Skip to main content
Version: 700

Configuration

Configuration steps are available in the SPRO transaction in your SAP server. To start the configuration process, login to your productive client in your SAP Server and execute the following transaction and follow all steps in order to configure Cxlink Suite:


_10
/n/LNKAWS/POST_PROS

You will find all configuration steps defined under General Configuration -> Configuration Status.

PostProcessing Steps

Topics


Certificates Control

To ensure secure connections between SAP and the cloud providers by using HTTPS connectivity you will need to ensure that your SAP servers holds all Root and CA certificates for every cloud in the STRUST transaction.

Skip if already imported

You can skip this section if you have previously download and imported the proper cloud certificates into your SAP Strust transaction and go directly to the Maintain Internet Communication Manager (ICF) Service section

Cxlink can handle the download and installation of the proper certificates for all providers that were activated in the previous step. Cxlink uses the report /LNKAWS/IMG_STRUST_PROVIDERS to take care all needed actions. It uses wget and openssl programs to retrieve the certificates.

Minimum versions

Ensure that you have at least the following software versions in your SAP Server if you want to use the automatic certificate control.

  • wget - version 1.2.3
  • openssl- version 13.4.

To prepare and execute the automatic process:

Step 1. Create os commands

This program will generate 2 entries in the SM69 transaction (ZWGET and ZOPENSSL) to operate with the corresponding programs at os level for certificate handling. Programs

  1. In your SAP server fo to /n/LNKAWS/POST_PROS transaction.
  2. Go to General Configuration -> Configuration Status -> Certificates Control -> Commands and Execute.
  3. On success, you will get the following message. Programs

Step 2. Certificates

This program will download and import all needed certificates to the STRUST transaction under the SSL Standard (Client) section.

  1. Go to General Configuration -> Configuration Status -> Certificates Control -> Certificates and Execute.
  2. In the pop up screen, Accept the execution. STRUST_PROVIDERS
  3. It can take a few minutes to complete, but on success you will get a list of the imported certificates.

Services SICF

When you send a request to a specific URL, the system triggers a Service Integration Communication Framework (SICF) node. This SICF node is responsible for initializing specific functionalities and tasks within the system.

One of these tasks is to call a particular handler class, named /LNKAWS/CL_ARCH_LINK_TO_SDK. This handler class serves as a universal manager for interacting with multiple cloud services. It has been designed to facilitate a seamless interface between your application and all available cloud platforms, allowing you to leverage different cloud capabilities without having to deal with the intricacies of each individual service.

In this step, you will need to define a SAP user that will be assigned to the awsconnector_s3 SICF service to handle all communications. You can choose between allowing the system to create that user or to select an existing one. If you choose to select an existing one, our recommendation is to use a communication user.

Process will try to attach the /LNKAWS/WD_MAMAGER role to the defined user.

warning

If the user executing this report does not have the proper permissions to attach roles, please ask your basis team to assign the role to the user.

  1. Logon to client 000 of your server.
  2. Go to General Configuration -> Configuration Status -> Services SICF -> User & Profile and Execute.
  3. Choose the preferred method to manage the SAP User for SICF Service:
    • User Proposal will create the user LNKAWSICFUSE with a default password.
    • I will specify the user will let you define the username and password for the service user. If the user does not exist it will try to create it.
    • I have Central User Administrator will let you define an existing user in your CUA server. You will need to add the /LNKAWS/WD_MANAGER role to it and skip the next step. SICF User
  4. Select Execute.

  1. Go to General Configuration -> Configuration Status -> Certificates Control -> Role and Execute.
  2. Define the User selected in the previous step and Execute SICF ROle
  3. Ensure that the role has been generated and the User comparison is correct.
  4. Go to PFCG transaction, select /LNKAWS/WD_MANAGER role and click on Display. PFCG Role
  5. If both the Authorizations and User tabs are green, you can skip the rest of steps and jump to Credentials section.
  6. If not, Enter Change Mode and select Change Authorization Data to generate the authorization profile. PFCG Role
  7. Select Generate and Exit. Accept the default values when prompted for a Profile Name. PFCG Generate
  8. Back to the Change Roles screen, select the User tab and execute User Comparison. PFCG Compare
  9. Select Full Comparison and check the success message. PFCG Compared
  10. You can now exit and continue with the process.

  1. Go to General Configuration -> Configuration Status -> Certificates Control -> Activate Services and Execute.
  2. This step will activate service sap->bc->awsconnector_s3 in SICF. SICF Service

Proxy

You can add a proxy configuration to the RFCs used by CxLink Suite to allow outbound connectivity. If you want to add this proxy layer:

  1. In /LNKAWS/POST_PROS transaction, go to General Configuration -> Configuration Status -> Proxy -> Add Proxy and Execute.
  2. In the RFC Proxy Configuration screen, add the proper information about your proxy Server and Execute. This will add the proxy configuration to all specified RFCs. Proxy

License

CxLink Suite use a similar model to SAP. You will first generate a unique identifier file from your SAP Server. Once obtained, you will need to upload that file to the Cxlink Portal License Manager and attach it to an active license. If upload is succesfull, it will generate a license file that will be imported to the SAP Server and will activate the license. Follow these steps to activate your license:

  1. In /LNKAWS/POST_PROS transaction, go to General Configuration -> Configuration Status -> Licensing and select Execute.

