Understanding the inner workings of SAP from MIIS (ILM) Perspective

The past few posts, I’ve really concentrated on the Microsoft ERP MA for SAP integration. Although my world revolves around identity management, a huge piece of that I spend on integration of systems throughout the enterprise that do not share a common platform. One of which is SAP. By no means would I consider myself an SAP Consultant; however the need to understand the inner-workings of foreign systems only makes my job that much easier. Surprisingly, SAP is one of those systems we find customers having difficulties integrating into different connected data sources all around the enterprise.

This post will further concentrate on key components of SAP; most typically how SAP communicates to the outside world. From here, you can better understand how to achieve proper integration.

The first thing is to understand some key concepts of SAP. SAP talks through various Business Application Programming Interfaces also known as BAPIs. These interfaces are object-oriented methods which are the data-handling mechanisms used in SAP Systems. Knowledge of how to instantiate these objects are the most powerful tool in an SAP consultant’s arsenal. BAPIs are business objects similar to transactional records, master records, or datasets. They are most used when calling data in and out of SAP. Although out of the box, there are several hundred BAPIs available for use; they can also be customized to fit any business need required.

Another key concept to BAPIs and most often confused are IDocs. IDocs are data transports and are about moving data between systems and modules within SAP. Ultimately, BAPIs are the mechanisms for getting data in and out of SAP; therefore when integrating SAP with MIIS, you will be invoking or passing parameters to BAPIs to retrieve any type of data.

Remote Function Calls (or RFCs) are function modules that are called within a BAPI. They relate to each other as a BAPI is a business object; whereas an RFC is the functional code.

A perfect example of what happens is, (A) you call a BAPI, then (B) pass parameters to invoke RFCs.

ILM (MIIS) and the Microsoft ERP Management Agent - Part 3

In my previous post, I provided an overview of how we communicate within .NET to SAP Systems. Now, let’s take a look at how this relates to ILM (MIIS). The ERP MA provides a tool called to build the connector space. (Yes, you must build out your connector space by (1) defining the schema of attributes and (2) declaring what BAPIs to invoke and where (add, replace, delete, setpassword). This is accomplished through the ERP Configuration Tool. The document recommends using the provided template files to get started; however in my experience they were much harder to customize. IMHO it was much easier to build my connector space from scratch.

Once you’ve completed, you can create the SAP MA which to do so, you need to input the XML configuration file that is created by the ECT. You should then be able to see the entire attribute list with all the normal functions of any other management agent.

How do my previous posts relate to where we are now; well here is how the MA works.

1. Building the ERP MA configuration file using the ECT; the configuration of the MA is performed by discovering the SAP environment using the SAP connector for Microsoft .NET 2.0 and generating an XML. This essentially discovers all the BAPIs and stores them in a local cache file.
2. Configuration UI communicates with SAP to discover the BAPIs and other configuration for display.
3. XML configuration, proxy assemblies and schema definition file generated by the UI. You are building out your connector space.
4. Creation of the MA happens in MIIS and consumes schema file which MIIS uses to synchronize with SAP.
5. ERP MA SAP assembly consumes XML configuration and proxy assemblies at run time provides wrapper to RFC calls directly to SAP Server
   The diagram below (provided from the CHM) details what happens under the covers.

Now that you understand the process for communication, you can now proceed to determine what to do with the data you import/export. Key things to understand when using the Microsoft ERP MA are the following:

***Understand the process of Alias and Alias-referencing. That is the core of how the MA works.

ILM (MIIS) and the Microsoft ERP Management Agent - Part 2

In part of my last post, here we should do an overview of the SAP .NET Connector. Essentially, it is a programming environment inside of Visual Studio that enables us to communicate between the .NET platform and SAP Systems. Communication is facilitated through proxy classes which call and/or invoke BAPI functions in SAP. The connector support both SAP RFCs and Web Services which allow you to write various applications using any .NET language. Pretty straight forward, huh?

Anyhow, the connector is made up of several parts. As I mentioned, first it’s pretty tightly integrated with Visual Studio for generating SAP proxies. The proxies are used to call BAPI functions through either the SAP RFC protocol (librfc32.dll) or via SOAP. Do note, per the documentation...Release 4.6D does not have SOAP support while systems starting from 6.20 can use either. At the moment, the most current version of the connector is built for .NET 2.0 (SAP Connector for Microsoft .NET 2.0). Additional dlls that are part of the assembly is the SAP.Connector.Rfc.dll and LibRfc.dll. (LIBRFC32.dll, is in Release 6.20 and higher). The diagram below, details the runtime architecture and how communication is facilitated using the .NET Connector.

ILM (MIIS) and the Microsoft ERP Management Agent - Part 1

In my current project, I’ve had the opportunity to work with the Microsoft ERP Management Agent for SAP. As many already know, SAP is a huge applications and a common connected data source which in most (or some) cases acts as the authoritative source for HR related data. MIIS can be used to facilitate or broker identity data and identity management related tasks to and from this connected data source and to many others. In my opinion, MIIS and SAP integrate very well which I thought I’d write about how MIIS connects to SAP to synchronize identity data to and from the connector space. From here, I hope you can get a better understanding on how to integrate SAP into your existing MIIS environment.

Prior to the release of the ERP MA by Microsoft, MIIS developers connected to SAP systems by custom XMAs using the SAP .NET Connector. For example, Oxford Computer Group had developed a management agent for SAP which has been proven successfully in many environments way before the Microsoft ERP MA was even released. Regardless, here is how connectivity is accomplished using the ERP MA from Microsoft.

Before I start, the Microsoft ERP Management Agent can be downloaded from the following link or obtained within the ILM 2007 FR1 installation media.

Microsoft Enterprise Resource Planning Management Agent for SAP

The base requirements for this management agent are:

• Microsoft Identity Integration Server 2003 SP2 or ILM 2007
• The SAP .NET Connector 2.0
• Microsoft .NET Framework, version 1.1 or higher

In order to connect to SAP, you should first understand some concepts of SAP.

• BAPI (Business Application Programming Interface) – a function that performs a specific operation inside the SAP environment
• InfoTypes – structures used as parameters to BAPIs
• RFC (Remote Function Calls) – a method for accessing a BAPI from another computer via the network
• SAP Connector for Microsoft .NET 2.0 – a managed component from SAP that enables RFC to BAPIs in a SAP application server

It’s pretty late now, so in my next part I will write more details on how the SAP .NET Connector works and how it relates to MIIS and the ERP MA.