Public
Craig Haworth / SAP CEG
John Polus / SAP CEG
MOB202 – Architecting and Integrating Mobility
into Your IT Landscape
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 2 Public
Disclaimer
This presentation outlines our general product direction and should not be relied on in making a
purchase decision. This presentation is not subject to your license agreement or any other agreement
with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or to
develop or release any functionality mentioned in this presentation. This presentation and SAP's
strategy and possible future developments are subject to change and may be changed by SAP at any
time for any reason without notice. This document is provided without a warranty of any kind, either
express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in this
document, except if such damages were caused by SAP intentionally or grossly negligent.
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 3 Public
SMP 3
Design, Develop, Run
App
Services
Platform
Services
Back-end
Agnostic
Lifecycle
Management
Analytics and
Reporting
Layered Protection
of the Enterprise
OData Offline
Service
HCPms App
Services
Platform
Services
Back-end
Agnostic
Lifecycle
Management
Analytics and
Reporting
Layered Protection
of the Enterprise
OData Offline
Service
SMP Mobile SDK
Kapsel App
SMP SDK
OData SDK App
SMP SDK
REST API
MOB 101
MOB 160
MOB 262
MOB 204
MOB 205
MOB 102
SAP Mobile Secure
SAP Mobile
Documents
SAP App
Protection by
Mocana
SAP Afaria
SAP Mobile
Place
MOB 260
MOB 201
MOB 260 MOB 201
MOB 202
MOB 103
MOB 200
MOB 206
MOB 207 MOB 263
MOB 208
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 4 Public
Agenda
Afaria
SAP Mobile Platform 3.0
SAP Gateway
Putting It All Together
Other Options
Afaria
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 6 Public
What is Afaria?
Afaria is an enterprise tool for securing and managing
corporate-owned and personally owned user devices with
your enterprise policies.
Afaria mobile device and application management solution
allows administrators to centrally manage, secure, and
deploy mobile data, applications, and devices
Devices include phone and computing devices, such as
smartphones, tablets, and desktop or laptop computers.
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 7 Public
Our simple yet comprehensive solution
MDM
Device Security App Provisioning &
Management Usage Analytics
BYOD
Help Desk Device Configuration Integration with App
Middleware Platforms
Asset Tracking Afaria
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 8 Public
Afaria System Components
Afaria uses a distributed architecture that
provides complete functionality and
enterprise-grade security while managing
mobile devices and computers.
The architecture uses the enterprise network
behind your firewall for components that
require the highest security, uses the DMZ for
proxy components, and uses public entities in
the Internet for publicly available services,
such as commercial application markets.
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 9 Public
Afaria Architecture – Simple On Premise
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 10 Public
Afaria Server Requirements
Component Requirements
Operating system Windows Server 2008 R2 Datacenter edition (64-bit)
Windows Server 2008 R2 Enterprise edition (64-bit)
Windows Server 2008 R2 Standard edition (64-bit)
Processor Minimum: 1.4 GHz (x64 processor)
Recommended: 2 GHz or faster
Memory 1.5 GB
Storage 20 GB
Additional storage is required for user data
Directory and authentication Microsoft Active Directory
Windows NTLM
Novell eDirectory via LDAP v3
Netscape Directory Server via LDAP v3
Client communication SSL protocol v3 using x.509 certificate signed by a trusted or custom signed certificate authority
HTTP with T-Mobile
Additional requirements Installation path and virtual directory must contain ASCII characters only
Microsoft Visual C++ Runtime
• 2012 x64
• 2012 x86
Internet Information Services (IIS) for Windows Server 7.5
Windows Installer 3.1
Microsoft .NET Framework Runtime 4.5
Microsoft XML Core Services 6.0
SAP Mobile Platform 3.0
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 12 Public
Mobile leader for over 20 years
Sybase Unwired Platform
Complex Business Applications
Syclo Agentry
Access to your data
SAP NetWeaver
Gateway
Robust Consumer Applications
Sybase Mobiliser
SAP Mobile “Best of Breed” Platforms
Utilities
Field Service
Contractors
Non-SAP
Cloud
Business
Customer
Retail Convergence of Three Leaders: SAP, Sybase, Syclo In
addition added Integration Gateway
SAP NetWeaver
Gateway
SAP Mobile
Platform
3.0
SAP Mobile Platform 3.0
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 13 Public
SMP Server Services to Build Applications
Lean Java Server (LJS)
E2E trace
Onboarding
Authentication/SSO
Lifecycle management
Usage reporting
Performance metrics
Core Services
Coupons
Payments
Geo-location
SMS services
Push
