tag:blogger.com,1999:blog-16086392436213683322024-02-18T20:55:12.421-08:00Thoughts on SAP Gateway developmentWilliam van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.comBlogger31125tag:blogger.com,1999:blog-1608639243621368332.post-87151861289969704722018-11-16T08:07:00.000-08:002018-11-18T22:13:02.365-08:00Beware: SAP Gateway services can default not be Cross-Domain / CORS accessed<div>In our business context we have non-SAP web applications that invoke SAP Gateway services to retrieve business data. This week I was involved in a rewrite of such application (<I>the need for rewrite being that another consumed data source, namely a SharePoint List, was moved to a new destination, from on-premise SharePoint 2010 to Office 365 SharePoint Online</I>). While testing the updated application codebase, I noticed that I unexpected run into data retrieval issues with getting the SAP data; on code that I did not even touch. After some investigation, the cause appeared to be a Cross Domain issue: the consumed SAP Gateway services are deployed on another domain as the application (whether run local via Node.js, or on the target webserver). The problem was known to application owner, and pragmatic solution to use the application only from Internet Explorer (IE); as that includes an option to disable the Cross Domain check. Mind you, I initially did my testing via Chrome and Edge; both browsers do not support to skip the Cross Domain check in their default usage behavior.</div><div style='margin-top:10px'>Having a developer and solution-aware mindset, I then thought to fix the application itself to enable Cross Domain data access. All browser support this via CORS. Change in the JavaScript codebase should be simple, call the service requests with Cross-Domain awareness: see <a href='https://www.html5rocks.com/en/tutorials/cors/'>Using CORS</a>. However, even with this code change the application (or rather the browser) failed to retrieve the data from the SAP Gateway services. With developers tools I inspected the network traffic, and identified the problem. The PreFlight request issued by the browser for non-simple CORS data requests, are responded by the SAP Gateway application with HTTP 401.</div>
<div style='margin-top:10px;'><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuh6ckwOU-AsAmRw4wLY5hRfJTX_Yvg8JnzPAhm5hdAKq3SC1mmpBJFQIvihYZmIvSuenG0th1dRKJ4ASrwI57sQ-gROQJNhpbNus0KynJ1Yrw2qDgzFarKeuz2d8JR6JMvzvlIUFgsIWX/s1600/SAP+NetWeaver+responds+401+on+CORS+Preflight+Request.png" width="60%" /></div>
<div style='margin-top:10px;'>This is not compliant with the CORS specification: Preflight requests must not include the user credentials. See the W3C Cross-Origin Resource Sharing specification, <a href='http://www.w3.org/TR/cors/#preflight-request'><i>preflight request</I></a></div>
<img border="1" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaFWZp7zOQE80-anQAgU8wCvtHkwzKtujOj6fjXWoyUW44NOczF6cNEh-7dh8XjBqcd9n2z17FnYPS0XliAcKWIWGq8mgkliZ-TUQ1JfqUlq3FtsdmuYZXZRv5lVQJ5a8X9HMjGjNKfXUI/s1600/W3+CORS+Preflight+Request.png" width="95%" /><div style='margin-top:10px;'>All modern browsers obey to the CORS specification, and do intentionally not include Authorization in the Preflight OPTIONS request. SAP NetWeaver should respond with sending the CORS response, and next the succeeding actual http request (with GET, POST, PUT, or DELETE method) will include Authorization information: this is the call that actually goes into the SAP backend to access the stored business data.
</div><div style='margin-top:10px;'>The SAP Gateway specific cause is written in post <a href='https://blogs.sap.com/2017/02/08/how-to-enable-cors-on-sap-netweaver-platform/'>How to Enable CORS on SAP NetWeaver Platform</a>:<div style='margin-top:5px;margin-bottom:20px;border-width:1px;border-style:solid;border-color:#C0C0C0;background:lightblue;margin-top:10px;margin-bottom:10px;width:100%'><span style='font-style:italic;padding:10px;'>
...why is the Preflight Request failing? The issue lies in how a Preflight Request is constructed. According to the CORS specification, the Preflight Request must NOT carry any user credential. As most applications on NetWeaver require user authentication, the Preflight Request will get an “HTTP 401 Unauthorized” error message, thus failing the request.</span></div>
The post also describes an approach to resolve it directly on SAP Netweaver level, via combination of SICF configuration and ICM rewrite rules. Another approach can be to utilize a reverse proxy in the network infrastructure, and let that handle the CORS handling in front of the SAP NetWeaver destination.</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-49287707839227137992017-03-26T03:24:00.000-07:002017-03-26T02:26:11.398-07:00SharePoint integration endpoints for a SAPUI5 based PeopleFinder<div>SAPUI5 is a suitable framework to build responsive-design UIs that renders to the available screen estate of diverse device types: smartphone, tablet, and desktop. It is therefore a fit to deliver an alternative UI to SharePoint's PeopleFinder functionality, in case the out-of-the-box SharePoint UI (<i>that is, with potentially the rendering still made company specific via customized Search Display Templates</i>) for whatever reason does not qualify as sufficient fit. The basic requirement of a SAPUI5 mobile application is that it can consume data and functionality via OData REST services. The SharePoint platform supports such an architecture via the standard SharePoint REST services:
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-lr12YRWc5Gg-IDCPoeKBR0bfzi-Vwsf0VaA-WvpoI_YiNIMHVI0aAG16No4HnkyP3SkZIX7zIJ8PimqENF7yg0kcB0nV2vtmsgh_qo0EAL8XGDTNswgmTPI-CmXYMH_WyWDZHE2yYaLW/s1600/SAPUI5+-+SharePoint+PeopleFinder+System+Architecture.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-lr12YRWc5Gg-IDCPoeKBR0bfzi-Vwsf0VaA-WvpoI_YiNIMHVI0aAG16No4HnkyP3SkZIX7zIJ8PimqENF7yg0kcB0nV2vtmsgh_qo0EAL8XGDTNswgmTPI-CmXYMH_WyWDZHE2yYaLW/s1600/SAPUI5+-+SharePoint+PeopleFinder+System+Architecture.png" style="width:95%" /></a>
</div><div style='margin-top:10px;'>The integration surface for a peoplefinder functionality comprises 3 main elements:<ol style='margin-top:2px'><li>To interactive present people suggestions to user while typing in characters of the people name ==> <i>Get names list of matched users on search input</i></li><li><i>Get detailed list of matched users on search input</i></li><li><i>Get details for selected user</i></li></ol></div><div style='margin-top:10px;'><b><i>1. Get names list of matched users on search input</i></b><br/><br/><i>Best:</i><br/><table border="1" style='border:1px solid rgb(192, 192, 192)'><tr><td nowrap>SharePoint end-point </td><td><div style='font-size:80%'>https://<i><SharePoint root-url></i>/_api/search/query?querytext='preferredname:Jones*'''&selectproperties='PreferredName'&sourceid='B09A7990-05EA-4AF9-81EF-EDFAB16C4E31'&rowlimit=10</div></td></tr></table>
<br/>
<i>Alternative is to search in User Information List:</i><br/>
<table border="1" style='border:1px solid rgb(192, 192, 192)'><tr><td nowrap>SharePoint end-point </td><td><div style='font-size:80%'>https://<i><SharePoint root-url></i>/_vti_bin/listdata.svc/UserInformationList?$filter=((ContentType eq 'Person') and (substringof('Jones',LastName)))&$orderby=Name</div></td></tr></table><br/>
but this has some disadvantages:<ul style='margin-top:2px;'><li><b>Incomplete qua users:</b> user is only added to UserInformationList on first visit to SharePoint site; users not visited yet, are not included</li><li><b>Overcomplete:</b> UserInformationList is never cleaned up, former colleagues remain in the list</li><li><b>Incomplete qua search:</b> UserInformation does not contain a full name field</li></ul></div>
<div style='margin-top:10px;'><b><i>2. Get detailed list of matched users on search input</i></b><br/><br/><i>Search in full content / all crawled people data fields:</i><br/><table border="1" style='border:1px solid rgb(192, 192, 192)'><tr><td nowrap>SharePoint end-point </td><td>https://<i><div style='font-size:80%'><SharePoint root-url></i>/_api/search/query?querytext='Mobile*'&selectproperties='FirstName,LastName'&sourceid='B09A7990-05EA-4AF9-81EF-EDFAB16C4E31'&rowlimit=10</div></td></tr></table>
<br/>
<i>Search in identified property-field(s) only:</i><br/>
<table border="1" style='border:1px solid rgb(192, 192, 192)'><tr><td nowrap>SharePoint end-point </td><td>https://<i><div style='font-size:80%'><SharePoint root-url></i>/_api/search/query?querytext='department:Mobile*'&selectproperties='FirstName,LastName'&sourceid='B09A7990-05EA-4AF9-81EF-EDFAB16C4E31'&rowlimit=10</div></td></tr></table>
</div>
<div style='margin-top:10px;'><b><i>3. Get details for selected user</i></b><br/><br/>
<i>Get all public properties:</i><br/>
<table border="1" style='border:1px solid rgb(192, 192, 192)'><tr><td nowrap>SharePoint end-point </td><td>https://<i><div style='font-size:80%'><SharePoint root-url></i>/_api/SP.UserProfiles.PeopleManager/GetPropertiesFor(accountName=@v)?@v='<i><uname of user></i>'</div></td></tr></table>
<br/><i>Get one single identified user profile property only:</i><br/>
<table border="1" style='border:1px solid rgb(192, 192, 192)'><tr><td nowrap>SharePoint end-point </td><td><div style='font-size:80%'>https://<i><SharePoint root-url></i>/_api/SP.UserProfiles.PeopleManager/GetUserProfilePropertyFor(accountName=@v,propertyName='AboutMe')?@v='<i><uname of user></i>'</div></td></tr></table>
</div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-16183430316198056412016-12-22T12:36:00.001-08:002016-12-22T12:46:11.721-08:00Reverse Proxy must not decode Fiori URLs<div><h3>‘Double Encoding’ issue with Fiori Urls in case of Apache-based Reverse Proxy</h3></div>
<div style='margin-top:10px;'>The typical infra architecture of an on premisse Fiori deployment includes a reverse proxy that enables access to the Fiori Apps from the internet. A responsibility of the reverse proxy is to forward the received external uri address to the protected internal Fiori resource. The generic pattern here is that the domain part of the external url is mapped to the internal url, and the remainder of the external url is concattenated to the internal url. Some / most reverse proxy products handle encoded special characters in the remainder part, well special, by decoding them before forwarding. However, (a.o.) for Fiori URLs this behaviour is undesired. The encoded characters must be forwarded as is, so that the web dispatcher on Gateway FES can decode them and process the correct decoded uri.</div><div style='margin-top:10px;'><b><i>Clarification of the effect due 'double encoding' of Fiori URL:</i></b>
<div style='margin-top:5px;margin-bottom:20px;border-width:1px;border-style:solid;border-color:#C0C0C0;background:lightblue;margin-top:10px;margin-bottom:10px;width:90%'><span style='font-style:italic;padding:10px;'><ol><li>
Browser requests "https://<external-DNS>/sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('<span style='background-color:yellow;'>%2F</span>UI2<span style='background-color:yellow;'>%2F</span>Fiori2LaunchpadHome')?$expand=Pages/PageChipInstances/Chip/ChipBags/ChipProperties,Pages/PageChipInstances/RemoteCatalog,Pages/PageChipInstances/ChipInstanceBags/ChipInstanceProperties,AssignedPages,DefaultPage&sap-cache-id=...";</li><li>SAP Gateway FES returns http error 404;</li><li>Error logged on the SAP NetWeaver node is that "http://<SAP web dispatcher / Gateway FES>:8000/sap/opu/odata/UI2/PAGE_BUILDER_PERS/PageSets('<span style='background-color:yellow;'>%252F</span>UI2<span style='background-color:yellow;'>%252F</span>Fiori2LaunchpadHome')?$expand=Pages/PageChipInstances/Chip/ChipBags/ChipProperties,Pages/PageChipInstances/RemoteCatalog,Pages/PageChipInstances/ChipInstanceBags/ChipInstanceProperties,AssignedPages,DefaultPage&sap-cache-id=..." is an invalid URI</li></ol>
</span></div>
</div><div style='margin-top:20px;'><b>Relevant resources:</b><ul><li><a href='https://archive.sap.com/discussions/thread/3788174'>Fiori Launchpad Error via Apache: Failure - Unable to load groups</a></li><li><a href='http://stackoverflow.com/questions/4390436/need-to-allow-encoded-slashes-on-apache?sf51454146=1'>Need to allow encoded slashes on Apache</a></li><li><a href='https://www.netiq.com/support/kb/doc.php?id=7016712'>How to Preserve Encoded character in URL from NAM AG to webserver</a></li><li><a href='http://stackoverflow.com/questions/31976112/apache-still-double-encoding-slashes-after-correct-config'>Apache still double encoding slashes after correct config</a></li><li><a href='https://confluence.atlassian.com/bamkb/404-page-as-a-result-of-double-encoded-slashes-in-the-url-when-using-apache-302810789.html'>404 page as a result of double-encoded slashes in the URL when using Apache</a></li></ul></div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com1tag:blogger.com,1999:blog-1608639243621368332.post-85875515011376925072016-11-01T14:27:00.000-07:002016-11-01T14:27:02.013-07:00Qualities of SAP Fior Apps<div>Few months ago, SAP published document "Qualities of SAP Fiori Apps (July 2016)". This document is <i>aimed at customers and partners and defines the qualities to be met by a SAP Fiori app. It covers design, implementation and technical criteria to be met beyond the SAP product standards</i>. Thus a handy resource to utilize for reference and guidance. However, as result of SAP's recent changes on SCN, the link became a deadlink and can current not be successful viewed via SAP locations. As I downloaded the document before, I make it available here in awaiting for SAP to structural recover their document link on SCN and/or HANA EA Explorer.</div><div style="margin-top:10px;">
