Skip to Content
Technical Articles
Author's profile photo Martin Pankraz

Getting Started with BTP Private Link Service for Azure


24th of Nov 2021: SAP introduced hostname feature for PLS. Going forward host names  are used instead of private IPs.

17th of Dec 2021: SAP introduced new ProxyType “PrivateLink” config for Destinations. It allows cleaner setup compared to misleading label “Internet” as before. Cloud SDK does not support it yet though. Furthermore, there is now support for MariaDB and MySQL as PaaS options on Azure. See the official SAP docs and blog post for more details.

Dear community,

I am running a series of blog posts around the topic of #SAP Private Link service with Azure. My primary goal is sharing service implementation experience and possible applications of this new BTP service, that is currently in SAP Beta. Ideally it gives you a kickstart into your own journey of private connectivity on BTP.

To be clear: the Azure part of the mix is generally available (GA), only SAP’s implementation that exposes that service to BTP and ultimately to you as a customer is in beta state.

Of we go to link what was meant to be linked, I solemnly pinkie swear – private linky I mean 😉

Going forward I will always refer to BTP Private Link Service in short with PLS.

Find you way around the blog series with below tables.

VM-based scenarios with PLS (Azure Standard Load Balancer required)

Part1 Introductory post to the series

“Whatever happens in an Azure and BTP private linky swear, stays in the linky swear! An implementation story of the Private Link Service for Azure.”

Understand Private Link Service and its connectivity scope. I show how to perform OData calls via the private tunnel using SAP Cloud SDK for Java/CAP.

Part 2 Expose PLS to SAP Cloud Integration (specifically CPI)

“Business as usual for iFlows with Private Link Service”

Add cf proxy app to enable CPI to route calls through PLS.

If SAP implements direct “line of sight” for Cloud Integration, Connectivity service and PLS we would no longer need an app to proxy.

Part 3 Consider architecture impact – broaden scope to production environments

“How many pinkies do I need? Architecture impact of Private Link Service.”

Shedding light on the different deplyoment modes given by your SAP architecture.

Part 4 Focus on development environment

“How do I debug and test with live data via Private Link Service?”

Learn how to enable debugging and proper testing with live data while using the PLS from SAP Business Application Studio or Visual Studio Code locally.

Part 5 Implement SAP Principal Propagation via PLS

“Propagate your SAP principels via Private Link Service”

Describes SAP Principal Propagation – cf user mapping to SAP backend users.

Part 6 Restrict access to your PLS exposed backend endpoints

“Keep the auditor happy with Private Link Service”

Understand the means, limitations and “places” to maintain backend access restrictions when using PLS.

Part 7 Implement end-to-end SSL when using PLS

“How to setup SSL end-to-end with Private Link Service”

Learn how to setup SAP Personal Security Environment and BTP Destinations to ensure end-to-end communication encryption.

Jul 24, 2021: Session from SAP on Azure YouTube Channel (early stages of PLS beta! Narrative in the series evolved over time)

Azure PaaS scenarios with PLS

Part 1 Understanding connectivity options to Azure PaaS from BTP Describes Azure PaaS connectivity options from BTP illustrated with an example app deployed in CloudFoundry environment consuming MySQL on Azure.

Official references

SAP docs

SAP announcements

Microsoft docs


Find all artifacts from the series on my GitHub repos here.

As always feel free to ask lots of follow-up questions.




Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.