Alerts from your SAP Cloud Platform Solution to SAP Solution Manager via SAP Cloud Platform Alert Notification
This blog post is part of a series of blog posts related to SAP Cloud Platform Alert Notification service. You can relate to the parent blog post for more detailed information about the service itself.
For the sake of readability, we often use Alert Notification as a short form of the complete SAP Cloud Platform Alert Notification name.
We are happy to announce that now Alert Notification offers out-of-the box integration with SAP Solution Manager 7.2. This ensures broader monitoring coverage of hybrid scenarios, as SAP’s customers would be able to receive alerts from SAP Cloud Platform in their on-premise SAP Solution Manager systems. How it works? Utilizing the Alert Notification’s Consumer API, SAP Solution Manager 7.2 pulls events that are explicitly set to be stored in Alert Notification for later consumption and reports them in on-premise monitoring tools. The Alert Notification supports similar integration with Focused Run for SAP Solution Manager (FRUN), so stay tuned for further news!
In this blog post we are going to exemplify a basic scenario, in which a SAP Cloud Platform Neo subaccount will be integrated with a Solution Manager system.
Note: Integration with SAP Cloud Platform Cloud Foundry subaccounts is supported as well.
- Active subscription to SAP Cloud Platform Alert Notification
- SAP Solution Manager 7.2 SP08 or higher
- SAP Cloud Platform subaccount (Neo)
- Application deployed in SAP Cloud Platform, which will be monitored
In order to ensure secure HTTPS communication, we have to import the SAP Cloud Platform SSL certificates in the Solution Manager Trust Store, using configuration STRUST.
Note: Even if your scenario features the usage of SAP Cloud Platform Neo subaccount, the SSL certificate for SAP Cloud Platform Cloud Foundry is still needed, as Alert Notification technically runs there. To be sure you are about the export the correct certificate, as a hint I would suggest to navigate to the Alert Notification UI -> tab Security and start the Event Consumer Endpoint in a new browser. Then, export the SSL certificate from there. Thus, you can ensure its relevance. Refer to the following link for importing the SSL certificates.
Configurations in Alert Notification
1. Let’s start by creating a technical client in the Alert Notification, which is going to be used later for the SAP Solution Manager integration.
Logon to your SAP Cloud Platform subaccount. Navigate to the Alert Notification UI, tab Security. Choose “Create Technical Client“. In the new dialog, select client type “NEO_CUSTOMER_INDENTITY” and enter a meaningful description. As a next step, grant permissions to your client. In general, for this scenario “ALERT_READ” would be sufficient. Click “Create“. You will be displayed with the Client ID and Client Secret.
Note: Save the Client Secret for later usage, because it cannot be retrieved anymore. You can get more details here.
2. Create a “Store” action. What this action type does? It temporarily stores notifications in Alert Notification, so they can be pulled later by 3rd party application. You can check for more details here.
In the Alert Notification UI, navigate to tab Actions and choose the “Create” button. From the available list, select “Store” and click “Next” . Enter a name for your action and optionally description, label(s).
3. Assign the new “Store” action as outbound channel for an active subscription. In this showcase, the subscription is already created, but no action has been assigned to it. Well, let’s do it now! We are going to edit subscription “alerts-app-web-shop“.
Skip the first two steps, suggested by the Wizard, and head to “Select Actions“. From the available list select the newly-created action:
Click “Assign“. You will be displayed with an overview of the subscription’s details.
Configured in that way, the Alert Notification is going to store all incoming alerts related to application called “web-shop”, running in our SAP Cloud Platform subaccount. If you need further help regarding the Alert Notification’s terminology, please refer to the official documentation.
We are done with the adjustments in the Cloud. It’s time to configure our SAP Solution Manager system for being able to communicate with our SAP Cloud Platform subaccount.
Configurations in SAP Solution Manager 7.2
1. We have to integrate manually our cloud service within SAP Solution Manager. As a result, it should be listed in LMDB as an external service. Thereon, we can monitor exceptions that occur there. To ensure this configuration use SAP Solution Manager Configuration (transaction SOLMAN_SETUP). Navigate to Managed Systems Configuration → Cloud Services → Cloud Service Operations → Create Cloud Service. From the drop-down list select service type “SAP Cloud Platform” and click “Next“. Define the SAP Cloud Platform environment, in which you subaccount is running, and the relevant subaccount’s ID.
Moving forward, you will be prompted with a prefilled name for Extended Service ID. However, you can change it now, as later it will not be possible. The goal is to uniquely identify your cloud service. The base Alert Notification’s Consumer API URL will serve as a Root URL. Navigate to tab Security in the Alert Notification UI to obtain the correct value.
Note: Copy the link from “Event Consumer” till .com including.
