cancel
Showing results for 
Search instead for 
Did you mean: 

Accessing HANA Cloud with CAP from Local Dev Environment (Firewall is ACTIVE)

TobiT
Participant
1,473

Dear community,

i am building multiple CAP applications using SAP HANA Cloud and SAP BTP Cloud Foundry Runtime.

We like to use our own development environments and therefore do NOT use the Business Application Studio.

However we do not want to open the firewall of our projects SAP HANA Cloud instance, as there are multiple projects running on it.

Now i wonder, if it is possible to still connect to the SAP HANA Cloud from any location utilizing something like a proxy.

I did some testing with the @sap/hana-client package, connecting to a HANA Cloud with disabled firewall, but already all connection attempts fail (code attached).

Beside my little trial and error, do you have any suggestion, how we might pull something like this of?

BR,

Tobias

var hana = require('@sap/hana-client');
var conn = hana.createConnection();
var conn_params = {
  serverNode: 'hana-host:443',
  uid: 'user',
  pwd: 'password',
  sslHostNameInCertificate: "*",
  sslValidateCertificate: false,
  proxyHostname: "proxyHostSocks5",
  proxyPort: "proxyPortSocks5"
};
conn.connect(conn_params, function (err) {
  if (err) throw err;
  conn.disconnect();
});

Accepted Solutions (0)

Answers (2)

Answers (2)

xionghe
Advisor
Advisor
0 Kudos

You just need a ssh tunnel to make it able to connect to the hana database on the cloud from local host.

cf ssh -L 30015:<hanahost>:30015 <cf_app_which bind with the hana instance> -T -N
then you can connect to the remote hana on localhost:30015.

TobiT
Participant
0 Kudos

Thanks xionghe,

this seems to not work with HANA Cloud, as i get a "Socket closed by peer" exception as soon as i route the traffic trough the tunnel.

xionghe
Advisor
Advisor
0 Kudos

Hi tobias.tauchen,

Basically, you need use a 3rd part tools like DBEaver to test the connectivity to the target HANA database.
1. create the ssh tunnel first. the port number should be the real number of your connection URL on the hana datasource.
2. connect to the localhost:<port> with correct username, password.
If this is successful, then you can use it in your local testing in your nodejs code.
If the connection is pure Hana cloud style, you can paste the whole connection URL for the hana connection. No need use tunnel instead.
The url looks like below:
"url": "jdbc:sap://<instanceid>.hana.******.hanacloud.ondemand.com:443?encrypt=true&validateCertificate=true¤tschema=******"
Then in your code,

var conn_params = {
  serverNode: 'hana-host:443',
  uid: 'user',
  pwd: 'password',
  validateCertificate: true,
  encrypt: true
};

The the above.

gregorw
Active Contributor
0 Kudos

You might try if the sshenabler app deployed with the sap-cf-proxy could be used to provide you a ssh tunnel which you can use to forward your local ports to the SAP HANA Cloud.