This will be a blog series, we will see how to build Nodejs-based applications using Multi-tenant capabilities offered by SAP Business Technology Platform(BTP) to build extensions.
When developing tenant-aware applications in the Cloud Foundry environment, keep in mind the following general programming guidelines:
Shared in-memory data that may be available to all tenants.
Avoid any possibility that an application user can execute custom code in the application JVM, as this may give them access to other tenants' data.
Avoid any possibility that an application user can access a file system, as this may give them access to other tenants' data.
To perform internal tenant onboarding activities, such as creating a database schema for tenants, you must implement the Subscription callbacks of the SAP Software-as-a-Service Provisioning service (saas-registry) and use the information provided in the subscription event. You can also implement the getDependencies callback to obtain the dependencies of any SAP reuse services by your application. See details in the procedure below.
In this tutorial, we will be using some keywords like provider account, subscriber account, provisioning, onboarding and data isolation. Let's start with the Provider account. A provider is the vendor of the application. Persona is going to build, deliver and operate the multitenant saas solution for all the subscribers.
The subscriber is the consumer of the application. Persona who is going to use the multitenant SaaS solution.
Provisioning is the process of onboarding new subscribers to the multitenant SaaS solution. During the provisioning process, the tenant database schema is created, and any dependency is injected into the subscriber subaccount.
BTP multitenancy model - Provider's point of view
Database Schema Segregation Recommendation
There are multiple ways to achieve database schema segregation. The recommendation is to have a dedicated database schema for each tenant. In this tutorial, we will be using 'hdi-container' based model for database schema segregation. This provides a unique database schema and credentials for each of the tenants ensuring additional security and data isolation.
The below picture represents various layers of this solution. Top-level is the provider of multitenant applications. The middle layer has the subscriber and at the bottom is the new franchises.
EasyFranchise is a Partner providing a multitenant SaaS extension for S/4 HANA named EasyFranchise App, that allows to onboard new business partners more easily.
The extension application allows:
To assign a mentor for each new business partner, that is added to the S/4HANA system
To search for suitable training based on the business partner profile/skill, using data from SFSF and machine learning (out of scope for June)
To send a notification to the respective mentor about his assignment, so that he can prepare the next onboarding steps
To collect standard information/guidelines in one central place that will be shared with the new franchise company
CityScooter, BikeSharing and CarRenting are 3 different companies renting electric vehicles to franchise companies.
To speed up the onboarding of new franchisees, each of them purchased the partner EasyFranchise application.
Franchise companies are respective business partners that are taking over the B2C
They are responsible for managing the vehicles parc in a defined region (e.g one or more cities)
Not relevant in our scenario
Technical Architecture Modeling (TAM) Diagram
The below diagram explains various data flow directions and components part of the application. On the right side, we have the Subscriber's S/4 HANA System connected to the Multitenant solution on the left side of the diagram.
Multitenancy (tenant-specific access)
Authentication and authorization of users Service Manager implementation for Schema creation and access
Database Credentials Caching for faster access
Re-use service dependency callback implementation
Usage of SAP Cloud SDK to read/write data from S/4HANA