All you need to do now is to
- configure a new Cloud to On-Premise system mapping in your Cloud Connector and
- configure your sftp sender or receiver adapter accordingly
Let’s go step by step.
Configure a Cloud to On-Premise system mapping in the Cloud Connector
Logon to your Cloud Connector and add a Cloud to On-Premise system mapping. Maintain the parameter in the wizard as follows.
Set the Backend Type to ‘Non-SAP System’.
Select the ‘TCP’ Protocol. The configuration options for TCP are not as specific as for e.g. HTTP, i.e. the SAP Cloud Connector may not restrict potential misuse from your SAP Cloud Platform account. This is referred as security risk.
Maintain your On-Premise sftp server & port you want to connect to.
Define the virtual sftp server & port you want to expose to your SAP Cloud Platform Account (it will be re-used later in the sftp receiver adapter configuration).
Maintain an optional description, tick the ‘Check Internal Host’ checkbox (to have enable the ping test from SAP Cloud Connector to your On-Premise sftp server) and finish.
You may check and maintain your system mapping in the Cloud To On-Premise overview.
Logon to your Cloud Platform account and check the corresponding Cloud Connector status.
If all is fine you may consume your just established TCP connection in the sftp sender or receiver adapter.
Configure the sftp Sender or Receiver Adapter
Log on to the Cloud Integration WebUI and maintain the connection parameter in the sftp adapter properties as follows.
Maintain the virtual sftp server name & port for the proxy type ‘On-Premise’. Maintain the Location ID of the Cloud Connector, if configured in the Cloud Connector. Define the Authentication configuration as required by your On-Premise sftp server.
Done, save and deploy the integration flow. Start sending messages from SAP Cloud Integration via your own On-Premise sftp server or start polling files from your On-Premise sftp server.
Troubleshooting
If you run into errors executing your scenario you may find information for error analysis at the following places:
- Integration Content Monitor in Cloud Integration
- Message Processing Monitor in Cloud Integration
- Cloud Connector Connectivity Test
- SSH Connectivity Test
- Log File in Cloud Connector
Let’s have a short look at the different tools.
Integration Content Monitor
After deploying the integration flow you should first check in the Integration Content monitor in SAP Cloud Integration if the integration flow is started successfully. As integration flows with sftp sender adapters start polling immediately after the integration flow is started, errors during the poll are shown here. No message processing log is created in this case.
In the Status Details area you may find the status and the details about the current poll status:
If there is an error when polling messages via the sftp sender adapter the error would be shown here for the respective integration flow. In the Polling Information the status of the consumption is shown as Failed.
the SOCKS proxy of the cloud connector. In this case you would have to check the monitor and the log files in the Cloud Connector for more details. Check that the request reaches your Cloud Connector instance at all, maybe the Location ID in Cloud Connector configuration does not fit to the Location ID used in sftp channel?
Message Processing Monitor
The second important monitor to be checked if your scenario does not work is the Message Processing monitor in the Cloud Integration Monitoring. If there is an error sending messages to a specific sftp receiver the error would be shown here.
In the below sample error, you see that the hostkey is rejected. This means that the public key of the sftp server is not maintained in the known hosts file for the configured virtual sftp host. Maybe the public key is maintained with the real sftp server address? If so, this entry needs to be changed in the known hosts file. Details about known hosts file maintenance you find in the blog How to setup secure connection to sftp server. Note that the public key cannot yet be downloaded via the Connectivity Test when connecting to the sftp server via Clod Connector. The Connectivity Test will be updated soon to support this, the blog will then be updated.
SSH Connection Test
The Connectivity Test is available in Operations View in Web UI, in section Manage Security Material. Selecting the Connectivity Test tile from Overview Page opens the test tool offering tests for different protocols. To test the communication to the SFTP server, the SSH option is to be selected.
You can select the On-Premise Cloud Connector proxy and enter a Location ID also in the SSH test to test the connection to the SFTP server via the Cloud Connector:
The Cloud Connector Connectivity Test can be used to test if the Cloud Connector connected to the Cloud Integration tenant can be reached via the Cloud Integration’s runtime with the defined Location ID.
Like the SSH Connection Test, the Cloud Connector Test can be found in the Connectivity Tests tile in the Operations View in Web UI in section Manage Security Material. In the test tool select Cloud Connector. The only input field for the Cloud Connector test is the Location ID. Enter the Location ID you have configured in the Cloud Connector and also use in the adapter channel in the integration flow.
The test pings the Cloud Connector with this Location ID. If no Cloud Connector is connected with this Location ID the test fails:
If the Cloud Connector can be reached with the given Location ID the test executes successfully:
Cloud Connector Log
If you receive errors coming from the SOCKS proxy, you have to check the Cloud Connector log file for more information. Maybe the mapping for the used virtual host does not exist?