See more details in Credential Management for Neo environment.
Finally, you will be displayed with an overview of your new cloud service configurations. If no changes are needed, click “Finish“. Now, your service should be visible in Managed Systems Configurations -> Cloud Services.
2. Let’s create an HTTP endpoint for the new cloud service. It will ensure data collection through a direct connection between the SAP Solution Manager system and the respective cloud service. For this purpose, navigate to Managed Systems Configuration → Cloud Services. From the list below, locate the new cloud service and click “Configure Cloud Service“. From section Cloud Service Endpoints select “Add“. You will be displayed with a form. Below there are some tips about how you can get the required details:
- API Type: from the drop-down list select “Alert Notification Service“
- Root URL: if it is not prefilled, enter the base Alert Notification’s Consumer API URL, as described in step 1 above. In our case, this is https://clm-sl-ans-live-ans-service-api.cfapps.eu10.hana.ondemand.com
- Description: enter a meaningful description for the purpose of the HTTP endpoint
- OAuth URL: you can find it in the Alert Notification UI, section Security. Simply copy and paste the link provided for OAuth Token
- User: enter the Client ID of the OAuth client you have created in Alert Notification
- Password: use the Client Secret provided for your OAuth client
- Enter proxy settings if applicable and save the configurations.
Once you are ready, save the changes and optionally you might want to check the connection. It should be rated with a green status.
3. It’s time to configure and activate the exception monitoring. All exceptions, in the context of our scenario alerts, are collected via Exception Management and stored in a central exception store. To access the Exception Management setup you can use transaction SOLMAN_SETUP → Application Operations (left-hand side) → Exception Management. Go to step “Define scope” and from the section below select “Cloud Services“.
Note: If your cloud service is not among the listed, switch to View type “All Cloud Services“.
Select your cloud service and click “Next” twice, in order to go to step “Exception Configuration“. Go into edit mode and click on “Add/Configure Log Store“. From the available log stores, choose “SAP Cloud Platform Alert Notifications” and the endpoint that you are going to use. Click “Create“. Then you will be displayed with a list of available fields for filtering. They will help you to filter your log store further. (Optionally) Select the desired fields based on your preferences and confirm. Then, maintain the filter values for the fields in the Filter Definition panel, under the log stores table.
Note: This configuration restricts the collection of exceptions only to the ones that match the defined filter values.
In this blog post we are aiming to demonstrate a basic scenario, with focus on the required configuration steps and their purpose, that’s why we are not going to set filters for our log store. We can always do this later.
Note: Setting up no filters hides a potential risk for your productive system to be overloaded, as all alerts will be reported.
Save the changes. Navigate to step “Complete” and choose “Finish“. (Optionally) Before moving forward, we can start the Exception Management Cockpit on the SAP Fiori launchpad.
4. Configure Interface and Connection Monitoring Scenario. Use transaction SOLMAN_SETUP and navigate to Application Operations → Integration Monitoring → Interface and Connections. Let’s create a new scenario for the SAP Cloud Platform monitoring. Go to step “Define scope“, switch to edit mode and click “Create“. Wizard will guide you through the steps:
- Define a header information which will make your monitoring scenario distinguishable. Click “Next“
- Define systems which are going to be part of the scenario. In our use case, these are an SAP Solution Manager ABAP (technical) system and a Cloud (external) service. Choose to add them from the available lists and click “Continue“.
You will be forwarded directly to step “Review“. Check the summary once again, execute changes if needed and click “Save“.
Your scenario will be listed among others in Application Operations → Integration Monitoring → Interface and Connections -> step “Define Scope“. Select it and click “Next“. In “Monitoring & Alerting” jump right to sub-step “Configuration“. Now we are going to create an interface channel for the selected monitoring scenario. Change to edit mode and click “Create“.
In section General Data, define the interface type and specify the monitoring template, as it is shown on the screenshot below. (Optionally) add a description.
Click “Next“. We should define source and target for our new interface channel. In the concrete scenario, the source system is our cloud service, as the events are generated in our SAP Cloud Platform subaccount. Respectively, target is our on-premise system. Select them from the drop-down lists.
Save the changes.
Let’s maintain the new interface channel. In “Metric configurations” select the metrics you want to monitor using the checkboxes. Select Alert Notifications received from SAP CP.
Note: If the checkboxes are not editable, click the “Assigned” button, placed in section Interface channels.
You need to indicate the metric-specific parameters related to Alert Notifications received from SAP CP. Define parameters appropriate for your use case, by using “Add parameter set“.
In the example below we’ve configured the collection of exceptions (alerts) with severity ERROR, WARNING, and INFO.
Save the changes and click “Next“.
