├── .gitignore ├── .reuse └── dep5 ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── Documentation └── MarkdownTemplate.md ├── LICENSE ├── LICENSES └── Apache-2.0.txt ├── README.md ├── app-dev └── work-zone │ ├── architectures │ ├── Establish-a-central-entry-point-with-SAP-Build-Work-Zone.drawio │ └── archive │ │ ├── .$[SAP-official]_Establish-a-central-entry-point-with-SAP-Build-Work-Zone.drawio.bkp │ │ └── [SAP-official]_SAP_Build_Work_Zone.drawio │ ├── build-wokzone.md │ └── images │ ├── Establish-a-central-entry-point-with-SAP-Build-Work-Zone_diagram.png │ ├── archive │ └── build-work-zone.png │ └── build-work-zone.png ├── automation ├── build-process-automation │ ├── architectures │ │ ├── Integrate-and-extend-SAP-and-non-SAP-solutions-with-SAP-Build-Process-Automation.drawio │ │ └── archive │ │ │ ├── [SAP-official]_SAP_Build_Process_Automation.drawio │ │ │ └── [SAP-official]_SAP_Build_Process_Automation_update.drawio │ ├── build-process-automation.md │ └── images │ │ ├── Integrate-and-extend-SAP-and-non-SAP-solutions-with-SAP-Build-Process-Automation_diagram.png │ │ ├── SAP_Build_Process_Automation.png │ │ └── archive │ │ └── SAP_Build_Process_Automation.png └── task-center │ ├── architectures │ ├── Establish-a-central-inbox-with-SAP-Task-Center.drawio │ └── archive │ │ └── [SAP-official]_SAP_Task_Center.drawio │ ├── images │ ├── Establish-a-central-inbox-with-SAP-Task-Center_diagram.png │ ├── archive │ │ └── task-center.png │ └── task-center.png │ └── task-center.md ├── data-analytics └── predictive-analytics │ ├── architectures │ └── Federated-Machine-Learning.drawio │ ├── fedml.md │ └── images │ ├── Federated-Machine-Learning_diagram.png │ ├── archive │ └── fedml.png │ └── fedml.png ├── discovery-center └── ReferenceArchitectures.md ├── hyperscalers ├── AWS-Azure │ ├── AWS_Azure_CAP_PLS.md │ ├── architectures │ │ └── Secure-Connectivity-with-SAP-Private-Link-service.drawio │ └── images │ │ ├── Secure-Connectivity-with-SAP-Private-Link-service-diagram.png │ │ ├── archive │ │ └── generic-privatelink.png │ │ └── generic-privatelink.png ├── events-to-business-actions │ ├── architectures │ │ └── Events-to-business-actions-framework.drawio │ ├── events-to-business-actions.md │ └── images │ │ └── Events-to-business-actions-framework_diagram.png ├── google-datasphere │ ├── architectures │ │ └── Explore-your-Hyperscaler-data-with-SAP-Datasphere.drawio │ ├── google_datasphere.md │ └── images │ │ ├── Explore-your-Hyperscaler-data-with-SAP-Datasphere_diagram.png │ │ ├── Google+Datasphere.png │ │ └── archive │ │ └── Google+Datasphere.png ├── multi-region-ha │ ├── architectures │ │ └── Architecting-multi-region-resiliency-for-SAP-BTP-use-cases.drawio │ ├── images │ │ └── Architecting-multi-region-resiliency-for-SAP-BTP-use-cases_diagram.png │ └── multi_region_ha.md └── openai │ ├── OpenAI.md │ ├── architectures │ ├── Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP.drawio │ └── archive │ │ └── GenAI_Ref_Architecture.drawio │ └── images │ ├── Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-multi_diagram.png │ ├── Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-single_diagram.png │ ├── archive │ ├── ReferenceArchitectureOpenAI-ChatGPT.png │ ├── [SAP-official]_CAP-based architecture using Retrieval Augmented Generation (RAG)-multi_diagram.png │ ├── [SAP-official]_Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-multi_diagram.png │ ├── [SAP-official]_Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP_diagram.png │ ├── architectures.png │ ├── displayed-architecture.png │ ├── multitenant-architecture.png │ └── singletenant-architecture.png │ └── displayed-architecture.png ├── images └── BTP-marketecture.png ├── integration ├── api-managed-integration │ ├── api_managed_integration.md │ ├── architectures │ │ ├── .$API-managed-integration.drawio.bkp │ │ ├── API-Managed-Integration.drawio │ │ └── archive │ │ │ └── [SAP-official]_API-Managed-Integration.drawio │ └── images │ │ ├── API-Managed-Integration_diagram.png │ │ ├── archive │ │ └── ref-arch-api-managed-integration.png │ │ └── ref-arch-api-managed-integration.png ├── application-to-application-integration │ ├── add-images │ │ └── A2A-Edge-Integration-Cell_diagram.png │ ├── application_to_application_Integration.md │ ├── architectures │ │ ├── .$Application-to-application-integration.drawio.bkp │ │ ├── Application-to-Application-Integration.drawio │ │ └── archive │ │ │ └── [SAP-official]_Application-to-Application-Integration.drawio │ └── images │ │ ├── Application-to-Application-Integration_diagram.png │ │ ├── archive │ │ └── ref-arch-a2a-integration.png │ │ └── ref-arch-a2a-integration.png ├── business-to-business-integration │ ├── architectures │ │ ├── Business-to-Business-Integration.drawio │ │ └── archive │ │ │ └── [SAP-official]_Business-to-Business-Integration.drawio │ ├── business_to_business_integration.md │ └── images │ │ ├── Business-to-Business-Integration_diagram.png │ │ ├── archive │ │ └── ref-arch-b2b-integration.png │ │ └── ref-arch-b2b-integration.png ├── business-to-government-integration │ ├── architectures │ │ ├── Business-to-Government-Integration.drawio │ │ └── archive │ │ │ └── ref-arch-b2g-integration.drawio │ ├── business_to_government_integration.md │ └── images │ │ ├── Business-to-Government-Integration_diagram.png │ │ ├── archive │ │ └── ref-arch-b2g-integration.png │ │ └── ref-arch-b2g-integration.png └── master-data-integration │ ├── architectures │ ├── Master-Data-Integration.drawio │ └── archive │ │ ├── [SAP-official]_Master-Data-Integration.drawio │ │ ├── ref-arch-master-data-integration-cloud.drawio │ │ └── ref-arch-master-data-integration.drawio │ ├── images │ ├── Master-Data-Integration_diagram.png │ ├── archive │ │ ├── RefArch_MasterDataIntegration_Cloud.png │ │ └── ref-arch-master-data-integration.png │ └── ref-arch-master-data-integration.png │ └── master_data_integration.md ├── lifecycle-management └── README.md └── security ├── cloud-leading-authn ├── architectures │ ├── Cloud-leading-Authentication.drawio │ └── archive │ │ └── SAP_IAM_SD_AuthN_2024.drawio ├── cloud-leading-authn.md └── images │ ├── Cloud-leading-Authentication_diagram.png │ ├── SAP_IAM_SD_AuthN_2024.png │ └── archive │ └── SAP_IAM_SD_AuthN_2024.png ├── cloud-leading-authz ├── architectures │ ├── Cloud-leading-Identity-Lifecycle-Authorizations.drawio │ └── archive │ │ └── SAP_IAM_SD_AuthN_2024.drawio ├── cloud-leading-authz.md └── images │ ├── Cloud-leading-Identity-Lifecycle-Authorizations_diagram.png │ ├── SAP_IAM_SD_AuthZ_2024.png │ └── archive │ └── SAP_IAM_SD_AuthZ_2024.png └── cloud-leading-identity-lifecycle ├── architectures ├── Cloud-leading-Identity-Lifecycle.drawio └── archive │ ├── .$[sap-official]_Cloud-leading-Identity-Lifecycle.drawio.bkp │ └── SAP_IAM_SD_W2I_2024.drawio ├── cloud-leading-identity-lifecycle.md └── images ├── Cloud-leading-Identity-Lifecycle_diagram.png ├── SAP_IAM_SD_W2I_2024.png └── archive └── SAP_IAM_SD_W2I_2024.png /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .vs 3 | .dtmp 4 | .bkp 5 | .$ -------------------------------------------------------------------------------- /.reuse/dep5: -------------------------------------------------------------------------------- 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | Upstream-Name: sap-btp-reference-architectures 3 | Upstream-Contact: fabian.lehmann02@sap.com, ralf.ackermann@sap.com> 4 | Source: 5 | Disclaimer: The code in this project may include calls to APIs ("API Calls") of 6 | SAP or third-party products or services developed outside of this project 7 | ("External Products"). 8 | "APIs" means application programming interfaces, as well as their respective 9 | specifications and implementing code that allows software to communicate with 10 | other software. 11 | API Calls to External Products are not licensed under the open source license 12 | that governs this project. The use of such API Calls and related External 13 | Products are subject to applicable additional agreements with the relevant 14 | provider of the External Products. In no event shall the open source license 15 | that governs this project grant any rights in or to any External Products,or 16 | alter, expand or supersede any terms of the applicable additional agreements. 17 | If you have a valid license agreement with SAP for the use of a particular SAP 18 | External Product, then you may make use of any API Calls included in this 19 | project's code for that SAP External Product, subject to the terms of such 20 | license agreement. If you do not have a valid license agreement for the use of 21 | a particular SAP External Product, then you may only make use of any API Calls 22 | in this project for that SAP External Product for your internal, non-productive 23 | and non-commercial test and evaluation of such API Calls. Nothing herein grants 24 | you any rights to use or access any SAP External Product, or provide any third 25 | parties the right to use of access any SAP External Product, through API Calls. 26 | 27 | Files: * 28 | Copyright: 2023 SAP SE or an SAP affiliate company and sap-btp-reference-architectures contributors 29 | License: Apache-2.0 -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, caste, color, religion, or sexual 10 | identity and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the overall 26 | community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or advances of 31 | any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email address, 35 | without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | [INSERT CONTACT METHOD]. 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series of 86 | actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or permanent 93 | ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within the 113 | community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.1, available at 119 | [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. 120 | 121 | Community Impact Guidelines were inspired by 122 | [Mozilla's code of conduct enforcement ladder][Mozilla CoC]. 123 | 124 | For answers to common questions about this code of conduct, see the FAQ at 125 | [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at 126 | [https://www.contributor-covenant.org/translations][translations]. 127 | 128 | [homepage]: https://www.contributor-covenant.org 129 | [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html 130 | [Mozilla CoC]: https://github.com/mozilla/diversity 131 | [FAQ]: https://www.contributor-covenant.org/faq 132 | [translations]: https://www.contributor-covenant.org/translations 133 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | ## Code of Conduct 4 | 5 | All members of the project community must abide by the [Contributor Covenant, version 2.1](CODE_OF_CONDUCT.md). 6 | Only by respecting each other we can develop a productive, collaborative community. 7 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting [a project maintainer](.reuse/dep5). 8 | 9 | ## Engaging in Our Project 10 | 11 | We use GitHub to manage reviews of pull requests. 12 | 13 | * If you are a new contributor, see: [Steps to Contribute](#steps-to-contribute) 14 | 15 | * Before implementing your change, create an issue that describes the problem you would like to solve or the code that should be enhanced. Please note that you are willing to work on that issue. 16 | 17 | * The team will review the issue and decide whether it should be implemented as a pull request. In that case, they will assign the issue to you. If the team decides against picking up the issue, the team will post a comment with an explanation. 18 | 19 | ## Steps to Contribute 20 | 21 | Should you wish to work on an issue, please claim it first by commenting on the GitHub issue that you want to work on. This is to prevent duplicated efforts from other contributors on the same issue. 22 | 23 | If you have questions about one of the issues, please comment on them, and one of the maintainers will clarify. 24 | 25 | ## Contributing Code or Documentation 26 | 27 | You are welcome to contribute code in order to fix a bug or to implement a new feature that is logged as an issue. 28 | 29 | The following rule governs code contributions: 30 | 31 | * Contributions must be licensed under the [Apache 2.0 License](./LICENSE) 32 | * Due to legal reasons, contributors will be asked to accept a Developer Certificate of Origin (DCO) when they create the first pull request to this project. This happens in an automated fashion during the submission process. SAP uses [the standard DCO text of the Linux Foundation](https://developercertificate.org/). 33 | 34 | ## Issues and Planning 35 | 36 | * We use GitHub issues to track bugs and enhancement requests. 37 | 38 | * Please provide as much context as possible when you open an issue. The information you provide must be comprehensive enough to reproduce that issue for the assignee. 39 | -------------------------------------------------------------------------------- /Documentation/MarkdownTemplate.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 13 | 14 | 15 | ## <**Your SAP BTP Reference Architecture Name**> (Mandatory) 16 | 17 | Long description which goes beyond what will be displayed on the tile in the catalog view. 18 | **DO NOT** use any image or hyperlinks with relative URL or Path. Always use absolute public links. 19 | 20 | Your long description 21 | 22 | ### Flow (Mandatory) 23 | 24 | Describes the data flow across applications, BTP services and components (preferably runtime perspective). Use numbering for listing single steps as shown in the BTP reference architecture diagram. 25 | **DO NOT** use any image or hyperlinks with relative URL or Path. Always use absolute public links. 26 | 27 | Introductory text 28 | - xxx 29 | - xxx 30 | 31 | ### Characteristics (Mandatory) 32 | 33 | List ~5 characteristics (incl. description) which are typical for this reference architecture. Characteristics may help customers to decide and select the right reference architecture for their needs. You may also consult the [SAP GenAI Experience Lab (XL)](https://sapit-core-playground-vole.ai-launchpad.prod.eu-central-1.aws.apps.ml.hana.ondemand.com/aic/index.html#/generativeaihub?workspace=sap-genai-xl&resourceGroup=default&/g/prompteditor) for identifying suitable candidates for the characteristics. 34 | 35 | Your list of Characteristics 36 | 37 | **DO NOT** use any image or hyperlinks with relative URL or Path. Always use absolute public links. 38 | 39 | ### Examples in an SAP context (Mandatory) 40 | 41 | List ~3 examples where your SAP BTP reference architecture is used as part of the “SAP standard delivery”. If there is none then describe typical customer use cases. 42 | 43 | Your list of examples 44 | 45 | **DO NOT** use any image or hyperlinks with relative URL or Path. Always use absolute public links. 46 | 47 | 48 | ### Reasonable alternatives (Optional) 49 | 50 | List alternative options for accomplishing the same thing – such as reference architectures, technologies etc.- if applicable. Describe when to use which option. 51 | 52 | Your reasonable alternatives 53 | 54 | **DO NOT** use any image or hyperlinks with relative URL or Path. Always use absolute public links. 55 | 56 | 57 | 58 | ### Services and Components (Mandatory) 59 | 60 | List BTP services from SAP Discovery Center - Services (cloud.sap) which are used as part of your SAP BTP reference architecture. 61 | 62 | Your list of BTP services and components (including URLs from SAP Discovery Center). Check Example below: 63 | 64 | 65 | - [SAP Datasphere](https://discovery-center.cloud.sap/#/serviceCatalog/sap-datasphere) 66 | 67 | 68 | ### Resources (Mandatory) 69 | 70 | List further resources which are related to your SAP BTP reference architecture starting with SAP solutions (other than the ones from BTP service catalog), third party solutions (e.g. from hyperscaler), SAP Community blog posts, product documentation, SAP Learning Journeys. 71 | 72 | **DO NOT** use any image or hyperlinks with relative URL or Path. Always use absolute public links. 73 | 74 | Your list of resources (including URLs) 75 | 76 | 77 | - [SAP Samples | GitHub ](https://github.com/SAP-samples/data-warehouse-cloud-fedml) 78 | 79 | 80 | ### Related Missions (Optional) 81 | 82 | List SAP Discovery Center Missions which fit to your SAP BTP reference architecture 83 | 84 | Your list of related SAP Discovery Center missions (including URLs) 85 | 86 | 87 | - [Explore your Hyperscaler data with SAP Datasphere | SAP Discovery Center](https://discovery-center.cloud.sap/missiondetail/3656/3699/) 88 | 89 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /LICENSES/Apache-2.0.txt: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. 10 | 11 | "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. 12 | 13 | "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. 14 | 15 | "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. 16 | 17 | "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. 18 | 19 | "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. 20 | 21 | "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). 22 | 23 | "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. 24 | 25 | "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." 26 | 27 | "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 28 | 29 | 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 30 | 31 | 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 32 | 33 | 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: 34 | 35 | (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and 36 | 37 | (b) You must cause any modified files to carry prominent notices stating that You changed the files; and 38 | 39 | (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and 40 | 41 | (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. 42 | 43 | You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 44 | 45 | 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 46 | 47 | 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 48 | 49 | 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 50 | 51 | 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 52 | 53 | 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. 54 | 55 | END OF TERMS AND CONDITIONS 56 | 57 | APPENDIX: How to apply the Apache License to your work. 58 | 59 | To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. 60 | 61 | Copyright [yyyy] [name of copyright owner] 62 | 63 | Licensed under the Apache License, Version 2.0 (the "License"); 64 | you may not use this file except in compliance with the License. 65 | You may obtain a copy of the License at 66 | 67 | http://www.apache.org/licenses/LICENSE-2.0 68 | 69 | Unless required by applicable law or agreed to in writing, software 70 | distributed under the License is distributed on an "AS IS" BASIS, 71 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 72 | See the License for the specific language governing permissions and 73 | limitations under the License. 74 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![REUSE status](https://api.reuse.software/badge/github.com/SAP/sap-btp-reference-architectures)](https://api.reuse.software/info/github.com/SAP/sap-btp-reference-architectures) 2 | 3 | # SAP BTP reference architectures 4 | 5 | ## About this project 6 | 7 | The SAP Business Technology Platform BTP forms the foundation of the Intelligent Sustainable Enterprise. 8 | 9 | 10 | ![](images/BTP-marketecture.png) 11 | 12 | With its services and capabilities in the areas Application Development, Automation, Integration, Data and Analytics 13 | as well as AI it offers powerful components that can be combined to fit SAP, partner and customer needs. 14 | 15 | This repository contains various SAP BTP reference architecture diagrams. They are supposed to help architects when building solution architectures that combine different technology products & services. 16 | The provided source files of diagrams can be used and adopted by your own by using [diagrams.net](https://github.com/jgraph/drawio-desktop/releases) 17 | 18 | The diagrams cover a variety of areas and also support methodologies that SAP features: 19 | 20 | - [Hyperscaler related reference architectures](/hyperscalers/README.md) 21 | - reference architectures related to the [**SAP Integration Solution Advisory Methodology**](https://www.sap.com/services-support/integration-solution-advisory-methodology.html) 22 | - reference architectures related to the [**SAP Application Extension Methodology**](https://help.sap.com/docs/architecture_guidance/2f804cb5e53d4279879009100a2b2082/cd963582f46d421c9abfd28dc25ea7e3.html?locale=en-US) 23 | - [reference architectures](/data-analytics/README.md) related to the [**SAP Data and Analytics Advisory Methodology**](https://blogs.sap.com/2023/03/15/release-of-sap-data-and-analytics-advisory-methodology/) 24 | - *more areas will be provided soon* 25 | 26 | The architectures are based on the official [**SAP SAP Business Technology Platform Solution Diagrams**](https://blogs.sap.com/2018/01/05/be-visual-use-official-icons-and-samples-for-sap-cloud-platform-solution-diagrams/) 27 | 28 | You can download the latest version of icons here: 29 | - [BTP service icons](https://d.dam.sap.com/a/s9tyyJJ?rc=10) 30 | - [Terms of Use](https://d.dam.sap.com/a/nXJJmw/SAP%20Business%20Technology%20Platform%20Diagrams%20and%20Icons%20Terms%20of%20Use.pdf?rc=10) 31 | 32 | Default templates for SAP open source repositories, including LICENSE, .reuse/dep5, Code of Conduct, etc... All repositories on github.com/SAP will be created based on this template. 33 | 34 | ## Support, Feedback, Contributing 35 | 36 | This project is open to feature requests/suggestions, bug reports etc. via [GitHub issues](https://github.com/SAP/ap-btp-reference-architectures/issues). Contribution and feedback are encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our [Contribution Guidelines](CONTRIBUTING.md). 37 | 38 | ## Code of Conduct 39 | 40 | We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone. By participating in this project, you agree to abide by its [Code of Conduct](CODE_OF_CONDUCT.md) at all times. 41 | 42 | ## Licensing 43 | 44 | Copyright 2023 SAP SE or an SAP affiliate company and ap-btp-reference-architectures contributors. Please see our [LICENSE](LICENSE) for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/SAP/ap-btp-reference-architectures). 45 | -------------------------------------------------------------------------------- /app-dev/work-zone/images/Establish-a-central-entry-point-with-SAP-Build-Work-Zone_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/app-dev/work-zone/images/Establish-a-central-entry-point-with-SAP-Build-Work-Zone_diagram.png -------------------------------------------------------------------------------- /app-dev/work-zone/images/archive/build-work-zone.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/app-dev/work-zone/images/archive/build-work-zone.png -------------------------------------------------------------------------------- /app-dev/work-zone/images/build-work-zone.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/app-dev/work-zone/images/build-work-zone.png -------------------------------------------------------------------------------- /automation/build-process-automation/build-process-automation.md: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | ## **Integrate and extend SAP and non-SAP solutions with SAP Build Process Automation** 21 | 22 | SAP Build Process Automation is a citizen developer solution to adapt, improve, and innovate business processes with no-code workflow management and robotic process automation capabilities. 23 | 24 | SAP Build Process Automation enables business users and technologists to become citizen developers. With intuitive low-code and no-code capabilities, the solution supports you in driving automation by tapping into the expertise of citizen developers. 