- How sap information is displayed on SharePoint Server and Microsoft Outlook 2010
- Preset Functions
- Template and other construction Blocks
- Monitoring and Troubleshooting
Duet enterprise for Microsoft SharePoint and SAP is a new product jointly developed by SAP and Microsoft to implement interoperability between SAP applications and Microsoft SharePoint Server 2010 Enterprise Edition. Employees can use and expand sap processes and information in Sharepoint Server 2010 and Microsoft Office 2010 client applications through duet enterprise.
This article helps SharePoint administrators, SAP administrators, and System Architects understand the duet enterprise architecture, preset features, how sap information is displayed in Sharepoint Server and office applications, and how Authentication works. This article also provides a brief overview of monitoring and troubleshooting.
In addition to this overview article, you can also download duet enterprise for Microsoft SharePoint and SAP posters, this includes examples of product use, detailed duet Enterprise Architecture descriptions, and supplemental information such as security information in graphical representation.
Download poster (http://go.microsoft.com/fwlink? Linkid = 205014 & clcid = 0x804 ).
View duet Enterprise Architecture posters online (this link may point to an English page) (http://go.microsoft.com/fwlink? Linkid = 208381 & clcid = 0x804) (this link may point to an English page). You can zoom in and zoom out the poster to view details.
For more information about duet enterprise advantages, see http://sharepoint.microsoft.com/en-us/product/related-technologies/pages/duet-enterprise-for-sap-and-sharepoint.aspx (which may point to English pages) (http://go.microsoft.com/fwlink? Linkid = 195937 & clcid = 0x804) (this link may point to an English page ).
How sap information is displayed on SharePoint Server and Microsoft Outlook 2010
You can use duet enterprise to use Microsoft SharePoint Server 2010 Enterprise Edition and Microsoft Office 2010 to access and interact with business processes and related information in SAP applications.
Some examples of tasks that can be executed by the user include:
- Revise the SAP data in the Sharepoint list and write the changes back to the SAP system.
- Update customer information or create a sales contact in Microsoft Outlook 2010.
- Displays sap information. content types other than this information are integrated into Sharepoint Server. They are integrated into Microsoft Outlook 2010 as contacts, tasks, calendars, and announcements.
SharePoint websites can use several standby options to display information in SAP applications:
- A set of specialized web components provided with duet Enterprise
- External list (related to sap information in SAP applications)
- Document Library
System Architects can use these components to design solutions, use the website templates described in the following table, or use these presets in combination.
When deploying duet enterprise, the SharePoint administrator can choose to perform any combination of the following operations in the Web application that enables duet enterprise:
- Create one or more reporting websites
- Create one or more workflow websites
- Create a duet enterprise website
- Add duet Enterprise Web parts to the SharePoint website
- Transfer sap hr data to the SharePoint configuration file
- Create an external list that displays SAP data in Sharepoint Server
SharePoint administrators can use duet enterprise to create one or more reporting websites for running sap reports on SharePoint websites. The report website provides a list of all SAP reports that can run on the SharePoint website. Note that duet enterprise websites include reporting websites by default, but you can create many custom reporting websites as needed.
SharePoint administrators can use duet enterprise to create one or more workflow websites for interacting with SAP workflows. A workflow website can receive workflow approval requests from an SAP Workflow running in an SAP environment and send these workflow requests to Microsoft Outlook. Users can approve requests from email objects or SharePoint task folders. The approval objects attached to duet enterprise provide rich context information to help users make decisions on the approval process. This article provides detailed information about workflows.
The duet enterprise website provided by duet enterprise in Sharepoint Server is a group of Websites created using website set templates. These websites contain lists, libraries, and specialized web components designed for viewing and managing SAP data. You can use the Sharepoint Server website as the main entry point for viewing and managing sap information in Sharepoint Server, or add dedicated web components provided by duet enterprise to other websites to build your own solutions, you can also use these two methods.
Duet enterprise can enhance the SharePoint my website by displaying sap personal data on the SharePoint my website configuration file page.
Expand duet Enterprise
In addition to the provided website templates and dedicated Web Components, you can also expand duet enterprise in multiple ways. For example:
- SAP NetWeaver ABAP developers can create new services, adjust existing services, and open custom logic in SAP NetWeaver.
- Business power users can create declarative solutions without coding, create external lists and document libraries, and design views and forms.
- Microsoft. NET developers can:
- Modify the solution created using Microsoft SharePoint designer 2010.
- Develop a new duet enterprise solution that provides custom user experience.
- You can create custom user experiences by integrating data in multiple ways, and create and edit constructor blocks (such as Web parts) to display sap information on a SharePoint website.