In sub-step “Activation” double click on the interface channel’s name. If you want the metrics to be displayed in the Interface and Connection Monitoring dashboard, select the Reporting checkbox. For more Information, see Displaying an Interface and Connection Monitoring Scenario. Click on the monitored metric Alert Notification received from SAP CP and pay attention to the option “Do not Group Individual Occurrences” – the checkbox should be ON. This option allows you to have an individual alert every time the data collection determines a critical event. In brief, use this flag if you do not want consecutive critical events being grouped into one alert, i.e. notified only once.
Click the button “Apply and Activate“. Then, click “Next” and in sub-step “Complete“, choose “Finish“. The new interface channel has been activated for the selected monitoring scenario. Check this link for additional details.
Having done this step, we have completed the configuration on SAP Solution Manager’s side. Let’s test the new setup and observe the alerts collected from SAP Cloud Platform in our on-premise system.
In the SAP Cloud Platform subaccount, we are going to simulate an alert which warns about a failed attempt to update application “web-shop”, running in the same subaccount. The severity is set to “ERROR”, eventType “Failed update”. Note: The alert has been generated using the SAP Alert Notification’s API for producing events in Neo. It Is not part of the Alert Notification events catalog.
Let’s start the Exception Management cockpit on SAP Fiori launchpad. Our alert should appear there under category “SAP Cloud Platform Alert Notifications“. Double click on it. The new alert might have already been listed in section “Instance Group“.
Note: By default the data extractor operates in a way that collection of data from the SAP Cloud Platform is executed on every 5 minutes. Therefore, if the alert is still missing you might have to wait a few minutes more. If you want to extend the data collection time interval, please follow the procedure described here.
If you click on “Detail” you will be displayed with the alert details.
When an alert with different rating (green) for the same metric is reported, the status in Exception Management would be changed accordingly.
Note: Flapping states in the application’s behavior, i.e. red and green consecutive alerts reported in the same extractor collection time interval, will not be displayed in Exception Management. However, Alert Notification will send both alerts to its subscribers via Slack, e-mail (whatever is configured in the subscription in addition to the Store action).
That’s it! You can get more insights from SAP Solution Manager 7.2 Expert Portal. Explore the full potential of this integration by applying it to your hybrid landscape. Enhance this scenario and adapt it to your business and development needs. The Alert Notification will take care to inform you exclusively for events you have subscribed for. Thus, you will avoid spam and overload while being aware of the state of your mission critical cloud resources, directly reported in your on-premise SAP Solution Manager system.
We plan to monitor an application deployed in a multi-environment subaccount (cloud foundry); Should we still choose, "NEO_CLOUD_IDENTITY" as the client type while creating a client in Alert Notification Service?
thank you for getting in touch. For Cloud Foundry credentials management into ANS, you can refer to this help page
In case you have any additional questions, don't hesitate to ask.
Thanks for your response. So does it mean that applications deployed on cloud foundry need to use producer APIs in the code to store the alerts in the ANS service instance? So basically there is no need to create a technical client for the CF apps?
If you want to post a custom alert from within the code of your app deployed on CF, yes you can do this via the producer API. However, you need a technical client in order to authenticate before the REST API. (the methods of generating the technical client in Neo and CF are different though, as described in the help)
If you want to consume the alerts from the catalog (start/stop, hana, mobile services, etc.) you don't need a technical client, simply subscribe for them via the ANS UI.
Don't hesitate to ask if this doesn't answer your questions.
I assume the technical client in CF will be the service instance of ANS, as described in the help url below https://help.sap.com/viewer/5967a369d4b74f7a9c2b91f5df8e6ab6/Cloud/en-US/812b6e3ed8934648ad15780cd51721ef.html
Here's the flow.
After subscribing for the service if you need support to bootstrap, we can always have a short call and help you onboard into the service, just get in touch with me at k.gavrailov at sap dot com
We had an issue in one of our production systems last week because of an expired Certificate "@eu1.hana.ondemand.com"
Is there a way to have a template metric/alert in Solution Manager Cloud Connector Template to monitor when a certificate is about to expire?
Jose De La Cruz
Dear Jose De La Cruz,
thank you for getting in touch. As of the moment, we do not have such kinds of alerts. We have planned cloud connector alerts for the later part of 2021.
Kiril Gavrailov + Milena Gaydeva
Kiril mentions above that there are plans about Cloud Connector alerts late 2021.
Status for this? As my customer just asked about that;-)
This feature is not delivered yet but still in our plans. Could I ask you to bring it as an idea in the SAP Influence Portal? You could get this one as an example : )
Thank you and best regards,
Good and informative post, thx.
