In this blog post you will learn the current best practice to directly connect with SAP Integration Suite, Advanced Event Mesh (AEM) for exchanging business events relevant to SAP S/4HANA Cloud release 2402. Hint: Screenshots in this blog post are taken from an SAP S/4HANA Cloud 2402 developer test system.
Please note that the use of SAP Integration Suite, Advanced Event Mesh (AEM) is not supported on the trial offering of SAP BTP. It is based on a productive (paid) account on SAP BTP.
For those who are already familiar with SAP S/4HANA Cloud’s Enterprise Event Enablement, integration with the SAP Advanced Event Mesh is now additionally available through the two new Communication Scenarios SAP_COM_0492 and SAP_COM_0493.
Creating a service key with AEM validation broker service
The connection from the SAP S/4HANA Cloud system to the AEM is made with AEM’s validation broker service. The latter ensures that the AEM broker being configured with SAP S/4HANA Cloud is compliant with SAP standards.
To use the validation broker, customers need to create a service instance of aem-validation-service-plan and then create a service binding for the same.
Picture 1: Creating a Service Instance
Configuring trust between S/4 and AEM brokers with certificate-based authentication
The event flow between SAP S/4HANA Cloud and AEM brokers is protected with certificate-based authentication; these certificates need to be uploaded from the S/4HANA Cloud system to the AEM.
Specifically, you need to upload the client certificate and corresponding root certificate of the S/4HANA Cloud system to the AEM.
On the SAP Fiori launchpad in the SAP S/4HANA Cloud system, open the app Maintain Client Certificate. Open the Client Default from the Client Certificates list and export the certificate in the X.509 Certificate (.pem) format.
Picture 2: Exporting the Client Certificate
You can extract the root certificate from the client certificate. To access the root certificate, you must download the client certificate again in the Base-64-encoded X.509 certificate (.crt) format and then extract the root certificate from this file.
The extraction procedure depends on whether you work on a Windows or on a Mac computer.
On a Windows computer, open the downloaded crt-file with Crypto Shell Extension. Under Certification Path double-click the root (first) certificate and then export the root certificate under Details in Base-64 encoded X.509 (.CER) format.
Picture 3: Certification Path
On a Mac computer, open the Keychain app, search for “SAP” and select the correct root certificate. Then right-click on it and export the root certificate in Privacy Enabled Mail (.pem) format.
To import these certificates into AEM, log in to your AEM broker and choose Manage > Certificate Authorities > Add Client Certificate Authority and paste the contents of the certificates exported from S/4HANA Cloud.
Picture 4: Adding Client Certificate Authority
Additionally, ensure to enable Client Certificate Authentication in the Authentication section of the AEM.
Picture 5: Enabling Client Certificate Authentication
In the section Access Control, create and enable a client username that matches the common name (CN) of the client certificate you imported in AEM.
Picture 6: Enabling a Client Username
The CN can be found in the client certificate under Issued To in the Maintain Client Certificates app in the S/4HANA Cloud system.
Picture 7: Maintaining Client Certificates
Create AEM channel via SAP_COM_0492 and SAP_COM_0493
The communication scenario SAP_COM_0492 is the prerequisite for SAP_COM_0493. To integrate with the SAP Advanced Event Mesh service, you need to create both the scenarios.
Create Communication Arrangement SAP_COM_0492
First, open the Communication Arrangement app and create a new SAP_COM_0492, SAP Integration Suite, Advanced Event Mesh Integration Communication Arrangement (CA) as described in the SAP Help documentation: Creating a Communication Arrangement for the Advanced Event Mesh Integration Scenario (SAP_COM_0492).
Picture 8: Creating Communication Arrangement SAP_COM_0492
The Number of Publish Connections defines the number of available parallel connections to the AEM broker for this channel. The default value is 1, the maximum value is 10. Increasing the number of connections increases the maximal event throughput from S/4HANA Cloud to the AEM.
This channel is bidirectional in nature, which means you can use the same channel to flow events into SAP S/4HANA Cloud.
During the creation of the Communication Arrangement (CA), you need to create a new Communication System (CS). In the CS, enter the AMQP endpoint under Connect in the AEM as the Host Name without the leading ‘amqps://’.
Picture 9: Creating Communication Arrangement - Extract AMQP endpoint from AEM
Picture 10: Enter the Hostname into your Communication System in the S/4 System
Besides the Inbound Communication User, you need to maintain the Outbound Communication User. To do this, choose the Authentication Method SSL Client Certificate and select the Client Default certificate, which has been uploaded to the AEM before.
Picture 11: Users for In- and Outbound
After saving the CS, save/activate the SAP_COM_0492 CA.
Create the Communication Arrangement SAP_COM_0493
Before the connection to the AEM can be established, you need to create the SAP_COM_0493 CA. In the Communication Arrangement app create a new SAP_COM_0493 CA. Under Additional Properties, add the Channel name of the previous SAP_COM_0492 CA. Then enter the Service Key from the SAP AEM Validation service in the SAP BTP Subaccount as described in the chapter ‘Creating a service key with AEM validation broker service’ to create and save the SAP_COM_0493 CA.
If the AEM validation of the AEM broker is successful and the connection to the AEM could successfully be established, the AEM channel is now up and running.
To check the latter, go back to the SAP_COM_0492 and click on Check Connection.
Picture 12: Checking the Connection
Configuring event publishing and consumption scenarios for AEM channel
You can define which event types shall be published or consumed using an AEM channel via the Enterprise Event Enablement ‒ Configure Channel Bindings app. The detailed steps are described in the SAP Help documentation:
No comments:
Post a Comment