SlideShare ist ein Scribd-Unternehmen logo

Principal Propagation with SAP Cloud Platform

Gary Jackson MBCS
Gary Jackson MBCS

Using SAP principal propagation to seamlessly integrate the SAP Cloud Platform to on-premises SAP systems and an Identity Provider such as SAP IDM

Software
1 von 9
Downloaden Sie, um offline zu lesen
Principal  Propagation  with  SAP  Cloud  Platform
Automation  Core • Technology  improvements  mean  computing  tasks  previously  requiring  interaction  with  people,  can  be  fully  automated. • Automation  brings  repeatability,  reduced  error  rates,  easy  scalability  of  service  provision. Platform  Agnostic • Future  interoperability  and  open  standards  will  mean  businesses   can  swap  easily  between  cloud  providers. • It  is  key  that  solutions   are  designed  to  operate  in  such  a  platform  agnostic  manner  outside  the  bounds  of  normal   technical  architecture  design  (i.e.  no  fixed  O/S  choices  or  fixed  DB  platforms). Established  Technological  Principals • Solutions   today,  should   be  built  using  already  established  technological  principals. • Using  bleeding  edge  rarely  produces  the  perceived  benefits  in  places  such  as  core  business   systems,  without  significant   buy-­‐in  from  business   leaders. • Pre-­‐empting  standards  not  already  widely  adopted,  could  produce  a  “Beta-­‐Max”  scenario. Future  Assurance • Technology  solutions  should  deliver  for  a  minimum  timeframe  within  the  context  of  the  lifecycle  of  the  related  business  system. • Example:  Re-­‐writing  scripts  during  any  platform  migration  should  not  just  use  the  coolest  scripting  language,  they  should  use  a  commonly   known  language  widely  used  and  understood. Drivers
• Permits  federated   authentication  (single-­‐sign-­‐on)   into  customer  SAP  systems   via  an  IdP such  as  SAP  IDM. • Authentication  to  on-­‐premise   SAP  IDM  is  possible. • Subsequent   SAP  system  can  authenticate   against  the  IDM  generated  SAP  logon   ticket  (MYSAPSSO2  cookie)  or  SAML2  token. • SAP  Cloud  Platform  (SCP)  users  (S-­‐users)   can  use  SAP  Cloud  Platform  services   such  as  Web  IDE,  authenticating  into  the  customer  SAP  systems  against  their   respective   SAP  system  account  in  the  IdP (usually  their  corporate  identity). About  Principal  Propagation
• SAP  Cloud  Platform  a.k.a.  SCP  (previously   called  SAP  HANA  Cloud). • A  PaaS  set  of  tools,  utilities  and  cloud  capabilities  for  use  with  SAP  and  non-­‐ SAP  products,  all  provided  in  the  cloud. • Accessed   over  the  internet. • Is  the  future  of  SAP  software   integration  and  will  provide  the  basis  for  many   SAP  SaaS  applications  also. • Can  be  accessed   from  “on-­‐premise”   (or  your  cloud  provider)   using  the  SAP   Cloud  Connector  (SCC),  which  acts  as  a  reverse   proxy.   About  SAP  Cloud  Platform
SCP SAP  Cloud  Platform   Developer  with  S-­‐user   account. Destinations: BE1:1234 SAP  Cloud  Connector Sub-­‐ Account:  ABC123 BE1:1234  =   https://be1.corp Trust  Store CA  Cert System  Cert BE1  SSL  Cert  Chain Cloud “On-­‐Premise”  (Cloud  be   cloud  hosted  IaaS) IdP (SAP  IDM) UME Developer  corporate   identity  and  account. BE1  – SAP (https://be1.corp) Optional Web  Dispatcher Trust  Store SCC  CA  Cert Target  ICF  Service ICM  (+Web  Dispatcher)  Parameters: login/certificate_mapping_rulebased=”1“ icm/trusted_reverse_proxy_0=<SCC  System  CA> icm/HTTPS/verify_client=1 ICM Trust  Store SCC  CA  Cert SSL HTTP  HEADER SCC  Cert   Chain x.509 Client  Cert SAML   Token Customise: STRUST CERTRULE RZ10 Wdisp SSL  Chain Architecture  Overview
SCP: • Create  S-­‐user  account(s). • Create  destination  to  back-­‐end  SAP  system  via  SCC  with  Principal  Propagation  enabled  and  pointing  to  your  IdP. IdP: • SAML:  Configure  SAML  token  creation  for  SCP  users  after  authentication. SCC: • Sub-­‐Account:  Register  SCP  sub-­‐accounts  for  incoming  connections  from  SCP. • On-­‐Premise:  Configure  trust  store  with  back-­‐end  SAP  system  SSL  server  cert  and  optional  Web  Disp SSL  cert. • On-­‐Premise:  Configure  Principal  Propagation  user  x.509  client  cert  creation  upon  SAML  token  receipt. BE1: • ICM:  Transaction  STRUST  to  trust  the  SCC  client  x.509  cert. • AUTH:  Transaction  CERTRULE  to  map  SCC  dynamic  x.509  client  cert  CN  to  SAP  system  user  accounts. • ICM:  Transaction  RZ10  to  configure  ICM  params to  enable  trusting  of  client  x.509  certs  forwarded  in  HTTP   header. Optional  Web  Dispatcher: • ICM:  Adding  SCC  client  x.509  cert  to  the  SAPSSLS  PSE. • ICM:  DEFAULT.PFL  to  configure  ICM  params to  enable  trusting  of  client  x.509  certs  forwarded  in  HTTP  header. Areas  for  Configuration
• Principal  Propagation  should  enable  smooth  efficient   access  to  back-­‐end  SAP   systems  via  the  SAP  Cloud  Connector   from  the  SAP  Cloud  Platform. • A  secure  setup  is  always  recommended,   paying  attention  to  SAP   recommendations   for  the  SCC  networking  and  HA. • The  future  direction  of  SAP  integration  will  need  to  use  the  SCC  more  and   more.    Example:  SAP  Analytics  Coud. • The  Principal  Propagation  trust  setup  is  complex  and  involves  multiple   certificates,   leaving  you  open  to  the  probability  of  certificate  expiration   causing  an  outage. Summary
SAP  Notes: • SAP  note  2462533  -­‐ Configuring  Principal  Propagation  to  an  ABAP  System. • SAP  note  2052899  -­‐ ICM  -­‐ Multiple  Trusted  Reverse   Proxies • SAP  note  2461375  -­‐ How  to  connect  SAP  Cloud  Platform  Identity   Authentication  Service   to  on-­‐premise   user  store SAP  Guides: • SCC  secure   setup  recommendations: https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-­‐ US/e7ea82a4bb571014a4ceb61cb7e3d31f.html • Configure  Principal  Propagation  for  an  ABAP  system: https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-­‐ US/a8bb87a72d094e0d981d2b1f67df7bc3.html References
Thank  You

