Scribd
Upload
504 views26 pages

CIG - Cloud Connector Configuration

Uploaded by

Waqas Aslam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
504 views26 pages

CIG - Cloud Connector Configuration

Uploaded by

Waqas Aslam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Cloud Connector configuration for SAP Ariba CIG

Bharath Balakrishnan - SAP Ariba Cloud Integration Support

PUBLIC

Confidential Documents:
© 2022 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
Topics

• Cloud Connector configuration for CIG

• Whitelist IPs for CIG -> ERP

• Whitelist IPs for ERP -> CIG

• Troubleshooting
Once you install cloud connector login with the user credentials provided during the installation. Here I am
logging in as administrator
When you login for the first time you will not see any subaccounts in the connector page. You need to add separate
sub accounts for test and production system. Click Add Subaccount button.
1. Region Host: Any customers using CIG, will be using CIG EU or US data center depending on their location or
when the CIG was activated. If you using CIG EU, then its eu1.hana.ondemand.com, if you are using CIG
US, then its us4.hana.ondemand.com, if are using CIG CN, then its cn1.platform.sapcloud.cn, If
you are using CIG KSA then its, sa1.hana.ondemand.com
How to know which CIG data center I am using? Once you enable CIG in Ariba Network/Ariba Buying/Ariba Sourcing, next to Visit
SAP Ariba Cloud Integration Gateway, you will see the data center.

2. Subaccount: We have a separate sub accounts for test and production system for each data centers. Use the
below table to know what sub accounts to be added in SAP CC for your data center. This is common for any
customer. All the sub accounts should be added
CIG EU CIG US CIG China CIG KSA
Environment
(eu1.hana.ondemand.com) (us4.hana.ondemand.com) (cn1.platform.sapcloud.cn) (sa1.hana.ondemand.com)

aff5426a3 xf014edd7 r0j327s1ak vyune65dsw


Test
a18a6fc8f x60abf046 c7rrjwusz0 va2w1i23wr

a8f3ed22c b3bcoyxwro v6h7l4po2z q954q7a4d0

ab9e90b64 x691dbc6d gegwi7n4kq w2fi9zn95p


Production
a278d9ec7 x1e1a8cfb g1mgxyvy6e q8famn5vpc

a508aae51 x8713dd41 zj358jrvnr


3. Display Name: You can provide any display name to any value. Here I used CIG_TEST

4. Subaccount User/Password: Provide the Puser value you have received in email when you enable
CIG and the corresponding password.

5. Location ID: Provide a location id value here. It can be anything but make sure you provide the same
in the CIG portal connection details and for other subaccounts. Here I am using ARIBACIG
In the configuration page, If you want to use any proxy, you can mention that as well. Check with your BASIS/IT
consultant if this is required. My proxy is proxy.ariba.com so I used it here. Please use your own proxy server.
Click on the sub account you created recently and make sure the details you provided in the previous step are
reflecting here. This shows a secure tunnel is established between CIG sub account and the cloud connector.
Click Cloud To On-Premise link to provide the virtual mapping to the internal system. When you configure for the
first time you will not see any entries here. Click on the ‘+’ sign to add virtual mapping.
Select the Back-end Type as ABAP System if you are using SAP ECC or S/4 HANA system
and click Next
Select the Protocol as HTTP or HTTPS. We recommend to choose HTTPS
Provide the Internal Host and Port of your SAP Application server. You can get this details from
tcode SMICM. SMICM->Goto->Services. Click Next
Provide the Virtual host and Virtual port details. You can provide any value for virtual host and port
but make sure it is a fully qualified domain name and not the same value as the internal host / port.
We will provide the virtual host value in the CIG Portal connection page.
Note: Make sure your virtual host should not have any underscore character otherwise, you will see
a 400 error when sending the message from CIG.
Choose the Principal Type as None
This is optional. You can provide for your reference.
Add the resource accessible path for the virtual to internals sytem
1. Add the URL path as /sap/
2. Check the Enabled box
3. Choose path and all sub-paths
4. Click Save
The Location ID and the Virtual Host, Virtual Port should be same for both test sub accounts like below.
Once you add all sub-accounts you will see like below and all secure tunnels are established properly.
We have few optional configuration in SAP cloud connector. In case the secure tunnel between CIG
sub account and the cloud connector is broken for some reason like CIG outage or network glitches,
you will receive an email alert if the below configuration is performed. This alert will tell you in case if
the tunnel is broken or recovered successfully and any new version is cloud connector is available..
Usually with SAP CC 12.3.0 or above, the secure tunnel will establish automatically. We always
recommend to upgrade to the latest version.
Please update the details and click Save.

Sample emails
Whitelist IPs for CIG -> ERP
To receive the transactions from CIG successfully your cloud connector will need to establish a secure
tunnel with the CIG subaccounts. Based on the region host you are connecting to you need to whitelist
the below IP ranges in your firewall.

Data center Region Host IPs (CIG -> Cloud connector / ERP)

Europe (Rot) eu1.hana.ondemand.com 155.56.128.0/17 and 130.214.160.64/28

US West (Colorado Springs) us4.hana.ondemand.com 157.133.45.0/24 and 130.214.182.64/29

157.133.192.128/25, 157.133.192.64/27, 157.133.194.0/24, and


China (Shangai) cn1.platform.sapcloud.cn
121.91.106.64/28

KSA (Riyadh) sa1.hana.ondemand.com 157.133.93.0/24 and 130.214.223.32/29


Whitelist IPs for ERP -> CIG
To send the transactions from ERP/PI to CIG you need to whitelist the below IP address in your
firewall. Based on the CIG data center you are connecting to this will change.

Data center CIG Transaction URL IPs to whitelist

https://testacig.ariba.com
Europe (Rot) 3.124.222.77, 3.122.209.241, 3.124.208.223
https://acig.ariba.com

https://testacig-us.ariba.com
US West (Colorado Springs) 52.4.101.240, 52.23.1.211, 52.23.189.23
https://acig-us.ariba.com

https://test.cig.cn40.apps.platform.sapcloud.cn
China (Shangai) 139.224.7.71
https://prod.cig.cn40.apps.platform.sapcloud.cn

https://testacig-ksa.ariba.com
KSA (Riyadh) 3.124.222.77, 3.122.209.241, 3.124.208.223
https://acig-ksa.ariba.com
Troubleshooting

• CIG Connection Flow - https://ga.support.sap.com/dtp/viewer/index.html#/tree/2757/actions/39812


• Invalid server certificate error after cloud connector upgrade to 2.13.2 -
https://launchpad.support.sap.com/#/notes/0003088349
• 503 error when CIG sends the message to SAP Cloud connector – Make sure all the
configurations are performed as per this document
• If you see Certificate expired message in screen from slide 8, click on the renew subaccount
certificate button in the same screen.
Thank you.

Confidential Documents:
© 2022 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.

You might also like