Installing the Signavio SAP Solution Manager 7.1. Connector

The SAP Solution Manager is the central tool for introducing and running SAP applications.

Through integrating the SAP Solution Manager with Signavio, you gain an intuitive business process oriented view on your SAP application landscape.

License and software requirements

  • A SaaS or ON-PREMISE installation of Signavio Process Manager
  • The Signavio license must be enabled for the Signavio SAP Solution Manager Connector integration
  • SAP Solution Manager 7.1 SP10 or a higher support package
  • Operating System: Windows Server 2008/2012 64 bit or Debian stable 64 bit (or a similar Linux distribution

Hardware requirements of the Signavio SAP Solution Manager 7.1 Connector

  • 64-bit processor architecture (AMD64/x64/x86_64)
  • 1 CPU core
  • 1GB RAM
  • 1GB of free hard disk space

We recommend you to install the Signavio SAP Solution Manager 7.1. Connector on the same server/virtual machine as the SAP Solution Manager 7.1.

Network/firewall/proxy requirements

The connector must perform outgoing calls to https://editor.signavio.com, https://app-us.signavio.com or https://app-au.signavio.com to the server/virtual machine, on which your on premise installation of Signavio Process Manager is deployed. The network port 443 (default port for HTTPS connections) is used.

System landscape overview

../../_images/solmanconnectorlandscape_en.png

The Signavio connector for SAP Solution Manager is installed in your data center. We recommend to install it on the same machine as the Solution Manager. The connector establishes a secure connection to the Signavio back end system. As the connector establishes an HTTPS polling connection, your firewall is only required to allow outgoing traffic.

Hint

It is possible to connect multiple SAP Solution Manager instances to one Signavio workspace. Then, you need to setup a connector for each of these instances.

Configuring SAP Solution Manager for Signavio

Now, the SAP Solution Manager needs to be configured for the integration with Signavio.

  • Check of Solution Manager’s version. Signavio supports the SAP Solution Manager version 7.1 SP 10 and later. For SP 10 and SP 11, you need to apply the following SAP Note:

    1984144 - BSI-Service-Interface update: http://service.sap.com/sap/support/notes/1984144

  • The Signavio SAP Solution Manager 7.1 Connector uses the BSI Enterprise Services (SOAP web service) to communicate with the SAP Solution Manager. This web service has to be enabled and configured before the connector can work properly:

    • Log into your SAP GUI and start transaction se80.
    • Search for the package BSI_SERVICE_API:
    ABAP Development Workbench / BSI Service API

    ABAP Development Workbench / BSI Service API

    • Open the enterprise service BSIPROJECTDIRECTROYINTERFACE.
    • Start the SOAMANAGER from the upper tool bar:
    Start the "SOAMANAGER".

    Start the “SOAMANAGER”.

    • Create a new service binding in SOAMANAGER:

    Go to to the configurations tab and click create. Confirm the action through clicking Apply Settings:

    Create a new service binding.

    Create a new service binding.

    Choose HTTP basic authentication to secure the connection between the SAP Solution Manager and the Signavio connector:

    Select "User ID/Password" under "Transport Channel Authentication".

    Select “User ID/Password” under “Transport Channel Authentication”.

    • Open the tab Transportation Settings and find the URL of the service binding. Please store the URL for later usage when configuring the connector.

Configure the communication user’s access rights in SAP Solution Manager

This section describes how to create a communications user for SAP Solution Manager.

The Signavio SolMan Connector requires an user account on the SAP Solution Manager system to communicate and leverage the BSI SOAP web services.

This users account should meet the following requirements:

  • Communication data user only

    This user account should not have the rights to log into a SAP GUI session.

  • Sufficient access rights to read and modify business blueprint projects and the attached content

  • Limited access rights to certain blueprint projects that should be excluded from the integration with Signavio

The next steps are to create a special role that can be used by the service user used by the Signavio SAP Solution Manager Connector. Aligned with that role there is a new authorization profile created to define the access rights of the connector. The access rights of the connector’s user should be limited to the blueprint projects that are actually considered for the integration with Signavio.