Empfohlen

Decoding SAP S/4HANA System Conversion
Decoding SAP S/4HANA System ConversionDecoding SAP S/4HANA System Conversion
Decoding SAP S/4HANA System Conversion
Akilesh Kumaran
 
Fiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricksFiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricks
Jasbir Khanuja
 
SAP Cloud Platform API Management Technical Brief
SAP Cloud Platform API Management Technical BriefSAP Cloud Platform API Management Technical Brief
SAP Cloud Platform API Management Technical Brief
SAP Cloud Platform
 
SAP on Azure Web Dispatcher High Availability
SAP on Azure Web Dispatcher High AvailabilitySAP on Azure Web Dispatcher High Availability
SAP on Azure Web Dispatcher High Availability
Gary Jackson MBCS
 
SAP API Management and API Business Hub (TechEd Barcelona)
SAP API Management and API Business Hub (TechEd Barcelona)SAP API Management and API Business Hub (TechEd Barcelona)
SAP API Management and API Business Hub (TechEd Barcelona)
Harsh Jegadeesan
 
Document imaging 101 Imaging 101 using SAP's Content Server
Document imaging 101 Imaging 101 using SAP's Content Server Document imaging 101 Imaging 101 using SAP's Content Server
Document imaging 101 Imaging 101 using SAP's Content Server
Verbella CMG
 
Preparing for SAP EHP Upgrade
Preparing for SAP EHP UpgradePreparing for SAP EHP Upgrade
Preparing for SAP EHP Upgrade
Tony de Thomasis
 
SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers
Verbella CMG
 

Empfohlen

Decoding SAP S/4HANA System Conversion
Decoding SAP S/4HANA System ConversionDecoding SAP S/4HANA System Conversion
Decoding SAP S/4HANA System Conversion
Akilesh Kumaran
 
Fiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricksFiori for s4 hana troubleshooting tips and tricks
Fiori for s4 hana troubleshooting tips and tricks
Jasbir Khanuja
 
SAP Cloud Platform API Management Technical Brief
SAP Cloud Platform API Management Technical BriefSAP Cloud Platform API Management Technical Brief
SAP Cloud Platform API Management Technical Brief
SAP Cloud Platform
 
SAP on Azure Web Dispatcher High Availability
SAP on Azure Web Dispatcher High AvailabilitySAP on Azure Web Dispatcher High Availability
SAP on Azure Web Dispatcher High Availability
Gary Jackson MBCS
 
SAP API Management and API Business Hub (TechEd Barcelona)
SAP API Management and API Business Hub (TechEd Barcelona)SAP API Management and API Business Hub (TechEd Barcelona)
SAP API Management and API Business Hub (TechEd Barcelona)
Harsh Jegadeesan
 
Document imaging 101 Imaging 101 using SAP's Content Server
Document imaging 101 Imaging 101 using SAP's Content Server Document imaging 101 Imaging 101 using SAP's Content Server
Document imaging 101 Imaging 101 using SAP's Content Server
Verbella CMG
 
Preparing for SAP EHP Upgrade
Preparing for SAP EHP UpgradePreparing for SAP EHP Upgrade
Preparing for SAP EHP Upgrade
Tony de Thomasis
 
SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers SAP Document Management System Integration with Content Servers
SAP Document Management System Integration with Content Servers
Verbella CMG
 
Fiori Presentation
Fiori PresentationFiori Presentation
Fiori Presentation
Steven Zeraua
 
SAP S/4HANA Finance and the Digital Core
SAP S/4HANA Finance and the Digital CoreSAP S/4HANA Finance and the Digital Core
SAP S/4HANA Finance and the Digital Core
SAP Technology
 
SAP HANA 2.0 Cockpit Installation and Configuration.pdf
SAP HANA 2.0 Cockpit Installation and Configuration.pdfSAP HANA 2.0 Cockpit Installation and Configuration.pdf
SAP HANA 2.0 Cockpit Installation and Configuration.pdf
Yevilina Rizka
 
SAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptxSAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptx
SingbBablu
 
Mastering SAP Monitoring - SAP HANA Monitoring, Management & Automation
Mastering SAP Monitoring - SAP HANA Monitoring, Management & AutomationMastering SAP Monitoring - SAP HANA Monitoring, Management & Automation
Mastering SAP Monitoring - SAP HANA Monitoring, Management & Automation
Linh Nguyen
 
SAP Fiori ppt
SAP Fiori pptSAP Fiori ppt
SAP Fiori ppt
Pushkar Vinchurkar
 
What is sap security
What is sap securityWhat is sap security
What is sap security
grconlinetraining
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
Nasir Gondal
 
Roadmap to SAP S/4HANA
Roadmap to SAP S/4HANARoadmap to SAP S/4HANA
Roadmap to SAP S/4HANA
Absoft Limited
 
SAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftSAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoft
MuleSoft
 
SAP HANA SPS09 - Backup and Recovery
SAP HANA SPS09 - Backup and RecoverySAP HANA SPS09 - Backup and Recovery
SAP HANA SPS09 - Backup and Recovery
SAP Technology
 
Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide
Kellton Tech Solutions Ltd
 
S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...
S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...
S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...
lakshmi vara
 
sap s4 hana introduction and outlook
sap s4 hana introduction and outlooksap s4 hana introduction and outlook
sap s4 hana introduction and outlook
Thomas Marius KITOUMA SAP Financial Expert
 
rise-with-sap-s4hana-cloud-private-edition-and-sap-erp-pce-english-v2-2021.pdf
rise-with-sap-s4hana-cloud-private-edition-and-sap-erp-pce-english-v2-2021.pdfrise-with-sap-s4hana-cloud-private-edition-and-sap-erp-pce-english-v2-2021.pdf
rise-with-sap-s4hana-cloud-private-edition-and-sap-erp-pce-english-v2-2021.pdf
BangLuuVan
 