- Microsoft Silverlight developers can use duet enterprise to create a unique user experience on SAP data on a Sharepoint website.
Obtain sap information offline
Information workers can use Outlook 2010 or Microsoft SharePoint Workspace 2010 to obtain SAP data offline. You can use SAP data in outlook by creating external content types based on the Local Outlook data type, contact, task, calendar, and announcement in Sharepoint. By downloading external lists, SAP reports, and libraries that contain external data columns to SharePoint Workspace 2010, they can also use sap information offline.
Duet enterprise provides two groups of add-on components. The duet enterprise SharePoint add-on is installed on a server running Microsoft SharePoint Server 2010 Enterprise Edition. The basis for running duet enterprise SAP add-on is SAP NetWeaver 7.02 ABAP.
Content of this section:
- Duet enterprise components
- Components provided with duet enterprise.
- Support for heterogeneous systems
Duet enterprise components
Displays the Microsoft SharePoint Server 2010 component that serves as the basis for building duet enterprise. The SAP system components shown in the figure support duet enterprise.
Figure 1-duet enterprise-supported components
The following list describes the key components in the SharePoint System for duet Enterprise (1) and key components supporting duet enterprise in the SAP environment (1 ).
- The SharePoint workflow function supports interaction between SharePoint users and SAP workflows.
- The Enterprise Content Manager component is used to manage the lifecycle of documents (such as SAP reports.
- Duet enterprise uses the SharePoint Security token service to interact with the declarative Authentication provider provided by Sharepoint Server 2010 to authenticate user identities using the SAML token.
- Microsoft Business connectivity services provides connectors for communications between Microsoft SharePoint Server and the SAP environment and other functions for connecting and interacting with SAP information.
- The report module running on SAP NetWeaver or the SAP Business Information Warehouse can provide the report function on SAP data.
- The SAP workflow engine can run all SAP workflows.
- The SAP Enterprise Service is used to interact with SAP Business Suite and retrieve sap Information and content.
- The SAP shared master data and computing center management system tool is used to monitor SAP systems and SAP duet enterprise components. The "Monitoring and troubleshooting" section after this article describes these sap support tools.
Components provided with duet enterprise.
This section describes the components provided with duet enterprise.
Figure 2-supported components installed with duet Enterprise
The following list describes the components of the duet enterprise SharePoint add-on (2 ).
- The duet enterprise website template provides SharePoint users with an entry point for pre-configured duet enterprise experience. A duet enterprise website consists of a group of initial sub-websites, including "customers", "Products", "quotations", and a series of websites for collaboration between customers and other business data. These websites have been pre-configured to connect to the corresponding business objects in the SAP environment.
- SharePoint users can use the duet enterprise "workflow" function to participate in SAP workflows to perform expense report approval and other tasks.
- With duet enterprise's "report" function, you can directly query and view sap reports or SAP Enterprise Resource Planning in sap bw from Sharepoint Server.
- The business connectivity services solution designer feature is used to customize duet enterprise solutions.
- SharePoint users can collaborate to use sap information and objects through the duet enterprise "collaboration" function. This feature provides a set of templates for setting collaboration websites.
- The monitoring and support components provide troubleshooting support for Microsoft and SAP components.
- With the duet enterprise role and configuration file synchronization function, you can use the sap role and SAP configuration file in Sharepoint Server 2010.
The following list describes the components of the duet enterprise SAP add-on (2 ).
A. Business content contains a group of pre-packaged SAP Business Objects.
B. the duet enterprise "workflow" function allows SharePoint users to participate in SAP workflows.
C. Using duet enterprise's "report" function, Sharepoint users can retrieve the reports and Configuration Report directories in SAP, which will then be provided on the report website in Sharepoint Server.
D. The content publishing program is used to send sap content to SharePoint Server.
E. The object instance cache is used to cache specific duet enterprise data and information.
F. The transfer manager can send report requests from SAP NetWeaver to the corresponding SAP system.
G. The role provider enables Sharepoint Server 2010 to have a group of SAP roles that can be used to grant permissions on security objects in Sharepoint Server.
In an SAP environment, the duet enterprise SAP add-on provides the preceding services for SAP Business applications (such as SAP Business Suite) interoperability with end-user platforms (such as Microsoft Office client applications and SharePoint websites.
Note that duet enterprise does not need to install any content on the client computer by default. All interactions with client applications are managed by Sharepoint Server 2010.
Support for heterogeneous systems
Duet enterprise provides heterogeneous support for SAP systems. Displays general examples of SAP systems supported by duet enterprise.