<a href="https://drive.google.com/open?id=0B89AfTMhfP0ZeGRmQ0dXNUZUMlE">Qualities of SAP Fiori Apps</a></div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com1tag:blogger.com,1999:blog-1608639243621368332.post-86137621549867784172016-09-30T11:21:00.001-07:002016-09-30T11:29:15.435-07:00Why is Fiori adoption lagging behind?<div>Yesterday I attended a meeting of the Dutch SAP User Group (<a href='http://www.vnsg.nl/uex'>VNSG</a>) on the topic ‘Customer Fiori Experiences’. As usual, the audience was mostly consultants/developers of SAP consultancies, and only a few actual end-customer attending. After interesting sessions on the state of Fiori (a.o. on SAP Fiori Cloud Edition), the meeting ended with a roundtable to share experiences. And in particular to discuss and answer on the topic how-to increase Fiori adoption in the market. According to latest numbers, (only) 10% of SAP customers world-wide are active with Fiori, and significant subset of them merely with 1 or 2 first Fiori Apps. Note, in The Netherlands the number is higher, as we’re very technology-savvy and typically run ahead of the rest of the world on adoption of new technologies.</div><div style='margin-top:10px;'>There was large consensus in the group that the minimal actual Fiori implementations is for a major part still due unfamiliarity. Not so much by business and end-users, but by majority of SAP developers for which the step to Fiori / UI5 is [too] big, and they prefer to just stick within their comfort zone. Although there might be truth in this, I personally think the more important causes are others.</div><div style='margin-top:10px;'>The most important is that for SAP customers there must be a <b><i>tangible business case</i></b> to switch to Fiori. It is not sufficient, even irrelevant for SAP organizations to switch to new technology and products just because SAP is now delivering it (and promoting it as <i>the next great thing</i>). Even though standard Fiori Apps do not have a license cost (anymore), there is still investment costs involved to transition from current application formats (e.g. GUI transactions, Portal application, WebDynpro) to Fiori as new UI and interaction concept. The investment costs are within preparing the IT landscape infra (introduce NetWeaver Gateway, and Fiori Front-End Server), deploying Fiori Apps plus the required underlying Gateway OData services in the SAP landscape, align with and convince Enterprise Architecture plus (IT) security that Fiori is a future-proof and secure/safe approach, educating end-users. And typically the standard Fiori Apps are not addressing the core of the specific organization, and custom Fiori Apps + Gateway OData services must be developed. And there is again the business case: if there is an existing application that still does the job, even with outdated, stone-aged layout and user-experience, there is little business motivation to invest in improving that for the internal employees. So what is needed then? In my experience and opinion, the precondition to introduce + land Fiori usage within any organization is that there is a <b>concrete trigger</b> – business or IT (savings). This can be that an existing SAP application (standard or custom) no longer suffices and requires to be redesigned and rebuild – and thereby introduces the opportunity to take new UI and mobility requirements into account. Or because there is a new business demand, and again in the current days with ‘mobility-first’ this must be included from beginning of. A third trigger is Application Lifecycle Management, which forces organizations to upgrade their landscape to recent NetWeaver version. Also this can be good moment to reconsider for (some) applications to migrate them into a modern UI experience.</div><div style='margin-top:10px;'>Note, what does not help the market growth of Fiori is the SAP image: stable and robust functional platform, that you do not have to (<i>should even</i>) touch much. SAP could therefore also take a <i>rewarding</i> approach: make it tangible benificial for SAP customers to introduce Fiori => introduce new functional capabilities only via/as Fiori. Actual SAP is following this approach, with 'Fiori-tizing' S/4 HANA.</div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-84345816921049204802016-09-21T11:26:00.001-07:002016-09-21T12:27:54.000-07:00Resources for considering Fiori Launchpad deployment options<div>With the introduction in March this year of <a href='https://eaexplorer.hana.ondemand.com/_item.html?id=10698#!/overview'>SAP Fiori Cloud Edition</a>, SAP now supports upto 5 different deployment options for Fiori Launchpad:<ol style='margin-top:2px;'><li>ABAP Front-end Server</li><li>SAP Enterprise Portal, as of NW 7.31 SP12 and NW 7.4 SP7</li><li>HANA Cloud Platform (HCP)</li><li>SAP Fiori Cloud Edition</li><li>SAP HANA Server</li></ol>Which of these options is a/the best fit for an organization is largely influenced by the situation and roadmap of that specific organization. Some useful resources to aid in this deployment decision-making:<ul><li><a href='http://go.sap.com/documents/2015/08/e4832528-5a7c-0010-82c7-eda71af511fa.html'>SAP Fiori Launchpad - Deployment Options Common Recommendations</a></li><li><a href='http://www.bluefinsolutions.com/blogs/leo-van-hengel/may-2016/sap-fiori-launchpad-deployment-options'>SAP Fiori Launchpad deployment options (Bluefin Solutions)</a></li><li><a href='https://discuss.asug.com/servlet/JiveServlet/downloadBody/41206-102-1-60244/799%20SAP%20Fiori%20UX%20Launch%20Pad%20Deployment%20Options%20and%20Recommendations%20for%20Portal%20Customers.pdf'>SAP Fiori UX Launch Pad Deployment Options and Recommendations for Portal Customers (ASUG, 2015)</a></li><li><a href='https://www.rheinwerk-verlag.de/media/samples/epubs/3944/OEBPS/02_001.html#h2'>FLP Architectural Options (SAP PRESS)</a><ul style='margin-top:2px;'><li><a href='https://www.rheinwerk-verlag.de/media/samples/epubs/3944/OEBPS/02_002.html'>Platform Features and Functions</a></li><li><a href='https://www.rheinwerk-verlag.de/media/samples/epubs/3944/OEBPS/03_001.html'>Scenarios and Corresponding Roadmaps</a></li><li><a href='https://www.rheinwerk-verlag.de/media/samples/epubs/3944/OEBPS/03_002.html'>Existing SAP Enterprise Portal with Limited Portal Usage</a></li><li><a href='https://www.rheinwerk-verlag.de/media/samples/epubs/3944/OEBPS/03_003.html'>SAP Business Client Customer</a></li><li><a href='https://www.rheinwerk-verlag.de/media/samples/epubs/3944/OEBPS/03_004.html'>SAP GUI Customer</a></li><li><a href='https://www.rheinwerk-verlag.de/media/samples/epubs/3944/OEBPS/03_005.html'>Mobile Customer</a></li></ul></li><li><a href='http://scn.sap.com/community/fiori/blog/2015/03/11/architectural-consideration-when-planning-the-fiori-abap-frontend-server-fes'>Planning the Fiori ABAP Frontend Server (FES) - Architecture Questions</a></li>
<li><a href='http://scn.sap.com/docs/DOC-58340'>SAP Fiori launchpad in SAP Enterprise Portal 7.40 and 7.50: Overview Information</a></li><li><a href='http://www.abapstudio.com/blog/wp-content/uploads/2015/11/2015_ASUG_UX202%E2%80%93SAPFiori_LaunchpadandSAPEnterprisePortalIntegration-Options.pdf'>SAP Fiori Launchpad and SAP Enterprise Portal: Integration Options (SAP TechEd)</a></li><li><a href='https://scn.sap.com/thread/3324208'>Quick Sizer for SAP NetWeaver Gateway is now available</a></li><li><a href='http://scn.sap.com/docs/DOC-48355'>How to Size SAP Fiori SP2 Applications</a></li><li><a href='http://help.sap.com/fiori_bs2013/helpdata/en/ba/f61f533f86ef28e10000000a4450e5/content.htm?frameset=/en/ba/f61f533f86ef28e10000000a4450e5/frameset.htm'>Setup of SAP Fiori System Landscape with ABAP Environment</a></li><li><a href='https://s3-eu-west-1.amazonaws.com/gxmedia.galileo-press.de/supplements/3883/sap-fiori-cloud-edition.pdf'>SAP Fiori, Cloud Edition (Rheinwerk Publishing)</a></li><li><a href='http://www.asugnews.com/article/asug-briefing-what-is-sap-fiori-cloud-edition'>ASUG Briefing: What Is SAP Fiori Cloud Edition?</a></li></ul></div><div style='margin-top:20px;font-style:italic;'>Use them at your own convenience...</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com1tag:blogger.com,1999:blog-1608639243621368332.post-4366068878489322142016-06-03T05:19:00.000-07:002016-06-03T05:26:25.238-07:00SAP Web IDE cloud connectivity issues <div style='margin-top:5px;margin-bottom:20px;border-width:1px;border-style:solid;border-color:#C0C0C0;background:lightblue;margin-top:10px;margin-bottom:10px;width:90%'><span style='font-style:italic;padding:10px;'>This blog is earlier published on <a href='http://scn.sap.com/community/developer-center/front-end/blog/2016/06/03/sap-web-ide-cloud-connectivity-requires-project-folder-direct-below-root-node-workspace'>SAP Community Network Blogs</a></span></div><div style='margin-top:20px;'><h1 style='font-size:110%'>SAP Web IDE cloud connectivity requires project folder direct below the root node “Workspace”</h1></div><div style='margin-top:5px;'>In the HANA Cloud Platform cockpit I’ve setup a connection to the demo Gateway system. Next, in SAP Web IDE I’ve created a new App folder. As I prefer a manageable overview of all Apps (to be) developed in Web IDE, I created that App Folder in a subfolder beneath the Workplace folder:</div><div style='margin-top:10px;'><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGdBnxyRsF_hGo2e5ibnhrZbcxG8Jgb0QkLpJORPuWi40X4VdoOvt1WNs1fS1YdBFwzqnjtBx8WswEOYxQBRFGIWrFlUbgpb6lRnI9lRMcWz0pt6VQVnWaR0N3AY7p1JZrsK_k4UJptH2I/s1600/2nd+level+project+folder+in+Web+IDE.png" style="max-width:90%"/></div><div style='margin-top:10px;'>This decision however gives problems within Web IDE wrt setting up the cloud connectivity.</div><div style='margin-top:10px;'><h3>Issue 1: neo-app.json generation is not available</h3></div><div style='margin-top:5px;'>
<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOq_ZMe_MkTyGrFrOrtlFDvCfUKsYh_Vnq6JwOGaoOiIBOlOtdPssPsN5Yy68sxKIBu5gtpqbKirjzAZw8PwzPA3arfBuaJqkyLxpLe0p4kd2p-6vadgMmZJ4NMPbBmzxMK6ajwR4nfPYU/s1600/neo-app+generation+not+available.png" style="max-width:95%"/>
</div><div style='margin-top:10px;'>Pragmatic workaround for this was to generate it via a test-App folder directly beneath Workplace, and copy + paste that file in MyApp folder. Problem resolved.</div><div style='margin-top:20px;'><h3>
Issue 2: The destination is runtime resolved to incorrect address</h3></div><div style='margin-top:5px;'>Testing the MyApp in Web IDE, data is not displayed in UI. Via F12 notify that the connection to connect to the demo system is not correct resolved, and returns a 503:</div><div style='margin-top:10px;'>
<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPhn-tCTtaZARDMtLlvb7ghGo8RiJ5skX1nEDIzt26v1an5Wj-0md-IhQ_FtCsPxe6xDb0UAxxNLbzRdqiy8lKf6SdqV4o2vDTwQ5YKZoH7sK3-X0pu52_I_GQOYgDtTLxJ2A11H-NM_Qr/s1600/Connection+destination+not+available.png" style="max-width:95%" />
</div><div style='margin-top:10px;'>
For a quick test I duplicated MyApp to be directly below Workplace folder, and without making any code or configuration change, ran it from here. And now the connection is resolved, and the App displays the data from Gateway demo system:</div><div style='margin-top:10px;'>
<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitR8CuBYAzz3-W-ur1PBmFkB_CwkmteMxxI68z8FYoiJsmnNix5B81Qzy1xRo15WKhN8e5SAAkiKBEpl3zbTf3ukeqblUzJ38cUmxH7XEMUJ21Wgnyb-Ns6ETNe472h3lEIbIJij4nJc_n/s1600/Gateway+service+available.png" style="max-width:95%" /></div><div style='margin-top:20px;'>I compared the urls generated from Web IDE to the service destination in the 2 situation. The only difference is in the 'webidetesting<number>' part. Apparently there is some "magic" in Web IDE that reserves a dispatching url in HCP for service destinations, and that 'magic' is dependent on the project folder located direct below 'workplace'.</div><div style='margin-top:10px'>I considered as workaround to modify the 2nd level project in manifest.json and have it use the absolute connecting url to service:<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEih7jMCzUbIZ-C4LpFTBIKoEdFJNn_G2lwE2VELtfKhLvWGDTCfcfKVrxQonKMi5dpTFNP37qdmyeN-fQOSv0r8em4CcQEAnuPceou_LjiRr903a8AR2FjRABlNq6CV5wYlq2bSY7vWsUNY/s1600/Setup+absolute+path+to+datasource+destination.png" style='max-width:95%' /></div><div style='margin-top:10px'>However, that setup runs into a cross-domain issue, and is thus neither working:
