- SAP Managed Tags
The technical article will help customers and partners who are looking to install Intelligent Applications based on S/4HANA Cloud Private Edition such as Working Capital intelligent app, You can currently integrate SAP Business Data Cloud only with S/4HANA Cloud Private Edition.
SAP Business Data Cloud is a comprehensive Software-as-a-Service (SaaS) offering that integrates and manages all SAP data, while also effortlessly linking with data from external sources. This empowers business leaders with enhanced insights, enabling them to make more significant and informed decisions.
Prerequisites:
- S/4HANA Cloud Private Edition - versions 2021,2022 and 2023 - I would recommend using the latest SP on those release versions..
- SAP Business Data Cloud Cockpit
- SAP Analytics cloud
- SAP Datasphere
- SAP Databricks
Let's start with me.sap.com(sap4me) to provision SAP Business Data Cloud components.
- Login to me.sap.com with your S-userid and password.
- Navigate to Portfolio & Products --> Overview, verify if the valid S-userid SAP Business Data Cloud card with capacity units are visible/available for you!
- Under Portfolio & Products -->SAP Business Data Cloud card--> Applications --> click on Enable now (The Enable now option is available if you have subscribed for SAP Business Data Cloud), this will launch the provisioning wizard. Initially all the applications will be in disabled mode.
First you must create a Resource Group followed by SAP Business Data Cloud components.
Resource Group is like a placeholder to group all the required resources..
1. Provide a Solution name, Create Resource Group, if its not created already, and Business Type
- Select Systems, by default SAP Business Data Cloud will added automatically, Configure parameters and review the configuration, click on finish.
Once the SAP Business Data Cloud solution is ready, the owner will receive an email with instructions to login and the login information is available under customer landscape section.
The Next step is to select the applications required within SAP Business Data Cloud environment such as SAP Analytics cloud, SAP Datasphere and SAP Databricks.
2. From Applications, select SAP Analytics cloud, start Provisioning, Assign quota, Configure parameters, Review the configuration and finish
- Provide the General Information like Solution Name, select the Resource Group and Business type, click next
- Select Application --> SAP Analytics cloud, click next
Note: As of today, all the components must be in the same datacenter(SAP Analytics cloud, SAP Datasphere and SAP Business Data Cloud Cockpit)
- Configure Parameters
- click on finish.
- Provisioning request has been sent message displayed, you can click on view resources to see the tenant within the resource group.
Note: once the SAP Analytics cloud is provisioned, the owner will receive welcome email with instructions to login and you can find the tenant information in Customer Landscape section.
Repeat the process for other components:
3. From the Applications tab, click on Start Provisioning SAP Datasphere, Assign quota, Configure parameters, Review the configuration and finish
- Provide the General Information like Solution Name, select the Resource Group and Business type, click next
- Select SAP Datasphere, click next
- Assign Quota from the total capacity units available , click next
Note: Minimum 1532 Capacity units are required for SAP Datasphere
- Configure Parameters and click on Review and Finish.
- Provisioning request has been sent message is displayed, you can click on view resources to see the tenant within the resource group.
Note: once the SAP Datasphere tenant is provisioned, the owner will receive welcome email with instructions to login and you can find the tenant url in Customer Landscape section.
4. In the same way, you can provision SAP Databricks tenant as well, Provide General Information, Select Applicaiton, Assign Quota and review/finish.
- Assign quota, click next
- Setup Systems, 'Automatically add a new system' is pre-selected, here you have to chose your SAP Cloud Identity Services system from your existing landscape that you will integration with SAP Databricks. SAP Databricks is integrated with your SAP Cloud Identity Services tenant as bundled OIDC application.
- Click next
- Configure Parameters and click next
- Setup Formations, Formation type - Integration with SAP Databricks is pre-selected and Provide Formation Name.
- click on Review and finish.
- Provisioning request has been sent message gets displayed, you can click on view resources to see the tenant within the resource group.
- You have to activate the SAP Databricks account after that the tenant status changes to ready.
- Owner will receive welcome email with instructions to login with a one time code, you need this code for verification.
So, far we have provisioned SAP Business Data Cloud, SAP Analytics Cloud, SAP Datasphere and SAP Databricks.
Next step is to Create a Formation
5. From Customer Landscape, Create Formation
- Provide a Formation Name and choose the formation type as "Integration with SAP Business Data Cloud"
- Include the required systems like SAP Business Data Cloud, SAP Datasphere, SAP Analytics Cloud, SAP Databricks.
Note: you can create as many as formations you may need, with different combinations.. Formations could contain SAP Business Data Cloud and SAP Datasphere or SAP Business Data Cloud and SAP Databricks or SAP Business Data Cloud, SAP Datasphere and SAP Databricks. You cannot add same SAP Analytics cloud or SAP Datasphere in multiple formations.
