Overview of Duet Enterprise for SharePoint and SAP Server 2.0
Applies to: Duet Enterprise for Microsoft SharePoint and SAP Server 2.0
Summary: Learn how to plan for a deployment of Duet Enterprise 2.0, including the architecture, how SAP information is surfaced, monitoring, troubleshooting, and security.
Duet Enterprise for Microsoft SharePoint and SAP Server 2.0 is a jointly developed product from SAP and Microsoft that enables interoperability between SAP applications and SharePoint Server 2013 Enterprise Edition. Duet Enterprise 2.0 empowers employees to consume and extend SAP processes and information from within SharePoint Server 2013 and Outlook 2013. Information that is stored in SAP applications is not moved into SharePoint. Instead the information stays in the SAP applications and is surfaced in SharePoint. That is, based on an individual user’s permissions, the user can view and change information that is stored in an SAP application from within SharePoint sites.
This article helps SharePoint administrators, SAP administrators, and system architects understand Duet Enterprise 2.0 architecture, the ready-to-use capabilities in Duet Enterprise 2.0, and how SAP information is surfaced in SharePoint Server 2013 and Outlook 2013. A high-level overview of monitoring, troubleshooting, and authentication is also included.
In this article:
How SAP information is surfaced in SharePoint Server and Office 2013
Monitoring and troubleshooting
How SAP information is surfaced in SharePoint Server and Office 2013
Duet Enterprise 2.0 enables users to access and interact with business processes and information in SAP applications by using SharePoint Server 2013 Enterprise Edition and Outlook 2013.
Some examples of tasks that users can perform include the following:
Revise SAP data that is displayed in an external list and write these changes back to the SAP system.
Update information about a customer or create a new sales contact from within Outlook 2013.
Surface SAP information, which is integrated as external content types in SharePoint Server 2013, and in Outlook 2013 as contacts, tasks, calendars, and posts.
SharePoint sites can use several alternatives to surface information from SAP applications, including the following:
A set of specialized Web Parts that are provided with Duet Enterprise 2.0.
External lists (which are connected to SAP information in SAP applications).
System architects can use these components to design a solution or use a combination of these ready-to-use capabilities.
When deploying Duet Enterprise 2.0, SharePoint administrators can choose to do any combination of the following in a Duet Enterprise 2.0-enabled web application:
Enable the Reporting feature on one or more sites.
Enable the Workflow feature on one or more sites.
Add Duet Enterprise 2.0 Web Parts to any SharePoint site.
Bring SAP human resources (HR) data into the SharePoint user profile store.
Create external lists that surface SAP data in SharePoint Server 2013.
Duet Enterprise 2.0 enables SharePoint administrators to enable the Reporting feature on one or more SharePoint sites. This enables users to run SAP reports from within a SharePoint site. A site that has the Reporting feature enabled provides a list of all SAP reports that can be run from within the SharePoint site.
Duet Enterprise 2.0 enables SharePoint administrators to enable the Workflow feature on one or more SharePoint sites. This feature enables SharePoint users to interact with SAP workflows. Sites in which the Workflow feature has been enabled can receive workflow approval requests from SAP workflows that are running in the SAP environment and workflow requests can be sent to Outlook. Users can approve requests from the email object or the SharePoint tasks folder. The approval object provided with Duet Enterprise 2.0 provides rich contextual information to help users make decisions to complete the approval process. For more information about workflows, see Workflows in Duet Enterprise 2.0 later in this article.
Duet Enterprise 2.0 provides the ability to enhance SharePoint My Site websites, by surfacing SAP personal data on the SharePoint My Site profile page.
Developers can create an app for SharePoint that contains Duet Enterprise 2.0 Web Parts, SharePoint lists, and site templates. The SharePoint administrator must create a Business Data Connectivity (BDC) connection for the app for SharePoint to use and will be prompted to select that BDC connection when installing the app for SharePoint.
Extensibility of Duet Enterprise 2.0
In addition to the features and specialized Web Parts that are provided, Duet Enterprise 2.0 can be extended in many ways. For example:
SAP NetWeaver ABAP developers can create new services, adapt existing ones, and also develop custom logic on SAP NetWeaver.
Business expert users can create declarative solutions without writing code, create external lists and document libraries, and design views and forms.
Microsoft .NET developers can:
Modify solutions that were created by using Visual Studio 2012.
Develop new Duet Enterprise 2.0 solutions that provide a custom user experience.
