Connect SAP HANA

This page describes how to connect SAP High-performance ANalytic Appliance (HANA) to Agentspace Enterprise.

Capabilities

  • Logging and monitoring is handled from the framework end.
  • Performance and scalability.

Limitations

While SAP HANA provides many advantages, it also has the following limitations:

  • Bulk data insertion cannot be performed into HANA DB.
  • SSL option is not yet validated for this connector; hence, SSL connections are not supported

Sync data from SAP HANA

Use the following procedure to sync data from SAP HANA to Agentspace Enterprise .

After you set up your data source and import data the first time, the data store syncs data from that source at a frequency that you select during setup.

Before you begin

Before setting up your connection, do the following:

  • Service attachment (required for private destination type only): Use the following steps to generate a service attachment for secure data transfer.

    1. Decide endpoint type: Select Public or Private endpoint.

    2. For Public endpoint: If the HANA DB-hosted VM Destination type is Public, you are not required to create the setup for service attachment. Instead, you can use your public URL in the Domain URL field of the Google Cloud console when creating your connector.

    3. For Private endpoint:

      1. Use Private Service Connect (PSC) to enable connections from private instances to Google Cloud.
      2. Create a Virtual Private Cloud network and required subnets.
      3. Create a VM instance and install the backend service.
      4. Optional: Set up a health check probe to monitor backend health.
      5. Add a load balancer to route traffic to the VM or backend.
      6. Define firewall rules to allow traffic between the PSC endpoint and the backend.
      7. Publish the endpoint by creating a PSC service attachment.

  • Username and password: Obtain valid credentials for authentication from your SAP HANA administrator.

  • Schema name should be appended with the table name as an input to fetch the aclinfo.

  • Connection to HANA DB: Check if the connection uses the SQL username/password, and this user must have the necessary read-only permissions to the given table.

Create a SAP HANA user and set up permissions

To enable Agentspace Enterprise to obtain data from SAP HANA, you need to create a new user with the minimum permissions necessary. Follow these steps to create the user and set up the required permissions.

  1. Use HANA studio as the client tool. Create a user through SAP HANA studio or HANA cockpit.

        CREATE USER TESTUSER1 PASSWORD "UserWelcome@123" NO FORCE_FIRST_PASSWORD_CHANGE;

  2. Assign catalog roles and repository roles to users accessing the database.

        CREATE ROLE my_custom_role;
    GRANT SELECT, INSERT, UPDATE ON my_schema.my_table TO my_custom_role;
    GRANT my_custom_role TO my_user;

Configure the application access

  1. Set up SAP HANA user authentication:

    1. Define users and roles in SAP HANA studio or HANA cockpit.
    2. Assign the appropriate privileges (for example, System Privileges, Object Privileges, Analytic Privileges).
    3. Use LDAP, SAML, or Kerberos if external authentication is required.

  2. Configure network and firewall settings:

    1. Ensure the required ports (default: 30015 and 30013) are open for SAP HANA communication.
    2. Set up firewall rules to allow access from specific application servers.
    3. Use SAP HANA web dispatcher for load balancing and secure access.

  3. Define application user roles and privileges:

    1. Assign catalog roles and repository roles to users accessing the database.
    2. Use the GRANT statement to provide SELECT, INSERT, UPDATE, DELETE privileges to applications.
    3. Create analytic privileges for restricting access to specific data sets.

  4. Configure application connectivity:

    1. Use ODBC, JDBC, or OData to connect applications to SAP HANA.
    2. Configure connection settings in SAP HANA Studio, SAP HANA Cockpit, or in the application itself.
    3. Set up secure connections with SSL/TLS for encrypted communication.

  5. Secure application access:

    1. Enable SSL encryption for database connections.
    2. Implement Single Sign-On (SSO) if required.
    3. Regularly review and update access control lists (ACLs).

  6. Monitor and optimize application access:

    1. Use SAP HANA Cockpit or SQL queries to monitor active sessions.
    2. Track failed login attempts using SYS.M_CONNECTIONS or SYS.M_FAILED_AUTHENTICATIONS.
    3. Optimize query performance and adjust privileges as necessary.

Handle unique identifiers in SAP HANA views

To understand how the system structures and logs data during synchronization and handles unique identifiers, see the following:

  1. SAP HANA views does not support primary keys. The connector ensures uniqueness by generating a unique ID within the aclinfo JSON file. It derives this ID from a UUID and appends it to entity or struct data.

  2. The Id field inside the struct data matches the Id value retrieved from the CData driver. However, the Id field outside the struct data is dynamically generated and encodes a different value for each execution in the aclinfo logs.

Create a SAP HANA connector

Console

To use the Google Cloud console to sync data from SAP HANA to Agentspace Enterprise , follow these steps:

  1. In the Google Cloud console, go to the Agentspace page.

    Agentspace

  2. In the navigation menu, click Data stores.

  3. Click Create data store.

  4. On the Select a data source page, scroll or search for SAP HANA to connect your third-party source.

  5. Enter your SAP HANA authentication information.

  6. Select which entities to sync and click Continue.

  7. Select a region for your data connector.

  8. Enter a name for your data connector.

  9. Select a synchronization frequency.

  10. Click Create. Agentspace Enterprise creates your data store and displays your data stores on the Data stores page.

  11. To check the status of your ingestion, go to the Data stores page and click your data connector name to see details about it on its Data page. The Connector state changes from Creating to Running when it starts synchronizing data. When ingestion is complete, the state changes to Active to indicate that the connection to your data source is set up and awaiting the next scheduled synchronization.

    Depending on the size of your data, ingestion can take several minutes or several hours.

Next steps