Beginner Level Understanding on SAP BTP Architecture

I’ve found out still some new customers are curious about SAP BTP (Business Technology Platform) architecture. Today I want to leverage my former experience as a developer in SAP IT (they heavily rely on SAP BTP on software development, e.g SAP for Me is developed on SAP BTP and SAP Support Launchpad was one of the earliest “customers” of SAP BTP) and recent customer engagement experience, trying to give a simple holistic view of SAP BTP architecture.

History

SAP BTP was called SAP HANA Cloud Platform in the beginning and later the name was changed SAP Cloud Platform (SCP). The idea was to provide a platform which was not only related to SAP HANA but with other open source technologies and services, e.g. Java development, MongoDB, etc.

However, SAP is not a pure technology company, while it thrives on real industry business process so the name was finally changed to SAP Business Technology Platform, which indicates SAP BTP is targeted for business requirement, leveraging various technologies, including open source ones of course.

At first, SAP provided infrastructure level and we call it “NEO” as the historical version. Right now SAP has shifted this level to partners i.e. AWS, Azure, GCP or Alicloud and we call it “CF” as the current version. This somehow reflects SAP’s strategy change due to fast growing in the digital world.

So far, SAP BTP has elvovled with a very stable architecture and it is easy to extend, from both customer and SAP perspective. We know as a platform, SAP BTP itself has no value, while the 90+ services on the top are the key factors for real enterprise daily usage. Thse services will cover data and analytics, integration and app development, machine learning and AI technologies. You can easily categorize these services on SAP’s official discovery center and I recommend this blog post which gave a very nice infographic for the 90+ services.

Architecture

As mentioned, SAP BTP has no direct value to customers. Then why SAP BTP? Let’s imagine what will happen if without SAP BTP, just only 90+ standalone services.

1. These more than 90 services each time, from development to use, are independent of the SAP’s internal development process and efficiency. They also place a heavy burden on the customer’s use, since it is likely that each service has its own activation method and usage environment, which is arguably a very bad experience for end users.
2. The categorization of solutions makes SAP’s services very fragmented and does not create a unified understanding of the customer’s various usage scenarios, such as which service is used to solve data problems, which ones are used to solve process problems, and which ones are used to solve development problems.
3. The underlying role authorization certification, the sharing of connections to ERP systems, etc., is developed independently of each other, and it is difficult to communicate directly between these services, and each new service needs to be developed from scratch without leveraging existing resources.

And SAP BTP’s architecture is to solve these problems.

Probably your first impression on SAP BTP starts with SAP BTP cockpit which looks quite simple, right?

Actually SAP did a lot of stuff underlying, like role management, connections and destinations, entitlement concept, trust configurations, subaccounts and spaces, etc. It is easy to get lost in the beginning if you only concentrate on one SAP service like SAP Integration Suite.

I made a simple architecture diagram, which may help on the understanding.

1. Identity Authentication Tenant

This is a free service. If you do not have it, you can apply for it by opening a SAP Ticket, if you are a cloud customer. Sometimes it is often referred to as IAS – Identity Authentication Service. Strictly speaking, this service is not a service on BTP, but an identity authentication service independently developed by SAP for better interconnection for its own cloud products. You can connect common Microsoft authentication data to IAS, and use existing user data and permissions to realize seamless login of SAP cloud products. You can also create and fill users from 0 to 1 on it, and rely heavily on IAS to realize SAP cloud Product user management.

As can be seen from the architecture diagram above, IAS plays a very critical authentication role when users log in to services on BTP through a browser. Only if the user has sufficient authority, they can access the specified services on BTP, or doing development work for their own customized applications. The combination method is not difficult. There are a lot of information in the SAP community forum. For example I ever wrote this blog post for IAS. The most easy-to-find direct entry point is the menu on the left side of the BTP cockpit screenshot above, you can see that there you can invovle an additional self-created IAS in Trust Configuration instead of just the default one privided by SAP.

It looks like this and you can discover more powerful functionalities.

2. Connectivity & Destination

This is a very important part of BTP. To understand the architecture of BTP, you must know how it works. To put it bluntly, it is a proxy, and many services must be interconnected through this component. If you are familiar with the creation and use of various services on BTP, you will probably get the design idea from SAP BTP product team, which is, you only need to maintain these connection information in BTP, and then various services can reuse them again. For example, you can import the corresponding connection information in SAP Build Apps, and obtain each OData Service of the background system at one time.