Create a custom user experience by integrating data in different ways, and create and edit building blocks, such as Web Parts and BDC models, to surface SAP information in SharePoint sites.
Microsoft Silverlight developers can take advantage of Duet Enterprise 2.0 to create unique user experiences in SharePoint sites around SAP data.
Working with SAP data in Outlook 2013
Information workers can consume SAP data in Outlook 2013. They can consume SAP data in Outlook by creating external content types in SharePoint Server 2013 that are based on the native Outlook data types, contacts, tasks, calendars, and posts.
Developers can also create an app for Office and SharePoint to consume SAP data outside of SharePoint Server 2013.
Duet Enterprise 2.0 is installed on a SharePoint Server 2013 farm within the corporate intranet. By using Duet Enterprise 2.0, the SAP data is surfaced on websites on the SharePoint Server farm. Those who are familiar with the first version of Duet Enterprise will be familiar with this architecture.
The following figure shows a high-level view of a Duet Enterprise 2.0 deployment.
Figure: Duet Enterprise 2.0 on-premises deployment
Duet Enterprise 2.0 provides two sets of add-on components. The Duet Enterprise 2.0 SharePoint Add-on is installed on servers that run SharePoint Server 2013 Enterprise Edition. The Duet Enterprise 2.0 SAP Add-on runs on top of SAP NetWeaver ABAP 7.02 SP08 running the SAP NetWeaver Gateway 2.0 SP4 component. For more information about the SAP environment, see the SAP Master Guide on SAP Service Marketplace on the web. (Enter your user name and password. In the left-hand pane, click SAP Business Suite Applications, click Duet Enterprise, and then select Duet Enterprise 2.0.)
In this section:
Components that support Duet Enterprise 2.0
Components provided with Duet Enterprise 2.0
Heterogeneous system support
Components that support Duet Enterprise 2.0
The following figure shows the components of SharePoint Server 2013 on which Duet Enterprise 2.0 is built. The SAP system components that are shown support Duet Enterprise 2.0.
Figure: Components that support Duet Enterprise 2.0
The following list describes the key components on the SharePoint system (shown in the preceding figure). These are the key Duet Enterprise 2.0 components that are installed on SharePoint Server 2013 and the key components provided by the SAP environment that support Duet Enterprise 2.0.
SharePoint Workflow functionality supports interactions between SharePoint users and SAP workflows.
The Enterprise Content Manager component is used to manage the life cycle of documents, such as SAP reports.
Duet Enterprise 2.0 uses the Secure Store Service to interact with the claims-based authentication provider that is provided by SharePoint Server 2013 to authenticate users who use user certificates over OData connections.
Business Connectivity Services provides a connector for communication between SharePoint Server and the SAP environment together with other features that are used to connect to and interact with SAP information.
The Reporting modules that run on SAP Business Intelligence (BI) or SAP NetWeaver Gateway provide reporting functionality around SAP data.
The SAP NetWeaver Gateway Workflow module surfaces workflow tasks in Duet Enterprise 2.0.
Business Content is the representation of a set of prepackaged SAP NetWeaver Gateway objects.
SAP Enterprise Services and Business Events are used to interact with the SAP Business Suite and retrieve SAP information and content.
SAP Solution Manager and SAP Computing Center Management System (CCMS) are used to monitor SAP systems, Duet Enterprise 2.0 components in the SAP environment, and SharePoint Business Connectivity Services components in SharePoint Server 2013. SAP supportability tools are described in more detail in Monitoring and troubleshooting later in this article.
Components provided with Duet Enterprise 2.0
The following figure shows the components that are provided with the Duet Enterprise 2.0 SharePoint Add-on and the Duet Enterprise 2.0 SAP Add-on.
Figure: Components that are installed with the Duet Enterprise 2.0 Add-ons
The following list describes the components of the Duet Enterprise 2.0 SharePoint Add-on (shown in the preceding figure).
The Duet Enterprise Web Parts provided with Duet Enterprise 2.0 enable users to interact with SAP data, such as SAP workflows and SAP reports, within SharePoint sites.
The Duet Enterprise Workflow feature enables SharePoint users to participate in SAP workflows, for example, to approve an expense report.
The Duet Enterprise Reporting feature enables SAP reports from SAP BI or SAP Enterprise Resource Planning (ERP) to be retrieved directly from and viewed in SharePoint Server 2013.
Duet Enterprise Role Sync enables SAP roles and SAP profiles to be used in SharePoint Server 2013.
