Develop a Multitenant Extension Application in SAP BTP, Kyma Runtime

Alexander Rieder, Matthieu Pelatan

September 2022

Agenda

Introduction

Basis Mission

Identity Management Mission

Day2 Operations Mission

Q&A

Introduction

SAP Discovery Center

Link to SAP Discovery Center

Mission details

Step-by-step guide

Code in GitHub

Mock Server included

btp-setup-automator

Coaching, troubleshooting & FAQ

Type of SaaS Solution

Business Story

Business Story

Application Overview

Basis Mission

Application Architecture

Separation of Data

Separation of Data Details

  1. As soon as a customer is onboarded, the SaaS Registry triggers the onboarding process. A request with all information about the new tenant (for example, tenant ID and subdomain) in the body is sent to the application broker.
  2. The broker extracts the tenant ID and the subdomain out of the request body and triggers actions defined in the callbacks. In our case, the DB service is informed about the new onboarding.
  3. The Database service creates a new schema/user for the new customer. Standard tables and default configuration are automatically generated.

Authentication Flow

Authentication Flow Details

  1. An end user opens the application in a browser. The browser sends a request to the Approuter.
  2. The end user is redirected to the SAP Authorization and Trust Management service to log in.
  3. After a successful login, the SAP Authorization and Trust Management service sends a JWT token to Approuter, which extracts the tenant ID. The tenant ID will be needed later to call the data from the right tenant.
  4. The Approuter redirects to UI.
  5. The UI sends a request to backend API via the Approuter.
  6. The Approuter injects the tenant ID in the request as a header and forwards the request to the Easy Franchise service.
  7. The Easy Franchise service receives request as an orchestrator and forwards it to the respective microservice including the tenant ID. Here, it's part of the URL, which makes it simpler to log or debug at development time.
  8. The Database service requests data from the respective tenant.
  9. The Business Partner service gets information from the destination in the respective subaccount and calls the SAP S/4HANA Cloud system.

Mission Structure

Link to mission

Demo

Demo Steps

Identity Management Mission

Mission Focus

This mission explains how to enrich a Kyma-based multitenant application
with additional identity features.

SAP Cloud Identity Services
Principal propagation
Custom IdP

Mission Structure

SAP Cloud Identity Services
Principal propagation
Custom IdP
  • Get a Tenant
  • Set Trust between IAS and BTP
  • Set trust between BTP and S/4HANA
  • Configure OAuth Communication
  • Configure S/4HANA
  • Configure SAP BTP
  • Consume the destination
  • Prepare Corporate IdP
  • Set trust between IAS and Azure AD
  • Run the Application

Identity Authentication Service

Principal Propagation

User Federation

Day2 Operations Mission

Mission Focus

This mission explains how to extend an existing Kyma based multitenant application
by focusing on day 2 operations topics.

Observability
Metering
CI/CD

Mission Structure

Observability
Metering
CI/CD
  • Logging (Build-in Offering)
  • Logging (Ext. consumption)
  • Monitoring (Build-in Offering)
  • Monitoring (Ext. consumption)
  • Monitoring (Dynatrace)
  • Custom metrics (Active users)
  • App implementation
  • Metering consumption
  • Local and Kyma env.
  • CI/CD Service
  • With K8S YAML
  • With HELM

Logging

Logging (Ext. Consumption)

Monitoring (Ext. Consumption)

Monitoring with Dynatrace

Metering

Metering Consumption

CI/CD

Demo

Demo Steps

Q&A

Feedback Session

Looking for interested customers to reflect on our mission(s)​

By interest, please contact: Alexander Rieder - ​Navin Krishnan Manohar

Disclaimer