SAP HANA System Replication simplified
SAP HANA System Replication simplifiedSAP HANA System Replication simplified
SAP HANA System Replication simplified
Dirk Oppenkowski
 
SAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 OverviewSAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 Overview
SAP Technology
 
High Availability of SAP ASCS in Microsoft Azure
High Availability of SAP ASCS in Microsoft AzureHigh Availability of SAP ASCS in Microsoft Azure
High Availability of SAP ASCS in Microsoft Azure
Gary Jackson MBCS
 
Sap S4 HANA Everything You Need To Know
Sap S4 HANA Everything You Need To Know Sap S4 HANA Everything You Need To Know
Sap S4 HANA Everything You Need To Know
Soumya De
 
S4HANA Migration Overview
S4HANA Migration OverviewS4HANA Migration Overview
S4HANA Migration Overview
Samir Lalani -CPA
 
The impact of SaaS on cloud integration
The impact of SaaS on cloud integrationThe impact of SaaS on cloud integration
The impact of SaaS on cloud integration
Codit
 
SAP Hana Cloud Platform - Development Landscape Planning
SAP Hana Cloud Platform - Development Landscape PlanningSAP Hana Cloud Platform - Development Landscape Planning
SAP Hana Cloud Platform - Development Landscape Planning
Nagesh Caparthy
 

Weitere ähnliche Inhalte

Was ist angesagt?

SAP HANA 2.0 Cockpit Installation and Configuration.pdf
SAP HANA 2.0 Cockpit Installation and Configuration.pdfSAP HANA 2.0 Cockpit Installation and Configuration.pdf
SAP HANA 2.0 Cockpit Installation and Configuration.pdf
Yevilina Rizka
 
SAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptxSAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptx
SingbBablu
 
Mastering SAP Monitoring - SAP HANA Monitoring, Management & Automation
Mastering SAP Monitoring - SAP HANA Monitoring, Management & AutomationMastering SAP Monitoring - SAP HANA Monitoring, Management & Automation
Mastering SAP Monitoring - SAP HANA Monitoring, Management & Automation
Linh Nguyen
 
SAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftSAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoft
MuleSoft
 
S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...
S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...
S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...
lakshmi vara
 
SAP HANA System Replication simplified
SAP HANA System Replication simplifiedSAP HANA System Replication simplified
SAP HANA System Replication simplified
Dirk Oppenkowski
 

Was ist angesagt? (20)

Fiori Presentation
Fiori PresentationFiori Presentation
Fiori Presentation
 
SAP S/4HANA Finance and the Digital Core
SAP S/4HANA Finance and the Digital CoreSAP S/4HANA Finance and the Digital Core
SAP S/4HANA Finance and the Digital Core
 
SAP HANA 2.0 Cockpit Installation and Configuration.pdf
SAP HANA 2.0 Cockpit Installation and Configuration.pdfSAP HANA 2.0 Cockpit Installation and Configuration.pdf
SAP HANA 2.0 Cockpit Installation and Configuration.pdf
 
SAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptxSAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptx
 
Mastering SAP Monitoring - SAP HANA Monitoring, Management & Automation
Mastering SAP Monitoring - SAP HANA Monitoring, Management & AutomationMastering SAP Monitoring - SAP HANA Monitoring, Management & Automation
Mastering SAP Monitoring - SAP HANA Monitoring, Management & Automation
 
SAP Fiori ppt
SAP Fiori pptSAP Fiori ppt
SAP Fiori ppt
 
What is sap security
What is sap securityWhat is sap security
What is sap security
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
 
Roadmap to SAP S/4HANA
Roadmap to SAP S/4HANARoadmap to SAP S/4HANA
Roadmap to SAP S/4HANA
 
SAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftSAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoft
 
SAP HANA SPS09 - Backup and Recovery
SAP HANA SPS09 - Backup and RecoverySAP HANA SPS09 - Backup and Recovery
SAP HANA SPS09 - Backup and Recovery
 
Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide
 
S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...
S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...
S4F01_EN_Col17 Financial Accounting in SAP S4HANA for SAP ERP FI Professional...
 