25 | 26 | This reference architecture describes how you can use SAP Build Process Automation to integrate and extend SAP and non-SAP solutions in cloud and hybrid landscapes. It also related to the Robot Process Automation use case pattern of the SAP Integration Solution Advisory Methodology. 27 | 28 | ### Flow 29 | 30 | The SAP Build Process Automation architecture diagram highlights five key flows when creating process automations across systems. 31 | 32 | 1. End users can access SAP Build Process Automation via the web and mobile native application(s). 33 | 34 | a. SAP Build Work Zone Web (standard / advanced edition) 35 | 36 | b. SAP Build Work Zone Advanced (mobile application for advanced edition) 37 | 38 | c. SAP Mobile Start (only SAP Start & standard edition for now) 39 | 40 | 2. For identity management and authentication, SAP Build Process Automation relies on SAP Cloud Identity Services - Identity Authentication as the identity provider. SAP Cloud Identity Services serve as central facade for the identity and access management. In this context, SAP Cloud Identity Services - Identity Authentication offers secure authentication or a federation with third party identity providers. The SAP Cloud Identity Services - Identity Directory stores the SAP identities. SAP Cloud Identity Services can also be used as a proxy for a customer owned identity provider. 41 | 42 | 3. SAP Build Process Automation as a solution consists of multiple components enabling different capabilities out of the box which cannot be decoupled from the product. When SAP Build Process Automation is activated in a subaccount of SAP BTP, these components will be invisible in the list of subscriptions and service instances: They are all an integral part of the solution itself (SAP Build Process Automation subscription). This includes services like Decisions, Process Visibility, Processes and Automations. 43 | 44 | 4. SAP Build Process Automation integrates via the SAP Connectivity service with other SAP BTP services and with applications outside of SAP BTP. The integration is based on APIs which are provided via different channels as Live API using Graph, SAP Cloud Application Programming Model, ABAP RESTful Application Programming Model OData destinations, SAP systems, API Business Hub Enterprise or via API specifications using SAP Business Accelerator Hub, uploading API specifications and building API actions from scratch. 45 | 46 | 5. Processes in SAP Build Process Automation can be triggered via events, APIs, schedules and forms. Forms can be provided based on SAP Build Process Automation Forms, UI5 applications or SAP Build Apps. 47 | 48 | 6. When moving business content from one environment to another – for example from development to test – this can be achieved via manual export/import or via the more elaborated integration with SAP Cloud Transport Management. 49 | 50 | ### Characteristics 51 | 52 | - Central automation solution across hybrid SAP landscapes: SAP Build Process Automation allows to easily build approval processes across systems with SAP Task Center as a centralized access for end users to manage their tasks. 53 | 54 | - Support of third-party identity providers: SAP Cloud Identity Services - Authentication allows federation with third party Identity Providers and SAP Cloud Identity Services – Provisioning allows provisioning of user/role assignments from a third-party source. 55 | 56 | - Global User ID: Globally unique user identifier defined by SAP Cloud Identity Services-Identity Authentication and used by SAP Build Process Automation. 57 | 58 | - Cloud and on-premise solution integration: Apart from integrating with various SAP and third party cloud solutions, SAP Build Process Automation can also be configured to work with SAP ECC, SAP S/4HANA and S/4HANA Cloud, private edition. 59 | 60 | - Predefined content for SAP Build Process Automation is directly available via the integrated store and can be used with or without adoption based on customer needs. 61 | 62 | ### Examples in an SAP context 63 | 64 | SAP Build Process Automation is used in various use cases across all Lines of Businesses and all industries: 65 | 66 | - Mass maintenance of a scheduling agreements 67 | 68 | In this use case business experts are enabled to accelerate the automation of creation and change of scheduling agreements in a transparent way and provides feasibility to meet business requirements. The use case includes approval decisions, automation of master data content. 69 | 70 | SAP Build Process Automation allows efficient processing of master data creation or change and helps in process optimization for the master data team including approval of the master data in SAP. By automating this process, organizations can streamline their supply chain operations and improve productivity. 71 | 72 | Based on selection criteria, the process is triggered in SAP Build Process Automation and a scheduling agreement is created or changed (depending on the choice of operation) for all valid scheduling agreements 73 | 74 | - Non-repairable part auto recording with goods movement 75 | 76 | In this use case business experts are enabled to accelerate recording of non-repairable equipment or spare parts and post goods movement of spare part to a non-repairable storage location in a transparent approach and provides feasibility to meet business requirements. It also includes approval decisions. 77 | 78 | Mass recording of non-repairable status and posting goods movement for parts which are not repairable for now but might be repairable later is a regular activity in repair business. The process of declaring parts with high volume is time consuming, manually intensive and error prone as there are multiple manual steps involved to complete process. Due to the high frequency and volume of parts to be declared as non-repairable, this solution will help to expedite the time and effort to perform this task. 79 | 80 | Based on selection criteria, the process is triggered in SAP Build Process Automation and system status is changed for equipment and it is marked as deactivated, or a goods movement is posted for spare part to a non-repairable storage location in SAP S/4HANA system. 81 | 82 | - Creation and approval of mass job requisition 83 | 84 | This use case streamlines and automates the process of creating and approving job requisition for the open positions with multiple vacancies that are existing in position organization chart within the SAP SuccessFactors Employee Central (EC). 85 | 86 | It does so by extracting the necessary data from a source file with position data, often an excel document, and utilizing relevant APIs to create and approve the requisition. Upon successful completion of the process the job requisition is in the 'Open' status. These requisitions can be published to internal and external job sites, making it available for candidates to view and apply for the respective job positions. This end-to-end process not only reduces manual data entry and processing but also enhances the speed and efficiency of job requisition creation and approval within the organization's hiring workflow. 87 | 88 | - Create customer material info records 89 | 90 | The business requires a solution to reduce the manual effort by the internal sales representative for creation of customer material info record in SAP S/4HANA system. 91 | 92 | When customer sends a request to create customer material info records (CMIR) to SAP S/4HANA system, automation will validate for duplicate entry and initiate workflow for approval. Once approved, the customer material info records (CMIR) will be automatically created in SAP S/4HANA system via API. 93 | 94 | Organizations receives a request via emails with attachment to create customer material info records (CMIR) into SAP S/4HANA system. There have been issues reported with data inconsistencies in areas like purchasing, procurement and in other similar areas due to inefficiency to address such request. Also, the SAP S/4HANA system is prone to human errors while with data entries and low productivity due to lack of proper automatic mechanism to cater such request. 95 | 96 | 97 | ### Services and Components 98 | 99 | 100 | - [SAP Business Application Studio](https://discovery-center.cloud.sap/serviceCatalog/business-application-studio?region=all) 101 | - [SAP Connectivity service](https://discovery-center.cloud.sap/serviceCatalog/connectivity-service?region=all) 102 | - [SAP Destination service](https://discovery-center.cloud.sap/serviceCatalog/destination?region=all) 103 | - [SAP Document Management service, integration option](https://discovery-center.cloud.sap/serviceCatalog/document-management-service-integration-option?region=all) 104 | - [SAP Cloud Identity Services](https://discovery-center.cloud.sap/serviceCatalog/identity-authentication?region=all) 105 | - [SAP Integration Suite](https://discovery-center.cloud.sap/serviceCatalog/integration-suite?region=all) 106 | - [SAP Build Apps](https://discovery-center.cloud.sap/serviceCatalog/sap-build-apps?region=all) 107 | - [SAP Build Process Automation](https://discovery-center.cloud.sap/serviceCatalog/sap-build-process-automation?region=all) 108 | - [SAP Build Work Zone](https://discovery-center.cloud.sap/serviceCatalog/sap-build-work-zone-advanced-edition?region=all) 109 | 110 | 111 | ### Resources 112 | 113 | 114 | - [SAP Build Process Automation (SAP Community Blog Posts)](https://community.sap.com/t5/c-khhcw49343/SAP+Build+Process+Automation/pd-p/73554900100800003832) 115 | - [SAP Build Process Automation (SAP Help Portal)](https://help.sap.com/viewer/product/PROCESS_AUTOMATION/Cloud) 116 | - [SAP Build Process Automation (SAP Tutorials)](https://developers.sap.com/tutorial-navigator.html?tag=software-product%3Atechnology-platform%2Fsap-build%2Fsap-build-process-automation) 117 | - [SAP Build Process Automation (SAP Learning Journeys)](https://learning.sap.com/learning-journeys?page=1&query=sap+build+process+automation) 118 | 119 | 120 | ### Related Missions 121 | 122 | 123 | - [Process and approve your invoices with SAP Build Process Automation](https://discovery-center.cloud.sap/index.html#/missiondetail/3260/3344/) 124 | - [Extend SAP S/4HANA with SAP Build Process Automation](https://discovery-center.cloud.sap/index.html#/missiondetail/4163/4406/) 125 | - [Extend Pre-built Automation Procurement Packages in SAP Build Process Automation](https://discovery-center.cloud.sap/index.html#/missiondetail/4018/4222/) 126 | 127 | -------------------------------------------------------------------------------- /automation/build-process-automation/images/Integrate-and-extend-SAP-and-non-SAP-solutions-with-SAP-Build-Process-Automation_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/automation/build-process-automation/images/Integrate-and-extend-SAP-and-non-SAP-solutions-with-SAP-Build-Process-Automation_diagram.png -------------------------------------------------------------------------------- /automation/build-process-automation/images/SAP_Build_Process_Automation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/automation/build-process-automation/images/SAP_Build_Process_Automation.png -------------------------------------------------------------------------------- /automation/build-process-automation/images/archive/SAP_Build_Process_Automation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/automation/build-process-automation/images/archive/SAP_Build_Process_Automation.png -------------------------------------------------------------------------------- /automation/task-center/images/Establish-a-central-inbox-with-SAP-Task-Center_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/automation/task-center/images/Establish-a-central-inbox-with-SAP-Task-Center_diagram.png -------------------------------------------------------------------------------- /automation/task-center/images/archive/task-center.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/automation/task-center/images/archive/task-center.png -------------------------------------------------------------------------------- /automation/task-center/images/task-center.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/automation/task-center/images/task-center.png -------------------------------------------------------------------------------- /automation/task-center/task-center.md: -------------------------------------------------------------------------------- 1 | 18 | 19 | ## **Establish a central inbox with SAP Task Center** 20 | 21 | SAP Task Center enables integration with SAP applications to provide a single entry point for end users to access all their assigned tasks. The tasks can be accessed by end users through the SAP Task Center UI clients. 22 | 23 | You can use SAP Task Center as a unified inbox for tasks across multiple applications with integrated user experience. Tasks from multiple SAP solutions are gathered in one list and are ready to be processed in just one click, shortening the completion time for business-critical tasks. For example, business users can process all their tasks from the connected systems, without the need to switch and log in separately into different inboxes. 24 | 25 | This reference architecture also refers to the Process Automation cross use case pattern of the SAP Integration Solution Advisory Methodology. 26 | 27 | ### Flow 28 | 29 | The reference architecture diagram shows the SAP Task Center integration with various task providers. 30 | 31 | 1. For identity management and authentication, the SAP Task Center tenant relies on SAP Cloud Identity Services-Identity Authentication as the identity provider (IdP). SAP Cloud Identity Services serve as central fascade for the identity & access management. The SAP Cloud Identity Services - Identity Directory (IdDS) stores the SAP identities and the SAP Cloud Identity Services - Authentication (IAS) allow a secure authentication or a federation with third-party Identity Providers. 32 | 33 | 2. Each task provider, which is about to be integrated with SAP Task Center, must be able also to work with Identity Authentication as a hard prerequisite. To integrate а task provider with SAP Task Center, the following general guidelines should be followed: 34 | 35 | a) The users, who would consume SAP Task Center, must be available in both SAP Cloud Identity Services and the task provider system. 36 | 37 | b) The user identities must include the Global User ID, so that a user can be correlated across the different systems. For more information, see [Global User ID in Integration Scenarios](https://help.sap.com/docs/cloud-identity/system-integration-guide/global-user-id-in-integration-scenarios). 38 | 39 | c) The user entries must include essential user data, such as an email address and a display name. 40 | 41 | d) Sign-on should be configured between the task provider and Identity Authentication to enable navigation between SAP Task Center and the task provider. 42 | 43 | e) Tasks must be correlated with Global User ID, when provided to SAP Task Center. For example, the list of recipient users of a task must contain Global User IDs. 44 | 45 | 3. SAP Task Center communicates with the task provider applications via predefined destinations in a customer subaccount. For more information, see [Destinations](https://help.sap.com/docs/task-center/sap-task-center/destinations). 46 | 47 | 4. To integrate with SAP S/4HANA systems and receive on-premise tasks in SAP Task Center, a SAP Cloud Connector must be set up as part of the destination configuration. 48 | 49 | 5. End users can access SAP Task Center via various application clients: 50 | 51 | a. SAP Task Center Web app 52 | 53 | b. To-Dos in SAP Mobile Start 54 | 55 | c. To-Dos in SAP Start 56 | 57 | For more information, see [Using SAP Task Center](https://help.sap.com/docs/task-center/sap-task-center/using-sap-task-center). 58 | 59 | ### Characteristics 60 | 61 | An architecture for SAP Task Center integration can be characterized as follows: 62 | 63 | - **Single entry point for accessing tasks**: SAP Task Center allows end users to access all their assigned tasks from one inbox. 64 | 65 | - **Global User ID**: Globally unique user identifier defined by SAP Cloud Identity Services and used by SAP Task Center and all task providers. 66 | 67 | - **Support of third-party identity providers**: SAP Cloud Identity Services - Authentication (IAS) allows a federation with third-party Identity Providers (for SAP Task Center using the user store should be enabled) 68 | 69 | - **SAP on-premise solutions integration**: Apart from integrating with various SAP cloud solutions, SAP Task Center can be configured to work with SAP S/4HANA and SAP S/4HANA Cloud, private edition. 70 | 71 | - **Different application clients**: Tasks federated by SAP Task Center can be accessed from the SAP Task Center Web app, To-Dos in SAP Mobile Start and the To-Dos in SAP Start. 72 | 73 | ### Examples in an SAP Context 74 | 75 | SAP offers various SAP cloud and on premise solutions, which offer separate inbox experiences. With SAP Task Center the following is achieved: 76 | 77 | - Reduce the time spent by users navigating through various systems and finding items that require their approval or attention. 78 | 79 | - Improve the approval or completion time for critical items (which impact business operations if not approved on time). 80 | 81 | - Improve the quality and consistency of approvals. 82 | 83 | 84 | ### Services and Components 85 | 86 | - [SAP Build Work Zone](https://discovery-center.cloud.sap/serviceCatalog/sap-build-work-zone-advanced-edition?region=all) 87 | - [SAP Task Center](https://discovery-center.cloud.sap/serviceCatalog/sap-task-center?region=all) 88 | - [SAP Cloud Identity Authentication](https://discovery-center.cloud.sap/serviceCatalog/identity-authentication?region=all) 89 | - [SAP Cloud Identity Provisioning](https://discovery-center.cloud.sap/serviceCatalog/identity-provisioning?region=all) 90 | - [SAP Connectivity service](https://discovery-center.cloud.sap/serviceCatalog/connectivity-service?region=all) 91 | - [SAP Destination service](https://discovery-center.cloud.sap/serviceCatalog/destination?region=all) 92 | 93 | 94 | ### Resources 95 | 96 | - [SAP Task Center (SAP Help Portal)](https://help.sap.com/docs/task-center) 97 | - [SAP Task Center (Guided Answers)](https://ga.support.sap.com/dtp/viewer/index.html#/tree/3109/actions/47627) 98 | - [SAP Task Center (SAP Community Topic Page)](https://pages.community.sap.com/topics/task-center) 99 | 100 | 101 | 102 | ### Related Missions 103 | 104 | - [Establish a Central Inbox with SAP Task Center](https://discovery-center.cloud.sap/missiondetail/3774/3813/) 105 | - [Integrate Your SAP S/4HANA Cloud Tasks Into SAP Task Center](https://discovery-center.cloud.sap/missiondetail/3906/4071/) 106 | - [Integrate Your SAP S/4HANA Tasks Into SAP Task Center](https://discovery-center.cloud.sap/missiondetail/3910/4076/) 107 | - [Integrate Your SAP SuccessFactors Tasks Into SAP Task Center](https://discovery-center.cloud.sap/missiondetail/3816/3869/) 108 | - [Integrate Your SAP Concur Tasks Into SAP Task Center](https://discovery-center.cloud.sap/missiondetail/3883/3962/) 109 | - [Integrate Your SAP Cloud for Customer into SAP Task Center](https://discovery-center.cloud.sap/missiondetail/4235/4489/) 110 | - [Integrate Your SAP Fieldglass Tasks Into SAP Task Center](https://discovery-center.cloud.sap/missiondetail/3911/4077/) 111 | 112 | -------------------------------------------------------------------------------- /data-analytics/predictive-analytics/fedml.md: -------------------------------------------------------------------------------- 1 | 19 | 20 | 21 | 22 | ## **Federated Machine Learning** 23 | 24 | This reference architecture relates to the use case pattern "Federated Machine Learning" of the use case category "Predictive Analytics" as defined by the **SAP Data and Analytics Advisory Methodology**. 25 | 26 | ### Description 27 | 28 | The SAP Federated ML Python libraries (FedML) applies the Data Federation architecture of SAP Datasphere for intelligently sourcing SAP as well as non-SAP data for Machine Learning experiments done at any Machine Learning platform thereby removing the need for replicating or moving data. By abstracting the data connection and data load , the FedML library provides end to end platform agnostic integration support for instant data access & discovery of semantically rich business data with just few lines of code. 29 | 30 | Traditionally, using a dataset with a machine-learning platform or AI service like Google Vertex AI , Microsoft Azure ML , Amazon Sagemaker or IBM Watsonx.ai requires persisting the data on the ML platform, e.g. in Google Cloud Storage or Databricks delta lake. Using the open-sourced SAP FedML library data accessible in SAP Datasphere (virtually or physically) can be directly used in a Jupyter Notebook to train a ML model or for inference in the ML platform environment. 31 | 32 | FedML also supports training ML models in GPU environments through its support for NVIDIA RAPIDS(TM) framework and CUDA libraries. Models trained in ML Platforms can also be deployed in SAP AI Core seamlessly with a few lines of code. 33 | 34 | 35 | 36 | ### BTP services / SAP solutions 37 | 38 | [SAP Datasphere](https://discovery-center.cloud.sap/#/serviceCatalog/sap-datasphere?region=all) 39 | 40 | ### References 41 | 42 | [SAP Samples (GitHub)](https://github.com/SAP-samples/data-warehouse-cloud-fedml) 43 | 44 | 45 | ### Related SAP Discovery Center Missions 46 | If you would like to implement solutions that are related to this reference architecture and the technologies used you may continue with the following SAP Discovery Center missions: 47 | - [Predict and Analyze Retail Inventory Allocation using FedML](https://discovery-center.cloud.sap/missiondetail/3944/4145/) 48 | - [Predict your Supply Chain with Google Vertex AI and FedML](https://discovery-center.cloud.sap/missiondetail/4200/4453/) 49 | - [Predict Inventory Allocation with Amazon Sagemaker and FedML](https://discovery-center.cloud.sap/missiondetail/4106/4331/) 50 | - [Integrating SAP Datasphere & SAP AI Core with IBM Watsonx using FedML](https://discovery-center.cloud.sap/missiondetail/4449/4735/) 51 | - [Enable External Forecasting on SAP IBP with Google Vertex AI](https://discovery-center.cloud.sap/missiondetail/4249/4506/) 52 | 53 | -------------------------------------------------------------------------------- /data-analytics/predictive-analytics/images/Federated-Machine-Learning_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/data-analytics/predictive-analytics/images/Federated-Machine-Learning_diagram.png -------------------------------------------------------------------------------- /data-analytics/predictive-analytics/images/archive/fedml.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/data-analytics/predictive-analytics/images/archive/fedml.png -------------------------------------------------------------------------------- /data-analytics/predictive-analytics/images/fedml.