The following authorization objects are required:

  • S_PROJECT
  • S_SERVICE
  • AI_SA_TAB
  • S_IWB

The required authorization objects can be traced with transaction code ST01.

Open transaction Role Management PFCG:

Open transaction Role Management "PFCG".

Open transaction Role Management “PFCG”.

Create a new single role e.g. ZSIGNAVIOCONNECTOR. Then click Single Role:

Create a new role.

Create a new role.

On the next screen enter a profile name in the Authorizations tab or click Generate a profile name:

Generate a profile name.

Generate a profile name.

Afterwards, click Change Authorization Data:

Change authorization data.

Change authorization data.

Click the button Manually in the tool bar.

A pop-up dialog will be opened. There, add S_PROJECT and S_SERVICE:

Adjust authorizations.

Adjust authorizations.

The item Check at Start of External Services needs full permissions. A click next to the yellow triangle will set it * (full authorization):

Grant full authorization.

Grant full authorization.

Confirm the action:

Confirm the action.

Confirm the action.

The section Project Management: Project authorization provides the possibility to define which blueprint projects should be accessible by the account used by the Signavio SAP Solution Manager Connector.

It is possible to define read, write and delete permission separately. This is, for example, relevant when there is an existing blueprint project in SAP Solution Manager that should be accessible via Signavio, but is not supposed to be changed by the business departments.

To grant full permission, click the yellow * button:

Grant full permission.

Grant full permission.

Alternatively, use the edit icon to define detailed access control for specific projects:

Use the edit icon to define detailed access control for specific projects.

Use the edit icon to define detailed access control for specific projects.

Now, you can define permissions in detail:

Configure permissions in detail.

Configure permissions in detail.

The object AI_SA_TAB is used to limit the access to certain tabs of the Solution Manager business blueprints.

STRUCT, TRANSACT, SAPDOCU and CUSTDOCU should be activated:

../../_images/solmanb13_en.png

The S_IWB authorization object is used to access the knowledge warehouse used by SAP Solution Manager to store and access documents. Signavio is using the knowledge warehouse to store the link to a Signavio diagram related to a structure element (e.g. business process) in a SAP Solution Manager blueprint. This authorization object is also required to upload documents from Signavio to SAP Solution Manager.

../../_images/solman13b_en.png

Before this profile can be used by any role it has to be activated by clicking the red/white circle button Generate profile:

Click "Generate profile".

Click “Generate profile”.

Use the transaction SU01 to create a communication data user using the role ZSIGNAVIOCONNECTOR:

Create a communication data user.

Create a communication data user.

Assign the role ZSIGNAVIOCONNECTOR:

Assign the role "ZSIGNAVIOCONNECTOR".

Assign the role "ZSIGNAVIOCONNECTOR".

As a result, in Signavio you will only have access to the defined blueprint projects:

Select a SAP Solution Manager project in Signavio.

Select a SAP Solution Manager project in Signavio.

Read more about configuring projects at Importing data from SAP Solution Manager into Signavio.

Configuring access rights required for the integration in Signavio

In Signavio’s Manage users & access rights dialog you can restrict the features available to members of a particular user group.

You might want to enable the import / export functionality for SAP Solution Manager only to a limited number of users in your Signavio workspace or even restrict the access to a specific project folder in Signavio.

The feature set Solution Manager Import / Export includes all functionality required to perform an import or export of content from/to Solution Manager. It does not include the administration part to install a new connector. Users of the Administrators group always have the functionality of the Solution Manager Import / Export feature set available.

Hint

The Signavio connector itself requires a user having the Solution Manager Import / Export feature set available as well. We recommend assigning a separate user not used by any human user to the Signavio connector.

the user and access rights management dialog

the user and access rights management dialog

Installing the Signavio SAP Solution Manager Connector

To integrate Signavio with the SAP Solution Manager, follow the instructions in the following subsections.