Sync/offline
Customer- and partner-developed
App Services
Value Add to Developer Value Add to Administrator
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 14 Public
Development Environment
Typical Use Cases
Individual development environment
Landscape Description
Single-server environment
No special backup infrastructure
Reverse proxy in DMZ if you require
external access
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 15 Public
Shared Development Environment
Typical Use Cases
Enterprise productivity tools
QA, prototype, proof-of-concept, or pilot
environments
Shared or complex development
environments
Deprecated, offline business applications
that are retained for historical purposes
Landscape Description
Single-server environment
On-demand offline full backup, based on
RPO target
No disaster recovery environment
Manual recovery process
Reverse proxy in DMZ
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 16 Public
Production Environment
Typical Use Cases
Mission-critical enterprise applications
Customer-facing systems
Landscape Description
Clustered environment
Redundancy in all tiers; no single point
of failure
Online full backup
Online incremental backup
Online synchronous mirroring
Client database backup
Frequent database snapshots
Rolling maintenance
Active system health monitoring
Reverse proxy in DMZ
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 17 Public
Clustering
Clustering SAP Mobile Platform Servers provides high availability and failover to ensure that users have
constant access to SAP Mobile Platform Server services. It also enables horizontal scaling, since you
can add an unlimited number of nodes and use a load balancer to share the client session workload.
In an SAP Mobile Platform Server cluster, there is no distinction between primary and secondary
servers: all nodes are peers and run independently, coordinating through the shared database. Updates
performed in Management Cockpit on any of the nodes in the cluster are saved to the database and
automatically replicate to the other nodes in the cluster. There are currently some exceptions .
You must perform any tasks that require updating files directly in the file system on each node in the
cluster, such as server configuration changes that update the props.ini file or changes to the keystore
password that update the smp_keystore.jks file.
Updates to Agentry configuration files that are edited outside Management Cockpit and published to the
server are not automatically synchronized across the cluster. You must restart each server node for
these changes to take effect.
SMP 3.0 SP4 HA Overview
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 18 Public
Fault-Tolerant SMP 3.0 System
Environment Notes • Clustered environment
• Redundancy in all tiers; no single point of failure
• Environment replica in separate disaster
recovery environment
• Online full backup
• Online incremental backup
• Online synchronous mirroring
• Client database backup
• Frequent database snapshots
• Rolling maintenance
• Active system health monitoring
• Reverse proxy in DMZ if you require external
access
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 19 Public
SMP 3.0 Installation Options
Installation Type Description
Developer installation Installs SAP Mobile Platform Server components with default settings,
using embedded Derby database. No additional installation options can
be specified.
Note: For a developer installation that uses ASE, DB2, or Oracle as the
database, select the Production installation, Standard option, then accept
the defaults for everything except the database.
Production installation Allows you to specify various settings for your SAP Mobile Platform
Server installation, including which database system you are going to be
using
MBO Runtime installation Installs MBO Runtime supports deployment and management of mobile
business object-based applications
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 20 Public
SAP MBO Runtime 3.0
MBO Runtime 3.0 supports deployment and management of mobile business object-based
applications on SAP Mobile Platform 3.0. Mobile business objects (MBOs) define the data model
used by:
Native Object API application
Hybrid apps based on HTML5 / JavaScript
Install MBO Runtime Server and use the SAP Control Center installed with it to administer these
types of applications. This is not the Admin Cockpit used to Administrate the SMP 3.0 system
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 21 Public
What is Integration Gateway?
Integration Gateway is a reusable technology
component based on SAP Lean Java Server.
Seamless integration of data from SAP and
non-SAP systems.
Design-time tools for modeling and defining new
OData services based on different APIs and systems.
Runtime environment for:
- Running the provisioned OData services against the
associated backend systems
- Performing monitoring and other administrative tasks.
