sap asset intelligence network · pdf filesap fiori launchpad, sapui5, fiori (fiori as a...

SAP Asset Intelligence NetworkTechnical Architecture

March, 2016

© 2016 SAP SE or an SAP affiliate company. All rights reserved. 2Early Knowledge Transfer Customer

Disclaimer

This presentation outlines our general product direction and should not be relied on in making apurchase decision. This presentation is not subject to your license agreement or any other agreementwith SAP. SAP has no obligation to pursue any course of business outlined in this presentation or todevelop or release any functionality mentioned in this presentation. This presentation and SAP'sstrategy and possible future developments are subject to change and may be changed by SAP at anytime for any reason without notice. This document is provided without a warranty of any kind, eitherexpress or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in thisdocument, except if such damages were caused by SAP intentionally or grossly negligent.

© 2016 SAP SE or an SAP affiliate company. All rights reserved. Early Knowledge Transfer 3Customer

High level technical architectureConceptOverviewComponentsApplication layersUI layersTechnical componentsMulti tenant landscapeMulti tenant applications

Layered access controls to enable data privacyIntegration mechanismsInfrastructure & securityCustomer View on LandscapeConsumer and provider accounts

Contents


Business Network Application built on HANA Cloud Platform

SAP HANA Cloud Platform

Asset Intelligence Network


SAP AIN Technical Architecture - Concept

SAP AIN provides a global registry of models and equipments to be shared between multiple parties andresulting in a common definition of “assets” that delivers new business models and true operational excellence.

An important capability of SAP AIN is to take care about data privacy and security along the horizontal data andprocess integration spanning multiple stakeholder and asset data providers.

The architecture follows a common client-server approach with SAPUI5 (HTML5) at the client’s browser and aJava-Backend running in Hana Cloud Platform (HCP), providing services that are consumed by the SAPUI5applications.

The applications running within the Java-Backend define the main components of SAP AIN and realize the corebusiness processes of SAP AIN. These applications rely on some general services provided by HCP, like thePersistency Service and Document Service.


SAP AIN Technical Architecture - Overview


SAP AIN Technical Architecture - Components

Fiori Launch Pad Fiori Launch Pad Templates Models Equipment Authorizations PartnersOnboarding

Presentation Layer / HTML5 Applications

Company / Person / User Management

Company ( BusinessPartner)

Person ( BusinessPartner)

Authorization(Object Level) Connections

Network

NetworkGraph

RelationshipDetails

Property

Property Set Type

Category / Template

Model

Equipment

Instructions

Announcements

DocumentManagement

ERP(ConsultingNotes)

PublicAPI

Customer SystemsCustomer Systems

R

R

Hotspot/Spareparts


SAP AIN Technical Architecture - Application Layers ( Java Stack )

JAX-RS (Jersey)

JPA (EclipseLink)

Spring JDBC Template

Olingo

HANA

AIN Business layer

Documents Services

Spring Security (Role Authorization)

Spring Security (Custom ACL)

R


SAP AIN Technical Architecture - UI Layers

Existing

* In Future

HTML APPLICATIONS

SAPUI 51.30.0 VE Library AIN VE

Developments

HTML APPLICATIONS

SAPUI 51.32.0 VE Library AIN VE

DevelopmentsOVP


SAP AIN Technical Architecture - Technical Components

Architecture area Technologies to be usedClients Microsoft Internet Explorer 10 and better, Mozilla Firefox, Apple Safari, Google Chrome

Presentation Layer / User InterfaceSAP Fiori LaunchPad, SAPUI5, Fiori (Fiori as a Service on the HCP)

RAML interface will be used between UI and backend

Business Logic Layer

Spring Framework and Spring Security: management and orchestration of components

Plain Java for business logic implementation, using the Spring Framework. The Spring Framework provides an inversion of controlcontainer responsible for the object lifecycle. Spring is responsible for creating objects, calling initialization methods, andconfiguring objects by wiring them together.

SAP Java 7

Integration MiddlewareUI / Business Logic: Apache Jersey, Apache Olingo

ERP integration via SAP HANA Cloud Integration

Data Persistency

SAP HANA Cloud Platform Persistence (HANA) and SAP HANA Cloud Document Service: The data of SAP AIN is persisted withthe SAP NetWeaver Cloud Persistence Service in the shared SAP HANA DB instance of SAP HANA Factory Cloud. Non-relationaldata like attachment documents and customer uploaded images are stored in SAP HANA Cloud Document Service.

EclipseLink: JPA provider to abstract database access

HANA Multi-DB for tenant separation due to the nature of a business network application not required. Security will be ensured viadedicated Access Control Lists (ACL).


SAP AIN Technical Architecture - Multi Tenant Landscape

Specific Consumer HCP accountfor each customer• Ability to use Individual IdP• Fiori as service for application

launch pad• *Ability to develop individual

Applications

AIN Business Partner Landscape (Consumer Account)

HCP AIN Provider Account

Tenant AccountSAP Cloud Identity

Tenant

HCI Tenant(custom

integration)Customeroperated

Helium

AIN Application Layer (Tenant aware Java)

UI facing RESTAPIs

AIN Business Logic andOrchestration Layer

A2A InboundAPIs

Repositories (Data Access)

HANA Persistance

SAP BusinessSuite

(on-prem.)

