Differentiating Connection Patterns

Objective

After completing this lesson, you will be able to differentiate between the four primary connection patterns for integrating SAP Business Data Cloud with its open data ecosystem.

Connection Patterns

SAP Datasphere offers various methods for connecting to remote platforms, depending on the specific system and your data exchange requirements.

Data Federation

In standard scenarios, you connect SAP Datasphere to a remote cloud platform to access data directly within the SAP Datasphere environment.

For example, you can connect data from Databricks Delta Lake tables live using the SAP Datasphere data federation architecture.

This connection enables you to combine Databricks data with SAP business data in real time. By creating a unified view of your business information, you can perform fast analysis and visualize results using SAP Analytics Cloud dashboards.

Business Data Cloud federates to Databricks via SAP Datasphere data federation using JDBC connectivity..

Data Product Sharing

Beyond simple table access, you may need to leverage the rich semantics provided by data products.

SAP Business Data Cloud Connect (BDC Connect) is a cloud service that facilitates secure, bidirectional, zero-copy data sharing between SAP Datasphere and supported external systems using the Delta Sharing protocol. This allows organizations to share data products without moving or duplicating data, preserving governance and business context while providing real-time access.

Components of BDC Connect

Delta Sharing Protocol: An open standard for secure data sharing that eliminates the need for data copying.
BDC Connect SDK: A Python SDK used to manage shares, data products, and CSN metadata.
Connection Management: A feature that automates enrollment and authentication between SAP systems and external platforms.
Data Product Publishing: A mechanism to expose Delta Shares as consumable data products enriched with metadata.

BDC Connect acts as a bridge between SAP Business Data Cloud and external data platforms. Establishing a connection involves generating identifiers, creating provider and recipient objects, and setting up trust through secure enrollment processes.

For instance, BDC Connect can be used to share data products with a native Databricks platform.

Business Data Cloud shares data products to/from Databricks using BDC Connect.

Bundled Applications

Instead of managing a native external platform manually, you can use SAP-managed integrated tools that utilize SAP Cloud Identity Services for secure connectivity.

SAP Cloud Identity Services are a suite of services designed to integrate identity and access management across systems.

The primary goal is to provide a seamless single sign-on (SSO) experience while ensuring secure access. It serves as the central solution for authentication, SSO, and identity lifecycle management.

A core component is the Identity Authentication service, which manages authentication and SSO functionality to provide controlled, cloud-based access to business processes and applications.

User authenticates with Identity Authentication to access SAP or other cloud applications via SAML or OIDC, optionally federated with a Corporate Identity Provider using SAML.

Note

For more details on SAP Cloud Identity Services, refer to this course: https://learning.sap.com/courses/introducing-sap-cloud-identity-services

SAML (Security Assertion Markup Language) and OpenID Connect (OIDC) are authentication protocols used for SSO and identity management. While they serve similar purposes, they differ in technical implementation and use cases.

OIDC is a more modern protocol that specifically supports mobile scenarios.

Certain applications, such as SAP Databricks, are bundled OIDC applications. These are pre-configured for OIDC connections, eliminating the need for manual configuration.

These bundled applications are usually shown as any other SAP tool included in SAP Business Data Cloud solution.

SAP Business Data Cloud incorporates SAP Databricks in its Business Data Fabric, along SAP Datasphere, SAP Analytics Cloud and SAP BW Private Cloud Edition

APIs

Some applications interact with SAP Datasphere through APIs rather than direct data sharing.

OAuth (Open Authorization) is a standard protocol that allows applications to gain limited access to user accounts on HTTP services without sharing user credentials.

Within the SAP ecosystem, OAuth provides secure, token-based authentication for accessing resources across SAP services and third-party tools.

For example, you can use OAuth in Collibra to access metadata from the SAP Datasphere catalog.

In SAP Datasphere, you must create an OAuth client to expose system metadata to Collibra via APIs.

New OAuth Client dialog configures 'Collibra demo' for API access via Catalog User API with SAML2.0 Bearer grant, 1-hour token lifetime, Add and Cancel buttons.

Once the OAuth client is created, the system generates an OAuth Client ID and a secret key.

OAuth Client Information modal configures Collibra demo with API Access and Catalog User API; masked secret with Copy secret button and warning to save securely.

You enter these credentials into Collibra to establish the connection and access the available APIs.

Create Connection form prompts for SAP Datasphere Catalog URL, token URL, client ID, and masked client secret key, with Cancel and Create buttons.

Summary

In this lesson, you explored several ways to integrate SAP Datasphere with its open data ecosystem:

Data Federation: Connect to remote platforms for real-time data access and analysis.
BDC Connect: Share data products securely using zero-copy methods via the Delta Sharing protocol.
Bundled Applications: Use integrated tools with SAP Cloud Identity Services for secure, pre-configured access.
APIs: Enable secure communication and metadata exchange using OAuth.

Next lesson