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/data-analytics/predictive-analytics/images/fedml.png -------------------------------------------------------------------------------- /discovery-center/ReferenceArchitectures.md: -------------------------------------------------------------------------------- 1 | ### Reference Architectures ### 2 | 3 | 4 | 5 | * [Federated Machine Learning](../data-analytics/predictive-analytics/fedml.md) 6 | * [Application-to-application integration](../integration/application-to-application-integration/application_to_application_Integration.md) 7 | * [Master data integration](../integration/master-data-integration/master_data_integration.md) 8 | * [Business-to-business integration](../integration/business-to-business-integration/business_to_business_integration.md) 9 | * [Business-to-government integration](../integration/business-to-government-integration/business_to_government_integration.md) 10 | * [API managed integration](../integration/api-managed-integration/api_managed_integration.md) 11 | * [Google & SAP Datasphere Integration](../hyperscalers/google-datasphere/google_datasphere.md) 12 | * [Secure connectivity with SAP Private Link service](../hyperscalers/AWS-Azure/AWS_Azure_CAP_PLS.md) 13 | * [Retrieval augmented generation with GenAI on SAP BTP](../hyperscalers/openai/OpenAI.md) 14 | * [Cloud leading authentication](../security/cloud-leading-authn/cloud-leading-authn.md) 15 | * [Cloud leading identity lifecycle authorizations](../security/cloud-leading-authz/cloud-leading-authz.md) 16 | * [Cloud leading identity lifecycle](../security/cloud-leading-identity-lifecycle/cloud-leading-identity-lifecycle.md) 17 | * [Establish a central entry point with SAP Build Work Zone](../app-dev/work-zone/build-wokzone.md) 18 | * [Establish a central inbox with SAP Task Center](../automation/task-center/task-center.md) 19 | * [Integrate and extend SAP and non-SAP solutions with SAP Build Process Automation](../automation/build-process-automation/build-process-automation.md) 20 | * [Architecting multi-region resiliency for SAP BTP use cases](../hyperscalers/multi-region-ha/multi_region_ha.md) 21 | * [Events to business framework](../hyperscalers/events-to-business-actions/events-to-business-actions.md) 22 | 23 | -------------------------------------------------------------------------------- /hyperscalers/AWS-Azure/AWS_Azure_CAP_PLS.md: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | ## **Secure connectivity with SAP Private Link service** 21 | 22 | SAP Private Link service is a feature offered by cloud providers like Microsoft Azure and Amazon Web Services (AWS) that allows customers to expose their services in their virtual networks to consumers in other virtual networks or subscriptions. The primary goal of Private Link service is to ensure that data offered by service providers is only accessible through a private endpoint, which ensures that the data doesn't traverse over the public internet. 23 | 24 | SAP Private Link service allows to securely connect applications running on SAP BTP to workloads running on hyperscalers. This ensures that traffic is not routed through the public internet but stays within the hyperscaler infrastructure. This helps to minimize attack vectors and ensures secure communication between SAP BTP and hyperscaler workload. To use sAP Private Link service, service providers would set up a standard Load Balancer in front of their service in Azure and then enable sAP Private Link service on one or more standard public IP addresses. Consumers, on the other hand, would create a private endpoint in their virtual network and connect it to the service provider's service. 25 | 26 | More details about [SAP Private Link service ](https://help.sap.com/docs/PRIVATE_LINK?locale=en-US). 27 | 28 | ### Flow 29 | To establish the private connection, you first need create a service instance of the SAP Private Link service by providing the identifier of the IaaS provider service instance. After approving the creation of the private endpoint in your IaaS provider account, you bind the service instance to your application and can then start using the private endpoint. 30 | 31 | However, this binding does not include any credentials for accessing the service in your own IaaS account. You need to provide the credentials to your application by different means, for example, by creating a user-provided service that contains the required information, and binding it to the application. 32 | 33 | **Service Identifier**: The unique identifier of a service instance of an IaaS provider service that has to be provided during the creation of the SAP Private Link service instance. The actual term depends on the IaaS provider, for example, in Azure, this unique service identifier is called service resource. 34 | 35 | **Service Instance**: Creating a service instance of the SAP Private Link service sets up a private endpoint that is associated with this service instance. 36 | 37 | **Binding**: Binding the service instance of the SAP Private Link service to the application gives the Cloud Foundry space access to the private endpoint. Binding the user-provided service to the application shares the service credentials with the application. 38 | 39 | **Credentials**: Creating a user-provided service, for example, enables you to share the credentials of the bound service instance in the IaaS provider account with the application in your SAP BTP account. 40 | 41 | ### Characteristics 42 | Currently SAP Private Link service supports private endpoints on Microsoft Azure and Amazon Web Services. Supported services from each of the vendors are as follows: 43 | - [Supported Microsoft Azure services](https://help.sap.com/docs/private-link/private-link1/consume-azure-services-in-sap-btp): To privately access a service in your Azure subcription, SAP Private Link service creates a private endpoint and reuses the private link functionality of Azure. 44 | - [Supported AWS services](https://help.sap.com/docs/private-link/private-link1/consume-amazon-web-services-in-sap-btp): To privately access a service in your AWS subcription, SAP Private Link service creates a private endpoint and reuses the private link functionality of AWS. 45 | 46 | ### Examples in an SAP Context 47 | The most commonly used use case for SAP Private Link service is to communicate with an SAP S/4HANA system or other SAP or non-SAP systems running on a VM in your own Microsoft Azure or AWS account privately from within SAP BTP, Cloud Foundry environment. 48 | 49 | This connection can be established by creating a hyperscaler Endpoint Service that exposes a Load Balancer which routes traffic to the SAP S/4HANA system. The service name of that Endpoint Service must then be used to create an SAP Private Link service instance. As soon as the connection is established successfully, the SAP Private Link service provides a private hostname pointing to your Endpoint Service. 50 | 51 | You can also find an end-to-end SAP S/4HANA extension use case with step-by-step instructions, both for AWS and Azure, in this use case titled [Enhance core ERP business processes with resilient applications on SAP BTP](https://github.com/SAP-samples/btp-build-resilient-apps). 52 | 53 | The second use case is to use the service name of one of the supported services offered by AWS instead of a custom service name. The basic functionality is the same, but instead of a connection to a custom endpoint exposed via an AWS Endpoint Service, the connection will be established to a service natively provided by AWS, such as the Amazon Simple Queue Service. 54 | 55 | 56 | 57 | ### BTP services / SAP solutions 58 | 59 | 60 | The reference architecture for SAP S/4HANA extensibility using SAP Private Link service uses the following SAP BTP services: 61 | 62 | - [SAP Private Link service](https://discovery-center.cloud.sap/serviceCatalog/private-link-service?service_plan=standard®ion=all&commercialModel=cloud) : SAP Private Link service establishes a private connection between selected SAP BTP services and selected services in your own IaaS provider accounts. By reusing the private link functionality of our partner IaaS providers, it lets you access your services through private network connections to avoid data transfer via the public Internet. 63 | 64 | - [SAP Business Application Studio](https://discovery-center.cloud.sap/serviceCatalog/business-application-studio?region=all): SAP Business Application Studio (the next generation of SAP Web IDE) is a powerful and modern development environment, tailored for efficient development of business applications for the Intelligent Enterprise. Available as a cloud service, it provides developers a desktop-like experience similar to market leading IDEs, while accelerating time-to-market with high-productivity development tools such as wizards and templates, graphical editors, quick deployment, and more. 65 | 66 | - [SAP Event Mesh](https://discovery-center.cloud.sap/serviceCatalog/event-mesh?region=all): SAP Event Mesh allows applications to communicate through asynchronous events. 67 | 68 | - [SAP Build Work Zone, standard edition](https://discovery-center.cloud.sap/serviceCatalog/sap-build-work-zone-standard-edition?region=all): SAP Build Work Zone, standard edition enables organizations to establish a unified point of access to SAP (e.g. SAP S/4HANA), custom-built, and third party applications and extensions, both on the cloud and on premise. 69 | 70 | - [SAP Continuous Integration and Delivery service](https://discovery-center.cloud.sap/serviceCatalog/continuous-integration--delivery?region=all): SAP Continuous Integration and Delivery lets you configure and run predefined continuous integration and delivery (CI/CD) pipelines that automatically build, test, and deploy your code changes to speed up your development and delivery cycles. 71 | 72 | - [SAP Cloud Transport Management](https://discovery-center.cloud.sap/serviceCatalog/cloud-transport-management?region=all): SAP Cloud Transport Management service lets you manage software deliverables between accounts of different environments (such as Cloud Foundry, ABAP, and Neo), by transporting them across various runtimes. This includes application artifacts as well as their respective application-specific content. 73 | 74 | - [SAP HANA Cloud](https://discovery-center.cloud.sap/serviceCatalog/sap-hana-cloud?region=all): SAP HANA Cloud is a database-as-a-service that powers mission-critical applications and real-time analytics with one solution at petabyte scale. Converge relational, graph, spatial, and document store and develop smart applications with embedded machine learning. Process mission-critical data at proven in-memory speed and manage it more efficiently with integrated multi-tier storage. 75 | 76 | - [SAP Destination service](https://discovery-center.cloud.sap/serviceCatalog/destination?service_plan=lite®ion=all&commercialModel=cloud) : The Destination service lets you retrieve the backend destination details you need to configure applications in the Cloud Foundry environment. 77 | 78 | - [SAP HTML5 Application Repository Service for SAP BTP](https://discovery-center.cloud.sap/serviceCatalog/html5-application-repository-service?region=all): The HTML5 Application Repository service for SAP BTP enables central storage of HTML5 applications on SAP BTP. The service allows application developers to manage the lifecycle of their HTML5 applications. In runtime, the service enables the consuming application, typically the application router, to access HTML5 application static content in a secure and efficient manner. 79 | 80 | - [SAP Application Logging Service for SAP BTP](https://discovery-center.cloud.sap/serviceCatalog/application-logging-service?region=all): The SAP Application Logging service for SAP BTP lets you stream logs of bound Cloud Foundry applications to a central application logging stack. SAP Application Logging service for SAP BTP uses Elastic Stack to store and visualize your application log data. 81 | 82 | - [SAP Authorization and Trust Management service](https://discovery-center.cloud.sap/serviceCatalog/authorization-and-trust-management-service?region=all): The SAP Authorization and Trust Management service lets you manage user authorizations and trust to identity providers. Identity providers are the user base for applications. We recommend that you use an IAS identity authentication tenant, an SAP on-premise system, or a custom corporate identity provider. 83 | 84 | - [Application Autoscaler](https://discovery-center.cloud.sap/serviceCatalog/application-autoscaler?service_plan=standard®ion=all&commercialModel=cloud): Application Autoscaler lets you automatically increase or decrease the number of your application instances based on the policies you have defined. 85 | 86 | 87 | 88 | ### Resources 89 | 90 | For more information about the different technologies used as part of this reference architecture you may check out the following resources: 91 | 92 | - Documentation 93 | - [SAP Private Link service](https://help.sap.com/docs/private-link) 94 | - [Azure Private Link](https://azure.microsoft.com/en-us/products/private-link) 95 | - [AwS Private Link](https://aws.amazon.com/privatelink/) 96 | 97 | - SAP Community blog posts: 98 | - [Extend your Business Processes with the new SAP Private Link service](https://blogs.sap.com/2022/06/03/extend-your-business-processes-with-the-new-sap-private-link-service/) 99 | - [SAP Private Link in Action: How FrieslandCampina safeguards their integration flows with Azure Storage Account](https://blogs.sap.com/2023/04/07/sap-private-link-in-action-how-frieslandcampina-safeguards-their-integration-flows-with-azure-storage-account/) 100 | - [SAP Private Link service use cases for SAP Cloud Integration and SAP Build Work Zone, standard edition (SAP community blog post)](https://blogs.sap.com/2022/08/22/sap-private-link-service-use-cases-for-sap-cloud-integration-and-sap-launchpad/) 101 | - [SAP Private linky swear with Azure – running Cloud Connector and SAP Private Link side-by-side](https://blogs.sap.com/2022/07/07/btp-private-linky-swear-with-azure-running-cloud-connector-and-sap-private-link-side-by-side/) 102 | - [SAP Private Link service is integrated to SAP BTP, Kyma runtime](https://community.sap.com/t5/technology-blogs-by-sap/sap-private-link-service-is-integrated-to-sap-btp-kyma-runtime/ba-p/13614067) 103 | 104 | - Samples on Github: 105 | - [Enhance core ERP business processes with resilient applications on SAP BTP](https://github.com/SAP-samples/btp-build-resilient-apps/blob/main/tutorials/05_setupconnectivity/privatelink.md) 106 | - [SAP Private Link Service Use Cases for SAP Cloud Integration and SAP Build Work Zone, Standard Edition](https://github.com/SAP-samples/btp-private-link-approuter) 107 | 108 | - Tutorials: 109 | - [Connect SAP Private Link service to Microsoft Azure Private Link Service (CF)](https://developers.sap.com/mission.private-link-connect.html) 110 | - [Connect SAP Private Link service to Microsoft Azure Private Link Service (Kyma)](https://developers.sap.com/tutorials/private-link-azure-kyma.html) 111 | - [Connect SAP Private Link service to AWS Private Link Service (CF)](https://developers.sap.com/tutorials/private-link-aws.html) 112 | - [Connect SAP Private Link service to AWS Private Link Service (Kyma)](https://developers.sap.com/tutorials/private-link-aws-kyma.html) 113 | 114 | 115 | 116 | ### Related Missions and Tutorials 117 | 118 | If you would like to implement solutions that are related to this reference architecture and technologies used you may continue with the following SAP Discovery Center missions: 119 | - [Enhance core ERP business processes with resilient applications on SAP BTP](https://discovery-center.cloud.sap/missiondetail/3501/3542/) 120 | - [Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS](https://discovery-center.cloud.sap/missiondetail/4172/4422/) 121 | - [Enable Supplier Collaboration across SAP and Microsoft Azure Ecosystem using SAP BTP](https://discovery-center.cloud.sap/missiondetail/4068/4280/) 122 | 123 | 124 | -------------------------------------------------------------------------------- /hyperscalers/AWS-Azure/images/Secure-Connectivity-with-SAP-Private-Link-service-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/AWS-Azure/images/Secure-Connectivity-with-SAP-Private-Link-service-diagram.png -------------------------------------------------------------------------------- /hyperscalers/AWS-Azure/images/archive/generic-privatelink.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/AWS-Azure/images/archive/generic-privatelink.png -------------------------------------------------------------------------------- /hyperscalers/AWS-Azure/images/generic-privatelink.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/AWS-Azure/images/generic-privatelink.png -------------------------------------------------------------------------------- /hyperscalers/events-to-business-actions/events-to-business-actions.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 19 | 20 | 21 | 22 | ## Events to business actions framework 23 | 24 | As businesses expand, their enterprise IT landscapes become more intricate, and they need to automate and optimize daily tasks with various software applications, systems, and processes. 25 | Companies are driving the digitization of the factory, plants, warehouses, and business networks and creating an ecosystem by linking Information Technology (IT) with Operational Technology (OT). Bridging the gaps between different landscapes and processes with integrated frameworks is key for building a seamless, efficient, bi-directional collaborative ecosystem. For instance, in a supply chain logistics scenario, the movement of inventory (e.g., product, pallet) often indicates the next step in the business process. Thus, the manual effort to capture process steps, update the IT systems and trigger subsequent processes can be minimized by integrating events, enriching them with business context and integrating them into business processes. On similar lines, events can be produced from systems and applications as well for e.g emails, business events on enterprise applications etc. This brings the need to trigger business processes as a response to these events. 26 | 27 | To facilitate communication across these landscapes without overburdening the systems, decoupled/asynchronous communication between application endpoints is an effective solution to improve performance and scalability. One of the ways to achieve this on SAP BTP is to develop and extension applications based on event-driven architecture. 28 | 29 | The events-to-business actions framework is an event-driven side-by-side extension application that integrates any type of event from systems/applications (providers) into the SAP ecosystem (consumer) via SAP BTP. This application helps to configure actions that need to be executed in SAP LoB systems based on the events that are received in SAP Integration Suite, advanced event mesh. The application scenario you will develop in this tutorial leverages the Events-To-Business actions framework (extension application). 30 | 31 | ### Flow 32 | 33 | This illustrates event-based integration options for automation of events from different systems to business actions in the SAP ecosystem. In this reference architecture, you will learn how to configure and create an event-driven application by implementing the events-to-actions framework in SAP BTP with events from Microsoft Azure or AWS integrating with business processes in SAP S/4HANA. This architecture specifically focused on Industry 4.0 scenario, hence Microsoft Azure and AWS's IOT services are leveraged. 34 | 35 | The architecture is based on leveraging the services of SAP BTP which includes event-based integration with SAP Integration Suite, SAP Event Mesh/SAP Advanced Event Mesh , SAP Build Process Automation , SAP HANA Cloud, SAP Destination Service, SAP Connectivity service with cloud connector and a Node.js extension application on the SAP Cloud Foundry runtime. An alternative architecture can be considered with SAP Private Link service for integrating SAP BTP and SAP S/4HANA in scenarios where both SAP BTP and SAP S/4HANA run on the same hyperscaler environment (Microsoft Azure or AWS). 36 | 37 | The following steps depict the information flow across systems (in both scenarios) 38 | 39 | 1. Application admin logs into SAP BTP extension application based on Events to Business Actions Framework via SAP Build Workzone to configure the business rules/decisions and the business actions that needs to be triggered in the business systems. 40 | 41 | 2. Event is triggered from source systems like Microsoft Azure/AWS/Telco IOT Platform (in the case of IOT scenario) or any other system. 42 | 43 | 3. These events are published on to SAP Integration Suite, SAP Event Mesh/SAP Advanced Event Mesh. As the processor module's(part of the Events-to-Business-Action framework) endpoint is subscribes to Event Mesh, the event is received. 44 | 45 | 4. Processor module(part of the Events-to-Business-Action framework) leverages the Decisions capability of SAP Build Process Automation to derive business action (For example, Purchase Order Requisition creation in SAP S/4HANA system) based on certain characteristics of incoming event. 46 | 47 | 5. The defined action is triggered in the SAP S/4HANA system using the SAP Destination Service and SAP Connectivity service leveraging cloud connector setup. 48 | In case SAP S/4HANA and SAP BTP are on same hyperscaler, communication with SAP S/4HANA happens via SAP Private Link Service. 49 | 50 | ### Characteristics 51 | 52 | 53 | - A flexible and generic framework that can be easily extensible for any Line of Business (LoB) scenario /workflow/process and any source system events. 54 | - Event-driven integration architecture with SAP Integration Suite, advanced event mesh as a central hub, including a bi-directional flow of events (Microsoft Azure to SAP S/4HANA). 55 | - Enriched with resilient and high availability architectural patterns. [Enhance core ERP business processes with resilient applications on SAP BTP](https://discovery-center.cloud.sap/missiondetail/3501/3542/?tab=projectboard) 56 | - Network security-focused design with SAP Private Link service specifically for RISE with SAP customers. [Secure Connectivity with SAP Private Link service](https://discovery-center.cloud.sap/refArchDetail/ref-arch-AWS-Azure-CAP-PLS) 57 | 58 | 59 | ### Examples in an SAP context 60 | 61 | Companies are driving the digitization of the factory, plants, warehouses, and business networks and creating an ecosystem by linking Information Technology (IT) with Operational Technology (OT). Bridging the gaps between different landscapes and processes with integrated frameworks is key for building a seamless, efficient, bi-directional collaborative ecosystem. For instance, in a supply chain logistics scenario, the movement of inventory (e.g., product, pallet) often indicates the next step in the business process. Thus, the manual effort to capture process steps, update the IT systems and trigger subsequent processes can be minimized by integrating events, enriching them with business context and integrating them into business processes. 