Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
former_member233037
Discoverer

Foreword


In my last Blog SAP Analytics Cloud – Hybrid Customer Experience based on HANA Enterprise Cloud (HEC) I went over Customer experience with SAP Analytics Cloud and SAP HEC by focusing on project and best practices. I would now like to give a much more technical feedback about this experience especially regarding network settings.

Before reading this post please read my wiki : SAP Analytics Cloud Connectivity Guidelines which could help you to better understand SAP Analytics Cloud connectivity.

SAP HANA Enterprise Cloud is a fully Managed Private Cloud to host on-premise customer applications. SAP HEC hosts more and more on-premise customer SAP Applications. We currently have customers requesting to connect HANA, BW, S4/HANA, etc. from SAP Analytics Cloud.

In the following chapters I am going to detail scenarios which have been proven in some customer Proof of concepts I currently did in past months..

For this blogs, Customer Business users could be located in three different domains:

  • Public domain

  • Customer domain

  • HEC domain


Data Sources are located in two different domains :

  • Customer domain

  • HEC Domain


HEC Data Acquisition scenario




HEC Data Acquisition Scenario

  1. In such scenario, SAP Cloud Connector is located in HEC domain. Customer Domain based data sources are accessed thru a dedicated VPN connection between HEC domain and Customer Domain.

  2. Outbound HEC Service ticket has to be requested to enable SAP Cloud Connector to connect SAP Analytics Cloud Tenants. See my wiki chapter 5.3.1.2 Network prerequisites
    to know more.

  3. Outbound HEC Service ticket has to be requested to enable HEC based Business User to access SAP Analytics Cloud application.


HEC Live Connection with CORS scenario




HEC Live Connection CORS Scenario

  1. In such scenario, specific Outbound HEC Service ticket has to be requested to enable HEC based Business User to access SAP Analytics Cloud application.

  2. Outbound HEC Service ticket has to be requested to enable HEC based Business User to access Customer Domain based data sources.

  3. Inbound HEC Service ticket has to be requested to enable Public Internet based Business User to access Customer Domain based data sources.

  4. Inbound HEC Service ticket has to be requested to enable Public Internet based Business User to access HEC Domain based data sources.


HEC Live Connection with Reverse Proxy scenario




HEC Live Connection Reverse Proxy Scenario

  1. In such scenario, specific Outbound HEC Service ticket has to requested to enable HEC based Reverse Proxy to access SAP Analytics Cloud application.

  2. Outbound HEC Service ticket has to be requested to enable HEC based Reverse Proxy to access Customer Domain based data sources.

  3. Inbound HEC Service ticket has to be requested to enable Public Internet based Business User to access HEC based Reverse Proxy.


HEC Live Connection with Reverse Proxy and SAML2 SSO scenario


SSO SAML2 federation protocol requires network settings to enable smooth flow between Browsers, Identity Provider and Service Providers.

To understand required network settings, find below a reminder of SAML standard flow (Keep in mind color coding).



Standard SAML 2 flow with SAC and Data Sources



HEC SAML Flow Live connection with Reverse Proxy Scenario

In Reverse Proxy configuration, Browser needs to connect SAP Analytics Cloud and Identity Provider through Reverse Proxy. It is not necessary for Back-end Data Sources.

  1. In such scenario, specific Outbound HEC Service ticket has to requested to enable HEC based Reverse Proxy to access SAP Analytics Cloud application SAML2 address (authn).

  2. Outbound HEC Service ticket has to be requested to enable HEC based Reverse Proxy to access Customer Domain based data sources SAML2 Address.


HEC Live Connection with CORS and SAML2 SSO scenario




HEC SAML Flow Scenario with CORS

In CORS configuration, Browser directly connect SAC and Identity Provider.  This configuration is quite simpler to set and administrate.

  1. In such scenario, specific Outbound HEC Service ticket has to requested to enable HEC based Business users to access SAP Analytics Cloud application SAML2 address (authn).

  2. Outbound HEC Service ticket has to be requested to enable HEC based Business users to access Customer Domain based data sources SAML2 Address.


I hope this blog post will help you to successfully connect SAP Analytics Cloud to SAP HANA Enterprise Cloud.

Thanks.
3 Comments