The Duet Enterprise Client component, provided with Duet Enterprise Client for Microsoft SharePoint and SAP 2.0, supports monitoring transactions to the client computers. This component must be installed on all client computers that will be used to access SAP data through Duet Enterprise 2.0 that you want to monitor.
The Monitoring & Supportability Components support troubleshooting of both Microsoft and SAP components.
The following list describes the components of the Duet Enterprise 2.0 SAP Add-on (shown in the preceding figure).
A. Duet Enterprise 2.0 Reporting enables SharePoint users to retrieve reports from SAP. Reporting also enables the configuration of report catalogs, which are then made available on a reporting site in SharePoint Server.
B. Duet Enterprise 2.0 Workflow enables SharePoint users to take relevant action on SAP workflows.
C. Content Formatter provides the capability by which SAP data is converted to a format that SharePoint understands.
D. Role Sync enables SAP roles and SAP profiles to be used in SharePoint Server 2013.
In the SAP environment, the Duet Enterprise 2.0 SAP Add-on provides the services, described in the preceding list, for enabling the interoperability between SAP business applications, such as the SAP Business Suite, and end-user platforms, such as Outlook 2013 and SharePoint sites.
Heterogeneous system support
Duet Enterprise 2.0 provides heterogeneous support of SAP systems. Typically, a Duet Enterprise 2.0 landscape will be of one of the following two types:
One SharePoint Server farm connected to multiple SAP systems.
Multiple SharePoint Server farms connected to a single SAP system.
The following figure shows a high-level example of an organization that has one SharePoint Server farm connected to multiple SAP systems.
Figure: Heterogeneous system with one SharePoint farm and multiple SAP systems
The preceding figure shows an organization that has multiple installations of SAP NetWeaver Gateway that are spread across different geographical locations. Each SAP NetWeaver Gateway is connected to one or more SAP back-end systems, such as SAP CRM, ERP, and BI.
The Duet Enterprise 2.0 SharePoint Add-on is installed on a SharePoint Server 2013 farm. Similarly, the Duet Enterprise 2.0 SAP Add-on is installed on each SAP NetWeaver Gateway. These add-ons enable SAP data to be surfaced in SharePoint. SAP NetWeaver Gateway enables the SharePoint and SAP systems to communicate over an OData connection.
The following figure shows a high-level example of an organization that has multiple SharePoint Server 2013 farms connected to a single SAP NetWeaver Gateway. Note that in this scenario, we recommend that you use separate OData connections for each SharePoint Server farm.
Figure: Heterogeneous system with multiple SharePoint farms and one SAP system
The preceding figure shows an organization that has multiple SharePoint Server farms that are spread across different geographical locations and each of them are connected to the same SAP NetWeaver Gateway. The SAP NetWeaver Gateway system in turn is connected to multiple SAP back-end systems. In this case, SAP ERP, BI, and CRM. Duet Enterprise 2.0 enables the exchange of data between the SAP back-end systems and SharePoint Server by using SAP NetWeaver Gateway.
For example, a SharePoint user in North America accesses a Duet Enterprise-enabled site. The add-on components of Duet Enterprise 2.0, described previously, enable communication between the SharePoint Server farm in North America and the SAP NetWeaver Gateway system, so that the information on the SAP back-end is surfaced in SharePoint.
This section describes the ready-to-use capabilities that are provided by Duet Enterprise 2.0. These capabilities include enabling SharePoint users to perform the following:
Run SAP reports within a SharePoint site.
Interact with SAP workflows from within SharePoint sites and Outlook 2013.
Collaborate on and interact with SAP information within SharePoint sites.
Get access to HR information in SharePoint profiles.
SAP reports in SharePoint Server
Duet Enterprise 2.0 enables employees to retrieve SAP reports (from SAP ERP SP22 or SAP Business Intelligence systems) in a SharePoint document library. SAP reports can be run by an information worker from within a SharePoint site. By running a report, we mean that a SharePoint user who has the required permissions in the SAP system can use the user interface provided by Duet Enterprise 2.0 to send a request to the SAP system to run a specific report. The SAP system runs the report and sends it to a document library in the SharePoint site.
Duet Enterprise 2.0 Reporting is implemented as a SharePoint feature and can be enabled at the site collection and site levels of web applications that have been enabled for Duet Enterprise 2.0. After this feature is enabled for a particular site collection, a site owner can enable the feature on any site in the site collection to create a list of reports on the site. The reports are based on a report catalog that is maintained in the SAP environment, but SharePoint users can modify the report settings to change or add to parameters of a report. Note that SAP administrators determine which reports are available for SharePoint users to run.