Target API
Source APIs
Integration Gateway
OData
ODC SOAP JPA JDBC
Non-SAP
DT RT
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 22 Public
Integration Gateway in SMP 3.0
SAP Business Suite
CRM SRM SCM PLM ERP …
SAP Mobile Platform 3.0
OData
Generic REST/OData* JPA SOAP JDBC ODC via HTTP
Client / Frontend / App
SAP Mobile Platform
Backend Systems
Browser based app-
lications (UI5, Fiori) Enterprise
software Cloud Social Mobile
devices
OData Proxy
ODC via RFC
OData
OData
SAP Gateway Server
OData
*planned
SAP Gateway and Integration Gateway in SMP 3.0
SAP Gateway
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 24 Public
What SAP Gateway is and is not!
SAP Gateway…
Is the point of access into SAP Business Suite data and functionality
Uses a non-proprietary interface based on the Open Data Protocol (OData)
Services can be consumed by any channel that can process XML received over an HTTP(S) connection
SAP Gateway is not…
The SAP Gateway process in the NetWeaver Application Server ABAP that enables external communication
(E.G. RFC)
A mobile infrastructure. (For this we have SUP)
A replacement for SAP NetWeaver PI and eSOA Services
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 25 Public
Minimum Hardware Requirements for SAP Gateway NW Application
Server ABAP
Processor Dual Core (2 logical CPUs) or higher, 2 GHz
Memory (RAM) 8 GB
HDisk Capacity 80 GB primary
NW Application Server
Architecture
Support for:
Major Operating Systems
Databases for all leading DB Vendors
Many Protocols
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 26 Public
SAP Backend SAP NetWeaver Gateway
System Landscape Overview An overview of the server components required
SAP NetWeaver 7.02 SP07
or later
Client Runtime
Gateway Design-
time Plug-in
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 27 Public
Deployment Option 1 Central Hub
Gateway Server
Components deployed on a central
Server
Gateway Backend(s)
Components are deployed on
backend systems
Requirement
Backend must be based on NW 7.00
SP18
SAP ERP
ECC Server
SAP ERP Content
Backend
Enablement
SAP CRM
CRM Server
SAP CRM Content
Backend
Enablement
SAP BI
BI Server
SAP BI Content
Backend
Enablement
Consumers
Gateway Hub
GW Server Add Ons
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 28 Public
Deployment Options 2 Embedded Deployment
Gateway Server
Components deployed on backend
systems
Gateway Backend(s)
Components are deployed on
backend systems
Requirement
Backend must be based on NW 7.02
SP7 (e.g. CRM 7 or ECC 6.05)
SAP ERP
ECC Server
GW Server AddOns
SAP ERP Content
Backend
Enablement
SAP CRM
CRM Server
GW Server AddOns
SAP CRM Content
Backend
Enablement
SAP BI
BI Server
GW Server AddOns
SAP BI Content
Backend
Enablement
Consumers
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 29 Public
Basic NW App Server Landscape
Putting it all together
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 31 Public
Go from a possible on premise mobility landscape like this…
HA NW Gateway Hub
Afaria Slaves
Afaria Master Afaria DB
Reverse Proxy Device
DMZ Internet Intranet Backend
Systems
ERP
CRM
Legacy
Analytics
SUP HA Data Tier
SUP Server Cluster
HA NW Mobile DOE HA Syclo Agentry
HA Mobiliser
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 32 Public
… To This On Premise Landscape
Afaria Slaves
Afaria Master Afaria DB
Reverse Proxy Device
DMZ Internet Intranet
SMP 3.0 HA Server Tier
SMP 3.0 HA DB
Backend
Systems
ERP
CRM
Legacy
Analytics
Other Options
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 34 Public
… Or how about this Landscape!!!
Internet Intranet
SMP Hana Cloud
Connector
Internet
SAP
Internet
SAP
Mobile
Secure
and
Platform
on HEC SSL Tunnel
Backend
Systems
ERP
CRM
Legacy
Analytics
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 35 Public
SAP HANA Cloud Platform Mobile Services Overview
SAP HANA App Services SAP HANA DB Services
SAP HANA Cloud Platform
Mobile Services
on
-pre
mis
e
on
-de
ma
nd
in
tern
et
SAP HANA 3rd Party Backend SAP Business Suite
3rd Party
Backend
SAP Mobile SDK
Mobile
Places
SAP Apps Custom Apps Partner Apps
SAP HANA Cloud Platform Connectivity
Service
3rd Party SDK
Afaria
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 36 Public
SAP HANA Cloud Platform Mobile Services Summary
KEY FEATURES
Deploy & Manage oData-
based applications
Notify users using native
Push features
Report & Analyze usage of
applications, devices, users,
etc.
