Skip to main content
Version: Next

Configuration

Configuration steps are available in the SPRO transaction in your SAP server. To start the configuration process, login to your SAP Server and execute the following transaction and follow all steps in order to configure Cxlink Suite:


_10
SPRO

You will find all configuration steps defined under Cxlink Suite by Syntax.

PostProcessing Steps

Topics

Licensing

CxLink Suite use a similar model to SAP. You will first generate a unique identifier file from your SAP Server. Once obtained, you will need to upload that file to the Cxlink Portal License Manager and attach it to an active license. If upload is succesfull, it will generate a license file that will be imported to the SAP Server and will activate the license. Follow these steps to activate your license:

  1. In your SAP server, go to SPRO-> Cxlink Suite by Syntax -> Licensing and select Execute.

  2. Choose Generate License Request and execute. Connector License

    Select production server

    As per license model, one cxlink license is valid for both prod and non-prod servers in the same landscape, but only one server can be set as the production one.

    If you are running this step for your production server, please mark the Production system option for support purposes.

  3. In the pop-up screen, select where you want to store the license request in your computer, specify a name for the file and save.

  4. Sign In to CxLink Portal, go to Licensing -> Licenses section in Documents Hub, and search for a license with free slots. (Check the Usage column to find if there are free slots available) Connector License

  5. Open the license details and press Register a host Connector License

  6. In the Pop Up screen, Upload the license request file previously generated.

  7. If the file is correctly uploaded, you will see a message Host registration successfully completed Connector License

  8. Press on Download the license to save the path to your computer.

  9. Go back to the SPRO-> Cxlink Suite by Syntax -> Licensing section in your SAP Server.

  10. Select Activate License, find the license file from the dialog box window and select Execute or (F8). Connector License

  11. If everything is in order, you should see a message at the bottom of the SAP Logon screen with the message Product successfully installed.

  12. Select License Status to check the license validity.

Activate cloud providers

Cxlink Suite integrates with multiple cloud providers (Microsoft Azure, Amazon Web Services....). In this section you will specify which providers do you want to work with. Those unchecked will remain hidden for a cleaner experience. You can activate them later if needed.

  1. In your SAP server, go to SPRO-> Cxlink Suite by Syntax -> Activate Cloud Providers and select Execute.
  2. Ensure that the desired providers are active. Activate Services
  3. Select Execute or (F8)

Certificate Management

To ensure secure connections between SAP and the cloud providers by using HTTPS connectivity you will need to ensure that your SAP servers holds all Root and CA certificates for every cloud in the STRUST transaction.

Skip if already imported

You can skip this section if you have previously download and imported the proper cloud certificates into your SAP Strust transaction and go directly to the Maintain Internet Communication Manager (ICF) Service section

Cxlink can handle the download and installation of the proper certificates for all providers that were activated in the previous step. Cxlink uses the report /LNKAWS/IMG_STRUST_PROVIDERS to take care all needed actions. It uses wget and openssl programs to retrieve the certificates.

warning

Ensure that you have at least the following software versions in your SAP Server if you want to use the automatic certificate control.

  • wget - version 1.2.3
  • openssl- version 13.4.

To prepare and execute the automatic process:

Step 1. Create os commands

This program will generate 2 entries in the SM69 transaction (ZWGET and ZOPENSSL) to operate with the corresponding programs at os level for certificate handling. Programs

  1. In your SAP server fo to SPRO transaction.
  2. Go to Cxlink Suite by Syntax -> Automatic Certificate Management -> Maintain external OS commands (SM69) and select Execute.
  3. On success, you will get the following message. Programs

Step 2. Import certificates

This program will download and import all needed certificates to the STRUST transaction under the SSL Standard (Client) section.

  1. Go to Cxlink Suite by Syntax -> Automatic Certificate Management -> Import certificates and select Execute.
  2. In the pop up screen, Accept the execution. STRUST_PROVIDERS
  3. It can take a few minutes to complete, but on success you will get a list of the imported certificates.

Step 3. (Optional) Schedule certificate job

In some occassions certificates could expire. You can schedule a periodical job to take care of downloading the latest versions of each certificates. This action can be scheduled in a weekly period. No need to execute it daily.

  1. Go to Cxlink Suite by Syntax -> Automatic Certificate Management -> Schedule certificates job and select Execute.
  2. In the Job start conditions select the execution date and time and periodicity.
  3. Keep the rest of steps with the default values.

Maintain Internet Communication Manager (ICF) Service

When you send a request to a specific URL, the system triggers a Service Integration Communication Framework (SICF) node. This SICF node is responsible for initializing specific functionalities and tasks within the system.

