cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Establishing Inbound Connection from AWS to HANA Cloud via Cloud Connector

Shashank_Mishra65
Discoverer

2 weeks ago

0 Kudos
298

We are working on establishing an inbound connection to our SAP HANA Cloud database from an application hosted on an AWS instance. Our goal is to securely connect our application to the HANA DB.

We have already established a successful connection using AWS PrivateLink. However, for specific architectural reasons, we now need to implement this connection using the SAP Cloud Connector.

Here’s what we have accomplished so far:

  1. Cloud Connector Installation: We have successfully installed the SAP Cloud Connector on a dedicated instance.
  2. SAP HANA Client Installation: The SAP HANA Client has been installed on the application server within AWS.
  3. Subaccount Connection: We have connected our BTP subaccount, which contains our SAP HANA Cloud instance, to the Cloud Connector, and it shows as "Connected."
  4. Cloud to On-Premise Mapping: We have configured a "Cloud to On-Premises" mapping in the Cloud Connector.
    • Backend Type: SAP HANA
    • Virtual Host & Port: We have defined a virtual host and port.
    • Internal Host & Port: We have mapped this to the internal hostname and port of our HANA Cloud database.

Despite these steps, we are facing challenges in getting the application on AWS to communicate with the HANA Database through this Cloud Connector setup.

Our question is:

What are the specific next steps or configurations required on the AWS side and within the BTP subaccount to make the HANA Cloud database accessible from our AWS-hosted application via the virtual host and port we defined in the Cloud Connector?

We have reviewed the standard documentation, but we are looking for insights from anyone who has successfully implemented a similar architecture. Any guidance, best practices, or troubleshooting tips would be greatly appreciated.

Thank you in advance for your help!

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
AlexPJ
Explorer
Wednesday
0 Kudos

sorry, wanted to comment below

Accepted Solutions (0)

Answers (1)

Answers (1)

AlexPJ
Explorer
2 weeks ago

To my best knowledge an inbound connection (from on-premise to cloud) to SAP HANA Databases in the SAP cloud via SAP Cloud Connector is only available in the NEO environment, but not for SAP HANA Cloud (in AWS). 
Compare this documentation SAP BTP Connectivity for the Neo Environment with SAP BTP Connectivity (valid for BTP Cloud Foundry). In the first document you can see the hint that a service channel to SAP HANA Databases is only available in Neo. The second link is valid for Cloud Foundry environments and there is no such service channel documented. 

Instead of connecting to SAP HANA Cloud via Cloud Connector you may allow direct access from your AWS endpoint using IP Allowlisting . In combination with the AWS private link this should be a secure setup in my opinion. 

HTH.
  Alex 

Show replies
Show replies
Ulrich_Schmidt1
Product and Topic Expert
Product and Topic Expert
2 weeks ago
0 Kudos

I think, Alex is right: in your case, the AWS side corresponds to the "on-premises network", while the database is running in the Cloud. So you would need a connection in the direction "on-premises --> Cloud", which the SCC provides in the form of "Service Channel".

A "Virtual Host Mapping", as you have configured here, is always used for the connection "Cloud --> on-premises", so it is the wrong direction for your use-case. In the end, this means: if Cloud-Foundry does not provide the feature of "Service Channels", then you can't use the Cloud Connector in your scenario.

(PS: but looking at the SCC documentation for Cloud-Foundry, it looks like Service Channels of type "database" are supported now?! So in this case it might work for you. You only need to delete the virtual hostname mapping and instead configure a Service Channel and then use the Cloud Connector's hostname and the listening port of the Service Channel in the connection parameters of your ODBC or JDBC client on AWS side.)

Shashank_Mishra65
Discoverer
a week ago
0 Kudos

Hello Alex,
Thank you for your response. We already have the connection working using AWS PrivateLink, but we also want to try out the SAP Cloud Connector.
Hello Ulrich,
Thank you for the suggestion to use a Service Channel. We looked in our Cloud Connector and in the "Service Channels" section located under the On-Premise to Cloud menu, when we clicked to add a new channel there, the 'Database' type is not available in the dropdown list(Attached image). The only two options I can see are: ABAP Cloud System K8s Cluster. Is there a reason the 'Database' option might not be appearing in this list? We are using the Cloud Connector version 2.18.1  Any clarification you can provide would be greatly appreciated.
Thanks again!
Shashank Mishra
cc.jpg

Ulrich_Schmidt1
Product and Topic Expert
Product and Topic Expert
a week ago
0 Kudos

You are right: I just checked it in our SCC, and the "Database" type seems to be available only for "Neo" sub-accounts, not for "Cloud-Foundry" sub-accounts?!

Database connectivity is not my main topic, so I can't say, whether this is only a temporary or a permanent limitation of the CF platform. 😞

AlexPJ
Explorer
Wednesday
0 Kudos
This is consistent with the documentation. Service channels to HANA DBs are only supported for Neo, whereas SAP HANA Cloud is only available in CF.
Ask a Question