SAP HANA Cloud Connector Solution Brief

Similar documents
SAP BusinessObjects Information Design Tool 4.0. UNV Universe Conversion

SCM605 Sales Processing in SAP ERP

SCM610. Delivery Processing in SAP ERP COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

Business One in Action 'Quantity falls below the minimum inventory level' is received and the document cannot be saved. How can this be resolved?

PLM318: Analytics in Enterprise Asset Management

BIT600. SAP Business Workflow: Concepts, Inboxes, and Template Usage COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

CR100. CRM Customizing Fundamentals COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

TCRM10 CRM Fundamentals I

SCM601. Processes in Logistics Execution COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

SAPSCM. Overview of the SAP Supply Chain Management Application COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

CR500. CRM Middleware COURSE OUTLINE. Course Version: 10 Course Duration: 2 Day(s)

SCM550. Cross-Functional Customizing in Materials Management COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

SMP140 SAP Mobile Platform 3.0 for Solution Architects

EWM120. Extended Warehouse Management Customizing - Part II COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

TEWM12 SAP Extended Warehouse Mangement II (SAP EWM)

SAP BusinessObjects DQM, version for SAP Solutions, XI 3.1 SP1 Solaris

AC605 Profitability Analysis

SCM525. Consumption-Based Planning and Forecasting COURSE OUTLINE. Course Version: 010 Course Duration: 2 Day(s)

FS242. Deposits Management in Banking Services from SAP 8.0 COURSE OUTLINE. Course Version: 10 Course Duration: 4 Day(s)

SAPCRM SAP CRM Solution Overview

SMP230 SAP Mobile Platform 3.0 for Enterprise Architects

Solution Manager Integration

AC410 Cost Center Accounting

BOE330. SAP BusinessObjects Business Intelligence Platform: Designing and Deploying a Solution COURSE OUTLINE

SAP How-To Guide for MDG-F ALE Replication from MDG Hub to ERP Using the Same Client

Business One in Action - How to change the valuation method of an item?

AC202. Accounting Customizing II: Special G/L Transactions, Document Parking, Substitutions/Validations, Archiving FI COURSE OUTLINE

ADM110. SAP System Installation and Patching COURSE OUTLINE. Course Version: 15 Course Duration: 4 Day(s)

EWM110. Extended Warehouse Management - Customizing COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

Master Data Governance for Financials (MDG-F) when running on SAP ECC 6.0 EHP5 and newer.

HR505. Organizational Management COURSE OUTLINE. Course Version: 010 Course Duration: 4 Day(s)

Business One in Action - How To Set Up Sales Discounts Per Warehouse?

Business One in Action - Why does an item which is defined as a Sales BOM show 100% as gross profit in the Gross Profit window?

TM430. Strategic Freight Management in SAP Transportation Management COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)8 Hours

IBP200. SAP Integrated Business Planning - Platform Features and Customizing COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

SMP130. SAP Mobile Platform for Enterprise Architects COURSE OUTLINE. Course Version: 10 Course Duration: 2 Day(s)

SCM520. Purchasing COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

TM215. LSP Based Planning and Execution in SAP Transportation Management COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Manoj Narang. Summary. Author Bio

Duet Enterprise Uploading and Accessing SAP DMS Documents in a Starter Services Workspace

SCM310 Production Orders

SUS300. Product Safety and Stewardship Overview COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

PLM230. SAP Project System Controlling COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

Business One in Action Alternative Items in Marketing Document

Manage Xcelsius Add-ons Using the XLX file

BO100. Reporting with SAP BusinessObjects BI Solutions for SAP NetWeaver BW COURSE OUTLINE. Course Version: 15 Course Duration: 20 Hours

AC010. Business Processes in Financial Accounting COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

2010 SAP AG. All rights reserved. / Page 2

SAPBPM. SAP Business Process Management COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

PLM120 Document Management

MOB320. SAP Agentry Work Manager for IBM Maximo COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

BPC440 SAP Business Planning and Consolidation: Consolidation

Enabling SRM Workflow for External Purchase Requisitions

SCM212. Core Interface and Supply Chain Integration COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

BOX310. SAP BusinessObjects Dashboards 4.1 COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

EWM100. Extended Warehouse Management - Processes COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

TTM12. SAP Transportation Management II (SAP TM) COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

PLM114 Basic Data for Production

ADM540. Database Administration SAP ASE for SAP Business Suite COURSE OUTLINE. Course Version: 16 Course Duration: 3 Day(s)

