In this exercise, we will follow along with a recorded step-by-step video that takes us through the Edge Integration Cell installation.
The installation assumes that the following pre-requisites have been met:
- First and foremost, we will need privileges to create Kubernetes Service in either Amazon EKS, Microsoft AKS, or SuSE Rancher / RKE2. Please work with your internal IT teams to get hold of these.
- Optional - Kubernetes command line tool: kubectl, to dig into some of the internals.
- A technical user (P-User) already exists. The setup process performs an implicit Cloud Connector installation during the Kubernetes bootstrapping process. Please note that Cloud Connector comes in only for the management plane flows (and not during the actual API / Integration flow execution)
- An S-user already exists. Using this S-User, a technical user in SAP Repositories Management https://ui.repositories.cloud.sap/ will be created. This process is needed during the transfer of the code binaries from SAP's central repository to the customer's designated Container Registries.
- Optional - To enable central system monitoring, an Identity Authentication Service (IAS) tenant exists.
- A private key and a CA-signed certificate that we will use to establish HTTPS on the Istio Ingress Gateway
- Control of the DNS registry in order to perform an A-record mapping of the Load Balancer IP with the virtual host alias that is established in the step above.
These are only a few highlights and by no means an exhaustive list of system prerequisites needed to perform an end-to-end installation.
Our help documentation : https://help.sap.com/docs/integration-suite/sap-integration-suite/before-you-start?version=CLOUD will cover the system prerequisites, supported software versions, network dependencies, etc.
Here is the link to the video:
In this section, we present a breakdown of each step, an explanation of what the step holds, the exact timestamps in the video that pertain to the step, and for your convenience a link to the video that will directly jump to the relevant timestamp section.
| Step No | Detail | Timestamp | Video link__________________________ |
|---|---|---|---|
| 1 | Activate Edge Integration Cell In the Integration Suite menu, you will see a new 'Runtime' section within 'Settings'. This section holds the steps to activate the 'Edge Integration Cell' runtime. Under the hood, it creates a subscription to a capability called 'Edge Lifecycle Management' (ELM), which is used for the management or the control plane that controls the lifecycle of the Edge runtime nodes |
0:0 - 0:24 sec |  |
| 2 | Setup the Role Collection needed to access the ELM. First, we create a role collection, say 'EdgeLMAccess', and assign the newly available role named 'EdgeLMAccess'. After this, we assign the email address of the technical P-User mentioned in step 3 of the pre-requisites section to this Role Collection. Next, head over to the Cloud Connector Administrator Role Collection and make sure the same user has this assignment as well. These are two mandatory steps. |
0:24 - 1:39 min |  |
| 3 | ELM settings - BTP User Let us get into the ELM administration page. There are certain tenant-level settings that need to be in place before we start adding the Edge Nodes. The first setting is to assign P-user credentials in the SAP Business Technology Platform sub-tab. This will be used by the system to implicitly create the SAP Cloud Connector installation needed to establish the bridge between the management plane and the runtime edge location. |
1:39 - 1:55 min |  |
| 4 | ELM settings - RBSC User The next setting is to create a technical user in SAP Repositories Management (https://ui.repositories.cloud.sap/Information published on SAP site) for your logged-in user account. It is used to download SAP software using the Repository-based shipment channel. The technical user that you create is automatically granted access to the repositories based on the licenses of the logged-in user. |
1:55 - 2:27 min |  |
| 5 | ELM settings - Monitor and Log The next setting is to configure the credentials of an IAS (SAP Identity and Authentication Service) tenant. This will be needed to access the Graphana dashboard that we will use to monitor the health and status of the runtime Kubernetes installation. |
2:27 - 2:40 min |  |
| 6 | Adding an Edge Node With the prerequisites now in place, let us start the process of adding an Edge Node (placeholder for the runtime cluster). There are various optional configuration steps here - for example, to specify a local container registry where the binaries will be delivered, HTTPS Proxy details if the Kubernetes nodes are behind one, etc. In this installation, we will stick to the defaults to keep the process simple. |