- Click Next and Review the included Systems and Create. You can also additional systems later into the existing formations.
Let's now start with Configuration steps that are required to integrate between SAP Business Data Cloud and S/4HANA Cloud Private Edition system
Note: There might be SAP notes required depending on the S/4HANA versions, refer to https://me.sap.com/notes/3500131
1. Create a Technical user in SAP S/4HANA Cloud Private Edition system (SU01)
- user: BDC_S4_USER (userid is of your choice but note down the userid).
- In the logon data, change the user type from Dialog to System and set the password
- click on save.
2. Create and assign required role to the user
Note: we will upload the predefined role, but before we do that, we need to download the role from SAP note https://me.sap.com/notes/3499606 (under attachment section)
- Start Role maintenance(PFCG)
- from the menu -> select role -> upload
- Select the role SAP_BDC_REMOTE.SAP ( you have downloaded the role from the SAP note https://me.sap.com/notes/3499606 )
- please select yes for all the pop-ups and option copy all to copy the role(provide a name while copying the role)
- click on change the role
- generate the authorization profiles under authorization data
- you have to maintain the predefined authorizations objects and fields, refer to https://me.sap.com/notes/3499606 (make sure everything is in green status)
- generate the profile
- go to user tab to assign the users to role and compare (full comparison)
- Save your entries.
Technical user has been created and role is assigned.
3. To make a secure call to SAP Business Data Cloud, SAP S/4HANA Cloud Private Edition needs a client certificate for authentication, have to create PSE and generate a certificate ( need to import the certificate into formation while including SAP S/4HANA Cloud Private Edition into the existing formation)
- go to Trust Manager(STRUST)
- Environment --> SSL Client identities of System
- click on Edit/change --> chose new entries
- Add a new entry S4BDC2(you can enter any name) save(you might be prompted to select an existing transport request or create a new transport request) and exit
- Within the STRUST transaction in the Edit mode, select the created PSE node, right click and chose create
- within the pop-up, select the Revise DN and Provide the component of the Distinguished Names of the system and press Enter.
Sample pattern:
CN=staging, L=<tenantId>, OU=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX, OU=SAP Cloud Platform Clients, O=SAP SE, C=DE
<tenantId> is the SAP S/4HANA Cloud Private Edition system ID that is assigned to the tenant by UCL (Unified Customer Landscape).
Note: In certain cases, SAP S/4HANA Cloud Private Edition system ID (<tenantId>) might have a “$” in the beginning, for example, "$0204398045”. You must remove the “$” from the beginning and use only the remaining part i.e 0204398045 .
OU is the GUID for SAP Business Data Cloud and is different per landscape. The following GUIDs for cf-eu10 (Live) and cf-us10 (Live) need to be used respectively:
cf-eu10 (Live): 3c869ade-ce89-4ee1-a2ff-a6e617e56fdf
cf-us10 (Live): 7ebe6a33-3f74-47a7-998b-e16fa688d739
Note: refer to SAP Help for additional datacenter's GUID.
Example:
CN=staging, L=850432635, OU=3c869ade-ce89-4ee1-a2ff-a6e617e56fdf, OU=SAP Cloud Platform Clients, O=SAP SE, C=DE
Note: It is important to follow the entered parameters are in the sequence as shown in the example.
- After PSE is created, double click on the PSE Node and select create a certificate request
- no changes to the default signature algorithm and select continue
- A dialog with certificate signing request (CSR) details appears. Copy the certificate signing request(entire string including syntax begin certificate and end certificate request) and choose Continue. You need the Certificate details later to include S/4HANA Cloud Private Edition in an existing formation, please feel free to save it to a notepad.
4. Click on the include systems and chose the S/4HANA Cloud Private Edition system and select create.
- Provide the S/4HANA Cloud Private Edition's Client CSR, Instance number, Username(Technical userid) and Password(Technical user's password).
- Review and click on include
- SAP S/4HANA Cloud Private Edition system is now added to the formation
We need to obtain the SAP S/4HANA Cloud Private Edition's configuration details from the formation(after the system is added).
5. Click on the SAP Business Data Cloud from the formation to open the configuration
- click on system details and select the syntax icon under the action for the SAP S/4HANA Cloud Private Edition system.
- use the JSON format or Visual View, scroll to S/4 Additional Attributes to copy the client certificates and import into S/4HANA Cloud Private Edition.
JSON view sample:
Visual View (Copy works better in Visual View).
- Go to STRUST in your SAP S/4HANA Cloud Private Edition system.
- select the PSE node created, click on edit and import certificate(upload all the certificates from the above step at once).
- we need to download the following Digicert Root certificates from Digicert
- DigiCert Global Root CA
- DigiCert Global Root G2
- DigiCert TLS RSA4096 Root G5
Please chose download PEM for each of the above three certificates..
