Skip to Content
Technical Articles

SAP Analytics Cloud – Technical and Administration Overview

If you’re starting out with SAP Analytics Cloud and would like to understand more about the technical aspects then this article is perfect for you!

My article covers a very broad set of topics including:

  • Authentication and how SAP Analytics Cloud is typically configured with your own custom Identity Provider. I include a bunch of best practice recommendations and gotcha’s to avoid!

  • Authorisations and the key concepts within SAP Analytics Cloud of Roles, Teams and Users and the best practice setup.

  • Data Security. Its a complex topic!
    • I include an overview of the options available to manage ‘row’ level security for acquired data.
    • Many customers are surprised how live data connections actually works! Thus I describe how this very clever technology works so you head off in the right direction for implementing SAP Analytics Cloud.

  • On-premise components. There can be some depending upon your requirements, typically these are the Cloud Connector and the Agent. I present what the components are, when you might need them, the basic architecture, recommended setup and best practice. And I’ve added in a few handy tips too!

  • Advanced live-connection options. Further down your SAP Analytics Cloud adoption journey you may need to use some of our more advanced ‘live’ features. So I present a high-level overview and the key things you need to know. Things in this section include connectivity and architecture overview of: advanced Mobile App, scheduling/publishing, data blending, Smart Predict and the R-server.

  • On-premise dependencies and keeping up-to-date. How exactly do you keep any on-premise components up-to-date and what happens if you didn’t? Well these and other very common questions are addressed in my article too.

  • Transporting. I present the mechanisms for transporting content around the landscape and the best practices

  • Monitoring and Usage Tracking. Here I provide a quick overview of the various tools available to help you understand what’s going on inside your SAP Analytics Cloud Service.

  • Finally I finish with other System Administration Tasks and Tips.

I’ve really crammed in the content to help answer the vast majority of your initial questions when first adopting SAP Analytics Cloud.

Like most things, when you start to understand something, you’ll then have even more questions! This is expected so please don’t expect every question to be answered, but I’ve done my best to address the most common ones.

You’ll find 7 demos in the article, a PPT download and if you prefer you can watch a video of me presenting it all. The video is whopping 1 hour 34 minutes!

Access the article which is held in the wiki so you can easily follow updates!

Your feedback is most welcome. Before posting a question, please do read the article carefully and take note of any replies I’ve made to others. Please hit the ‘like’ button on this article or comments to indicate its usefulness.

Sadly, for personal reasons, I will not be replying to posts until about September. So I’m looking forward to seeing your comments upon my return.

Many thanks

Matthew Shaw @MattShaw_on_BI

https://people.sap.com/matthew.shaw/#content:blogposts

8 Comments
You must be Logged on to comment or reply to a post.
  • Thanks a lot Mathew for the detailed insights on the SAC components.Appreciate your time and thought.Could you also please share if you have any document focusing on security in SAC

  • Great Effort MAtthew. Your each article helps to ensure complete understanding of the topic. Many thanks for your constant efforts.

    Overall what sort of future in SAC security we are looking at, direction wise? More inclined towards how we manage in SAP BI platform? bcoz i slowly see we are tilting towards that shift in sense of inheritance, row level security, model level data security etc.

     

    Regards

    Nirav

    • Hello Nirav,

      Many thanks for your feedback.

      Indeed, the security model, much like most other parts of SAC, will improve and mature overtime. There’s been a number of incremental security improvements made this year and it will only continue. I need to update my article because of the number of improvements and I’m aware more improvements will come soon.

      The roadmap https://roadmaps.sap.com/board?PRODUCT=67838200100800006884 is a good way to see what’s committed and what to expect. This new ‘Roadmap explorer’ is updated on a more regular basis, rather than before it was about once a quarter.

      Sorry, my role isn’t in Product Management or development so I personally can’t set your expectation or provide commitment, but my understanding is very much more enterprise security features are planned.

      Regards, Matthew

  • Matthew,

    Very clear explanation, specially on live connection options.

    A question though, we have deployed SAC Stories used via browser on-premise using CORS and S/4HANA database endpoint via our web dispatcher, next step is to allow access to iOS devices connecting externally.

    From your schema I understand SAP best practice for external iOS devices is to pull data via Cloud Connector, is this using the same live connection that browser on-premise? In other words, can Stories using the same live connection be consumed from on-premise or by mobile devices connecting externally?

    Thanks in advance for any clarification.

    Regards,

    David

     

    • Hello David

      Many thanks for your feedback and a great question that many are asking. Thanks for asking here.

      I’ve very recently added to my Support Wiki page this table https://wiki.scn.sap.com/wiki/display/BOC/SAP+Analytics+Cloud+Support+Matrix#SAPAnalyticsCloudSupportMatrix-LiveModelConnectionSupport

      It shows that a ‘Direct‘ connection, which is what you are using, works for the browser. And there’s an ‘advanced’ option for this ‘Direct‘ connection to enable the SAP Analytics Cloud Mobile App on the iOS platform to connect via the SAP Cloud Connector. In my table I call this ‘Direct+CC‘. This is the connection you are referring to as it allows iOS SAC Mobile App users (who are not connected directly, or indirectly via a VPN, to your organisation network) to consume data from your S/4HANA on-premise database.

      Your question is, can I have users using the browser interface connect in a similar way? (That is consume data on-premise, without the need to have the connect via a VPN and without the need to expose my S/4HANA on-premise to the internet). The answer is currently no. You cannot.

      You CAN create a new connection of type ‘Tunnel‘ AND this WILL work for the browser interface, but then it won’t work for the SAC Mobile App! It’s a catch 22. You need two connections but the problem is a model can only refer to one connection.

      Today the Tunnel WILL work for the browser (outside the organisation network), but NOT the SAC Mobile App.

      Today the Direct+CC will NOT work for the browser (outside the organisation network), but WILL work for the SAC Mobile App.

      What you need is for the ‘Tunnel‘ to also work for the SAC Mobile App, and today this isn’t possible, but it is a planned feature as its understood this is a much needed requirement. I don’t have any dates yet available to share, but when I do I’ll post a comment here. You might find it pop-up in our roadmap pages soon: https://roadmaps.sap.com/board?PRODUCT=67838200100800006884

      I hope this helps answer your question. Feel free press ‘like’ to indicate its helpfulness.

      Many thanks, Matthew

       

      • Thanks Matthew, it does help.

        If I understand this right if we setup Direct+CC we will allow users using iOS App on devices connecting externally via internet to consume data on-premise, however this requires a different live data connection -and therefore specific Stories for external use in SAC- am I correct?

        Could you provide updated links for the full procedure to configure Direct+CC and Tunnel?

        Regards,

        David