Live Data Connection to SAP HANA 2.0 on SAPCP Cloud Foundry (Without HDI Containers)

You can create a live data connection to a SAP HANA 2.0 system that is operating on a SAP Cloud Platform (SAPCP) system that uses a Cloud Foundry (CF) environment.

Prerequisites

SAP HANA 2.0 must be installed on a SAP Cloud Platform (SAPCP) system that uses a Cloud Foundry (CF) environment.
A SAML 2 Identity Provider (IdP) must be configured. Both the SAPCP and SAP Analytics Cloud must use the same IDP.

For how to set up SAML 2.0 on SAPCP, see Trust and Federation with SAML 2.0 Identity Providers.

For how to set up SAML in SAP Analytics Cloud, see Enabling a Custom SAML Identity Provider.
You must have enough quota for the SAP HANA service and applications.
You must be assigned an Organization Manager role in your SAPCP subaccount.
Note
The SAP Cloud Platform geo map feature is not currently supported for this connection type.

Procedure

Install the SAP HANA Service.
1. In the SAP CP Cloud Platform cockpit, go to Subaccounts.
  You can either create a New Subaccount to use with your connection, or choose an existing subaccount.
2. Go to Entitlements, and under SAP HANA, find the subaccount and increase the counter in the enterprise column to 1.
3. Return to the Subaccounts area and open the overview for the subaccount that you have assigned.
  
  Under Quota, the SAP HANA Service should appear.
4. Go to Spaces Services Service Marketplace and select the SAP HANA Service.
5. Go to the Instances menu and click New Instance.
6. In the wizard that appears, select your service plan depending on your subscription.
7. In the Parameter section, provide your SYSTEM user password.
8. Select the size of your SAP HANA instance.
  
  Instances are divided into 16GB blocks and use a minimum two blocks. You can select a SAP HANA instance up to 2TB in size.
9. Choose if you want to allow the SAP HANA service to be available on the Internet or only to a specific IP Address.
10. (Optional) Bind any existing applications to the SAP HANA service.
11. In the Confirm screen, provide a name for your SAP HANA instance.
12. Click Finish.
  
  The instance will be created and its status will be updated in the SAPCP Cockpit in a few minutes.
Get your SAP HANA database information.
1. Open your instance dashboard and log in with your SAPCP login credentials.
2. Make note of the database endpoint.
  You will need this endpoint when connecting to this database.
3. Go to the SAP HANA Cockpit, and in the Overall Database Status tile, note your tenant database name and instance number.
Connect Eclipse to your SAP HANA Service.
1. Under Systems, select Add System.
2. In the Host Name, provide the database endpoint from Step 1n.
  Enter the endpoint without the port.
3. Add the Instance Number.
4. Select Multiple Containers.
5. Enter the database name.
  
  The database name should follow the following format: <HANA Tenant Database Name>: <Port>.
6. Add a Description and select a Locale.
7. Select Next.
8. Provide your SAP HANA user credentials and select Connect using SSL.
  
  This will connect you to the SAP HANA service and you will be able to view the catalog objects within Eclipse.
Install and configure tools.
1. Download and install the Cloud Foundry CLI.
2. Download and install the Cloud Foundry CLI MTA.
  Install the plugin using the command:
  cf install-plugin mta-plugin-windows.exe -f
3. Download and install Oracle JDK 8 or SAP JDK 8.
  To verify that the JDK is ready, check the version of the JDK you have installed. For example:
  javac -version
4. Download and install Apache Maven.
  To verify that Maven is ready, check the version of Maven you have installed. For example:
  mvn --version
5. Download and install Node.js.
  To verify that Node is ready, check the version of Node you have installed. For example:
  node --version
  Also verify that npm (Node Package Manager) is installed with Node. For example:
  npm --version
6. Set npm for the sap registry modules with the command:
  npm config set @sap:registry https://npm.sap.com
Deploy the analytics adapter for SAP HANA.
1. Create a local folder. For example: c:\haa.
  
  This directory is referred to as <HAA_ROOT> in the following steps.
2. Download or clone the analytics adapter (HAA) project from SAP GitHub.
3. Unzip the file in the <HAA_ROOT>.

Build and deploy the analytics adapter.

Download or clone the mta from SAP GitHub.
Start a command prompt window.
Build the mta file with the command:
```
java -jar mta.jar --build-target=CF build
```
This command will generate a new file named <HAA_ROOT>.mtar.
Extract java-xsahaa.war to <HAA_ROOT>/haa-java/<Target_Directory>.

Replace <Target_Directory> with the target directory you created in Step 6c.

