© 2016 SAP SE or an SAP affiliate company. All rights reserved. 2Early Knowledge Transfer Customer
Disclaimer
This presentation outlines our general product direction and should not be relied on in making apurchase decision. This presentation is not subject to your license agreement or any other agreementwith SAP. SAP has no obligation to pursue any course of business outlined in this presentation or todevelop or release any functionality mentioned in this presentation. This presentation and SAP'sstrategy and possible future developments are subject to change and may be changed by SAP at anytime for any reason without notice. This document is provided without a warranty of any kind, eitherexpress or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in thisdocument, except if such damages were caused by SAP intentionally or grossly negligent.
© 2016 SAP SE or an SAP affiliate company. All rights reserved. Early Knowledge Transfer 3Customer
High level technical architectureConceptOverviewComponentsApplication layersUI layersTechnical componentsMulti tenant landscapeMulti tenant applications
Layered access controls to enable data privacyIntegration mechanismsInfrastructure & securityCustomer View on LandscapeConsumer and provider accounts
Contents
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 4Early Knowledge Transfer Customer
Business Network Application built on HANA Cloud Platform
SAP HANA Cloud Platform
Asset Intelligence Network
© 2016 SAP SE or an SAP affiliate company. All rights reserved. Early Knowledge Transfer 5Customer
SAP AIN Technical Architecture - Concept
SAP AIN provides a global registry of models and equipments to be shared between multiple parties andresulting in a common definition of “assets” that delivers new business models and true operational excellence.
An important capability of SAP AIN is to take care about data privacy and security along the horizontal data andprocess integration spanning multiple stakeholder and asset data providers.
The architecture follows a common client-server approach with SAPUI5 (HTML5) at the client’s browser and aJava-Backend running in Hana Cloud Platform (HCP), providing services that are consumed by the SAPUI5applications.
The applications running within the Java-Backend define the main components of SAP AIN and realize the corebusiness processes of SAP AIN. These applications rely on some general services provided by HCP, like thePersistency Service and Document Service.
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 6Early Knowledge Transfer Customer
SAP AIN Technical Architecture - Overview
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 7Early Knowledge Transfer Customer
SAP AIN Technical Architecture - Components
Fiori Launch Pad Fiori Launch Pad Templates Models Equipment Authorizations PartnersOnboarding
Presentation Layer / HTML5 Applications
Company / Person / User Management
Company ( BusinessPartner)
Person ( BusinessPartner)
Authorization(Object Level) Connections
Network
NetworkGraph
RelationshipDetails
Property
Property Set Type
Category / Template
Model
Equipment
Instructions
Announcements
DocumentManagement
ERP(ConsultingNotes)
PublicAPI
Customer SystemsCustomer Systems
R
R
Hotspot/Spareparts
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 8Early Knowledge Transfer Customer
SAP AIN Technical Architecture - Application Layers ( Java Stack )
JAX-RS (Jersey)
JPA (EclipseLink)
Spring JDBC Template
Olingo
HANA
AIN Business layer
Documents Services
Spring Security (Role Authorization)
Spring Security (Custom ACL)
R
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 9Early Knowledge Transfer Customer
SAP AIN Technical Architecture - UI Layers
Existing
* In Future
HTML APPLICATIONS
SAPUI 51.30.0 VE Library AIN VE
Developments
HTML APPLICATIONS
SAPUI 51.32.0 VE Library AIN VE
DevelopmentsOVP
© 2016 SAP SE or an SAP affiliate company. All rights reserved. Early Knowledge Transfer 10Customer
SAP AIN Technical Architecture - Technical Components
Architecture area Technologies to be usedClients Microsoft Internet Explorer 10 and better, Mozilla Firefox, Apple Safari, Google Chrome
Presentation Layer / User InterfaceSAP Fiori LaunchPad, SAPUI5, Fiori (Fiori as a Service on the HCP)
RAML interface will be used between UI and backend
Business Logic Layer
Spring Framework and Spring Security: management and orchestration of components
Plain Java for business logic implementation, using the Spring Framework. The Spring Framework provides an inversion of controlcontainer responsible for the object lifecycle. Spring is responsible for creating objects, calling initialization methods, andconfiguring objects by wiring them together.
SAP Java 7
Integration MiddlewareUI / Business Logic: Apache Jersey, Apache Olingo
ERP integration via SAP HANA Cloud Integration
Data Persistency
SAP HANA Cloud Platform Persistence (HANA) and SAP HANA Cloud Document Service: The data of SAP AIN is persisted withthe SAP NetWeaver Cloud Persistence Service in the shared SAP HANA DB instance of SAP HANA Factory Cloud. Non-relationaldata like attachment documents and customer uploaded images are stored in SAP HANA Cloud Document Service.
EclipseLink: JPA provider to abstract database access
HANA Multi-DB for tenant separation due to the nature of a business network application not required. Security will be ensured viadedicated Access Control Lists (ACL).
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 11Early Knowledge Transfer Customer
SAP AIN Technical Architecture - Multi Tenant Landscape
Specific Consumer HCP accountfor each customer• Ability to use Individual IdP• Fiori as service for application
launch pad• *Ability to develop individual
Applications
AIN Business Partner Landscape (Consumer Account)
HCP AIN Provider Account
Tenant AccountSAP Cloud Identity
Tenant
HCI Tenant(custom
integration)Customeroperated
Helium
AIN Application Layer (Tenant aware Java)
UI facing RESTAPIs
AIN Business Logic andOrchestration Layer
A2A InboundAPIs
Repositories (Data Access)
HANA Persistance
SAP BusinessSuite
(on-prem.)