<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrZLp2yFR7U9Ju_nPkD6gLZDONvPUpc12KRfuOpin6PQUZxEBDJao5VWPLL3k6repPkD2fWOFkvh1JFoy2JtD4a1fDlLkk1ygTJ7VIE3ua2Ohnek84X8GXQdnVb8eWaeBzE0eL876EMATe/s1600/Cross-Domain+issue+to+absolute+url.png" style='max-width:95%;' /></div><div style='margin-top:20px;'>The only resolution for this is to comply to the 'implicit rule' of Web IDE, and place the project folder thus direct below root node "Workplace". With the drawback that you loose the option to structure and classify your projects / Apps folders, and all need to be administrated at the same level as sibling nodes. I would rather be able to make in Web IDE visual groups of project / Apps folders per customer and / or functionality, e.g. for HR, Finance, Marketing. <i>Perhaps we will see this functionality in a next version of Web IDE?</i>
</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-70948061012910746942016-05-12T13:10:00.000-07:002016-05-12T13:10:01.334-07:00First thoughts on Native Enterprise Fiori iOS Apps<div>On May 5, SAP and Apple announced a partnership to deliver native iOS Apps that will connect into SAP business suites:</div>
<div style='margin-top:10px;margin-bottom:20px;border-width:1px;border-style:solid;border-color:#C0C0C0;background:lightblue;width:100%;font-style:italic;padding:10px;font-weight:bolder;font-size:120%;text-align:center;'><a href='http://news.sap.com/apple-sap-partner-to-revolutionize-work-on-iphone-ipad'>Apple & SAP Partner to Revolutionize Work on iPhone & iPad</a></div>
<div style='margin-top:10px;'>My personal first response on this news was astonishment and non-understanding. Since 3 years SAP is full promoting SAP Fiori build through SAPUI5 (or openUI5) web-technology as <span style='font-weight:bold;'>THE</span> future-proof way to build user-friendly SAP Apps. SAP applies itself in all new and updated product developments, as SAP HANA Analytics Apps, NetWeaver Business Client, SAP Enterprise Portal. SAP made and evidently applies the decision to go full-stream for web-based UI in favor of the platform-specific native product developments (of which SAP tried several variants, most notable through the Sybase Unwired Platform). And now all of a sudden, SAP appears to return on this decision and [also] to put full steam on platform-native development. Starting now with first Apple/iOS, and already communicated plans to follow later with Android.</div><div style='margin-top:10px;'>I expressed my surprise and concerns on a SAP <a href='https://blogs.saphana.com/2016/05/05/apple-and-sap-innovate-together-to-drive-development-and-business-value-by-steve-lucas-president-sap-digital-enterprise-platform/'>post</a> in which Steve Lucas communicated on the SAP-Apple partnership. His responses gave me more insights in the why of this renewed native-attention, and the positioning towards web-based. Not to say that I in all agree.</div><div style='margin-top:10px;'>Steve in particular replied with statement <span style='font-style:italic;'>‘There’s a big different between “semi” native and native’</span>. On this I disagree, regarding the qualification <span style='font-style:italic;font-weight:bold;'>‘big’</span>. I do acknowledge that for interactive consumer Apps this may still (and likely remains to) hold, as those may need the local computer power and platform-local capabilities. Games are a good example that really benefit from direct access to the local resources and computing power. But I personally doubt that platform-native capabilities add considerable extra value for business / enterprise Apps.</div><div style='margin-top:20px;'><img src='https://s3.amazonaws.com/dfc-wiki/en/images/c/c2/Native_html5_hybrid.png' style='width:90%;'></src><div style='margin-top:2px;font-style:italic;font-size:smaller;'>(Source: <a href='https://developer.salesforce.com/page/Native,_HTML5,_or_Hybrid:_Understanding_Your_Mobile_Application_Development_Options'>[Salesforce Developer] Native, HTML5, or Hybrid: Understanding Your Mobile Application Development Options</a>)</div></div><div style='margin-top:20px;'>As a true architect, I made a Pro/Contra enlistment for Fiori-native and Fiori Web-based:</div>
<div style='margin-top:5px;border-width:1px;border-style:solid;border-color:#C0C0C0;'>
<table>
<tr><td colspan="2"><span style='color:lightblue;font-weight:bold;font-size:120%;'>Fiori-native</span></td></tr>
<tr><td colspan="2"><hr></hr></td></tr>
<tr><td><span style='color:green;margin-right:20px;'>Pro</span></td><td>Ability to use device-local capabilities (e.g. geolocation, camera, local storage)</td></tr>
<tr><td> </td><td>Rich UI</td></tr>
<tr><td> </td><td>Consistent UI for the specific device-platform</td></tr>
<tr><td> </td><td>Optimal local performance (power)</td></tr>
<tr><td> </td><td>Fast graphics</td></tr>
<tr><td> </td><td>Push-notification supported</td></tr>
<tr><td> </td><td>Possible to run / continue in background</td></tr>
<tr><td> </td><td>Data-integration possible with other local Apps</td></tr>
<tr><td> </td><td></td></tr>
<tr><td><span style='color:red;'>Con</span></td><td>Need to build + support per device-platform</td></tr>
<tr><td> </td><td><span style='font-weight:bold;'>Mobile-Only</span></td></tr>
<tr><td> </td><td>Version-upgrades must be explicit brought to each individual end-user device</td></tr>
<tr><td> </td><td><span style='font-weight:bold;'>Requires SAP HCP</span></td></tr>
<tr><td> </td><td></td></tr>
<tr><td colspan="2"><span style='color:lightblue;font-weight:bold;font-size:120%;'>Fiori web-based (SAPUI5/openUI5)</span></td></tr>
<tr><td colspan="2"><hr></hr></td></tr>
<tr><td><span style='color:green;'>Pro</span></td><td>One version usable on all device-platforms</td></tr>
<tr><td> </td><td><span style='font-weight:bold;'>Mobile-First</span> / Mobile + non-Mobile</td></tr>
<tr><td> </td><td>Easy deployment: Version upgrades only on central webapplication level, transparent to end-user devices</td></tr>
<tr><td> </td><td>Via Fiori Client or Kapsel: possible to act as semi-native App, direct user-launchable from the device</td></tr>
<tr><td> </td><td>Via SAPUI5 and other frameworks (jQuery), possible to use device-local capabilities (GPS, Camera)</td></tr>
<tr><td> </td><td></td></tr>
<tr><td><span style='color:red;'>Con</span></td><td>Functionality limited to common denominator across the platforms</td></tr>
<tr><td> </td><td>UI is not on-par with the device-specific experience (e.g. Fiori UI differs considerable from iOS native UI)</td></tr>
<tr><td> </td><td>Push-notification is complex (and requires Fiori Client or Kapsel [Hybrid App]</td></tr>
<tr><td> </td><td>Local file storage not available (although from security perspective, this is not per se a disadvantage for business / enterprise Apps. Dependent on the business App, it may be prohibited to locally store sensitive / business-critical data)</td></tr>
<tr><td> </td><td>Not possible to run in background</td></tr>
<tr><td> </td><td>Less performant due browser javascript engine + interpreted rendering</td></tr>
</table>
</div>
<div style='margin-top:20px;'>Based on these (and more) pros/contras, individual companies/architects can decide whether to go for web-based SAP Fiori or platform-native Fiori. Noticable especially is the HCP dependency in case of Fiori-native. Implication is that companies that are no subscriber [yet] of SAP HCP, cannot go the Fiori-native path. But they can expose their on-premisse SAP Business Suite(s) via web-based/SAPUI5 Fiori Apps.</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-91922066350984132672016-04-30T09:35:00.000-07:002016-05-06T04:07:24.225-07:00My openSAP Fiori submission flagged as extraordinary by peer reviewer<div>Over the last couple of months I participated in the openSAP ‘<a href='https://open.sap.com/courses/fiux2'>Build Your Own SAP Fiori App in the Cloud – 2016 Edition</a>’ on-line training. Reason to participate was to increase my practical knowledge on Fiori development, now that we intend to rebuild our business portal utilizing Fiori Launchpad and UI-technology. Although I already have practical SAP Fiori + Gateway experience in my role of solution architect for an App build for a large Dutch bank – this App even <a href='http://www.thenextview.nl/blog/rabobank-wins-sap-quality-awards-2015'>won the Bronze SAP Quality Award 2015 in the category ‘Innovation’</a> -, I wanted to renew my knowledge with the latest SAPUI5 technology state and also the tools that SAP now delivers. The tools encompass the full spectra, from design [SAP Splash and BUILD], to development [SAP Web IDE]</div><div style='margin-top:10px;'>The structure of the openSAP training is first lectures explaining about the why and concepts of Fiori, Design Thinking approach applied for custom Fiori development, and how-to design and develop a custom Fiori App. A central element of the training is, as the title already states, to design and develop an own Fiori App. Applying the Design Thinking approach, and the tools that SAP provides. The first assignment was to design the App, both functional as visual specification – preferable via SAP BUILD. And the final assignment was to develop it as a real functioning Fiori App, build with SAPUI5 framework within SAP Web IDE.</div><div style='margin-top:10px;'>The App I came up with is ‘ProcessMonitor’. Basically it serves as a headlights dashboard to watch the (non)progress of business processes that you have a stake in. Typical these are the processes that you’ve started, and await on their completion.</div><div style='margin-top:10px;'><b>Design - mockups</b><table style="width:100%;valign:top';"><tr><td style='width:50%;'><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdxpfO-S16shgEfgcbFVEwliZxi1zKR2V6ktuMWrqR2M4wrSW8BIyQVIc4-5C3T-7jEzZ4Vwn-b9huVpXMYN4QMp8BRQCXLe5lZeXsmPsT3lIUVbvpXdRBi5A8euAwjrDLGFkJ2JpuBwk_/s1600/ProcessMonitor+Mockup.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdxpfO-S16shgEfgcbFVEwliZxi1zKR2V6ktuMWrqR2M4wrSW8BIyQVIc4-5C3T-7jEzZ4Vwn-b9huVpXMYN4QMp8BRQCXLe5lZeXsmPsT3lIUVbvpXdRBi5A8euAwjrDLGFkJ2JpuBwk_/s320/ProcessMonitor+Mockup.png" style="width:100%;max-width:100%;" /></a></td><td style='width:50%;'><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFRbhLx_Cb6qsEwAqV1Sy2nkGjA60banzKzCeQAxNt9dGj7fI6ffzmD2AgvwFRlbqSfluy3pwEshffvTkoHfB7ReffXG19s3EFfH4EA2Y1qtAFA9UUxqnplRwBsNySldXVUwb8L_JLhMXd/s1600/ProcessMonitor+Mockup+-+Mobile.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFRbhLx_Cb6qsEwAqV1Sy2nkGjA60banzKzCeQAxNt9dGj7fI6ffzmD2AgvwFRlbqSfluy3pwEshffvTkoHfB7ReffXG19s3EFfH4EA2Y1qtAFA9UUxqnplRwBsNySldXVUwb8L_JLhMXd/s320/ProcessMonitor+Mockup+-+Mobile.png" style="width:100%;max-width:100%;" /></a></td></tr><tr><td colspan=2><br/><b>Develop - App</b></td></tr><tr><td style='width:50%;'><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU2Z-I5q4dAge-RSECd32TNd4mvIZamAJ5na0zxX3TlnJT7gYJ087Km02LH66o8ZGtMlKuv0L0PXEadwwln-LCaaTxPU9X9P17x20xu0vuqwL6vcyzWPV4hSqHDd4k-n2bJJAYWbhnfF9A/s1600/ProcessMonitor+App+-+Desktop.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU2Z-I5q4dAge-RSECd32TNd4mvIZamAJ5na0zxX3TlnJT7gYJ087Km02LH66o8ZGtMlKuv0L0PXEadwwln-LCaaTxPU9X9P17x20xu0vuqwL6vcyzWPV4hSqHDd4k-n2bJJAYWbhnfF9A/s320/ProcessMonitor+App+-+Desktop.png" style="width:100%;max-width:100%;" /></a></td><td style='width:50%'><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_rHcfdbLlPf3z6ZEpsudxlFsLPKfuoxzWjvRUBYQPSQGWeganT0gP3F-MZOqse1BSJD5732LZ_ejp5PKd6cFRiGW2pSkE4UExIQssCJ2Bsc6LxMgjNcxZQvu7VCWsAz4XQRkxVkPTBpvY/s1600/ProcessMonitor+App+-+Mobile.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_rHcfdbLlPf3z6ZEpsudxlFsLPKfuoxzWjvRUBYQPSQGWeganT0gP3F-MZOqse1BSJD5732LZ_ejp5PKd6cFRiGW2pSkE4UExIQssCJ2Bsc6LxMgjNcxZQvu7VCWsAz4XQRkxVkPTBpvY/s320/ProcessMonitor+App+-+Mobile.png" style="width:100%;max-width:100%;"/></a></td></tr>
</table>