Figure 3-heterogeneous system example
Figure 3 is described in the following list.
- SharePoint users can access websites running on SharePoint Server 2010.
- Duet enterprise SharePoint add-on and duet enterprise SAP add-on and Microsoft Business connectivity services support communication between Sharepoint Server 2010 and SAP NetWeaver 7.02. The business logic in the duet enterprise SAP add-on and duet enterprise SAP add-on installed on SAP NetWeaver can act as a mediation between Sharepoint Server 2010 and SAP systems.
- You can connect multiple SAP systems (such as BW and ERP) to a duet enterprise environment. Duet enterprise supports standard high availability (HA), load balancing, and scalability mechanisms for SAP NetWeaver and Sharepoint Server 2010.
- Duet enterprise supports different versions of SAP systems and step-by-step systems. This allows you to connect SAP NetWeaver to multiple SAP systems. For example, in the United States, you can use a human resources system running on sap erp 6.0, while in Europe, you can use a human resources system running on sap erp 2004. By using system ing, users in the U.S. can link to the U.S. system, while users in Europe can link to the EMEA system.
This section describes the preset functions provided by duet enterprise. SharePoint users can perform the following operations through these features:
- Run SAP report on SharePoint website
- Interact with SAP workflow on the SharePoint site and Outlook 2010
- Collaborate with and interact with sap information on a SharePoint website
- Obtain the permission to access the HR information in the SharePoint configuration file
SAP report in Sharepoint Server
Employees can use duet enterprise to retrieve sap reports from sap erp or SAP Business Intelligence Systems in SharePoint document libraries. Information workers can run SAP reports on the SharePoint website. Duet enterprise's "report" feature is implemented as a Sharepoint feature that can be enabled at the site set and site level. After this feature is enabled for a specific website set, the website owner can enable this feature for any website in the website set to create a report list on the website. Note that these reports are displayed on the duet enterprise website by default and are based on the report directories maintained in the SAP environment, however, Sharepoint users can modify the report settings to be modified or added to the report parameters.
You can schedule an SAP report or run it as needed. You can view the report in any supported file format. You can view the historical summary of the report and share the report with other SharePoint users. After a report is shared, you can subscribe to the report to receive email notifications when the report is running. When running a report, Sharepoint users can specify whether the report will be a personal report or a shared report. Shared reports are provided by the SAP system once and can be viewed by multiple users. The personal report can only be viewed by the person requesting the report. Note that the ability to subscribe to and display reports is subject to the required permissions in the SAP environment.
Like other SharePoint lists, you can filter and sort report lists. For example, you can filter by Category column to view only specific categories of reports (such as sales reports.
You can customize reports in duet enterprise in the following ways:
- Add the related report web part to various SharePoint websites. For example, you can add the "Employee Compliance Report" to the "fake review" workflow work item, the approver of the "fake review" workflow can run the employee compliance report in the workflow task form of the "fake review" workflow. For example, the Customer Service Manager approves or rejects the customer's return request, and then uses the related report Web component to generate other session or collaboration items in the report.
- Enable new reports from the duet Enterprise Report directory in the report center. For example, you can add the "stock overview" Report to the "important report list" on the duet Enterprise Report website.
- Enable the new SAP system report on SharePoint Server. For example, you can add a new business information warehouse (BW) Report in the "customer quotation" workspace named "General quotation information for the sales region ".
- Create one or more dedicated reporting websites in Sharepoint Server Based on the new SAP system report. For example, you can build a "Product Lifecycle Management Report" website to collect various reports from different aspects (such as project management, quality management, and income analysis.
Duet Enterprise Workflow
The SAP workflow runs in the SAP system, but duet enterprise enables the sap workflow approval steps to be displayed in the Sharepoint Server, so that the tasks requiring user interaction can be completed on the SharePoint site or Outlook 2010. You can use the Sharepoint Server 2010 workflow function to customize the sap workflow step for Sharepoint workflow import.
The SAP administrator uses the sap workflow builder to determine the existing workflow approval steps that will be displayed in Sharepoint Server, and create mappings to determine which fields will be displayed in Sharepoint Server 2010 for SAP workflows. After performing this operation on a specific sap workflow, if the sap workflow needs to interact with SharePoint users, you can configure the SharePoint workflow triggered by the sap workflow in a declarative manner on SharePoint Server.
SAP workflow can start a Sharepoint workflow and continues to perform the next step after the workflow is completed. User operations can be instantly synchronized with sap to provide tightly integrated workflows between SAP and SharePoint applications.
