Integration architectures for SAP S/4HANA Intelligent Enterprises combine hybrid multi-cloud technologies and business processes:
Intelligent Enterprises are integrated Enterprises. The SAP S/4HANA Intelligent Enterprise implements this strategy of integrated end-to-end business processes with the SAP Business Technology Platform (BTP) Integration Suite.
These end-to-end processes manage business aspects for specific capability areas like Hire-to-Retire for workforce, Lead-to-Cash for customer experience and revenue, Design-to-Operate for SAP Digital Supply Chain from design to planning and Source-to-Pay for purchasing processes together with spend management.
The SAP Cloud Integration Suite is the part of the SAP Business Technology Platform (BTP). SAP BTP integration strategies implement the SAP Integration Solution Advisory Methodology (ISA-M) with end-to-end business process roadmaps and out-of-the-box scenarios.
The SAP Business Technology Platform (BTP) Integration Suite offers a common launchpad for multiple integration capabilities.
| Capability | Short Description |
|---|---|
| API Management | expose APIs, manage API lifecycle management and security with policies, with IdP selection and assignment of role collections to handle security and authorization for your services, API analytics and monetization |
| SCP Integration Web UI | discover predefined integration content, design integration flows with graphical editor and monitor deployed integration flows |
| Open Connector Cockpit | create an unified API layer and standard-based implementation across over 150 API providers |
| SAP Cloud Platform Integration Advisor |
|
Enterprise architects can design and document their integration strategy with the help of the Integration Solution Advisory Methodology (ISA-M). ISA-M provides a technology-agnostic framework with common terminology, to definine and execute integration strategies, based on assessments with integration domains, integration styles and use-case pattern.
ISA-M templates accelerate this integration architecture assessment, the selection of relevant integration domains and the documentation of the current integration services / technologies (as-is) and future integration architectures (to-be).
| Integration Domain | Relevance categories | Integration Services / Technologies |
|---|---|---|
| OnPremise2OnPremise | <relevant, not relevant, under evaluation> | description of <as is, to be> |
| OnPremise2Cloud | ||
| Cloud2Cloud | ||
| User2OnPremise | ||
| User2Cloud | ||
| Thing2OnPremise | ||
| Thing2Cloud |
Decision table example with integration technologies and domains:
| Integration Technology | Description / Recommendation | Integration Domain |
|---|---|---|
| CPI | for all hybrid and multi-cloud scenarios | OnPremise2Cloud, Cloud2Cloud |
| SAP PO | prefer usage of cloud integration runtime version 7.5 | OnPremise2OnPremise |
| SAP AIF | Error Handling and Business related monitoring | OnPremise2Cloud, Cloud2Cloud, OnPremise2OnPremise |
ISA-M differentiates between integration styles (process, data, analytics, user, thing) and their related use-case pattern:
Integration styles are characterized with
Cross-use cases like API-managed, Event-based, Workflow management or RPA integrations, are related to and complement one or more integration styles.
The SAP API Business Hub is fully integrated with the SAP Business Technology Platform Integration Suite, as the central location where you can find information about integration options with SAP. The integration options are divided into integration content for SAP Cloud Integration, SOAP or REST OData APIs, together with API specifications and business documentation.
APIs are grouped by SAP Solutions and integration scenarios for on-premise and cloud environments. Modern SAP APIs are implemented as REST OData interfaces or CDS views, but there are also a lot of legacy SOAP APIs existing. Furthermore, existing SAP IDoc interfaces can be integrated as SOAP XML-HTTP web APIs.
These APIs are solving multiple integration requirements, for example with S/4HANA deployed as workload on a hyperscaler cloud or as S/4HANA Cloud public edition.
SAP Cloud Integration is a service of the Business Technology Platform and supports as cloud native based integration middleware, hybrid multi-cloud deployments with integration scenarios. With cloud qualities like horizontal scalability, elasticity, security or multi-tenant customer isolation, hybrid and multi-cloud integration requirements can be implemented.
Prepackaged Integration Content can be copied from the API Business Hub to the workspace design tab and adapted depending on the type (configure-only, editable). Configurable options are naming of the integration content e.g. with an suffix, external parameters and the channels.