  2. Choose Generate License Request and execute. Connector License

    Select production system

    As per license model, one cxlink license is valid for both prod and non-prod servers in the same landscape, but only one server can be set as the production one.

    If you are running this step for your production server, please mark the Production system option for support purposes.

  3. In the pop-up screen, select where you want to store the license request in your computer, specify a name for the file and save.

  4. Sign In to CxLink Portal, go to Licensing -> Licenses section in Documents Hub, and search for a license with free slots. (Check the Usage column to find if there are free slots available) Connector License

  5. Open the license details and press Register a host Connector License

  6. In the Pop Up screen, Upload the license request file previously generated.

  7. If the file is correctly uploaded, you will see a message Host registration successfully completed Connector License

  8. Press on Download the license to save the path to your computer.

  9. Go back to /LNKAWS/POST_PROS transaction, go to General Configuration -> Configuration Status -> Licensing.

  10. Select Activate License, find the license file from the dialog box window and select Execute or (F8). Connector License

  11. If everything is in order, you should see a message at the bottom of the SAP Logon screen with the message Product successfully installed.

  12. Select License Status to check the license validity.


Activate Clouds

Cxlink Suite integrates with multiple cloud providers (Amazon Web Services, AWS SDK for ABAP....). In this section you will specify which providers do you want to work with. Those unchecked will remain hidden for a cleaner experience. You can activate them later if needed.

  1. In /LNKAWS/POST_PROS transaction, go to General Configuration -> Configuration Status -> Licensing and select Execute.
  2. In the New Entries: Details table, add a New Entry and enter this information: Activate Services
  3. Select Save and exit

Fill Configuration Tables

There is some information specific for Cxlink Suite that cannot be created during Add-on installation. Please run the following command to fill the required parameters in custom CxLink tables:

  1. In /LNKAWS/POST_PROS transaction, go to General Configuration -> Configuration Status -> Fill configuration Tables and Execute.
  2. This process automatically adds entries to tables /LNKAWS/CONST, /LNKAWS/PRODUCTS and /LNKAWS/SERVICES. Post Tables

Credentials

If you server is running on-prem or in a different provider and you want to connect by using IAM credentials specific for your cloud provider, you will need to define them in this step.

Credentials encryption

All credentials stored in this table will be encrypted by default.

To add credentials, go to SPRO-> Cxlink Suite by Syntax -> Credentials -> Cloud Credentials and select the desired option:

Amazon Web Services - IAM User

To add a new IAM user to the configuration:

  1. Select New credential.
  2. In the General Data section:
    1. Select Amazon Web Services for provider
    2. Select AWS IAM User as credentials type.
  3. In the Specify Credentials Data, specify the AWS Account ID and User Name of the IAM user and its Access Key and Secret Key.
  4. Press Next.
  5. Review for details and accept.

To add a Azure ADD credential to the configuration:

  1. Select New credential.
  2. In the General Data section:
    1. Select Microsoft Azure for provider
    2. Select Azure Active Directory (AAD) as credentials type.
  3. In the Specify Credentials Data, specify the Tenant ID, Client ID and Client Secret.
  4. Press Next.
  5. Review for details and accept.

Microsoft Azure - Azure Shared Key (ASK)

To add an Azure ASK credential to the configuration:

  1. Select New credential.
  2. In the General Data section:
    1. Select Microsoft Azure for provider
    2. Select Azure Shared Key (ASK) as credentials type.
  3. In the Specify Credentials Data, specify the Tenant ID, Resource Name and Account Access Key1.
  4. Press Next.
  5. Review for details and accept.

Microsoft Azure - Azure Shared Access Signature (SAS)

To add an Azure SAS credential to the configuration:

  1. Select New credential.
  2. In the General Data section:
    1. Select Microsoft Azure for provider
    2. Select Azure Shared Access Signature (SAS) as credentials type.
  3. In the Specify Credentials Data, specify the Tenant ID, Resource Name and Account Access Key1.
  4. Press Next.
  5. Review for details and accept.

Assumed Roles (Only for AWS)

If you plan to use Assumed Roles to access resources in different AWS Accounts than the one that your server is running on, you will need to define them in the following table, assigning a short alias name to them. This will prevent some errors to occur because of the long size of the IAM roles ARN.

To add assumed roles to the configuration:

  1. Go to SPRO-> Cxlink Suite by Syntax -> Credentials -> Assumed Roles and select Execute.
  2. Select New to create a new key/pair value role.
  3. In the Assume Role Manager screen:
    1. Provider: Keep Amazon Web Services.
    2. Assume alias: A short descriptive name for your role to let you easily identify it during later steps.
    3. Assume ARN: ARN of the role that you want SAP to assume. Assumed Role
  4. Repeat the process to create as many assumed roles as you need.