RR

R

FaaS CustomApps

Browser

R

Integration

Corporate IdP

R


SAP AIN Technical Architecture – Multi tenant Applications

AIN Business Partner Landscape(Consumer Account)HCP AIN Provider AccountHCP AINPublic Account Tenant Account

Helium

FaaS

SAP Cloud IdentityTenant

HCI Tenant(custom

integration)Customeroperated

Helium

AIN Admin

AIN Config.DB

Helium

AIN Application Layer (Tenant aware Java)

UI facing RESTAPIs

AIN Business Logic andOrchestration Layer

A2A InboundAPIs

Repositories (Data Access)

HANA

HCP Document Service(tenant aware)

SAP BusinessSuite

(on-prem.)

R

R R

FaaS CustomAppsFaaS

AIN Repository

Browser

SAP IDService

Browser Browser

R R

PdMSTenant

ARIBA

ERPIntegration

PdMSIntegration

ARIBAIntegration

R

R

REST

BusinessLogic andOrchestr.

Repo

SAP Cloud IdentityTenant

Corporate IdP

SharedHCI Tenant

(option)SAP

operatedR

R

R


SAP AIN Layered Access Controls to enable Data Privacy

REST ServicesUI Services

Odata Service

FLPAPPS

Application ServicesAccessControl

Business ObjectsAccessControl

Persistency ServicesAccessControl

Service ImplementationREST API

Core ServicesREST APIBO Logic

Data Access Logic

HCI / CustomerRequests

Controls if I am able toexecute certain functions

Based on HCP Roles

Controls if I am able to accesscertain business based on

Business Roles

Controls with providedcontext to retrieve only data

a user is allowed to see basedon Object level sharing

AIN DATABASE

R

R

R

R

R

R

R

R


SAP AIN Integration Via REST API

API’s calls are Triggered by ConsumerAccount

Authentication Options

• Client Certificates

• OAuth

AIN Integration Consumer Account


SAP AIN Consumer ERP Integration Via REST API

• EAM Side Panel Integration

• DMS Integration

* Delivered as consulting note

AIN Integration

Consumer Account

*SAP ERP Adapter


• SAP AIN on HANA Cloud Platform (HCP)is a Secure & Compliant Infrastructure

Built-in Compliance, Integrity, andConfidentiality

• SAPs Data Centers address all relevantcompliance standards

Certified OperationsReliable Data BackupAdvanced Network Security

Infrastructure & Data Center Compliance

Federated Authentication & Identity Provider Options• By default, SAP HANA Cloud Platform is configured to use SAP ID service as

identity provider (IdP), as specified in SAML 2.0. You can configure trust to yourcustom IdP, to provide access to the SAP cloud using your own user database.

• SAP ID Service provides Identity and Access Management for the AIN Javaapplication hosted on SAP HANA Cloud Platform

SAP AIN Infrastructure & Security


SAP AIN Customer View on Landscape

External Firewall

Customer Network

HTTPS

Unique URL foreach customer

Access via web browser

SAP HANA CloudFactory EU

Live

Customer 2

Customer 1

Each Customer manages:

ProviderAccount(SAP)

AINApps

SAP HCP Account (Consumer)

SAP Cloud Identity tenant

SAP Fiori Launch Pad tenant

SAP HCP Account (Consumer)

SAP Cloud Identity tenant

SAP Fiori Launch Pad tenant

User 1Customer 1

User 2Customer 1

User 3Customer 1

User 1Customer 2

User 2Customer 2

User 3Customer 2


SAP AIN and SAP HANA Cloud Platform

HCP Consumer AccountSubscriptions to SAP AIN applications (HTML and JAVA)Receives a dedicated URL where to access the applicationAssignments of users or user groups to SAP AIN application roles (for authorization)Authentication of user is performed via IDP service

IDP – SAP Cloud IdentityUser management (create users, invite users, reset password)Can act as a proxy to delegate authentication to the external corporate identity provider

FLP – Fiori Launch Pad (SAP HANA Cloud Portal)Fiori customization

HCP Provider AccountTenant registration during customer onboarding processAuthenticated user, tenant ID and details are passed to provider accountAuthorization of user is checked based on profile maintained in consumer accountTenant ID is derived via HANA Cloud Platform consumer account ID.

IDP IDP IDP

FLP FLP FLP


SAP AIN Consumer Account & Provider Account


© 2016 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or anSAP affiliate company.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE(or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademarkinformation and notices.

Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.

National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or itsaffiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE orSAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothingherein should be construed as constituting an additional warranty.

In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop orrelease any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible futuredevelopments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time forany reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to placeundue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.

http://global12.sap.com/corporate-en/legal/copyright/index.epxfor