SAP CPI is based on the lightweight integration framework Apache Camel and the deployed CPI services are based on Apache CXF, an open-source Web services framework.
| Component | Short Description |
|---|---|
| OSGi | the CPI runtime is based on the OSGi (Open Service Gateway initiative) component model with jar components deployment bundles. OSGi supports software platforms based on Java VM, offering a service registry and deployment environment for modules (bundles, services) with published interfaces |
| Apache CXF | CXF (combinations of Java projects Celtix / XFire) supports developing web services based on APIs with protocols such as JAX-WS (Java API XML - Webservice) for SOAP or JAX-RS (Restful Service) dor RESTful HTTP services |
| Apache Camel | Apache Camel acts as payload agnostic mediation and routing engine under the hood of CPI. Camel provides a fluent API (readable like common language) and implements all Enterprise Integration Pattern (EIP) with an (Enterprise Integration) Domain Specific Language (DSL) to implement routes, containing flow and logic of the integration.The main Camel entry points are CamelContext and RouteBuilder. |
| Adapter Development | use ADK to develop adapters to wrap camel components with OSGI compliant bundles and deploy them to integration flows. XML metadata gets generated from component and bundles jar files via introspection as basis for configuration in web UI. Configuration parameters can be reduced with comments |
Message / Exchange  |
Camel introduces core concepts like Messages for data transferred by
a route or Exchange allowing interactions for systems like one-way or
request-response messages. Message or Exchange content can be accessed
with XPath expressions or the simple expression language (syntax e.g.
${body}). Messages
Exchange
Message Exchange Pattern (MEP)
Data Types
|
CPI is available on SAP NEO Cloud Platform and as Cloud Foundry solution on hyperscaler platforms, with different features, license models and technical infrastructures. In all of these environments, data is processed at runtime on a tenant, representing the allocated, strictly separated and accessible customer resources like CPU or data storage. Worker container (Cloud Foundry) or nodes (NEO) host the integration runtime and perform the message processing.
The cloud integration runtime is also available as part of SAP Process Orchestration 7.5 and allows customers moving to the cloud with own pace. Downloaded packages can be imported with the SAP Cloud Integration Content Management Cockpit and deployed together with required security artifacts, such as user credentials, known hosts and Oauth 2.0 authentication.
Content developed and configured in CPI can be downloaded to on-premise PI, to run Side-by-side with the static PO/PI pipeline (receiver determination, interface determination and mapping). Beyond that, as of PO release 7.5 SP10 the configuration of externalized properties within the deployment cockpit of PO is enabled. Message Monitoring is available within the Cloud Integration Content Management Cockpit.
Enterprise Integration Pattern describe integration problems and their solutions with common vocabulary as best practises.
| EIP | Short Description |
|---|---|
| Request-Reply (Response) | Two-way communication pattern e.g. for external OData call, where the response replaces the current payload. The SAP CPI query editor automatically creates EDMX and XSD (for internal work with XML) |
| Content Enricher | Combines or merges the response payload of an external request reply API call |
| Poll Enricher | retrieve an (S)FTP file and merge it into the current message |
| Content-based router | examines the message content and routes the message based on the content to different channels. Implementation with gateway and routing conditions and default route |
| Splitter | splits the message content into a list of elements and publishes one new message for each element |
| Scatter-Gather | broadcasts a message to multiple recipients and re-aggregates the responses into a single message |
| Message Translator | translates one data format into another using mappings. As first step, input/output XSD/wsdl gets converted to/from internal XML. This XML format can be translated with predefined mapping functions of the CPI Graphical Mapping editor for complex transformations or with custom functions implemented as XLST transformations or scripts (Java, Groovy) |
Adapters allow to configure technical communication between remote systems and the integration platform with channels as connection from the server component to the integration flow. Sender adapter handle inbound messages with CPI as server and receiver adapter are used to connect to remote systems such as Twitter to post tweets.
Asynchronous communication scenarios can be implemented with SFTP, XI, AS2 or SOAP Adapter (with assigned WSDL file and input message operation).