Edit mta.yaml with the following:

ID: haa
	_schema-version: '2.0'
	version: 0.0.1
	
	modules:
	
	- name: haa-java
	   type: java
	   path: haa-java
	   parameters:
	     memory: 1024M
	     buildpack: sap_java_buildpack
	   properties:
	     TARGET_RUNTIME: tomee
	     JBP_CONFIG_RESOURCE_CONFIGURATION: "['tomee/webapps/ROOT/WEB-INF/resources.xml': {'xsahaa-hdi-container':'db-connector'}]"
	     USE_NAMED_USER: true
	     SECONDARY_ROUTING_PERCENT: 0
	     SAP_JWT_TRUST_ACL: '[{"clientid":"sb-haa-java", "identityzone": "*"}]'
	   provides:
	    - name: haa-java
	      properties:
	        url: ${default-url}
	   requires:
	    - name: haa-uaa
	    - name: db-connector
	
	- name: haa
	   type: nodejs
	   path: haa-entry
	   parameters:
	     memory: 512M
	     buildpack: nodejs_buildpack
	   requires:
	    - name: haa-uaa
	    - name: haa-java
	      group: destinations
	      properties:
	        name: haa-java
	        url: ~{url}
	        forwardAuthToken: true
	        timeout: 600000
	   properties:
	     CORS: '[{"uriPattern": "^/sap/bc/ina/(.*)$", "allowedOrigin": [{"host":"<sac-host>", "protocol":"https"}], "allowedMethods": ["GET", "POST", "OPTIONS"], "allowedHeaders": ["Origin", "Accept", "X-Requested-With", "Content-Type", "Access-Control-Request-Method", "Access-Control-Request-Headers", "Authorization", "X-Sap-Cid", "X-Csrf-Token"], "exposeHeaders": ["Accept", "Authorization", "X-Requested-With", "X-Sap-Cid", "Access-Control-Allow-Origin", "Access-Control-Allow-Credentials", "X-Csrf-Token", "Content-Type"]}]'
	     INCOMING_CONNECTION_TIMEOUT: 600000
	     TENANT_HOST_PATTERN: '^(.*)-<space>-haa.cfapps.(.*).hana.ondemand.com'
	
	resources:
	- name: haa-uaa
	   type: com.sap.xs.uaa
	   parameters:
	      path: ./xs-security.json
	
	- name: db-connector
   type: org.cloudfoundry.user-provided-service
   parameters:
     config:
        url: "jdbc:sap://<jdbc_server>:<jdbc_port>?encrypt=true&validateCertificate=false"

Note

You can find your JDBC server name and port on your SAP HANA Service Dashboard, under the Direct SQL Connectivity endpoint.

In the SAPCP Cockpit, in your subaccount overview, find the CF API endpoint.
In the command prompt, set the CLI variable using the command:
```
cf api <api-endpoint>
```
Log on to CF using the command:
```
cf login
```
Deploy the mta to CF with the command:
```
cf deploy haa.mtar
```
After deployment, two new services and three new applications should appear in the SAPCP Cockpit.

Grant permissions and set up roles.
1. Select the haa-java application, click Service Binding, and select the HDI service.
2. Click Show Sensitive Data, locate the hdi_user, and copy the user ID.
3. In the SAPCP Cockpit, access the SQL Console and run the command:
```
grant select on schema _sys_bi to <db_user>;
```
  Replace <db_user> with the HDI user ID you copied in the previous step.
4. Go to the subaccount and click Role Collections.
5. Create new role collection with the name SACToHAA.
6. Select SACToHAA, click Add Role and select SalesApp_User from the list.
Setup trust between XSUAA and the SAP HANA database container.

Follow the instructions in SAP Note 2470084.

In solution b), no trust has been established between XSUAA and the HANA Database, under b) SAP Cloud Platform (SAPCP), complete steps 1, 2, and 3.
Setup the IdP.
1. In the SAPCP cockpit, under Security Trust Configuration, set the default IDP as inactive.
  
  This ensures you won't be prompted during a data refresh.
2. Under Custom, select the name of the Active trust configuration.
3. Click Role Collection Assignment, and assign the SACToHAA role collection to the user ID for your SAML IdP.
Map SAP HANA users to external SAML IdP users.
1. In the SAP HANA Cockpit, select Manage users.
2. Create a new user and give it the user ID you used in Step 6c.
3. Scroll through the authentication area, check the JWT box.
4. Click Add JWT Identity.
5. Click Save.
6. In the Authorization Mode area for the new user, click Assign Privileges.
7. Click Object Privileges, then Edit, and add two new objects: EXECUTE_MDS and _SYS_BI.
  
  Note
  If your HAA version is earlier than 1.5.2, add EXECUTE_MDS_DEV instead of EXECUTE_MDS.
Add a remote system to SAP Analytics Cloud:
1. Go to (Main Menu) Connection Connections (Add Connection).
  
  The Select a data source dialog will appear.
2. Expand Connect to Live Data and select SAP HANA.
3. In the dialog, enter a name and description for your connection.
  The connection name cannot be changed later.
4. Set the connection type to Direct.
5. Add your SAP HANA host name, and 443 as the port.
  
  The host should be the haa application route. You can find this information in the SAPCP Cockpit on the Application: haa – Overview page.
6. (Optional) Choose a Default Language from the list.
  
  This language will always be used for this connection and cannot be changed by users without administrator privileges.
  Note
  You must know which languages are installed on your SAP HANA system before adding a language code. If the language code you enter is invalid, SAP Analytics Cloud will default to the language specified by your system metadata.
7. Under Authentication Method, select SAML Single Sign On.
8. Select OK.
  
  Note
  After creating a connection to a remote system and before creating a model from a remote system, you must log off and log on to SAP Analytics Cloud again.