- For each certificate you downloaded from the digicert, you have to import the certificate into the PSE node created for SAP Business Data Cloud.
- Import the certificate
- make sure you click on add to certificate list
Remember, you should import other two certificates as well, finally the certificate list should have all the three certificates.
Create a RFC destination in SAP S/4HANA Cloud Private Edition .
- you need to get the SAP Business Data Cloud host, port and path prefix from the formation(it should be after the client certificate in the formation).
6 . TA SM59 for RFC connections and chose create
- Under Technical settings --> enter Host, Port and Path Prefix (please find the information in the formation refer to the screenshots)
Note: Copying hostname works some parts, you can type the rest of the hostname and make sure there are no spaces.
- go to logon & security and select the following in the security options section(scroll down a bit)
- under Special Option, select the following:
- HTTP Version – HTTP 1.1
- Compression – Inactive
- Compressed Response – Yes
- save the RFC connection and test the connection.
Next Step is to Register the Outbound Connection in SAP S/4HANA Cloud Private Edition
7. go to TA DHADM :- Monitoring and Support Cockpit
- In the pop-up, chose the Virtual Connection ID and Connection ID as RFC destination created i.e BDC_RDC_S4 and File container ID is from the formations(same place where the SAP Business Data Cloud host, port and path prefix)
- click ok and test the connection
Next is to configure SAP Cloud connector.
Note: Needs to be executed within 10 hours after UCL Formation creation as the AuthenticationMetadata token expires 10 hours after adding the SAP S/4HANA Cloud Private Edition system into the formation. you have 10 hours window to configure cloud connector. if in case it's not possible, you have to remove the SAP S/4HANA Cloud Private Edition system from formation and add it again.
8. You need System Mapping and Authentication Metadata to configure SAP Cloud connector ( the information can be found within the SAP S/4HANA Cloud Private Edition formation)
- Save the contents of authenticationMetadata token as a file with name authentication.data (open a note pad and copy the content of authenticationMetadata).
- within SAP Cloud connector Administration --> Connector Tab --> Add Subaccount and select the option Configure using authentication data from file and click on Next
Note: If you don't find the option Configure using Authentication data from file, you must upgrade SAP Cloud connector .
- incase if you do the Cloud connector configuration after 10 hours window, you will get the error:
- Subaccount is added successfully.
Now we have to add the Cloud to Onpremise system.
- create a ZIP file for the account_config with the configuration parameters(sample code). This information is from the Systems mapping within the formation.
JSON Sample code (save the file as account_config .json)
Sample code:
{"backends": [{
"sid": "BDC",
"authMode": "NONE_CERTIFICATE_LOCAL",
"protocol": "TCP",
"cloudhost": "kymaxxxxx",
"localhost": "xxxxxx.devsys.net.sap",
"localPort": "xxxx",
"resources": [],
"backendType": "abapSys",
"description": "DESCRIPTION",
"creationDate": 1730796401642,
"hostInHeader": "virtual",
"allowedClients": [],
"blacklistedUser": []
}
]}Note: name of the file must/has to be account_config.json and zip file name is not relevant here.
- Select the newly added subaccount Under the Cloud to On-premise tab, using import button, upload the zip file created.
- once the system mappings are imported, select the Check internal host option and save, the Status should be reachable.
If the above step fails for any reason, please follow the workaround.
- Instead of adding system mapping using zip file, the sytem mappings can be added manually using add button
- Select the backend type option as ABAP system, click Next.
- protocol as TCP, click Next
- Provide the Internal Host and Port as the localhost and localport values from the systemMapping that was already saved from the formations.
- set the Virtual Host and Virtual Port values as cloudHost and cloudPort values from the systemMapping Parameter.
- Select next, next and select check internal host option, click on finish.
- the system mappings must be in reachable status.
With the above steps, you are ready now with the SAP Business Data Cloud and SAP S/4HANA Cloud Private Edition integration.
Next steps, from the SAP Business Data Cloud Cockpit, Navigate to the Intelligent Applications and Data Packages in the side navigation and open the available tab, chose the intelligent application that you would like to install.
Useful resources: SAP Help
Incase of any provisioning issues, open a support ticket , refer https://me.sap.com/notes/3568017/E
SAP Business Data Cloud Provisioning - General & Cockpit : BDC-CPT-PROV
SAP Datasphere: DS-PROV
SAP Analytics Cloud: BDC-SAC https://me.sap.com/notes/3605796/E
SAP Databricks: BDC-DBX
SAP Business Data Cloud release cycle : https://me.sap.com/notes/3603670
https://me.sap.com/notes/3590935/E
How to create support users in SAP Business Data Cloud https://me.sap.com/notes/3568907/E
Thank you,
Happy Learning!
I would like to thank my colleagues @jagdeeshN and @jeetendrakapase in helping me compile this technical article..
| User | Count |
|---|---|
| 8 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 4 |
