Currently I am working on something that required me to explore connectivity between on-premise system and hana cloud platform.
SAP documentation on the cloud connector provides the step by step guidance on how to establish an outbound connection (from on-premise to cloud) which is pretty straight forward.
It's the inbound connection from the cloud that's more nuanced. Most of the information needed is in the documentation but somehow I missed it.
If I missed it, it's entirely possible others might miss it too and may end up spending some time to figure this out. I hope this post helps those who are setting cloud to on-premise connection for the first time.
There are various ways to accomplish this connectivity but I would like to go through one of them I tried and had some trouble finding the right information. The discussion below pertains to cloud to on-premise inbound connection only.
First, here is the hardware setup used for my test.
Machine A - windows laptop behind corporate firewall where a java servlet application (RespondTest) running on Tomcat7 on port 8080
Machine B - linux box behind corporate firewall where a local hana instance and cloud connector is running
Machine C - HANA cloud platform where a hana database and a java application(TestHcp) is running.
Functionality
The RespondTest application simply responds to a get request with a hello message.
The TestHcp application in the cloud makes a HTTP connection to the RespondTest application with a get request and sees the hello message in the browser.
The software setup
Eclipse with HANA cloud platform development tools on laptop behind firewall.
Cloud connector instance running on Linux box behind firewall.
The cloud connector gui is available at http://localhost:8443
In the 'access control' menu item under content create virtual host. Configure it with any name(let's say you named it 'mydevbox') and port (let's say '1234') but provide IP of the internal host and port where RespondTest is running. Use HTTP for protocol value and 'Non-SAP System' for back-end type.
Once the cloud connector is configured.
Login to cloud account
Use hana cockpit to deploy TestHcp application. TestHcp is a war file exported from eclipse. TestHcp application will use connectivity api provided by Hana cloud platform development tools. More about it later.
When all the basic steps are done, it's time to create a destination. Using destination is one of the ways you can make an outbound connection from the cloud.
In the hana cockpit, when you click on 'java applications' and then to TestHcp, you will see destinations menu item on your left.
Click on it to create a new destination with any name you want. Other properties are Type=HTTP, URL=http://mydevbox:1234/RespondTest, ProxyType=OnPremise, Authentication=NoAuthentication
Once done, save it and click on the check connection button. If everything is done correctly the connection successful message is displayed. What this proves is your cloud account is able to make it's way to port 8080 on your laptop behind corporate firewall.
The java code in TestHcp makes use of connectivity api (if you are running the app on Tomcat 7) or destination api (if the app runs on java ee profile). The api allows you to look for the destination you have created as an object and access it's properties like URL to create an http connection. The SAP documentation provides some samples on how to use the api to create an http connection, so it's easy enough.
Here is when I got into trouble. I could not make the java code connect to my on premise application even when I used the destination which when tested (as explained above using 'check connection') worked perfectly. TestHcp constantly gave me '502 Bad Gateway' error indicating the http request was not making it's way to intended target.
I assumed all along that since the destination worked successfully outside the java program, it will do so from within the java program too without additional coding. But then I realized that connectivity api is nothing more than a utility to create a java object out of the destination configuration.
A few frustrating hours and a lot of head scratching later I found the section (HTTP proxy for on-premise connectivity) in the documentation mentions the use of proxy to make outbound http connections and what the host and port number for the proxy are.
So using the proxy while making http connection really resolved the issue. Here is the code snippet.
proxyHost = System.getenv("HC_OP_HTTP_PROXY_HOST"); //your cloud environment has these environment variables defined already
proxyPort = Integer.parseInt(System.getenv("HC_OP_HTTP_PROXY_PORT"));
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort));
Context ctx = new InitialContext();
ConnectivityConfiguration configuration = (ConnectivityConfiguration) ctx.lookup("java:comp/env/connectivityConfiguration");
DestinationConfiguration destConfiguration = configuration.getConfiguration("to_mydevbox"); //to_mydevbox is the name of destination
String url =destConfiguration.getProperty("URL"); //URL points to virtual host and port defined in the cloud connector access control
URL obj = new URL(url);
String proxyType = destConfiguration.getProperty("ProxyType");
HttpURLConnection con = (HttpURLConnection) obj.openConnection(proxy);
injectHeader(con, proxyType); //refer SAP documentation
con.setRequestMethod("GET");
The code makes sense, doesn't it? It has the information on proxy which is allowing outbound http traffic to go through. But this didn't really occur to me at first because the destination when checked outside this code didn't need any proxy information in the first place.
'check connection' feature of destination must be using proxy behind the scene is what my conclusion is, it's just not apparent to the end user.
Now let's take this discussion a bit further. What if I don't have to provide the proxy information in my application code?
SAP documentation lists another way that of listing proxy information as an JVM argument like this -Dhttp.proxyHost=hostname -Dhttp.proxyPort=portnumber.
You can provide these arguments when you are updating your cloud application with the war file exported from your eclipse project. This information, I am sure must be somewhere in the SAP documentation but it is not under the cloud connectivity section.
Now here is another problem to which I have not found a solution yet. There is another way in which you could update and run your cloud application. If you have written the application in Eclipse, then you can launch your cloud application from within your eclipse. The problem is, I am not able to pass jvm arguments (proxy information) in this case.
Although SAP documentation may make it look like use of configuration api or destination api is mandatory for on-premise connectivity. But its not so.
Refer to java code above. If you wanted you could easily hard code the url, proxytype and protocol information. It wouldn't require you to use connectivity api at all.
To summarize, providing proxy information to the outbound connection is mandatory and it's available to you as environment variables in the Hana cloud platform. I hope the example and the scenario I provided is clear and close enough to a real life project and helps avoid some of the pitfalls I faced.
Good luck and happy coding.