Enable SAP Focused Run Reverse Proxy
in SAP Cloud ALM

Motivation

Several SAP public cloud solutions now support the delivery of monitoring data to SAP Focused Run using PUSH data collection. PUSH data collection means that data collection is triggered in the managed cloud service and that the managed cloud service is actively pushing monitoring data to SAP Cloud ALM. The advantages of PUSH data collection are a usually much easier setup and that monitoring data is only transferred if there is actual monitoring data to report. However, usually SAP Focused Run is located behind a firewall in the customer data center. To enable SAP public cloud services to push monitoring data directly to SAP Focused Run, this firewall would have to be opened and SAP Focused Run would be accessible from the Internet. This is not desirable. 

Hence, another solution had to be provided. The SAP Focused Run Reverse Proxy is this solution. In this solution SAP Cloud ALM together with an Cloud Connector act as reverse proxy for SAP Focused Run and allow a secure transfer of pushed monitoring data to SAP Focused Run. The SAP Cloud ALM entitlement is included in SAP Enterprise Support Cloud Editions. For more information please click here.

 

Architecture

The graphic below shows the architecture of the SAP Focused Run reverse proxy infrastructure. 

In this scenario, SAP Cloud ALM solely acts as a pass-through for the metrics pushed by the managed cloud services. The metrics are forwarded to SAP Focused Run, via the SAP BTP Connectivity Service and the Cloud Connector.

Metric collection and alert setup in SAP Cloud ALM will have no influence on the metrics sent to SAP Focused Run. 

However, to be able to receive metrics from cloud services in SAP Focused Run, you need to enable the Reverse Proxy functionality in SAP Cloud ALM and hence need to obtain an SAP Cloud ALM tenant. 

Setup for Service Providers

If you are a service provider using your SAP Focused Run to support several customers, each customer has to have their own SAP Cloud ALM tenant. 

  • Customers can request SAP Cloud ALM via SAP for Me based on their entitlements. 
  • If the customer already has SAP Cloud ALM, this tenant can be used.
  • Large customers can use one SAP Cloud ALM to support several subsidiaries using the SAP Corporate Group (CCC) function

Prerequisites

The following prerequisites have to be fulfilled before the setup:

  • The feature is available starting with SAP Focused Run 3.0 FP03
  • Obtain a subscription for SAP Cloud ALM
  • Install the Cloud Connector in your SAP Focused Run system network (find more information here)
  • Implement SAP Note 3209577 and SAP Note 3004640 on your SAP Focused Run system

Setup Steps in Cloud Connector

Connect SAP Cloud ALM Subaccount

  1. Go to the Cloud Connector Administration page
  2. On the "Connector" page* choose "Add Subaccount" 
  3. Connect your SAP Cloud ALM tenant

* Please note: if the SAP Cloud ALM tenant is the first subaccount in this cloud connector you will automatically be forwarded to the "First Subaccount" page.

Add Connection to SAP Focused Run

  1. Go to Cloud Connector Administration → <SAP Cloud ALM tenant> → Cloud To On-Premise → ACCESS CONTROL
  2. Click the '+' button to add a new entry:
  3. Enter the following values:
    1. Back-end Type: "ABAP System"
    2. Protocol: "HTTPS"
    3. Internal Host: The hostname of your SAP Focused Run system
    4. Internal Port: The HTTPS port of your SAP Focused Run system
    5. Virtual Host: A virtual hostname for your SAP Focused Run system, e.g., <sid>_frun
    6. Virtual Port: A virtual port, e.g., 443
    7. Principal type: X.509 Certificate
    8. System Certificate for Logon: do not check
    9. Host In Request Header: Use Virtual Host
  4. Press "Finish"
  5. Select the entry for your SAP Focused Run system
  6. Note down the value of the column "Virtual Host" for later use
  7. In the section "Resources Of <SAP Focused Run system>" press the '+' button
  8. Enter the following values:
    1. URL Path: /sap/frun
    2. Access Policy: Path And All Sub-Paths
  9. Press the "Save" button

Verify SAP Web Dispatcher Rules

If you use an SAP Web Dispatcher in your landscape you have to make sure that the requests can be routed successfully. To be able to connect successfully to SAP Focused Run, please verify that the following paths are permitted in your Web Dispatcher:

  • /sap/frun/*
  • /sap/bc/ping

Setup Steps in SAP Focused Run

Collect Admin Request Parameter

Note down the "Admin Request Parameter" for each customer network in SAP Focused Run that will receive metrics from the metric push

  1. Open the Focused Run launchpad
  2. Go to Infrastructure Administration → Global Settings & Network Configuration → Network Administration
  3. Select the customer network for which you want to activate the metric push
  4. Note down the value in the field "Admin Request Parameter"