<ul><li><a href='https://drive.google.com/file/d/0B89AfTMhfP0ZMWp2NHNwTG81UE0/view?usp=sharing'>Design submission</a></li><li><a href='https://drive.google.com/file/d/0B89AfTMhfP0ZVXh1ME9SYU1Ua00/view?usp=sharing'>Develop submission</a></li></ul></div><div style='margin-top:10px;'>A nice element of the course is mutual peer-reviewing. Each participant is requested to review at minimal the submissions of 5 of your peer participants. And it also implies that your own submitted work will be reviewed by at minimal 5 of your co—participants. I was pleasant surprised to hear that my Develop Challenge submission was flagged as extraordinary by one of my peer reviewers. Acknowledgement and recognition by your peers is one of the best there is…</div><div style='margin-top:10px'>And the App can be further extended on. A next useful functional addition to the App is the ability to monitor the (non)progress of projects in which you are not yourself direct involved, but still have a stake or even merely are interested in it’s completion. The idea here is that you can request a list of running processes – naturally complying to business authorization rules, you thus only can see the processes that you given your business role are allowed to see. And select from the list the process(es) that you want to ‘follow’. An example would be to 'follow' the progress of a budget approval process in your company that concerns a project you like to participate in.</div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-71603042081322180692016-04-27T10:19:00.001-07:002016-04-27T22:35:24.031-07:00Architectural decision path to rebuild our business portal foundation<div>As stated in <a href='http://wvstrien.blogspot.nl/2016/02/exploring-scenarios-for-upgrade-of-sap.html'>previous</a> post, current our business portal foundation is based on SAP Enterprise Portal 7.01. The direct trigger to consider a rebuild is that SAP has announced that support on EP 7.01 ends per end of 2017, and even no extended maintenance will be offered (source: <i><a href='http://project-support-basis.blogspot.co.uk/2013/07/note-1648480-maintenance-for-sap.html'>SAP Note 1648480 - Maintenance for SAP Business Suite 7 Software</a></i>). But another motivation is perhaps even more important: enable our end-users to seamless access and use the business portal foundation and the business applications exposed in/via it.</div><div style='margin-top:10px;'><h2 style='font-size:110%'>What is a business portal: Architectural Views</h2><p><b>Business Architecture</b><ul style='margin-top:0px;'><li>Host of functional portals</li><li>Launchpad to access business applications</li><li>Structured collaboration with external counterparts (suppliers and customers)</li><li>“Business card” of the company’s identity and IT maturity level to internal employees and external partner organizations</li></ul></p><p><b>IT Architecture</b><ul style='margin-top:0px;'><li>Presentation layer</li><li>Identity and Access Management</li><li>Reverse Proxy</li><li>Authorization / Roles Management</li><li>Single Sign-On to ASML business applications</li><li>Content + Knowledge Management</li><li>Application hosting</li></ul></p></div><div style='margin-top:10px;'><h2 style='font-size:110%'>Ambition for renewed Portal foundation</h2>We aim for a user-centric environment, Responsive Design, mobile-ready, seamless end-user operation, personalizable, role-based, performant, secure, company branding. And appealing to use…These are all aspects that SAP aims to address with the Fiori offering, and via SAP Fiori Launchpad as gateway entrance. But SAP is not alone in there, other portal platform vendors aim to support the same.</div><div style='margin-top:10px;'><h2 style='font-size:110%'>Portal platform (re)selection</h2>The decision to rebuild our company portal foundation also beholds a good moment to re-evaluate the portal platform selection. It will again be a decision that lasts for years, thus justified to spend time to the portal platform and vendor selection.<p>The outcome of the selection traject is that we stick with SAP as vendor for our portal foundation. The main decision drivers for (re)selecting SAP as portal platform are:</p><ul><li>This is predominantly Application Lifecycle Management, like for like</li><li>Gartner positioned SAP as a leader in it’s <a href='https://www.gartner.com/doc/3130221/magic-quadrant-horizontal-portals'>2015 Magic Quadrant for Horizontal Portals</a> – <a href='https://news.sap.com/sap-positioned-leader-2015-gartner-magic-quadrant-horizontal-portals/'>on completeness of vision for Portal and UX (via Fiori) offering</a></li><li>The weighing of the 6 Portal Platform Leaders on the main company priorities results in SAP qualified as Nr 1 for our portal foundation</li><li>A large set of the exposed business applications are current build as ‘Portal-Embedded’ applications: they make use of and are dependent on SAP Portal capabilities, e.g. Enterprise Portal Knowledge Management</li><li>A large set of the exposed business applications are SAP backend based. Exposing via a SAP technology-based portal results in better integration plumping: authentication, Single Sign-On, end-2-end auditing.</li><li>SAP and it’s partners (will) deliver standard SAP Fiori Apps to operate SAP Business Suites (Finance, HR, Sales, Manufacturing, Supply Chain, …). Examples applicable for Supplier context:<ul><li>WBS Element BOM</li><li>Quality Notification</li><li>Report Quality Issue</li><li>Open Orders – Total Orders By Status</li><li>Process Order</li><li>Track Shipments</li></ul></li></ul></div><div style='margin-top:10px;'><h2 style='font-size:110%'>Portal foundation rebuild strategy</h2><ol><li><b>Application Lifecycle Management</b> to SAP EP 7.5:<ul><li>Remain supported by SAP</li><li>Remain in-control of the full Portal landscape</li></ul></li><li><b>Innovation</b> via Fiori Launchpad:<ul><li>User Experience: Prepare and enable for new UI concepts</li><li>Functionality: Prepare and enable for new service concepts</li></ul></li></ol></div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-25869356827888175252016-02-14T09:57:00.000-08:002016-02-14T09:57:51.475-08:00Exploring scenarios for upgrade of SAP Portal based application<div>In our company we’ve set up multiple end-user business applications on the same physical SAP Enterprise Portal landscape. Due diverse reasons, our Portal landscape is still on version 7.01 and getting outdated. From Application Life Management responsibility we’re now looking into upgrade of our Portal landscape. However, as everyone involved in SAP architecture and usability is very much aware, SAP has not stood still the last years, and as result the landscape to select from has been severely broadened. We can upgrade our SAP Portal landscape to the newest version 7.5. Or we can decide to introduce Fiori Launchpad as new entry point for our logical applications. Another solution option is the NetWeaver Business Client. Or the HANA Cloud Portal. And then there are all kinds of mixture scenarios thinkable. Amongst the decision criteria for the diverse scenarios are off course money and effort/time. But the most important is the usability of the new solution. And another is to careful watch what direction SAP is heading, to avoid that we go into a direction that SAP will not be committed to in [a] near future.</div><div style='margin-top:10px;'>Current I’m defining the architecture plan for the new solution. In this plan I outline the diverse scenarios, and weight each of them on pros and cons for our situation. To form more feeling by what SAP is doing, we attended 2 workshops: one arranged by SAP specific for our company, and another setup by VNSG (the Dutch SAP User Group) for multiple invited companies. Especially in the last it was clear that we’re not alone in/on our quest: multiple organizations (among remarkable a lot of Universities) are struggling on what step(s) to take next on [SAP] portal area.</div><div style='margin-top:10px;'>In the coming months I will regular post updates on first our decision path, followed by the progress of the eventual implementation(s).</div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-3156892106892468412015-10-02T10:38:00.001-07:002015-10-02T10:39:54.115-07:00Aspects and challenges encountered mobilizing a SAP business process<div style='margin-top:5px;margin-bottom:20px;border-width:1px;border-style:solid;border-color:#C0C0C0;background:lightblue;margin-top:10px;margin-bottom:10px;width:90%'><span style='font-style:italic;padding:10px;'>This blog is earlier published on <a href='http://scn.sap.com/community/mobile/blog/2015/09/27/aspects-and-challenges-encountered-mobilizing-a-sap-business-process'>SAP Community Network Blogs</a></span></div><div style='margin-top:20px;'>Last year I was the integration/solution architect to expose a custom SAP business process as mobile App. In this posting I want to enumerate the major aspects and challenges we encountered. And with success, the App is in productive use, and the end-result recently won the SAP Quality Award 2015.</div><div style='margin-top:10px;'><h2>Aspects and challenges</h2><b>SAP business system is a closed system</b><br/>This actually encompasses 2 different aspects. For one, the functionality of the SAP system is locked internal in the SAP system with SAP proprietary technology and data formats, not exposed nor fit for alternative UI channels. And second, the SAP system is isolated from the evil outside in the company-internal infra.<br/><br/><b>Users demand a pleasant ‘form-factor’</b><br/>Users are fed up with the arcane UI, and want a user-experience that feels good. This means it must look good, and moreover that it must have a pleasant behavior that supports the user in doing the work effective and efficient.<br/><br/><b>The mobile ‘form-factor’ must enable multiple devices and screens</b><br/>Most noticable is that users expect an App to be usable from tablets and smartphones. And second is that for tablets, but in particular for smartphones, multiple different device formats and OS platforms are in use.<br/><br/><b>Unknown makes unloved</b><br/>Since decades the SAP business systems are the stable base on which the organizations rely. Any change to this status quo inhibits the risk of disruption. And then also all that mobile technology and aspects introduces new knowledge. It is human response to be very careful, perhaps even scared, to all that new stuff.<br/><br/><b>The unknown outside is evil</b><br/>IT security is not an easy, or even thankful job. They are held responsible in case of issues, and taken for granted otherwise.<br/>When functionality is exposed via additional channels, also the security vulnerability increases. It is only rightful that security is very cautious, and demands proofing that the changes do not result in unacceptable security and thus business risks.<br/><br/><b>Secure and reliable authentication from App into SAP</b><br/>Like all business systems, SAP internal processing is permission-based. What one is allowed to do depends on authentication (who you are) and authorization (what your allowed to do). In mobilizing the business process, the authentication part is primary delegated to the App, while the authorization part remains in the business system.<br/>Typical the App-identity is different from the SAP identity, and a credential-mapping is required (Single Sign-On).<br/><br/><b>Performance</b><br/>Although performance is also an aspect of the pleasant app-experience, the importance of this topic for user acceptance on itself warrants dedicated focus. Business-users are just as intolerant against bad-performing business-apps as they are in the personal context against non-performing consumer-apps. Also note that a major motivation for mobilizing SAP business process is to facilitate shorter time to handle, and a performant ui-experience is in that sense an absolute requirement.<br/><br/><b>What if…</b><br/>...in <x> time insights or business situation has changed, and the delivered App is no longer sufficient? Such uncertainty about future developments (business and technology) is often misused as excuse to halt, and make no changes. And users are withheld from improvements in operation of the daily business actions that can be delivered to them <i><u>today</u></i>.<br/><br/><b>Infra aspects highlighted</b><br/>1. <u>Interoperability</u><br/>Connectivity from App to the SAP business system<br/>
Expose the SAP proprietary data and functionality for outside consumption in the App<br/>
Data mapping of SAP proprietary data model in a standards-based, and optimized dataformat<br/>
Integration endpoints<br/>2. <u>Identity Management / IAM</u><br/>
Authentication (SSO across diverse authentication administrations)<br/>
Permission management<br/><br/>
3. <u>Security</u><br/>
Data loss ( through Device loss)<br/>
Data integrity (inspection, to prevent via encryption)<br/>
Unmanaged devices / BYOD<br/>
User and Device onboarding<br/><br/>
4. <u>Performance</u><br/>
Network throughput + latency<br/>
Scalability<br/>
Availability<br/><br/>
5. <u>Auditing / Audit Trails</u><br/>
Logging<br/>
Health monitoring<br/><br/>
