SAP BTP

ADMINISTRATOR
HANDBOOK

Jallaj Kumar
1
Introduction

1. SAP BTP ADMINISTRATOR HANDBOOK

Sole purpose of writing this book is to share the content among integration practitioners a book
that they follow while administring the SAP BTP. in this book every possible infirmation is
provided. Looking forward for feedback.

2
 1. Basic Platform Concepts

SAP BTP offers users the ability to turn data into business value, compose end-to-end business
processes, and build and extend SAP applications quickly. The services and solutions of SAP
BTP are available on multiple cloud infrastructure providers. The multi cloud foundation
supports different environments, such as Cloud Foundry, ABAP, and Kyma, as well as multiple
different regions, and a broad choice of programming languages. The central point of entry to
the cloud platform is the SAP BTP cockpit, where you can access your accounts and
applications and manage all activities associated with them.

3
1.1 Regions:
You can deploy applications in different regions. Each region represents a geographical location
(for example, Europe, US East) where applications, data, or services are hosted.
Regions are provided either by SAP or by our Infrastructure-as-a-Service (IaaS) partners
Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Alibaba Cloud. The
third-party region providers operate the infrastructure layer of the regions, whereas SAP
operates the platform layer and Cloud Foundry.

4
Selecting a Region:
A region is chosen at the subaccount level. For each subaccount, you select exactly one region.
The selection of a region is dependent on many factors: For example, application performance
(response time, latency) can be optimized by selecting a region close to the user.

Deploying Applications in Regions:

5
High Availability:
SAP has several processes in place to support resilience in SAP BTP, and provides different
offerings so that you can support the high availability of your applications.

Resilience, High Availability, and Disaster Recovery:

6
1.2 Enterprise Accounts

7
SAP BTP provides different types of global accounts, enterprise and trial. The type you choose
determines pricing, conditions of use, resources, available services, and hosts.
The main features of enterprise accounts are described for use by customers and by partners:
Customer Account:
Global account that enables you to host productive, business-critical applications with 24/7
support. You can purchase a global account just like any other SAP software. You can upgrade
and refine your resources later. You can also contact your SAP sales representative and opt for a
configuration, tailored to your needs.
Partner Account:
A global account that enables you to build applications and to sell them to your customers.
Includes SAP Application Development licenses that enable you to get started with scenarios
across cloud and on-premise applications. Offers the opportunity to certify applications and
receive SAP partner logo package with usage policies. Advertise and sell applications via the
SAP Store.

1.3 User and Member Management:

On SAP BTP, member management happens at all levels from global account to environment, while user
management is done for business applications.

User Accounts:
A user account corresponds to a particular user in an identity provider, such as the default
identity provider or a custom tenant of the Identity Authentication service. User accounts
enable users to log on to SAP BTP and access subaccounts and use services according to the
permissions given to them. Before diving into the different user and member management
concepts, it is important to understand the difference between the different types of users we’re
referring to: Platform users and business users.
Platform users are usually developers, administrators or operators who deploy, administer, and
troubleshoot applications and services on SAP BTP. They’re the users that you give certain
permissions for instance at global account or subaccount level, either by adding them as
members. Platform users who were added as members and who have administrative
permissions can view or manage the list of global accounts, subaccounts, and environments,
such as Cloud Foundry orgs and spaces. Members access them using the SAP BTP Cockpit or
the SAP BTP command-line interface (btp CLI) or environmentspecific CLI, such as the Cloud
Foundry (CF) CLI.

8
Business users use the applications that are deployed to SAP BTP. For example, the end users
of SaaS apps or services, such as SAP Workflow service or SAP Cloud Integration, or end users
of your custom applications are business users. Application developers (platform users) create
and deploy application-specific security artifacts for business users, such as scopes.
Administrators use these artifacts to assign roles, build role collections, and assign these role
collections to business users or user groups. In this way, they control the users' permissions in
the application.

1.4 Entitlements and Quotas

When you purchase an enterprise account, you’re entitled to use a specific set of resources, such
as the amount of memory that can be allocated to your applications.

9
An entitlement is your right to provision and consume a resource. In other words, entitlements
are the service plans that you're entitled to use.

A quota represents the numeric quantity that defines the maximum allowed consumption of a
resource. In other words, how much of a service plan you're entitled to use
Some service plans use numeric quota, which means that you can increase or decrease the
number of units available in a subaccount. Depending on the service, these units represent
different things and may impact the number of service instances, applications, or routes you can
have in a subaccount.

