SAP HANA Setup

Pyramid connects to SAP HANA through JDBC with SQL. In addition to the standard connection details, as described here, the HANA connector may need these settings:

  • Server Instance Name or Number this is usually a 2 digit number like "00"
  • Portusually 39013 but can be different for tenant databases, which may be in the form 3XX15. This must be supplied if the default database is not.
  • Default Database: Provide the database that you are connecting to. If left blank, the port must be supplied
  • Client Number: This number is sometimes required. Usually a 3 digit value like "800"
  • Authentication: there are 3 choices for authentication:
    • provide the a HANA user and password.
    • use Kerberos Keytabs with a domain user account.
    • Use SAML assertions that are used for authenticating through to Pyramid to also authenticate into HANA. This option will only appear if SAML authentication has been used as the authentication provider.
  • Secure Connection: check this to use a secure TLS / SSL connection to connect to the HANA instance. (see below for more)
  • Options: there are multiple options for HANA, including how to render hierarchies, the default language / culture for the metadata and queries, and whether certain HANA data objects will be visible to the user in the system.

Secure Connections

To secure connections ensure that the check box is enabled. If the certificate should also be validated, details need to be provided on how to find the certificate store on the host servers. This applies to all runtime, task and AI servers. Select the right elements needed for the certificate store and set the values.

Java Trust Store

To use an existing SSL certificate with the Java engines add the certificate PEM file to the Java trust store on each Pyramid server. To add a certificate to the Java trust store run this command from the Java bin directory

bin\keytool.exe -importcert -alias HANAServer -file {yourDirectory}\hana.pem -keystore lib\security\cacerts

Secure Connection Options
  • Validate Certificate - Check this to validate the server certificate. If its false, the connection will simply work with an unvalidated SSL certificate.
  • Override host name in certificate - Use this if the certificate has a different host name than the server name. (The host name on the default self-signed HANA cert is typically "hxehost.localdomain")
  • Custom trust store - Use this option to specify a custom trust store for the certificate if the certificate was not imported to the Java trust store
  • Trust store password - when using a custom trust store, provide the he alternative trust store password

Securing SAP HANA User Connections

User connections to HANA can be made by named user (very inefficient approach for many users), or via SAML authorization. As a web based technology, the SAML approach is much preferred in Pyramid, and requires Pyramid to use the same SAML identity provider as the authentication provider for Pyramid access, allowing the SAML tokens to flow through to HANA when connecting to the data source.

SAP HANA Certifications

Pyramid is certified to operate against SAP HANA 1.x and 2.x

SAP HANA Licensing

Pyramid uses the SAP JDBC connector and SQL queries to interact and query SAP HANA. This is a certified mechanism for connecting and doing classic 'analytics and reporting' on SAP HANA and involves retrieving a 'reasonable' amount of data. The implementation does not operate like OpenHub because the interface is not designed for moving large amounts of data. All queries are direct and 'live'.

Verify with SAP that you have licensed SAP HANA correctly for your environment and that your licensing permits the use of the JDBC connector for certified 3rd party tools like Pyramid.