</div><div style='margin-top:10px;'><h2>Architectural decisions</h2><ol style=margin-top:1px;padding-left:20px;'><li>Deliver the App as a web-app; and rely on platform browsers to make sure the App runs on the multiple devices</li><li>Deploy as PhoneGap hybrid App that can directly be started from the device (relieving the user of need to retype the url in browser)</li><li>Expose the required functionality to outside as an API, with endpoints that are invoced via integration and data standards.</li><li>Use Gateway as middleware to deliver the service API: develop + runtime</li><li>Use SAPUI5 as html/javascript platform to deliver Responsive Design UI, and in look&feel that users are getting more familiarized with via the expanding SAP Fiori apps</li><li>Architect the App as loosely-connected UI-part and Processing part. This allows to exchange the UI-part for another UI-format when the situation has changed, while the processing part can be reused.</li><li>Architect the service API for an optimized integration surface. Avoid excessive call behavior of the App into the service API resulting in network latency, and design ‘chatty’ interface methods instead of data-minimized service methods.</li><li>We did NOT utilize SAP Mobile Platform, but hook into mobile platform that is already in use. Providing device onboarding, reverse proxy, transfer security.</li><li>Rely on proven SAP-technology of Java Authentication Server + LogonModule to convert customer-internal credential into SAP Logon Ticket (MYSAPSSO2, used in the SAP system).</li></ol></div><div style='margin-top:10px;'><h2>Project approach</h2><ol style='margin-top:2px;padding-left:20px;'><li>UI-design the ‘mobile experience’: build mock-ups together with stakeholders to quickly arrive at an App-experience that will truly help the business users.</li><li>Take the initial unknowledgable at the customer side on the tour to teach the new mobile concepts, and as such take away their uncertainties and anxiety that are due the unknown</li><li>Team up with SAP as supplier, and convince IT stakeholders at the customer on the support level of standard software (Gateway, SAPUI5). Call in on well-known SAP expertise (<a href='https://scn.sap.com/people/andre.fischer'>Andre Fischer</a>, <a href='https://scn.sap.com/people/holger.bruchelt'>Holger Bruchelt</a>) for solid advice and/or crosschecking.</li></ol></div><div style='margin-top:25px;font-size:9pt;'><i>Some relevant references:</i><ul><li><a href='http://scn.sap.com/docs/DOC-4015'>Single Sign On to SAP NetWeaver Enterprise Search 7.2 Using Integrated Windows Authentication</a></li><li><a href='http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d066cce7-b7b8-3010-428c-bcef3cf76cac?overridelayout=true'>SAP Fiori - Overview of SSL and SAML 2.0 Configuration</a></li><li><a href='http://scn.sap.com/docs/DOC-51167'>Building SAP Fiori-like UIs with SAPUI5 in 10 Exercises</a></li><li><a href='http://scn.sap.com/docs/DOC-51898'>How-to Avoid Caching of Confidential Data</a></li><li><a href='http://scn.sap.com/community/gateway/blog/2014/08/26/gateway-protection-against-cross-site-request-forgery-attacks'>Gateway Protection against Cross-Site Request Forgery attacks</a></li></ul></div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-84719413705210590022014-10-27T08:02:00.001-07:002014-10-27T08:02:43.657-07:00The SAP Mobile Integration playing field<div><b>SAP NetWeaver Gateway, SAP Mobile Platform, SAP API Management, Integration Gateway: the SAP Mobile Integration playing field includes multiple players. What are their roles, and can they play well together?</b></div><div style='margin-top:10px;'><h3>SAP Mobile Integration technologies and products</h3>The role of SAP NetWeaver Gateway is exposing SAP ABAP-based Business Suites for consumption by alternative UI-channels, SAP and non-SAP. Including mobile apps, a.o. the SAP Fiori Apps.</div><div style='margin-top:5px;'>SAP delivers also SAP Mobile Platform as a standard product. SMP 3.0 includes an internal component Integration Gateway. This is something different than NetWeaver Gateway, although it’s role is comparable: expose data and functionality for external consumption. Starting SMP 3.0 service pack 4, SAP positions SMP also as “Fiori-compatible”. Elements of this are SAP Fiori Client and Kapsel SDK within the SMP portfolio.</div><div style='margin-top:5px;'>Early October, SAP in addition launched the new product SAP API Management. With this product, organization can manage and govern their service provisioning and usage by consuming organisations and Apps. Also this product thus has its rol in the mobile integration landscape.</div><div style='margin-top:10px;'><h3>How do these products play along?</h3>SAP itself acknowledges that the pure existence of these 3 products, which seem to functionally overlap, likely will result in market confusion. To mitigate that effect, Joav Bally wrote an excellent article to clarify on higher level the difference in role positioning. Instead of repeating him, I simple refer to his post: <a href='http://scn.sap.com/community/developer-center/api-management/blog/2014/10/18/unlocking-data-harmonioulsy'>Uniform Provisioning and Consumption of SAP (and non-SAP) Data</a>. Another good information source is the post ‘<a href='http://scn.sap.com/community/gateway/blog/2014/03/20/there-is-a-gateway-for-that'>There is a Gateway for that …</a>’ by Mustafa Saglam.</div><div style='margin-top:5px;'>Inspired by the insights I gained via these 2 blogs, I sketched a conceptual architecture diagram in which the 3 SAP integration products/technologies are positioned in the architecture layers.</div><div style='margin-top:10px;'><img border="0" style='width:95%;' src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVZJOp9PilBaCEqS4_7hhsWhZFn0qXFMYeHgFZC1AEgkLjyVEEVGznnf8ECwRb2b02ZhSRRoFjWZbFnzQnowFAxpCllc8QqtNe4skzpYBupp2cCxZA4Y8FK9-3dwR5NCU8ai8bwUT62FYU/s1600/SAP+Mobile+Integration+landscape.png" /></div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-80254959753516033082014-09-02T02:15:00.000-07:002014-09-02T02:15:32.229-07:00HowTo diagnose root cause of Gateway authentication issues<div>Gateway supports multiple authentication methods to enable Single Sign-On: Basic Authentication, SAML 2.0, X.509 Certificates, SAP Logon Tickets, OAuth. Correct operation of SSO between a Gateway services consumer (e.g. SAP Fiori, SharePoint App, …) and Gateway requires that the consumer and the Gateway system have established an identity trust relationship. This typically (<span style='font-style:italic;'>except for basic authentication, but I do not consider that as a viable enterprise-ready SSO option</span>) requires configuration on consumer and Gateway side.</div><div style='margin-top:10px;'>What to do in case the service consumer does not succeed in successfully sign-in on Gateway? How to find out what is the root cause, when you have configuration settings on both the consumer and on the Gateway side? Well, it appears that the NetWeaver stack provides a convenient diagnose tool for this:</div><div style='margin-top:2px;color:blue;'>https://<hostname>:<port>/sap/bc/webdynpro/sap/sec_diag_tool.</div>.<div style='margin-top:0px;'>Make sure to activate this service in SICF, open the service in a browser, start a recording session, and repeat from consumer side the attempt to single sign-on. Next stop the recording, and inspect the trace file. In case of security related exception, you're likely to find useful information logged in that trace file.</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-89116537552307933312014-08-15T12:09:00.000-07:002014-08-15T12:09:04.737-07:00Gateway protection against Cross-Site Request Forgery attacks<div>Gateway REST services open up the SAP landscape for consumption and operation from clients outside that trusted SAP landscape, including those evil browsers. Evil as we all know, <i>the web cannot be trusted</i>. A critical aspect in the Gateway architecture is therefore to mitigate the impact of web-based security attacks.</div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>Cross-Site Request Forgery (CSRF)</h2>One of the most exploited security vulnerabilities on the web is cross-site request forgery. The essence of a CSRF attack is that a malicious site misleads a trusting site in believing that a transactional request comes with approval of the user. The working of a CSRF attack is as follows: 1) after the user has set up an authenticated session with an application site, 2) the user while still within this authenticated browser session visits a malicious site, and 3) the malicious site tricks the user in sending requests to the application site that are actually constructed by the malicious site. Misleading the trusting site that the request comes with approval from the authenticated and authorized user, while in fact it originates from a malicious site. Hence the name cross-site request forgery.</div><div style='margin-top:10px;'>The success of CSRF attacks depends on 3 factors:<ol style='margin-top:1px;margin-left:0px;padding-left:20px;'><li>The ability to load malicious javascript code within the authenticated browser session.</li><li>The ability to misuse the user authentication to the application site. In most browser/webapplications scenarios the user’s authentication state is maintained in cookies after successful authentication – required to preserve the authenticated state. If the malicious site can lure the user into sending a malicious request from the authenticated browser session, that request will automatically include all cookies including the authentication state. And thus be authorized to the trusting site without the user being aware nor approved the request.</li><li>The predictability of the transaction request, so that the malicious site is able to automatically construct a request that will be serviced by the trusting site.</li></ol></div><div style='margin-top:10px;'>The first factor is common exploited by social engineering. The user is somehow seduced to load javascript code from the malicious site into the current browser session, without the user even be aware. Typical example is to send an email to user with hidden javascript code, and when the user opens it a request is send to malicious site. The protection against this risk are a combination of tooling – mail filters; and educating the users – do not just open any received mail. Although the quality of both security measures increases (<i>yes, users are also more and more aware of the risks on the web</i>), this protection is certainly yet not 100% foolproof.</div><div style='margin-top:1px;'>Note that this factor is only present if the consumption of the webservices is via a browser. In case of a native application, and also in case of an embedded browser in native App (e.g. Fiori Client, Cordova), the user cannot visit others sites and have its client context become infected / compromised.</div><div style='margin-top:10px;'>The second factor is inherent present in all browsers. Without it, each request send from browser would first need to go through the authentication protocol with the remote webapplication, involving browser redirects, identity stores. And in case of username/password browser logon, the user would have to reenter his/her credentials over and over again. Thus: preserving the authentication state after initial authentication is needed to avoid the processing and elapse time for the authentication protocol handling, and to prevent unhappy users. User-friendliness and security are often in contradiction.</div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>Protection against CSRF attacks: CSRF Token</h2>CSRF protection focusses on the 3rd factor: make sure the request cannot be (automically) predicted and thus constructed. Introduce CSRF Token protection.</div><div style='margin-top:1px;'>The essence of CSRF Token protection is that the token is a secret key that is only known to the authenticated browser session and the trusting site, and that the authenticated browser session must include in each modifying request to the trusting site in order to convince the trusting site that the request is coming with consent from the user.</div><div style='margin-top:1px;'>CSRF token protection is utilized on modern webapplication platforms, including SAP ICF, Microsoft IIS, …</div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>CSRF protection applied in Gateway</h2>SAP Gateway applies the following protocol to protect against CSRF:<ol style='margin-top:1px;margin-left:0px;padding-left:20px;'><li>The user opens in browser a session with the Gateway based webapplication, and must first authenticate. This can be via any of the authentication methods: username/password, integrated Windows Authentication, X.509, SAML2, OAuth. After successful authentication, the browser has established an authenticated user-session with this trusting web application.</li><li>The webapplication code loaded in the browser (HTML5, JavaScript) invokes HTTP GET requests to the Gateway REST services to retrieve data. The GET request can only be used to retrieve data, not to request a modifying transaction on a Gateway service.</li><li>In case the client application wants to execute a transaction via Gateway REST service, it must invoke this via a POST, PUT or DELETE request. To ensure to the trusting Gateway REST service that the transaction request indeed originates from the user through the client application, the request must be signed with a CSRF-Token as secret key only known by the client application context and the Gateway webapplication.</li><li>The CSRF-Token must be requested by the client application from the Gateway webservice. This can only be done via a non-modifying HTTP GET request. If the client application needs the CSRF Token for subsequent transactional request(s), it must include header variable X-CSRF-Token with value ‘FETCH’ in a non-modifying HTTP Get request send to the Gateway service. As all browsers enforce same-origin policy, the browser will only send HTTP GET requests issued from resource/code loaded in the browser that has the same origin/domain as the Gateway REST service. When code loaded via another (cross) site tries to send the HTTP GET request, the browser will refuse to send it.</li><li>Gateway webservice only serves request to return X-CSRF-Token for non-modifying HTTP GET Request. It is not possible to retrieve the X-CSRF-Token via a modifying HTTP PUT/POST/DELETE action. Reason is that these requests are not subject to same-origin policy, and thus can be issued from code loaded from another domain (note: the essence of JSONP crossdomain handling).</li><li>When Gateway receives a non-modifing GET Request with header variable ‘X-CSRF-Token’ equal to ‘FETCH’, it random generates a new token and returns the generated value to the requesting client in the response: via header variable and cookie. As result of same-origin browser policy, cookies can only be read by javascript code originating from the same domain. Malicious code loaded from another domain cannot read the cookie nor header variable. Also the random generated value cannot reasonable be guessed by the malicious code.