In my previous blog post, I introduced how to use the SAP Private Link service to extend your SAP S/4HANA business processes running on Microsoft Azure while keeping the traffic within the Azure internal network.
In this blog, I would like to share two more use cases for SAP Private Link connectivity
- SAP Private Link service with SAP Cloud Integration for building diverse integration scenarios
- SAP Private Link service for frontend applications accessible from SAP Launchpad service
Please have a look at the great blog series by Martin Pankraz, where he also presents the SAP Cloud Integration scenario in Part 2.
Even without a direct integration of SAP Cloud Integration and SAP Launchpad services with SAP Private Link service, we can still establish connectivity with help of Application Router, meanwhile, the product team is working to enable the direct integration.
Now let’s have a closer look at these two scenarios:
SAP Private Link service with SAP Cloud Integration for building diverse integration scenarios
The SAP Cloud Integration capability of SAP Integration Suite enables enterprises to connect different systems and applications in hybrid and cloud landscapes, that are developed and maintained on different technology stacks. These stacks, usually follow different security standards and requirements.
With the help of the SAP Private Link service, you can extend your hybrid integration scenarios to suit stricter security policies and communicate with your SAP S/4HANA on Microsoft Azure through private network connectivity.
The main idea of this architecture is to use the Application Router as a proxy for the private connectivity between SAP S/4HANA and SAP Cloud Integration. More details about Application Router can be found below. Please also check the GitHub repository for further details.
SAP Cloud Integration with SAP Private Link service
SAP Private Link service for frontend applications accessible from SAP Launchpad Service
As you might know, the SAP Launchpad service plays an important role to increase users’ productivity and efficiency by enabling organizations to establish a central point of access to SAP, custom-build, third-party applications, and extensions.
The frontend extensions of your SAP S/4HANA system running on SAP BTP can now also benefit from the new SAP Private Link service by establishing private connectivity to your SAP backend systems.
Like the above-mentioned scenario, the main idea of this architecture is to use the Application Router as a proxy for the private connectivity between SAP S/4HANA and frontend extensions running on SAP BTP. Below you’ll find more information on Application Router. To learn more, you can check the GitHub repository.
Please note that this scenario covers only the frontend extensions. The federated SAP S/4HANA content is out of scope for this blog.
UI extensions with SAP Private Link service
How to achieve this?
As previously mentioned, for the moment, we cannot use SAP Private Link service directly from SAP Cloud Integration or SAP Launchpad Service; nevertheless, we can bridge this gap with help of SAP’s Application Router (approuter), which can play the role of a proxy between SAP and SAP Cloud Integration.
Application Router is a package available in the public npm repository, usually used as a single-entry point to your applications. It can help dispatch incoming requests to other microservices, facilitate authentication & authorization, and finally integrate other SAP BTP services like the Destination service or the HTML5 Application Repository.
These main capabilities of the Application Router with the latest release (as of today – 11.3.2) can help you establish the above-mentioned proxy role for Private Link.
Configure and deploy Application Router
You can configure and deploy the Application Router with the IDE of your choice, but with help of SAP Business Application Studio (BAS), it is much simpler, since you can take advantage of the provided templates for your Application Router configuration.
If you choose BAS, select Standalone Approuter as an option in the template wizard.
The only configuration required in Application Router is to define the route and the destination used for the SAP Private Link connectivity. This can be done in the xs-app.json file where BusinessPartner-approuter is the destination configured for SAP Private Link connectivity in the target SAP BTP subaccount (see destination configuration below).
{
"authenticationMethod": "route",
"routes": [
{
"source": "^/sap/(.*)$",
"target": "/sap/$1",
"destination": "BusinessPartner-approuter",
"authenticationType": "xsuaa",
"csrfProtection": false
}
]
}
After setting up the route with destination and authentication, you can deploy the Application Router to your SAP BTP subaccount
e.g. by mbt build and cf deploy privatelink-proxy.mtarOnce the Application Router is up and running, it can be used by your integration flows or Fiori applications to connect with the SAP backend system.
Summary
In this blog, you have learned how to bypass the missing features and still be able to use SAP Private Link service with your integration and frontend extension scenarios with help of Application Router.
You can find detailed steps for both scenarios in the following GitHub repo.
For the latest product features, you can check the SAP Private Link service roadmap.
