My case
…was slightly different. I have a few instances of SAP HANA, express edition, deployed to cloud vendors. Let’s focus on the one example, where it is deployed to Amazon Web Services (AWS).
It has a security group set that limits inbound traffic only to my laptop. Now with the Cloud Connector, I can make tables from my SAP HANA express database available to my trail instance of SAP HANA Cloud without opening HANA ports to the public internet! Let’s see how.
So, I activated the Cloud Connector in my SAP HANA Cloud trial instance. Next, I need to…
Deploy the Cloud Connector
In my case, I want to run the Cloud Connector in the background as a Linux daemon (with automatic start capabilities at boot time), and in my case, it is Ok to install it on the same machine that runs my database.
Let me connect to my instance where SAP HANA, express edition, deployed.
ssh -i /path/to/my_keyfile.pem ec2-user@hxehost
I need to check and satisfy the installation prerequisites, specifically OS compatibility and Java 1.8 installation.
sudo su -
cat /etc/os-release
zypper search openjdk
zypper install -y java-1_8_0-openjdk
java -version
And now I can install the Cloud Connector and check if it is running as a daemon. This way it will be available and running every time my SAP HANA, express edition, instance is up.
cd /tmp/
wget --no-cookies \
--header "Cookie: eula_3_1_agreed=tools.hana.ondemand.com/developer-license-3_1.txt" \
"https://tools.hana.ondemand.com/additional/sapcc-2.13.0-linux-x64.zip" \
-P /tmp/
unzip /tmp/sapcc-*-linux-*.zip
rpm -i com.sap.scc-ui-*.rpm
systemctl status scc_daemon
Please note that the version available at the time of writing this article was 2.13, but can be different at the time of reading.
Enable Internet access to the Cloud Connector instance
At this point, I can check the service is running from the VM’s shell with curl --insecure https://hxehost:8443/, but it is not available from the Internet, as I need to enable a rule allowing access to its port 8443.
For brevity (and geekiness) let’s use aws CLI instead of the cockpit.
Create a new security group to allow all incoming traffic to reach the port 8443 (my EC2 instance has a name HXE02; replace it and other technical names with ones from your environment):
#Set the AWS region
export AWS_REGION=eu-central-1
#Get Instance's VPC ID
aws ec2 describe-instances --filters "Name=tag:Name,Values=HXE02" \
--query "Reservations[].Instances[0].NetworkInterfaces[0].VpcId[]"
#Create a new security group
aws ec2 create-security-group --vpc-id vpc-02708f64c1f7ef868 \
--group-name CloudConnector \
--description "Allow 8443 access to Cloud Connector"
#Add and ingress rule
aws ec2 authorize-security-group-ingress --group-id sg-07a8fbf91114b35e9 \
--protocol tcp --port 8443 --cidr 0.0.0.0/0
#Display security group's ingress rules
aws ec2 describe-security-groups --group-id sg-07a8fbf91114b35e9 \
--query "SecurityGroups[].IpPermissions"
Verify the result in the EC2 cockpit.
Now assign the additional security group to the instance running the Cloud Connector.
#Get instance Network Interface ID
aws ec2 describe-instances --filters "Name=tag:Name,Values=HXE02" \
--query "Reservations[].Instances[0].NetworkInterfaces[0].NetworkInterfaceId"
#Get assigned security groups
aws ec2 describe-network-interfaces --filters "Name=network-interface-id,Values=eni-0071160c754b88c6c" \
--query "NetworkInterfaces[].Groups[].GroupId"
#Get Instance ID
aws ec2 describe-instances --filters "Name=tag:Name,Values=HXE02" \
--query "Reservations[].Instances[0].InstanceId"
#Set security groups
aws ec2 modify-instance-attribute --instance-id i-033f738d907b0773f \
--groups sg-0e43ac22a862322ef sg-07a8fbf91114b35e9
Verify the result in the EC2 cockpit.
At this moment the Cloud Connector UI should be accessible on the Internet using the public IP address and the port: https://3.65.225.179:8443/.
From my local laptop, I can open it as well on https://hxehost:8443/, because it is the same host running SAP HANA, express edition.
Proceed with the configuration of the Cloud Connector
In my case here is a subaccount configuration:
and here is the virtual host configuration:
Please note I am connecting to SystemDB database (port 39013) in this case.
Add remote sources in SAP HANA Cloud…
Now let me move to SAP HANA Cloud, where I can create a remote source…
-- DROP REMOTE SOURCE "AWS_VITAL_HXE02_SYSTEMDB_SYSTEM" CASCADE;
CREATE REMOTE SOURCE "AWS_VITAL_HXE02_SYSTEMDB_SYSTEM"
ADAPTER "hanaodbc"
CONFIGURATION '
Driver=libodbcHDB.so;
ServerNode=aws-vitaliy-hxe02:39013;
dmlMode=readonly;
use_haas_socks_proxy=true;
'
WITH CREDENTIAL TYPE 'PASSWORD' USING 'user=SYSTEM;password=myPa$$w0rd';
CALL CHECK_REMOTE_SOURCE('AWS_VITAL_HXE02_SYSTEMDB_SYSTEM');
Please note that:
◉ CONFIGURATION contains a mix of the remote source’s properties, like dmlMode and extra properties, like use_haas_socks_proxy,
◉ Both notations useHaasSocksProxy and use_haas_socks_proxy can be used,
◉ ODBC and HDBSQL properties can be included,
◉ Configuration of remote sources can be previewed and modified in a Database Explorer:
…and query virtual tables
It is SystemDB on SAP HANA, express edition, side, so not many tables with business data to query from there. Let me retrieve data in SAP HANA Cloud from a system table USERS in SAP HANA on-prem then.
CREATE VIRTUAL TABLE "DBADMIN"."V_HXE_USERS"
AT "AWS_VITAL_HXE02_SYSTEMDB_SYSTEM"."<NULL>"."SYS"."USERS";
SELECT * FROM "DBADMIN"."V_HXE_USERS";
No comments:
Post a Comment