Skip to Content
Technical Articles
Author's profile photo Martin Pankraz

Getting Started with SAP Private Link Service for Azure

NEWS FEED

15.06.23: SAP added Azure OpenAI service and Azure Cache for Redis support to SAP Private Link 😍

23.03.23 SAP added Azure Cognitive Services support to SAP Private Link 😍

13.03.23 SAP added Azure Storage Account support to SAP Private Link and shared a sample with SAP Integration Suite inspired by customer implementation

02.03.23 SAP announced Kyma runtime support for Q4 2023

09.02.23 SAP released Azure Machine Learning for SAP Private Link.

01.12.22: Adjusted guidance for end-to-end TLS regarding automatically obtained certificates from well-known authorities (CA) via Azure Key Vault. That includes auto-renewal bringing down your maintenance effort a lot.

06.10.22: SAP released further Azure services for SAP Private Link! Enjoy now Azure Application Gateway, Azure KeyVault, Azure Automation, Azure CosmosDB, Azure App Service and Azure Functions!

22.08.22: Official guidance by SAP for SAP Build Workzone and Cloud Integration using Private Link for http based communication. Check out the SAP samples repos for config details. For non-http communication still look at part 2 of the series.

22.06.22: General Availability on all Azure BTP regions Annoucement. You can start using productively. Or as Gowri from SAP put it: prime time 😀

03.06.22: SAP Cloud Application Programming model and Cloud SDK for JavaScript now support Private Link. Consider upgrading both libraries.

13.01.22: SAP CloudSDK v3.61.0 for Java supports new proxy type PrivateLink. Consider upgrading your pom.xml.

Dear community,

I am running a series of blog posts around the topic of #SAP Private Link service with Azure. My primary goal is sharing service implementation experience and possible applications of this new BTP service through its journey since Beta and General Availability in June 2022. Ideally it gives you a kickstart into your own journey of private connectivity on BTP.

Of we go to link what was meant to be linked, I solemnly pinkie swear – private linky I mean 😉

Going forward I will always refer to SAP Private Link Service in short with PLS.

 

📢Check the first customer success story

FrieslandCampina moved their productive SAP BTP Cloud Integration use case with Azure Storage Account to SAP Private Link in a couple of hours.

 

Jul 2nd, 2022: Joint GA announcement Session with Sven Kohlhaas from SAP

Jul 24, 2021: First introductory Session from early stages of PLS beta! 🎥YouTube Webcast link.

Find you way around the blog series with below tables.

Azure PaaS scenarios

Connecting to Azure PaaS databases

Featured service: MySQL, MariaDB

Describes Azure PaaS connectivity options from BTP illustrated with an example app deployed in CloudFoundry environment consuming MySQL on Azure.

See the available database spectrum here.

Inspect your traffic coming from BTP with the Azure App Gateway web application firewall

“Simplify the link architecture and increase security”

Featured service: Azure Application Gateway, Azure API Management

Learn how to configure the Azure Application Gateway for SAP Private Link and connect to your Azure PaaS Services like Functions, API Management, Data Lake, App Service etc.

Global scale for shop-floor scenarios blending SAP S4 data

“Guaranteed speed at any scale”

Featured service: Azure Cosmos DB

Learn how to spin up an architecture with the distributed Cosmos DB using SAP Private Link to cope with global scale requirements.

See the available database spectrum here.

🆕OData integration for any Azure PaaS

“Enabling SAP CAP to talk OData with anyone on Azure”

Featured service: Azure App Service, Azure Cosmos DB

Learn how to apply an OData proxy to enable every Azure SDK for any PaaS service to respond to OData requests. This way SAP CAP may natively interact with those services without the need to add the respective SDK. As a result development concerns can be separated.

🧠Quickly summarize security threats from your BTP Audit Log using a private instance of Azure OpenAI service

Featured service: Azure OpenAI

Learn how to reason and summarize security threats in your SAP BTP instance via The SAP BTP Audit Log. SAP CAP serves as interface to present the results and a private fully isolated instance of Azure OpenAI is connected via the SAP Private Link.