Adding a Solution Manager connector to your Signavio workspace

To add a Solution Manager connector to your Signavio workspace, proceed as follows:

  • Open the Signavio Explorer as a workspace administrator.
  • Go to Setup - Manage SAP® Solution Manager®
  • Click Add connector:
Add a connector.
  • Fill out the configuration dialog, according to the following description:

    Connector Name: This is just a human readable name to identify the Signavio SAP Solution Manager 7.1 Connector installation later during the setup and when configuring access rights.

    Connector URL: This is the URL where the connector installation can reached after startup. You will most likely put it on the server on which your SAP Solution Manager 7.1 is running. Only HTTPS is supported. E.g.: https://172.16.1.15:8083/

  • Click Add SolMan Connector:

the SAP Solution Manager Connector configuration dialog in Signavio

the SAP Solution Manager Connector configuration dialog in Signavio

Important

There is no need to make this URL available through your firewall for incoming requests. Only outgoing request to the Signavio server must be performed in case of a Signavio Software-as-a-Service subscription.

  • The connector will now appear in the configuration overview dialog. Click Edit:

    Click 'Edit'.

    Click ‘Edit’.

  • You’ll see that the fields OAuth client id and OAuth secret have been filled in automatically. Please make sure copy and save these values, as you will need them later on.

  • Click the link to download the connector’s binaries (solman71connector_v2.zip):

    Download the Signavio SAP Solution Manager 7.1. Connector.

    Download the Signavio SAP Solution Manager 7.1. Connector.

    Later, this file needs to be accessed by the server administrator.

Configuring the Signavio connector

Downloading and extracting the connector

  • Extract the connector’s binary file (solman71connector_v2.zip) to a location of your choice (e.g. /usr/sap/S01/DVEBMGS00/work/signavio)

  • Open the file solmanconnector.properties and make required configurations for:

    • connector name and url

    • Oauth id and Oauth secret

    • SAP Solution Manager BSI Service endpoint url

    • SAP user and password to be used by the connector

    • Proxy configuration (optional):

      • proxy.host
      • proxy.schema
      • proxy.port

Downloading and extracting the SAP JVM 8.1

The Signavio SAP Solution Manager connector requires to download and extract SAP’s JVM version 8.1.

To download the SAP JVM 8.1, open the following link and select the correct version for your operating system:

https://tools.hana.ondemand.com/

Unzip the downloaded archive.

The expected extraction result is the folder sapjvm_8 with the following content:

The content of the folder "sapjvm_8".

The content of the folder “sapjvm_8”.

Now, copy the folder sapjvm_8 to the installation directory of the Signavio SAP Solution Manager connector.

Running the connector

  • Run the connector:

    • On Linux:

      • Start up

        Execute the startup.sh script to start the connector. Add this to your init.d script to support restarts of the VM.

      • Shutdown

        ./shutdown.sh will close the connector.

    • On Windows:

      • Start up

        Execute the startup.bat script to start the connector.

      • Shutdown

        shutdown.bat will close the connector.

      • Run as a windows service

        service.bat install

        service.bat remove

      • You can also start/stop the connector via SolManConnectorService.exe.

  • Run the setup:

    In this step the connector establishes an Oauth connection to the Signavio Process Manager and asks for the a Signavio user to authenticate against Signavio Process Manager.

    Proceed as follows:

    • Open https://SOLMANCONNECTOR_HOST:PORT/setup
    • Click Authorize Signavio SAP® Solution Manager® 7.1 Connector
    • Login to the Signavio account under which the connector should perform its work.
    • In case your already logged in with a different account in the same browser, you might want to log out first.
    • The following web page will be displayed:
    Grant authorization.

    Grant authorization.

    Click Grant to allow the Signavio SAP Solution Manager Connector to connect with Signavio Process Manager.