RR
R
FaaS CustomApps
Browser
R
Integration
Corporate IdP
R
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 12Early Knowledge Transfer Customer
SAP AIN Technical Architecture – Multi tenant Applications
AIN Business Partner Landscape(Consumer Account)HCP AIN Provider AccountHCP AINPublic Account Tenant Account
Helium
FaaS
SAP Cloud IdentityTenant
HCI Tenant(custom
integration)Customeroperated
Helium
AIN Admin
AIN Config.DB
Helium
AIN Application Layer (Tenant aware Java)
UI facing RESTAPIs
AIN Business Logic andOrchestration Layer
A2A InboundAPIs
Repositories (Data Access)
HANA
HCP Document Service(tenant aware)
SAP BusinessSuite
(on-prem.)
R
R R
FaaS CustomAppsFaaS
AIN Repository
Browser
SAP IDService
Browser Browser
R R
PdMSTenant
ARIBA
ERPIntegration
PdMSIntegration
ARIBAIntegration
R
R
REST
BusinessLogic andOrchestr.
Repo
SAP Cloud IdentityTenant
Corporate IdP
SharedHCI Tenant
(option)SAP
operatedR
R
R
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 13Early Knowledge Transfer Customer
SAP AIN Layered Access Controls to enable Data Privacy
REST ServicesUI Services
Odata Service
FLPAPPS
Application ServicesAccessControl
Business ObjectsAccessControl
Persistency ServicesAccessControl
Service ImplementationREST API
Core ServicesREST APIBO Logic
Data Access Logic
HCI / CustomerRequests
Controls if I am able toexecute certain functions
Based on HCP Roles
Controls if I am able to accesscertain business based on
Business Roles
Controls with providedcontext to retrieve only data
a user is allowed to see basedon Object level sharing
AIN DATABASE
R
R
R
R
R
R
R
R
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 14Early Knowledge Transfer Customer
SAP AIN Integration Via REST API
API’s calls are Triggered by ConsumerAccount
Authentication Options
• Client Certificates
• OAuth
AIN Integration Consumer Account
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 15Early Knowledge Transfer Customer
SAP AIN Consumer ERP Integration Via REST API
• EAM Side Panel Integration
• DMS Integration
* Delivered as consulting note
AIN Integration
Consumer Account
*SAP ERP Adapter
© 2016 SAP SE or an SAP affiliate company. All rights reserved. Early Knowledge Transfer 16Customer
• SAP AIN on HANA Cloud Platform (HCP)is a Secure & Compliant Infrastructure
Built-in Compliance, Integrity, andConfidentiality
• SAPs Data Centers address all relevantcompliance standards
Certified OperationsReliable Data BackupAdvanced Network Security
Infrastructure & Data Center Compliance
Federated Authentication & Identity Provider Options• By default, SAP HANA Cloud Platform is configured to use SAP ID service as
identity provider (IdP), as specified in SAML 2.0. You can configure trust to yourcustom IdP, to provide access to the SAP cloud using your own user database.
• SAP ID Service provides Identity and Access Management for the AIN Javaapplication hosted on SAP HANA Cloud Platform
SAP AIN Infrastructure & Security
© 2016 SAP SE or an SAP affiliate company. All rights reserved. Early Knowledge Transfer 17Customer
SAP AIN Customer View on Landscape
External Firewall
Customer Network
HTTPS
Unique URL foreach customer
Access via web browser
SAP HANA CloudFactory EU
Live
Customer 2
Customer 1
Each Customer manages:
ProviderAccount(SAP)
AINApps
SAP HCP Account (Consumer)
SAP Cloud Identity tenant
SAP Fiori Launch Pad tenant
SAP HCP Account (Consumer)
SAP Cloud Identity tenant
SAP Fiori Launch Pad tenant
User 1Customer 1
User 2Customer 1
User 3Customer 1
User 1Customer 2
User 2Customer 2
User 3Customer 2
© 2016 SAP SE or an SAP affiliate company. All rights reserved. Early Knowledge Transfer 18Customer
SAP AIN and SAP HANA Cloud Platform
HCP Consumer AccountSubscriptions to SAP AIN applications (HTML and JAVA)Receives a dedicated URL where to access the applicationAssignments of users or user groups to SAP AIN application roles (for authorization)Authentication of user is performed via IDP service
IDP – SAP Cloud IdentityUser management (create users, invite users, reset password)Can act as a proxy to delegate authentication to the external corporate identity provider
FLP – Fiori Launch Pad (SAP HANA Cloud Portal)Fiori customization
HCP Provider AccountTenant registration during customer onboarding processAuthenticated user, tenant ID and details are passed to provider accountAuthorization of user is checked based on profile maintained in consumer accountTenant ID is derived via HANA Cloud Platform consumer account ID.
IDP IDP IDP
FLP FLP FLP
© 2016 SAP SE or an SAP affiliate company. All rights reserved. Early Knowledge Transfer 19Customer
SAP AIN Consumer Account & Provider Account
© 2016 SAP SE or an SAP affiliate company. All rights reserved. 20Early Knowledge Transfer Customer
© 2016 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or anSAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE(or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademarkinformation and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or itsaffiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE orSAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothingherein should be construed as constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop orrelease any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible futuredevelopments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time forany reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to placeundue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.