Introduction

SAP Analytics Cloud (SAC) is the presentation tool for SAP reporting.

It is also the tool used for planning

Purpose

The SAP Analytics and Reporting Approach explains what will be implemented and the SAP Analytics and Reporting Standards details how it will be implemented.

This document explains the landscape and integration of the solution

Scope & Objectives

The existing version of SAC being used by HR and BW will be deprecated

Certain SaaS applications have an embedded version of SAC

• SuccessFactors (used extensively as a single instance and security is natively controlled)
• Asset Performance Management (not to be used as 3 instances and offers no benefit to the enterprise version discussed here)

Non-Functional Requirements

Terminology

• SAP Business Content (BCT): Predefined solution provided by SAP for a functional area 
• Instance: An entity refers to the entire system including the software and all technical components (DB, application server etc.). E.g., SAC Production.
• Environment/Tier: Refers to systems that are used for the different stages of the project lifecycle. Each environment serves a distinct purpose and has a dedicated instance to ensure stability and integrity. E.g., Development, QAS. 
• Landscape: Refers to all the environment for an application or entire project. E.g., S/4HANA landscape, SyWay landscape.
• CUI: CUI and export controlled data are both highly sensitive.  
• CMMC 2: Second iteration of the Cybersecurity Maturity Model Certification
• SaaS Deployment Model: Subscription where you pay for the service vs Consumption where you pay for the usage

Application Architecture

Architectural Decisions and Requirements

Below Table provides the details of the architectural decisions made based on the rationale.

Application Architecture Design

Application Architecture Components

SAC is the presentation tool for SAP solutions as depicted below:

Connections

SAP Datasphere (DSP)

DSP is the cloud data warehouse used to extract transform and load data from SAP systems

SAP Analytics Cloud and SAP Datasphere tenants can only be linked in a 1:1 relationship. One SAP Analytics Cloud tenant can be linked with only one Datasphere tenant.

Freeze stable connections/models/stories and Whitelist Applications to avoid the constant change of these crucial parameters.

We are not planning on importing any data directly from SAP systems into SAC, but rather via DSP.

Live Connection

With Live Connection, data securely remains in your back-end and queries are performed in your data source server. Result of query is sent back to your browser which renders your Dashboard.

Browser interacts directly or thru proxy with SAP Analytics Cloud, identity provider and all connected data sources. Then browser manages three types of communication tunnel:

• • Get/Post requests from Browser to SAP Analytics Cloud are dedicated to metadata.
  • Get/Post requests from Browser to Identity Provider are dedicated to SAML 2 Assertions.
  • Get/Post/Options requests from Browser to Back-end data sources are dedicated to Data.

• Local (Cloud data sources) represented as 2 in the diagram

All data stays within the SAP Cloud Platform. The data is not replicated to SAP Analytics Cloud. Modelling and model security is managed on the source system. Data connection between systems is secured within SAP Cloud Platform.

Add the URL of your SAP Analytics Cloud as a trusted origin in your SAP Datasphere system.

When using the SAC – Datasphere live connection, SAC currently has the following product limitations:

Analytics

• • Custom Shapes for Geo Maps are not supported
  • Version based variance features are not supported on SAP Datasphere data.
  • Version Mapping is not supported for SAP Datasphere data.
  • Blending is not supported.
  • Linked Dimension is only supported for SAP Datasphere models from the same Space. It is not supported across Spaces.
  • R-Visualizations are not supported. 
  • Comment Widgets are not supported
  • Copy Widgets between stories is not supported
  • Import Pages from Stories that contain Datasphere models is not supported

Planning

• • SAC Planning data can now be stored in Datasphere with seamless planning. However, seamless planning still requires the import of data into the SAC model and is not based on the SAP Datasphere live connection. 

• Remote (On-premise data sources like S/4)
  • With CORS, all data stays within the remote (customer) landscape. The data is not replicated to SAP Analytics Cloud. Modelling and model security is managed on the source system.
  • With tunnel, the data is returned to SAC momentarily while being used

The capability exists but it is not envisaged that this type of connection will be required, as it connects to a single system.

We can route S/4 via remote tables in DSP and union the data before being analysed in SAC.

OData

With seamless planning the data resides in DSP, but retraction only works from SAC to S/4, hence the data needs to be loaded into SAC first. 

OAuth 2.0 Authorization Code with the values for your SAP Datasphere OAuth client ID

OAuth clients with a Technical User purpose cannot, at this time, consume data from assets that are protected by data access controls.

SAML2 flow

Application Security

Classification

Authentication

Authorisation

Communication Security

Data Security

Other Controls

System Landscape

Development Environment

Project Test Environment

Quality Environment

Production Environment

Operation Architecture

Change and Configuration Management

Transport Management

Release Management

Monitoring

Application Monitoring

System Monitoring

Sizing

High Availability

Disaster Recovery

Backup/Restore

Maintenance Plan

Service Introduction

Application Category

Support Team

Skill required

Checklist

Exceptions

See also

Change log

Workflow history