62 | 63 | 64 | 65 | ### Services and Components 66 | 67 | 68 | 69 | - [SAP BTP, Cloud Foundry Runtime](https://discovery-center.cloud.sap/serviceCatalog/cloud-foundry-runtime?region=all) 70 | 71 | - [SAP Build Process Automation](https://discovery-center.cloud.sap/serviceCatalog/sap-build-process-automation?region=all) 72 | 73 | - [SAP Integration Suite, advanced event mesh](https://discovery-center.cloud.sap/serviceCatalog/advanced-event-mesh?region=all) 74 | 75 | - [SAP Private Link service](https://discovery-center.cloud.sap/serviceCatalog/private-link-service?service_plan=standard®ion=all&commercialModel=btpea) 76 | 77 | - [SAP HANA Cloud](https://discovery-center.cloud.sap/serviceCatalog/sap-hana-cloud?region=all) 78 | 79 | - [SAP Business Application Studio](https://discovery-center.cloud.sap/serviceCatalog/business-application-studio?region=all) 80 | 81 | - [SAP Connectivity Ssrvice](https://discovery-center.cloud.sap/serviceCatalog/connectivity-service?region=all) 82 | 83 | - [SAP Authorization and Trust Management service](https://discovery-center.cloud.sap/serviceCatalog/authorization-and-trust-management-service?region=all) 84 | 85 | 86 | 87 | ### Resources 88 | 89 | 90 | 91 | - [SAP Samples | GitHub ](https://github.com/SAP-samples/btp-events-to-business-actions-framework) 92 | 93 | 94 | - [“Events-to-Business Actions": An event-driven architecture on SAP BTP to implement Industry 4.0 scenarios with Microsoft Azure Services](https://community.sap.com/t5/technology-blogs-by-sap/part-1-events-to-business-actions-quot-an-event-driven-architecture-on-sap/ba-p/13555219) 95 | 96 | - [Events-2-Business Action Framework – Create Plant Maintenance Notification in SAP S/4 HANA](https://community.sap.com/t5/technology-blogs-by-members/events-2-business-action-framework-create-plant-maintenance-notification-in/ba-p/13573476#:~:text=Events%2D2%2DBusiness%20Action%20Framework%20%E2%80%93%20Create%20Plant%20Maintenance%20Notification%20in%20SAP%20S/4%20HANA) 97 | 98 | 99 | 100 | ### Related Missions 101 | 102 | 103 | 104 | - [Build Events-to-Business Actions Apps with SAP BTP and MS Azure/AWS](https://discovery-center.cloud.sap/missiondetail/4172/4422/) 105 | 106 | - [Integrate Events from Amazon Monitron with SAP S/4HANA using SAP BTP](https://discovery-center.cloud.sap/missiondetail/4345/4628/) 107 | 108 | - [Integrate Amazon Rekognition and SAP EHS for PPE Detection](https://discovery-center.cloud.sap/missiondetail/4352/4635/) 109 | 110 | 111 | -------------------------------------------------------------------------------- /hyperscalers/events-to-business-actions/images/Events-to-business-actions-framework_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/events-to-business-actions/images/Events-to-business-actions-framework_diagram.png -------------------------------------------------------------------------------- /hyperscalers/google-datasphere/google_datasphere.md: -------------------------------------------------------------------------------- 1 | 18 | 19 | ## **Explore your hyperscaler data with SAP Datasphere** 20 | 21 | Combine business critical data from SAP business applications with data services from hyperscaler providers such as AWS, Microsoft Azure, and Google Cloud using the data federation and analytical capabilities of SAP Datasphere. 22 | 23 | SAP Datasphere enables a business data fabric architecture that uniquely harmonizes mission-critical data across the organization, unleashing business experts to make the most impactful decisions. It provides federated data access and remote table replication from SAP line of business solutions. In this architecture, non-SAP data from hyperscaler services are combined with SAP data in SAP Datasphere data models to help derive better business insights, faster. 24 | 25 | **A. Federate data from hyperscaler data sources** 26 | 27 | Google BigQuery, Azure Data Lake, Amazon Redshift and Databricks delta lake are examples of some hyperscaler and 3rd party analytical data stores that are used for different kinds of external data, especially for IoT, analytics, trends and Ads data. They are also good choices for importing public datasets or analytical datasets from 3rd party line of business applications like Salesforce, Workday, etc. By federating the data from these data stores into SAP Datasphere, the built-in analytical in-memory capabilities of SAP HANA Cloud can be used to analyze the combined dataset, while avoiding lengthy data transfer and costly ETL processing. In the best case, the data is federated from all sources and the resulting analytical dashboard is displayed real-time in SAP Analytics Cloud. 28 | 29 | **B. Replicating SAP business data to cloud storages with SAP Datasphere Replication Flow** 30 | 31 | SAP Datasphere now allows near real-time replication of SAP business data out to the cloud storages or to targets such as Confluent Kafka directly without the need to persist data in between, through its replication flow feature. Replication flows also support replicating delta loads automatically and supports features such as automatic recovery without the need for any manual intervention. 32 | 33 | **C. Importing data into SAP Datasphere from cloud storages with Data Flow** 34 | 35 | SAP Datasphere’s Data Flow integration feature can be used to import datasets from a cost-efficient object store like Google Cloud Storage or Amazon S3. With this approach the data can be transformed during the transfer and persisted "physically" in SAP Datasphere. 36 | 37 | 38 | 39 | ### BTP services / SAP solutions 40 | 41 | The reference architecture for Hypescaler & SAP Datasphere Integration uses the following SAP BTP services: 42 | 43 | - [SAP Datasphere](https://discovery-center.cloud.sap/serviceCatalog/sap-datasphere?region=all) : SAP Datasphere enables a business data fabric architecture that uniquely harmonizes mission-critical data across the organization, unleashing business experts to make the most impactful decisions. It combines previously discrete capabilities into a unified service for data integration, cataloging, semantic modeling, data warehousing, and virtualizing workloads across SAP and non-SAP data. 44 | 45 | - [SAP Analytics Cloud](https://discovery-center.cloud.sap/serviceCatalog/sap-analytics-cloud?region=all) : SAP Analytics Cloud is an open cloud solution built for software as a service (SaaS) that combines analytics and planning to instantly move from insight to action. Decision makers can simulate any scenario and automatically generate plans from smart predictions. SAP Analytics Cloud utilizes the full context of SAP data and brings analytics closer to the point of decision, while comprehensive prebuilt SAP business content is available to accelerate analytics and planning projects. 46 | 47 | 48 | ### Resources 49 | 50 | For more information about the different technologies used in the reference architecture above, more detailed explanations and example code, check out the following resources: 51 | - SAP Help Portal: 52 | - [SAP Datasphere](https://help.sap.com/docs/SAP_DATASPHERE) 53 | - [SAP Analytics Cloud](https://help.sap.com/docs/SAP_ANALYTICS_CLOUD) 54 | 55 | - SAP Community blog posts: 56 | - [SAP Datasphere – the next generation of SAP Data Warehouse Cloud](https://blogs.sap.com/2023/10/11/sap-datasphere-the-next-generation-of-sap-data-warehouse-cloud/) 57 | - [Powering Efficient Supply Chains: SAP Datasphere’s Integration with Google Cloud’s Architecture](https://blogs.sap.com/2023/06/29/powering-efficient-supply-chains-sap-dataspheres-integration-with-google-clouds-architecture/) 58 | - [SAP Datasphere and Google Cloud Platform Integration – A Success Story at Brightspeed](https://community.sap.com/t5/technology-blogs-by-sap/sap-datasphere-and-google-cloud-platform-integration-a-success-story-at/ba-p/13582891) 59 | - [SAP and Google Cloud Data Harmonization for Efficient Analytics & Reporting — Veolia](https://community.sap.com/t5/technology-blogs-by-sap/sap-and-google-cloud-data-harmonization-for-efficient-analytics-amp/ba-p/13605578) 60 | - [Replication Flows - SAP Datasphere and Google BigQuery](https://community.sap.com/t5/technology-blogs-by-sap/replication-flows-sap-datasphere-and-google-big-query/ba-p/13581256) 61 | - [Drive business innovation using SAP and Google Cloud Data Platforms](https://community.sap.com/t5/technology-blogs-by-sap/drive-business-innovation-using-sap-and-google-cloud-data-platforms/ba-p/13573574) 62 | - [Federated Analytics with SAP Datasphere : A DECATHLON Story](https://community.sap.com/t5/technology-blogs-by-sap/federated-analytics-with-sap-datasphere-a-decathlon-story/ba-p/13527965) 63 | 64 | 65 | 66 | ### Related SAP Discovery Center Missions 67 | 68 | If you would like to implement solutions that are related to this reference architecture and the technologies used you may continue with the following SAP Discovery Center missions: 69 | - [Integrate Google BigQuery and SAP Datasphere](https://discovery-center.cloud.sap/missiondetail/3409/3449/) 70 | - [Enable Category Management with BigQuery and SAP Datasphere](https://discovery-center.cloud.sap/missiondetail/3666/3709/) 71 | - [Integrating Google BigQuery with SAP Datasphere](https://discovery-center.cloud.sap/missiondetail/3409/3449/) 72 | - [Integrating Azure Data Explorere with SAP Datasphere](https://discovery-center.cloud.sap/missiondetail/3433/3473/) 73 | - [Integrate Amazon Athena with SAP Datasphere](https://discovery-center.cloud.sap/missiondetail/3401/3441/) 74 | - [Federating data from Databricks delta lake into SAP Datasphere](https://discovery-center.cloud.sap/missiondetail/4259/4517/) 75 | - [Data federation from Amazon Redshift using SAP Datasphere](https://discovery-center.cloud.sap/missiondetail/3406/3446/) 76 | 77 | 78 | -------------------------------------------------------------------------------- /hyperscalers/google-datasphere/images/Explore-your-Hyperscaler-data-with-SAP-Datasphere_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/google-datasphere/images/Explore-your-Hyperscaler-data-with-SAP-Datasphere_diagram.png -------------------------------------------------------------------------------- /hyperscalers/google-datasphere/images/Google+Datasphere.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/google-datasphere/images/Google+Datasphere.png -------------------------------------------------------------------------------- /hyperscalers/google-datasphere/images/archive/Google+Datasphere.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/google-datasphere/images/archive/Google+Datasphere.png -------------------------------------------------------------------------------- /hyperscalers/multi-region-ha/images/Architecting-multi-region-resiliency-for-SAP-BTP-use-cases_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/multi-region-ha/images/Architecting-multi-region-resiliency-for-SAP-BTP-use-cases_diagram.png -------------------------------------------------------------------------------- /hyperscalers/multi-region-ha/multi_region_ha.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 19 | 20 | 21 | ## Architecting multi-region resiliency for SAP BTP use cases 22 | As the adoption of SAP BTP services grows and they become integral to essential business operations, customers are progressing through the platform maturity spectrum, incorporating SAP BTP services into their vital business scenarios. It is acknowledged that SAP BTP services come with built-in multi-AZ resiliency features. 23 | 24 | Nevertheless, to enhance the robustness of their solutions, many customers have expressed interest in a multi-region setup of SAP BTP services and use cases. This approach involves geographic redundancy and the use of a load balancer to ensure that, should one region face downtime, the load balancer promptly identifies the problem and reroutes requests to a functioning region, thus maintaining uninterrupted business continuity. 25 | 26 | ### Flow 27 | 28 | The reference architecture diagram shows the Muti-Region High Availability architecture for SAP BTP Services and for the applications built on SAP BTP. 29 | 30 | 1. Cloud Integration capability within SAP Integration Suite, SAP Build Work Zone, standard edition, SAP HANA Cloud, and other SAP BTP Services achieve high availability (HA) by utilizing the multi-AZ (multiple Availability Zones) within a single region, satisfying the requirements of most customers. However, for unique situations where customers need these SAP BTP services to switch to another geographical region for disaster recovery (DR) or to adhere to specific compliance/regulatory mandates, a cross-region high availability and disaster recovery configuration is crucial for ensuring sufficient protection. This is also relevant for custom applications (CAP) developed on SAP BTP, guaranteeing their resilience and adherence to compliance standards. 31 | 32 | 2. To establish a multi-region architecture for SAP BTP services, it is necessary to set up two SAP BTP subaccounts, for example, one in the US and another in the EU, across different regions. In the event of unavailability in one subaccount or a specific service within it, the other subaccount will take over the service requests. Cloud Integration is configured within these two subaccounts to facilitate this process 33 | 34 | 3. Azure Traffic Manager or AWS Route 53 monitors the health of endpoints in multiple regions (two subaccounts) and uses Domain Name System (DNS)-based load balancing to route traffic to the healthiest available endpoint. It dynamically updates DNS records to ensure that user requests are directed to the most appropriate and responsive endpoint based on the configured traffic-routing method. 35 | 36 | 4. Since each SAP BTP service has its own distinct URL, setting up the SAP Custom Domain service is required to unify access under a single, custom-branded URL. This consolidation simplifies interactions for end-users, system-to-system integrations, and various scenarios, thereby enhancing operational efficiency and the user experience. Even if the load balancer sets the DNS to the healthy region, the end user's custom domain URL will remain consistent. 37 | 38 | 5. SAP Integration Suite, advanced event mesh's DR replication bridge can be setup to replicate the messages across regions. When a message is created in one region, it will be replicated in another. Additionally, when a message is acknowledged or processed in one region, this change is also mirrored in the other region. SAP HANA Cloud is setup in two different subaccounts and using SDI, the data will be replicated into another region SAP HANA Cloud. 39 | 40 | 6. To overcome a few constraints such as with SAP HANA smart data integration (SDI)'s one-way data replication between regions and SAP Integration Suite, advanced event mesh's manual status change (Active/Standby) of brokers, as well as other necessary adjustments for implementing a multi-region setup, an open-source application has been developed on SAP BTP. This application automates the process of switching between regions, offering flexibility for both manual and automated scenarios. By addressing these challenges, it ensures uninterrupted data replication and operational continuity in a multi-region environment. The need for the Multi-Region Manager is documented in the Git repository for the stateful scenario. 41 | 42 | 7. SAP Continuous Integration and Delivery service (CI/CD) or the project “Piper” can be used manage the creation and deployment of numerous iFlows or Workzone Standard Edition content or the custom applications built on SAP BTP or any other artifacts, ensuring seamless synchronization and consistency across the two subaccounts in the multi-region setup. 43 | 44 | 8. To ensure high availability in a multi-region setup for scheduled jobs that regularly call SAP BTP services or custom services built on SAP BTP, it is recommended to use an external scheduler with multi-region HA capabilities like Azure Scheduler. This can call the custom domain URL in the background, ensuring consistent and reliable access. 45 | 46 | ### Characteristics 47 | 48 | Characteristics of a Multi-Region includes: 49 | 50 | - **Disaster Recovery Strategy**: Allows customers to tailor custom disaster recovery strategies based on specific business requirements and compliance standards, ensuring resilience and regulatory compliance across different regions. 51 | 52 | - **Scalable Workload Distribution**: Provides the flexibility for customers to scale workload distribution across regions dynamically, adapting to changing business demands and optimizing resource utilization for cost-efficiency. 53 | 54 | - **Unified Access Management**: Offers centralized access management through SAP Custom Domain service, simplifying user authentication and authorization processes across multi-region deployments, enhancing security and operational efficiency. 55 | 56 | - **Tailored Operational Control**: Provides customers with tailored operational control through an open-sourced Multi-Region Manager service on SAP BTP, enabling both manual and automated scenarios for region switching and ensuring uninterrupted data replication and operational continuity. 57 | 58 | ### Examples in an SAP context 59 | 60 | - **Stateless Scenario** In a stateless scenario for Cloud Integration and SAP Build Work Zone, standard edition, services remain available during a disaster or regional unavailability without the need for data replication between regions. You can learn more about this scenario by following the tutorials in the Git repository. 61 | 62 | - **Stateful Scenario** In a stateful scenario, data is needed to be replicated between regions as services require data to be stored in the database for future processing. Detailed information about this scenario, including Cloud Integration flows using HANA DB for state replication, can be found in the Git repository. 63 | 64 | - **Event Replication Scenario** SAP Integration Suite, advanced event mesh can be used to setup the disaster recovery (DR) bridge to replicate the events across the regions. You can find more about this scenario in the Git repo for the Cloud Integration flows that uses Advanced Event Mesh for state replication. 65 | 66 | 67 | 68 | ### Services and Components 69 | 70 | - [SAP Integration Suite](https://discovery-center.cloud.sap/serviceCatalog/integration-suite) 71 | - [sAP Custom Domain service](https://discovery-center.cloud.sap/serviceCatalog/custom-domain) 72 | - [SAP Build Work Zone, standard edition](https://discovery-center.cloud.sap/serviceCatalog/sap-build-work-zone-standard-edition) 73 | - [SAP HANA Cloud](https://discovery-center.cloud.sap/serviceCatalog/sap-hana-cloud?region) 74 | - [SAP Integration Suite, advanced event mesh](https://discovery-center.cloud.sap/serviceCatalog/advanced-event-mesh) 75 | - [SAP BTP, Cloud Foundry Runtime](https://discovery-center.cloud.sap/serviceCatalog/cloud-foundry-runtime) 76 | 77 | ### Resources 78 | 79 | 80 | 81 | - [SAP Samples | GitHub ](https://github.com/SAP-samples/btp-services-intelligent-routing) 82 | 83 | 84 | ### Related Missions 85 | 86 | 87 | 88 | - [Route Multi-Region Traffic to SAP BTP Services Intelligently](https://discovery-center.cloud.sap/missiondetail/3603/3646/) 89 | 90 | -------------------------------------------------------------------------------- /hyperscalers/openai/OpenAI.md: -------------------------------------------------------------------------------- 1 | 17 | 18 | ## **CAP-based (multitenant SaaS) architecture using Retrieval Augmented Generation (RAG)** 19 | 20 | RAG, which stands for Retrieval Augmented Generation, is a neural architecture that combines the strengths of Foundation Models (FMs) or Large anguage Models (LLMs) with external retrieval or search mechanisms. The main goal of the RAG architecture is to improve the capability of LLMs by allowing them to pull relevant information from a vast corpus, much like how search engines retrieve relevant web pages based on queries. RAG is used for various tasks such as question answering (Q&A) and knowledge-intensive Natural Language Processing (NLP) tasks. The architecture represents an interesting fusion of retrieval-based and generation-based approaches to NLP. 21 | 22 | In this reference architecture pattern ([multitenant](https://discovery-center.cloud.sap/githubrefarch/SAP/sap-btp-reference-architectures/main/hyperscalers/openai/images/[SAP-official]_Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-multi_diagram.png), [single tenant](https://discovery-center.cloud.sap/githubrefarch/SAP/sap-btp-reference-architectures/main/hyperscalers/openai/images/[SAP-official]_[SAP-official]_Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-single_diagram.png), how to seamlessly combine various Large Language Models (LLMs) using the [Generative AI Hub](https://help.sap.com/docs/sap-ai-core/sap-ai-core-service-guide/generative-ai-hub-in-sap-ai-core) in SAP AI Core. Maximize the potential of LangChain, [CAP LLM Plugin](https://www.npmjs.com/package/cap-llm-plugin) and other SDKs and plugins in [Cloud Application Programming model (CAP)](https://cap.cloud.sap/docs/) and implement advanced methods such as Retrieval Augmented Generation (RAG) with embeddings and a [SAP HANA Cloud's Vector Engine](https://help.sap.com/docs/hana-cloud-database/sap-hana-cloud-sap-hana-database-vector-engine-guide/sap-hana-cloud-sap-hana-database-vector-engine-guide) to further enhance the benefits for your specific needs. This reference architecture accommodates both Cloud Foundry and Kyma runtimes, providing adaptability in your endeavor to leverage GenAI on SAP BTP. 23 | 24 | Please review [Models and Scenarios in the Generative AI Hub](https://help.sap.com/docs/sap-ai-core/sap-ai-core-service-guide/models-and-scenarios-in-generative-ai-hub) and [Availability of Generative AI Models](https://me.sap.com/notes/3437766) for a full list and overview of available Models. 25 | 26 | ### Flow 27 | 28 | Here is a high-level flow of how Retrieval Augmented Generation works: 29 | 30 | 1. **Question Encoding**: The user provides a question or prompt, which is then encoded by an embedding model into a dense vector (embedding). 31 | 32 | 2. **Document Retrieval**: This embedding is used as part of a query to retrieve relevant documents (or chunks) from a large corpus of pre-embedded documents leveraging SAP HANA Cloud's Vector Engine. The retrieval is typically done using a similarity search like cosine similarity. The top-k most relevant documents or passages are retrieved based on their proximity to the query vector. 33 | 34 | 3. **Answer Generation**: The retrieved documents and the original question are fed into a LLM to generate an answer. The model is instructed to generate relevant responses based on both, the input question and the retrieved passages. 35 | 36 | ### Characteristics 37 | 38 | Key characteristics of RAG architecture includes: 39 | 40 | - **Increased Knowledge**: Even if the base LLM has not been trained on certain information, as long as that information exists in the corpus used for retrieval, RAG can still provide relevant answers and reduce hallucinations. 41 | 42 | - **Flexibility**: By changing the underlying corpus, RAG can be adapted to different domains or knowledge bases. 43 | 44 | - **Memory Efficiency**: Instead of having to fine-tune the LLMl to learn about the domain, RAG leverages external data sources, keeping the model manageable best and exchangable. 45 | 46 | ### Examples in an SAP Context 47 | 48 | The reference architecture illustrates a (multitenant) application developed by a potential SAP partner or customer, tailored for SAP Business Technology Platform (SAP BTP). This scenario presents a (SaaS) solution for enhancing customer support within a travel agency, utilizing advanced email insights and automation. The system analyzes incoming emails using Large Language Models (LLMs) to offer core insights such as categorization, sentiment analysis and urgency assessment. It goes beyond basic analysis by extracting key facts and customizable fields like location, managed through a dedicated configuration page. 49 | 50 | In this use case, the RAG feature involves utilizing email embeddings to identify similar historical emails, aiding in understanding how similar requests were handled previously. This fosters consistent and efficient customer service. The code also demonstrates the capabilities of summarizing and translating both email subject and body, enabling streamlined comprehension across languages. 51 | 52 | Furthermore, the system takes automation to the next level by generating potential responses for customer inquiries. This response generation is influenced by configurable actions and services, enhancing response accuracy and speed. The flexibility to connect with SAP systems like SAP Concur adds an enterprise dimension, allowing seamless integration of processes and data. 53 | 54 | 55 | 56 | ### BTP services / SAP solutions 57 | 58 | 59 | 60 | - [SAP HANA Cloud](https://discovery-center.cloud.sap/serviceCatalog/sap-hana-cloud?region=all) : SAP HANA Cloud is a database-as-a-service that powers mission-critical applications and real-time analytics with one solution at petabyte scale. Converge relational, graph, spatial, and document store and develop smart applications with embedded machine learning. Process mission-critical data at proven in-memory speed and manage it more efficiently with integrated multi-tier storage. 