Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Private Link service use cases for SAP Cloud Integration and SAP Build Work Zone, Standard Edition

hterminasyan
Product and Topic Expert
Product and Topic Expert
‎08-22-2022 9:21 PM








 Updates

 13.03.2023: Azure Blob Storage connectivity to SAP Cloud Integration with help of SAP Private Link service (GitHub)

Dear Community,

In my previous blog post, I introduced how to use the SAP Private Link service to extend your SAP S/4HANA business processes running on Microsoft Azure while keeping the traffic within the Azure internal network.

In this blog, I would like to share three more use cases for SAP Private Link connectivity

  • SAP Private Link service with SAP Cloud Integration for building diverse integration scenarios

  • Azure Blob Storage connectivity to SAP Cloud Integration with help of SAP Private Link service

  • SAP Private Link service for frontend applications accessible from SAP Build Work Zone, Standard Edition


Please have a look at the great blog series by martin-pankraz, where he also presents the SAP Cloud Integration scenario in Part 2.

Even without a direct integration of SAP Cloud Integration and SAP Build Work Zone, Standard Edition services with SAP Private Link service, we can still establish connectivity with help of Application Router, meanwhile, the product team is working to enable the direct integration.

Now let’s have a closer look at these two scenarios:

SAP Private Link service with SAP Cloud Integration for building diverse integration scenarios


The SAP Cloud Integration capability of SAP Integration Suite enables enterprises to connect different systems and applications in hybrid and cloud landscapes, that are developed and maintained on different technology stacks. These stacks, usually follow different security standards and requirements.

With the help of the SAP Private Link service, you can extend your hybrid integration scenarios to suit stricter security policies and communicate with your SAP S/4HANA on Microsoft Azure through private network connectivity.

The main idea of this architecture is to use the Application Router as a proxy for the private connectivity between SAP S/4HANA and SAP Cloud Integration. More details about Application Router can be found below. Please also check the GitHub repository for further details.


SAP Cloud Integration with SAP Private Link service


 

Azure Blob Storage connectivity to SAP Cloud Integration with help of SAP Private Link service


With the help of the SAP Private Link service, Azure Blob storage can now be linked to SAP Cloud Integration, enabling the easy exchange of massive amounts of unstructured data like images and documents.This integration provides a secure solution for businesses that need to transfer unstructured data between the two platforms.

The main idea of this architecture is to use the Application Router as a proxy for the private connectivity between Azure Blob Storage and SAP Cloud Integration. You can find the detailed steps for configuration here.


Azure Blob Storage connectivity with SAP Private Link service


 

SAP Private Link service for frontend applications accessible from SAP Build Work Zone, Standard Edition


As you might know, the SAP Build Work Zone, Standard Edition service plays an important role to increase users’ productivity and efficiency by enabling organizations to establish a central point of access to SAP, custom-build, third-party applications, and extensions.

The frontend extensions of your SAP S/4HANA system running on SAP BTP can now also benefit from the new SAP Private Link service by establishing private connectivity to your SAP backend systems.

Like the above-mentioned scenario, the main idea of this architecture is to use the Application Router as a proxy for the private connectivity between SAP S/4HANA and frontend extensions running on SAP BTP. Below you'll find more information on Application Router. To learn more, you can check the GitHub repository.
Please note that this scenario covers only the frontend extensions. The federated SAP S/4HANA content is out of scope for this blog.


UI extensions with SAP Private Link service




How to achieve this?


As previously mentioned, for the moment, we cannot use SAP Private Link service directly from SAP Cloud Integration or SAP Build Work Zone, Standard Edition; nevertheless, we can bridge this gap with help of SAP’s Application Router (approuter), which can play the role of a proxy between SAP and SAP Cloud Integration.

Application Router is a package available in the public npm repository, usually used as a single-entry point to your applications. It can help dispatch incoming requests to other microservices, facilitate authentication & authorization, and finally integrate other SAP BTP services like the Destination service or the HTML5 Application Repository.

These main capabilities of the Application Router with the latest release (as of today - 11.3.2) can help you establish the above-mentioned proxy role for Private Link.

 

Configure and deploy Application Router


You can configure and deploy the Application Router with the IDE of your choice, but with help of SAP Business Application Studio (BAS), it is much simpler, since you can take advantage of the provided templates for your Application Router configuration.

If you choose BAS, select Standalone Approuter as an option in the template wizard.


The only configuration required in Application Router is to define the route and the destination used for the SAP Private Link connectivity. This can be done in the xs-app.json file where BusinessPartner-approuter is the destination configured for SAP Private Link connectivity in the target SAP BTP subaccount (see destination configuration below).
{

  "authenticationMethod": "route",

  "routes": [

    {

        "source": "^/sap/(.*)$",

        "target": "/sap/$1",

        "destination": "BusinessPartner-approuter",

        "authenticationType": "xsuaa",

        "csrfProtection": false

    }

  ]

}


After setting up the route with destination and authentication, you can deploy the Application Router to your SAP BTP subaccount
e.g. by  mbt build and cf deploy privatelink-proxy.mtar

Once the Application Router is up and running, it can be used by your integration flows or Fiori applications to connect with the SAP backend system.

 

Summary 


In this blog, you have learned how to bypass the missing features and still be able to use SAP Private Link service with your integration and frontend extension scenarios with help of Application Router.

You can find detailed steps for both scenarios in the following GitHub repo.

For the latest product features, you can check the SAP Private Link service roadmap.

 

 
12 Comments
Labels in this area
Popular Blog Posts