Scribd
Upload
84 views

CIG - Cloud Connector Configuration

Uploaded by

Max Bull Terrier
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
84 views

CIG - Cloud Connector Configuration

Uploaded by

Max Bull Terrier
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

Cloud Connector configuration for SAP Ariba CIG

Bharath Balakrishnan - SAP Ariba Cloud Integration Support

PUBLIC

Confidential Documents:
© 2022 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
Topics

• Cloud Connector configuration for CIG

• Whitelist IPs for CIG -> ERP

• Whitelist IPs for ERP -> CIG

• Troubleshooting
Once you install cloud connector login with the user credentials provided during the installation. Here I am
logging in as administrator
When you login for the first time you will not see any subaccounts in the connector page. You need to add separate
sub accounts for test and production system. Click Add Subaccount button.
1. Region Host: Any customers integrating via CIG, will use one of the below data centers depending on their location or when the CIG was
activated. If you using CIG EU, then its eu1.hana.ondemand.com, if you are using CIG US, then its us4.hana.ondemand.com, if are
using CIG CN, then its cn1.platform.sapcloud.cn, If you are using CIG KSA then its, sa1.hana.ondemand.com, If you are using
CIG UAE then its, ae1.hana.ondemand.com,
How to know which CIG data center I am using? Once you enable CIG in Ariba Network/Ariba Buying/Ariba Sourcing, next to Visit SAP
Ariba Cloud Integration Gateway, you will see the data center.

2. Subaccount: We have separate subaccounts for TEST and PRODUCTION systems for each DATA CENTER. Follow the below table to know
what subaccounts are to be added in SAP CC for your data center. This is common for any customer. All the sub-accounts should be added for
which ever data center you are connecting to.

CIG EU CIG US CIG China CIG KSA CIG UAE


(eu1.hana.ondemand.com) (us4.hana.ondemand.com) (cn1.platform.sapcloud.cn) (sa1.hana.ondemand.com) (ae1.hana.ondemand.com)

aff5426a3 xf014edd7 r0j327s1ak vyune65dsw gxrmsck7oq


a18a6fc8f x60abf046 c7rrjwusz0 va2w1i23wr t5skjep13f
riph868phi
a8f3ed22c b3bcoyxwro v6h7l4po2z q954q7a4d0 s3wsfj1qe8
ab9e90b64 x691dbc6d gegwi7n4kq w2fi9zn95p qc7mrw8tvm
a278d9ec7 x1e1a8cfb g1mgxyvy6e q8famn5vpc v011cy26z4
A508aae51 x8713dd41 zj358jrvnr
fh7owkbn5n fnpxlbn69y
t6u5sulpil ald178slao
uajqgqv8l3
3. Display Name: You can provide any display name to any value. Here I used CIG_TEST

4. Subaccount User/Password: Provide the Puser value you have received in email when you enable
CIG and the corresponding password.

5. Location ID: Provide a location id value here. It can be anything but make sure you provide the same
in the CIG portal connection details and for other subaccounts. Here I am using ARIBACIG
In the configuration page, If you want to use any proxy, you can mention that as well. Check with your BASIS/IT
consultant if this is required. My proxy is proxy.ariba.com so I used it here. Please use your own proxy server.
Click on the sub account you created recently and make sure the details you provided in the previous step are
reflecting here. This shows a secure tunnel is established between CIG sub account and the cloud connector.
Click Cloud To On-Premise link to provide the virtual mapping to the internal system. When you configure for the
first time you will not see any entries here. Click on the ‘+’ sign to add virtual mapping.
Select the Back-end Type as ABAP System if you are using SAP ECC or S/4 HANA system
and click Next
Select the Protocol as HTTP or HTTPS. We recommend to choose HTTPS
Provide the Internal Host and Port of your SAP Application server. You can get this details from
tcode SMICM. SMICM->Goto->Services. Click Next
Provide the Virtual host and Virtual port details. You can provide any value for virtual host and port
but make sure it is a fully qualified domain name and not the same value as the internal host / port.
We will provide the virtual host value in the CIG Portal connection page.
Note: Make sure your virtual host should not have any underscore character otherwise, you will see
a 400 error when sending the message from CIG.
Choose the Principal Type as None
Choose the Host In Request Header as Use Virtual Host
This is optional. You can provide for your reference.
Add the resource accessible path for the virtual to internal system
1. Add the URL path as /sap/
2. Check the Enabled box
3. Choose path and all sub-paths
4. Click Save
Now click on the Connector and start adding the remaining sub accounts.
The Location ID and the Virtual Host, Virtual Port should be same for both test sub accounts like below.
Once you add all sub-accounts you will see like below and all secure tunnels are established properly.
We have few optional configuration in SAP cloud connector. In case the secure tunnel between CIG
sub account and the cloud connector is broken for some reason like CIG outage or network glitches,
you will receive an email alert if the below configuration is performed. This alert will tell you in case if
the tunnel is broken or recovered successfully and any new version is cloud connector is available..
Usually with SAP CC 12.3.0 or above, the secure tunnel will establish automatically. We always
recommend to upgrade to the latest version.
Please update the details and click Save.

