Skip to Content

Connect an ABAP System with SAP Cloud Platform Using a Secure Tunnel (Neo)

test
0 %
Connect an ABAP System with SAP Cloud Platform Using a Secure Tunnel (Neo)
Details
// Explore More Tutorials

Connect an ABAP System with SAP Cloud Platform Using a Secure Tunnel (Neo)

01/15/2019

Set up your SAP Cloud Platform account (Neo) and the Cloud Connector to establish a secure tunnel between SAP Cloud Platform and the Appplication Server ABAP in your system landscape.

You will learn

  • How to connect the Cloud Connector to your trial Neo account on SAP Cloud Platform
  • How to connect the Cloud Connector to your ABAP system


Step 1: Connect Cloud Connector with trial subaccount

Before you can access data from the Cloud Connector in an application on SAP Cloud Platform (Neo), you must establish a trust between your SAP Cloud Platform subaccount and the Cloud Connector that is installed in your system landscape.

  1. Go to Your SAP Cloud Platform Trial | Neo Trial, and navigate to your subaccount.

  2. Copy your technical subaccount name from the title to a local text editor:

    Technical subaccount name
  3. Open your user information in the upper right corner:

    User Information
  4. Copy your user ID from your user information to a local text editor:

    User ID
  5. Log on to the Cloud Connector administration UI and choose Connector | Define Subaccount (if you already have defined a subaccount for another purpose, choose Connector | Add Subaccount). Enter the following information:

    Field Name Value
    Region hanatrial.ondemand.com
    Subaccount The technical subaccount name you copied earlier
    Display Name This will be displayed in the Cloud Connector administration UI
    Subaccount User The user ID you copied earlier.
    Password Password of your subaccount user
    Location ID not required in this tutorial
  6. Choose Save.

    Save cloud configuration
  7. After a while you should get the following success message:

    Save cloud configuration

    If your internal landscape is protected by a firewall that blocks any outgoing TCP traffic, the connection will only work using an HTTPS proxy. For more information see section Set up Connection Parameters and HTTPS Proxy in the official documentation.

To which entity of SAP Cloud Platform does the Cloud Connector connect to?
×
Step 2: Connect Cloud Connector with ABAP system

Access from any application on SAP Cloud Platform to resources on your ABAP system are provided by mapping the IP address of your ABAP system ( Internal Host ) to a Virtual Host. You provide this mapping and further attributes relevant for the connection in the ACCESS CONTROL. After the access control is set up you can use the virtual host on SAP Cloud platform to allow applications to connect to services on your ABAP system.

In this step we do not provide any password information. It will have to be provided later on SAP Cloud Platform when you create a destination for this host.

  1. In the Cloud Connector Administration UI, expand the name of your subaccount and choose Cloud To On-Premise. Above table Mapping Virtual To Internal System choose the plus sign ( Add ).

    Access-Control-OP
  2. Choose ABAP System as Back-end Type and choose Next.

    Access-Control-OP
  3. Choose HTTP as Protocol and choose Next.

    Access-Control-OP
  4. Enter the internal host and port of your ABAP system and choose Next.

    Access-Control-OP

    To be sure that this information is correct, you could call your ABAP service in a Web browser first. If this works you can take the host address and port from the link you used.

  5. Enter a Virtual Host and a Virtual Port.

    Access-Control-OP

    These values can be arbitrary, simply choose something that makes sense for you but do not copy the values of your internal host to hide this information outside your network.

  6. Choose None as Principal Type.

    Access-Control-OP
  7. Choose Next.

    Access-Control-OP
  8. Choose Check Internal Host. This will check the connection to your ABAP system after you choose Finish.

    Access-Control-OP
  9. If the ABAP system is not reachable check if your internal host is correct. Otherwise you should see something like this:

    Access-Control-OP
Log on to answer question
Step 3: Allow access to ABAP resources

Before applications on SAP Cloud Platform can access any services of the ABAP system you must specify the corresponding paths in table Resources Accessible On <your virtual host>:<port>.

  1. In your access control for your ABAP system you created in the last step, choose the plus sign ( Add ).

    Access-Control-OP
  2. If your service is an OData service, add the following resource and choose Save.

    Field Name Value
    URL Path /sap/opu/odata
    Enabled (checked)
    Access Policy Path and all sub-paths
    Access-Control-OP

    Path /sap/opu/odata is the basic resource path to be able to access the output of the OData service. You can add more paths later, for example, if you would like to allow access to related images stored in the ABAP system.

  3. Your configuration should now look like this:

    Access-Control-OP

As a result, you now have configured a secure tunnel between your ABAP system and your Neo subaccount on SAP Cloud Platform.

What entities you just configured will applications on SAP Cloud Platform have access to (provided that they know the user and password to access the OData service on your ABAP back-end)?
×

Next Steps

Back to top