</li><li>The client application reads the CSRF Token from the HTTP GET Response, and includes the value as header parameter X-CSRF-Token in modifying HTTP requests to Gateway webservice. As the token value is also returned in GET ‘FETCH’ response via cookie, the value will also be included as cookie variable in each subsequent request from the client application in the current browser session.</li><li>When Gateway receives a modifying request, SAP ICF runtime inspects the request on presence of X-CSRF-Token in both request header as in cookie. If present in both, it next compares the 2 values. Only if present and equal, the modifying request is guaranteed to come from the client application context, and is granted for execution by the Gateway REST service.</li></ol></div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>Proofing of Gateway CSRF protection</h2>As stated above, a CSRF attack depends on the ability for malicious site to automatically construct a malicious request, that next the user is somehow lured into sending to the trusting site, and that is well-crafted to mislead the trusting site that the request is with the approval of the authenticated user.</div><div style='margin-top:1px;'>The URL, including REST action is typically static; and could reasonable be ‘guessed’. And as same-origin only applies to HTTP GET request, it is also possible to send PUT/POST/DELETE requests that originate from the malicious site. But in order to have SAP ICF and thus Gateway trust and next execute such a transactional request, the request must be signed with the CSRF-Token as secret key in request header + cookie. The browser automatically includes all the cookies in the request. But the request header is not automatically reused/added by the browser, and the malicious code must therefore explicly set it in the XmlHttpRequest. However the CSRF Token value can only be retrieved and read by JavaScript code that originates from the same domain as the Gateway webservice. Not from JavaScript code that originates from another, external domain. Therefore the malicious code cannot reasonable construct a complete transaction request that includes the proper value of CSRF Token in both request header and client cookie. And Gateway is enabled to detect the malicious request as not being legitimate.</div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-50668620039058259682014-08-04T07:00:00.000-07:002014-08-04T07:00:01.029-07:00The 5 elemental Gateway Principles<div style='font-style:italic;'>Inspiration: OData and SAP NetWeaver Gateway, SAP Press</div><div style='margin-top:10px;'>SAP developed NetWeaver Gateway as additional middleware technology with the prime goal to increase the reach of SAP Business Applications. The positioning is to enable the development of new types of user-friendly front-ends as new channels for consuming and operating SAP data and functions. Lightweight-consumption Apps.</div><div style='margin-top:10px;'>Gateway provides an open, standards-based (REST, OData), and centralized services-interface [gateway] to the SAP business applications, aimed and optimized for service-consumption through interactive UI-applications. The architectural guiding input for Gateway comes from 2 different perspectives: UI (end-user) and infrastructure (reach, costs).</div><div style='margin-top:10px;'>In the Gateway architecture 5 elemental principles are applied, to achieve openess of SAP business applications also to non-ABAP developers:<ol style='margin-top:5px;'><li><div style='font-weight:bolder;'>Openness</div>Gateway services must be open for consumption from any device and any technology platform</li><li><div style='font-weight:bolder;'>Timelessness</div>Gateway must support opening up of any SAP business suite version, for which it is reasonable to expect to still be in use by end-organizations</li><li><div style='font-weight:bolder;'>Easy of consumption</div>Any front-end developer must be able to utilize Gateway services to consume SAP data, no need for internal SAP knowledge</li><li><div style='font-weight:bolder;'>User focus</div>Gateway must support the development of modern, interactive UI-applications</li><li><div style='font-weight:bolder;'>Division of work</div>Gateway development must support work in parallel by backend developer for service provisioning, and front-end / Apps developer for the service consumption.</li></ol></div><div style='margin-top:10px;'>For a deeper understanding and appreciation of the Gateway architecture and it's guiding architecture, I highly recommend the SAP Press book "OData and SAP NetWeaver Gateway".</div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-44244008608146113922014-07-31T17:00:00.000-07:002014-07-31T17:13:45.694-07:00Enumeration of Gateway licensing<div>Last a colleague asked me about the license model of Gateway usage. As this was not the first time I got such request, and a clear answer is hard to find online, I decided to base a blog on the answer I provided my colleague. So I at least myself have a source to refer to in future requests... Mind you that I do not guarantee the answer to be future proof, as SAP already once changed the Gateway license model.</div><div style='margin-top:10px;'>In very short, Gateway licensing is as follows:<ol style='margin-top:1px;'><li>Usage of Gateway to consume SAP data and functionality via Gateway Services (<span style='font-style:italic;'>preferable REST, but SOAP although not SAP-recommended still supported</span>), requires that the end-user has a Gateway User license.</li><li>If end-user is already a SAP business suite user, this now also includes the right to consume SAP data and functionality through Gateway services. This has actually changed from the initial Gateway license model. In the beginning you were required to purchase the Gateway User license on top of already paid business suite usage. SAP later recognized this as double-charging it's customer-base, and corrected this.</li><li>For new users, e.g. so-called casual users that have never 'seen' the SAP GUI and have no intention to ever use that, you need to purchase the <a href='https://store.sap.com/sap/cpa/ui/resources/store/html/SolutionDetails.html?pid=0000009481&catID=&pcntry=US&sap-language=EN&_cp_id=id-1406850434654-0'>Gateway User perpetual licence</a>. Current list-price is 1,350 USD per user.</li><li>In case the new user is using Gateway indirect in context of another SAP product, e.g. Duet Enterprise or SAP Mobile, SAP provides the <a href='https://store.sap.com/sap/cpa/ui/resources/store/html/SolutionDetails.html?pid=0000009464&pcnty=US'>Gateway User License for Productivity Apps (GULPA)</a>. This license is restricted to using Gateway as part of the Duet Enterprise runtime flow or SAP Mobile product. List-price of this is set at USD 375.00, to my knowledge divided in 250 USD for Gateway usage, and 130 USD for Duet Enterprise.</li><li>In case of a volatile and continuous changing user-base with anonymous users, a typical example is that of webshop customers, SAP provides a transaction-based licence model: <a href='https://store.sap.com/sap/cpa/ui/resources/store/html/SolutionDetails.html?pid=0000009470&pcnty=US'>Gateway Consumer Access License</a>. You purchase a 'bundle' of service calls that you are allowed to invoke and consume in a calendar year. Current stock price of a bundle of 75.000 service calls is USD 450.00.</li></ol></div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-53919418207602737072014-03-09T13:18:00.001-07:002014-03-09T13:19:31.163-07:00GWPAM Rapid Deployment Service on SAP-Microsoft Unite site<div><a href='http://wvstrien.blogspot.nl/2013/10/netweaver-gateway-productivity.html'>Earlier</a> I reported about our involvement in the new SAP product for direct availability of SAP data into Microsoft Office clients: SAP NetWeaver Gateway Productivity Accelerator for Microsoft, short GWPAM.</div><div style='margin-top:5px;'>Based on the knowledge and experience that we have gained early on in applying GWPAM, we have worked out a Rapid Deployment Service for GWPAM. This RDS solution is recognized by the SAP Gateway product team, and <a href='http://sap-microsoft-unite.com/Content/docs/20131202-SAP-GWPAM-Partner-Solution-Brief-The-Next-View.pdf'>published</a> on the <a href='http://sap-microsoft-unite.com'>SAP-Microsoft Unite Partner Connection site</a>.</div><div style='margin-top:5px;'><img style="width:95%" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRx9k_mEbdxjsgT9aoA4D00R54-r9mlzP7XkmWkWJLVJNZXB_qRVTimfPWm-GZhAxNML2lvbsu_3BqlN_ox1sbunF4WrJ4hgxpFwh_C0gpMYrozhD34MFLRQdvRFIoQsUiCLgP2TwsFwMy/s1600/The+Next+View+solution+on+SAP-Microsoft-Unite+site.png"></img></div><div style='margin-top:5px;'>In the Rapid Deployment Service, we combine our proven approach for successful implementation of SAP-Microsoft integration scenarios with GWPAM product knowledge. Central concepts in our approach are user-centric focus, UI-design via (preferable) clickable prototypes, integration architecture, and technical expertise with the Microsoft and SAP application platforms. Check out in case you're interested in easily bring SAP data into Microsoft based front-ends.</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-75108686973749035712014-02-01T03:19:00.000-08:002014-02-01T03:23:21.545-08:00On close edge with SAP Gateway product development team<div>The <a href='http://www.sap.com/pc/tech/mobile/software/lob-apps/fiori/index.html'>SAP Fiori</a> suite receives welcome confirmation from end-organisations. The concept of smaller productivity Apps for dedicated business scenarios, with a modern and user-friendly UI, is largely applauded in the SAP users market. The first wave started with 25 standard Apps targeting mainly at HCM and a bit of SRM, and SAP is continuously expanding on this suite to include more scenario's.</div><div>However, SAP alone cannot deliver Apps for all scenario's that may be relevant for individual organizations. The strategy is to augment the standard SAP Fiori suite with custom-build Apps. The end-users benefit as all the productivity Apps that a Fiori customer has installed (SAP standard + custom augmentations), have the same and familiar look&feel.</div>
<div style='margin-top:10px;'>I've started on such a project to build a custom SAP Fiori-like App for Invoice Approvals, a step within the process running as a SAP workflow in the backend. The customer first consulted SAP to inquire whether such an App would be on the radar as standard Fiori App. Answer is no, and SAP's advice to customer was to hire us to build it custom for them. </div><div style='margin-top:10px'>The customer is (rightfully) very keen on security. One of their concerns is that the confidential invoice data may not remain behind on the device.<br/>We do not use local data storage within the Invoice Approval App. But browsers could cache received data responses. To prevent that, I want to alter the response with 'No-Cache' directions:<div style="background: lightgray; margin: 10px; border: 1px solid rgb(192, 192, 192);"><div style="padding: 2px; width: 98%; font-family: Syntax; font-size: 100%;color:grey;">HTTP/1.1 200 OK<br/>Cache-Control: no-cache<br/>Pragma: no-cache<br/>Content-Type: application/json; charset=utf-8<br/>Expires: -1<br/>…</div></div></div><div style='margin-top:20px;'>When I could not find explanation how-to include the 'No-Cache' directions in the response of a Gateway REST service, I decided to consult a direct contact within the Gateway development team: the notorious <a href='http://scn.sap.com/people/andre.fischer'>Andre Fischer</a> :-) The response on my request for help is a perfect example of the close collaboration of the Gateway development team with partners [playing] in the field. Not only did I receive an useful response within half an hour (!!). It turned out that Andre also <span style='font-style:italic;font-weight:bold;'>on-the-spot created a page on SCN</span> to share my question + his answer to benefit the larger Gateway development audience: <a href='http://scn.sap.com/docs/DOC-51898'>How to Avoid Caching of Confidential Data</a>.</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-35666488533666407742013-11-06T13:00:00.000-08:002013-11-06T13:00:03.167-08:00Tip: Resolve from ‘Choose key from allowed namespace’ at Maintain Workflow Filter Settings<div>Part of the enablement of Gateway Workflow (and also of Duet Enterprise workflow, as it is a first-class subscriber of Gateway workflow), is to specify the workflow filter settings. When entering new entries in the OSP reports, the system may return the message ‘Choose the key from the allowed namespace’, with the Parameter ‘TASK’ value identified as faulty.</div><div style='margin-top:10px;'><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx9jiYAMLXh4vHz2yARmNcBKTZ_QnEOTYIzzX3BI8oI-W-d14IEc7nJWz7hzKWNAA76lkU_HNzba8fLtk0wHAG3iJcbErBtg7xAozcIFF30P_dUCB7sXb1RfpOM3xTSIQPk7_B5Ik1ss04/s320/WorkFlowNewEntriesFault.png" /></div><div style='margin-top:10px;'>Strange as the value ‘TASK’ is selected from the optionlist of allowed values (others are: ALERTCAT, DELTA, and WORKFLOW_STEP).