One of these tasks is to call a particular handler class, named /LNKAWS/CL_ARCH_LINK_TO_SDK. This handler class serves as a universal manager for interacting with multiple cloud services. It has been designed to facilitate a seamless interface between your application and all available cloud platforms, allowing you to leverage different cloud capabilities without having to deal with the intricacies of each individual service.

In this step, you will need to define a SAP user that will be assigned to the awsconnector_s3 SICF service to handle all communications. You can choose between allowing the system to create that user or to select an existing one. If you choose to select an existing one, our recommendation is to use a communication user.

Process will try to attach the /LNKAWS/WD_MAMAGER role to the defined user.

warning

If the user executing this report does not have the proper permissions to attach roles, please ask your basis team to assign the role to the user.

  1. Go to SPRO-> Cxlink Suite by Syntax -> Maintain Internet Communication Framework (ICF) and select Execute.
  2. Choose to Create new user or Select an existing user.
  3. Define the Username and Password in both cases.
  4. Check the Add authorization profile to user option if you have not previously attached the role to an existing user and you have the proper permissions to assign roles SPRO SICF
  5. Execute to activate the service and assign the user. SPRO SICF Success
  6. Ensure that the role has been generated and the User comparison is correct.
  7. Go to PFCG transaction, select /LNKAWS/WD_MANAGER role and click on Display. PFCG Role
  8. If both the Authorizations and User tabs are green, you can skip the rest of steps and jump to Credentials section.
  9. If not, Enter Change Mode and select Change Authorization Data to generate the authorization profile. PFCG Role
  10. Select Generate and Exit. Accept the default values when prompted for a Profile Name. PFCG Generate
  11. Back to the Change Roles screen, select the User tab and execute User Comparison. PFCG Compare
  12. Select Full Comparison and check the success message. PFCG Compared
  13. You can now exit and continue with the process.

Credentials

If you server is running on-prem or in a different provider and you want to connect by using IAM credentials specific for your cloud provider, you will need to define them in this step.

Credentials encryption

All credentials stored in this table will be encrypted by default.

To add credentials, go to SPRO-> Cxlink Suite by Syntax -> Credentials -> Cloud Credentials and select the desired option:

Amazon Web Services - IAM User

To add a new IAM user to the configuration:

  1. Select New credential.
  2. In the General Data section:
    1. Select Amazon Web Services for provider
    2. Select AWS IAM User as credentials type.
  3. In the Specify Credentials Data, specify the AWS Account ID and User Name of the IAM user and its Access Key and Secret Key.
  4. Press Next.
  5. Review for details and accept.

Microsoft Azure - Azure Active Directory (AAD) (Recommended for Azure)

To add a Azure ADD credential to the configuration:

  1. Select New credential.
  2. In the General Data section:
    1. Select Microsoft Azure for provider
    2. Select Azure Active Directory (AAD) as credentials type.
  3. In the Specify Credentials Data, specify the Tenant ID, Client ID and Client Secret.
  4. Press Next.
  5. Review for details and accept.

Microsoft Azure - Azure Shared Key (ASK)

To add an Azure ASK credential to the configuration:

  1. Select New credential.
  2. In the General Data section:
    1. Select Microsoft Azure for provider
    2. Select Azure Shared Key (ASK) as credentials type.
  3. In the Specify Credentials Data, specify the Tenant ID, Resource Name and Account Access Key1.
  4. Press Next.
  5. Review for details and accept.

Microsoft Azure - Azure Shared Access Signature (SAS)

To add an Azure SAS credential to the configuration:

  1. Select New credential.
  2. In the General Data section:
    1. Select Microsoft Azure for provider
    2. Select Azure Shared Access Signature (SAS) as credentials type.
  3. In the Specify Credentials Data, specify the Tenant ID, Resource Name and Account Access Key1.
  4. Press Next.
  5. Review for details and accept.

Assumed Roles (Only for AWS)

If you plan to use Assumed Roles to access resources in different AWS Accounts than the one that your server is running on, you will need to define them in the following table, assigning a short alias name to them. This will prevent some errors to occur because of the long size of the IAM roles ARN.

To add assumed roles to the configuration:

  1. Go to SPRO-> Cxlink Suite by Syntax -> Credentials -> Assumed Roles and select Execute.
  2. Select New to create a new key/pair value role.
  3. In the Assume Role Manager screen:
    1. Provider: Keep Amazon Web Services.
    2. Assume alias: A short descriptive name for your role to let you easily identify it during later steps.
    3. Assume ARN: ARN of the role that you want SAP to assume. Assumed Role
  4. Repeat the process to create as many assumed roles as you need.