This article is an excerpt from Securing SAP S/4HANA, courtesy of Espresso Tutorials.
Securing Fiori
SAP Fiori is a new user experience (UX) for SAP software and applications. It provides a set of applications that are used in regular business functions such as work approvals, financial apps, calculation apps, and various self-service apps. The SAP user interface, or SAP GUI as we know it today, was first introduced in 1992 together with the official release of SAP R/3. SAP R/3, the client server edition, was the successor to the SAP R/2 release, the mainframe edition. Although SAP has made several attempts to modernize SAP GUI, an end user from the time it was introduced would still find their way around today. Many transactions and screens have remained the same or changed very little. Since the initial release of SAP GUI, SAP has released several alternative user interfaces such as the SAP Workplace (which was part of the mySAP.com offering), the SAP Enterprise Portal, and the NetWeaver Business Client or NWBC. None were as successful as SAP GUI except, perhaps, for the NetWeaver Business Client. The NetWeaver Business Client is, however, an extension to the SAP GUI. The conclusion of all this is that although many people complained about the old-fashioned look of SAP GUI, they kept using it and will probably continue to do so in the future. But there is no denying the fact that the user community is changing fast. The SAP users of tomorrow are the youngsters of today, who are used to accessing data from their mobile devices. To them, SAP GUI is a relic from the dark ages. This shift is not limited to youngsters—many end users want data access from any device, from any place, at any time. SAP released SAP Fiori to respond to this demand. SAP Fiori is built using modern design principles you might expect from applications designed for smartphones and tablets. There are already more than 500 role-based Fiori applications such as for HR, Finance, and Business Intelligence. An SAP Fiori application is always limited to a specific task or activity. The design is responsive and deployable on multiple platforms. There are three types of SAP Fiori applications: transactional apps, fact sheets, and analytical apps. SECURING FIORI 46
Transactional or task-based applications
The transactional SAP Fiori applications are limited to specific tasks such as entering a holiday request or expense note. They give end users fast access to data and represent a simplified view of an existing business process or workflow.
Fact sheets
Fact sheets have far more capabilities than transactional applications. From a fact sheet, you can drill down into the details. You can even navigate from one fact sheet to another or jump to the related transactional applications. For fact sheets, the underlying database must be SAP HANA. An example of a fact sheet is an application that shows the overview and details of a piece of equipment and its maintenance schedule.
Analytical applications
Analytical applications build on business intelligence using the capabilities of SAP HANA. They allow you to monitor key performance indicators (KPIs) of your business operations and to react immediately as changes occur. An example is the sales orders application, which immediately shows your sales representative the sales history from his customer, allowing him to take discount decisions immediately.
Deployment options
SAP Fiori apps consist of front-end components, which provide the user interface and the connection to the back end, and back-end components, which provide the data. The front-end components and the back-end components are delivered in separate products and must be installed in a system landscape that is enabled for SAP Fiori. There are multiple deployment options for the SAP Fiori components, each with their respective advantages and disadvantages. SAP Fiori applications are accessed through the SAP NetWeaver Gateway. The gateway consists of two components: SAP Gateway Foundation (SAP_GWFND) and User Interface Technology (SAP_UI). Both components are add-ons, which from NetWeaver version 7.4, are part of the SAP NetWeaver ABAP Stack. With NetWeaver 7.31, the components had to be deployed separately. This means that any system built on SAP NetWeaver, such as SAP ERP or SAP CRM, can be used to deploy SAP Fiori applications. SECURING FIORI 47 The following deployment options exist: central hub deployment, the embedded scenario and the cloud edition (see Figure 2.1). Figure 2.1: SAP Fiori deployment options
Central hub deployment
The central hub deployment is the preferred option. Here, SAP NetWeaver Gateway is installed as a separate system. The Fiori applications are deployed here and access the data on the back-end business systems, such as SAP ERP or SAP CRM. Although this option implies an extra system, thus a higher total cost of ownership (TCO), it enables a multi-back-end system scenario while ensuring a consistent look and feel for the different applications. The central hub can be considered a single point of access for all mobile applications. In addition, installing SAP NetWeaver Gateway on a separate system allows you to move the system behind or in front of the firewall depending on your current network topology and security requirements. SECURING FIORI 48
Embedded scenario
SAP NetWeaver is the basis of all ABAP-based SAP applications, regardless of whether you are talking about SAP ERP, SAP BW, or any of the others. As the gateway is an add-on for SAP NetWeaver, it is available on every ABAP-based business application. This means that it can be activated and that Fiori applications can be deployed on any system. This makes an extra system unnecessary. However, we do not recommend the embedded scenario as, in contrast to the central hub deployment, it results in Fiori applications being installed all over the place— negating the advantage of the single point of access for all mobile applications. The embedded scenario should only be considered during a proof of concept or when the deployment of mobile applications is going to be limited to a single SAP application such as SAP ERP. 2.1.3
Cloud edition
The SAP Fiori cloud edition is a ready-to-use infrastructure which can serve as a front end while leaving the back-end systems on premise. The connection to the SAP Fiori Cloud is realized via SAP Cloud Connector, which must be installed on premise. The back-end components still have to be installed on the back-end systems.
Comparison of the deployment options
Table 2.1 compares the different deployment options. Every deployment option has its respective advantages and disadvantages. The importance of the pros and cons differ in every customer situation. We strongly recommend the central hub deployment option as it enables a single point of access to your mobile applications for SAP ERP, SAP BW, and many others, while at the same time ensuring the same look and feel. Due to its limitations and dependencies, the embedded scenario should only be considered in a proof-of-concept scenario.