61 | 62 | - [SAP AI Core](https://discovery-center.cloud.sap/serviceCatalog/sap-ai-core?region=all) : SAP AI Core is a service in the SAP Business Technology Platform that is designed to handle the execution and operations of your AI assets in a standardized, scalable, and hyperscaler-agnostic way. It provides seamless integration with your SAP solutions. Any AI function can be easily realized using open-source frameworks. SAP AI Core supports full lifecycle management of AI scenarios. 63 | 64 | - [SAP AI Launchpad](https://discovery-center.cloud.sap/serviceCatalog/sap-ai-launchpad?region=all) : SAP AI Launchpad is a multitenant software as a service (SaaS) application in SAP Business Technology Platform. Customers and partners can use SAP AI Launchpad to manage AI use cases (scenarios) across multiple instances of AI runtimes (such as SAP AI Core). 65 | 66 | - [SAP BTP, Cloud Foundry Runtime](https://discovery-center.cloud.sap/serviceCatalog/cloud-foundry-runtime?region=all) : The SAP BTP, Cloud Foundry runtime lets you develop polyglot cloud-native applications and run them on the SAP BTP Cloud Foundry environment. 67 | 68 | - [SAP Destination service](https://discovery-center.cloud.sap/serviceCatalog/destination?service_plan=lite®ion=all&commercialModel=cloud) : The Destination service lets you retrieve the backend destination details you need to configure applications in the Cloud Foundry environment. 69 | 70 | - [SAP HTML5 Application Repository Service for SAP BTP](https://discovery-center.cloud.sap/serviceCatalog/html5-application-repository-service?region=all): The HTML5 Application Repository service for SAP BTP enables central storage of HTML5 applications on SAP BTP. The service allows application developers to manage the lifecycle of their HTML5 applications. In runtime, the service enables the consuming application, typically the application router, to access HTML5 application static content in a secure and efficient manner. 71 | 72 | - [SAP Authorization and Trust Management Service](https://discovery-center.cloud.sap/serviceCatalog/authorization-and-trust-management-service?region=all) : The SAP Authorization and Trust Management service lets you manage user authorizations and trust to identity providers. Identity providers are the user base for applications. We recommend that you use an IAS identity authentication tenant, an SAP on-premise system, or a custom corporate identity provider. 73 | 74 | - [SAP Cloud Transport Management](https://discovery-center.cloud.sap/serviceCatalog/cloud-transport-management?region=all): SAP Cloud Transport Management service lets you manage software deliverables between accounts of different environments (such as Cloud Foundry, ABAP, and Neo), by transporting them across various runtimes. This includes application artifacts as well as their respective application-specific content. 75 | 76 | - [SAP Business Application Studio](https://discovery-center.cloud.sap/serviceCatalog/business-application-studio?region=all): SAP Business Application Studio (the next generation of SAP Web IDE) is a powerful and modern development environment, tailored for efficient development of business applications for the Intelligent Enterprise. Available as a cloud service, it provides developers a desktop-like experience similar to market leading IDEs, while accelerating time-to-market with high-productivity development tools such as wizards and templates, graphical editors, quick deployment, and more. 77 | 78 | - [SAP Continuous Integration and Delivery service](https://discovery-center.cloud.sap/serviceCatalog/continuous-integration--delivery?region=all): SAP Continuous Integration and Delivery lets you configure and run predefined continuous integration and delivery (CI/CD) pipelines that automatically build, test, and deploy your code changes to speed up your development and delivery cycles. 79 | 80 | - [SAP Application Logging Service for SAP BTP](https://discovery-center.cloud.sap/serviceCatalog/application-logging-service?region=all): The SAP Application Logging service for SAP BTP lets you stream logs of bound Cloud Foundry applications to a central application logging stack. SAP Application Logging service for SAP BTP uses Elastic Stack to store and visualize your application log data. 81 | 82 | - [Application Autoscaler](https://discovery-center.cloud.sap/serviceCatalog/application-autoscaler?service_plan=standard®ion=all&commercialModel=cloud): Application Autoscaler lets you automatically increase or decrease the number of your application instances based on the policies you have defined. 83 | 84 | - [SAP BTP, Kyma runtime (optional)](https://discovery-center.cloud.sap/serviceCatalog/kyma-runtime/?region=all): SAP BTP, Kyma runtime is a fully managed Kubernetes runtime based on the open-source project "Kyma". This cloud-native solution allows the developers to extend SAP solutions with serverless Functions and combine them with containerized microservices. The offered functionality ensures smooth consumption of SAP and non-SAP applications, running workloads in a highly scalable environment, and building event- and API-based extensions. 85 | 86 | 87 | 88 | ### Resources 89 | 90 | 91 | 92 | For more information about the different technologies used as part of this reference architecture you may check out the following resources: 93 | 94 | - [Generative AI Hub in SAP AI Core Overview (SAP Help Portal)](https://help.sap.com/docs/sap-ai-core/sap-ai-core-service-guide/generative-ai-hub-in-sap-ai-core) 95 | - [Models and scenarios in the Generative AI Hub (SAP Help Portal)](https://help.sap.com/docs/sap-ai-core/sap-ai-core-service-guide/models-and-scenarios-in-generative-ai-hub) 96 | - [SAP BTP Use Cases Kick-Start Transformation with Pre-Built Business Content (SAP Community blog post)](https://news.sap.com/2023/05/sap-btp-use-cases-art-of-the-possible/) 97 | - [Reference Application: GenAI Mail Insights (GitHub)](https://github.com/SAP-samples/btp-cap-genai-rag) 98 | - [SAP BTP genAI starter kit](https://github.com/SAP-samples/btp-genai-starter-kit) 99 | - [CAP LLM Plugin](https://www.npmjs.com/package/cap-llm-plugin) 100 | 101 | 102 | 103 | ### Related Missions and Tutorials 104 | 105 | 106 | 107 | If you would like to implement solutions that are related to this reference architecture and technologies used you may continue with the following SAP Discovery Center missions: 108 | 109 | - [GenAI Mail Insights: Develop a CAP-based (multitenant) application using GenAI and RAG](https://discovery-center.cloud.sap/missiondetail/4371/) 110 | - [Reduce your CO2 footprint using a smart Generative AI application on SAP BTP](https://discovery-center.cloud.sap/missiondetail/4264/) 111 | 112 | -------------------------------------------------------------------------------- /hyperscalers/openai/images/Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-multi_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-multi_diagram.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-single_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-single_diagram.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/archive/ReferenceArchitectureOpenAI-ChatGPT.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/archive/ReferenceArchitectureOpenAI-ChatGPT.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/archive/[SAP-official]_CAP-based architecture using Retrieval Augmented Generation (RAG)-multi_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/archive/[SAP-official]_CAP-based architecture using Retrieval Augmented Generation (RAG)-multi_diagram.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/archive/[SAP-official]_Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-multi_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/archive/[SAP-official]_Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP-multi_diagram.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/archive/[SAP-official]_Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/archive/[SAP-official]_Retrieval-Augmented-Generation-and-Generative-AI-on-SAP-BTP_diagram.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/archive/architectures.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/archive/architectures.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/archive/displayed-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/archive/displayed-architecture.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/archive/multitenant-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/archive/multitenant-architecture.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/archive/singletenant-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/archive/singletenant-architecture.png -------------------------------------------------------------------------------- /hyperscalers/openai/images/displayed-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/hyperscalers/openai/images/displayed-architecture.png -------------------------------------------------------------------------------- /images/BTP-marketecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/images/BTP-marketecture.png -------------------------------------------------------------------------------- /integration/api-managed-integration/api_managed_integration.md: -------------------------------------------------------------------------------- 1 | 18 | ![](images/ref-arch-api-managed-integration.png) 19 | 20 | ## **API managed integration** 21 | Application Programming Interfaces (APIs) enable integration, interoperability and data sharing between software systems. With the help of an API management solution like the API Management capability within SAP Integration Suite you can provide omni-channel and secure access to solutions. Furthermore, it allows you to enforce usage policies for APIs, controlling API access, analyzing API consumption and more. 22 | This reference architecture is based on the concepts of the **SAP Integration Solution Advisory Methodology**: Thereof, API managed integration is defined as cross use case pattern. These can complement other integration use case patterns. 23 | 24 | ### Flow 25 | The reference architecture diagram shows the runtime perspective for API managed integration covering the integration domains Cloud2Cloud, Cloud2OnPremise and OnPremise2OnPremise. Let’s take a look at the steps in detail: 26 | 1. A client application sends out an API call which is intercepted by the API Management capability within SAP Integration Suite which acts as a harmonious protection layer for all API calls that passes its gateway. For this purpose, APIs are exposed as API proxies on API Management which realize a discrete representation of an API entity (an API façade): It abstracts the actual proxy endpoint properties at one end and the actual target. An API proxy includes configuration files, policies, and code snippets to enforce security measures (such as authentication and authorization), transformations (such as modifications of API requests and responses), governance (such as applying throttling, caching) and insights (like monitoring and analytics of API consumption). 27 | 28 | 2. SAP Business Accelerator Hub provides API policy templates, APIs, predefined integration flows and more which can be used to enable interoperability and between API providers and consumers in a protected fashion. 29 | 30 | Further processing up to the respective API providers (such as an SAP, third-party or custom built solution) depends on the actual use case: 31 | 32 | 3. Use case "managed API": API requests are forwarded to a data source which acts as an API provider. This use case is suited for integration scenarios which require no or simple transformations and protocol adaptations that can be accomplished with the help of API Management. 33 | 34 | 4. Use case "API managed business data graph": The Graph capability of API Management and allows you to expose business data from SAP business solutions and beyond in the form of a semantically connected data graph. In turn, with the help of Graph you can access data from several data sources via a single unified API. With this use case you can take advantage of a simplified consumption of business data across different data sources realized by a business data graph. 35 | 36 | 5. Use case "API managed cloud integration": Cloud Integration capability is used whenever advanced mediation and transformation requirements are required that are not supported by API Management. 37 | 38 | The API call reaches the respective API provider(s) as follows: 39 | 40 | 7. If the data source is located on premises (Cloud2OnPremise) it is recommended to use SAP Connectivity service with cloud connector and SAP Destination service to establish a secure connection from SAP BTP to the on-premise landscape. 41 | 42 | 8. When there is a need (e.g. to meet data compliance and governance requirements) to process data locally you can use the edge integration cell runtime. It is offered as an optional extension to SAP Integration Suite, allowing you to manage APIs and run their integration scenarios within customer-managed private landscapes. Edge integration cell is deployed in customer managed private Kubernetes environments and allows you to design, configure and monitor integrations and APIs in the cloud but run them within your private landscape. 43 | 44 | 9. In case the integration scenario involves SAP S/4HANA or SAP ECC you can use the SAP Application Interface Framework to enable integration monitoring and error handling for business users. 45 | 46 | ### Characteristics 47 | An architecture for API managed integration can be characterized as follows: 48 | - **Governed API consumption**: This allows you to govern the full lifecycle of APIs. It includes the consumption of APIs by enforcing policies, ensuring compliance and control over the integration process. 49 | - **Decoupled integratio**n: With the help of an API façade you can abstract the API from its actual implementation. By doing so, it can enable a decoupled integration between systems, meaning that each system can evolve independently without affecting the others. 50 | - **Advanced protection**: Ensure API security via policies, traffic protection, and compliance. 51 | - Provides visibility and analytical insights: You can centrally collect and analyze API metrics, including option to monetize API consumption. 52 | - **Enables integration and interoperability between software systems**: You can perform transformation and mediations, including a simplified consumption of APIs when using data graphs, to enable interoperability between API providers and consumers. 53 | 54 | ### Examples in an SAP Context 55 | SAP doesn’t deliver predefined integration scenarios that follow an API managed integration approach. API management solutions are typically implemented by customers or partners. Please find below typical reasons using API managed: 56 | - Achieve a consistent and harmonized omni-channel experience. 57 | - Manage and protect business-critical API assets. 58 | - Simplify integration with SAP and other API providers. 59 | - Realize revenue in the cloud-native economy. 60 | 61 | 62 | ### Services and Components 63 | 64 | - [SAP Integration Suite](https://discovery-center.cloud.sap/serviceCatalog/integration-suite?region=all) 65 | - [SAP Connectivity service](https://discovery-center.cloud.sap/serviceCatalog/connectivity-service?region=all) 66 | - [SAP Destination service](https://discovery-center.cloud.sap/serviceCatalog/destination?service_plan=lite®ion=all) 67 | 68 | 69 | ### Resources 70 | 71 | - [SAP Business Accelerator Hub](https://hub.sap.com) 72 | - [SAP API Management – Overview & Getting started (SAP Community blog post)](https://blogs.sap.com/2016/03/03/sap-api-management-overview-getting-started/) 73 | - [SAP Integration Suite (SAP Help Portal)](https://help.sap.com/docs/integration-suite) 74 | - [SAP Integration Solution Advisory Methodology (SAP Help Portal)](https://help.sap.com/docs/architecture_guidance/f64ada51d9f44c83a751b96f955aad5a/85bcc8675d3e42718279bf7b87dafc2d.html?locale=en-US) 75 | - [SAP Integration Suite (SAP Community topic page)](https://community.sap.com/topics/integration-suite) 76 | 77 | 78 | ### Related Missions 79 | 80 | - [Get Started with Integration Suite - API Management](https://discovery-center.cloud.sap/missiondetail/3062/3072/) 81 | - [Create simple, connected digital experiences with API-based integration](https://discovery-center.cloud.sap/missiondetail/3062/3072/) 82 | 83 | -------------------------------------------------------------------------------- /integration/api-managed-integration/images/API-Managed-Integration_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/api-managed-integration/images/API-Managed-Integration_diagram.png -------------------------------------------------------------------------------- /integration/api-managed-integration/images/archive/ref-arch-api-managed-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/api-managed-integration/images/archive/ref-arch-api-managed-integration.png -------------------------------------------------------------------------------- /integration/api-managed-integration/images/ref-arch-api-managed-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/api-managed-integration/images/ref-arch-api-managed-integration.png -------------------------------------------------------------------------------- /integration/application-to-application-integration/add-images/A2A-Edge-Integration-Cell_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/application-to-application-integration/add-images/A2A-Edge-Integration-Cell_diagram.png -------------------------------------------------------------------------------- /integration/application-to-application-integration/application_to_application_Integration.md: -------------------------------------------------------------------------------- 1 | 18 | ![](images/ref-arch-a2a-integration.png) 19 | 20 | ## **Application-to-application integration** 21 | With the help of application-to-application (A2A) integration you can exchange transactional data along internal company processes by connecting involved business applications in a (near-) real-time fashion. Messages are used for exchanging transactional data which trigger the execution of the next process step in a connected business solution. Transactional data refers to data about ongoing business activities such as physical goods movement or sales order documents. This reference architecture is based on the concepts of the **SAP Integration Solution Advisory Methodology**: Thereof, A2A integration is defined as an integration use case pattern which belongs to the process integration style. The diagram shows the runtime perspective for A2A integration covering the integration domains Cloud2Cloud, Cloud2OnPremise and OnPremise2OnPremise. 22 | 23 | ### Flow 24 | In the following the message flow for application-to-application integration is outlined: 25 | 1. An SAP or third-party cloud solution issues transactional data as messages. The transactional data is sent out as a message which is a package of data comprising out of a header and a payload. Typically, the message header contains information such as the logical or physical receiver of the message and the payload contains the actual business data. 26 | 27 | 3. Direct exchange of messages is possible whenever the outbound API of the sending solution and the inbound API of the receiving solution are aligned with regards to the API definition (such as schema, transport protocol). This option is available for selected SAP integration scenarios and is suited for simple landscapes only. You can also use the direct integration option for custom-build or partner solutions if these are also based on aligned APIs. 28 | 29 | 5. In case of unaligned APIs between a sending and one or more receiving solutions (Cloud2Cloud, Cloud2OnPremise) the Cloud Integration capability within SAP Integration Suite is used. It applies required mediations (such as receiver determinations, filtering, aggregations) and transformations (such as structure and value mappings, protocol conversion) to enable an interoperability between the sending and receiving solution(s). You can also Cloud Integration for integration scenarios that are based on aligned APIs by generating route-through integration flows. When using Cloud Integration, you can benefit from a decoupled integration of solutions, error handling and more. 30 | 31 | 7. SAP Business Accelerator Hub provides predefined integration flows which you configure and deploy on Cloud Integration. The hub includes also a catalogue of APIs, adapters and more which you can use for developing custom integration flows. 32 | 33 | 9. Whenever the integration scenario involves an on-premise solution (Cloud2OnPremise) it is recommended to use the SAP Connectivity service with cloud connector and SAP Destination service to establish a secure connection from SAP BTP to the on premise landscape. 34 | 35 | 11. When there is a need (e.g. to meet data compliance and governance requirements) to process data locally you can use the edge integration cell runtime. It is offered as an optional extension to SAP Integration Suite, allowing you to manage APIs and run their integration scenarios within customer-managed private landscapes. Edge integration cell is deployed in customer managed private Kubernetes environments and allows you to design, configure and monitor integrations and APIs in the cloud but run them within your private landscape, see [Edge Integration Cell (design-, runtime and operations view)](https://discovery-center.cloud.sap/githubrefarch/SAP/sap-btp-reference-architectures/main/integration/application-to-application-integration/add-images/A2A-Edge-Integration-Cell_diagram.png). 36 | 37 | 13. In case the integration scenario involves SAP S/4HANA or SAP ECC you can use the SAP Application Interface Framework to enable integration monitoring and error handling for business users. 38 | 39 | ### Characteristics 40 | 41 | - **Use of asynchronous communication**: This is the preferred communication method for most A2A integration scenarios which eliminates a tight coupling between business applications and increases resilience. For this purpose, you use SOAP, REST or OData which support asynchronous communication. You use synchronous communication only if your business scenario requires a synchronous processing (example: Availability to promise check of stock for planned orders). 42 | - **Based on directed messages**: Such a message type is used to exchange transactional data between sending and receiving solutions. Directed means that the sender addresses one or more receivers which are determined either within the sending system (logical receiver) or within the integration technology (physical receiver). 43 | - **Support of exception handling**: There are many reasons why exceptions occur, for instance unavailability of a receiving solution, incorrect message content, improper configuration settings. As a result, the transmission of messages will fail which require a proper exception handling. 44 | - **Ensure transport- and message-level security**: For enabling transport-level security it is recommended to use secured communication whenever data is exchanged over the public internet. For message-level security you use digital encryption and signatures in order to protect the content of messages that are exchanged between solutions. 