Create Technical User

Create a technical user to receive push metrics and assign a custom copy of the following SAP roles
  1. SAP_FRN_CSM_EXTREG (starting with SAP Focused Run 4.0 SP00)
  2. SAP_FRN_CNW_ACCESS (maintain LMDB_CN with LDB_CUSNET = '*', LDB_CUST = '*' and LDB_DC = '*')
  3. SAP_FRN_AIM_EXTPUSH
  4. SAP_FRN_RUM_EXTPUSH
  5. SAP_FRN_SUM_EXTPUSH
  6. SAP_FRN_SUM_EXTREG
  7. SAP_FRN_AJM_EXTPUSH (starting with SAP Focused Run 3.0 FP03)
  8. SAP_FRN_AVM_EXTPUSH (starting with SAP Focused Run 4.0 SP00)
  9. SAP_FRN_AAD_AIM_ALL (obsolete starting with SAP Focused Run 4.0 SP00)
  10.  SAP_FRN_APP_SAM_ALL (starting with SAP Focused Run 4.0 FP02)
  11. SAP_FRN_APP_MOAL_ALL (starting with SAP Focused Run 4.0 FP02)
  12. SAP_FRN_APP_WMM_ALL (starting with SAP Focused Run 4.0 FP02)
  13. SAP_FRN_AEM_UMD_ALR (starting with SAP Focused Run 4.0 FP02)
  14.  SAP_FRN_CSA_EXTPUSH (starting with SAP Focused Run 5.0 SP00)
     

Register SAP Focused Run in your SAP Cloud ALM tenant

If you don't want to create the SAP Focused Run system manually in SAP Cloud ALM, you can register it before continuing the setup in SAP Cloud ALM.

To register SAP Focused Run in SAP Cloud ALM, please perform the registration as described on the page SAP NetWeaver Application Server for ABAP higher than 7.40.

After the registration is successful, you find your SAP Focused Run system in SAP Cloud ALM:

  1. Log on to your SAP Cloud ALM tenant
  2. Go to Administration → Landscape Management → On-Premise Systems

Setup Steps in SAP Cloud ALM

Create SAP Focused Run System

If you didn't register your SAP Focused Run system in SAP Cloud ALM, you have to create the system entry manually. If you registered SAP Focused Run in the step before, you can skip this activity.

  1. Go to Administration → Landscape Management → On-Premise Systems
  2. Click the "Add" button
  3. Enter:
    1. Product: Select "SAP Focused Run"
    2. System ID: The SID of SAP Focused Run
    3. Role: Select the correct system role
    4. Virtual Host and Port: The value from the field "Virtual Host" that is maintained for the SAP Focused Run system in Cloud Connector (you collected it during the Cloud Connector setup steps above)
    5. Logon URL: The actual URL for the SAP Focused Run system (host and HTTP(S) port)
    6. System Number: The system number of SAP Focused Run
    7. Installation Number: The installation number
    8. Client: The productive client of SAP Focused Run
  4. Save the on-premise system

Create Proxy Endpoint to SAP Focused Run

Create one endpoint for each customer network that will receive push monitoring metrics
  1. Log on to your SAP Cloud ALM tenant
  2. Go to Administration → Landscape Management → On-Premise Systems
  3. Drill down into the SAP Focused Run system entry by clicking on its name
  4. Click the "Add" button on the tab "Endpoints"
  5. Under "General" enter:
    1. Client: Select the SAP Focused Run client
    2. Customer Network: The customer network name as known in SAP Focused Run (replace the Space character with '_')
    3. Admin Request Parameter: The value of the admin request parameter for the customer network (you collected it during the setup steps in SAP Focused Run above)
    4. Description: An optional description
    5. Cloud Connector Location ID: The name (description) of the Cloud Connector instance that you want to use. You find this information in your Cloud Connector or in the SAP BTP Cockpit in the SAP Cloud ALM subaccount under "Connectivity" > "Cloud Connectors". The location ID is the value in parenthesis next to the phrase "Master Instance" for the Cloud Connector you want to use. If you only have one Cloud Connector this value might be empty.
    6. Virtual Host and Port: Enter the virtual host and port as you maintained it during the setup of the system in Cloud Connector
    7. Landscape Sync: To import your cloud services from SAP Cloud ALM to SAP Focused Run set the toggle button to 'ON'. Before activating this, please read more information below. 
  6. Under "Authentication" enter:
    1. Authentication Type: Basic Authentication
    2. User: The technical user created in SAP Focused Run for this purpose
    3. Password: The password for the user
  7. Save the endpoint

For the setup in the managed system copy the reverse proxy URL

  1. Click the Root URL icon (it looks like a chain link) next to the endpoint in the column "Actions"
    1. Save the value of the reverse proxy URL for later use

Info: Landscape Sync between SAP Cloud ALM and SAP Focused Run

Starting with SAP Focused Run 3.0 FP03 you can automatically import the subscribed cloud services from the Landscape Management in SAP Cloud ALM into the Cloud Service Management in SAP Focused Run.

Please do not activate this for older SAP Focused Run releases. 

For older SAP Focused Run releases you might have to create the cloud services manually in Cloud Service Management, before activating the monitoring data push. Please refer to the respective product setup pages under Supported Products for details. 

Setup in the Managed Cloud Service

The setup in the managed cloud service depends on the cloud service type. Please refer to the page Supported Products and select the respective page for the detailed setup description.

The reverse proxy is used for the following cloud products:

  • SAP Build Process Automation
  • SAP Integrated Business Planning for Supply Chain
  • SAP Marketing Cloud
  • SAP S/4HANA Public Cloud Edition
  • SAP SuccessFactors