sap s4 hana introduction and outlook
sap s4 hana introduction and outlooksap s4 hana introduction and outlook
sap s4 hana introduction and outlook
 
rise-with-sap-s4hana-cloud-private-edition-and-sap-erp-pce-english-v2-2021.pdf
rise-with-sap-s4hana-cloud-private-edition-and-sap-erp-pce-english-v2-2021.pdfrise-with-sap-s4hana-cloud-private-edition-and-sap-erp-pce-english-v2-2021.pdf
rise-with-sap-s4hana-cloud-private-edition-and-sap-erp-pce-english-v2-2021.pdf
 
SAP HANA System Replication simplified
SAP HANA System Replication simplifiedSAP HANA System Replication simplified
SAP HANA System Replication simplified
 
SAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 OverviewSAP Single Sign-On 2.0 Overview
SAP Single Sign-On 2.0 Overview
 
High Availability of SAP ASCS in Microsoft Azure
High Availability of SAP ASCS in Microsoft AzureHigh Availability of SAP ASCS in Microsoft Azure
High Availability of SAP ASCS in Microsoft Azure
 
Sap S4 HANA Everything You Need To Know
Sap S4 HANA Everything You Need To Know Sap S4 HANA Everything You Need To Know
Sap S4 HANA Everything You Need To Know
 
S4HANA Migration Overview
S4HANA Migration OverviewS4HANA Migration Overview
S4HANA Migration Overview
 

Ähnlich wie Principal Propagation with SAP Cloud Platform

Using Mainframe Data in the Cloud: Design Once, Deploy Anywhere in a Hybrid W...
Using Mainframe Data in the Cloud: Design Once, Deploy Anywhere in a Hybrid W...Using Mainframe Data in the Cloud: Design Once, Deploy Anywhere in a Hybrid W...
Using Mainframe Data in the Cloud: Design Once, Deploy Anywhere in a Hybrid W...
Precisely
 
UTF-8'en'IBM_Cloud_SCO_Content_20130702c
UTF-8'en'IBM_Cloud_SCO_Content_20130702cUTF-8'en'IBM_Cloud_SCO_Content_20130702c
UTF-8'en'IBM_Cloud_SCO_Content_20130702c
R.gowtham kumar
 
Service-Level Objective for Serverless Applications
Service-Level Objective for Serverless ApplicationsService-Level Objective for Serverless Applications
Service-Level Objective for Serverless Applications
alekn
 
AWS Summit Nordics - Enterprise Apps on AWS
AWS Summit Nordics - Enterprise Apps on AWSAWS Summit Nordics - Enterprise Apps on AWS
AWS Summit Nordics - Enterprise Apps on AWS
Amazon Web Services
 

Ähnlich wie Principal Propagation with SAP Cloud Platform (20)

The impact of SaaS on cloud integration
The impact of SaaS on cloud integrationThe impact of SaaS on cloud integration
The impact of SaaS on cloud integration
 
SAP Hana Cloud Platform - Development Landscape Planning
SAP Hana Cloud Platform - Development Landscape PlanningSAP Hana Cloud Platform - Development Landscape Planning
SAP Hana Cloud Platform - Development Landscape Planning
 
Confluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with ReplyConfluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with Reply
 
SAP on AWS: Big Businesses, Big Workloads, Big Time featuring Ingram-Micro - ...
SAP on AWS: Big Businesses, Big Workloads, Big Time featuring Ingram-Micro - ...SAP on AWS: Big Businesses, Big Workloads, Big Time featuring Ingram-Micro - ...
SAP on AWS: Big Businesses, Big Workloads, Big Time featuring Ingram-Micro - ...
 
HP: Implementácia cloudu s HP
HP: Implementácia cloudu s HPHP: Implementácia cloudu s HP
HP: Implementácia cloudu s HP
 
Using Mainframe Data in the Cloud: Design Once, Deploy Anywhere in a Hybrid W...
Using Mainframe Data in the Cloud: Design Once, Deploy Anywhere in a Hybrid W...Using Mainframe Data in the Cloud: Design Once, Deploy Anywhere in a Hybrid W...
Using Mainframe Data in the Cloud: Design Once, Deploy Anywhere in a Hybrid W...
 
