Skip to Content
Technical Articles
Author's profile photo Martin Pankraz

Getting Started with BTP Private Link Service for Azure


22.08.22: Official guidance by SAP for BTP PaaS/SaaS apps using Private Link for http based communication. Check out the SAP samples repos for config details. For non-http communication still look at part 2 of the series.

22.06.22: General Availability Annoucement. You can start using productively. Or as Gowri from SAP put it: prime time 😀

03.06.22: SAP Cloud Application Programming model and Cloud SDK for JavaScript now support Private Link. Consider upgrading both libraries.

31.03.222: Remaining BTP on Azure regions added. Choose between West US2, East US, West EU, Singapore, Japan, and Australia East.

13.01.22: SAP CloudSDK v3.61.0 for Java supports new proxy type PrivateLink. Consider upgrading your pom.xml.

24.11.21: SAP introduced hostname feature for PLS. Going forward host names  are used instead of private IPs.

17.12.21: SAP introduced new ProxyType “PrivateLink” config for Destinations. It allows cleaner setup compared to misleading label “Internet” as before. Older Cloud SDK versions do not support it (see note from 13th of Jan 2022). Furthermore, there is now support for MariaDB and MySQL as PaaS options on Azure. See the official SAP docs and blog post for more details.

Dear community,

I am running a series of blog posts around the topic of #SAP Private Link service with Azure. My primary goal is sharing service implementation experience and possible applications of this new BTP service through its journey from Beta to General Availability. Ideally it gives you a kickstart into your own journey of private connectivity on BTP.

To be clear: the Azure part of the mix has been generally available (GA) for years, only SAP’s implementation that exposes that service to BTP and ultimately to you as a customer just reached GA state recently.

Of we go to link what was meant to be linked, I solemnly pinkie swear – private linky I mean 😉

Going forward I will always refer to BTP Private Link Service in short with PLS.

Jul 2nd, 2022: Joint GA announcement Session with Sven Kohlhaas from SAP

Jul 24, 2021: First introductory Session from early stages of PLS beta!

Find you way around the blog series with below tables.

VM-based scenarios with PLS (Azure Standard Load Balancer required)

Part1 Introductory post to the series

“Whatever happens in an Azure and BTP private linky swear, stays in the linky swear! An implementation story of the Private Link Service for Azure.”

Understand Private Link Service and its connectivity scope. I show how to perform OData calls via the private tunnel using SAP Cloud SDK for Java/CAP.

Part 2 Expose PLS to SAP Cloud Integration (specifically CPI)

“Business as usual for iFlows with Private Link Service”

📢featured post by SAP for Integration Suite and Launchpad Service

Add cf proxy app to enable CPI to route calls through PLS.

If SAP implements direct “line of sight” for Cloud Integration, Connectivity service and PLS we would no longer need an app to proxy.

Part 3 Consider architecture impact – broaden scope to production environments

“How many pinkies do I need? Architecture impact of Private Link Service.”

Shedding light on the different deplyoment modes given by your SAP architecture.

Part 4 Focus on development environment

“How do I debug and test with live data via Private Link Service?”

Learn how to enable debugging and proper testing with live data while using the PLS from SAP Business Application Studio or Visual Studio Code locally.

Part 5 Implement SAP Principal Propagation via PLS

“Propagate your SAP principels via Private Link Service”

Describes SAP Principal Propagation – cf user mapping to SAP backend users.

Part 6 Restrict access to your PLS exposed backend endpoints

“Keep the auditor happy with Private Link Service”

Understand the means, limitations and “places” to maintain backend access restrictions when using PLS.

Part 7 Implement end-to-end SSL when using PLS

“How to setup SSL end-to-end with Private Link Service”

Learn how to setup SAP Personal Security Environment and BTP Destinations to ensure end-to-end communication encryption.

Part 8 Use SAP Cloud Connector or Private Link or both?

“Combine best of both worlds”

Learn the ins and outs of both BTP connectivity options and gain insights into SAP’s roadmap

Azure PaaS scenarios with PLS

Understanding connectivity options to Azure PaaS from BTP Describes Azure PaaS connectivity options from BTP illustrated with an example app deployed in CloudFoundry environment consuming MySQL on Azure.
Integration not yet supported Azure PaaS with SAP Private Link Service Describes approaches with SAP WebDispatcher and SAP Cloud Connector to connect privately from BTP to customer-owned Azure API Management as an example.

SAP Roadmap for PLS

Fig.1 Screenshot from SAP+Microsoft joint roadmap webcast session

Pay attention to the free text notes that Sven put next to the tiles.

For latest news and committed features please have a look at the SAP RoadMap Explorer.

Official References

SAP docs

SAP announcements

Microsoft docs


Find all artifacts from the series on my GitHub repos here.

As always feel free to ask lots of follow-up questions.




Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.