You can see that the right side of the architecture is the local on-premise system behind the firewall. It is necessary to establish a connection with BTP through the SAP Cloud Connector (described below), and then various services on the BTP can use the virtual address exposed by the connection for data processing and intercommunication. You can see the picture below I have connected BTP to two ABAP systems.

During the development process, if it is an external address, there is often a problem of cross-domain access restriction. At this time, it is necessary to establish a proxy through the Destination on the BTP, and write the user name and password information of the external address before it can be used in the application developed on the BTP. For seamless access, this also ensures that confidential information is stored in the Destination rather than in the code. The following figure is a destination connected to the S4 system, which can be directly consumed in various services of BTP, and can be called arbitrarily in Java or Javascript codes, which is very convenient.

3. Customer Subaccount

A customer subaccount is a hierarchical concept with a relatively larger granularity. It has independent user role allocation, independent computing resources, independent service allocation, independent connectivity and destination, etc. It can be said that most of the services exist in a certain customer subaccount. For example, if you bought two tenants of the SAP integration suite, they can only be allocated to two sub-accounts separately.

As mentioned earlier, through the discovery center, you can see that the services on the BTP are roughly divided into several categories, application development and automation, data and analysis, integration, and AI services. Its core idea is to move towards the direction of low-code and no-code. I have taken out several very representative and widely used services in the architecture diagram above. For example, the SAP integration suite is a tool for manipulating APIs in a code-free manner. SAP’s process automation also uses a code-free method for robot development and approval flow management. SAP’s Build Apps is a very popular code-free application development at the moment. To develop cross-platform end-to-end applications, SAP’s Build WorkZone can develop enterprise portals in a code-free way, and SAP Analytics Cloud can also develop and analyze BI reports in a low-code way. Of course, traditional professional code development tools are still active, such as Business Application Studio and Cloud Foundry runtime environment. Since BTP is based on an open source platform, various programs such as Java, Javascript, and Python are deployed and run on it. SAP also has its own developed Back-end development frameworks such as SAP CAP which can easily combine SAP’s technology stack and the external open source world.

In addition, there are many scattered services. For example, Feature Toggle can manage application switches, Document Management Service can manage documents, Event Mesh is an event queue service, and Task Center integrates various approval and notification services. With the service, Mobile Service can develop IOS or Android and so on. . .

4. SAP Cloud Connector

To put it simply, it is a reverse proxy installed on your local machine, where your S/4 HANA system lies for a private deployment. Because BTP and its services are public network concepts, resource exposure can be conveniently, safely and quickly through the cloud connector, so that you do not need to separately configure each services on BTP. If the whitelist is processed or the port is exposed, if there is a problem, you can also view the log records through the cloud connector (of course, the actual use is very stable, and there are few problems). So please remember that one end of the SAP cloud connector must be BTP, and the other end can be the ERP system, or your locally developed Java server, etc.

5. BTP Runtime

When it comes to development, some readers may not understand the concept of Cloud Foundry. In fact, it is an open source cloud platform framework. Many services on BTP are based on this environment, so you must choose it when creating it. In addition, for the convenience of development, SAP has newly added the ABAP environment and the Kyma environment. The former, as the name suggests, provides an ABAP development environment, while the latter is for some high-end players who are not satisfied with the scaling function of BTP itself and need to introduce cloud development tools such as K8S. To have a Cloud Foundry environment, you need to create a Space, which is a more confusing point mentioned above. In addition, under the Space, you can assign permissions and roles at a more granular level. For example, the development team I ever stayed in has a separate space and the space is only for us with 8 team members. The Space is usually used for isolation management from other development groups, if you are from a very big team.

Although Low Code No Code development is quite hot topic recent years, for complex, long term support applications, especially those who need resilience, CI/CD, etc, still professional development is necessary. And BTP runtime here provides a powerful platform together with web IDE called “Business Application Studio”. This is something like Microsoft Visual Studio code, but have better integration to SAP’s solution like S/4 HANA and SAP HANA Cloud database, via connectivity and  destinations mentioned above.

Summary

I don’t plan to list all details here as SAP BTP contains too many services, and each service may contain thousands of details… But this is the starting point, for you to begin the PAAS journey in a holistic way.