CRM Worklist: Private Office Settings in Web-UI- How to Maintain Private office Settings

EWM100. Processes in SAP Extended Warehouse Management - Overview COURSE OUTLINE. Course Version: 16 Course Duration: 5 Day(s)

Integrating SAP Investigative Case Management for Public Sector with Advanced Analysis in Palantir

WebDAV & remote support platform for SAP Business One

Migration from SAP BO PC 7.5 NW Version to SAP BO PC 10 NW Version

SAP BusinessObjects BI Platform

SM100. SAP Solution Manager Configuration for Operations COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

ADM328 SAP ECC Upgrade and EHP Installation

AC210. New General Ledger Accounting (in SAP ERP) COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

SCM515 Invoice Verification

TBW50 SAP BW Data Acquisition

DEV355. Data Modeling with PowerDesigner 16.5 COURSE OUTLINE. Course Version: 15 Course Duration: 4 Day(s)

Delta Overview Student Lifecycle Management EHP 4 (Business Suite 7)

SCM670 Global Available-to-Promise

AC305 Asset Accounting

SAP Best Practices for Subsidiary Integration in One Client Consolidation Preparation: Intercompany Reconciliation

HR580. Analytics and Reporting in HCM COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

SCM510 Inventory Management and Physical Inventory

SAP. SAP New Technology Co-Innovation with Customers SAP

SCM510 Inventory Management and Physical Inventory

Business One in Action - How to generate a report showing a list of AR Invoices paid through cheques?

Business One in Action How does SAP Business One Deal with Realized and Unrealized Exchange Rate Differences?

EHP4 for SAP ERP 6.0 March 2010 English. Sundry Customer (Z157) Business Process Documentation. SAP AG Dietmar-Hopp-Allee Walldorf Germany

What are the Specifics Concerning the Authorizations of a Composite Provider?

Asset Acquisition through Direct Capitalization. SAP Best Practices

SAP Enterprise Inventory & Service-Level Optimization (SAP EIS formerly SmartOps) and APO

SAP BusinessObjects GRC 10.0 Integration Guide Access & Process Control 10.0

TERP10. SAP ERP Integration of Business Processes COURSE OUTLINE. Course Version: 16 Course Duration: 10 Day(s)

Debit Memo Processing. SAP Best Practices

SAP Best Practices for Subsidiary Integration in One Client Intercompany Revenue Planning and Reporting with CO-PA

Rework Processing (Stock-Manufactured Material) SAP Best Practices

Sales Quotation. SAP Best Practices

BW Workspaces Use Cases

Handling of Structured Articles in ECC 6.0 at the time of PO,GR and SO

Portfolio and Project Management 5.0: Microsoft Project Server Import and Export

How to Integrate SAP Crystal Server with SAP Business One

How to Implement a Metadata Management Universe using Information Steward

Quality Management for Procurement with Vendor Evaluation. SAP Best Practices

Sales Order Processing with Collective Billing. SAP Best Practices

E-Recruitment: Adding Additional Tab to Requisition Maintenance

Transcription:

SAP HANA Cloud Connector Solution Brief Applies to: SAP HANA Cloud Connector, SAP HANA Cloud Platform Summary This document is a solution brief about the SAP HANA Cloud connector, the secure and reliable on-demand to on-premise connectivity solution of the SAP HANA Cloud Platform. SAP SE, December 2014 SAP HANA CLOUD PLATFORM hcp.sap.com 2014 SAP SE 1

Table of Contents Introduction... 3 Target audience... 3 Solution Overview... 3 Security... 4 Enterprise Ready for Business Applications... 5 Ease of Use... 5 On-premise Extension Scenarios... 5 Connectivity to HANA Database in the Cloud... 6 2014 SAP SE 2

