I would like to discuss about the SAP Analytics Cloud Live Tunnel connectivity use cases and when to opt for SAP Analytics Cloud Direct CORS based Live connectivity.
SAP has introduced SAP Analytics Cloud Tunnel connectivity in QRCQ3/2020 release to help customer to access Live reports on the browser in the Internet.
SAP Analytics Cloud on Non SAP datacenters support both Basic and SAML Single Sign on Authentication methods.
What is SAP Analytics Cloud Live Tunnel connection?
Tunnel Connectivity provides Live connection to the SAP data sources, SAP BW, SAP BW/4HANA, SAP S/4HANA and SAP HANA, it’s based on SAP Cloud Connector-based HTTPS secure tunnel connection configuration.
If your using SAP BW or SAP S/4HANA SSO you’ll need to establish trust for Principal Propagation trust between the Cloud Connector and SAP Analytics Cloud and you’ll need to setup the trust between Cloud Connector and the data source.
This connection type will allow users outside your corporate network to connect live to your data without giving them VPN rights or exposing datasources to Internet through a reverse proxy or SAP Webdispatcher.
Advantages: No additional proxies or opening up network firewalls required, Low TCO.
When to choose Tunnel Connection:
If you have a requirement to access Live reports on the Browser in Internet, based on the SAP data sources (SAP BW, SAP BW/4HANA, SAP S/4HANA and SAP HANA), YES opt for Tunnel connectivity.
How to configure Tunnel Connectivity:
- SAP Cloud Connector installed and configured to SAC Subaccount
- Ina Service is enabled/activated on SAP Data sources
Please note Data flows into SAP Analytics Cloud through SAP Cloud Connector secure tunnel and it’s cached in Live Connectivity Services(LCS) for a moment, once the data is sent to web browser, the cache is cleared and SAP Analytics Cloud doesn’t store any data
SAC Android Mobile Application does support Tunnel connectivity from 2021.01 wave and QRC2021 Q1.
Performance is dependent on the customer’s network speed, The performance will be subtly slower in tunnel connection because the data flow through extra components, like SAP Cloud Connector and LIve Connectivity Services, than direct live CORS connectivity.
I was often asked by customers how do they access Live reports on SAP Analytics Cloud Mobile application outside their Firewall or corporate network, without exposing data sources to internet or without using proxies.
SAP has Introduced in Q2QRC2020 Advanced Features to support Single Sign on with SAP datasources for SAP Analytics cloud mobile application
In this case, Customer can configure Direct CORS Live connectivity + SAP Cloud Connector based Mobile Single Sign-on to achieve the use case to access Live reports outside firewall and yes, it works within Firewall too.
Please Note, Android Mobile app doesn’t support Direct + Cloud Connector based Single Sign-on, it’s in roadmap for early 2021.
What if a Customer doesn’t want to use Tunnel connection as SAC Mobile application doesn’t support it and want to access Live reports on Internet in the web browser and on Mobile.
Customer can still use Direct CORS Live connection + SAP Cloud Connector based Mobile Single Sign-on and open the firewall rules to access the data sources on Internet
Prerequisite : Ina service(getserverinfo) should be accessible on Internet.
Once SAP Analytics Cloud Mobile application supports Tunnel Connectivity, the Direct CORS connectivity can be changed to Tunnel connection.
once Tunnel connection is saved, you cannot revert the connection back to Direct CORS connection. However, this shouldn’t stop you from creating a new Direct CORS connection and updating existing models to use it.
I hope its clear now when to choose SAP Analytics Cloud Tunnel and Direct Live connectivity types.
Please feel free to provide your feedback.