45 | 46 | ### Examples in an SAP Context 47 | SAP delivers predefined A2A integration scenarios along end-to-end business processes spanning across multiple SAP business applications. Here are some examples: 48 | - Exchange of sales orders between SAP Commerce Cloud and SAP S/4HANA as part of the [Lead-to-Cash process (for cloud deployment)](https://api.sap.com/dfd/LC1C1-DFDTransactionalDataFlows) 49 | - Replicate service entry sheets or timesheets from SAP Fieldglass Vendor Management System to SAP S/4HANA as part of the [External Workforce process (for cloud deployment)](https://api.sap.com/dfd/EW1H1-DFDTransactionalDataFlows) 50 | - Exchange of maintenance orders between SAP S/4HANA and SAP Service and Asset Manager) as part of the [Acquire-to-Decommission process (for hybrid deployment)](https://api.sap.com/dfd/AD1H2-DFDDataFlows) 51 | 52 | ### Reasonable Alternatives 53 | For selected SAP lines-of-business solutions further integration technologies are available which are tailored to the needs of the respective business solution: 54 | 55 | - [SAP Integration Suite, managed gateway for spend management and SAP Business Network](https://help.sap.com/docs/sisgw?locale=en-US): This solution, which is formerly known as SAP Ariba Cloud Integration Gateway, is based on SAP Integration Suite. This managed gateway facilitates the integration of buyers' and suppliers' SAP ERP or SAP S/4HANA systems with intelligent spend solutions from SAP and SAP Business Network. Managed gateway includes self-service wizards for configuring predefined integration scenarios, automated testing, and real-time monitoring. If you already have SAP Integration Suite in place you can also reuse mappings of managed gateway to run same integration scenarios on Cloud Integration, for details see: [Content Transformation Service](https://help.sap.com/docs/sisgw/sap-ariba-cloud-integration-gateway-installation-guide/content-transformation-as-service?locale=en-US). 56 | 57 | 58 | ### Services and Components 59 | 60 | - [SAP Integration Suite](https://discovery-center.cloud.sap/serviceCatalog/integration-suite?region=all) 61 | - [SAP Connectivity service](https://discovery-center.cloud.sap/serviceCatalog/connectivity-service?region=all) 62 | - [SAP Destination service](https://discovery-center.cloud.sap/serviceCatalog/destination?service_plan=lite®ion=all) 63 | 64 | 65 | ### Resources 66 | 67 | - [SAP Business Accelerator Hub](https://hub.sap.com) 68 | - [SAP Application Interface Framework](https://help.sap.com/docs/SAP_APPLICATION_INTERFACE_FRAMEWORK_OVERVIEW) 69 | - [SAP Integration Suite (SAP Help Portal)](https://help.sap.com/docs/integration-suite) 70 | - [SAP Integration Solution Advisory Methodology (SAP Help Portal)](https://help.sap.com/docs/integration-suite) 71 | - [SAP Integration Suite (SAP Community topic page)](https://community.sap.com/topics/integration-suite) 72 | 73 | 74 | ### Related Missions 75 | 76 | - [Get started with SAP Integration Suite](https://discovery-center.cloud.sap/missiondetail/3258/3327/) 77 | - [Publish Documents from SAP S/4HANA Cloud to SharePoint](https://discovery-center.cloud.sap/missiondetail/3324/3365/) 78 | - [Extract your Ariba Spend Data using SAP Integration Suite](https://discovery-center.cloud.sap/missiondetail/4038/4245/) 79 | 80 | 81 | -------------------------------------------------------------------------------- /integration/application-to-application-integration/images/Application-to-Application-Integration_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/application-to-application-integration/images/Application-to-Application-Integration_diagram.png -------------------------------------------------------------------------------- /integration/application-to-application-integration/images/archive/ref-arch-a2a-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/application-to-application-integration/images/archive/ref-arch-a2a-integration.png -------------------------------------------------------------------------------- /integration/application-to-application-integration/images/ref-arch-a2a-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/application-to-application-integration/images/ref-arch-a2a-integration.png -------------------------------------------------------------------------------- /integration/business-to-business-integration/business_to_business_integration.md: -------------------------------------------------------------------------------- 1 | 17 | ![](images/ref-arch-b2b-integration.png) 18 | 19 | ## **Business-to-business integration** 20 | With the help of the business-to-business (B2B) integration you can electronically exchange business documents with other organizations. It allows you to extend your business processes beyond your organization’s boundaries to include your business partners such as customers and suppliers. For enabling an electronic data exchange with those business partners, you need to align with them on common B2B standards, which includes document types, transport protocols, partner identification, security features and more. 21 | 22 | This reference architecture is based on the concepts of the **SAP Integration Solution Advisory Methodology**: Thereof, B2B integration is defined as an integration use case pattern which belongs to the process integration style. The diagram shows the runtime perspective for B2B integration covering the integration domains Cloud2Cloud, Cloud2OnPremise. 23 | 24 | ### Flow 25 | The flow and diagram include both the design- and runtime perspective which allows you to better understand the scope, purpose and interplay of the technical components and solutions for B2B integration. The first three steps belong to the design-time perspective and are typically performed by an integration developer. The remainder describes the runtime perspective about how B2B documents are exchanged with one or more trading partners. 26 | 27 | Let’s take a look at each step in detail: 28 | 29 | 1. The Cloud Integration capability within SAP Integration Suite allows you to exchange B2B documents between business solutions (cloud or on-premise, SAP or 3rd party) with trading partners using B2B standards (such as EDIFACT, ANSI X.12, IDoc) and protocols (such as AS2) in a reliable and secure fashion. 30 | 31 | 2. SAP Business Accelerator Hub provides predefined integration flows, APIs, adapters and more to build custom integration flows which are deployed on Cloud Integration, including templates used for Trading Partner Management and integration Advisor. 32 | 33 | 3. The Integration Advisor capability within SAP Integration Suite is used to define and document interfaces (message implementation guidelines) and mappings (mapping guidelines) for B2B scenarios efficiently. It includes an intelligent and crowd-sourced proposal service which proposes message implementation guidelines and mapping guidelines with the best fit for a given trading partner: This is achieved by analyzing how such messages and mappings were designed for other trading partners having the same business context, such as industry classification, related business process, geo-political location and more. As a result, you can speed up the content creation to deployment process by almost 60% using Integration Advisor. Out of these guidelines you can generate runtime artifacts which you can deploy on Cloud Integration. 34 | 35 | 4. The Trading Partner Management capability within SAP Integration Suite manages trading partner agreements which are complete B2B scenarios, reusing partner profile information such as identifiers, interface and mapping information derived from Integration Advisor. The agreements specify how B2B messages are exchanged with a specific trading partner (e.g. required identifiers, acknowledgement handling, B2B standards and versions used). Once a trading partner agreement is created and activated its information is pushed to the Partner Directory within Cloud Integration. 36 | 37 | 5. At runtime predefined generic integration flows on Cloud Integration can dynamically read trading partner agreement information from the partner directory to enable the exchange of B2B messages with a dedicated trading partner. 38 | 39 | 6. Whenever the integration scenario involves an on-premise solution (Cloud2OnPremise) it is recommended to use the SAP Connectivity service with cloud connector and SAP Destination service to establish a secure connection from SAP BTP to the on-premise landscape. 40 | 41 | 7. In case the integration scenario involves SAP S/4HANA or SAP ECC the SAP Application Interface Framework can enable integration monitoring and error handling for business users. 42 | 43 | ### Characteristics 44 | An architecture for B2B integration can be characterized as follows: 45 | - **Inter-organizational data exchange**: B2B integration involves the exchange of business documents between two or more organizations aiming at a high level of automation. 46 | - **Management of trading partner related information**: B2B integration requires the management of B2B relationships with many trading partners. These include for instance reusable information which is relevant for setting up a B2B scenario for the electronic exchange of business data with a trading partner like trading partner identification, supported B2B standards, acknowledgement handling, service level agreements and more. 47 | - **Support of B2B standards**: B2B integration relies on the use of agreed standardized formats (such as EDIFACT, ANSI X.12, SAP IDoc) that also include trading partner identifiers and protocols (such as AS2, HTTPS) to ensure compatibility and interoperability between systems. 48 | - **Secured communication**: As B2B documents are exchanged over the public internet you need to establish secure communication channels (transport-level security) and configuring digital encryption and digital signing of messages (message-level security). 49 | - **Scaling design and runtime environment**: B2B integration requires scalable a solution that can accommodate the growth of trading partner networks and increasing data load. In most cases, the options for controlling the load of B2B documents from various trading partners are typically limited. This may include optimized features for trading partner onboarding and management, processing of bulk data. 50 | 51 | ### Examples in an SAP Context 52 | Many SAP solutions, such as SAP S/4HANA Cloud, offer public APIs for B2B integration scenarios. In the following some examples in an SAP solution context are listed where you can apply the reference architecture for B2B integration for cloud deployment to: 53 | - [Supplier Invoice - Create (B2B, Inbound, Asynchronous)](https://help.sap.com/docs/SAP_S4HANA_ON-PREMISE/91af7f8d3acd47da90d33aaacfcd0d59/a7deb63f4a9a43c2850933cb4c77f53d.html?q=Supplier%20Invoice%20-%20Create%20(B2B,%20Inbound,%20Asynchronous)%20&locale=en-US) in SAP S/4HANA 54 | - [Sales Order/Customer Return - Create, Update, Cancel (B2B)](https://help.sap.com/docs/SAP_S4HANA_CLOUD/03c04db2a7434731b7fe21dca77440da/4261582b6ca44d008c72be11b9a400e2.html?q=%22EDI%22%20Sales&locale=en-US) in SAP S/4HANA Cloud 55 | - [Manage Just-In-Time Calls](https://help.sap.com/docs/SAP_S4HANA_CLOUD/d35113ee62644d3abee1aaec148291d9/2963c5246b334cca8787cc1aa4cd587c.html?q=%22EDI%22%20Just&locale=en-US) in SAP S/4HANA Cloud 56 | 57 | ### Reasonable Alternatives 58 | In the following alternative architectures and solution options for B2B integration for cloud deployment are briefly described: 59 | - **API Managed Integration**: In selected cases it may also be possible to use public webservices based APIs for exchanging business data with trading partners. However, this requires that a standardized API based integration approach has been defined and agreed upon within an industry. Such standardization includes an agreement on the type of APIs used (such as SOAP, REST), document formats (such as predefined XML schemas), security requirements and more. 60 | Example: Exchange of transport related information in the automotive industry: 61 | This standard has been defined by the German Association of the Automotive Industry (VDA) and describes how to define and implement standardized REST-API interfaces for collaboration within the automotive industry and between the automotive industry and their partners which includes technical and a data model (for details, see [VDA4998 REST-API for transport track and trace](https://www.vda.de/en/news/publications/publication/vda-4998---rest-api-for-transport-track---trace---v1.0--2021-06). 62 | 63 | You use the Cloud Integration and the API Management capability of SAP Integration Suite for implementing B2B integration scenarios that are based on public APIs. 64 | 65 | 66 | - **SAP Business Network and SAP Ariba solutions**: Instead of interacting with individual trading partners you can also join the SAP Business Network or SAP Ariba solutions for sourcing, procurement and supplier management. These enable organizations to collaborate with each other, either in the role of a customer or in the role of a supplier. 67 | 68 | You use [SAP Integration Suite, managed gateway for spend management and SAP Business Network](https://help.sap.com/docs/sisgw?locale=en-US), which is formerly known as SAP Ariba Cloud Integration Gateway, to integrate SAP ERP and SAP S/4HANA backend system with your trading partners and SAP Ariba solutions. Suppliers can also choose alternative options for integrating with SAP Business Network such as online option, EDI, and an API based approach (for details, see [How Suppliers connect to SAP Business Network](https://help.sap.com/docs/business-network-for-trading-partners/introduction-to-business-network/how-suppliers-connect-to-sap-business-network?locale=en-US)). 69 | 70 | 71 | ### Services and Components 72 | 73 | - [SAP Integration Suite](https://discovery-center.cloud.sap/serviceCatalog/integration-suite?region=all) 74 | - [SAP Connectivity service](https://discovery-center.cloud.sap/serviceCatalog/connectivity-service?region=all) 75 | - [SAP Destination service](https://discovery-center.cloud.sap/serviceCatalog/destination?service_plan=lite®ion=all) 76 | 77 | 78 | ### Resources 79 | 80 | - [SAP Business Accelerator Hub](https://hub.sap.com) 81 | - [SAP Application Interface Framework](https://help.sap.com/docs/SAP_APPLICATION_INTERFACE_FRAMEWORK_OVERVIEW) 82 | - [SAP Integration Suite (SAP Help Portal)](https://help.sap.com/docs/integration-suite) 83 | - [SAP Integration Solution Advisory Methodology (SAP Help Portal)](https://help.sap.com/docs/architecture_guidance/f64ada51d9f44c83a751b96f955aad5a/85bcc8675d3e42718279bf7b87dafc2d.html?locale=en-US) 84 | - [SAP Integration Suite (SAP Community topic page)](https://community.sap.com/topics/integration-suite) 85 | - [Integration Advisor: Overview of components for building B2B integration content and further reading (sAP Community blog post)](https://blogs.sap.com/2021/09/28/integration-advisor-overview-of-components-for-building-b2b-integration-content-and-further-reading/) 86 | - [Announcement: SAP Trading Partner Management and B2B Monitoring brand new capabilities of SAP Integration Suite is released! (SAP Community blog post)](https://blogs.sap.com/2021/12/17/announcement-sap-trading-partner-management-and-b2b-monitoring-brand-new-capabilities-of-sap-integration-suite-is-released/) 87 | 88 | 89 | ### Related Missions 90 | 91 | - [Get started with SAP Integration Suite](https://discovery-center.cloud.sap/missiondetail/3258/3327/) 92 | 93 | -------------------------------------------------------------------------------- /integration/business-to-business-integration/images/Business-to-Business-Integration_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/business-to-business-integration/images/Business-to-Business-Integration_diagram.png -------------------------------------------------------------------------------- /integration/business-to-business-integration/images/archive/ref-arch-b2b-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/business-to-business-integration/images/archive/ref-arch-b2b-integration.png -------------------------------------------------------------------------------- /integration/business-to-business-integration/images/ref-arch-b2b-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/business-to-business-integration/images/ref-arch-b2b-integration.png -------------------------------------------------------------------------------- /integration/business-to-government-integration/business_to_government_integration.md: -------------------------------------------------------------------------------- 1 | 18 | 19 | ## **Business-to-government integration** 20 | In many countries or regions organizations need to comply with local requirements mandating the submission of electronic documents such as invoices, summaries, or transport registrations, and statutory reports to external communication parties. Depending on the given exchange model these documents are transmitted through an authority, a regulated service provider, a regulated network or directly to the business partner. The actual exchange of data may be completely electronic or may require data to be downloaded or uploaded. 21 | This reference architecture is based on the concepts of the **SAP Integration Solution Advisory Methodology**: Thereof, B2G integration is defined as an integration use case pattern which belongs to the process integration style. The diagram shows the runtime perspective for B2G integration covering the integration domains Cloud2Cloud and Cloud2OnPremise. 22 | 23 | ### Flow 24 | There are three variants in place about how SAP solutions, such as SAP S/4HANA, SAP Concur, SAP Business Network, SAP BusinessByDesign, exchange electronic documents and statutory reports with external communication parties: These variants range from a fully electronically exchange, manual down- and upload of formatted files to the manual entering of data in a web portal. Which variant is chosen depends on the technical integration requirements supported by the local authority. Whenever possible, a direct electronic transmission is supported. You can find an overview about which option per country/region and task are supported at SAP Help Portal (for SAP S/4HANA Cloud, see [Supported Compliance Tasks by Country/Region](https://help.sap.com/docs/SAP_S4HANA_CLOUD/71af4585db6d4904b1724730f3776c9b/097165e9c1074038847625e5c53e07d2.html?q=format&locale=en-US)). 25 | 26 | For all variants the flow starts as follows (blue bullet points in the diagram): 27 | 1. An end user accesses an SAP cloud or on-premise solution using an application client and creates data that is relevant for electronic documents and/or statutory reports. 28 | 29 | 2. SAP Cloud Identity Services handle identity management and authentication allowing secure authentication. 30 | 31 | 32 | **Variant: Electronic exchange using SAP Document and Reporting Compliance, cloud edition** (pink bullet points and arrows in the diagram) 33 | 34 | This is an SAP-managed cloud service that runs on SAP BTP and is based on SAP Integration Suite. It acts as a hub to centralize compliance across your enterprise, eliminating the need to implement local solutions for each country or scenario or business system. 35 | 36 | 3. The electronic documents and statutory reports are sent toward SAP Document and Reporting Compliance, cloud edition, which handles the exchange of electronic documents and statutory reports for several business scenarios. Depending on your business scenario the data is either sent to the Peppol network or to a local authority or designee thereof. Peppol is a set of specifications for establishing and is also the primary implementation of a federated electronic procurement system for use across different jurisdictions. With the help of Peppol, participant organizations can deliver procurement documents to each other including electronic invoices. 37 | You can find an overview about which option is used per country/region at SAP Help Portal, see [Supported Business Scenarios](https://help.sap.com/docs/cloud-edition/sap-document-and-reporting-compliance-cloud-edition/supported-business-scenarios?locale=en-US). 38 | 39 | 4. In case of an SAP on-premise solution SAP Connectivity service is used for selected scenarios. SAP Application Interface Framework can enable integration monitoring and error handling by business users. 40 | 41 | 5. When there is a requirement to exchange electronic documents through the Peppol network the Peppol access point of SAP Document reporting and Compliance, cloud edition, connects with Peppol Services to determine metadata of the receiving business partners. 42 | 43 | 6. Electronic documents are exchanged through the Peppol network with business partners which are members this network using AS4 based connectivity. 44 | 45 | 7. If a business scenario is not based on Peppol the electronic documents are transmitted to the local authority or its designee. 46 | 47 | 8. When an SAP solution submits a statutory report the business user can email correspondence items for the business partner with whom transactions are done, for the reported period. Such emails are sent directly from the SAP solution to the business partner. As alternative options such correspondence can also be printed out. 48 | 49 | **Variant: Electronic exchange using SAP Integration Suite** (grey bullet points and arrows in the diagram) 50 | 51 | 3. An SAP cloud or on-premise solution exchanges data for electronic documents and statuary reports with the Cloud Integration capability of SAP Integration Suite. 52 | 53 | 4. In case of an SAP on-premise solution, it is recommended to SAP Connectivity service with cloud connector and SAP Destination service to establish a secure connection from SAP BTP to the on premise landscape. SAP Application Interface Framework can enable integration monitoring and error handling for business users. 54 | 55 | 5. SAP Business Accelerator Hub provides predefined integration flows for B2G integration scenarios which you deploy on Cloud Integration. 56 | 57 | 6. The electronic documents are sent to in the right format to the tax authorities' or designee’s platform. 58 | 59 | 60 | **Variants: Manual data exchange** (turquois bullet points and arrows in the diagram) 61 | 62 | 3. The SAP solution generates output files for the compliance documents which meet the formatting requirements of the respective local authority. Business users can upload these files through web portals or similar of the local authority. 63 | 64 | 4. A business user enter the data directly in the authorities' portal or other local applications/providers. 65 | 66 | ### Characteristics 67 | The following list outlines characteristics, which are specific for an architecture that support B2G integration: 68 | - **Compliance-oriented**: B2G integration primarily focuses on ensuring compliance with government regulations, policies, and standards. It involves exchanging data and information to meet legal requirements, such as tax filings, reporting obligations, and adherence to industry-specific regulations. 69 | - **Standardization**: B2G integration often requires adherence to specific data formats, protocols, and standards defined by government agencies. Standardization ensures consistency, compatibility, and ease of integration between business and government systems. 70 | - **Continuous update of integration policies**: Governments frequently update regulations and policies, requiring businesses to adapt their integration processes accordingly. B2G integration should be flexible enough to accommodate these changes and ensure ongoing compliance. 71 | - **Auditability and traceability**: B2G integration often requires maintaining detailed audit logs and traceability of data exchanges. This helps ensure transparency, accountability, and the ability to demonstrate compliance during audits or investigations. 