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at Databricks
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at DatabricksLessons from Building Large-Scale, Multi-Cloud, SaaS Software at Databricks
Lessons from Building Large-Scale, Multi-Cloud, SaaS Software at Databricks
 
Confluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with SynthesisConfluent Partner Tech Talk with Synthesis
Confluent Partner Tech Talk with Synthesis
 
UTF-8'en'IBM_Cloud_SCO_Content_20130702c
UTF-8'en'IBM_Cloud_SCO_Content_20130702cUTF-8'en'IBM_Cloud_SCO_Content_20130702c
UTF-8'en'IBM_Cloud_SCO_Content_20130702c
 
SAP ASCS on Kubernetes - A Proposal
SAP ASCS on Kubernetes - A ProposalSAP ASCS on Kubernetes - A Proposal
SAP ASCS on Kubernetes - A Proposal
 
Application Migrations at Scale AWS Summit SG 2017
Application Migrations at Scale AWS Summit SG 2017Application Migrations at Scale AWS Summit SG 2017
Application Migrations at Scale AWS Summit SG 2017
 
CSA14_Congress%20Top_5%2075_Brokering_PPT
CSA14_Congress%20Top_5%2075_Brokering_PPTCSA14_Congress%20Top_5%2075_Brokering_PPT
CSA14_Congress%20Top_5%2075_Brokering_PPT
 
SAPonAzureCaseStudyMay2020.pptx
SAPonAzureCaseStudyMay2020.pptxSAPonAzureCaseStudyMay2020.pptx
SAPonAzureCaseStudyMay2020.pptx
 
Confluent_AWS_ImmersionDay_Q42023.pdf
Confluent_AWS_ImmersionDay_Q42023.pdfConfluent_AWS_ImmersionDay_Q42023.pdf
Confluent_AWS_ImmersionDay_Q42023.pdf
 
Build real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with ConfluentBuild real-time streaming data pipelines to AWS with Confluent
Build real-time streaming data pipelines to AWS with Confluent
 
Service-Level Objective for Serverless Applications
Service-Level Objective for Serverless ApplicationsService-Level Objective for Serverless Applications
Service-Level Objective for Serverless Applications
 
MuleSoft London Community October 2017 - Hybrid and SAP Integration
MuleSoft London Community October 2017 - Hybrid and SAP IntegrationMuleSoft London Community October 2017 - Hybrid and SAP Integration
MuleSoft London Community October 2017 - Hybrid and SAP Integration
 
Cloudify 4.6 highlights webinar
Cloudify 4.6 highlights webinarCloudify 4.6 highlights webinar
Cloudify 4.6 highlights webinar
 
AWS Summit Nordics - Enterprise Apps on AWS
AWS Summit Nordics - Enterprise Apps on AWSAWS Summit Nordics - Enterprise Apps on AWS
AWS Summit Nordics - Enterprise Apps on AWS
 
Enterprise Cloud Transformation
Enterprise Cloud TransformationEnterprise Cloud Transformation
Enterprise Cloud Transformation
 

Mehr von Gary Jackson MBCS

Mehr von Gary Jackson MBCS (17)

Office 365 SaaS Mail Integration with SAP on Azure
Office 365 SaaS Mail Integration with SAP on AzureOffice 365 SaaS Mail Integration with SAP on Azure
Office 365 SaaS Mail Integration with SAP on Azure
 
OpenText Archive Server on Azure
OpenText Archive Server on AzureOpenText Archive Server on Azure
OpenText Archive Server on Azure
 
SAP OS/DB Migration using Azure Storage Account
SAP OS/DB Migration using Azure Storage AccountSAP OS/DB Migration using Azure Storage Account
SAP OS/DB Migration using Azure Storage Account
 
SAP HANA System Replication (HSR) versus SAP Replication Server (SRS)
SAP HANA System Replication (HSR) versus SAP Replication Server (SRS)SAP HANA System Replication (HSR) versus SAP Replication Server (SRS)
SAP HANA System Replication (HSR) versus SAP Replication Server (SRS)
 
Azure Custom Backup Solution for SAP NetWeaver
Azure Custom Backup Solution for SAP NetWeaverAzure Custom Backup Solution for SAP NetWeaver
Azure Custom Backup Solution for SAP NetWeaver
 
SAP Adaptive Computing Design
SAP Adaptive Computing DesignSAP Adaptive Computing Design
SAP Adaptive Computing Design
 