The listed adapters below are a subset of the complete list of SAP Cloud Platform connectivity adapters.
| Receiver Adapter | Short Description |
|---|---|
| AmazonWebServices | connects CPI with AWS S3, SQS, SNS, SWF |
| HTTP(S) | supports HTTP 1.1 only, with TLS and the following methods HEAD, TRACE,DELETE, GET, POST, PUT |
| OData | available configuration parameters are address, resource path, EDMX. Queries can be configured dynamically with Simple Expression Language expressions. To be used e.g. for request-reply patterns |
| ODC | connects SCP tenant to SAP Gateway Odata Channel |
| Facebook, Twitter receiver | uses OAuth to receive messages on behalf of Facebook, Twitter user |
| encrypt outbound e-mails with S/MIME | |
| JDBC | connects integration flows with HANA or ASE databases hosted on customers global account |
| Sender/Receiver Adapter | Short Description |
|---|---|
| AS2 | designed for Ecommerce, with MDN (message Distribution notification), to document that the message was received |
| AS4 | B2B webservice Communication |
| IDoc | exchange Idocs via SOAP web services |
| JMS | enables asynchronous communication |
| SFTP | enable secure file transfer over the internet with the following configuration parameters: server, directory, filename, connection and file access parameter |
| Soap SAP RM | simplified communication protocol for asynchronous Web service communication |
| Process Direct | call local integration flows to connect different integration flows on the same tenant, without load balancer routing and address as single parameter for both sender and receiver. Can be used to extend standard content with custom integration flows to enhance e.g. mappings. |
| Sender Adapter | Short Description |
|---|---|
| Soap | asynchronous processing with MEP (Message Exchange
Pattern) one-way. With Processing
Setting Robust the returned HTTP code reflects
successfully (with HTTP code 202) or errors after processing all iFlow
steps. Process setting WS Standard sender will receive OK when
message completely inside the iFlow, but before processing, regardless
of processing errors. The selected WSDL binding represents the endpoint for the sender. Mapping wsdl namespaces to custom namespaces avoids conflicts when calling multiple services with identical field names. Namespace can be defined on runtime configuration tab e.g. xmlns:p1=http://...webserviceX.net |
| OEM / Cloud Adapter | Short Description |
|---|---|
| OEM | Salesforce (e.g. Advanco), MQTT (e.g. Advanco), Microsoft Dynamics CRM, Amazon Web Services |
| SAP Cloud Solutions | Ariba, Sucessfactors, Hybris, Concur, Fieldglass, Access Control, Health Engagement |
Integration development shall follow Design Guidelines and divide responsibilities to integration developer, content publisher and reviewer roles, used by the SCI Web UI to discover, deploy, run and monitor integration content.
During the discovery phase existing content gets examined and copied to the own tenant, where the content gets adapted. The deployed iFlows can be monitored and managed within Message Processing, Integration Content and Security sections.
The Web UI editor uses BPMN to model the integration flows. Pools, displayed as rectangles, are used to structure modeling with subprocesses eg. for exception handling.