72 | - **Multi-agency interactions**: B2G integration may involve interactions with multiple government agencies, departments, and business partners. You need to integrate with different systems, processes, and requirements across various government entities. 73 | 74 | ### Examples in an SAP Context 75 | SAP delivers predefined B2G integration scenarios along end-to-end business processes spanning across multiple SAP business applications. Here are some examples: 76 | - [Advance value-added tax (VAT) return in Germany to report taxable transactions in periodic advance VAT return](https://help.sap.com/docs/SAP_S4HANA_CLOUD/e2d057b7b4df44ba941a040d4dda2956/baa2fa30ee324777b4d61c4af642ec10.html?locale=en-US): This integration scenario is implemented using SAP Document Compliance and Reporting, cloud edition. 77 | - [Receive incoming supplier invoices in France through the Peppol network](https://help.sap.com/docs/SAP_S4HANA_CLOUD/e2d057b7b4df44ba941a040d4dda2956/baa2fa30ee324777b4d61c4af642ec10.html?locale=en-US): This integration scenario is implemented using SAP Document Compliance and Reporting, cloud edition. 78 | - [e-Invoicing for India](https://help.sap.com/docs/SAP_S4HANA_CLOUD/634261119fec4d58970471f2c4a9a740/b85a1a7c09f7419f817c732083695bbc.html?locale=en-US): This integration scenario allows a registration of eInvoice and generation of required Invoice Reference Number (IRN) with direct integration to the eInvoicing System via a GST Suvidha Provider (GSP). It is implemented using SAP Integration Suite. 79 | 80 | ### Reasonable Alternatives 81 | For selected business processes SAP offers tailored solutions which also enable specific B2G integration scenarios, for example: 82 | - [SAP Global Trades Services](https://help.sap.com/docs/SAP_SUCCESSFACTORS_EMPLOYEE_CENTRAL?locale=en-US): This solution supports businesses in managing their foreign trade activities, in adhering to legal trade regulations, and in optimizing the transport of goods across borders. It enables export and import compliance, supplier and customer declaration handling, security filings and more. The solution includes a broker which allows you to exchange trade-related data with customs and other parties. 83 | You use SAP Global Trade Services in context of global trade-related business processes. 84 | - [SAP SuccessFactors Employee Central](https://help.sap.com/docs/SAP_SUCCESSFACTORS_EMPLOYEE_CENTRAL?locale=en-US) and [SAP SuccessFactors Employee Central Payroll](https://help.sap.com/docs/SAP_SUCCESSFACTORS_EMPLOYEE_CENTRAL_PAYROLL?locale=en-US): These solutions exchange tax related information such as e-filing of employees payments and deductions with local authorities using SAP Integration Suite. 85 | 86 | 87 | ### Services and Components 88 | 89 | - [SAP Integration Suite](https://discovery-center.cloud.sap/serviceCatalog/integration-suite?region=all) 90 | - [SAP Connectivity service](https://discovery-center.cloud.sap/serviceCatalog/connectivity-service?region=all) 91 | - [SAP Destination service](https://discovery-center.cloud.sap/serviceCatalog/destination?service_plan=lite®ion=all) 92 | 93 | 94 | 95 | ### Resource 96 | - [SAP Business Accelerator Hub](https://hub.sap.com) 97 | 98 | - SAP Help Portal: 99 | - [SAP Document and Reporting Compliance, cloud edition](https://help.sap.com/docs/cloud-edition?locale=en-US) 100 | - [SAP Application Interface Framework](https://help.sap.com/docs/SAP_APPLICATION_INTERFACE_FRAMEWORK_OVERVIEW) 101 | - [SAP Integration Suite (documentation)](https://help.sap.com/docs/integration-suite) 102 | - [SAP Integration Solution Advisory Methodology (documentation)](https://help.sap.com/docs/architecture_guidance/f64ada51d9f44c83a751b96f955aad5a/85bcc8675d3e42718279bf7b87dafc2d.html?locale=en-US) 103 | 104 | - SAP Community: 105 | - [SAP Document and Reporting Compliance: Cloud or On-Premise? Not an “either or” option, but a streamlined solution for electronic compliance! (blog post)](https://blogs.sap.com/2023/06/03/sap-document-and-reporting-compliance-cloud-or-on-premise-not-an-either-or-option-but-a-streamlined-solution-for-electronic-compliance/) 106 | - [SAP Integration Suite (topic page)](https://community.sap.com/topics/integration-suite) 107 | - [SAP Document and Reporting Compliance (topic page)](https://community.sap.com/topics/document-reporting-compliance) 108 | 109 | 110 | ### Related Missions 111 | 112 | - [Implement and Configure Electronic Invoicing for Italy](https://discovery-center.cloud.sap/missiondetail/3067/3079/) 113 | - [Implement and Configure Electronic Invoicing for Saudi Arabia](https://discovery-center.cloud.sap/missiondetail/4397/4683/) 114 | 115 | -------------------------------------------------------------------------------- /integration/business-to-government-integration/images/Business-to-Government-Integration_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/business-to-government-integration/images/Business-to-Government-Integration_diagram.png -------------------------------------------------------------------------------- /integration/business-to-government-integration/images/archive/ref-arch-b2g-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/business-to-government-integration/images/archive/ref-arch-b2g-integration.png -------------------------------------------------------------------------------- /integration/business-to-government-integration/images/ref-arch-b2g-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/business-to-government-integration/images/ref-arch-b2g-integration.png -------------------------------------------------------------------------------- /integration/master-data-integration/images/Master-Data-Integration_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/master-data-integration/images/Master-Data-Integration_diagram.png -------------------------------------------------------------------------------- /integration/master-data-integration/images/archive/RefArch_MasterDataIntegration_Cloud.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/master-data-integration/images/archive/RefArch_MasterDataIntegration_Cloud.png -------------------------------------------------------------------------------- /integration/master-data-integration/images/archive/ref-arch-master-data-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/master-data-integration/images/archive/ref-arch-master-data-integration.png -------------------------------------------------------------------------------- /integration/master-data-integration/images/ref-arch-master-data-integration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/integration/master-data-integration/images/ref-arch-master-data-integration.png -------------------------------------------------------------------------------- /integration/master-data-integration/master_data_integration.md: -------------------------------------------------------------------------------- 1 | 18 | ![](images/ref-arch-master-data-integration.png) 19 | 20 | ## **Master data integration** 21 | With the help of master data integration, you can replicate master data objects across connected business applications. Master data is basic data about business-relevant objects that is required in different contexts, such as materials or business partners. For ensuring data consistency, the master data is synchronized across connected business applications in (near) real time fashion using APIs. 22 | 23 | This reference architecture is based on the concepts of the **SAP Integration Solution Advisory Methodology**: Thereof, master data integration is defined as an integration use case pattern which belongs to the process integration style. The diagram shows the runtime perspective for A2A integration covering the integration domains Cloud2Cloud, Cloud2OnPremise and OnPremise2OnPremise. 24 | 25 | ### Flow 26 | 27 | Let’s take a look at the steps in detail: 28 | 1. SAP cloud solutions which are supported by SAP Master Data Integration (see [Integration](https://help.sap.com/docs/master-data-integration/sap-master-data-integration-prod/integration?locale=en-US)) synchronize their master data with SAP Master Data Integration. In this context a solution can act as a master data provider which sends master data change requests toward SAP Master Data Integration. Or it can act as a master data consumer which receives master data change events from SAP Master Data Integration. These events are exchanged asynchronously using REST or SOAP based APIs (the latter one for business partner master data only). 29 | 30 | 2. All master changes are stored centrally in the master data event log of SAP Master Data Integration and shared with master data consumers using a distribution model. The main benefit of using SAP Master Data Integration is that you can implement a central master data hub which allows connected solutions to synchronize their local master data databases with the master data database of the central hub in an efficient and scalable fashion. 31 | 32 | 3. The Cloud Integration capability within SAP Integration Suite is used for master data integration scenarios between SAP solutions which are not yet supported by SAP Master Data Integration. When you have already implemented master data integration scenarios using Cloud Integration which are supported by SAP Master Data Integration in the meantime, you may continue using those as unless you want to take advantage of SAP Master Data Integration’s benefits. 33 | 34 | 4. SAP Business Accelerator Hub provides predefined integration flows and also APIs, adapters and more to build custom integration flows which are deployed on Cloud Integration. 35 | 36 | 5. When exchanging master data between SAP Master Data Integration and a third-party solution (cloud, on-premise) or SAP on premise solution (with the exception of newer release of SAP S/4HANA) you use Cloud Integration, too: It includes an SAP Master Data Integration adapter to synchronize master data with SAP Master Data Integration. 37 | 38 | 6. In case of on-premise solutions it is recommended to also use SAP Connectivity service with Cloud Connector and Destination service for establishing a secure connection from SAP BTP to the on-premise landscape. 39 | 40 | 7. Higher release versions of SAP S/4HANA can also synchronize their master data with SAP Master Data Integration (without Cloud Integration). 41 | 42 | 8. In case the integration scenario involves SAP S/4HANA (or SAP ECC) the SAP Application Interface Framework can enable integration monitoring and error handling for business users. 43 | 44 | If you are looking to implement master data management processes such as consolidation, data quality control, and central governance you may additionally use SAP Master Data Governance solution which enables such functionality. Regarding the reference architecture for master data: SAP Master Data Governance acts as a master data provider or master data consumer and can integrate with SAP Master Data Integration for selected scenarios, too. 45 | 46 | ### Characteristics 47 | An architecture for master data integration can be characterized as follows: 48 | - **Master data synchronization**: Ability to synchronize master data objects between diverse solutions which can act as master data provider and/or master data consumer system. Data synchronization aims at ensuring data consistency across a solution landscape. 49 | - **Data transformation and harmonization**: Support of (structure and value) mappings of master data from various sources. Ideally this includes a unified representation of master data across connected solutions. 50 | - **(Near) Real-time processing**: A (near-) real-time processing is needed to enable consistent and up-to-date availability of master data information across the organization. 51 | - **Data security and privacy**: Ability to meet data security and compliance regulations. These include for instance the protection of sensitive data, compliant data distribution to ensure data confidentiality and integrity. 52 | 53 | ### Examples in an SAP Context 54 | SAP delivers predefined master data integration scenarios along end-to-end business processes spanning across multiple SAP solutions. The following examples are using the SAP Master Data Integration service for synchronizing master data: 55 | - Synchronization of the workforce person master data object between SAP S/4HANA Cloud and SAP SuccessFactors HXM Suite as part of the [Hire to Retire process (for cloud deployment)](https://api.sap.com/dfd/HR1C1-DFDDataFlowsforHRData) 56 | - Synchronization of the cost center master data object as part of the [Source to Pay process (for cloud deployment)](https://api.sap.com/dfd/SP1C1-DFDMasterDataFlows) 57 | - Synchronization of the customer master data object as part of the [Lead to Cash process (for cloud deployment)](https://api.sap.com/dfd/LC1C1-DFDMasterDataFlowforBusinessPartnerCustomer) 58 | 59 | ### Reasonable Alternatives 60 | For selected SAP lines-of-business solutions further integration technologies are available which are tailored to the needs of the respective business solution: 61 | - [SAP Integration Suite, managed gateway for spend management and SAP Business Network](https://help.sap.com/docs/sisgw?locale=en-US): This solution, which is formerly known as SAP Ariba Cloud Integration Gateway, is based on SAP Integration Suite. This managed gateway facilitates the integration of buyers' and suppliers' SAP ERP or SAP S/4HANA systems with intelligent spend solutions from SAP and SAP Business Network. Managed gateway includes self-service wizards for configuring predefined integration scenarios, automated testing, and real-time monitoring. 62 | 63 | You use the managed gateway for such predefined integration scenarios that are that are not supported by SAP Master Data Integration yet. For more information about integration scenarios that are supported by the managed gateway see [overview guide for buyers](https://help.sap.com/docs/ARIBA_CIG/1b1724b5f3e248568430b640c0412c24/dabf918d862847728f00d80025e38f28.html?locale=en-US) and [overview guide for suppliers](https://help.sap.com/docs/ARIBA_CIG/791693e960f6494b8ea0a0bae07d406c/f13af7d9e5ea4bee9afb40249063833d.html?locale=en-US). 64 | 65 | 66 | ### Services and Components 67 | 68 | - [SAP Integration Suite](https://discovery-center.cloud.sap/serviceCatalog/integration-suite?region=all) 69 | - [SAP Master Data Integration](https://discovery-center.cloud.sap/serviceCatalog/master-data-integration?region=all) 70 | - [SAP Connectivity service](https://discovery-center.cloud.sap/serviceCatalog/connectivity-service?region=all) 71 | - [SAP Destination service](https://discovery-center.cloud.sap/serviceCatalog/destination?service_plan=lite®ion=all) 72 | 73 | 74 | ### Resources 75 | 76 | - [SAP Business Accelerator Hub](https://hub.sap.com): This hub is a central catalog which is hosted by SAP and allows you to discover, explore, test and consume different types of digital content such as APIs, events, integration content, adapters to accelerate integration and extension of SAP solutions. 77 | 78 | - SAP Help Portal: 79 | - [SAP Application Interface Framework](https://help.sap.com/docs/SAP_APLICATION_INTERFACE_FRAMEWORK_OVERVIEW): This technology is used together with SAP ECC or SAP S/4HANA, to develop and monitor interfaces as well as execute error handling within the SAP backend system. 80 | - [SAP Integration Suite](https://help.sap.com/docs/integration-suite) 81 | - [SAP Master Data Integration](https://help.sap.com/docs/SAP_MASTER_DATA_INTEGRATION) 82 | - [SAP Integration Solution Advisory Methodology](https://help.sap.com/docs/architecture_guidance/f64ada51d9f44c83a751b96f955aad5a/85bcc8675d3e42718279bf7b87dafc2d.html?locale=en-US) 83 | 84 | - SAP Community: 85 | - [SAP Integration Suite (topic page)](https://community.sap.com/topics/integration-suite) 86 | - [SAP Master Data Integration – sharing and synchronizing master data in the integrated Intelligent Suite (blog post)](https://blogs.sap.com/2020/07/21/sap-cloud-platform-master-data-integration-sharing-and-synchronizing-master-data-in-the-integrated-intelligent-suite/) 87 | - [SAP Integration Suite – Integration with SAP Master Data Integration (MDI) service (blog post)](https://blogs.sap.com/2022/05/20/sap-integration-suite-integration-with-sap-master-data-integration-mdi-service/) 88 | - [Master Data Integration and Master Data Management: What’s the Difference (blog post)](https://blogs.sap.com/2020/10/23/master-data-integration-and-master-data-management-whats-the-difference/) 89 | 90 | 91 | 92 | ### Related Missions 93 | 94 | - [Use SAP Integration Suite to Synchronize Master Data](https://discovery-center.cloud.sap/missiondetail/4248/4505/) 95 | - [Get started with SAP Integration Suite](https://discovery-center.cloud.sap/missiondetail/3258/3327/) 96 | - [S/4HANA Cloud - Cost Center Mass Update](https://discovery-center.cloud.sap/missiondetail/3419/3459/) 97 | 98 | 99 | -------------------------------------------------------------------------------- /lifecycle-management/README.md: -------------------------------------------------------------------------------- 1 | ## Lifecycle Management reference architectures -------------------------------------------------------------------------------- /security/cloud-leading-authn/cloud-leading-authn.md: -------------------------------------------------------------------------------- 1 | 17 | 18 | 19 | ## **Cloud leading authentication** 20 | 21 | The main (non-human) interacting actors in the model are identity providers, service providers, and the IAM services supported by SAP BTP. As shown in the figure Identity providers are systems that assert user information to service provider systems, vouching for the identity of the users who require access to their services. For this purpose, the identity provider issues a security token that can be accepted as an alternative that eliminates having to authenticate a user repeatedly. Service providers are systems that offer the business and technical services that users require to do their work. 22 | 23 | Finally, the SAP Cloud Identity Services can act as identity provider, capable of performing authentication or as a broker forwarding the requests to third-party providers. 24 | In the scenario in the figure the SAP Cloud Identity Services redirect the incoming authentication request to a configured Identity Provider and act as broker. This scenario is very common for employee scenarios if the company uses one central IdP across several vendors. This scenario also works in combination with new applications which use the Identity Directory within the SAP Cloud Identity Services to store the identities and their assignments. SAP Cloud Identity Services can verify against the Identity Directory if and how the authentication flow should be federated to an external Identity Provider or which attributes would be merged into the authentication tokens which are only relevant for the SAP landscape. 25 | As conclusion the SAP Cloud Identity Services act either as the secure Identity Provider for your SAP landscape or as a facade for the SAP applications to your existing Identity Provider. In both setups you benefit from the templates and integrations within the SAP environment and a lower integration effort into your non-SAP cybersecurity toolset. 26 | 27 | ## Flow 28 | 29 | The following flows start in the application. Those are known as SAML Service Provider initiated and OIDC Resource Provider initiated flow. Those are the most common scenarios. 30 | 31 | > Note: If SAML is used in the complete chain then (3rd party) IdP initiated SAML flows are supported, but this would be just an option and not the default or recommendation. 32 | 33 | ### A) SP / RP initiated flow (SAML / OIDC) for Web applications 34 | 35 | The following flow can be applied to SAP Cloud applications and SAP On-Premises applications (incl. private cloud) which are integrated with the SAP Cloud Identity Services - Identity Authentication. 36 | 37 | 1. The authentication flow starts by an application / business user as shown in the upper left corner of the diagram. The **user** accesses the SAP application via an **Application Client (here a browser like Chrome)**. 38 | 2. The SAP Cloud or SAP On-Premises (incl. private cloud) application does not find an active session via a cookie in the browser. 39 | 3. The SAP application redirects the application client to the IAS. 40 | 4. The IAS asks the application client for a X.509 certificate or if no known certificate was presented it would try to get the user authenticated. 41 | 5. The IAS checks the application-configuration for the calling application if any Corp.IdP forwarding is in place. 42 | - no: The IAS presents a login screen 43 | - yes: e.g. in general for all SAP applications a redirect is enabled - IAS redirects the application client to the 3rd party Identity Provider 44 | 45 | ### B) Federation flow with 3rd party Identity Providers (IdP) for Web applications 46 | 47 | 6. The 3rd party Identity Provider authenticates the user. 48 | 7. The 3rd party IdP redirects the application client with the authenticated user details to IAS. 49 | 8. The IAS accepts the incoming token and processes it based on the app-configuration. 50 | > :warning: In the past the common scenario was [**IAS proxy**](https://help.sap.com/docs/identity-authentication/identity-authentication/corporate-identity-providers?locale=en-US) without the user present in IdDS. This reference architecture expects the user present in IdDS and the [***Federation setting "Use Identity Authentication user store" enabled***](https://help.sap.com/docs/identity-authentication/identity-authentication/corp-idp-configure-identity-federation?locale=en-US#context) :warning: 51 | 52 | ### C) Application authentication for Web applications 53 | 54 | 9. The IAS creates a new token based on the application-configuration SAML or OIDC with attributes used from the 3rd party IdP and/or from the IdDS. 55 | 10. The IAS redirects the application client to the application. 56 | 11. The application accepts the token from IAS and creates a new user-session. The user is logged in. 57 | 58 | ### D) SAP GUI Single Sign-On 59 | 60 | The Single Sign-On flow for SAP GUI applications re-uses the same authentication flow with Cloud Identity Services - Identity Authentication as the Web applications. The difference is that the SAP GUI uses a different protocol. The SAP GUI uses X.509 certificates for the authentication. The flow is as follows: 61 | 62 | 1. The users starts the SAP GUI and activates the SSO features with SAP Cloud Identity Services. 63 | 2. The user authenticates against the IAS. 64 | 3. The IAS creates a new OIDC token with attributes. As described above the attributes could come from the 3rd party IdP and/or from the IdDS. IAS hands the token over to the [SAP Secure Login Service for SAP GUI](https://help.sap.com/sls) (SLS). 65 | 4. The SLS creates a short term X.509 certificate for the authenticated user and stores it in the certificate store the SAP GUI uses. 66 | 5. The SAP GUI uses the X.509 certificate to authenticate against the SAP application. 67 | 68 | 69 | ## Characteristics 70 | 71 | This setup has the following characteristics: 72 | - One Authentication interface for all SAP applications via the SAP Cloud Identity Services - Identity Authentication 73 | - Preconfigured trusts between the SAP Cloud Identity Services and the SAP Cloud applications 74 | - Resource Provider initiated and Service Provider initiated SAML and OIDC flows are supported. An Identity Provider initiated SAML flow is technically supported but not the default or recommendation. 75 | - The Central user store - SAP Cloud Identity Services - Identity Directory - is used to store the user identities and their assignments which allows the merge of attributes during the authentication flow into the tokens e.g. groups can be mapped from the IdDS to the application token. 