Enable SAP Focused Run Reverse Proxy for cloud services

Motivation

Several SAP public cloud solutions now support the delivery of monitoring data to SAP Focused Run using PUSH data collection.

 

PUSH data collection means that data collection is triggered in the managed cloud service and that the managed cloud service is actively pushing monitoring data to SAP Cloud ALM. The advantages of PUSH data collection are a usually much easier setup and that monitoring data is only transferred if there is actual monitoring data to report.

However, usually SAP Focused Run is located behind a firewall in the customer data center. To enable SAP public cloud services to push monitoring data directly to SAP Focused Run, this firewall would have to be opened and SAP Focused Run would be accessible from the Internet. This is not desireable. 

Hence, another solution had to be provided. The SAP Focused Run Reverse Proxy is this solution. In this solution SAP Cloud ALM together with an SAP Cloud Connector act as reverse proxy for SAP Focused Run and allow a secure transfer of pushed monitoring data to SAP Focused Run.

The SAP Cloud ALM entitlement is included in SAP Enterprise Support Cloud Editions. For more information please click here.

 

Architecture

The graphic below shows the architecture of the SAP Focused Run reverse proxy infrastructure. 

 

 

In this scenario SAP Cloud ALM solely acts as pass-through for the metrics pushed by the managed cloud services. The metrics are forwarded via the SAP BTP Connectivity Service and the SAP Cloud Connector directly to SAP Focused Run.

Only in SAP Focused Run the metrics alerts are generated as per the setup.

In SAP Cloud ALM only the connectivity to SAP Focused Run has to be defined. 

Prerequisites

The following prerequisites have to be fulfilled before the setup:

  • Obtain a subscription for SAP Cloud ALM (free of charge) 
  • Install SAP Cloud Connector in your SAP Focused Run system network (find more information here)
  • Configure SAP Cloud Connector:
    • Connect your SAP Cloud ALM sub-account (SAP Help)
    • Create an HTTP connection to your SAP Focused Run system (SAP Help)

Setup

Setup Steps in SAP Cloud Connector

To make sure that SAP Focused Run can be successfully reached, please ensure the following setup in SAP Cloud Connector:

  1. Go to Cloud Connector Administration → <SAP Cloud ALM tenant> → Cloud To On-Premise → ACCESS CONTROL
  2. Select the entry for your SAP Focused Run system
  3. Note down the value of the column "Virtual Host" for later use
  4. Verify that the table "Resources Of <SAP Focused Run system>" contains the URL "/sap/frun"
  5. Click the pen icon in column "Actions"
    1. Make sure the field "Principal Type" contains the value "X.509 Certificate (General Usage)"

Setup Steps in SAP Focused Run

Before you can start the setup in SAP Cloud ALM, you have to perform the following setup steps in SAP Focused Run:

  1. Note down the "Admin Request Parameter" for each customer network in SAP Focused Run that will receive metrics from the metric push
    1. Open the Focused Run launchpad
    2. Go to Infrastructure Administration → Global Settings & Network Configuration → Network Administration
    3. Select the customer network for which you want to activate the metric push
    4. Note down the value in field "Admin Request Parameter"
  2. Create a technical user to receive push metrics and assign a custom copy of the following SAP roles
    1. SAP_FRN_AIM_EXTPUSH
    2. SAP_FRN_RUM_EXTPUSH
    3. SAP_FRN_SUM_EXTPUSH
    4. SAP_FRN_SUM_EXTREG
    5. SAP_FRN_CNW_ACCESS (maintain LMDB_CN with LDB_CUSNET = '*', LDB_CUST = '*' and LDB_DC = '*')
    6. SAP_FRN_AAD_AIM_ALL

Setup Steps in SAP Cloud ALM

Create a system entry in Landscape Management for SAP Focused Run

  1. Go to Administration → Landscape Management → On-Premise Systems
  2. Click the "Add" button
  3. Enter:
    1. System ID: The SID of SAP Focused Run
    2. Product: Select "SAP Focused Run"
    3. Role: Select the correct system role
    4. Client: The productive client of SAP Focused Run
    5. Virtual Host and Port: The value from the field "Virtual Host" that is maintained for the SAP Focused Run system in SAP Cloud Connector (you collected it during the SAP Cloud Connector setup steps above)
    6. System Number: The system number of SAP Focused Run
    7. Installation Number: The installation number
  4. Save the on-premise system

Create one endpoint for each customer network that will receive push monitoring metrics

  1. Drill-down into the SAP Focused Run system entry by clicking on its name
  2. On the tab "Logical Systems" click the client 
  3. Click the "Add" button on the tab "Endpoints"
  4. Enter:
    1. Customer Network: The customer network name as known in SAP Focused Run (replace the Space character with '_')
    2. Admin Request Parameter: The value of the admin request parameter for the customer network (you collected it during the setup steps in SAP Focused Run above)
    3. Virtual Host and Port: Will be filled automatically
    4. Authentication Type: Basic Authentication
    5. User: The technical user created in SAP Focused Run for this purpose
    6. Password: The password for the user
  5. Save the endpoint
  6. For later setup in the managed system copy the reverse proxy URL
    1. Click the Root URL icon (it looks like a chain link) next to the endpoint in the column "Actions"
    2. Save the value of the reverse proxy URL for later use

Setup in the Managed Cloud Service

The setup in the managed cloud service depends on the cloud service type. Please refer to the page Integration Monitoring Scenarios and the select the respective page for the detailed setup description.