Successful integration between SAP S/4HANA Cloud and the SAP Business Network relies on three key components: the SAP Business Network, SAP S/4HANA Cloud Private Edition, and the managed gateway. These systems work together to ensure secure and seamless communication of procurement documents across buyer and supplier environments. The landscape also includes the SAP Cloud Connector, which adds an extra layer of security when connecting the SAP cloud environment with the customer’s system landscape.
SAP Business Network
SAP Business Network is a cloud-based business-to-business (B2B) trading platform and supplier network offered by SAP. SAP Business Network is designed to facilitate and streamline procurement and supply chain processes for organizations of all sizes, from small businesses to large enterprises.
SAP Business Network includes both a testing environment and a production environment, enabling seamless interaction between buyers and suppliers. Notably, there is no development environment provided within SAP Business Network.
SAP S/4HANA Cloud Private Edition
SAP S/4HANA Cloud Private Edition is an offering designed to give businesses the benefits of a cloud environment while granting customer control and customization capabilities like on-premise solutions. It runs on a single-tenant infrastructure, meaning the resources are dedicated to one customer, offering higher levels of security and customization. Unlike the public cloud version, which is managed and updated by SAP on a shared infrastructure, the private edition allows customers to have their instance on either an SAP data center or a hyperscaler partner's data center.
This setup allows businesses to manage their upgrade cycles and tailor the system to their specific needs while still offloading the infrastructure management and maintenance to the cloud provider. It's an optimal solution for organizations looking for the agility and scalability of the cloud combined with the depth of control over the environment typically seen in on-premises deployments.
The system landscape for SAP S/4HANA Private Cloud typically consists of a 3-system architecture, designed to streamline the development, testing, and production processes.
This setup includes:
- S/4HANA Development System: The starting point for all customization and development efforts. It's where new functionalities are created and initial testing is conducted before any changes are moved to the test system.
- S/4HANA Test System: After development, changes are transported to this environment for further testing. This system is crucial for quality assurance, ensuring that modifications work as intended and do not introduce errors into the production environment.
- S/4HANA Production System: The live environment where all business processes are run. Changes are transported here only after thorough testing in the development and test systems to ensure stability and reliability of the production operations.
The image shows an SAP system architecture with a test and a production environment within SAP Business Network. The S/4HANA Test environment is connected to the Test SAP Business Network, while the S/4HANA production is linked to the production SAP Business Network. Both use the managed gateway as middleware for connectivity.
Note
It is not recommended to connect the development client of S/4HANA to the test SAP Business Network environment, as master data is often incomplete or not fully set up.
This landscape allows for a clear separation of environments, reducing risks associated with direct changes to the production system and facilitating a structured approach to development and deployment. The SAP S/4HANA Private Cloud Edition offers customization capabilities and is hosted by SAP or a hyperscaler, ensuring flexibility to meet specific business needs while maintaining the system.
SAP Integration Suite, Managed Gateway for Spend Management and SAP Business Network
The managed gateway is an Integration-as-a-Service (IaaS) solution that simplifies the connection between SAP ERP or SAP S/4HANA Cloud systems and the SAP Business Network. It leverages the SAP Business Technology Platform (BTP) through a public tenant hosted in regional data centers, ensuring global availability and scalability.
A single managed gateway account is used for both the test and production environments. This means that configurations created in the test environment can easily be promoted and reused in production, ensuring consistency across the landscape. The managed gateway account can be accessed directly through the buyer account login.
Steps to log in to the managed gateway account:
- Log on to the SAP Business Network production buyer account (buyer.ariba.com).
- To access the account settings, select your initials at the top right corner and select Manage Profile from the drop-down menu.
- Select Integration Suite, managed gateway for spend management and SAP Business Network Setup.
Once you log in to the production environment, you can manage both test and production environments from the same interface.
The managed gateway serves as a secure and reliable channel that facilitates seamless communication between SAP S/4HANA and the SAP Business Network. It provides standardized integration content, including:
- Out-of-the-box connectivity to link SAP systems with the SAP Business Network.
- Standard mapping content to translate message formats to and from the SAP Business Network’s native cXML format, ensuring accurate interpretation and data exchange between systems.
SAP Cloud Connector
The SAP Cloud Connector is a key security component in the integration scenario. It ensures secure connectivity between a customer’s on-premise environment and the SAP Cloud environment, protecting internal systems while enabling controlled communication with SAP cloud applications.
The Cloud Connector acts as a controlled entry point that allows organizations to expose only selected internal resources without compromising security. It ensures that only authorized connections are established and that sensitive system details remain protected.
Key Characteristics
- Purpose & Role
- The Cloud Connector serves as the link between on-premise systems and SAP Cloud applications. It enables the reuse of existing on-premise assets without exposing the entire IT landscape. Administrators have full control over which systems and services are made available to the cloud, keeping setup straightforward and secure.
- Importance in the Integration Landscape
- It is an essential component in multiple deployment scenarios.
- Required for direct connectivity between SAP S/4HANA and the SAP Business Network.
- Also supports mediated connectivity when SAP Cloud Platform Integration (private tenant) is used as middleware.
- In both cases, it guarantees secure communication between cloud applications and on-premise systems.
- Communication Direction
- In the Source-to-Pay scenario, the Cloud Connector is used exclusively for inbound communication into the customer’s on-premise system. By functioning as a reverse-invoke proxy, it removes the need to open internal firewalls for external cloud access.
- System Identity Protection
- Administrators can define virtual hostnames and ports that are used in integration projects instead of real system details. This masks the identity of backend systems and prevents exposure of sensitive information.
- Security via SSL Tunnel
- A reverse SSL tunnel is established for communication, controlled exclusively by the Cloud Connector administrator. This tunnel cannot be initiated from outside the company network or the cloud, preventing unauthorized access.