But I would really like to know a bit more about how-to "...simulate an alert"
BTW, the link in the relevant section - SAP Alert Notification’s API for producing events. is broken;-)
Thank you for reaching out!
You can simulate an event of you choice using the "Send Test Event" option in your subscription, in Alert Notification.
See more details here, in section "Testing Subscriptions".
Do not forget to adjust the predefined JSON to match the conditions in your active subscription and just click "Send"
The broken links have been updated.
That was a fast answer:-)
Thanks, must try that now. I did try the "Send Test Event", but did not adjust anything before that;-)
Maybe that's why i did not receive alerts in Exception Management"..
Will report "back" later.
Just curious about the step 1 above.
It is mentioned that there should be a menu "Security" - but that is not present in the customer system I work in now.
How come? How to create the Endpoints?
It seems you are using SAP BTP account in CF environment. The example above is for account in Neo environment. However, the differences are not significant.
Now, you need to create a Service Key for the Alert Notification instance. See more details in Credential Management for CF accounts. The value provided for property “url” is the endpoint for the service instance. There you will find the OAuth URL as well. Use the client ID and client secret from the service key’s value for authentication against the HTTP endpoint in the SolMan system.
Hope this would help.
Yes, it's CF;-)
Thanks, then I have done the right thing with the service keys. And from SolMan status is "green" for the connection.
But I do still have 2 questions.
1 - When trying to test the Try Out | Cloud Foundry Producer API | SAP API Business Hub, providing the information from the same service key used for the connection in SolMan, I keep getting;
2 - Yesterday you wrote about the "Send test event" : ".. adjust the predefined JSON to match the conditions in your active subscription."
I have tried that. Where I adjusted those in bold below. But still, nothing shows in SolMan Exception Management.
"subject": "Sample Event Subject",
"body": "Sample event body.",
I am sad to hear you are still experiencing difficulties with the integration. Please, find below some suggestions regarding your points:
1. it’s strange that you hit 401. Please, check once again the values provided for your environment for the Cloud Foundry Producer API. The Authentication Type must be OAuth 2.0 Application Flow. Check the region and the cf domain. The service key, created for the Alert Notification instance, by default is for OAuth client credentials. The same are required for the SolMan integration.
While configuring the HTTP Endpoint, provide just the “url” value from the service key for Root URL. No suffix is required.
2. Did you configure the Store action, as described in the blog post? I would recommend to add a second action to the subscription – email, Slack, just to be sure the alert is delivered.
In addition, change the severity of the alert to “ERROR”, for example.
Thanks again Milena
1 - no matter how, it will not work. Have just re-checked Cloud Service endpoints etc.
2 - I think so. (And Email action does work with no problems when setting this up)
After reading also https://blogs.sap.com/2019/10/14/receive-notifications-for-failed-sap-cloud-platform-integration-flows-via-any-channel-with-alert-notification/ i wonder if my problem is a missing technical user with Space Auditor? (Even though I am that my self)
BTW - see attached .jpg for error message from Exception Management Selfmonitoring
I would recommend to open a ticket. The Alert Notification dev team will help you to troubleshoot the issue. Please, use component BC-CP-LCM-ANS, as described here. Provide details about your account (global account ID, org and space GUID, etc.) and a short description of the problem.
Thanks for the tip. Have suggested that in the ticket (755520 - 2021).
But no body seems to look at it for almost a week now
We investigated the case and it seems the ticket had been created for a wrong component. The right one is BC-CP-LCM-ANS. That caused a delay in the ticket processing.
However, the dev team start working on the issue. They will contact you soon.
Appreciate your assistance. Hope the dev team will reach out soon so problem can be fixed.
Was the issue resolved? what was the solution. I am having same issue , I have used store action and able to test successfully with consumer api . But unable to see exceptions/alerts in solution manager.
I have configured based on the steps mentioned in this blog for BTP Cloud foundry, and i am able to receive alerts as email, but when i configure action as store type and try to receive exceptions to solution manager , it is not working. I am able to pull alerts using API and it is also working.
When you're able to pull the events on the SAP Alert Notification service API, it's most probably a misconfiguration on Solution Manager side.
A common issue in this configuration is the Filter Definition from step 3) above. If you have provided values for some of the fields, make sure that these values match the corresponding property values in the events you pull on the SAP Alert Notification service API. If there's a mismatch, then this would be the problem. A good practice is to keep the filter definition on Solution Manager side empty and to use the SAP Alert Notification service subscriptions for filtration, instead.
Does the problem persist? If so, you could describe your problem, provide screenshots from Solution Manager and SAP Alert Notification service and open a support incident on BC-CP-LCM-ANS (the SAP Alert Notification service support component). My colleagues will check the details and if needed will forward your case to the Solution Manager experts for further troubleshooting.