Migrate from Neo to Cloud Foundry – SAP Cloud Integration

This blog highlights the process with some screen shots of migrating integrations from a Neo tenant to Cloud Foundry tenant.  More and more customers will be faced with this task in the upcoming months and years as they transition from SAP’s proprietary Neo platform into the open-source application platform Cloud Foundry environment.

Before you start: Read the SAP Cloud Integration migration guide, including prerequisites.

NOTE: The migration process itself is thoroughly documented so I try not to recreate this in this blog and rather share some experience with screen shots.  You should always refer to the migration guide for your migration projects!

NOTE 2: Neo is not being retired and customers are being not forced to migrate to Cloud Foundry.  You can find the strategy here for Neo and Cloud Foundry: https://blogs.sap.com/2020/07/27/sap-cloud-platform-moving-forward-on-our-multi-cloud-strategy/

Provision your new SAP Cloud Integration tenant on Cloud Foundry

Follow this blog in order to provision and setup your SAP Cloud Integration tenant on Cloud Foundry: Integration Suite – Simplified Onboarding and Provisioning | SAP Blogs

Instructions on how to configure your user access to the SAP Cloud Integration tenant is contained in the blog but for additional info you can follow the instructions at this link.

Before proceeding, you should be able to access the tenant with your user id.

Configure OAuth inbound authentication on Neo

The next step is to set up the authentication on Neo.  We configure OAuth authentication for Postman to extract everything out of Neo.

Navigate to the BTP Cockpit, select the Global account and select the Neo tenant.

Choose Security->OAuth->Clients tab

Click Register New Client

Enter the details for the new token, including a secret key which will be used as a password.

Using the client ID from the previous step, navigate to Security->Authorizations and assign the user oauth_client_<client id> to the AuthGroup.IntegrationDeveloper and AuthGroup.Administrator roles.

Optional–Test the authentication using Postman

Launch the Postman application on your local client.

You can find the URL to use in Postman on the branding tab in the BCP Cockpit under Security->OAuth

In Postman, enter the URL, method POST and enter the client id and secret password entered previously.

Copy the value for “access_token”.

On the Authorization tab, set the Type back to “No Auth”

On the Headers tab, set another header “Authorization” with value “Bearer <access_token_value>”

Enter the URL:

https://<neotenant>-tmn.hci.us2.hana.ondemand.com/api/v1/MessageProcessingLogs

Configuring Authentication for Cloud Foundry

After setting up the Neo tenant, create an OAuth Client Credentials Grant on the tenant in Cloud Foundry.

Navigate to the Space, Services->Service Marketplace and search for Process Integration.  Click Create.

Create a new instance.

Then create a service key (there is no need to assign roles in this step)

Once the service key is created, you can click on the key link to copy down the clientid, clientsecret and URLs required for later.

Performing the Technical Migration

Now you are ready to begin the migration.

First, in your Neo tenant, you should ensure that all all iFlows in all integration packages are NOT in a draft state and are versioned.

Next, download the compressed file from SAP Note 2937549 and extract it to a local folder on your computer.

In the extracted folder, open the file CPI MIG Settings.postman_environment and configure the parameters with the hostnames from the previous steps:

Save the file.

Now launch Postman and Import the folder by choosing:

File->New->Import Folder and select the unpacked folder

Make sure you have the correct environment selected so the proper hostnames and credentials are used.

Open the first collection runner (double clicking on the CPI MIG01 Connect to Tenants folder) and choose run, then proceed 2-11 based on your content to migrate the content from Neo to Cloud Foundry

You can check the progress and correct any errors needed along the way.  I had to version a few iFlows to pas the Readiness Check which initially failed, as an example.

Since I only had a custom package, I skipped MIG step 03 of migrating SAP delivered packages.

After executing all of the collections, you should see your packages, value mappings, security credentials, etc. all migrated to the new CF tenant.  For example, here is an iFlow package migrated:

NOTE: after you complete the migration, you will need to manually update the password of the security artifacts.

Now you would also need to modify any systems that call SAP Cloud Integration to use the new hostname and also update any firewalls or systems that whitelisted the Neo addresses to the Cloud Foundry ones.

I hope that you found this blog helpful.  I will try to keep it updated it based on feedback and experiences moving forward.

Marty