Installation

Link
Surface Connect Release Notes
Search…
Overview
Installation
Transition from an SAP trial account to a production account
Update to a new release
Disable the Landing Page
Checkly API monitoring
Configure Cookie Injection
Terms
Installation
Get SAP Cloud Foundry account
Deploying the Link application will require a SAP Cloud Foundry subscription or a SAP Cloud Foundry Trial.
Note: when using a trial the app will shut down after a few hours every day. Create Trial​
Access Cloud Foundry
​SAP Cloud Foundry Trial or SAP Cloud Foundry​
Cloud Foundry Tools can be downloaded at: https://tools.hana.ondemand.com/#cloud
Install and configure SAP Cloud Connector (sapcc) on-premise component
sapcc is an appliance provided by SAP for accessing on-premise SAP servers using secure outbound tunnel to SAP Cloud Platform. 
​Cloud Connector Security Details from SAP​
Important Cloud Connector Notes/Warnings
Only one Cloud Connector per subaccount
You cannot use more than one Cloud Connector in the same subaccount.  You can use a single Cloud Connector hooked up to multiple SAP backends or different Cloud Connectors in different subaccounts (for example, if you want to put your production endpoints in a different subaccount than your QA ones or you want a second Cloud Connector server for your production system), but if you install multiple cloud connectors in the same subaccount, you will have problems when attempting to connect to them via Link.  SAP BTP will let you do it, but it won't work.
Many customers choose to use separate connectors for their dev and production instances, so just be aware that this must be done in separate subaccounts.
Cloud Connector Security Certificate Expires Annually
The subaccount certificates in SAP Business Technology Platform expire annually.  Renewing them is simple (just a click), but if not done all connectivity through Cloud Connectors in the subaccount will be lost.  
This article outlines how to do this:
https://blogs.sap.com/2020/01/11/sap-cloud-connectivity-issues-due-to-expired-certificate​
Install
Use the SAP Cloud Connector install guide or use a community provided docker image.
​Install Cloud Connector​
If installing on Windows, it is recommended to use sapjvm - Windows x64 in place of the Oracle JVM/JDK. sapcc needs the JDK, will not run with just the JRE/JVM.
Extract zip file and copy the whole folder to C:\sap\
Create new system environment variable JAVA_HOME=C:\SAP\sapjvm_8
Append ;C:\SAP\sapjvm_8\bin to the system Path environment variable
Install sapcc-2.12.2-windows-x64.msi​
Set JDK path to C:\SAP\sapjvm_8
Login to Cloud Connector Administration portal with default credentials. (Assumes default port of 8443)
User: Administrator
Password: manage
Alternative is to use Cloud Connector Docker Image (Community)
Configuration
Add subaccount
Region: This should match the region of the subaccount in cloud foundry, check your subaccount or trial subaccount and ensure the region listed in the subaccount matches the region selected when adding the subaccount.
Subaccount: the value is the Id of the subaccount and not the SubDomain. The ID can be obtained using the info hover or the details tab in the SAP Cloud Platform Cockpit.
Display Name: enter the subdomain Subaccount User & Password: Use an authorized user account in the subdomain. If you started a trial use your trial credentials.
Subaccount
Cloud to on-premise
In the subaccount add a new System Mapping.
Back-end Type: Other SAP System
Protocol: HTTP
Internal Host: dns name or ip of the SAP ECC/S4 HANA system
Internal Port: port, e.g. http port 8000
Virtual Host: create a unique name for the virtual host. (e.g. sap-dev)
Virtual Port: 80
Principal Type: None
Host In Request Header: Use Virtual Host
Description: leave blank or provide the system name.
In the summary check the checkbox (Check Internal Host) [X]
Click [Finish]
Under Resources add a Resource
URL Path: /enosix/paca
Active: [X]
Access Policy: (x) Path And All Sub-Paths
Subaccount
Configure Connectivity service in SAP Cloud Foundry
The space Link is deployed to will need to have a connectivity service provisioned with the instance name of connectivity, although it can be configured to use a specific instance. Configuring the connectivity instance​
Network connectivity
If your on-premise network requires whitelisting of IP addresses, the correct entries can be found here and here.
Configure Link to match sapcc on-premise configuration
Use the cloud foundry CLI with the following manifest.yaml template.
