Introduction

This blog post is part of the series covering SAP Mobile Start app empowerment.

Whenever you want to consume data from one or more on-premise backend systems like SAP S/4HANA or SAP Business Suite, you need to provide a secure and stable connection between BTP and your on-premise landscape. This can be achieved with SAP Cloud Connector (SCC) which is a component that is installed on Windows or Linux machine in your on-premise landscape.

In this blog post you will learn where to download the SCC and how to install and configure it in a basic setup, which easily can be used in a PoC scenario. Most of this content was taken from the SAP Enterprise Support Advisory Council (ESAC - for our Enterprise Support customers), where I'm the technical lead for the workstream titled “SAP Launchpad and SAP Work Zone Service”.

Download and Install SCC

The Cloud Connector can be downloaded from this link https://tools.hana.ondemand.com/#cloud If Java is not installed on the server, it is necessary also to download and install Java

Downloading SCC

For Windows, you can download the zip archive for development use cases on Windows or the MSI installer for productive usage. It is recommended to use the MSI installer as this will install as a Service on the server.

In this blog we will use the Windows version, but as you can see there are also a Linux and Mac version available.

You need access and authorisations to install the SCC on an on-premise server.

Once downloaded, run the MSI installer package and follow the on-screen installation guide. If the installation finish successfully the Cloud Connector is started automatically.

Initial Configuration

To configure the SCC, enter: https://<hostname>:8443 in a browser, where the <hostname> is the hostname of the machine on which the connector is installed, and the port number is the one configured during installation. The default port number is 8443

Initial logon to Cloud Connector

Enter below default credentials (case sensitive) and click on Login:

Username: Administrator

Password: manage

The first time you log in, you need to change the password and choose Master as the installation type. Click on save.

In the following screen we need to provide information about your created BTP subaccount so we can build a secure tunnel between the SCC and BTP

Initial setup of Cloud Connector

The following entries are mandatory:

·   Region:	The region you were you subaccount is created in – see picture below
·   Subaccount:	Your subaccount ID – see the picture below
·   Login E-Mail:	E-mail addressed used when creating the BTP account
·   Password:	password used when creating the BTP account

Depending on your company’s Internet proxy settings, information about HTTP proxy might also be needed

Identify subaccount number

If successful you will see a screen with similar settings as below

SAP Cloud Connector successfully installed and configured

This conclude the initial installation and configuration of the SAP Cloud Connector. In the remaining of this blog post we will connect your BTP subaccount and a on-premise system

Creating "Cloud to on-premise" Connection

To make a on-premise resource available to the services on the Business Technology Platform subaccount we first need to create a mapping between the SCC and the on-premise system.

In the SCC admin cockpit firstly make sure you select the right one in case you have created more than one subaccount , click on “Cloud to On-premise” in the menu on the left followed by a click on the “+” sign to the right. This will open the guide for adding mappings

Create a mapping

Follow the wizard which opens up to create a HTTPS mapping.

“Internal Host” is the hostname or ip address of the backend system and the corresponding ICM port

“Virtual Host” is the host name you will be using in the BTP, you can select the default value which are the same as the Internal Host or select another less revealing name.

The “Principal Type” we will leave as “None” for the time being and change it to “Principal Propagation” later. How to do this is described in this blog post

Lastly you get a summary of the entered data and if you like you can tick the “Check Internal Host” which will perform a simple check to verify that the mapping is working.

Next, we need to add resources to the mapping i.e., services from the backend Select the newly created mapping and click the “+” sign just below to add resources

Add resources to your new mapping

In this blog we make all services available to the subaccount by entering /sap in the URL path and select “Path And All Sub-Paths” under Access Policy. You can fine tune this later if you want to limit the resources available, which it highly recommended in a productive solution.

The table below list all the required services which as a minimum are needed when you want to expose content from a S/4HANA On-premise system.

Embedded Front-end Server
/sap/bc/bsp/sap/
/sap/bc/gui/
/sap/bc/lrep/
/sap/bc/ui2/app_index/
/sap/bc/ui2/cdm3/
/sap/bc/ui2/flp/
/sap/bc/ui5_ui5/sap/
/sap/bc/ui5_ui5/ui2/
/sap/bc/webdynpro/
/sap/opu/odata/
/sap/public/bc/ui5_ui5
/sap/public/bc/uics/
/sap/public/bc/ur/
/sap/public/bc/webdynpro/
/sap/public/icmandir/its/
/sap/bc/nwbc/
/sap/bc/bsp/srmnxp/
/sap/public/bc/ui2
/sap/opu/odata4

With this we have mapped a HTTPS system and made all the service available via HTTPS,

So far it has been a generic setup and configuration of the Cloud Connector. To continue the configuration of the Cloud Connector to work with the Mobile Start app we need to setup principle propagation, this will be described in another blog  post coming shortly

Summary

In this blog post you have learned how to install the SAP Cloud Connector and perform the initial configuration i.e., connecting to the SCC admin cockpit, changing initial password and connect the SCC to your Business Technology Platform account. With this we have created a secure tunnel between BTP and your on-premise landscape

In addition to this we have created a mapping between the SAP Cloud Connector and the on-premise system – a HTTPS connection and assigned resources in the form of ICF services on the backend system.