SAP PaaS scenarios

SAP Private Link service use cases for SAP Cloud Integration and SAP Launchpad

📢Official SAP sample

Featured service: SAP Build Workzone, Integration Suite, Azure Standard Load Balancer

Learn how to integrate SAP Build WorkZone or SAP Integration Suite privately with your workloads on Azure.

🆕Expand your file storing needs from SAP Cloud Integration to Azure Storage Account (Blob)

📢Official SAP sample

Featured Service: SAP Integration Suite, Azure Storage Account (Blob)

📢Success Story with FrieslandCampina

Learn how to enable file interactions on Azure Cloud Storage via SAP Cloud Integration.

Azure Standard Load Balancer scenarios

Part1 Introductory post to the series

“Whatever happens in an Azure and SAP Private Linky swear, stays in the linky swear! An implementation story of the Private Link Service for Azure.”

Understand SAP Private Link Service and its connectivity scope. I show how to perform OData calls via the private tunnel using SAP Cloud SDK for Java/CAP.

Part 2 Expose PLS to SAP Cloud Integration (specifically CPI)

“Business as usual for iFlows with Private Link Service”

📢featured post by SAP for Integration Suite and Launchpad Service

Add cf proxy app to enable CPI to route calls through PLS.

If SAP implements direct “line of sight” for Cloud Integration, Connectivity service and PLS we would no longer need an app to proxy.

Part 3 Consider architecture impact – broaden scope to production environments

“How many pinkies do I need? Architecture impact of Private Link Service.”

Shedding light on the different deplyoment modes given by your SAP architecture.

Part 4 Focus on development environment

“How do I debug and test with live data via Private Link Service?”

Learn how to enable debugging and proper testing with live data while using the PLS from SAP Business Application Studio or Visual Studio Code locally.

Part 5 Implement SAP Principal Propagation via PLS

“Propagate your SAP principels via Private Link Service”

Describes SAP Principal Propagation – cf user mapping to SAP backend users.

Part 6 Restrict access to your PLS exposed backend endpoints

“Keep the auditor happy with Private Link Service”

Understand the means, limitations and “places” to maintain backend access restrictions when using PLS.

Part 7 Implement end-to-end SSL when using PLS

“How to setup SSL end-to-end with Private Link Service”

Learn how to setup SAP Personal Security Environment and BTP Destinations to ensure end-to-end communication encryption.

Part 8 Use SAP Cloud Connector or Private Link or both?

“Combine best of both worlds”

Learn the ins and outs of both BTP connectivity options and gain insights into SAP’s roadmap

Part 9 Expose your Azure Kubernetes Service hosted apps to BTP

“How to spin up single service PLS with kubectl for Java on BTP”

Learn how to connect your apps running in Azure Kubernetes Service to SAP BTP workloads via the SAP Private Link.

SAP Roadmap for PLS

Fig.1 Screenshot from SAP+Microsoft joint roadmap webcast session

Pay attention to the free text notes that Sven put next to the tiles.

For latest news and committed features please have a look at the SAP RoadMap Explorer.

Official References

SAP docs

SAP announcements

Microsoft docs

SLAs (as of Feb 2023)

 

Find all artifacts from the series on my GitHub repos here.

As always feel free to ask lots of follow-up questions.

 

Cheers

Martin

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo John Kong
      John Kong

      any roadmap between BTP to SAP Commerce cloud(CCV2) ?

      CCV2 is on Azure , if BTP is on Azure, then I think the private link is simple

      Author's profile photo Martin Pankraz
      Martin Pankraz
      Blog Post Author

      Thanks for reaching out.

      It is not mentioned on the roadmap discussed by Sven. You would need to ask SAP directly.

      KR

      Martin

      Author's profile photo Ravi Condamoor
      Ravi Condamoor

      Hi Martin,

      Is there support for SAP DWC via PrivateLink? Can you share details?

       

      Thanks

      -ravi

      Author's profile photo Martin Pankraz
      Martin Pankraz
      Blog Post Author

      Gowrisankar M do you have a comment for Ravi Condamoor?

      In general the CF AppRouter would apply to SAP PaaS apps as described by your colleague Harut here for Integration Suite.

      KR

      Martin