Network Settings

In this section, step 3 is considered in the interaction of administrators.

This section of the course is relevant for: SAP Source System Administrators

For being able to execute the following steps you need some information from SAP BTP. When your user has been added to the user step of the booster, you should be authorized. If you are not able to access the information with your own user please involve the SAP BTP Administrator for getting the relevant details.

You will collect and need the following information for the network settings:

• SAP BTP Sub-accont "subdomain"
• SAP BTP Data Center "region ID"
• SAP BTP, Cloud Foundry IP Addresses
• HTTPs connection, Proxy (host and port)

You need to ensure your network settings permit communication required for the SAP Signavio Process Insights solution. Potentially you need to contact another IT specialist from your organisation. You must ensure that your company's network settings permit outbound communications to the internet through port 443 (HTTPS) to the domains for the solution. Also ensure that you permits the URLs and IP addresses required by the SAP Signavio Process Insights solution for communication.

Let's start with the first 3 settings:

• Permit the required Application base URL - bpi-pia-core-api.cfapps."region ID".hana.ondemand.com
• Permit the required Authentication URL - "subdomain".authentication."region ID".hana.ondemand.com

Your network must allow the required IPs for the SAP BTP, Cloud Foundry environment.

For information about which IPs are required, see Regions and API Endpoints Available for the Cloud Foundry Environment in the SAP BTP documentation. The information in the LB IPs (ingress, for incoming requests) column indicates which IPs are required depending on your data center.

• Check the documentation about which IPs are required, see Regions and API Endpoints Available for the Cloud Foundry Environment in the SAP BTP documentation. The information in the LB IPs ( ingress, for incoming requests) column indicates which IPs are required depending on your data center.

• Permit the required IP Addresses

• You know whether your organization uses a proxy and have obtained the details required (host and port) from your organization's IT department or specialist. If your proxy uses authentication and you're using ST-PI 7.40 SP16, ensure you've installed the corresponding SAP Note 3104662 . This SAP Note is required to ensure that proxies with authentication are supported by the SAP Cloud ALM functionality in your ST-PI plug-in. The functionality is used to connect your SAP ECC 6.0 or SAP S/4HANA source system to the cloud tenant.
• You need this information for setting up the connection later.

This section of the course is relevant for: SAP Source System Administrators

In any SAP on-premise systems that you connect, you must install and trust all the required certificates as outlined under Setup STRUST in the information for SAP Cloud ALM on SAP Support Portal.

Make sure you install and trust the following root certificates:

• DigiCertGlobalRootCA

  This root certificate is used to sign existing certificates. It will soon be replaced by DigiCertGlobalRootG2 for signing new certificates.

• DigiCertGlobalRootG2

  This root certificate is scheduled to replace DigiCertGlobalRootCA in 2023 still. Both certificates can co-exists in your systems. Please don't delete the old certificate (DigiCertGlobalRootCA) before its expiry date.

• DigiCertRSA4096RootG5

  This root certificate prepares your trust store for future use where increased key length is required.

• Check that the profile parameter icm/HTTPS/client_sni_enabled is set to TRUE in your managed system. You can check this value using transaction RZ11 and
• change it using transaction RZ10. In transaction RZ10, you select the relevant profile and change the value from FALSE to TRUE. See also SAP Note 510007   (Additional considerations for setting up SSL on Application Server ABAP).