/cxf/mySOAPService to call the CPI SOAP service, because then we move outside of the local network.

    So how do I call a SOAP service on CPI from on-premise S/4 system?

    Thanks in advance!

    Best regards,
    Thorsten.

     

    • Hey!

       

      In case you’re working on the trial version, you have some limit. Check the Quota Plans on the SCP cockpit.

      For productive use, I would suggest you to contact the service provider directly for further info.

       

      KR,

      Arthur Silva

  • Hello,

     

    I followed Part 1 and 2 of your tutorial – thank you for the information you put togehter!

     

    I am having one problem at the end: in the SAP Cloud Foundry (not the neo edition) the Cloud to On-Premise Connection is not shown since there is not “Cloud Connectors” Button / Menu below the “Connectivity” Menu. I tried to add a Destination to access the on premise backend, but when I click on “Check Connection” (under “Connectivity” in the SAP Cloud Platform Cockpit”) I get an error:

     

    Failure reason: “Could not check at the moment. Please try again later”
    I entered the following information in the destination configuration:
    Name: abapBackend1
    Type: HTTP
    Proxy Type: OnPremise
    Authentication: BasicAuthentication
    User DEVELOPER
    Password: Down1oad
    Am I missing something?
  • Hi  Arthur Fuscella Silva, thanks for this blog. Do you know the procedure to make connection with SCP  Cloud Foundry? I have done the same procedure that I had done in Neo, but in CF a error persists when checking connection “Failure reason: “Could not check at the moment. Please try again later””