cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best Practice for SAP BI 4.2 on AWS Authentication using AD?

charles_ditrani3
Explorer

on ‎10-15-2018 9:22 PM

0 Kudos

AWS has AWS Directory Service for Microsoft Active Directory. Can SAP BI 4.2 be configured to use it instead of the on-premise AD Domain? Still in the early stages of planning so I haven't actually tried it, but any best practices, tips, insights or observations are welcomed!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

charles_ditrani3
Explorer
‎10-16-2018 3:56 PM
0 Kudos

Great! That's exactly what I needed. Thanks, Tim!

Show replies
Show replies
charles_ditrani3
Explorer
‎10-15-2018 10:18 PM
0 Kudos

Yes, I've read those. Great overview from a high-level perspective, with links to several other resources but I didn't see anything specific to using the AWS AD service. I assume it needs all the artifacts corresponding to an on-premise BI installation such as SPN and domain, but I'm unclear on how to set it up so I can schedule AD updates into BI. The AWS documentation talks about several different options for setting up AD (like extending the on-premises network to the VPC, when a new deployment of AD DS is not an option, or creating an AWS Managed Microsoft AD). I'm just trying to understand which AWS AD configuration would be the best fit for BI 4.2.

Show replies
Show replies
BasicTek
Advisor
Advisor
‎10-16-2018 2:49 PM

If your BI server is installed on windows OS in AWS you can follow our on prem documentation, it's https://apps.support.sap.com/sap/support/knowledge/preview/en/2629070 it's possible you may be dealing with more than 1 forest in that case the supporting documentation for trust and browser setup is linked in the above KBA and here https://apps.support.sap.com/sap/support/knowledge/preview/en/1323391


Now it's possible that constrained delegation may be difficult to setup with multiple forests, in that case using the old KBA https://apps.support.sap.com/sap/support/knowledge/preview/en/1631734 might be easier, although support would try to document constrained delegation multiple forest in AWS if it comes up.


So far I've seen AWS configures very similar to on prem, but some customers really complicate the domains and trusts portion adding unneeded complexity.

-Tim

denis_konovalov
Active Contributor
‎10-15-2018 9:28 PM
0 Kudos

Hope you familiar with BOE on AWS blogs :

https://archive.sap.com/documents/docs/DOC-62148

Show replies
Show replies
Ask a Question