Connectivity Made Easy with SAP HANA Cloud Connector Introduction The SAP HANA Cloud Platform (shortly, HCP) is a Platform-as-a-Service (shortly, PaaS) offering that enables developers to build, extend, and run applications in the cloud. It is the industry s only in-memory cloud platform powered by the SAP HANA database. It provides developers a set of application and database services and features native HANA and open Java developer experiences. HCP provides out-of-the-box connectivity to customers on-premise landscapes which allows easy and secure integration of cloud applications with systems running in protected customer networks. This enables hybrid scenarios and allows customers to innovate in areas like mobile, social or big data using SAP s HCP platform. By this, customers can save investments made in their on-premise IT assets, while taking advantage of cloud benefits at the same time, such as low TCO, faster development cycles or rapid ramp-up time, and thus save time, cost and complexity compared to conventional integration products. Target audience CTOs System and IT administrators Solution architects This document does not replace the HCP documentation [1], documentation of the Cloud Connector [2], the Cloud Connector s operator s guide [3] or its security whitepaper [4]. Solution Overview The SAP HANA Cloud Connector (shortly, Cloud Connector) enables hybrid scenarios in which cloud applications access and extend on-premise systems, or on-premise database tools connect to HANA databases on SAP HANA Cloud Platform. It establishes secure technical connectivity between HCP accounts and a protected on-premise network, and can be combined with higher-level SAP integration solutions, like SAP HANA Cloud Integration for process integration. The Cloud Connector thereby acts as an integration component running in the on-premise network that is able to establish secure and reliable connectivity from the on-premise network to accounts on HCP, each connected HCP account requiring separate authentication and coming with an own set of configuration. Once connectivity is established, applications running in the related HCP account are able to access on-premise systems which have been configured as accessible resources in the Cloud Connector. An arbitrary number of SAP and non-sap on-premise systems can be used with a single Cloud Connector instance, and it is not necessary to touch an on-premise system in order to use it in combination with the Cloud Connector, unless trust shall be configured between the Cloud Connector and the system (this is needed for principal propagation, for instance). The Cloud Connector provides administration and monitoring capabilities, like fine-grained access control of the onpremise resources exposed to the cloud, a whitelisting of cloud applications which are authorized to use the Cloud Connector at all, an auditing service, usage of a corporate LDAP for authentication of the Cloud Connector administration UI, and others. The Cloud connector can be optionally operated in a high availability mode in which a second redundant so-called shadow Cloud Connector is installed which takes over from the master instance once it becomes unavailable. The Cloud Connector also takes care to automatically re-establish connections in case they break due to temporary network issues. The Cloud Connector can also be used to connect on-premise database tools via JDBC/ODBC connections to databases running on HCP. The database traffic is then forwarded through the encrypted tunnel of the Cloud Connector to the target database in the cloud. For inbound communication, the Cloud Connector supports HTTP and RFC as protocols, and JDBC/ODBC access for outbound connectivity. Java and XS applications running on HCP can use arbitrary REST- or SOAP-APIs to call onpremise Web Services through the Cloud Connector. Java applications can additionally use SAP Java Connector API (a.k.a. JCo) for direct access of on-premise ABAP systems. 2014 SAP SE 3

The Cloud Connector also supports principal propagation, i.e. a reliable forwarding of the user identify of the cloud user to an on-premise system. This is often needed for scenarios where the identity of the end user must be propagated to the on-premise system in order to do reasonable actions, like for instance booking vacation for an employee in a leave request application running in the cloud that is connected to an on-premise ERP system. Figure 1 shows how the landscape looks like if the Cloud Connector is used for secure connectivity between HCP applications and on-premise networks. Figure 1 Typical cloud/on-premise connectivity landscape using SAP HANA Cloud Platform and the Cloud Connector Security Security is one of the major topics considered by the Cloud Connector. Following core principles have been taken into account from day one of its development: Ability to keep on-premise firewalls closed to inbound traffic: It should not be necessary to open firewall ports for inbound traffic to an on-premise network in order to make on-premise resources accessible for HCP cloud applications. Open ports in a company s firewall increase the attack vector and usually require complex audits and discussions with central IT departments before being approved. The Cloud Connector is able to establish the connection to HCP accounts by so-called reverse invoke approach, i.e. the connection is established from within the on-premise network to the cloud. Give full control over the connectivity to HCP into hands of on-premise IT staff: The IT staff on the on-premise side should have full control when to open or close connectivity via the Cloud Connector to HCP, to which HCP accounts to establish a connection, which systems and resources to expose to the connected HCP accounts, and which cloud applications to authorize to use the connectivity at all. There is no possibility to control and change those configurations from cloud side. End-to-end encryption between the Cloud Connector and HCP: The Cloud Connector takes care to encrypt all traffic sent over the connection, independent of the used protocols. The communication between the cloud application and the Cloud Connector is always TLS-encrypted so that confidentiality is guaranteed. 2014 SAP SE 4

