cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Outbound communication from SAP Public cloud to a Websocket RFC Server in a fenced customer network

andrzej_rosinski
Explorer

‎2025 Mar 05 11:14 AM - edited ‎2025 Mar 14 10:47 AM

0 Kudos
327

Hello everybody,

is there any possibility to call a outbound service from SAP Public Cloud to a Websocket RFC server that is running in a fenced company network ? I have already called that Websocket RFC server with success but in that scenario the server must be accessible from the internet. 

Maybe there is any way to use a VPN tunnel to get that connection done? Maybe even not with Websocket RFC if that should not be possible but with HTTP or even thru BTP like:

SAP Public Cloud -> BTP (some destination or tunnel) -> external program in a fenced company network (server).

Can such scenario be accomplished at all or is it not possible?

Greetings!

 

 

@simon_luser , @Ulrich_Schmidt  thanks for your replies - update 14.03.25 - in the meanwhile i have installed the Cloud Connector on the machine where my WebSocket RFC Server is running (inside a fenced company network). Sadly i still wasn't able to establish a connection. For now i am not sure if this can be done using the Cloud Connector combined with a WebSocket RFC call from SAP public cloud. The problem is, as i suppose, that in the cloud connector there is no option for a RFC protocoll while selecting the target system "Non-SAP" that is my WebSocket RFC server. the possible option are:

andrzej_rosinski_2-1741948504505.png

Therefore i have selected the TCP protocol that at least does "see" the WebSoclet RFC server running on its port

andrzej_rosinski_1-1741948431063.png

but with that configuration i get no connection to the server. In the monitor view i do not see any throughput for the configured Cloud Connector.

I have also found a blog entry from Thomas Weiss (from 2021 - maybe its outdated?)

https://community.sap.com/t5/technology-blogs-by-sap/websocket-rfc-rfc-for-the-internet/ba-p/1350253... 

that is saying the following:

andrzej_rosinski_3-1741948684851.png

 

So i suppose for the scenario:

--> SAP Public Cloud (embedded steampunk) to WebSocket RFC Server in a fenced company network some different communication type must be used.

Or maybe i am doing something wrong? any ideas?

Greetings!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
Ulrich_Schmidt
Product and Topic Expert
Product and Topic Expert
Friday
0 Kudos

Unfortunately, after discussions with the S/4 Cloud experts, it became clear that the current ABAP systems in the Cloud (S/4 HANA Cloud, Steampunk) do not provide the necessary functionality of setting an HTTP Proxy in a WebSocket-RFC Destination. ☹️  (So Cloud Connector cannot be used atm.)

In a Cloud-based ABAP system, the end user does not have direct access to RFC destinations (transaction SM59), this is "hidden" by these abstract concepts like "Communication System", "Communication Scenario", "Communication Arrangement", etc.

So I guess at the moment, you have only two chances:

  1. The port of the JCo Server needs to be opened on the firewall. Then you can make a direct WebSocket-RFC connection from Steampunk to JCo Server. (No Cloud Connector needed in that case.)

  2. For HTTP connections, the Cloud Connector can be configured in Steampunk. So if you can't open the firewall for security reasons, the other option would be as I outlined somewhere else in this thread:
    - Install a Business Connector (SAP BC) next to the RFC server program, set up the connection to this RFC server and a mapping that converts input/output data from XML/JSon/etc to RFC. ("RFC-XML" could be used by the SAP BC out-of-the-box. Then no mapping is needed.)
    - Expose the SAP BC in the Cloud Connector

    Then the (HTTP) communication can be tunneled through the firewall (from the inside):
    Steampunk --SSL Tunnel--> SCC --HTTP--> SAP BC --WebSocket-RFC--> JCo Server

    BTW: SAP BC is also Java based. So if the JCo server program is only a small wrapper to access a third-party system (like accessing an IBM MQSeries system via IBM's Java libraries), then perhaps this functionality can be moved directly into the SAP BC, and the JCo Server would not be necessary?! (External jar files and custom Java coding can be easily plugged into the Business Connector. That's what it was designed for.) But this really depends on the scenario.

 

Show replies
Show replies
Ask a Question