Getting Started with SAP Private Link Service for ...

Martin-Pankraz · ‎12-29-2021

NEWS FEED (shortened)

18.04.24: SAP added Azure IoT Hub to SAP Private Link 😍

21.02.24: SAP Kyma guidance for SAP Private Link published
15.06.23: SAP added Azure OpenAI service and Azure Cache for Redis support to SAP Private Link 😍
13.03.23 SAP added Azure Storage Account support to SAP Private Link and shared a sample with SAP Integration Suite inspired by customer implementation
09.02.23 SAP released Azure Machine Learning for SAP Private Link.
01.12.22: Adjusted guidance for end-to-end TLS regarding automatically obtained certificates from well-known authorities (CA) via Azure Key Vault. That includes auto-renewal bringing down your maintenance effort a lot.
22.08.22: Official guidance by SAP for SAP Build Workzone and Cloud Integration using Private Link for http based communication. Check out the SAP samples repos for config details. For non-http communication still look at part 2 of the series.

Dear community,

I am running a series of blog posts around the topic of #SAP Private Link service with Azure. My primary goal is sharing service implementation experience and possible applications of this new BTP service through its journey since Beta and General Availability in June 2022. Ideally it gives you a kickstart into your own journey of private connectivity on BTP.

Of we go to link what was meant to be linked, I solemnly pinkie swear - private linky I mean 😉

Going forward I will always refer to SAP Private Link Service in short with PLS.

📢Check the first customer success story

FrieslandCampina moved their productive SAP BTP Cloud Integration use case with Azure Storage Account to SAP Private Link in a couple of hours.

Jul 2nd, 2022: Joint GA announcement Session with sven.kohlhaas from SAP

Jul 24, 2021: First introductory Session from early stages of PLS beta! 🎥YouTube Webcast link.

Find you way around the blog series with below tables.

Azure PaaS scenarios

Connecting to Azure PaaS databases Featured service: MySQL, MariaDB	Describes Azure PaaS connectivity options from BTP illustrated with an example app deployed in CloudFoundry environment consuming MySQL on Azure. See the available database spectrum here.
Inspect your traffic coming from BTP with the Azure App Gateway web application firewall "Simplify the link architecture and increase security" Featured service: Azure Application Gateway, Azure API Management	Learn how to configure the Azure Application Gateway for SAP Private Link and connect to your Azure PaaS Services like Functions, API Management, Data Lake, App Service etc.
Global scale for shop-floor scenarios blending SAP S4 data "Guaranteed speed at any scale" Featured service: Azure Cosmos DB	Learn how to spin up an architecture with the distributed Cosmos DB using SAP Private Link to cope with global scale requirements. See the available database spectrum here.
🆕OData integration for any Azure PaaS "Enabling SAP CAP to talk OData with anyone on Azure" Featured service: Azure App Service, Azure Cosmos DB	Learn how to apply an OData proxy to enable every Azure SDK for any PaaS service to respond to OData requests. This way SAP CAP may natively interact with those services without the need to add the respective SDK. As a result development concerns can be separated.
🧠Quickly summarize security threats from your BTP Audit Log using a private instance of Azure OpenAI ... Featured service: Azure OpenAI	Learn how to reason and summarize security threats in your SAP BTP instance via The SAP BTP Audit Log. SAP CAP serves as interface to present the results and a private fully isolated instance of Azure OpenAI is connected via the SAP Private Link.

SAP PaaS scenarios

SAP Private Link service use cases for SAP Cloud Integration and SAP Launchpad 📢Official SAP sample Featured service: SAP Build Workzone, Integration Suite, Azure Standard Load Balancer	Learn how to integrate SAP Build WorkZone or SAP Integration Suite privately with your workloads on Azure.
🆕Expand your file storing needs from SAP Cloud Integration to Azure Storage Account (Blob) 📢Official SAP sample Featured Service: SAP Integration Suite, Azure Storage Account (Blob) 📢Success Story with FrieslandCampina	Learn how to enable file interactions on Azure Cloud Storage via SAP Cloud Integration.

Azure Standard Load Balancer scenarios

Part1 Introductory post to the series "Whatever happens in an Azure and SAP Private Linky swear, stays in the linky swear! An implementation story of the Private Link Service for Azure."	Understand SAP Private Link Service and its connectivity scope. I show how to perform OData calls via the private tunnel using SAP Cloud SDK for Java/CAP.
Part 2 Expose PLS to SAP Cloud Integration (specifically CPI) "Business as usual for iFlows with Private Link Service" 📢featured post by SAP for Integration Suite and Launchpad Service	Add cf proxy app to enable CPI to route calls through PLS. If SAP implements direct "line of sight" for Cloud Integration, Connectivity service and PLS we would no longer need an app to proxy.
Part 3 Consider architecture impact - broaden scope to production environments "How many pinkies do I need? Architecture impact of Private Link Service."	Shedding light on the different deplyoment modes given by your SAP architecture.
Part 4 Focus on development environment "How do I debug and test with live data via Private Link Service?"	Learn how to enable debugging and proper testing with live data while using the PLS from SAP Business Application Studio or Visual Studio Code locally.
Part 5 Implement SAP Principal Propagation via PLS "Propagate your SAP principels via Private Link Service"	Describes SAP Principal Propagation – cf user mapping to SAP backend users.
Part 6 Restrict access to your PLS exposed backend endpoints "Keep the auditor happy with Private Link Service"	Understand the means, limitations and "places" to maintain backend access restrictions when using PLS.
Part 7 Implement end-to-end SSL when using PLS "How to setup SSL end-to-end with Private Link Service"	Learn how to setup SAP Personal Security Environment and BTP Destinations to ensure end-to-end communication encryption.
Part 8 Use SAP Cloud Connector or Private Link or both? "Combine best of both worlds"	Learn the ins and outs of both BTP connectivity options and gain insights into SAP's roadmap
Part 9 Expose your Azure Kubernetes Service hosted apps to BTP "How to spin up single service PLS with kubectl for Java on BTP"	Learn how to connect your apps running in Azure Kubernetes Service to SAP BTP workloads via the SAP Private Link.

SAP Roadmap for PLS

Fig.1 Screenshot from SAP+Microsoft joint roadmap webcast session

Pay attention to the free text notes that Sven put next to the tiles.

For latest news and committed features please have a look at the SAP RoadMap Explorer.