Sample emails
Whitelist IPs for CIG -> ERP
To receive the transactions from CIG successfully your cloud connector will need to establish a secure
tunnel with the CIG subaccounts. Based on the region host you are connecting to you need to whitelist
the below IP ranges in your firewall.

Data center Region Host IPs (CIG -> Cloud connector / PI -> ERP)

Europe (Rot) eu1.hana.ondemand.com 155.56.128.0/17, 130.214.160.64/28 and 130.214.160.80/29

157.133.45.0/24, 130.214.182.64/29, 130.214.183.0/25, and


US West (Colorado Springs) us4.hana.ondemand.com
130.214.184.72/29
157.133.192.128/25, 157.133.192.64/27, 157.133.194.0/24,
China (Shangai) cn1.platform.sapcloud.cn 121.91.106.64/28, 121.91.109.0/24, 103.170.212.208/28, and
121.91.106.72/29
157.133.93.0/24, 130.214.223.32/29, 130.214.209.128/25, and
KSA (Riyadh) sa1.hana.ondemand.com
130.214.223.40/29

157.133.85.0/24, 130.214.251.32/29, 130.214.80.128/25, and


UAE (Dubai) ae1.hana.ondemand.com
130.214.251.40/29
Whitelist IPs for ERP -> CIG
To send the transactions from ERP/PI to CIG you need to whitelist the below IP address in your
firewall. Based on the CIG data center you are connecting to this will change.

Data center CIG Transaction URL IPs to whitelist

https://testacig.ariba.com
Europe (Rot) 3.124.222.77, 3.122.209.241, 3.124.208.223
https://acig.ariba.com

https://testacig-us.ariba.com
US West (Colorado Springs) 52.4.101.240, 52.23.1.211, 52.23.189.23
https://acig-us.ariba.com

https://test.cig.cn40.apps.platform.sapcloud.cn
China (Shangai) 139.224.7.71
https://prod.cig.cn40.apps.platform.sapcloud.cn

https://testacig-ksa.ariba.com
KSA (Riyadh) 3.124.222.77, 3.122.209.241, 3.124.208.223
https://acig-ksa.ariba.com

https://testacig-uae.ariba.com
UAE (Dubai) 3.124.222.77, 3.122.209.241, 3.124.208.223
https://acig-uae.ariba.com
Troubleshooting

• Common errors when using integrating using cloud connector


• Could not Send Message
• 503 Service Unavailable
• Service Unavailable
• org.apache.cxf.transport.http.HTTPException: HTTP response '503: Service
Unavailable. There is no SAP Cloud Connector (SCC) connected to your subaccount.
Requested opening of a tunnel for subaccount "aff5426a3" and SCC
location ID "XXXXXX ". Check the configuration on SCC and cloud
side.' when communicating with https://ADDRESS_IS_SET_VIA.HEADER
• 502 Bad Gateway

• CIG Connection Flow - https://ga.support.sap.com/dtp/viewer/index.html#/tree/2757/actions/39812


• Invalid server certificate error after cloud connector upgrade to 2.13.2 -
https://launchpad.support.sap.com/#/notes/0003088349
• If you see Certificate expired message in screen from slide 8, click on the renew subaccount
certificate button in the same screen.
Thank you.

Confidential Documents:
© 2022 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.

You might also like