Installation

Get SAP Cloud Foundry account

Deploying the Link application will require a SAP Cloud Foundry subscription or a SAP Cloud Foundry Trial.
Note: when using a trial the app will shut down after a few hours every day. Create Trial

Access Cloud Foundry

Cloud Foundry Tools can be downloaded at: https://tools.hana.ondemand.com/#cloud

Install and configure SAP Cloud Connector (sapcc) on-premise component

sapcc is an appliance provided by SAP for accessing on-premise SAP servers using secure outbound tunnel to SAP Cloud Platform.

Important Cloud Connector Notes/Warnings

Only one Cloud Connector per subaccount

You cannot use more than one Cloud Connector in the same subaccount. You can use a single Cloud Connector hooked up to multiple SAP backends or different Cloud Connectors in different subaccounts (for example, if you want to put your production endpoints in a different subaccount than your QA ones or you want a second Cloud Connector server for your production system), but if you install multiple cloud connectors in the same subaccount, you will have problems when attempting to connect to them via Link. SAP BTP will let you do it, but it won't work.
Many customers choose to use separate connectors for their dev and production instances, so just be aware that this must be done in separate subaccounts.

Cloud Connector Security Certificate Expires Annually

The subaccount certificates in SAP Business Technology Platform expire annually. Renewing them is simple (just a click), but if not done all connectivity through Cloud Connectors in the subaccount will be lost.

Install

Use the SAP Cloud Connector install guide or use a community provided docker image.

Configuration

Add subaccount
  • Region: This should match the region of the subaccount in cloud foundry, check your subaccount or trial subaccount and ensure the region listed in the subaccount matches the region selected when adding the subaccount.
  • Subaccount: the value is the Id of the subaccount and not the SubDomain. The ID can be obtained using the info hover or the details tab in the SAP Cloud Platform Cockpit.
  • Display Name: enter the subdomain Subaccount User & Password: Use an authorized user account in the subdomain. If you started a trial use your trial credentials.
Subaccount
Cloud to on-premise
In the subaccount add a new System Mapping.
  • Back-end Type: Other SAP System
  • Protocol: HTTP
  • Internal Host: dns name or ip of the SAP ECC/S4 HANA system
  • Internal Port: port, e.g. http port 8000
  • Virtual Host: create a unique name for the virtual host. (e.g. sap-dev)
  • Virtual Port: 80
  • Principal Type: None
  • Host In Request Header: Use Virtual Host
  • Description: leave blank or provide the system name.
  • In the summary check the checkbox (Check Internal Host) [X]
  • Click [Finish]
Under Resources add a Resource
  • URL Path: /enosix/paca
  • Active: [X]
  • Access Policy: (x) Path And All Sub-Paths
Subaccount

Configure Connectivity service in SAP Cloud Foundry

The space Link is deployed to will need to have a connectivity service provisioned with the instance name of connectivity, although it can be configured to use a specific instance. Configuring the connectivity instance

Network connectivity

If your on-premise network requires whitelisting of IP addresses, the correct entries can be found here and here.

Configure Link to match sapcc on-premise configuration

Use the cloud foundry CLI with the following manifest.yaml template.
1
---
2
applications:
3
- name: enosix-link-<company-name> # Add your company name
4
random-route: true # Remove this line in the production space
5
memory: 128M
6
docker:
7
image: enosix/link:stable
8
services:
9
- connectivity
10
health-check-type: http
11
health-check-http-endpoint: /health
12
env:
13
#Logging__LogLevel__Default: Trace # Used to enable detailed trace logging for submitting issues
14
Routes__ConnectivityInstance: connectivity
15
Routes__dev__ConcurrentRequests: 10 # Throttle link to a limited number of requests concurrently, in order to reduce memory constraints.
16
Routes__dev__Token: 3de65974f59e200ef27e8ecfb84437f7 # Rename to a unique secret token
17
Routes__dev__Url: http://sap-dev:80/enosix/paca # Should match to the path of a virtual host configured in sapcc
Copied!

Configuration

  • Copy the manifest.yaml into a local file. The template should be copied twice into a production and non production versions.
  • The <company-name> token on line 4 needs to be replaced with your company name in all lowercase without spaces.
  • The next line random-route needs to be removed if deploying to a production space.
  • The environment variable Routes__ConnectivityInstance must contain the instance name of the connectivity service to access in the space the Link app will be deployed.
  • The manifest.yaml template will need to be created and configured to match the virtual systems in cloud foundry. Under the env node of the file, configure the routes entries for each sap virtual host. The format for each route is Routes__<name>__, with an entry for each Token and Url.

Deploy to Cloud Foundry and verify connectivity

Using the cloud foundry cli, use the command cf push in the directory where the configured manifest.yaml is located to deploy to cloud foundry. After deployment the application will be accessible as a route in cloud foundry, this route plus the configured token parameter can be used to access the connected SAP system.
Note: The path where cf push is executed will have all files bundle up and pushed to cloud foundry. Use an empty directory with only the manifest.yaml file to avoid unnecessary uploads.

Sample output from cf push

1
Pushing from manifest to org ****** / space ****** as ****************...
2
Using manifest file /Users/******/link/manifest.yaml
3
Getting app info...
4
Updating app with these attributes...
5
name: enosix-link
6
docker image: enosix/link:stable
7
command: /bin/sh -c dotnet link.dll
8
disk quota: 1G
9
health check http endpoint: /health
10
health check type: http
11
instances: 1
12
memory: 128M
13
stack: cflinuxfs3
14
services:
15
connectivity
16
env:
17
Routes__ConnectivityInstance
18
Routes__dev__Token
19
Routes__dev__Url
20
21
Updating app link...
22
Mapping routes...
23
24
Stopping app...
25
26
Waiting for app to start...
27
28
name: link
29
requested state: started
30
routes: enosix-link.cfapps.us10.hana.ondemand.com
31
last uploaded: Mon 1 Jan 12:00:00 EST 2000
32
stack:
33
docker image: enosix/link:stable
34
35
type: web
36
instances: 1/1
37
memory usage: 128M
38
start command: /bin/sh -c dotnet link.dll
39
state since cpu memory disk details
40
#0 running 2020-02-13T21:34:01Z 7.3% 23.3M of 128M 158.9M of 1G
Copied!

Application logs

To view logs from the application use cli command cf logs link To view detailed logs uncomment the env node Logging__LogLevel__Default: Trace by removing the leading #, the redeploy with cf push.

Routing explained

With template above. With route named dev the token is 3de65974f59e200ef27e8ecfb84437f7, the deployment to cloud foundry assigned route of enosix-link.cfapps.us10.hana.ondemand.com thus the url to access the sap-ecc-dev system will be: https://enosix-link.cfapps.us10.hana.ondemand.com/3de65974f59e200ef27e8ecfb84437f7
https://enosix-link.cfapps.us10.hana.ondemand.com/3de65974f59e200ef27e8ecfb84437f7 - [sapcc] -> http://sap-ecc-dev:80/enosix/paca

Testing & Connectivity Verification

Access the route with the token, it should prompt for authentication. Test using a valid SAP username and password.
Last modified 5mo ago