---
applications:
- name: enosix-link-<company-name> # Add your company name
  random-route: true # Remove this line in the production space
  memory: 128M
  docker:
    image: enosix/link:stable
  services:
   - connectivity
  health-check-type: http
  health-check-http-endpoint: /health
  env:
    #Logging__LogLevel__Default: Trace # Used to enable detailed trace logging for submitting issues
    Routes__ConnectivityInstance: connectivity
    Routes__dev__ConcurrentRequests: 10 # Throttle link to a limited number of requests concurrently, in order to reduce memory constraints.
    Routes__dev__Token: 3de65974f59e200ef27e8ecfb84437f7 # Rename to a unique secret token
    Routes__dev__Url: http://sap-dev:80/enosix/paca # Should match to the path of a virtual host configured in sapcc
Configuration
Copy the manifest.yaml into a local file. The template should be copied twice into a production and non production versions.
The <company-name> token on line 4 needs to be replaced with your company name in all lowercase without spaces.
The next line random-route needs to be removed if deploying to a production space.
The environment variable Routes__ConnectivityInstance must contain the instance name of the connectivity service to access in the space the Link app will be deployed.
The manifest.yaml template will need to be created and configured to match the virtual systems in cloud foundry. Under the env node of the file, configure the routes entries for each sap virtual host. The format for each route is Routes__<name>__, with an entry for each Token and Url.
Deploy to Cloud Foundry and verify connectivity
Using the cloud foundry cli, use the command cf push in the directory where the configured manifest.yaml is located to deploy to cloud foundry. After deployment the application will be accessible as a route in cloud foundry, this route plus the configured token parameter can be used to access the connected SAP system.
Note: The path where cf push is executed will have all files bundle up and pushed to cloud foundry. Use an empty directory with only the manifest.yaml file to avoid unnecessary uploads.
Sample output from cf push
Pushing from manifest to org ****** / space ****** as ****************...
Using manifest file /Users/******/link/manifest.yaml
Getting app info...
Updating app with these attributes...
  name:                         enosix-link
  docker image:                 enosix/link:stable
  command:                      /bin/sh -c dotnet link.dll
  disk quota:                   1G
  health check http endpoint:   /health
  health check type:            http
  instances:                    1
  memory:                       128M
  stack:                        cflinuxfs3
  services:
    connectivity
  env:
    Routes__ConnectivityInstance
    Routes__dev__Token
    Routes__dev__Url
​
Updating app link...
Mapping routes...
​
Stopping app...
​
Waiting for app to start...
​
name:              link
requested state:   started
routes:            enosix-link.cfapps.us10.hana.ondemand.com
last uploaded:     Mon 1 Jan 12:00:00 EST 2000
stack:
docker image:      enosix/link:stable
​
type:            web
instances:       1/1
memory usage:    128M
start command:   /bin/sh -c dotnet link.dll
     state     since                  cpu    memory          disk           details
#0   running   2020-02-13T21:34:01Z   7.3%   23.3M of 128M   158.9M of 1G
Application logs
To view logs from the application use cli command cf logs link To view detailed logs uncomment the env node Logging__LogLevel__Default: Trace by removing the leading #, the redeploy with cf push.
Routing explained
With template above. With route named dev the token is 3de65974f59e200ef27e8ecfb84437f7, the deployment to cloud foundry assigned route of enosix-link.cfapps.us10.hana.ondemand.com thus the url to access the sap-ecc-dev system will be: https://enosix-link.cfapps.us10.hana.ondemand.com/3de65974f59e200ef27e8ecfb84437f7
https://enosix-link.cfapps.us10.hana.ondemand.com/3de65974f59e200ef27e8ecfb84437f7 - [sapcc] -> http://sap-ecc-dev:80/enosix/paca
Testing & Connectivity Verification
Access the route with the token, it should prompt for authentication. Test using a valid SAP username and password.
Overview
Transition from an SAP trial account to a production account
Last modified 1yr ago
Copy link
On this page
Get SAP Cloud Foundry account
Access Cloud Foundry
Install and configure SAP Cloud Connector (sapcc) on-premise component
Important Cloud Connector Notes/Warnings
Install
Configuration
Configure Connectivity service in SAP Cloud Foundry
Network connectivity
Configure Link to match sapcc on-premise configuration
Configuration
Deploy to Cloud Foundry and verify connectivity
Application logs
Routing explained
Testing & Connectivity Verification