Configuring Cloud Connector

The basic setup of the Cloud Connector is straightforward and involves two steps:

1. Create a connection to an SAP BTP subaccount.
2. Set up systems and resources that will be accessible from SAP BTP.

The following video illustrates how to connect the Cloud Connector to an SAP BTP subaccount and make an SAP S/4HANA system accessible from the subaccount.

You can find more information about the configuration of the Cloud Connector in the SAP Help Portal.

Download Authentication Data

In earlier versions of the Cloud Connector, it was necessary to provide a username and password for a valid, authorized BTP platform user when adding the subaccount. This could be inconvenient when working with custom IdPs or pure Single Sign-On (SSO) users.

Since Cloud Connector version 2.17, you can establish a connection to the subaccount instead by selecting Configure using authentication data, as shown in the video.

For this connection method, you need to download a small authentication file from the BTP cockpit and upload it to the wizard in Cloud Connector. The downloaded file is only valid for a short time. This means you might need to download it again if you're interrupted during the connection process.

As shown in the video, you can download the file from the BTP subaccount under Connectivity → Cloud Connectors → Download Authentication Data.

Location ID

You can connect multiple Cloud Connectors to a subaccount. In this case, it is essential to maintain the Location ID field in the Cloud Connector during the connection setup so that applications can later choose which on-premises location to access by specifying the Location ID accordingly.

System Mappings

Systems and resources that are reachable are referred to as Virtual To Internal System Mappings in the configuration UI.

The setup of these enables you to do the following:

• Provide systems with virtual names that can differ from their actual hostnames or refrain from using fully qualified hostnames (FQDNs).
• Select which ports and services are accessible. For example: HTTP or HTTPS.
• Control which resources are accessible. In the case of HTTP(S), you can expose all URL paths starting from the root / or only specific ones, such as: /sap/bc/srt/idoc with the option to include or exclude sub-paths.
  Note

  For security reasons, it is advisable to use virtual hostnames to avoid revealing internal network details and expose only necessary paths, thereby restricting access as much as possible.

The following screenshot shows the web administrator user interface of the Cloud Connector, featuring a sample entry for an SAP S/4HANA system that exposes two paths, including sub-paths, via the HTTPS protocol.

Using Cloud Connector Connections from Integration Flows

To send data to a system that is located in an on-premise or private cloud network accessible through the Cloud Connector, you need to configure the Receiver tab of the relevant integration flow to use Proxy TypeOn-Premise. If multiple Cloud Connectors are connected to that subaccount, you must also specify the Location ID.

When providing the Address for an on-premises connection, keep the following in mind:

• The protocol used in the Address field must always be HTTP, not HTTPS, even if the target service uses HTTPS. The Cloud Connector manages the final connection to the target system based on the protocol specified in the system mapping configuration. Data transmitted through this connection remains encrypted due to the secure tunnel between BTP and the Cloud Connector.
• The hostname and port in the Address field must match the virtual hostname and port configured in the Cloud Connector system mapping.