SAP Fiori implementation: 5 lessons learned

I’ve been lucky enough to be involved in several FIORI projects recently using ANYDB and HANADB, so here are the lessons learned on things to consider in a Fiori standard app implementation. Please do add your comments and experiences below.

Lesson Learned 1 – Right Team

Ideally, in a POV (Proof of Value) for any DB and HANA DB Fiori Implementation Project there should be  following people

Fiori Configuration Consultant – Fiori Consultant – Fiori Consultant should be able to identify all the UI components that needs to be downloaded from service market place. He should also be able to assign right roles to the right users through PFCG, maintain and activate service and have reasonable browser debugging skills to navigate issues. These skills are enough for standard app deployment. For custom app he or she would need more technical skills such as JQuery, Json and screen designing.

SAP BASIS / Netweaver Consultant – System Administrator who can install all relevant components, set up roles and make the Netweaver Gateway connection

HANA Consultant – HANA Technical consultant who can set up the HANA architecture for apps that run on HANA DB (Analytical Apps)

MDM Expert – To make sure the apps run effectively in a secured network it is essential to have an MDM specialist either from the client side or from the solution provider. There could be any third-party MDM solution that needs to be incorporated in the architecture. It is very important to understand the security requirements from the client.

Lesson Learned 2 – Apply all the SAP notes before implementation

SAP Notes are listed in the installation guide.

If you do not apply SAP Notes, you might have to spend few weeks troubleshooting, searching and finding the root cause of the app not working. Applying SAP Notes may take 1 but would save your 2-3 weeks troubleshooting time. BASIS or system admin should install the SAP notes however, Fiori Consultant should be able to find and advise the right SAP notes to be installed.

Don’t hesitate to google, and search for bug fix notes due in the next Support Package in the SAP Service Marketplace. There are tips available to search and find relevant SAP notes in this link. Searching and Displaying SAP Notes in SAP Service Marketplace. Travel request is the most common one where we had to apply the SAP Note which fixed the issue

Lesson Learned 3 – Sizing Implications

Another point to consider is sizing the required infrastructure. It is essential to understand the intended target audience using the app and what is the target user base. and what is the expectation of usage within the corporate network vs access from external? Please search on SCN about sizing of the SAP NetWeaver Gateway.

Lesson Learned 4 – Security

As mentioned earlier Security is one of the key concerns. Most companies have strict policies and could already have their own MDM solution in place. Common MDM tools could be BES 12 or they can use Cisco VPN or Microsoft Unified Access tools as the only option.

While some companies are happy to expose SAP Fiori to the internet via reverse proxies, security driven and regulated industries need an additional layer of security, e.g. via a native wrapper application or a secure browser. SAP Mobility and Fiori roadmap is continuously evolving with interesting developments in the MAM, MCM space, so it is always advised to check with the client first on their security needs.

In our case client already had a SAP NetWeaver Portal for SSO and we needed to integrate SAP Fiori with portal. But the SAP Portal did not target smartphones and tablets so we had to look options Mobile Edition of SAP NetWeaver Portal.

SAP MDM solution Afaria could be useful to deploy a native wrapper or secure browser but if a client already have their own MDM solution it is almost not possible to replace it with something new.Depending upon your client security requirements there are a couple of options that can be recommended.

Depending upon your client security requirements there are a couple of options that can be recommended to authenticate the user

  • User name and password
  • 509 client certificates
  • SAML tokens generated by SAP IdP or another SAML Identity Provider
  • SSO2 tokens generated by an SAP NetWeaver Portal instance
  • Other single-sign on providers

Lesson Learned 5 – System Landscape and Transportation

Ideally there are customizing request and workbench requests in 2 system landscapes that needs to be transported in synch between the SAP Gateway server and backend systems. Some companies use Quality Gate Management (QGM). With the help of QGM the workbench and customizing requests can be transported in synch and the process can be controlled and monitored centrally from SAP Solution Manager.

In a typical Fiori Implementation project that requires creation of new OData service too, following 9 steps should be followed

Step 1 – Create a change

Step 2 – Create workbench requests and customizing request

Step 3 – Gateway Service Builder – OData Service Creation (only applicable if a new OData service is created)

Step 4 – Gateway Service Builder – OData Service Implementation

Step 5 – Gateway Backend – Service Registration

Step 6 – Maintain Service – Service Activation on SAP Gateway Server

Step 7 – Maintain Service – System Alias Customizing

Step 8 – SAPUI5 Application Development

Step 9 – Transport changes via QGM

Some references in the post are taken from SCN