You can schedule an SAP report or run it on demand. Reports can be created in any file format that the SAP system supports. Users can view the historical summary of reports and reports can be shared with other SharePoint users. After a report is shared, users can subscribe to a report to receive notification in email messages when a report is run. When running a report, a SharePoint user can specify whether the report will be an individual report or shared. Individual reports can only be viewed by the person who requested the report. Shared reports are delivered at one time by the SAP system and can be viewed by multiple people.
The ability to subscribe to and run reports is subject to having the necessary level of permissions in the SAP environment.
As with other SharePoint lists, the Reports list can be filtered and sorted. For example, you can filter by the Category column to view only certain categories of reports, such as sales reports.
Customers can customize reporting in Duet Enterprise 2.0 in the following ways:
Add the Related Reports Web Part to various SharePoint sites. For example, you can add an “Employees Compliance Report” to the “Leave Approval” workflow work items, so that the approver of the Leave Approval workflow can run the Employees Compliance Report within the workflow task form of the Leave Approval workflow. Another example is a customer service manager who approves or rejects a customer return request and then uses the Related Reports Web Part to generate additional conversations or collaborations on the report.
Enable a new report from the Duet Enterprise 2.0 Reports Catalog in the Reports Center. For example, you can add “Stock Overview” reports to the “Material Reports List” in a reporting site.
Enable new SAP system reports in SharePoint Server. For example, you can add a new Business Intelligence (BI) report named “General Quotation Information at Sales Area” as part of the Customer Quotation workspace.
Create one or more dedicated reporting sites in SharePoint Server that are based on new SAP system reports. For example, you can build a “Product Life Cycle Management Report” site that collects lists of reports from different aspects, such as Project Management, Quality Management, Profitability Analysis, and so on.
Workflows in Duet Enterprise 2.0
SAP workflows run on the SAP system, but Duet Enterprise 2.0 enables SAP workflow approval steps to be surfaced through SharePoint Server. By doing so, the tasks, which require user interaction, can be completed on SharePoint sites or in Outlook 2013. SAP workflow steps that are imported into SharePoint as SharePoint workflows can be customized by using the SharePoint Server 2013 workflow capabilities.
An SAP administrator uses SAP Workflow Builder to create and configure SAP workflows for an intended business scenario. After that, an administrator must configure settings in the SAP back-end and SAP NetWeaver Gateway system. These settings enable workflow items to be received by the SharePoint Server environment. Steps that are modeled as either a User Decision step or an Activity Dialog step that require a SharePoint user to take action on the workflow can be targeted by using this approach. For more information about the configuration steps required on the SAP system, see the “Workflow Configuration” section of the SAP Configuration Guide on SAP Service Marketplace on the web. (Enter your user name and password. In the left-hand pane, click SAP Business Suite Applications, click Duet Enterprise, and then select Duet Enterprise 2.0.)
An SAP workflow that has been modeled by this approach can start a SharePoint workflow and wait for the SharePoint workflow to complete before continuing to the next step of the SAP workflow. The SharePoint user’s action is synchronized with SAP instantaneously. This provides tight integration of workflow processes across the SAP and SharePoint applications.
While interacting with a workflow, a SharePoint user, in this case the approver of the workflow, can use related reports and related links that will help the user make a decision. For example, before approving a discount for a customer, the approver can run an SAP report to see the average sales volume for this customer or open the discount policy of the organization. Another example is a manager who approves an employee’s leave request. The manager can review the employee’s leave history or any such background information that will lend the approver more context with regards to the actions that can be taken on the workflow.
In addition to the workflows provided with Duet Enterprise 2.0, you can use SAP Workflow Builder to create custom SAP workflows and you can use Visual Studio 2012 to customize the tasks that run in the SharePoint environment. You can also create additional rules and finely control how you want the solution to behave.
Monitoring and troubleshooting
End-to-end monitoring of components that are on servers that run both SAP and SharePoint Server is critical to the trouble-free operation of Duet Enterprise 2.0. This monitoring is done by using both SAP standard tools and Microsoft standard tools, as shown in the following figure.
Figure: Standard tools used to monitor SharePoint and SAP environments
SAP administrators can monitor critical components on servers that run both SAP and SharePoint Server by using SAP Computing Center Management System (CCMS). CCMS provides administrators with email alerts or SMS alerts for failed Duet Enterprise 2.0 components and provides administrators the option to schedule reports for monitoring purposes. Drilling down to the Service consumption layer node in CCMS enables SAP administrators to see exactly what failed and how to fix it. SAP administrators can also monitor system performance and view system configuration changes in SAP Solution Manager Diagnostics (SMD).
SharePoint administrators can use Microsoft System Center Operations Manager 2010 (SCOM) to monitor client computers and servers that run SharePoint Server. Note that monitoring client computers requires that Duet Enterprise Client 2.0 be installed on the client computers to be monitored. SharePoint administrators can also maintain and execute health rules, and view detailed results of Microsoft Operations Monitor (MoM) alerts. Because Duet Enterprise 2.0 uses a Business Connectivity Services connector, you can use the Business Connectivity Services node in SCOM to monitor Duet Enterprise 2.0. For more information about SCOM, see the Microsoft System Center 2012 Datacenter site.
Duet Enterprise 2.0 also provides the tools to help administrators troubleshoot components that are critical to the health of Duet Enterprise 2.0. For example, SAP administrators can perform the following:
Troubleshoot SAP errors and malfunctions from within the SAP ABAP environment.
Browse through the log messages, identify the exact step that failed, and determine how the problem can be fixed.
Run end-to-end tracing and see the trace results in SAP SMD.
SharePoint administrators can use a unique ID, which is known as a correlation ID, to trace a specific problem in SharePoint trace logs, use the Microsoft Management Console to troubleshoot deployment issues, and remotely view errors on client computers. They can also use the Health Status pages in the SharePoint Central Administration website to view the health of SharePoint components.
SharePoint user accounts cannot be used to directly access information in SAP. To provide authentication and authorization across both the Microsoft and SAP platforms, Duet Enterprise 2.0 provides a single sign-on experience for users. At a very high level, the end-to-end authentication process looks as follows:
A user logs on to SharePoint by using the user’s SharePoint identity. The SharePoint identity is associated with credentials that are typically stored in Active Directory Domain Services (AD DS), also known as Windows credentials.
The SAP environment cannot authenticate a SharePoint user by using Windows credentials. Instead, a Duet Enterprise component installed on the SharePoint Server farm swaps the Windows credentials of the user with a client certificate that SAP NetWeaver can use to authenticate the user.
Information in an SAP environment cannot be secured by using Windows credentials. SAP helps secure information in the SAP system by using SAP user accounts. When deploying Duet Enterprise 2.0, an SAP administrator creates a user mapping table in the SAP environment. This table maps each user’s Windows account to a corresponding SAP user account that identifies that particular user.
The SAP system verifies whether the SAP user (that corresponds to the client certificate) has access to the information being requested, and if so, sends the information to SharePoint.
For a more detailed description of this authentication process, see Security Overview for Duet Enterprise 2.0.
SAP environments can map SAP user accounts to SAP roles. If you are familiar with SharePoint groups, this is a similar concept. For example, the SAP user accounts of all the managers in an organization might be added to the SAP Sales Managers group and this group is used to grant access to information that only sales managers are authorized to view.
Duet Enterprise 2.0 enables the system to use SAP roles as claims-based security principals in SharePoint Server. This enables SharePoint users and administrators to grant SAP users access to SharePoint securable objects, such as sites, lists, and items, by using SAP roles to help secure those securable objects. SAP roles are defined and the SAP user-to-role assignment is managed in the SAP environment. The ability to use SAP roles to help secure SharePoint objects saves the administrative overhead of redefining those same roles in SharePoint Server.
After the SharePoint users are mapped to SAP users, a SharePoint farm administrator can synchronize the user profile properties from SAP with the SharePoint user profile store. Duet Enterprise 2.0 enables a custom Business Data Connectivity service connection that SharePoint farm administrators can use for this synchronization process. The process populates a custom property in the SharePoint user profile store. The custom property contains a list of SAP roles for each SharePoint user who has been mapped to an SAP user in the SAP environment. This synchronization does not copy anything from the SharePoint user profile store to the SAP environment. Because profile synchronization is costly in terms of performance and resources, and because role assignments do not typically change frequently, we recommend that SharePoint farm administrators resynchronize the profiles only when needed.
The ability to map SharePoint users to SAP users and synchronize user profiles provides the benefits of ensuring secure communications across the SharePoint and SAP environments, enables single sign-on, and facilitates awareness and compliance with existing SAP authorization settings.