Cat deploying SAP Edge Integration Cell during server room night-shift

Who should read this blog

• You read about SAP Edge Integration Cell (EIC) and want to try it out yourself.
• You want to deploy it with the least effort and cost.

Note: This is my personal learning journey - this is by no means a deployment recommendation or replacing proper sizing or SAP recommendations stated for this product. It might or might not work for you.

What is SAP Edge Integration Cell

Welcome to the world of SAP Edge Integration Cell (EIC), a cutting-edge solution designed to bridge the gap between cloud innovation and on-premises data security. EIC is an integral part of the SAP Integration Suite, offering a hybrid deployment model that allows businesses to design integration content in the cloud and deploy it securely within their local environment. This powerful tool addresses the critical need for data compliance and security while enabling seamless data connectivity across diverse systems. Whether you're dealing with sensitive data that cannot be hosted in the cloud or looking to leverage the agility of cloud-based services without compromising on-premises security, EIC provides the best of both worlds. 

Overview of deployment

As stated, we want to have a playground for EIC at the end! For that we'll run through these steps:

1. Create a virtual machine (VM)
2. Install Docker on VM and configure VM
3. Deploy K3S on VM & Configure K3S
4. Activate EIC on SAP Integration Suite
5. Deploy and run Edge Lifecycle Management & EIC on K3S
6. Test for successful installation

Let's start!

1. Create a virtual machine

If you have a 6+ CPU-core machine sitting around on which you can install Linux and which is reachable through DNS from the internet, you can use this device! I had no free machine at home that meets these specs, so I used my Google Cloud Platform (GCP) account to set up a VM. Why 6 cores? This is the minimal value you can choose! Each deployment the ELM will trigger later has a CPU and Memory requirement. If you add this up, you end up with a value below 6 but greater than 4. You can find all the details in the official guideline, remember, this blog is not a recommended path for a test or production setup!

I chose 6 vCPUs and 16GB memory together with a 40GB boot disk. I recommend to select the VM availability policy from "Standard" to "Spot" which brings down the cost per month significantly, 40% of the standard cost in my case. I don't care if Google shuts down the VM in peak times, but it never happened so far anyway. As for the OS I selected Debian Bookworm. Once the VM is provisioned, you can SSH into it.

You want the VM to be reachable from the internet (so that Integration Suite finds it). Since I go cheap, there's only a dynamic public IP and for that I use Duck DNS to provide me with a fixed URL that SAP IS can use later.

Just follow the "installation instructions" for cron on Linux which is super simple and you have a cron-job at the end that keeps the IP always updated.

2. Install Docker on VM and configure VM

Next, we'll get docker up and running. I recommend to work with the official Docker documentation. As for me I had to add the current user I used for SSH to the docker user group after installation:

sudo usermod -aG docker $USER

Then activate the change:

newgrp docker

3. Deploy K3S on VM & Configure K3S

Now we're good to run K3S inside Docker as a very lean and quick way to provide for Kubernetes. I used the Rancher image which you deploy like shown below in your SSH session.

docker run -d --restart=unless-stopped   -p 80:80 -p 443:443   --privileged   rancher/rancher:latest

I found this description very helpful. Once it runs, open the Rancher UI. You need to derive the initial password through this command (just replace the "your docker container name" with the name of the container without the double quotes. You get the container name (or ID) through docker ps.

docker logs "your docker container name" 2>&1 | grep "Bootstrap Password:"

Finally you should see something like this (likely without that many pods running).

What's missing is a storage class on your new K3S cluster. Without that, no persistence and the installation of Edge Lifecycle Management (ELM) will fail. In the upper right area of the 'local' page of Rancher you'll find the option to open a shell.

Enter below command and wait for the deployment to finish.

> kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/v0.0.26/deploy/local-path-storage.yaml

Check that the provisioning of local-path storage class was successful in the same shell:

> kubectl -n local-path-storage get pod
NAME                                     READY   STATUS    RESTARTS      AGE
local-path-provisioner-dbdfc4849-g9wqj   1/1     Running   1 (23d ago)   23d

You should also see it under Storage➡StorageClasses in the UI. The SAP ELM just requests storage but doesn't specify which class. Therefore, set the new StorageClass as default:

ELM and EIC make also use of Kubernetes' scaling capabilities. Install the horizontal pod autoscaler on the K3S cluster as a next activity. Like before, open the shell inside(!) the UI of Rancher and execute these commands:

> helm upgrade --install metrics-server metrics-server/metrics-server

check for installation correctness:

> kubectl get --raw "/apis/metrics.k8s.io/"
{"kind":"APIGroup","apiVersion":"v1","name":"metrics.k8s.io","versions":[{"groupVersion":"metrics.k8s.io/v1beta1","version":"v1beta1"}],"preferredVersion":{"groupVersion":"metrics.k8s.io/v1beta1","version":"v1beta1"}}
> 

Our cluster is ready!