76 | - Technically the IAS terminates the authentication flow and creates a new token for the application. 77 | 78 | 79 | ### Services and Components 80 | 81 | - [SAP Cloud Identity Services - Identity Provisioning](https://discovery-center.cloud.sap/serviceCatalog/identity-provisioning?service_plan=sap-cloud-to-sap-cloud®ion=all&commercialModel=cloud) 82 | - [SAP Cloud Identity Services - Identity Authentication](https://discovery-center.cloud.sap/serviceCatalog/identity-authentication?region=all) 83 | 84 | 85 | 86 | ### Resources 87 | 88 | - [SAP Cloud Identity Services - Identity Directory](https://api.sap.com/api/IdDS_SCIM/overview) 89 | 90 | - SAP Help Portal: 91 | - [SAP Cloud Identity Services - Authorization Management](https://help.sap.com/docs/identity-authentication/identity-authentication/configuring-authorization-policies?version=Cloud) 92 | - [SAP Cloud Identity Services](https://help.sap.com/docs/cloud-identity?version=Cloud&locale=en-US) 93 | - [SAP Secure Login Service for SAP GUI](https://help.sap.com/sls) 94 | 95 | 96 | ### Related Missions 97 | 98 | - [Get Started with SAP BTP - Cloud Identity](https://discovery-center.cloud.sap/missiondetail/4325/4605/) 99 | - [Configure identity lifecycle management in a hybrid SAP landscape](https://discovery-center.cloud.sap/missiondetail/3116/3152/) 100 | - [Establish single sign-on to your cloud solutions](https://discovery-center.cloud.sap/missiondetail/3114/3151/) 101 | 102 | -------------------------------------------------------------------------------- /security/cloud-leading-authn/images/Cloud-leading-Authentication_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/security/cloud-leading-authn/images/Cloud-leading-Authentication_diagram.png -------------------------------------------------------------------------------- /security/cloud-leading-authn/images/SAP_IAM_SD_AuthN_2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/security/cloud-leading-authn/images/SAP_IAM_SD_AuthN_2024.png -------------------------------------------------------------------------------- /security/cloud-leading-authn/images/archive/SAP_IAM_SD_AuthN_2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/security/cloud-leading-authn/images/archive/SAP_IAM_SD_AuthN_2024.png -------------------------------------------------------------------------------- /security/cloud-leading-authz/cloud-leading-authz.md: -------------------------------------------------------------------------------- 1 | 17 | 18 | 19 | ## **Cloud driven identity lifecycle authorizations** 20 | 21 | Authorizations are domain specific and still the aim is that they can be assigned to an identity centrally. 22 | Traditionally authorizations are defined in the application and are not centrally managed. This leads to a huge effort to maintain the authorizations and to ensure that the least-privilege-methodology is applied across different stacks and solutions. 23 | 24 | SAP uses for the authorization assignments in an identity lifecycle the Identity Directory. Identity Directory is a SCIM compliant user and group store. Identity Directory acts as customer fascade for the identity lifecycle and the central point for the authorization assignments. The Cloud Identity Services also act as trusted anchor for the SAP applications for several security features like the authentication and the authorization assignments, but also the federation with 3rd party solutions. 25 | 26 | Many systems e.g. SAP NetWeaver ABAP have a long history of defining authorizations combined in template roles in the system with detailed restrictions and derivations of those template roles. 27 | In the SAP Business Technology Platform (BTP) the autorizations are also specified in the application. SAP BTP applications based on the SAP BTP Authorization and Trust Managemetn (XS UAA) e.g. via [SAP Cloud Application Programming Model CAP](https://cap.cloud.sap/docs/get-started/in-a-nutshell) the developer defines the app-roles within the application. In the XS UAA which is visible to you as user-management in each BTP subaccount, each customer administrator can create and maintain Role Collections. Role Collections can group multiple app-roles. Role Collections can be assigned to users, while app-roles cannot. 28 | 29 | In the context of new applications, the [SAP Cloud Identity Services - Identity Directory](https://api.sap.com/api/IdDS_SCIM/overview) functions as the user and group store. This advanced service accommodates the [SAP Authorization Management Service (AMS)](https://help.sap.com/docs/identity-authentication/identity-authentication/configuring-authorization-policies?locale=en-US)(AMS)-defined policies, which are stored and assigned to users in the Identity Directory. The AMS allows the definition of policies by the app-developer but a central derivation and assignment to users in the Identity Directory. 30 | 31 | ### Preperation 32 | 33 | Current SAP applications with an user- & group / role store expose those via the SCIM2 protocol. 34 | 35 | 1. The SAP Cloud Identity Services - Identity Provisioning (IPS) replicates the groups from the SAP applications into the Identity Directory. 36 | 2. SAP BTP applications based on AMS publish automatically the policies into the Identity Directory as groups. 37 | 3. SAP BTP applications based on XS UAA should be configured with IPS to replicate Role Collections into the Identity Directory as groups. 38 | 39 | >Examples: 40 | > 41 | >SAP S/4HANA Cloud exposes Roles as Groups and Users as Users via SCIM2. 42 | > 43 | >SAP Cloud Identity Services themselves use [AMS to allow finegrained authorizations](https://help.sap.com/docs/identity-authentication/identity-authentication/beta-configure-authorizations-based-on-policies?locale=en-US). 44 | 45 | ### Flow 46 | 47 | 4. The authorization assignment to a user is done in the Identity Directory. 48 | 5. This can be done by the [SCIM2 API](https://api.sap.com/api/IdDS_SCIM/overview) or by the SAP Cloud Identity Services user interface (UI). 49 | - The UI allows two different views: 50 | - The user view allows the assignment of groups to a user. 51 | - The groups view allows the assignment of users to a group. 52 | - The [SCIM2 protocol mandates](https://www.rfc-editor.org/rfc/rfc7644#section-3.5) the assignment via the /Groups endpoint by maintaining the members attribute (the UI does the same). 53 | 6. The replication of the assignments to the SAP applications is done based on the used technology: 54 | - Applications with an own user- & groups-store the IPS replicates the assignments to the SAP applications via periodic execution of IPS-source & target jobs. 55 | - AMS based applications synchronize the assignments automatically in the background. 56 | 57 | >Hint: Future applications might use different technologies integrating with the Cloud Identity Services which would allow our customers an easy adoption. 58 | 59 | 60 | ### Characteristics 61 | 62 | This setup has the following characteristics: 63 | - The Identity Directory is the central point for the authorization assignments. 64 | - The authorizations are and remain domain specific - only the assignment is done centrally. 65 | 66 | 67 | ### Services and Components 68 | 69 | - [SAP Cloud Identity Services - Identity Provisioning](https://discovery-center.cloud.sap/serviceCatalog/identity-provisioning?service_plan=sap-cloud-to-sap-cloud®ion=all&commercialModel=cloud) 70 | - [SAP Cloud Identity Services - Identity Authentication](https://discovery-center.cloud.sap/serviceCatalog/identity-authentication?region=all) 71 | 72 | 73 | ### Resources 74 | 75 | - [SAP Cloud Identity Services - Identity Directory](https://api.sap.com/api/IdDS_SCIM/overview) 76 | 77 | - SAP Help Portal: 78 | - [SAP Cloud Identity Services - Authorization Management](https://help.sap.com/docs/identity-authentication/identity-authentication/configuring-authorization-policies?version=Cloud) 79 | - [SAP Cloud Identity Services](https://help.sap.com/docs/cloud-identity?version=Cloud&locale=en-US) 80 | 81 | - [More details about the SAP Identity Management End-of-Maintenance (SAP Community blog posts)](https://community.sap.com/t5/technology-blogs-by-sap/preparing-for-sap-identity-management-s-end-of-maintenance-in-2027/ba-p/13596101) 82 | - [SAP Cloud Application Programming Model (CAP)](https://cap.cloud.sap/docs/get-started/in-a-nutshell) 83 | - [SCIM2 protocol](https://www.rfc-editor.org/rfc/rfc7644) 84 | - [SCIM2 schemas](https://www.rfc-editor.org/rfc/rfc7643) 85 | 86 | 87 | ### Related Missions 88 | 89 | - [Get Started with SAP BTP - Cloud Identity](https://discovery-center.cloud.sap/missiondetail/4325/4605/) 90 | - [Configure identity lifecycle management in a hybrid SAP landscape](https://discovery-center.cloud.sap/missiondetail/3116/3152/) 91 | - [Establish single sign-on to your cloud solutions](https://discovery-center.cloud.sap/missiondetail/3114/3151/) 92 | 93 | -------------------------------------------------------------------------------- /security/cloud-leading-authz/images/Cloud-leading-Identity-Lifecycle-Authorizations_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/security/cloud-leading-authz/images/Cloud-leading-Identity-Lifecycle-Authorizations_diagram.png -------------------------------------------------------------------------------- /security/cloud-leading-authz/images/SAP_IAM_SD_AuthZ_2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/security/cloud-leading-authz/images/SAP_IAM_SD_AuthZ_2024.png -------------------------------------------------------------------------------- /security/cloud-leading-authz/images/archive/SAP_IAM_SD_AuthZ_2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/security/cloud-leading-authz/images/archive/SAP_IAM_SD_AuthZ_2024.png -------------------------------------------------------------------------------- /security/cloud-leading-identity-lifecycle/cloud-leading-identity-lifecycle.md: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | 21 | Cloud driven AuthN 22 | 23 | 24 | 25 | ## **Cloud driven Identity Lifecycle** 26 | 27 | Every user has a user account in each system that provides services for the business scenarios that are relevant for that user. Users may be employees, consumers, or business partners, with corresponding authorization assignments. 28 | 29 | This reference architecture delves into the critical aspects of Identity Access Management (IAM) for SAP, focusing on essential elements, including user storage, replication, and identity lifecycle. 30 | 31 | In an SAP landscape, users are stored across all service providers. To ensure consistency and synchronization across these diverse environments, replication is essential. Single sign-on protocols like SAML2 and OIDC play a role in this process. These protocols allow to transfer selected attributes during authentication (federation). However, their efficacy decreases when a user is offline but still needs modifications or – not to forget – deletion. 32 | To address such challenges and maintain a seamless identity lifecycle, SAP employs SCIM2. SCIM2 facilitates the replication of users and groups into SAP solutions, ensuring a coherent and updated user landscape. 33 | 34 | In the context of new applications, the SAP Cloud Identity Services - Directory Service functions as the user and group store, eliminating the need for further replication to application local user stores. This advanced service accommodates the SAP Authorization Management Service-defined policies, which are stored and assigned to users in the Identity Directory. 35 | To get the identities into the Identity Directory the replication can occur via the leading Identity Management (IDM) tool or through the SAP Cloud Identity Services - Identity Provisioning. 36 | The Identity Provisioning service then replicates the users and groups stored in the Identity Directory into the target applications, primarily leveraging SCIM. But this approach is not bound to SCIM. It allows a stable central interface for the SAP landscape even if the technologies for the applications within the SAP landscape change. 37 | 38 | The architecture resulting from these boundary conditions advocates for centrally storing users and groups in the SAP Cloud Identity Services - Identity Directory. This centralized approach facilitates efficient provisioning and enhances overall control over user identities and access privileges. 39 | 40 | For a unified access governance, SAP Cloud Identity Access Governance integrates with SAP Cloud Identity Services. This integration enables comprehensive analysis of identities and their access, helping to mitigate business risks significantly. 41 | 42 | ### Administrative and Operational Aspects 43 | 44 | A user with an administrator role has access to the tenant-specific administration console in the browser. In the console, the administrator can use the administration services to select which identity data from which identity provider should be forwarded to which service provider by the SAP Cloud Identity Services. Furthermore, the administrator sets up the connectors to establish communication between the Identity Provisioning Service and the service providers. Different connectors are required to establish this communication, depending on the peripheral systems that should be connected. For connecting on-premise systems the SAP Connectivity service can be used. 45 | The SAP Cloud Identity Services rely internally also on the AMS policies. For compatibility reasons and easy onboarding, the services use a simplified access-interface today as default. We recommend activating the policies for the SAP Cloud Identity Services in the tenant for more granular and customizable authorization concepts. 46 | Administrators of the SAP Cloud Identity Services could maintain the local identities in the Identity Directory via the administration console of SAP Cloud Identity Services. In this reference architecture it is more for verifying the data than actually maintaining identities because we foresee integrations with an IDM as leading processes. 47 | 48 | ### Conclusion 49 | 50 | In conclusion, our reference architecture in the figure adopts a cloud driven IAM approach, underscoring the importance of robust, efficient, and scalable IAM for SAP. Embracing this approach can lead to stronger security, improved compliance, and enhanced operational efficiency, paving the way for a secure and reliable digital business environment. The SAP Cloud Identity Services act as facade for the SAP landscape and allow you a more efficient management of the identity lifecycle. 51 | 52 | ## SAP Business Technology Platform specifics 53 | 54 | SAP Business Technology Platform (BTP) is made up of global accounts, directories and subaccounts which are used to manage and operate SaaS and custom applications and services. This involves setting up trust with the SAP Cloud Identity Services for business users as well as platform users (administrators, developers, operators) who work with SAP BTP. 55 | 56 | In SAP BTP global accounts, administrators set up a trust with SAP Cloud Identity Services for platform users (administrator, developers, operators). This enables login to all tools used for BTP account management using Identity Authentication Service, and uses the OpenID Connect (OIDC) protocol. 57 | In SAP BTP subaccounts, administrators set up a trust with SAP Cloud Identity Services for business users. SAP recommends the one-click integration called „Establish Trust“, since it is a prerequisite for more and more applications which natively integrate with SAP Cloud Identity services, such as SAP Build Apps, SAP Build Work Zone, or SAP Ariba Buying. This native integration of BTP applications with SAP Cloud Identity Services provides several benefits, such as full support for custom domains, application-specific authentication settings, simplified principal propagation scenarios, and usage of the Authorization Management Service (AMS). 58 | 59 | Please also check the IAM reference architecture focussing for authentication. 60 | 61 | SAP plans to enable further capabilities in the future, like central administration of BTP authorizations from any number of subaccounts using the identity directory, and BTP applications to read additional user data from the identity directory instead of requiring application-specific user stores to be populated. 62 | Established applications which use the Authorization and Trust Management (XSUAA) service of BTP are still fully supported with this kind of trust, too. The one-click integration uses the OpenID Connect (OIDC) protocol between the subaccount and SAP Cloud Identity services. Customers are still free to choose between SAML and OIDC for the integration between SAP Cloud Identity services and their corporate identity providers. 63 | 64 | Further information is available in the Best Practices for SAP BTP. 65 | With AMS, administrators can derive and maintain application policies centrally in SAP Cloud Identity Services instead of individual BTP subaccounts and can control authorizations on a much more fine-grained level. 66 | Currently nearly all SAP applications have their own user store. This has several reasons but makes remote management and compliance complex. This also applies to each BTP subaccount. The fast-evolving cloud technologies also introduced several different software stacks and ways of interacting with such user stores. SAP will simplify this with SAP Cloud Identity Services in the long run. The goal is to centralize user and group management in SAP Cloud Identity Services and to enable remote management for the whole SAP cloud landscape using SAP Cloud Identity APIs. 67 | New applications and new BTP features require the users to exist in the identity directory. In such cases, you must populate the Identity Directory with all relevant users, for example, to assign policies of the Authorization Management service to users. While the setup of SAP Cloud Identity Services with the first such application might add additional effort to the project, it reduces the effort for any following application, because you no longer need to populate additional application-specific user stores. 68 | 69 | ### Flow 70 | 71 | The flow contains two major aspects 1. The derivation of an Identity from a Workforce Person and 2. The assignment of access to the Identity which implicit requires the replication into the target systems. 72 | A Workforce Person is an entity which represents the master data of employees or contigent workers. The Workforce Person could have multiple contracts with the company and most of the attributes have a time dependency. 73 | The digitial Identity is derivation of the Workforce Person and the focus is on the current valid attributes which are relevant for the user replication and the access assignments. The Identity is the entity which is replicated into the target systems and which is used for the access assignments. 74 | 75 | ### Workforce Person to Identity 76 | 77 | 1. In the first step the Workforce Person is created or updated in the leading system. The leading system is the system which is the master data system for the Workforce Person. The leading system could be a SAP Success Factors for employees or an SAP Fieldglass for contingent workers. The leading system could also be a non-SAP system which is the master data system for the Workforce Person. 78 | 2. The Workforce to Identity derivation takes place in an Identity Management solution. The IDM consumes the source system APIs offering the workforce data APIs (not user!). The Identity Management derives out of the time-sliced attributes the current relevant values for the Identity. This process is very customers specific. 79 | 80 | ### Identity with access assignments 81 | 82 | 3. The Identity Management solution replicates the Identity into the Identity Directory of the SAP Cloud Identity Services. The Identity Directory is the user and group store of the SAP Cloud Identity Services. The Identity Directory is the central user store for the SAP Cloud Identity Services and is used for the access assignments. 83 | 4. (OPTIONAL) The access assignments can run through access requests and access analysis to identify and mitigate business risks with the SAP Cloud Identity Access Governance. 84 | 5. The Identity Provisioning service replicates user & groups into the target systems. The IPS offers connectors for the SAP applications with preconfigured attribute-sets. 85 | 86 | ### Characteristics 87 | 88 | This setup has the following characteristics: 89 | - Workforce Person to Identity derivation is a customer specific process in a 3rd party Identity Management solution. 90 | - The Identity Directory is the central user store for the SAP landscape and is used for the access assignments. The Identity Directory offers the usage of different technologies for the access assignments e.g. SAP BTP contains: XS UAA and AMS based applications which are all supported by the Identity Directory and the Identity Provisioning Service. 91 | - The Identity Provisioning Service replicates user & groups into the SAP target systems. 92 | - The identity lifecycle reference architecture should be combined with reference authentication architecture which both rely on the SAP Cloud Identity Services. 93 | 94 | 95 | ### Services and Components 96 | 97 | - [SAP Cloud Identity Services - Identity Provisioning](https://discovery-center.cloud.sap/serviceCatalog/identity-provisioning?service_plan=sap-cloud-to-sap-cloud®ion=all&commercialModel=cloud) 98 | - [SAP Cloud Identity Services - Identity Authentication](https://discovery-center.cloud.sap/serviceCatalog/identity-authentication?region=all) 99 | 100 | 101 | ### Resources 102 | 103 | - [SAP Cloud Identity Services - Identity Directory](https://api.sap.com/api/IdDS_SCIM/overview) 104 | - [SAP Cloud Identity Services - Authorization Management](https://help.sap.com/docs/identity-authentication/identity-authentication/configuring-authorization-policies?version=Cloud) 105 | - [SAP Cloud Identity Services](https://help.sap.com/docs/cloud-identity?version=Cloud&locale=en-US) 106 | - [More details about the SAP Identity Management End-of-Maintenance](https://community.sap.com/t5/technology-blogs-by-sap/preparing-for-sap-identity-management-s-end-of-maintenance-in-2027/ba-p/13596101) 107 | 108 | 109 | ### Related Missions 110 | 111 | - [Get Started with SAP BTP - Cloud Identity](https://discovery-center.cloud.sap/missiondetail/4325/4605/) 112 | - [Configure identity lifecycle management in a hybrid SAP landscape](https://discovery-center.cloud.sap/missiondetail/3116/3152/) 113 | - [Establish single sign-on to your cloud solutions](https://discovery-center.cloud.sap/missiondetail/3114/3151/) 114 | 115 | -------------------------------------------------------------------------------- /security/cloud-leading-identity-lifecycle/images/Cloud-leading-Identity-Lifecycle_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/security/cloud-leading-identity-lifecycle/images/Cloud-leading-Identity-Lifecycle_diagram.png -------------------------------------------------------------------------------- /security/cloud-leading-identity-lifecycle/images/SAP_IAM_SD_W2I_2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/security/cloud-leading-identity-lifecycle/images/SAP_IAM_SD_W2I_2024.png -------------------------------------------------------------------------------- /security/cloud-leading-identity-lifecycle/images/archive/SAP_IAM_SD_W2I_2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SAP/sap-btp-reference-architectures/9b309dde605daa1c9dac7f72fd33b4851b9985f4/security/cloud-leading-identity-lifecycle/images/archive/SAP_IAM_SD_W2I_2024.png --------------------------------------------------------------------------------