zhongwei/gh-secondsky-sap-skills-skills-sap-btp-developer-guide
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-secondsky-sap-skills-ski…/references/setup.md
Zhongwei Li 6942e32e6b Initial commit
2025-11-30 08:55:02 +08:00

335 lines
7.3 KiB
Markdown
Raw Permalink Blame History

# SAP BTP Setup Reference
## Overview
Setting up SAP BTP landscape is an administrative task that involves configuring account structures, users, and infrastructure automation.
## Account Model
### Hierarchy
```
Global Account
├── Directory (optional)
│ ├── Subaccount (DEV)
│ ├── Subaccount (QA)
│ └── Subaccount (PROD)
└── Subaccount (Shared Services)
```
### Subaccount Configuration
Each subaccount can have:
- Cloud Foundry environment
- Kyma environment
- ABAP environment
- Service instances
- Role assignments
## User Types
### Platform Users
**Role**: Developers, administrators, operators
**Responsibilities**:
- Application deployment
- System administration
- Troubleshooting
- Operations
**Access**: Subaccounts, services, runtimes
### Business Users
**Role**: End users of applications
**Access**: Deployed applications, SaaS services
## Terraform Provider for SAP BTP
### Overview
**Purpose**: Automate provisioning, management, and configuration
**Benefits**:
- Infrastructure as code
- Reproducible deployments
- Version-controlled configuration
- CI/CD integration
### Installation
```hcl
# main.tf
terraform {
required_providers {
btp = {
source = "SAP/btp"
version = "~> 1.0"
}
}
}
provider "btp" {
globalaccount = var.globalaccount
}
```
### Common Resources
#### Subaccount
```hcl
resource "btp_subaccount" "dev" {
name = "development"
subdomain = "dev-${var.org_id}"
region = "eu10"
labels = {
environment = "development"
}
}
```
#### Entitlements
```hcl
resource "btp_subaccount_entitlement" "hana" {
subaccount_id = btp_subaccount.dev.id
service_name = "hana-cloud"
plan_name = "hana"
amount = 1
}
resource "btp_subaccount_entitlement" "cf" {
subaccount_id = btp_subaccount.dev.id
service_name = "APPLICATION_RUNTIME"
plan_name = "MEMORY"
}
```
#### Service Instances
```hcl
resource "btp_subaccount_service_instance" "xsuaa" {
subaccount_id = btp_subaccount.dev.id
name = "my-xsuaa"
serviceplan_id = data.btp_subaccount_service_plan.xsuaa.id
parameters = jsonencode({
xsappname = "my-app"
tenant-mode = "dedicated"
})
}
```
#### Role Collections
```hcl
resource "btp_subaccount_role_collection_assignment" "admin" {
subaccount_id = btp_subaccount.dev.id
role_collection_name = "Subaccount Administrator"
user_name = "admin@example.com"
}
```
### Complete Example
```hcl
# variables.tf
variable "globalaccount" {
description = "Global account subdomain"
type = string
}
variable "region" {
description = "BTP region"
type = string
default = "eu10"
}
variable "admins" {
description = "List of admin users"
type = list(string)
}
# main.tf
terraform {
required_providers {
btp = {
source = "SAP/btp"
version = "~> 1.0"
}
}
}
provider "btp" {
globalaccount = var.globalaccount
}
# Development subaccount
resource "btp_subaccount" "dev" {
name = "Development"
subdomain = "dev-myorg"
region = var.region
}
# Enable Cloud Foundry
resource "btp_subaccount_entitlement" "cf" {
subaccount_id = btp_subaccount.dev.id
service_name = "APPLICATION_RUNTIME"
plan_name = "MEMORY"
}
resource "btp_subaccount_environment_instance" "cf" {
subaccount_id = btp_subaccount.dev.id
name = "cf-dev"
environment_type = "cloudfoundry"
service_name = "cloudfoundry"
plan_name = "standard"
parameters = jsonencode({
instance_name = "cf-dev"
})
}
# HANA Cloud
resource "btp_subaccount_entitlement" "hana" {
subaccount_id = btp_subaccount.dev.id
service_name = "hana-cloud"
plan_name = "hana"
amount = 1
}
