Extend the capabilities of the existing SAP MII product to better support collaborative Manufacturing reporting. The goal is to modernize this composition environment by converting it to a web-based application that can interact with the SAP Mfg. EMI layer (MII) to host live reports and provide live manufacturing data to these reports and supporting visualization for both PC and Mobile devices.
Additional overview content is available here:
The purpose of the document is to provide a reference architecture for setting up the infrastructure that would support collaborative
Manufacturing reporting. The document provides guidance on provisioning various components in Windows Azure, Microsoft O365 and SAP MII to provide live manufacturing data to these reports and supporting visualization for both PC and Mobile devices.
This document is intended for Enterprise Architects and developers who can use this information and the provided scenarios to extend the capabilities of the SAP MII product to better support collaborative Manufacturing reporting and provide live manufacturing data to these reports and supporting visualization for both PC and Mobile devices. The document is created with the assumption that Enterprisepersonnel are proficient in Windows Azure, Microsoft O365 and SAP MII and SAP Netweaver products.
The SAP MII Instance is hosted either on the Enterprise On-Premise or in their Data Center. The SAP MII provides an OData feed of the live manufacturing data directly from various source systems with the need to replicate the data. For this the SAP MII instance connects to the various sources as local Plant Databases, Plant Data Historian and Sensor data, Enterprise ERP, CRM, SRM, and Business Warehouses.
The sample OData response is in the link below:
http://help.sap.com/saphelp_mii140sp02/helpdata/en/44/2e1d2d42994aef85ef91e58db8c7c9/content.htm
The Windows Azure Infrastructure as a Services (IaaS) hosts the SAP Azure add-on cloud service that decouples the consuming clients from the SAP MII and provides an Open Standards (OData/SAML) based interface for the clients to consume. It provides additional access control and security on top of the MII service endpoints.
Data consumers such as Web Application, Web Services, Excel Thick Client and Office Web App can be used to consume MII data. For the reference architecture, Excel Web App hosted in SharePoint Online (Office 365) has been chosen as one of the consumers of the MII data.
Using the new Office App Model, an Office App which hosts the MII façade has been used to populate the excel spreadsheet. The MII Facade Office App can populate the spreadsheet both in the browser as well as in the Excel Thick Client.
Note:Office App Model works only with Office 2013.
Figure: MII Façade Office App in Excel 2013 Desktop Client.
Figure: MII Façade Office App in Internet Explorer 10.
As part of the reference architecture, PowerView is used to visual MII data. Excel Thick Client is populated with the MII data using the MII Façade Office App. PowerView Addin for Excel is then used to visual and interact with the MII Data.
The PowerView report below shows the Overall Equipment Effectiveness (OEE) across various plants in USA.
The below PowerView report shows the OEE, Availabiltiy, Quality and Production Rate across all the plants in USA.
The same PowerView reports also render in the web browser without any additional modifications required.
User credentials are stored in the on premises Active Directory. Active Directory Federation Services (ADFS) components are hosted on premises to enable WS-federation trust between MII Facade and Active Directory. A Federation trust is established between MII Façade and ADFS.
The SAP MII is hosted securely in the enterprise data centre and only the OData feed is exposed over the internet via a secure Reverse Proxy. The SAP MII running on the SAP Netweaver (Java) stack provides Certificate based authentication for Enterprise users accessing the OData interface.
The SAP MII trusts the Active Directory Certificate Services Root CA running in the VM on Windows Azure IaaS. MII is configured with Client certificate authentication and authorization is based on users email address or UPN on SAP MII.
The MII Facade application is a Claims aware .NET web application built using Microsoft Windows Identity Foundation toolkit and accepts Claims of the Enterprise users. Once the user is successfully authenticated on ADFS, the MII Facade application generates a temporary certificate that is valid for a few minutes for the user using Microsoft Active Directory Certificate Services. It uses the certificate to request the data from the SAP MII that is running in Enterprise On-Premise.
The SAP MII uses the User Certificate to authenticate the request from MII façade. Upon successful authentication and authorization, it retrieves the manufacturing data and returns it as an OData response to the MII Façade which in turn returns the response to the consuming application.
The temporary user certificate generated for the user by the MII Façade application is immediately deleted upon completion of the request.
The below sequence diagram shows the User Identity flow across Office 365, MII Façade and MII instance.
Claims Based Authentication for the Enterprise users accessing the MII reports is done with Active Directory Federation Services as the Identity Provider. Users use their Enterprise credentials to authenticate themselves over the internet against the Enterprise Active Directory via this ADFS proxy.
The reference architecture provides a Single Sign-On experience for the user accessing the reports with all the layers being Claims Aware and the users Claims being used to authenticate and authorize the user.
The reference architecture uses Client certificate authentication between the Azure MII Facade and SAP MII running on SAP Netweaver Java stack. The client Certificate Authentication is achieved using Microsoft Active Directory Certificate Services.
Enterprise Data Center or On premise infrastructure will host the SAP MII, and the data sources SRM, CRM, ERP, Plant Database and Plant Data Historian and Sensor Data. It will also host the Windows Active Directory and Active Directory Federation Services.
Windows Azure Environment will host the MII facade application which provides the Intermediary layer that provides MII data sources to consumers as ODATA feeds
Consuming Applications and Services:
Clients - Users can access the Visualization of the reports from their PC or Mobile devices from the Organization intranet. Users on the move can access it from the Internet.
The future version of the MII Façade can incorporate the following capabilities where required:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
13 | |
10 | |
9 | |
6 | |
6 | |
4 | |
4 | |
3 | |
2 | |
2 |