When interacting with a workflow, Sharepoint users (in this example, workflow approvers) can use relevant reports and links to help users make decisions. For example, before approving a customer discount, the approver can run a report to view the average sales volume of the customer or view the discount policies of the customer's organization. In addition, Sharepoint users can also use templates to create related collaboration websites that will support work project collaboration.
In addition to the workflows provided by duet Enterprise, you can also use the sap workflow builder to create custom sap workflows and Microsoft SharePoint designer 2010 to customize Tasks running in SharePoint environments.
Template and other construction Blocks
You can use the modules provided by duet enterprise and other construction blocks to access SAP data objects. In addition to creating one or more workflows and reporting websites described above, the website set administrator can also create a duet enterprise website in Sharepoint Server using the provided website set template. The website set template contains a hierarchy of websites, lists, libraries, and other types of Web components designed to view and manage SAP data.
SharePoint users can use these websites to perform the following activities: Collaborative use of SAP information, research of human resource information, and management of customer information.
The Sharepoint Server Farm administrator can use the website set template provided by duet enterprise to create a required number of website sets. Solution architects can choose to use the duet enterprise website to start building solutions for their organizations, and create their own solutions using Web components and other components provided by the duet enterprise website, or integrate these policies.
Monitoring and Troubleshooting
To easily operate duet Enterprise, you must perform end-to-end monitoring on components on servers running both sap and Sharepoint Server. This monitoring process is completed using SAP standard tools and Microsoft standard tools, as shown in.
Figure 4-standard tools used to monitor SharePoint and SAP Environments
The SAP administrator can use the sap Computing Center Management System (CCMs) to monitor important components on servers running both sap and SharePoint servers. CCMS provides administrators with email or text message notifications about duet enterprise problem components, and provides them with the option to develop a report monitoring plan. Drill down to the "service" Consumption layer node in CCMs so that the sap administrator can clearly identify the problem and determine the solution. The SAP administrator can also monitor system performance (as shown in figure) and view system configuration changes in the SAP solution manager diagnostic (SMD.
Figure 5-Monitor System Performance
SharePoint administrators can use Microsoft System Center Operations Manager 2010 (scom) to monitor client computers and servers running SharePoint servers. They can also maintain and execute runtime rules to view detailed Microsoft Operations monitor (MOM) Notification results. Because duet enterprise uses the Microsoft Business connectivity services connector, you can use the Microsoft Business connectivity services node in scom to monitor duet enterprise. For more information about scom, see Microsoft System Center Operations Manager (which may point to an English page) (http://go.microsoft.com/fwlink? Linkid = 187743 & clcid = 0x804) (this link may point to an English page.
Duet enterprise also provides tools to help administrators troubleshoot component problems that are critical to the running status of duet enterprise. For example, the SAP administrator can perform the following operations:
- Handle sap errors and faults in the ABAP environment.
- View the log message to determine the specific steps and solutions to the problem.
- Run the end-to-end trace and view the trace result in sap smd.
SharePoint administrators can use a unique ID to track specific problems in SharePoint trace logs, use the MMC console to solve deployment problems, and remotely view errors on client computers. They can also view the running status of components on the "running status" page on the Management Center website.
You cannot use A SharePoint user account to directly access information in SAP. To simultaneously provide authentication and authorization on Microsoft and SAP platforms, duet enterprise enables sap administrators to map Windows domain accounts of SharePoint Server users to sap user accounts. Duet enterprise also supports the use of SAP roles. The sap administrator maps these roles to sap users in the SAP environment.
Map SharePoint users to sap users so that SAP applications can verify SharePoint users by finding sap accounts mapped to specific SharePoint users. Duet enterprise can also use the sap role as a declarative security entity in Sharepoint Server. This allows SharePoint users and administrators to grant sap users access to these security objects by using the sap role to protect SharePoint security objects (such as websites, lists, and projects. The SAP role defines and manages the process of assigning roles to sap users in the SAP environment. Using the sap role to protect SharePoint objects saves management overhead for redefining these roles in Sharepoint Server.
After A SharePoint user is mapped to an SAP User, The Sharepoint Server Farm administrator can synchronize the user configuration file attributes in SAP to the SharePoint user configuration file storage. Duet enterprise supports custom business data connectivity service connections that Sharepoint Server Farm administrators can use for this synchronization process. This process fills in the custom attributes in the SharePoint user configuration file storage. Custom Attributes include a list of SAP roles for each SharePoint user mapped to an SAP User in an SAP environment. This synchronization process does not copy any content stored in the SharePoint user configuration file to the SAP environment. Because configuration file synchronization affects performance and resource consumption, and usually does not change the role allocation frequently, it is recommended that the Sharepoint Server Farm administrator re-Synchronize the configuration file only when necessary.
