cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Datasphere to ADLS Gen2 Connectivity

bheemeshRao
Explorer

on ‎2024 Sep 09 1:12 PM

1,036

Introduction

By the end of this article, you will be able to establish connectivity between Datasphere and Azure Data Lake Storage Gen2 using a Service Principal with a Certificate.

A service principal in Azure is an identity created for applications, hosted services, and automated tools to securely access Azure resources. It defines the permissions and roles assigned to the application within a given tenant.

In the SAP ecosystem, it functions similarly to a technical account used for connecting to different systems for RFC calls.

Pre-requisites:

ADLS Gen2 Storage Account, Service Principle with Certificate.

Steps to Configure:

Login to SAP Datasphere

Go to <Your Space> -> Connections -> Create

1.png

2.png

Where to find OAuth Token Endpoint, Client ID?

Go to Azure portal -> App Registrations

3.png

5.png6.png

7.png8.png

Certificate and Key:

To Complete the authentication part, Certificate and Key needs to be uploaded.

Extension of the certificate should be in .pem and key should be .key.

Once you receive the SPN with certificate.

  • If the certificate is in a different format, Get the certificate converted to .pem format.

Refer link How to convert pfx to pem – sslhow.com

  • If the certificate and key are in the same file, then separate out certificate and key in two different files in the above-mentioned format.
  • cert.pem9.png10.png11.png12png.png13.png14.png

    This completes the set-up at the datasphere side which establishes Data-lake API as end-point

    to connect to ADLS Gen2 Storage Account.

     

    Steps on the Azure side:

  •  

    Assign Read/Write access to SPN for the Azure Gen2 Storage Account.

     

    Note: 

    If the Azure subscription for Datasphere and the subscription for the Azure storage account endpoint are different, you will need to enable the VNET of Datasphere in the network rules of the Azure storage container endpoint. For more information, please refer to the note below.

    3405081 - Connection from SAP Datasphere to Azure storage services in same region which is restricte...

    • Example: Datasphere (Public cloud) connecting to a private storage account, then we need do the below
    • Add the subnet ID of Datasphere in the network rules of target storage account.
    • Whitelisting the outbound IP (egress ID of replication)
    • To Find the subnet ID of Datasphere, got to About
    15.png16.png
Show replies
Show replies
TuncayKaraca
Active Contributor
‎2024 Sep 09 5:49 PM
0 Kudos

@bheemeshRao Thanks for the detailed info on setting up connectivity between Datasphere and Azure Data Lake Storage Gen2 using a Service Principal with a Certificate. It's really helpful! I just noticed you posted as a Q&A, but it would've been better as a blog post!

Thanks,
Tuncay

Answer

Accepted Solutions (0)

Answers (0)

Ask a Question