Skip to Content
0

Is it possible to use NW Gateway between Cloud connector and ECC ?

Feb 08 at 07:41 AM

85

avatar image
Former Member

Dear Experts,


we are planning to start SF integration project using SCPI, I have few questions from architectural point of view considering standard integration content


1. flow is SF-->SCPI--> SAP Cloud Connector(SCC)-->Netwear Gateway(ABAP)--> SAP ECC: SAP given option to replicate Emp & Org data using SCC connecting with ECC, how ever we are enforced to use gateway instance in between SCC & ECC due to security reasons. Standard content is based on SOAP. SCI calls ECC web service based on communication channel as the addons installed in ECC. hence Is it possible to use NW Gateway in between ? if yes please explore options considering web services to use gateway in between with standard integration content + custom development.

2. when we use cloud connector do we need to deploy any certificates in SCC, SCPI & ECC ? even in case of basic authontication considering inbound and outbound.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Morten Wittrock Feb 09 at 05:17 PM
1

Hi Bhaskar

1) The pre-packaged integration content expects a SOAP service, and SAP Gateway does not expose SOAP services. So no, you cannot place SAP Gateway between Cloud Connector and ECC in your case.

2) You don't need to add any certificates to Cloud Integration. You can add a signed certificate to Cloud Connector, and import it into ECC to established trust, but it is not a requirement.

I would suggest to enter into a dialogue with the security people about Cloud Connector. Make sure to mention, that Cloud Connector has very fine grained security measures, that let you provide access to only the required SOAP services on that one particular ECC system. Also, those services are not accessible on the internet, but only from the SAP Cloud Platform subaccount, that your Cloud Connector is connected to. You can even restrict access to just the Cloud Integration service. Cloud Connector does not open any firewall ports to the internet; it connects directly to the SCP subaccount, and establishes a TLS-encrypted tunnel, that all subsequent communication goes through.

Regards,

Morten

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Feb 15 at 08:15 AM
0

Hi Morten,

Thanks for the response.

that let you provide access to only the required SOAP services on that one particular ECC system

Can we use same cloud connector to connect with multiple on-premise ECC systems? or do we need to have separate cloud connector for each onpremise ECC system ?

Regards

Bhaskar

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Bhaskar

You can use the same Cloud Connector to provide access to multiple on-premise systems. My point was that when you install Cloud Connector, you need to actively add each system and resource, that should be made available to applications and services in your SAP Cloud Platform subaccount. It's not the case that once installed, Cloud Connector will suddenly expose your entire internal network to the Internet. That's an important point to make, when describing Cloud Connector to your security department.

Regards,

Morten

0