Mutual authentication between Cloud Connector and connected HCP endpoints: To ensure that only trusted parties communicate with each other, mutual authentication between the Cloud Connector and connected HCP endpoints is performed when establishing new connections. Isolation of HCP accounts: The platform takes care of strong isolation of HCP accounts and their resources, so that it is impossible for applications of one account to use the connectivity to an on-premise network of a different account. Further security details and guidelines can be found in the Cloud Connector security whitepaper. Enterprise Ready for Business Applications The Cloud Connector is designed for being used by business critical applications. It provides enterprise-grade features like high availability to ensure 24x7 availability of the connectivity between the related on-premise network and the cloud, or a reliable way to propagate a cloud user identity to connected on-premise systems. It allows authenticating trusted Cloud Connector instances towards security-critical on-premise systems by using X.509 certificates, and provides an audit log for which the integrity can be verified. The Cloud Connector is administrated by a Web UI for which a corporate LDAP system can be used to authenticate administrator users of Cloud Connector. Ease of Use Installation, upgrade and configuration of the Cloud Connector are easy tasks and can be done in minutes rather than hours. No big and cost intensive IT projects are needed to setup the landscape for hybrid scenarios and to establish secure connections to HCP. The Cloud Connector as well as HCP provide intuitive, easy to use administration UIs to setup and configure applications and its connectivity. This allows setting up and operating the Cloud Connector either centrally by an IT department, as well as by IT experts close to the line-of-business. Scenarios The Cloud Connector is built and recommended for following scenarios. On-premise Extension Scenarios In an on-premise extension scenario HCP applications extend existing on-premise applications or integrate with onpremise systems. By using the cloud for such extensions, a customer can benefit from typical cloud advantages like low TCO, faster innovation cycles and low risk of breaking running systems. The cloud connector serves as integration component for secure and reliable connectivity between HCP and the needed systems in the customer network. A typical landscape setup is shown in Figure 2 below. A few examples for this scenario are: Web shop application running in the cloud that integrates with an on-premise business suite for triggering sales orders. Analysis and monitoring application in the cloud that analyzes real-time data on HANA and triggers alerts or maintenance requests in a connected on-premise CRM system when certain events happen. Employee or manager self-service applications which shall be accessible on mobile devices and outside of the company Intranet and integrate with on-premise ERP systems. The Cloud Connector fits well for point-to-point integration scenarios in which cloud applications directly integrate with on-premise systems, as well as for more complex process integration scenarios, in which an Enterprise Service Bus, like HANA Cloud Integration for process integration, is used to orchestrate processes between business partners. Compared to traditional reverse proxy approaches where on-premise resources are made available to an external application via special firewall and DMZ configurations, the Cloud Connector has several advantages: It does not require configuration and changes in a company s firewall and exposure of service endpoints to the internet. Attacks from the internet, like DoS, are not possible and thus its connectivity is significantly more secure compared to a reverse proxy set ups. It supports the RFC protocol and allows direct access to ABAP systems from cloud applications. It allows propagation of the cloud user identity in a trusted manner to connected on-premise target systems. 2014 SAP SE 5

It is easy to set up and configure in minutes and does not require complex and expensive IT projects to be introduced. It can also be operated in the line-of-business. Figure 2 Typical landscape setup of an on-premise extension scenario Connectivity to HANA Database in the Cloud A second scenario for which the cloud connector can be used is to connect on-premise database tools to HANA databases in the cloud. With this, it is possible to use existing on-premise analysis tools, like SAP Business Objects Enterprise or Lumira, as well as replication and ETL tools, like SAP Landscape Transformer or SAP Data Services, in combination with HANA in the cloud. Figure 3 shows a typical landscape set up for this scenario. Figure 3 Typical landscape setup how to connect remote database tools with HANA on HCP 2014 SAP SE 6

References [1] SAP HANA Cloud Platform documentation https://help.hana.ondemand.com/help/frameset.htm [2] SAP HANA Cloud connector documentation https://help.hana.ondemand.com/help/frameset.htm?e6c7616abb5710148cfcf3e75d96d596.html [3] Operator s guide for SAP HANA Cloud connector https://help.hana.ondemand.com/help/frameset.htm?2dded649c62c4fd8a65933f497042f14.html 2014 SAP SE 7

Copyright Copyright 2014 SAP SE. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iseries, pseries, xseries, zseries, eserver, z/vm, z/os, i5/os, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Oracle Corporation. JavaScript is a registered trademark of Oracle Corporation, used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP SE and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. 2014 SAP SE 8

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback