Routing with Destinations

Overview

The enosix Link allows for the configuration of route URLs using the SAP Destination Service. Routes are configured in link using User-Provided Environment Variables.

Configuring a Destination to Match SAP On-Premise Configuration

note

Before proceeding, ensure that your SAP Back-end is exposed through the Connectivity service by following the installation instructions in the Configure Connectivity Service in SAP Cloud Foundry.

Configure the Destination Service in SAP BTP

The space where Link is deployed requires a destination service provisioned with the instance name destination, though you can configure it to use a specific instance. Configuring the Destination Instance

The enosix Link product supports the following Destination values:

Field	Supported Property
Name	`Destination name`
Proxy Type	`OnPremise`
Type	`HTTP`
Authentication	`NoAuthentication`,`PrincipalPropagation`,`BasicAuthentication`
URL	Virtual host and path you configured in Cloud Connector. Example, `https://ensx-dev-ecc:80/enosix/paca` (if following the installation page steps)
Location ID	Leave blank or enter the Location ID of a Cloud Connector

info

The Location ID field identifies which Cloud Connector will route the traffic if multiple connectors are connected to the same subaccount. You can find the Location ID:

On the Cloud Connectors screen in BTP, next to the instance name in ()
On the Subaccount Overview screen in Cloud Connector

Destination Authentication Types

1. No Authentication

Requests using a NoAuthentication destination will pass through the authentication on the header of the initial request. This is often referred to as Passthrough authentication.

2. Principle Propagation

Requests using a PrinciplePropagation destination require a bearer JWT token that will be validated against the BTP XSUAA service. This token is converted to a certificate by Cloud Connector and matched by email address to a SAP user. See the public documentation here.

3. Basic Authentication

Requests using a BasicAuthentication destination will always use the configured Username/Password to authenticate to SAP. For security reasons, it is highly recommended that all Proxies and ApiProxies that utilize Basic Authentication Destinations also implement OpenID Auth or API keys to secure these endpoints.

Sample Destination Configuration

Configure the Destination Servers

Configure Link to match destination

Use the Cloud Foundry CLI with the following manifest.yaml template.

---
applications:
- name: enosix-link-<company-name> # Add your company name
  random-route: true # Remove this line in the production space
  memory: 128M
  docker:
    image: enosix/link:stable
  services:
   - connectivity
   - destination
  health-check-type: http
  health-check-http-endpoint: /health
  env:
    #Logging__LogLevel__Default: Trace # Used to enable detailed trace logging for submitting issues
    Servers__dev__ConcurrentRequests: 10 # Throttle link to a limited number of requests concurrently, in order to reduce memory constraints.
    Servers__dev__Name: sap-dev # Rename to a unique meaningful name of the server
    Servers__dev__BTP__DestinationName: sap-ensx-framework # Should match the name of the destination configured in BTP Subaccount
    Proxies__0__Path: 3de65974f59e200ef27e8ecfb84437f7 # Rename to a unique value
    Proxies__0__Server: sap-dev # Should match the name of the Server

Sample Output from `cf push`

Pushing from manifest to org ****** / space ****** as ****************...
Using manifest file /Users/******/link/manifest.yaml
Getting app info...
Updating app with these attributes...
  name:                         enosix-link
  docker image:                 enosix/link:stable
  command:                      /bin/sh -c dotnet link.dll
  disk quota:                   1G
  health check http endpoint:   /health
  health check type:            http
  instances:                    1
  memory:                       128M
  stack:                        cflinuxfs3
  services:
    connectivity
  env:
    Servers__dev__ConcurrentRequests
    Servers__dev__Name
    Servers__dev__BTP__DestinationName
    Proxies__0__Path
    Proxies__0__Server

Updating app link...
Mapping routes...

Stopping app...

Waiting for app to start...

name:              link
requested state:   started
routes:            enosix-link.cfapps.us10.hana.ondemand.com
last uploaded:     Mon 1 Jan 12:00:00 EST 2000
stack:
docker image:      enosix/link:stable

type:            web
instances:       1/1
memory usage:    128M
start command:   /bin/sh -c dotnet link.dll
     state     since                  cpu    memory          disk           details
#0   running   2020-02-13T21:34:01Z   7.3%   23.3M of 128M   158.9M of 1G

Routing Explained

The template above will set the following:

Cloud Foundry Assigned Route: enosix-link.cfapps.us10.hana.ondemand.com
Path: 3de65974f59e200ef27e8ecfb84437f7

Thus, the URL to access the sap-ecc-dev system will be: https://enosix-link.cfapps.us10.hana.ondemand.com/3de65974f59e200ef27e8ecfb84437f7

This URL routes through the Cloud Connector to the SAP system:
https://enosix-link.cfapps.us10.hana.ondemand.com/3de65974f59e200ef27e8ecfb84437f7 -> [sapcc] -> http://sap-ecc-dev:80/enosix/paca

Routing with Destinations

Overview​

Configuring a Destination to Match SAP On-Premise Configuration​

Configure the Destination Service in SAP BTP​

Destination Authentication Types​

1. No Authentication​

2. Principle Propagation​

3. Basic Authentication​

Sample Destination Configuration​

Configure the Destination Servers​

Configure Link to match destination​

Sample Output from cf push​

Routing Explained​