Installation
Deploying the Link application will require a SAP Cloud Foundry subscription or a SAP Cloud Foundry Trial.
Cloud Foundry Tools can be downloaded at: https://tools.hana.ondemand.com/#cloud
sapcc is an appliance provided by SAP for accessing on-premise SAP servers using secure outbound tunnel to SAP Cloud Platform.
You cannot use more than one Cloud Connector in the same subaccount. You can use a single Cloud Connector hooked up to multiple SAP backends or different Cloud Connectors in different subaccounts (for example, if you want to put your production endpoints in a different subaccount than your QA ones or you want a second Cloud Connector server for your production system), but if you install multiple cloud connectors in the same subaccount, you will have problems when attempting to connect to them via Link. SAP BTP will let you do it, but it won't work.
Many customers choose to use separate connectors for their dev and production instances, so just be aware that this must be done in separate subaccounts.
The subaccount certificates in SAP Business Technology Platform expire annually. Renewing them is simple (just a click), but if not done all connectivity through Cloud Connectors in the subaccount will be lost.
This article outlines how to do this:
https://blogs.sap.com/2020/01/11/sap-cloud-connectivity-issues-due-to-expired-certificate
Use the SAP Cloud Connector install guide or use a community provided docker image.
- If installing on Windows, it is recommended to use sapjvm - Windows x64 in place of the Oracle JVM/JDK. sapcc needs the JDK, will not run with just the JRE/JVM.
- Extract zip file and copy the whole folder to
C:\sap\
- Create new system environment variable
JAVA_HOME=C:\SAP\sapjvm_8
- Append
;C:\SAP\sapjvm_8\bin
to the systemPath
environment variable
- Set JDK path to
C:\SAP\sapjvm_8
- Login to Cloud Connector Administration portal with default credentials. (Assumes default port of 8443)
- User:
Administrator
- Password:
manage
Add subaccount
- Region: This should match the region of the subaccount in cloud foundry, check your subaccount or trial subaccount and ensure the region listed in the subaccount matches the region selected when adding the subaccount.
- Subaccount: the value is the Id of the subaccount and not the SubDomain. The ID can be obtained using the info hover or the details tab in the SAP Cloud Platform Cockpit.
- Display Name: enter the subdomain Subaccount User & Password: Use an authorized user account in the subdomain. If you started a trial use your trial credentials.

Subaccount
Cloud to on-premise
In the subaccount add a new System Mapping.
- Back-end Type: Other SAP System
- Protocol: HTTP
- Internal Host: dns name or ip of the SAP ECC/S4 HANA system
- Internal Port: port, e.g. http port 8000
- Virtual Host: create a unique name for the virtual host. (e.g. sap-dev)
- Virtual Port: 80
- Principal Type: None
- Host In Request Header: Use Virtual Host
- Description: leave blank or provide the system name.
- In the summary check the checkbox (Check Internal Host) [X]
- Click [Finish]
Under Resources add a Resource
- URL Path:
/enosix/paca
- Active: [X]
- Access Policy: (x) Path And All Sub-Paths

Subaccount
The space Link is deployed to will need to have a connectivity service provisioned with the instance name of
connectivity
, although it can be configured to use a specific instance. Configuring the connectivity instanceUse the cloud foundry CLI with the following
manifest.yaml
template.---
applications:
- name: enosix-link-<company-name> # Add your company name
random-route: true # Remove this line in the production space
memory: 128M
docker:
image: enosix/link:stable
services:
- connectivity
health-check-type: http
health-check-http-endpoint: /health
env:
#Logging__LogLevel__Default: Trace # Used to enable detailed trace logging for submitting issues
Routes__ConnectivityInstance: connectivity
Routes__dev__ConcurrentRequests: 10 # Throttle link to a limited number of requests concurrently, in order to reduce memory constraints.
Routes__dev__Token: 3de65974f59e200ef27e8ecfb84437f7 # Rename to a unique secret token
Routes__dev__Url: http://sap-dev:80/enosix/paca # Should match to the path of a virtual host configured in sapcc
- Copy the
manifest.yaml
into a local file. The template should be copied twice into a production and non production versions. - The
<company-name>
token on line 4 needs to be replaced with your company name in all lowercase without spaces. - The next line
random-route
needs to be removed if deploying to a production space. - The environment variable
Routes__ConnectivityInstance
must contain the instance name of the connectivity service to access in the space the Link app will be deployed. - The
manifest.yaml
template will need to be created and configured to match the virtual systems in cloud foundry. Under the env node of the file, configure the routes entries for each sap virtual host. The format for each route isRoutes__<name>__
, with an entry for each Token and Url.
Using the cloud foundry cli, use the command
cf push
in the directory where the configured manifest.yaml
is located to deploy to cloud foundry. After deployment the application will be accessible as a route in cloud foundry, this route plus the configured token parameter can be used to access the connected SAP system.Note: The path where
cf push
is executed will have all files bundle up and pushed to cloud foundry. Use an empty directory with only the manifest.yaml
file to avoid unnecessary uploads.Pushing from manifest to org ****** / space ****** as ****************...
Using manifest file /Users/******/link/manifest.yaml
Getting app info...
Updating app with these attributes...
name: enosix-link
docker image: enosix/link:stable
command: /bin/sh -c dotnet link.dll
disk quota: 1G
health check http endpoint: /health
health check type: http
instances: 1
memory: 128M
stack: cflinuxfs3
services:
connectivity
env:
Routes__ConnectivityInstance
Routes__dev__Token
Routes__dev__Url
Updating app link...
Mapping routes...
Stopping app...
Waiting for app to start...
name: link
requested state: started
routes: enosix-link.cfapps.us10.hana.ondemand.com
last uploaded: Mon 1 Jan 12:00:00 EST 2000
stack:
docker image: enosix/link:stable
type: web
instances: 1/1
memory usage: 128M
start command: /bin/sh -c dotnet link.dll
state since cpu memory disk details
#0 running 2020-02-13T21:34:01Z 7.3% 23.3M of 128M 158.9M of 1G
To view logs from the application use cli command
cf logs link
To view detailed logs uncomment the env node Logging__LogLevel__Default: Trace
by removing the leading #
, the redeploy with cf push
.With template above. With route named dev the token is
3de65974f59e200ef27e8ecfb84437f7
, the deployment to cloud foundry assigned route of enosix-link.cfapps.us10.hana.ondemand.com
thus the url to access the sap-ecc-dev
system will be: https://enosix-link.cfapps.us10.hana.ondemand.com/3de65974f59e200ef27e8ecfb84437f7
https://enosix-link.cfapps.us10.hana.ondemand.com/3de65974f59e200ef27e8ecfb84437f7
- [sapcc] -> http://sap-ecc-dev:80/enosix/paca
Access the route with the token, it should prompt for authentication. Test using a valid SAP username and password.
Last modified 1yr ago