Ing SharePoint users to sap users and synchronizing user configuration files ensures secure communication between SharePoint and SAP environments, so that you can perform a Single login and understand and follow the existing SAP authorization settings.
Duet enterprise provides a function that allows users and administrators to grant access permissions to SharePoint Security Objects Based on SAP roles. Before providing this function, the Sharepoint Server Farm administrator activates the "declarative provider" function of duet enterprise at the field level to make the declarative provider available, the user attributes in the SAP application must be synchronized with the SharePoint user configuration file storage.
And the serial number list briefly summarizes the data streams and components of duet enterprise's "role and configuration file synchronization" function. SharePoint administrators can use these sap roles to protect SharePoint security objects.
Figure 6-using the sap role to protect objects in SharePoint
The following list describes how to add an SAP role to a Sharepoint Server Security object, as shown in figure 6.
- A SharePoint user or administrator opens a person selector to assign an SAP role to SharePoint security objects (such as websites, lists, and projects.
- The person selector uses duet enterprise to declare that the provider has accessed the list of SAP roles authorized for use in Sharepoint Server. Duet enterprise declares that the provider requests sap role definitions from the SAP application.
- The SAP application sends the sap role definition back to the duet enterprise declarative provider. The sap role definition is then displayed in the personnel selector.
- The SharePoint administrator selects the sap role to be used from the personnel selector and grants the sap role the appropriate permissions on the SharePoint security objects it protects.
And the serial number list briefly outlines the user authorization process.
Figure 7-user authorization process
The following list describes the authorization process for a user request to access a security object protected by the sap role in Sharepoint Server.
- The Sharepoint Server Farm administrator synchronizes the user profile in SAP with the SharePoint user profile storage through the business data connectivity service connector. This synchronization process stores the SAP User Account and the SAP role it maps to in the SharePoint user configuration file storage.
- SharePoint users or administrators log on to the SharePoint website and attempt to access the websites, lists, or projects protected by the sap role.
When a user logs on, the token issuing process expands the user's SAML Security token and Its sap role in the user configuration file storage. Sharepoint Server then references this token to authorize the user to access a project protected by the sap role.
- Sharepoint Server uses duet enterprise to declare that the provider accesses the user configuration file storage to determine the sap role assigned to a SharePoint user or administrator. Sharepoint Server then allows or denies SharePoint users from accessing the security object based on the roles assigned to users and the security object permissions granted to sap roles.
When a SharePoint user runs an SAP report from a Sharepoint website, the system submits the file containing the report to the SharePoint document library and uses one or more sap roles to protect the file. Because the sap role is used to protect files, rather than the user account of the SharePoint user who runs the report, therefore, Sharepoint Server must search for this sap role in the user configuration file storage for Sharepoint users who want to view the report.
Note that the sap administrator specifies which sap roles can be assigned to SharePoint security objects.
How to perform authentication in duet Enterprise
Although duet enterprise supports multiple authentication methods, only declarative authentication uses the sap role to protect Sharepoint Server objects. Therefore, we recommend that you use a declarative authentication method for Web applications that support duet enterprise.
This section briefly describes how to perform authentication in the duet enterprise environment.
Figure 8-duet Enterprise Authentication
The following describes the steps shown in figure 8. This figure assumes that a SharePoint user has attempted to access the sap information displayed on the Sharepoint Server.
- Send the SharePoint user identity to the Microsoft Business connectivity services windows Communication Foundation connector.
- The connector sends the SharePoint user identity to the SharePoint Security token service.
- SharePoint Security token service returns the token that identifies the SharePoint user.
- Then, send the token to SAP NetWeaver in the soap request package.
- During deployment, a trust relationship is created between SAP NetWeaver and Security token service. This enables SAP NetWeaver to use a token to find the sap users mapped to SharePoint users identified by this token.
- Return the SAP User Account mapped to a SharePoint user to SAP NetWeaver.
- SAP NetWeaver uses an SAP User Account to request access to information in the SAP system. If a user is authorized to access this information, the request information is sent to SAP NetWeaver.
- SAP NetWeaver sends the request information to the Microsoft Business connectivity services WCF connector as a soap response.
- The Microsoft Business connectivity services connector delivers this information to SharePoint users.
For more information about SharePoint Security token service, see configuring Security token service (Sharepoint Server 2010) (http://go.microsoft.com/fwlink? Linkid = 182064 & clcid = 0x804 ).