4. Activate EIC on SAP Integration Suite

As next step, the EIC needs activation in your subscription. There can be cost impacts to this step, please do whatever is necessary on your end you don't run into trouble before this!

 Activate EIC in Settings➡Runtime. Wait for it to complete. This is only making the required settings in your SAP Integration Suite Account. It has no effect on the EIC setup.

5. Deploy and run Edge Lifecycle Management & EIC on K3S

This is the most time-intensive step in that sense that - given you've set up all up so far - you have to wait most of the time. It can take up to one hour (usually 30-40 mins) until it's finally deployed on K3S. I'd assume it might be faster with a bigger-sized cluster. It's exciting though to see the services spinning up so with a cup of coffee or tea there's some entertainment provided.

First, click on the link that was provided when you activated the EIC (see image above). Then click on "Add Edge Node". A window with several steps pops up. Check all the steps. You need to create a P-User (with according role assignment. You should now have all what you need already by now. Click "Next". Set the name of the EIC, no need to check anything (it would increase the EIC's size).

In the next window you'll assign the users for the BTP (technical P-User) and the Repo-Access user. Later you can check it here and it should look similar to that. Make sure to have the right roles assigned in the BTP account!

So, no "Logging and Monitoring" and no "Local Container Registry" as well as "HTTP Proxy". Unless you need a proxy of course.

Next, download the kubeconfig file from Rancher. It's the button to the left of the "kubectl shell" button you clicked earlier to set up the StorageClass and HPA. A file will be downloaded. It should already contain the duckdns URL.

Move back to the setup of the ELM/EIC page and it should look similar to this before you upload the kubeconfig file:

Upload the file and assign a password. Now you can download the bootstrapping file. Chrome might block the download, so check it and allow it.

Follow the 4 steps now. It will set up the ELM which is the basis for the EIC deployment. It will take a while and you can watch how the services spin up in the Rancher UI. After maybe 10mins of waiting, you should see successful deployment of the components below:

Let's now deploy the EIC on top of ELM. You click "Deploy Solution" and select the version to deploy, I've always chosen the latest, it will look therefore different for you when you read the blog.

On the Rancher side of things this will create another 3 namespaces. Here's how it looks for me.

All of the above are created through ELM and then the upper 3 through EIC solution deployment. Time again for a coffee ☕! If you get asked about "Loadbalancer" choose "AWS" and "Internal".

Once complete, you should see a page similar to this:

Congratulations! You won't see the version with exclamation marks, that's just for me as I didn't upgrade since the last deployment 23 days ago (I should do that now after the blog 😃). 

At the end of the installation, add a keystore for the EIC in the Integration Suite itself. (Manage Security➡Keystore➡Create for EIC, it's the "Add" button on the Keystores screen. It takes a while to replicate, maybe 3mins). Then create a keypair with the alias name and CN the virtual host.

6. Test for successful installation

 Time to test for successful installation! Let's move to the SAP Integration Suite page. 

Settings➡Integration should show an active instance of the EIC by now.

Let's now do a simple connectivity test.

Select the EIC, and hit the tile "Connectivity Tests". On the following page select "TLS" test and enter www.google.com (or anything else). It should be successful.

Successful FTP Test to a test server

And we can do the same for FTP or any other protocol.

Successful TLS test to Google.com

From here, you can now start developing iFlows like you would with SAP Integration Suite but use the runtime of EIC with all benefits that this solution provides.

Closing

In conclusion, our journey through setting up a tiny, yet functional SAP Edge Integration Cell (EIC) environment has demonstrated that with the right tools and guidance, you can create a playground for exploring the capabilities of EIC. This hands-on experience is for understanding how EIC can fit into your organization's integration strategy, providing the agility of cloud services while maintaining the security of on-premises data handling. I hope this guide has been a helpful starting point for your adventures with EIC.

I'm eager to hear about your experiences and any insights you've gained along the way. Please share your thoughts and questions in the comments below – your feedback is not only welcome but essential for my learning as well. For further reading and to deepen your understanding of SAP Edge Integration Cell and SAP Edge Lifecycle Management, be sure to explore the following resources:

• What is SAP Edge Integration Cell
• Overview on SAP Edge Lifecycle Management

Thank you for joining me on this technical excursion, and I look forward to our continued dialogue as we delve deeper into the world of SAP integrations.