2:40 - 3:01 min |  |
| 7 | Kubernetes setup in AKS Now the wizard is at a step where we will need the details of the Kubernetes configuration where the edge cell installation will be done, i.e. the kubeconfig file. For our installation, we will use AKS (Azure Kubernetes Service) as the hyperscaler of choice. Note that there are other possibilities here as well. To keep things simple, we will follow to the easiest path of getting a Kubernetes cluster setup. Note that in reality there could be many network-related steps here based on your local IT governance requirements. The important aspects here would be to select the right supported version of Kubernetes service, the size of the machines (minimum 8 vCPU, 32 GB RAM), and expandable node pools. Once the installation is complete, we launch the inbuilt Cloud Shell to get hold of the kubeconfig file of the provisioned cluster. |
3:01 - 4:06 min |  |
| 8 | Download bootstrapping file The kubeconfig file will be needed to set up the local kubectl command line, for a Kubernetes administrator. Let us now get back to the 'Edge Node' installation steps. Based on our inputs, the system will generate a context.cfg file that will be used for the next set of steps. We will also download the ELM binary from SAP Service Marketplace, mount it to our MacOS, and pull the installer out from the binaries. |
4:06 - 4:47 min |  |
| 9 | Execute the ELM Bridge bootstrapping commands With the ELM executable and the context.cfg file, we start the bootstrapping process from our local machine (that has access to the API Server of the Kubernetes installation). This is supported only via a command line interface. The wizard will run through a series of steps, the principal ones being the installation and configuration of the cloud connector and the 'Edge Lifecycle Management' base solution installation. |
4:47 - 5:37 min |  |
| 10 | Manage keypairs for SSL handling The next set of steps is to install the Edge Integration Cell solution itself. We start by creating an RSA keypair, needed to configure TLS and the HTTPS handshake on the Edge Ingress Gateway (we will use Istio as the Ingress Gateway layer). The keypair is encoded as eicdemo.pfx, a file that is imported into the security section of the SAP Integration Suite's. Note that the certificate has been issued for a wildcard (*) domain: sapintegrationsuite.de. |
5:37 - 6:44 min |  |
| 11 | Edge Integration Cell solution deployment Let us now deploy the Edge Integration Cell solution. The installation wizard has a configuration section where we could define the sizing of the cluster, bring in our own persistence and storage classes, etc. To keep things simple, we will stick to the defaults. Once this step successfully completed, the solution and the dependent components are installed and ready to execute. |
6:44 - 7:12 min |  |
| 12 | Configuring kubectl tool This is an optional step, targetting the Kubernetes administrators who would need to access the 'kubectl' command line tool directly from their local machines to watch and administer the pods and services. Note that the grafana-based dashboard can be used for the same purpose as well. |
7:12 - 7:44 min |  |
| 13 | Runtime profile verification As a final verification step, head to the Integration Suite's Settings -> Integration section on the main page, and here you will notice the inclusion of the Edge Integration Cell's runtime profile in addition to the default Cloud Profile. |
7:44 - 8:00 min |  |
| 14 | DNS mapping of virtual host alias We are one final step away from calling the IFlows and APIs. Remember in step 10 we created the SSL keypair. Let's go to the istio-system namespace from the Kubernetes command line and look for the istio-ingressgateway service. The EXTERNAL-IP attribute lists the public IP of the load balancer that we can use as the Ingress point to access the IFLow and API endpoints. Next, let's copy the virtual host endpoint from the Edge Integration Cell's properties section. Next, you will need access to the DNS registry for the organizational domain presented in the domain certificate and you will need to create an A-Record mapping between the virtual host alias and the IP address. |
8:00 min onwards |  |
You've now followed along the steps needed to install and configure the Edge Integration Cell hybrid software.
Continue to - Exercise 3 - Discover, design, and run pre-built standard integration on Edge Integration Cell