It occurred in our landscape, and I could not find anyway to avoid nor correct the indicated input error.</div><div style='margin-top:10px;'>However, as it turns out this message is only a warning. You can ignore it to have your submitted entry successfully be added to the filter customization. Just click on the ‘Enter’ icon, and next ‘Save’.</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-75731951051498163762013-10-28T06:59:00.000-07:002013-10-28T06:59:22.681-07:00NetWeaver Gateway Productivity Accelerator for Microsoft<div><i><strong>SAP data direct in Microsoft Office clients</strong></i></div><div style='margin-top:10px;'>Flagship of the Duet Enterprise / Gateway product team is <i>Duet Enterprise for Microsoft SharePoint and SAP</i>. Customers are very satisfied with the functionality and capabilities provided by this integration product, and the demonstrated product stability. A frequently asked question is to provide this level of exposing SAP data + processes also for use in Microsoft applications <i>beyond SharePoint</i>. The product team has responded to this market demand. Last week at SAP TechEd 2013 in Las Vegas, SAP NetWeaver Gateway Productivity Accelerator for Microsoft has been launched, shortly referred to as <i><strong>GWPAM</strong></i>.</div><div style='margin-top:10px;'>As participant in the Duet Enterprise Customer Engagement Initiative (CEI) program, I was involved from the early development stage of GWPAM (under the internal codename <i>BoxX</i>). On request of the Duet Enterprise product team I performed so-called Takt-Testing, and reported my technical and functional thoughts + findings. Good to see that aspects of my feedback - predominantly influenced by my own technical background as an .Net architect/developer - have actually made it within the final product.</div><div style='margin-top:10px;'>Like it’s big brother, GWPAM is in essence an end-product for the IT organization. It is an integration framework that internal IT departments and SAP + Microsoft partners (the ecosystem) can utilize, to build their own scenarios in which SAP / Microsoft integration is an important architectural element. GWPAM provides a Microsoft Visual Studio AddIn that .Net developers can use to directly in their familiair integrated development environment, lookup SAP Gateway OData services. And generate proxies to the Gateway OData services with standard .Net code.<br/>
The first foreseen scenarios are Microsoft Office Add-In’s, to expose and integrate the SAP business data in the everyday used Microsoft Office clients. For example, SAP CRM customer data in the form of Outlook contacts, invoice approval requests as Outlook tasks, functional data management of SAP masterdata through Excel, BW report data rendered in PowerPoint, and submit SAP CATS timetracking directly from your Outlook Calendar ...</div><div style='margin-top:15px;'><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdbxEY2K-r5PpwfC5tSNnNnILcplwjA3dBNm18HvJ5UZg0nFYpac2FsEcrAT5UtJjRy-PXL9mFuIuIeYTRu8mNFFaDti9LOy2rq0qAyF0Uu2DekJxH4xMh9MPBldOvKYdyz0Akz4I1V_t2/s1600/SAP+approval+as+outlook+task.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdbxEY2K-r5PpwfC5tSNnNnILcplwjA3dBNm18HvJ5UZg0nFYpac2FsEcrAT5UtJjRy-PXL9mFuIuIeYTRu8mNFFaDti9LOy2rq0qAyF0Uu2DekJxH4xMh9MPBldOvKYdyz0Akz4I1V_t2/s320/SAP+approval+as+outlook+task.png" /></a><div style='margin-top:2px;font-size:8pt;'><i>Source: <a href='http://scn.sap.com/community/netweaver-gateway/blog/2013/10/21/introducing-sap-netweaver-gateway-productivity-accelerator-for-microsoft'>Introducing... SAP NetWeaver Gateway Productivity Accelerator for Microsoft [Holger Bruchelt]</a></i></div></div><div style='margin-top:10px;'>Like Duet Enterprise for SharePoint, GWPAM provides support for the typical and recurring plumping aspects of SAP/Microsoft integration: Connectivity, Single Sign-on, End-2-End monitoring, .Net development tooling, integration with SAP Solution Manager. GWPAM offers a complete SAP / Microsoft integration package.<br/>As with Duet Enterprise, the two suppliers have their collective strength and market presence behind this new product offering. This is also a major distinction compared to the various proprietary connectors of smaller parties.</div><div style='margin-top:10px;'>As SAP / Microsoft interoperability expert, I am enthousiast about the addition of GWPAM to the SAP / Microsoft integration spectrum. GWPAM enables to build a new category of functional scenarios for end-customers. Now also for organizations that do not have SharePoint in their application landscape, but do have Microsoft Office installed on the desktops. And want to utilize that familiar employee environment for user intuitive operation of SAP data and business processes.</div>
<div style='margin-top:20px;font-size:9pt;'><i><strong>Related information:</strong></i><ul style='margin-top:2px;'><li><a href='http://scn.sap.com/community/netweaver-gateway/blog/2013/10/21/introducing-sap-netweaver-gateway-productivity-accelerator-for-microsoft'>Introducing... SAP NetWeaver Gateway Productivity Accelerator for Microsoft</a></li><li><a href='http://www.youtube.com/watch?v=cZ74Z012fbQ&feature=youtube_gdata'>SAP GWPAM Demo: Appointment Project Template - YouTube</a></li><li><a href='http://www.youtube.com/watch?v=KZBFQ2gzHzY&feature=youtube_gdata'>SAP GWPAM Demo: Add a Custom Value Help - YouTube</a></li></ul></div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-13056164679021995702013-10-25T15:15:00.002-07:002013-10-25T15:15:30.060-07:00SAP Fiori deployment in our landscape<div><i>A longer and bumpy road, but eventually with a satisfying end-result.</i></div><div style='margin-top:10px;'>At The Next View we have an own sandbox landscape in which we a.o. evaluate latest software products from SAP and Microsoft. We have for instance SAP NetWeaver Gateway installed upto the latest service pack sp7, and Duet Enterprise for the interoperability between SharePoint and SAP business suites.
The arrival of SAP Fiori means another standard SAP application that we want to include in our landscape.</div><div style='margin-top:10px;'>So I set out to achieve this. At first I checked out information written elsewhere on SAP Fiori deployment. The SCN postings “<a href="http://scn.sap.com/community/developer-center/front-end/blog/2013/05/16/architecting-an-sap-fiori-deployment">Architecting an SAP Fiori deployment</a>” and “
“<a href="http://scn.sap.com/community/developer-center/front-end/blog/2013/08/16/sap-fiori-style-application-architecture-options">SAP Fiori Style Application Architecture Options</a>” are recommendent readings. Next I studied the <a href="http://help.sap.com/saphelp_fiori/fiori10_install_en.pdf
">SAP Fiori Installation and Configuration</a> guide, and determined what installation steps where needed in our landscape. The Fiori architecture namely imposes several prerequisites on your landscape, the most important ones being the presence of SAP ECC, SAP NetWeaver Gateway, and SAPUI5. The first 2 where already present in our landscape, SAPUI5 not. As SAPUI5 sets out to be a predominant part of the future of new SAP developments, this on itself is a welcome addition to our landscape.</div><div style='margin-top:5px;'><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBKwFvlJzkiyhNGL29_AcfBRMLSM4h1eZW5W_d7LOQTxBh62ULqQx0r5EhRVnYVrAArkKUPQ8QAiYB_jW4j-lwZzKCNDU59CU3uJ6OO0i5PWWpbPvK0eyC8zgmClEXaGXi2wiPBR70fO6I/s1600/SAP+Fiori+Infra+architecture.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBKwFvlJzkiyhNGL29_AcfBRMLSM4h1eZW5W_d7LOQTxBh62ULqQx0r5EhRVnYVrAArkKUPQ8QAiYB_jW4j-lwZzKCNDU59CU3uJ6OO0i5PWWpbPvK0eyC8zgmClEXaGXi2wiPBR70fO6I/s320/SAP+Fiori+Infra+architecture.png" /></a></div><div style='margin-top:10px;'>In addition, also a multitude of SAP Notes must be applied, both in SAP ECC as in the Gateway system. Note that it is possible to install Gateway on same SAP system as ECC. In our landscape we have conformed to the SAP recommended infra architecture, and deployed Gateway on a dedicated application server isolated from the business applications.</div><div style='margin-top:10px;'>The installation of the SAP notes, although time-consuming, went relatively straightforward. The real challenge (or rather problem, but lets keep up a positive attitude) was with installing SAPUI5. The challenge is not related to the software package itself, but to the installation approach that SAP mandates for it. Effectively it requires you to have Solution Manager present in your landscape. And let this be something that we currently not have yet in our sandbox landscape. The deployment of SAPUI5 requires Solution Manager for 2 aspects:<ol style='margin-top:5px;'><li>One is to be able to get your hands on the software package. SAPUI5 cannot be directly downloaded from SAP Support Portal / Download Center, but needs to be downloaded via Solution Manager. However, as SAP is not living under a rock, SAP does recognize that not all of their customers and prospects have Solution Manager available. As a gesture it is possible to request approval of software downloads, through issuing an OSS Message on component SV-SMG-MAI-APR. It merely only costs you some extra elapse time, but unless requested in the weekend (…), you typically get the approval consent within a few hours.</li><li>The second aspect gave me much more headache. When I tried to install the SAPUI5 packages in transaction SAINT, I was confronted with the message that a 'stack.xml' is required to install the SAPUI5 packages. A 'stack.xml'? Well, this in concept is a structural receipt for installing a certain SAP software package (here SAPUI5) in your own specific landscape. And such a software plus environment specific stack.xml is generated specific for your own landscape through…. Solution Manager. So I appeared stuck, as I had no clue how to make up such a stack.xml (manually) without the availability of Solution Manager. But when in trouble, you become the most creative ☺ As it turned out, a colleague had just installed SAPUI5 in another landscape, and he was kindly enough to share their stack.xml with me. Next I modified that stack.xml – replaced the SAP system id with ours, host name with ours, outcommenting parts that reported errors – until finally SAINT was willing to accept and process it. Mind you, this costed me 'some' spare time.</li></ol></div><div style='margin-top:10px;'>With SAPUI5 installed in our landscape, finally the installation of SAP Fiori Apps could start. In my opinion, SAP has made this unnecessary complex. It is not possible to install the SAP Fiori Suite at once, but you need to install it per App. And to make it even more time-consuming, each App consists of a data provider part on the business application, and a UI part on the SAPUI5 system. And lastly, per App there are already multiple support packages released; and the recommendation is to upgrade per Fiori App upto the latest support package.