SAP LaMa Cloud Manager Azure
SAP LaMa Cloud Manager AzureSAP LaMa Cloud Manager Azure
SAP LaMa Cloud Manager Azure
 
SAP Host Agent x509 authentication
SAP Host Agent x509 authenticationSAP Host Agent x509 authentication
SAP Host Agent x509 authentication
 
SAP LVM Integration with SAP BPA
SAP LVM Integration with SAP BPASAP LVM Integration with SAP BPA
SAP LVM Integration with SAP BPA
 
SAP LVM Post Copy Automation Integration
SAP LVM Post Copy Automation IntegrationSAP LVM Post Copy Automation Integration
SAP LVM Post Copy Automation Integration
 
SAP LVM Customer Operations
SAP LVM Customer OperationsSAP LVM Customer Operations
SAP LVM Customer Operations
 
SAP Router Installation with SNC
SAP Router Installation with SNCSAP Router Installation with SNC
SAP Router Installation with SNC
 
SAP LVM Customer Instances
SAP LVM Customer InstancesSAP LVM Customer Instances
SAP LVM Customer Instances
 
SAP ASE Migration Lessons Learned
SAP ASE Migration Lessons LearnedSAP ASE Migration Lessons Learned
SAP ASE Migration Lessons Learned
 
SAP Rolling Kernel Switch RKS
SAP Rolling Kernel Switch RKSSAP Rolling Kernel Switch RKS
SAP Rolling Kernel Switch RKS
 
SAP Post Copy Automation
SAP Post Copy AutomationSAP Post Copy Automation
SAP Post Copy Automation
 
SAP Web Dispatcher - Best Bits
SAP Web Dispatcher - Best BitsSAP Web Dispatcher - Best Bits
SAP Web Dispatcher - Best Bits
 

Kürzlich hochgeladen

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Kürzlich hochgeladen (20)

WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 

Principal Propagation with SAP Cloud Platform

  • 1. Principal  Propagation  with  SAP  Cloud  Platform
  • 2. Automation  Core • Technology  improvements  mean  computing  tasks  previously  requiring  interaction  with  people,  can  be  fully  automated. • Automation  brings  repeatability,  reduced  error  rates,  easy  scalability  of  service  provision. Platform  Agnostic • Future  interoperability  and  open  standards  will  mean  businesses   can  swap  easily  between  cloud  providers. • It  is  key  that  solutions   are  designed  to  operate  in  such  a  platform  agnostic  manner  outside  the  bounds  of  normal   technical  architecture  design  (i.e.  no  fixed  O/S  choices  or  fixed  DB  platforms). Established  Technological  Principals • Solutions   today,  should   be  built  using  already  established  technological  principals. • Using  bleeding  edge  rarely  produces  the  perceived  benefits  in  places  such  as  core  business   systems,  without  significant   buy-­‐in  from  business   leaders. • Pre-­‐empting  standards  not  already  widely  adopted,  could  produce  a  “Beta-­‐Max”  scenario. Future  Assurance • Technology  solutions  should  deliver  for  a  minimum  timeframe  within  the  context  of  the  lifecycle  of  the  related  business  system. • Example:  Re-­‐writing  scripts  during  any  platform  migration  should  not  just  use  the  coolest  scripting  language,  they  should  use  a  commonly   known  language  widely  used  and  understood. Drivers
  • 3. • Permits  federated   authentication  (single-­‐sign-­‐on)   into  customer  SAP  systems   via  an  IdP such  as  SAP  IDM. • Authentication  to  on-­‐premise   SAP  IDM  is  possible. • Subsequent   SAP  system  can  authenticate   against  the  IDM  generated  SAP  logon   ticket  (MYSAPSSO2  cookie)  or  SAML2  token. • SAP  Cloud  Platform  (SCP)  users  (S-­‐users)   can  use  SAP  Cloud  Platform  services   such  as  Web  IDE,  authenticating  into  the  customer  SAP  systems  against  their   respective   SAP  system  account  in  the  IdP (usually  their  corporate  identity). About  Principal  Propagation
  • 4. • SAP  Cloud  Platform  a.k.a.  SCP  (previously   called  SAP  HANA  Cloud). • A  PaaS  set  of  tools,  utilities  and  cloud  capabilities  for  use  with  SAP  and  non-­‐ SAP  products,  all  provided  in  the  cloud. • Accessed   over  the  internet. • Is  the  future  of  SAP  software   integration  and  will  provide  the  basis  for  many   SAP  SaaS  applications  also. • Can  be  accessed   from  “on-­‐premise”   (or  your  cloud  provider)   using  the  SAP   Cloud  Connector  (SCC),  which  acts  as  a  reverse   proxy.   About  SAP  Cloud  Platform
  • 5. SCP SAP  Cloud  Platform   Developer  with  S-­‐user   account. Destinations: BE1:1234 SAP  Cloud  Connector Sub-­‐ Account:  ABC123 BE1:1234  =   https://be1.corp Trust  Store CA  Cert System  Cert BE1  SSL  Cert  Chain Cloud “On-­‐Premise”  (Cloud  be   cloud  hosted  IaaS) IdP (SAP  IDM) UME Developer  corporate   identity  and  account. BE1  – SAP (https://be1.corp) Optional Web  Dispatcher Trust  Store SCC  CA  Cert Target  ICF  Service ICM  (+Web  Dispatcher)  Parameters: login/certificate_mapping_rulebased=”1“ icm/trusted_reverse_proxy_0=<SCC  System  CA> icm/HTTPS/verify_client=1 ICM Trust  Store SCC  CA  Cert SSL HTTP  HEADER SCC  Cert   Chain x.509 Client  Cert SAML   Token Customise: STRUST CERTRULE RZ10 Wdisp SSL  Chain Architecture  Overview
  • 6. SCP: • Create  S-­‐user  account(s). • Create  destination  to  back-­‐end  SAP  system  via  SCC  with  Principal  Propagation  enabled  and  pointing  to  your  IdP. IdP: • SAML:  Configure  SAML  token  creation  for  SCP  users  after  authentication. SCC: • Sub-­‐Account:  Register  SCP  sub-­‐accounts  for  incoming  connections  from  SCP. • On-­‐Premise:  Configure  trust  store  with  back-­‐end  SAP  system  SSL  server  cert  and  optional  Web  Disp SSL  cert. • On-­‐Premise:  Configure  Principal  Propagation  user  x.509  client  cert  creation  upon  SAML  token  receipt. BE1: • ICM:  Transaction  STRUST  to  trust  the  SCC  client  x.509  cert. • AUTH:  Transaction  CERTRULE  to  map  SCC  dynamic  x.509  client  cert  CN  to  SAP  system  user  accounts. • ICM:  Transaction  RZ10  to  configure  ICM  params to  enable  trusting  of  client  x.509  certs  forwarded  in  HTTP   header. Optional  Web  Dispatcher: • ICM:  Adding  SCC  client  x.509  cert  to  the  SAPSSLS  PSE. • ICM:  DEFAULT.PFL  to  configure  ICM  params to  enable  trusting  of  client  x.509  certs  forwarded  in  HTTP  header. Areas  for  Configuration
  • 7. • Principal  Propagation  should  enable  smooth  efficient   access  to  back-­‐end  SAP   systems  via  the  SAP  Cloud  Connector   from  the  SAP  Cloud  Platform. • A  secure  setup  is  always  recommended,   paying  attention  to  SAP   recommendations   for  the  SCC  networking  and  HA. • The  future  direction  of  SAP  integration  will  need  to  use  the  SCC  more  and   more.    Example:  SAP  Analytics  Coud. • The  Principal  Propagation  trust  setup  is  complex  and  involves  multiple   certificates,   leaving  you  open  to  the  probability  of  certificate  expiration   causing  an  outage. Summary
  • 8. SAP  Notes: • SAP  note  2462533  -­‐ Configuring  Principal  Propagation  to  an  ABAP  System. • SAP  note  2052899  -­‐ ICM  -­‐ Multiple  Trusted  Reverse   Proxies • SAP  note  2461375  -­‐ How  to  connect  SAP  Cloud  Platform  Identity   Authentication  Service   to  on-­‐premise   user  store SAP  Guides: • SCC  secure   setup  recommendations: https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-­‐ US/e7ea82a4bb571014a4ceb61cb7e3d31f.html • Configure  Principal  Propagation  for  an  ABAP  system: https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-­‐ US/a8bb87a72d094e0d981d2b1f67df7bc3.html References