PIPO Integration

SAP PI/PO Integration using SFTP Server on AWS Cloud

Many organizations that use enterprise resource planning (ERP) software like SAP run and maintain Secure File Transfer Protocol (SFTP) servers to securely transfer business-critical data from SAP to external partner systems. In this blog post, we’ll provide steps for you to integrate your SAP Process Integration and Process Orchestration (SAP PI/PO) and SAP Cloud Platform Integration with SFTP server on AWS Cloud.

 There are many SAP scenarios where an SFTP server is useful for SAP file workloads. For example:

• A company can use an SFTP server as a middle layer to place files that contain sales order data. The external transportation company processes the order information from the SFTP server to schedule transportation.
• A company can use an SFTP server to place crucial financial data and for payments integration with the bank.

Architecture overview

• You can integrate your SAP environment using SFTP Server using SAP PI/PO, which acts as an integration broker to facilitate connection between systems. The following diagram shows the high-level architecture of how your SAP PI/PO systems can integrate with SFTP Server on AWS Cloud.

Authentication options

To establish a connection with SFTP Server, you’ll use SAP PI/PO authentication options:

• SAP key-based authentication. Convert the Secure Shell (SSH) private key that’s generated as a part of the SFTP server creation process to Public Key Cryptography Standards (PKCS)12 type keystore. You do this to integrate SAP PI/PO communication channels with SFTP server.

SAP key-based authentication

You can use Open SSL to create X.509 and P12 certificates on your local SSH key pair directory, as shown in the following diagram. Enter the password and note it down for SAP keystore setup. The generated key will be in binary form.

SAP NetWeaver Administrator keystore configuration

1.Log in to SAP NetWeaver Administrator Key Storage Views, and enter a nam and description to create a new key storage view.

2. Select Import Entry, and then choose PKCS#12 Key Pair type from the drop-down menu, to import the .p12 file created as part of the earlier Open SSL step.

3. To decrypt the file and complete the import, use the same password that you used earlier, and then choose Import.

4. Make a note of the fingerprints to integrate the SAP PI/PO systems with the AWS SFTP server to finish configuring the SAP PI/PO integration directory.

Integrating the SAP PI/PO SFTP communication channel with the SFTP server

Next, you’ll configure a key-based authentication method in SAP PI/PO to transfer your file workloads from SAP ERP Central Component (SAP ECC) to the AWS SFTP server destination.

 To test the SAP PI/PO integration, you can transfer a MATMAS material intermediate document (IDoc) from the SAP system to the SFTP server destination.

 In this blog post, it’s assumed that you’ll configure the software and business component in the SAP PI/PO System Landscape directory, import the MATMAS IDoc structure, and map the raw IDoc structure (XML) to comma-separated value (CSV) formatted type using message, service, and operational mappings in the SAP PI/PO Enterprise Services Repository function. You can also use the raw MATMAS intermediate document structure (XML) for testing.

 In addition, you’ll need to configure sender and receiver communication channels and integration configuration in the SAP PI/PO integration directory function.

 In the SAP PI/PO integration directory configuration, select SFTP adapter type and update the AWS SFTP server endpoint and fingerprint created during the SAP NetWeaver Administrator keystore configuration. Update the values for the authentication method and file parameter key in the SAP PI/PO communication channel screen as follows:

• Authentication method: Private Key
• Username: The username for the SFTP server created.
• Private Key View: The key view created previously in the SAP NetWeaver Administrator keystore configuration.
• Private Key Entry: The key entry type created previously in SAP NetWeaver Administrator keystore configuration.
• Filename: The filename or naming convention that will be transferred from SAP to the AWS SFTP server.
• Filepath: The folder path path that’s created as part of the AWS SFTP server setup process. This filepath is the local folder on SFTP server where your transferred files will be stored.