In the previous sections, you learned how to integrate the Poetry Slam Manager with SAP Business One as an ERP back end. In this section, You're connecting the Poetry Slam Manager with your SAP Business One system through a secure tunnel, avoiding the need to expose the service layer from the SAP Business One back end to the internet. To achieve this, you're adding an instance of a Cloud Connector to your environment. The Cloud Connector serves as a secure link between cloud applications and on-premise systems, allowing controlled access to them. It functions as a reverse invoke proxy within a secured network, providing fine-grained control over both accessible on-premise resources and cloud applications that use it. For more information, refer to Cloud Connector on SAP Help Portal.
The finished integration of SAP Business One using the Cloud Connector offers the same features as the direct connection explained in previous chapters:
- Create purchase orders for poetry slam events with one click and preview purchase order information on the Poetry Slams UI.
- As SAP Business One user, start the Poetry Slams and Visitors applications from your SAP Business One launchpad, and navigate from the Poetry Slams application to the associated purchase order in the system.
This chapter extends the previously shown SAP Business One integration.
The following chapters are prerequisites for the SAP Business One integration using a Cloud Connector:
- Learn More About the Prerequisites and the Purpose of SAP Business One Integration
- Integrate the SAP BTP Application with SAP Business One
- Configure the Integration with SAP Business One (Excluding section Set Up Destinations to Connect the SAP BTP Application to SAP Business One)
To access the Cloud Connector, the SAP BTP Connectivity service is required. The following steps show how to implement it in your application:
- In the mta.yaml file:
- Add the connectivity service to the resources section:
resources: - name: poetry-slams-connectivity-service type: org.cloudfoundry.managed-service parameters: service: connectivity service-plan: lite
- Add the connectivity service as dependency to the modules poetry-slams-srv and poetry-slams-mtx:
modules: # ... - name: poetry-slams-srv # ... requires: # ... - name: poetry-slams-connectivity-service # ... - name: poetry-slams-mtx # ... requires: # ... - name: poetry-slams-connectivity-service
- Add the connectivity service to the resources section:
- In the package.json of the MTX sidecar, add the connectivity attribute to the mtx-sidecar profile:
{ "name": "partner-reference-application-mtx", ... "cds": { "profile": "mtx-sidecar", "requires": { ... "connectivity": true } } }
Update your application in the provider subaccount. For detailed instructions, refer to Deploy the Multi-Tenant Application to a Provider Subaccount.
Before you start, ensure that a computer or virtual machine is available for installing the Cloud Connector. This resource should meet the following criteria:
- Located within a network zone with:
- Internet access to the SAP BTP region host, either directly or through an HTTPS proxy.
- Direct access to the SAP Business One system it provides access to, meaning that there is transparent connectivity between the Cloud Connector and the SAP Business One system.
Note: For more information on prerequisites for network zones, see Network Zones.
- Meets the hardware requirements.
- Has adequate operating system for Cloud Connector installation. see Product Availability Matrix for more information.
- JDK is preinstalled according to JDK requirements.
For Windows installations, Microsoft Visual C++ 2019 runtime libraries should be preinstalled. For more information, refer to the Microsoft installation guide.
For more information about installing the Cloud Connector, see Installation on SAP Help Portal.
- Download the desired version of the Cloud Connector for installation on your on-premise network from the SAP Development Tools page.
For the purpose of this guide, the non-portable Windows installer will be used.
- Open the downloaded file and follow the steps in the installer.
Note: Ensure the default port 8443 is not being used by another service. If port 8443 is already in use, choose a free port during installation. The selected port will be used later in this guide.
- After the installation is complete, two desktop shortcut icons should be added: Start Cloud Connector and Stop Cloud Connector.
- For testing purposes, check that the service is registered and running. Open the Windows Services app (Control Panel > Admin Tools > Services), search for SAP Cloud Connector, open service details, and ensure that the Service Status is Running.
- The Cloud Connector can be accessed at
https://<hostname>:<port><hostname>refers to the machine on which the Cloud Connector is installed. If this is installed in the same machine, you can simply enter localhost.<port>is the port set as part of the Cloud Connector installation (default port is 8443).
To access the on-premise SAP Business One from the consumer subaccount, two connections should be configured as shown in the diagram below:
- A connection between the Cloud Connector and the application on SAP Business Technology Platform.
- A connection between the Cloud Connector and SAP Business One.
To create a secure tunnel between the Cloud Connector and the consumer subaccount, follow these steps:
- In the consumer subaccount, go to Connectivity > Cloud Connector.
- Choose Download Authentication Data.
- Copy the downloaded file to the device where the Cloud Connector is installed.
- Log in to the Cloud Connector admin webpage at
https://localhost:<port>.- Standard user: Administrator.
- Initial password: manage.
<port>is the port set as part of the Cloud Connector installation (default port is 8443).
Hint: Once the initial password has been used, a new password must be set for the Administrator user.
- Choose Add Subaccount.
- Set HTTP proxy configurations to align with the on-premise network settings (In case no HTTP proxy is used, choose Next to skip the configuration).
- Select the Configure using authentication data from file option, and use the subscriber subaccount authentication data copied to the VM in Step 2.
- Location ID can be left empty.
- Description can be set freely.
