Skip to Content

Set up Secure Tunnel between ABAP System and SAP Cloud Platform (CF)

test
0 %
Set up Secure Tunnel between ABAP System and SAP Cloud Platform (CF)
Details
// Explore More Tutorials

Set up Secure Tunnel between ABAP System and SAP Cloud Platform (CF)

12/12/2018

Set up your SAP Cloud Platform account and the Cloud Connector to establish a secure tunnel between SAP Cloud Platform and the Application Server ABAP in your system landscape.

You will learn

  • How to connect the Cloud Connector to your trial cloud foundry account on SAP Cloud Platform
  • How to connect the Cloud Connector to your ABAP system


Step 1: Connect Cloud Connector with trial subaccount

Before you can access data from the Cloud Connector in an application on SAP Cloud Platform, you must establish a trust between your SAP Cloud Platform subaccount and the Cloud Connector that is installed in your system landscape. To do so, you need your subaccount ID.

  1. Go to Your SAP Cloud Platform Trial | Cloud Foundry Trial, and navigate to your subaccount.

  2. The card with your subaccount information will show the sub-account name trial by default. If the card shows the subdomain instead of your subaccount’s ID choose the flip icon:

    subaccount ID
  3. Select the ID and copy it:

    subaccount ID
  4. Log on to the Cloud Connector administration UI and choose Connector | Define Subaccount (if you already have defined a subaccount for another purpose, choose Connector | Add Subaccount). Enter the following information:

    Field Name Value
    Region cf.eu10.hana.ondemand.com or cf.us10.hana.ondemand.com
    Subaccount The subaccount ID you copied in the last step.
    Display Name This will be displayed in the Cloud Connector administration UI
    Subaccount User Email address of your subaccount user. You can find it in the User Information.
    Password Password of your subaccount user
    Location ID not required in this tutorial

    You can find the User Information here:

    User Information

  5. Choose Save.

    Save cloud configuration
  6. After a while you should get the following success message:

    Save cloud configuration

    If your internal landscape is protected by a firewall that blocks any outgoing TCP traffic, the connection will only work using an HTTPS proxy. For more information see section Set up Connection Parameters and HTTPS Proxy in the official documentation.

What information do you need to provide to connect the Cloud Connector to your subaccount?
×
Step 2: Connect Cloud Connector with ABAP system

Access from any application on SAP Cloud Platform to resources on your ABAP system are provided by mapping the IP address of your ABAP system ( Internal Host ) to a Virtual Host. You provide this mapping and further attributes relevant for the connection in the ACCESS CONTROL. After the access control is set up you can use the virtual host on SAP Cloud platform to allow applications to connect to services on your ABAP system.

In this step we do not provide any password information. It will have to be provided later on SAP Cloud Platform when you create a destination for this host.

  1. In the Cloud Connector Administration UI, expand the name of your subaccount and choose Cloud To On-Premise. Above table Mapping Virtual To Internal System choose the plus sign ( Add ).

    Access-Control-OP
  2. Choose ABAP System as Back-end Type and choose Next.

    Access-Control-OP
  3. Choose HTTP as Protocol and choose Next.

    Access-Control-OP
  4. Enter the internal host and port of your ABAP system and choose Next.

    Access-Control-OP

    To check this again, choose Call Browser for OData service ZEPM_REF_APPS_PROD_MAN_SRV in transaction /n/IWFND/MAINT_SERVICE of the ABAP system where you configured your OData services.

  5. Enter a Virtual Host and a Virtual Port.

    Access-Control-OP

    These values can be arbitrary, simply choose something that makes sense for you but do not copy the values of your internal host to hide this information outside your network.

  6. Choose None as Principal Type.

    Access-Control-OP
  7. Choose Next.

    Access-Control-OP
  8. Choose Check Internal Host. This will check the connection to your ABAP system after you choose Finish.

    Access-Control-OP
  9. If the ABAP system is not reachable check if your internal host is correct. Otherwise you should see something like this:

    Access-Control-OP
Log on to answer question
Step 3: Allow access to ABAP resources

Before applications on SAP Cloud Platform can access any services of the ABAP system you must specify the corresponding paths in table Resources Accessible On <your virtual host>:<port>.

  1. In your access control for your ABAP system you created in the last step, choose the plus sign ( Add ).

    Access-Control-OP
  2. Add the following resource and choose Save.

    Field Name Value
    URL Path /sap/opu/odata
    Enabled (checked)
    Access Policy Path and all sub-paths
    Access-Control-OP

    For now we will only add path /sap/opu/odata as resource path to be able to access the output of the OData service. You can add more paths later, for example, because you would also like to allow access to related images stored in the ABAP system.

  3. Your configuration should now look like this:

    Access-Control-OP

As a result, you now have configured a secure tunnel between your ABAP system and your subaccount on SAP Cloud Platform.

To what information you just configured will applications on SAP Cloud Platform have access to?
×

Next Steps

Back to top