# Admin role assignment
resource "btp_subaccount_role_collection_assignment" "admins" {
for_each = toset(var.admins)
subaccount_id = btp_subaccount.dev.id
role_collection_name = "Subaccount Administrator"
user_name = each.value
}
# outputs.tf
output "subaccount_id" {
value = btp_subaccount.dev.id
}
output "cf_api_endpoint" {
value = btp_subaccount_environment_instance.cf.labels["API Endpoint"]
}
```
### Terraform Commands
```bash
# Initialize
terraform init
# Plan changes
terraform plan -var-file="dev.tfvars"
# Apply changes
terraform apply -var-file="dev.tfvars"
# Destroy resources
terraform destroy -var-file="dev.tfvars"
```
## Manual Setup Steps
### 1. Global Account Configuration
1. Access SAP BTP Cockpit
2. Navigate to Global Account
3. Configure directories (optional)
4. Set up entitlements
### 2. Subaccount Creation
1. Click "Create Subaccount"
2. Specify name and subdomain
3. Select region
4. Configure labels
5. Enable environments
### 3. Entitlement Assignment
1. Navigate to Entitlements
2. Configure Service Assignments
3. Set quotas per service
4. Assign to subaccounts
### 4. User Management
1. Navigate to Security > Users
2. Add users by email
3. Assign role collections
4. Configure IdP trust (optional)
## ABAP System Landscape Setup
### Recommended Landscapes
Start with only needed systems. Additional systems can be provisioned later.
**3-System Landscape (DEV, QAS, PRD)**
- Recommended for most projects
- Suitable when development is occasional or release cycles are less frequent
- Enables testing outside development
- Verifies application behavior before production
**5-System Landscape (DEV, COR, TST, QAS, PRD)**
- Appropriate for larger teams with continuous development
- Enables parallel correction handling
- Supports uninterrupted development work
### Sizing Specifications
**Production Capacity:**
- 1 ACU can serve up to **1,000 active business users per day**
**Recommended Minimum Starting Configuration:**
| Resource | Size | Memory |
|----------|------|--------|
| ABAP Compute Units (ACU) | 1 | 16 GB |
| HANA Compute Units (HCU) | 2 | 32 GB total |
**Scaling Options:**
- Manual scaling via SAP BTP Cockpit
- Automatic runtime scaling (Release 2402+) requires consumption-based contract
**Cost Optimization:**
- Use system hibernation for DEV, COR, TST systems during inactive periods
- Reduces costs significantly when systems not in use
## Best Practices
### Account Structure
| Environment | Purpose | Entitlements |
|-------------|---------|--------------|
| Development | Development work | Full entitlements |
| QA/Test | Testing | Production-like |
| Production | Live workloads | Production quotas |
| Sandbox | Experimentation | Minimal |
### Security
1. **Least privilege** - Minimal necessary permissions
2. **Separation of duties** - Different roles for different tasks
3. **Audit logging** - Enable for compliance
4. **IdP integration** - Use corporate identity
### Automation
1. **Use Terraform** for reproducibility
2. **Version control** configurations
3. **CI/CD integration** for changes
4. **Document** manual steps
## Source Documentation
- Setup: [https://github.com/SAP-docs/btp-developer-guide/blob/main/docs/set-up-3b774f8.md](https://github.com/SAP-docs/btp-developer-guide/blob/main/docs/set-up-3b774f8.md)
- SAP BTP Administrator's Guide: [https://help.sap.com/docs/btp/sap-business-technology-platform/administration-and-operations](https://help.sap.com/docs/btp/sap-business-technology-platform/administration-and-operations)
- Terraform Provider: [https://registry.terraform.io/providers/SAP/btp/latest](https://registry.terraform.io/providers/SAP/btp/latest)
Reference in New Issue View Git Blame Copy Permalink