The consumer subaccount is now visible in the Cloud Connector, and the Cloud Connector is visible in the consumer subaccount:
- Subaccount: In Connectivity > Cloud Connector, a new instance is shown.
- Cloud Connector: In the subaccount dashboard in the Cloud Connector admin webpage, at least one item is shown. In the details of the item, the name corresponds to the subscriber subaccount name, and the status should be connected.
To connect the Cloud Connector with SAP Business One, some configuration is necessary. The Cloud Connector needs to know where to redirect requests intended for SAP Business One and which system resources are available. Follow these steps to configure and establish this connection:
- Find out the internal host name and port from the SAP Business One Service Layer.
- Log in to the Control Center of SAP Business One.
- Go to the Services tab.
- Search for Service Layer and copy its URL.
- Download the certificate from the SAP Business One Service Layer server.
- Open the URL you've just copied in the VM where the Cloud Connector is installed.
- Export the server certificates and save the export locally.
- Add the server certificates from the SAP Business One Service Layer to the Cloud Connector.
- Go to Configuration tab on the Cloud Connector admin webpage.
- Switch to the On Premise tab.
- Scroll down and choose Add a X.509 certificate (plus icon) in the allowlist.
- Select the certificates you exported in the previous step.
- Configure mapping and available resources.
- Go to Cloud To On-Premise in the Cloud Connector admin webpage.
- Add a new mapping to an internal system (plus icon) with the following parameters:
- Backend type: Other SAP System
- Protocol: HTTPS
- Internal Host:
<Internal SAP Business One Service Layer hostname>
Note: Internal Host may be taken from the SAP Business One URL (everything before the
:sign).- Internal Port:
<Internal SAP Business One Service Layer port number>
Note: Internal Port may be taken from the SAP Business One Service Layer URL (number after the
:sign).- Virtual Host:
<Cloud Connector name> - Virtual Port:
<Cloud Connector port>
You can set both the virtual host and virtual port freely. However, port 50000 is recommended. These parameters are used later for the destination on the subscriber subaccount.
- Choose Allow Principal Propagation.
- Principal Type: X.509 Certificate.
- Do not choose System Certificate for Logon.
- Host In Request Header: Use Internal Host.
- The description can be set freely.
- After the mapping was added, test the connection (first icon on the action column) and the result should be Reachable.
- Add the resources that should be exposed through the Cloud Connector:
- Choose the plus icon in the Resources table of the mapping you've just added.
- Set the URL Path to
/. This allows access to all the resources from this system. - Set the Access Policy to Path and all Sub-Paths.
- Leave the other configuration unchanged.
Note: More details about the configuration of the system mapping in the Cloud Connector are described in Configure Access Control (HTTP) on SAP Help Portal.
HTTP destinations can be configured in the subaccounts of the SAP Business Technology Platform. They can be used to connect your application to the internet, as well as to an on-premise system. To setup a destination, follow these steps:
-
Open your SAP BTP consumer subaccount.
-
Go to Connectivity and choose Destinations.
-
Create the following destinations:
-
b1-url: Link to the SAP Business One UI.
Parameter Name Value Name: b1-url Type: HTTP Description: Enter a destination description, for example, SAP Business One 123456 URL.URL: https://{{B1-hostname}} for example, https://my123456sapOne.com.Proxy Type: Internet Authentication: NoAuthentication -
b1: Connect to the SAP Business One API using the Cloud Connector.
Note:
{{Virtual Host}}and{{Virtual Port}}have to be identical to the values desribed in section Establish a Connection between the Cloud Connector and SAP Business One.-
Option 1 (Basic Authentication):
Parameter Name Value Name: b1 Type: HTTP Description: Enter a destination description, for example, SAP Business One 123456 with Cloud Connector.URL: http://{{Virtual Host}}:{{Virtual Port}} Proxy Type: OnPremise Authentication: BasicAuthentication User: Enter the username. Password: Enter the password. -
Option 2 (Principal Propagation):
Note: To use principal propagation, make sure you have completed the required setup in SAP Business One described in Register the Identity Provider of the SAP BTP Application in the SAP Business One SSO Extension Manager
Parameter Name Value Name: b1 Type: HTTP Description: Enter a destination description, for example, SAP Business One 123456 with Cloud Connector.URL: http://{{Virtual Host}}:{{Virtual Port}} Proxy Type: OnPremise Authentication: NoAuthentication Additional Properties:
Property Name Value forwardAuthToken: true URL.headers.X-b1-companyid: {{Company ID}} HTML5.DynamicDestination: true WebIDEEnabled: true Note: You can see the
{{Company ID}}in the SAP Business One Extension SSO Manager in the Tenant Binding List.Note: The Additional Properties
HTML5.DynamicDestinationandWebIDEEnabledare only needed if the destination is also used for local tests in the Business Application Studio. More details about local tests are described in On-Premise Connectivity From Business Application Studio (BAS) of the SAP Cloud SDK.
-
-
Now, everything is set up for your back-channel integration to SAP Business One using a Cloud Connector. To continue with the integration example, you can now follow the guide on how to add SAP BTP applications to the SAP Business One launchpad.
If you need more information on how to trace and debug your application with ERP integration, go to the section on testing and troubleshooting. If you're looking for more information on the ERP integration of Poetry Slam Manager, take the guided tour about the ERP integration.