In general, the deployment of the SAP Fiori Apps, although thus time-consuming, goes smooth. However, when installing the upgrades / support packages, I found myself in a blocking issue within transaction SPAM: <a href="http://scn.sap.com/message/14462284">Field Z_PRS_BILL_FLAG in table SRA002_S_TIMEENTRYDF is specified twice</a>. I posted the issue on forum ‘SAP for Mobile’, but before receiving valuable help, together with a colleague found a way myself to get out of the halted situation in SPAM.</div><div style='margin-top:10px'>To conclude, following are prerequisites for a successful Fiori installation:<ul style='margin-top:5px;'><li>SAP business suite in your landscape with standard processes (in a sandbox environment, standard IDES will suffice)</li><li>SAP_ALL authorization</li><li>SAP developer key</li><li>Authorization to register SAP objects, this is required for multiple of the required SAP Notes</li><li>Strongly preferred: Solution Manager</li><li>But if not available: creativity and minimal a template stack.xml</li><li>Perseverance</li><li>Time and patience; the amount is strongly determined by the initial state of your landscape. It makes a lot of differences whether or not you have already SAP NetWeaver Gateway and SAPUI5 installed. Only in case both are present, you can achieve a Fiori deployment within a day; if not it will typically cost you some additional days.</li></ul></div><div style='margin-top:10px;'>And learned lesson: The installation manual is not always clear, and at places even incorrect. In particular: don’t loose time to get your hands on the so-called component JSON-IWFND. We could not find it, so I consulted guru Andre Fischer. He responded that the sentence as written in the installation guide was misleading and thus erroneous: there is no such component.</div><div style='margin-top:10px;'>But all-in-all, it’s the endresult that counts. And I’m very satisfied + proud that we now have SAP Fiori Apps available and operational in our own landscape.</div><div style='margin-top:10px;'><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgwlMufs4GrA1dANU0GevP1WH8tbXmGZEA8mjetmSvpXqu9z7QFxQ_Tx5RWqawaVQrCmFN0YFSFnFd2HYrqeA7XiG8m4ieGZyjrROe87a0accvK0nGHv1QbxcZrs3P2QM1lbDc9fJBxc0K/s1600/Fiori+launchpage+in+The+Next+View+landscape.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgwlMufs4GrA1dANU0GevP1WH8tbXmGZEA8mjetmSvpXqu9z7QFxQ_Tx5RWqawaVQrCmFN0YFSFnFd2HYrqeA7XiG8m4ieGZyjrROe87a0accvK0nGHv1QbxcZrs3P2QM1lbDc9fJBxc0K/s200/Fiori+launchpage+in+The+Next+View+landscape.png" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPb12HpdY7xdXwtSbwLIOHTDbIUBORKUX0b_7-6iJXU3aNhVyvR4ea6xx9_YECvqwhUB-P70Fvk1wrL9sD2Gz35jAzlWhrG2wgLyzHUWg6bkh2bhuci7702yAgvIWPbcz0e3tb4RDVxf32/s1600/Fiore+Leave+Request+App+in+The+Next+View+landscape.png" imageanchor="1" ><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPb12HpdY7xdXwtSbwLIOHTDbIUBORKUX0b_7-6iJXU3aNhVyvR4ea6xx9_YECvqwhUB-P70Fvk1wrL9sD2Gz35jAzlWhrG2wgLyzHUWg6bkh2bhuci7702yAgvIWPbcz0e3tb4RDVxf32/s200/Fiore+Leave+Request+App+in+The+Next+View+landscape.png" /></a></div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com9tag:blogger.com,1999:blog-1608639243621368332.post-53474621871833933222013-06-30T11:16:00.000-07:002013-08-04T13:59:26.950-07:00Position of SAP NetWeaver Gateway versus SAP PI<div>With the advent of SAP NetWeaver Gateway 2.0 as standard SAP integration framework, the question arises what the positioning is towards SAP PI/PO, the other SAP integration approach. The question can be answerred from multiple viewpoints.</div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>Business viewpoint</h2>SAP introduced Gateway to address the strong and growing business demand for mobile access into the SAP business suites. SAP NetWeaver Gateway provides for mass consumption of SAP business data and functionality in your existing SAP Business Suite systems. The target audience for SAP NetWeaver Gateway applications is a group known as Occasional Platform Users (OPU). Gateway is designed to optimal facilitate people-centric applications. It is a lightweight framework, easy to develop services as well as consume them; and therefore allows short windows of [commercial] opportunities.</div><div style='margin-top:5px;'><p>SAP NetWeaver Process Integration (SAP NetWeaver PI) is a comprehensive SOA middleware platform focused on A2A (Application-2-Application) and B2B (Business-2-Business) integration scenarios. PI provides SAP customers a SOA foundation to manage their SOA landscape and SOA development and deployment lifecycle. The scenarios are often executed autonomous, without direct involvement of ‘an user’.</p><p>Implementation of PI scenarios involves a lot of different aspects and complexities. As inherent consequence, it takes months before a new or modified scenario can be brought (desigend, engineered, tested and validated) into production.</p></div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>Architectural viewpoint</h2>SAP PI is foremost an ESB product. It is a separate product to enable integration of heterogenous landscapes, including but not limited to SAP only.</p><p>PI is intended as an enterprise integration broker. It enables multiple consumption and integration patterns, whether they be system-to-system interaction, business to business interaction, or simple consumption of backend systems via various interaction channels. It uses an adapter framework for connectivity into the various landscapes and technologies. Note that this is the common approach in ESB land. For instance, also Tibco and Microsoft BizTalk apply this. Through these adapters, multiple connectivity manners are possible: message based, web service calls, IDoc, JCo, JMS.<p>PI supports both synchronous and asynchronous invocation models. In case of the latter, reliable message-delivery is guaranteed.</p><p>SAP positions PI also as one of the parts of SAP PO (Process Orchestration), together with SAP BPM (Business Process Management) and SAP BRM (Business Rules Management). PO supports the orchestration of message exchanges and service calls via a BPMN- based process engine. PI enables herein the statefull handling of integration-centric processes, relying on standard integration patterns to support more sophisticated scenarios such as collecting and aggregating messages or bringing messages in the right order.</p></div><div style='margin-top:5px;'><p>NetWeaver Gateway is the point of access into SAP Business Suite data and functionality. It’s single role is to service enable the SAP business applications to outside world, for stateless user-centric scenarios. This is direct/synchronous invocation, not messaging/asynchronous. Gateway uses the de-facto standard market protocol of REST and OData (ATOM + JSON) for simple and fast web service interface, relying on natural request/response mechanisms.</p><p>Gateway is aware of SAP internals, but hides them to the outside. To achieve optimal fast performance, Gateway directly invokes via SAP proprietary protocols the BAPIs and RFC of the business applications. There is no messaging layer in between, minimal extra time added in the ‘Gateway’ layer.</p><p>Gateway does not give access to non-SAP systems (at least not directly).</p></div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>System viewpoint</h2>Gateway is hosted on the NetWeaver ABAP stack. Initially it is deployed as Add-On to NetWeaver. As of NW 7.40 it will be an integral part of the NetWeaver ABAP stack.</div><div style='margin-top:5px;'>SAP PI is a product on its own, deployed in the infra landscape of SAP customers. Prior to version 7.3, PI is hosted on a dual stack of NetWeaver Java and NetWeaver ABAP servers. Starting with PI 7.3 only the Java stack is required. From these NetWeaver servers, SAP PI is loosely coupled to the backend(s) - SAP and not-SAP. PI thus requires separate NetWeaver servers (minimal for the Java stack) in the landscape, in addition to the ABAP server(s) for the SAP business suites.</div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>Development viewpoint</h2>When you talk about service enabling the SAP landscape, you must be aware that you also talk about 2 different types of development. On the one side you need to provision the services within your SAP landscape, on the other side you consume these services – and this is not necessary within SAP context. Stronger, it typically will not be, in nowadays of Mobile and Web applications. Consumption is mostly done within iOS, .NET, Android, PHP, Force.com, HTML5, and also SAPUI5 context. The non-SAP developers do not want to care about the intrinsics of SAP internals, but just consume the data + functionalities in a standards-based way.</div><div style='margin-top:5px;'>Consuming SAP PI services is very SAP specific; as developer you are made and have to be aware of the SAP intrinsics. Although SAP PI provides SOAP based Enterprise Services; reality forces to admit that they are still very much ‘SAP-aware’. You cannot feasible integrate with PI services without knowing about the SAP system behind. At minimal the data structure is SAP specific, and often also the processing model.</div><div style='margin-top:5px;'><p>Gateway consumption instead also (or even more) aims at non-SAP developers; in that distinction you do not want to be aware of how SAP internally works, and its datastructures. Gateway applies a more lightweight approach to achieve this; and conforms to REST / OData as standards-based approach. It is able to do that because the focus of Gateway is much smaller as that of PI. Basically Gateway aims to expose SAP data to the outside world. And this perfectly matches with REST, the ‘ODBC protocol of the web’.</p><p>REST / OData can be consumed within any technology, and is supported in the common IDEs (Integrated Development Environments): Eclipse, Visual Studio and Xcode. To facilitate even more, SAP delivers a Productivity Accelerator to easily consume Gateway services in iOS, .NET or Java context.</p></div><div style='margin-top:5px;'>To ease and accelerate development of Gateway services, SAP provides design-time tools to generate OData (or Generic / SOAP, but this is actively deprecated) services based from the existing SAP business objects in the SAP backend system. PI provides graphical mapping + transformation tools to map the data format of the integrated backend system into the external provided datamodel.</div><div style='margin-top:5px;'>Note that to build both the ES Services as Gateway Services; you must have good knowledge of the disclosed SAP business objects.</div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>Miscellaneous pointers</h2><ul><li>SAP NetWeaver Gateway and SAP NetWeaver PI are complementary products</li><li>Gateway is not a replacement for SAP Netweaver PI and eSOA services/ESB's</li><li>Both SAP NetWeaver Gateway and SAP NetWeaver Process Integration can provision RESTful services to SAP backend applications (PI via the Advantco REST adapter)</li></ul></div><div style='margin-top:10px;'><h2 style='font-size:110%;margin-bottom:2px;'>Conclusive words</h2>Gateway is recommended for user-centric applications. Use Gateway when there is a need for synchronous access to business objects of an SAP Business Suite system.</div><div style='margin-top:5px;'>Use Process Integration when general purpose integration is needed, involving disparate systems and applications requiring asynchronous and synchronous services involving SAP and non-SAP applications and systems.</div><div style='margin-top:5px;'><p>SAP lacks an official paper / statement regarding Gateway versus PI, but you can derive some of the positioning from their actual actions. SAP is using more and more SAPUI5 as lightweight front-end technology, with Fiori as evident latest example. In all published SAPUI5 examples, SAP applies Gateway for the integration into SAP landscape.</p><p>SAP Virtual Events hosted a one-hour session addressing the topic ‘SAP PI and Gateway – When to use what’. You can watch it <a href='http://www.sapvirtualevents.com/teched/sessiondetails.aspx?sId=3596'>here</a>.</p></div>
William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0tag:blogger.com,1999:blog-1608639243621368332.post-26468986389469937012013-05-31T14:48:00.001-07:002013-06-01T01:26:40.446-07:00Some key take-aways after attending SAP CodeJam<div>On April 24th, SAP held a <a href='http://scn.sap.com/community/netweaver-gateway/blog/2013/05/27/sap-codejam-about-sap-netweaver-gateway--where-to-go-next'>CodeJam session on Gateway</a> within the Netherlands. The event was well attended, actually full-booked. The session was in particular interesting due the presence of Gateway guru <a href='http://scn.sap.com/people/andre.fischer'>Andre Fischer</a>.</div><div>Some of my personal take-aways of this Gateway CodeJam:<ol><li>I was surprised that still a large group of SAP developers do not really know [of] SAP NetWeaver Gateway;</li><li>As of NetWeaver 7.40, Gateway is an integral part, no longer deployed as add-on;</li><li>Gateway as platform stabilizes. It's now on Gateway 2.0 SP6, with SP7 expected in July. With that, the platform is mature and stable; and far less need for continuous new updates / deployments;</li><li>Change in Gateway licensing: for each SAP named user in the backend, Gateway [usage] is free-of-charge;</li><li>Focus of the Gateway Product team (development) is now on Gateway-as-a-Service aka in the cloud. This beholds the GW-HUB; GW-backend will (have to) remain on-premisse;</li><li>GW-HUB can co-operate with a lower version GW-backend. This is of importance in case of deploying GW-HUB on a dedicated system, and from there connecting to / exposing the SAP business systems in your landscape. New Gateway developments / features are largely focussed on the GW-HUB level (Gateway-as-a-Service as a clear example), GW-backend on the other hand is relatively 'out-engineered'. The downwards compatibility enables end-organizations to update the GW-HUB in case of a new version / feature set on the dedicated gateway server [which has only a technical / integration role; it does not contain business functionality], without necessity to also roll-out a system update on the NetWeaver servers that do service business capabilities [and for which the business is rightfully reluctant towards changes and thus downtimes];<li>Gateway Client is not only of usage for us / Gateway Service developers; but also for SAP Support. It enables SAP Support to execute and examine the behavior of [custom] Gateway Services via the already in-place SAP GUI logon. No need to provide SAP Support with access to Gateway Services on http / network level;</li><li>When you test/execute Gateway service directly from a browser (e.g. Internet Explorer), use QueryString '?sap-ds-debug=true' to render the received response as HTTP page, and inspect the request + response [headers, cookies, body];</li><li>For consuming Gateway Services within Microsoft context, Andre told me that Gateway can now utilize Kerberos Single Sign-On, through SPNego. Prerequisites are that the backend is on NetWeaver 7.31 or later, and that the company has <a href='http://scn.sap.com/community/netweaver-sso/blog'>SAP NW SSO 2.0</a> license.</li></ol>
</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com1tag:blogger.com,1999:blog-1608639243621368332.post-21242129941016849162013-05-29T11:43:00.003-07:002013-05-29T11:43:56.106-07:00Gateway useful transactions<div><a href='http://blog.acorel.nl/2013/05/sap-netweaver-gateway-useful.html'>SAP Netweaver Gateway – Useful transactions</a>, a visualized explanation of some of the most relevant transactions used for administrating and developing Gateway Services.</div>William van Strienhttp://www.blogger.com/profile/02730614987048826403noreply@blogger.com0