Access on-premise or other
cloud-based services
Reuse on-premise SAP
Mobile SDK
BUSINESS VALUE
Rapid Adoption
One-Day Deployment
Subscription Pricing
Minimize disruption and/or
operational/upgrade cost due
to rapid innovation in mobile
TARGET ROLES
Administrators who chooses
to deploy mobile applications
without major investments
and/or own infrastructure, and
thus reducing operational
costs
Developers who needs to
build a solution to be
deployed quickly, and
subsequently have updated
apps be pushed out quickly
Users will never interact with
the system directly
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 37 Public
Introducing SAP Mobile Secure 2.0
Analysis – Compliance – Remediation – Reporting
Secure Mobile
Gateway Mobile Content
Management
Application
Wrapping
Mobile App
Reputation
Network Access
Control Mobile Application
Management
Data Loss
Prevention
In the SAP HANA
Enterprise Cloud
Complete Enterprise Integration
Data & Application Network & Connectivity
Mobile Device
Management
Operating System
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 38 Public
SAP Mobile Secure What’s new
• Upcoming launch of SAP Mobile Secure 2.0, including new mobile app
management capabilities
• Launching in the HANA Enterprise Cloud
• “SAP Afaria, cloud edition” rebranded as “SAP Mobile Secure, cloud edition”
adding new app management capabilities
• Global availability
• Unified trial for SAP Afaria and SAP Mobile App Protection; SAP Mobile
Documents trials are available via PM team
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 39 Public
A simplified destination: sapmobileplace.com
sapmobileplace.com Manage | Secure | Publish
Enhanced user experience makes it
easy for to enroll and consume mobile
apps easily
Broaden support for managed and
unmanaged users securely
Single solution to manage, secure and
publish mobile apps to employees,
business partners and consumers
Employees
Business
Partners
Consumers
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 40 Public
SAP d-code Virtual Hands-on Workshops and SAP d-code Online Continue your SAP d-code education after the event!
SAP d-code Online
Access replays of keynotes, Demo Jam, SAP d-code
live interviews, select lecture sessions, and more!
Hands-on replays
http://sapdcode.com/online
SAP d-code Virtual Hands-on Workshops
Access hands-on workshops post-event
Starting January 2015
Complementary with your SAP d-code registration
http://sapdcodehandson.sap.com
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 41 Public
Further Information
SAP Education and Certification Opportunities
scn.sap.com/community/developer-center/mobility-platform
Watch SAP d-code Online
www.sapcode.com/online
SAP Public Web
scn.sap.com/community/mobile
sapmobilesecure.com
sapmobile-platform.com
sap.com/augmented-reality
42 © 2014 SAP SE or an SAP affiliate company. All rights reserved.
Feedback Please complete your session evaluation for
MOB202
Thanks for attending this d-code session.
Extra Materials
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 44 Public
Integration Gateway – design-time tools
Eclipse-based OData modeling and service
implementation
Interactive UI facilitates OData modeling with ease
OData service implementation allows attributes to be
mapped between source and target for both request
and response messages.
Deployment of OData service
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 45 Public
Integration Gateway – runtime tools
Gateway Management Cockpit
enables you to:
Accessible at
https://<SMP Server>:<port>/gateway/cockpit
Configure backend destinations
Register, activate, and deactivate
OData services
Assign destinations to provisioned
services
Access the OData service documents
and the server log files
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 46 Public
Enterprise Mobility Management Security Features
Content
File access, file sharing, file sync, and time-
sensitive file distribution
Password lock, remote wipe, encryption, data
loss prevention, and certifications
Lightweight directory access protocol (LDAP)
and Microsoft Active Directory integration
Communications
Billing cost management
Wi-Fi connectivity management
Mobile VPN security
Systems management
Network access management
Applications
Granular app-level security including per-app VPN
Federal Information Processing Standard, or FIPS,
publication 140-2 compliance
Encryption of data at rest and data in motion
Application discovery and private app store
Secure software updates for applications
Devices
Remote wipe
Password enforcement
Over-the-air software distribution
Wi-Fi settings and virtual private network (VPN) settings
Certificate management
Asset management
Auditing and compliance monitoring
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 47 Public
Best Practices for Enterprise Mobile Security
Plan for end-to-end security rather than point solutions
Defend the enterprise at all entry and exit points: devices, apps, content, and communications
Provide IT with the control it needs and users with the mobile access they want
Rely on flexible security solutions that support on-premise, cloud, and hybrid solutions
Be prepared for mobile initiatives to expand by choosing scalable solutions that support additional
apps, back-end systems, users, and mobile devices
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 48 Public
It is time to rethink mobile security
Change is afoot
The changing device landscape, buying patterns, and
expansion of use cases is driving a change in security
A collection of technologies are emerging to address
security across the app, OS, and network levels
Securing at the device-level isn’t enough
A security strategy must address multiple
layers
Shift from managing the device to managing the data
Ensure that security is device-agnostic
Prepare for a future that is risk-based
01011101110
111010101011001
01101101
© 2014 SAP SE or an SAP affiliate company. All rights reserved. 49 Public
© 2014 SAP SE oder ein SAP-Konzernunternehmen.
Alle Rechte vorbehalten.
Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche
Genehmigung durch SAP SE oder ein SAP-Konzernunternehmen nicht gestattet.
SAP und andere in diesem Dokument erwähnte Produkte und Dienstleistungen von SAP sowie die dazugehörigen Logos sind Marken oder eingetragene Marken der
SAP SE (oder von einem SAP-Konzernunternehmen) in Deutschland und verschiedenen anderen Ländern weltweit.
Weitere Hinweise und Informationen zum Markenrecht finden Sie unter http://global.sap.com/corporate-de/legal/copyright/index.epx.
Die von SAP SE oder deren Vertriebsfirmen angebotenen Softwareprodukte können Softwarekomponenten auch anderer Softwarehersteller enthalten.
Produkte können länderspezifische Unterschiede aufweisen.
Die vorliegenden Unterlagen werden von der SAP SE oder einem SAP-Konzernunternehmen bereitgestellt und dienen ausschließlich zu Informations-zwecken.
Die SAP SE oder ihre Konzernunternehmen übernehmen keinerlei Haftung oder Gewährleistung für Fehler oder Unvollständigkeiten in dieser Publikation.
Die SAP SE oder ein SAP-Konzernunternehmen steht lediglich für Produkte und Dienstleistungen nach der Maßgabe ein, die in der Vereinbarung über die jeweiligen
Produkte und Dienstleistungen ausdrücklich geregelt ist. Keine der hierin enthaltenen Informationen ist als zusätzliche Garantie zu interpretieren.
Insbesondere sind die SAP SE oder ihre Konzernunternehmen in keiner Weise verpflichtet, in dieser Publikation oder einer zugehörigen Präsentation dargestellte
Geschäftsabläufe zu verfolgen oder hierin wiedergegebene Funktionen zu entwickeln oder zu veröffentlichen. Diese Publikation oder eine zugehörige Präsentation, die
Strategie und etwaige künftige Entwicklungen, Produkte und/oder Plattformen der SAP SE oder ihrer Konzernunternehmen können von der SAP SE oder ihren
Konzernunternehmen jederzeit und ohne Angabe von Gründen unangekündigt geändert werden.
Die in dieser Publikation enthaltenen Informationen stellen keine Zusage, kein Versprechen und keine rechtliche Verpflichtung zur Lieferung von Material, Code oder
Funktionen dar. Sämtliche vorausschauenden Aussagen unterliegen unterschiedlichen Risiken und Unsicherheiten, durch die die tatsächlichen Ergebnisse von den
Erwartungen abweichen können. Die vorausschauenden Aussagen geben die Sicht zu dem Zeitpunkt wieder, zu dem sie getätigt wurden. Dem Leser wird empfohlen,
diesen Aussagen kein übertriebenes Vertrauen zu schenken und sich bei Kaufentscheidungen nicht auf sie zu stützen.