Integration flows specify how messages are processed in a tenant with
| Development Objects | Short Description |
|---|---|
| Local process | structuring large iFlows with palette shapes Local Call and Local Integration Process. Header and exchange properties are shared between processes, which are relying on same exchange. Use content modifier before child process to write information e.g. order number to header properties, content to exchange property. Invocation of local process is implemented with Local Call step |
| Process | defines sequence of containers for integration main process, local Integration or exception subprocesses |
| Message | defines processing steps with various types such as events, mapping, transformation, aggregations, calls, routing and persistence. Calls are differentiated by the direction they are coming from into external and local calls. |
| Events |
|
| Mapping & Transformation |
|
| Routing |
|
| Persistence | Data store operations allow to persist message
payload on tenant SAP ASE Platform Edition with disk space limit of 32
GB for default 90 days, with retention threshold for alerting and
expriration period, for global or specific iFlows, with SELECT, GET,
WRITE, DELETE operations and values written to variables during message
processing. Transaction management can be configured on main or sub process level to store data databases or JMS queues. Asynchronous parallel processing of messages cannot be transactional. Write variables can be consumed with Content Modifiers across multiple integration flows on the same tenant. You can also use Content Modifier to define local properties for storing additional data, during message processing. |
| Security |
|
| Validator | to validate XML against schema |
| XML namespace | can be defined in the runtime configuration of the integration flow to avoid element name conflicts |
| Customer Extension |
|
| Generating iFlow | Integration flows can be created from API with basic authentication and DELETE, GET, POST, PUT, GET_ID operations. Supported APIs and operations are OData (GET, POST, DELETE) and REST (GET, POST, PUT, DELETE) |
| OData APIs | develop OData APIs as CPI OData Service artifacts from scratch with the Java Olingo API or based on existing data sources to be consumed with apps like BTP Mobile Services, Fiori UI |
| Exception Handling | with Error End or Excalation End Event in exception subprocess to trigger Failed status of integration process |
| Lifecycle Management |
|
| Area | Short Description |
|---|---|
| Operating model | SAP is responsible for monthly product updates, resource management and protection, backup and restore (every 10 min on primary storage, every 2 h transferred to secondary storage, full backup every day) |
| Web-based Monitoring |
|
| Log Implementation | SAP_MessageProcessingLogLevel header variable to set log level, MessageLog setStringProperty, addAttachmentAsString with the need of storage shared between messaging and monitor. Trace contains technical processing information. Message Processing Logs provide status, time, sender, receiver information. Message Store persists encrypted messages on the runtime node for 90 days with property and attachment information. |
| Log Level |
|
| Other Information |
|
SAP Integration Monitoring Tools
SAP offers several integration monitoring solutions with different capabilities and focus.
SAP ALM SaaS on BTP enables cloud-centric monitoring of cloud or hybrid integrations e.g. in the context of RISE Cloud transformations. The SAP Analytics dashboard provides an analytical view for SAP Cloud Integration with information about performance, message status and integration content artifacts. SAP Cloud Integration integrated monitoring provides e.g. Message Processing, Access / Audit Logs, status integ content, lock entries, temporary data stores information.
On-premise or hybrid cloud monitoring solutions are SAP Solution Manager for on-premise centric integration scenarios and SAP Cloud Integration Monitoring with exception metrics like number of erroneous integration flows or response times. SAP Focused Run enables high-volume system and application monitoring in hybrid landscapes and SAP Application Interface Framework (AIF) embedded in S/4HANA on-premise and cloud.
Security of the multi-tenant cloud environment has to be ensured with data isolation, secure authenticated access and message communication with content encryption and signing. For this, SAP Cloud Platform Integration supports the implementation of multi-level security concepts. Integration scenarios with external apps (e.g. SaaS, B2B) have to use HTTPS (Hypertext Transfer Protocol Secure) and encrypt message content and payload using digital certificates, with applied principle of least privilege.
| Security Level | Short Description |
|---|---|
| Transport |
|
| Message / Payload |
 |
| Certificate Management |
|
| Roles and groups | Role esb.messaging.send for basic authentication, component access with well defined permissions |
| Persistency |
|
| Cryptography |
 |
| Certifications | ISO27001, SOC1, SOC2 |
| Load Balancer | for secure inbound HTTP connections, the remote sender system must trust the Business Technology Platform load balancer and store the root certificate of the load balancer in its trust store. The load balancer terminates each inbound Transport Layer Security (TLS) request and reestablishes a new one for the connection to the tenant where the message is processed |
| Authentication |
|
| Authorization | the authentication options have to be combined with CPI User role based authorization (e.g. with pre-delivered role ESBMessaging.send) |
| Firewall | the SAP BTP firewall allows per default secure outbound channel (receiver adapter of connected systems) communication over HTTP/HTTPS port 443, SFTP port 22 (SSH data channel between SAP Cloud Integration and the SFTP server has to be open) and SMTP port 25 |
Power CAT
Event Mesh enterprise messaging service - Solace PubSub+ as digital backbone
Advanced Event Mesh Migration Guide for SAP Process Orchestration Optimized local SAP Integration Suite Edge Integration Cell (12/2022 available as Beta version) DevOps implementation with project Piper and tools like Git and Jenkins
- comment end -