10
Distribution and Usage of Entitlements and Quotas [Feature Set A]:
Entitlements and quotas are purchased and managed at global account level, from where they
are distributed to subaccounts, which consume them. When you remove quotas or entitlements
from a subaccount, they become available again at global account level and can be assigned to
other subaccounts.
Distribution and Usage of Entitlements and Quotas [Feature Set B]:
Entitlements and quotas are purchased and managed at global account level, from where they
are distributed to directories and/or subaccounts, which consume them. When assigning
entitlements and quotas to directories, you also have the option to automatically assign a set
amount of quota to each new subaccount added to the directory. This option doesn’t apply to
subaccounts that are already in the directory when you select this option. The quota you
assigned to the directory is then gradually distributed to all subaccounts that you add to that
directory, until it runs out. Once the directory quota runs out, if you add a new subaccount to
that directory, it won't get any quota automatically anymore.
Since directories are only a way of grouping subaccounts, you can’t consume a service at
directory level. However, when you assign entitlements and quotas from the global account to a
directory, the quota you assigned is shown as used, even if there are no subaccounts in that
directory to consume the quota. You can think of it as a way to "reserve" quota and make sure
it's not assigned to other subaccounts or directories. When you remove quotas or entitlements
from a directory or subaccount, they become available again at global account level and can be

11
assigned to other directories or subaccounts; unless the quota is reserved for a given directory
then the freed quota remains available only to that directory and its subaccounts.

1.5 Commercial Models

SAP BTP offers two different commercial models for enterprise accounts.
Consumption-based commercial model: Your organization receives access to all current and
future services that are eligible for this model. You have complete flexibility to turn services on
and off and to switch between services as your business requires throughout the duration of
your contract. This commercial model is available in two flavors: Cloud Platform Enterprise
Agreement (CPEA) and Pay-As You-Go for SAP BTP.
Subscription-based commercial model: Your organization subscribes only to the services
that you plan to use. You can then use these services at a fixed cost, irrespective of
consumption.

1.6 Account Model

Global Accounts:

12
A global account is the realization of a contract you or your company has made with SAP. A
global account is used to manage subaccounts, members, entitlements and quotas. You receive
entitlements and quotas to use platform resources per global account and then distribute the
entitlements and quotas to the subaccount for actual consumption. There are two types of
commercial models for global accounts: consumption-based model and subscription-based
model. Global accounts are region- and environment-independent. Within a global account,
you manage all of your subaccounts, which in turn are specific to one region.

Subaccounts:
Subaccounts let you structure a global account according to your organization’s and project’s
requirements with regard to members, authorizations, and entitlements. A global account can
contain one or more subaccounts in which you deploy applications, use services, and manage
your subscriptions. Subaccounts in a global account are independent from each other. This is
important to consider with respect to security, member management, data management, data
migration, integration, and so on, when you plan your landscape and overall architecture.

13
Relationship between Subaccounts, Orgs, and Spaces
When you enable the Cloud Foundry environment in one of your subaccounts, the system
automatically creates a Cloud Foundry org for you. The subaccount and the org have a 1:1
relationship and the same navigation level in the cockpit (even though they may have different
names). You can create spaces within that Cloud Foundry org. Spaces let you further break
down your account model and use services and functions in the Cloud Foundry environment.

Directories:
Directories allow you to organize and manage your subaccounts according to your technical
and business needs. A directory can contain directories and subaccounts to create a hierarchy.
Using directories to group other directories and subaccounts is optional - you can still create
subaccounts directly under your global account. You can create a hierarchical structure that is
up to 7 levels deep. The highest level of a given path is always the global account and the lowest
is a subaccount, which means that you can have up to 5 levels of directories bewteen the global
account and the lowest level subaccount.

14
1.7 API Support
SAP BTP enables you to consume APIs and publish your own ones through the following
offerings:
SAP BTP on the API business Hub:
The SAP API Business Hub provides you with one central repository for browsing and
accessing APIs from SAP and select partners. Test APIs and try out mock data in your
systems. It is also the official place where REST and OData REST API references are
published.
SAP BTP API Management:
API Management allows you to build, manage, publish, and monetize your own APIs within
one secure and scalable environment.
SDK’s:
The software development kits (SDKs) available for SAP BTP offer APIs to, for example,
accelerate enterprise app development.

15