3456052 - FAQ: About IP Addresses used in SAP Datasphere

• You have questions or require clarifications on the IP Allowlist topic in SAP Datasphere.
• This is about the external SAP Datasphere IP address information required to add them to an IP allowlisting.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental. 

SAP Datasphere 

• In Datasphere, System -> About -> More section, the information of "Outbound IP Address" and "HANA IP Address" can be found.
• Below is a screenshot with the IP's and other details masked out for security purposes. 
  • Replication/Data Flow NAT IP (egress): 
  • SAP HANA Cloud NAT IP (egress): - these can be checked in SAP HANA Cloud Administration Guide Domains and IP Ranges (see See Also section below for more details)
    
    

In SAP Datasphere there are 3 kinds of IP addresses used for Allowlisting requirements:

1. Outbound (from Datasphere) IP Address of the Datasphere tenant

   • This is the outbound IP used by Datasphere Replication Flows and Data Flows.
   • This IP needs to be maintained in any system being called by these flows and should be provided to the Admins of any such systems. 
   • Note: the "Outbound IP Address" is NOT the outbound IP address of the Datasphere's HANA Cloud DB instance, but instead the outbound IP address of Datasphere's Flows Cluster.
   • This IP can be found in the "Replication/Data Flow NAT IP (egress)" in the "About" popup.
         

2. Outbound (from Datasphere) IP Addresses of Datasphere's HANA Cloud Database instance

   • This is the outbound IP address of the SAP Datasphere's HANA Cloud Database instance. 
   • These are used in the below 2 scenarios:
   • If connecting a REST remote source to the HANA Cloud instance through SDI (for example, OData Adapter), then he REST remote source is accessed using one of the NAT / egress IPs.
   • If connecting a remote source using SDA to the HANA Cloud instance, then the connection uses the NAT / egress IP in case the Cloud Connector is not used in the scenario.  
   • This IP can be found in the "SAP HANA Cloud NAT IP (egress)" in the "About" popup.
         

3. Load Balancer IP Addresses of Datasphere's HANA Cloud Database    

   • These are the SAP Load Balancer (LB) IP addresses for incoming requests (ingress) to the Datasphere's HANA Cloud Database.
   • They are required for any connection established to SAP HANA Cloud including the Data Provisioning Agent and the SAP Cloud Connector.
   • Most connections to SAP Datasphere are through the LB/ingress IPs with the exception of the 2 scenarios with NAT IPs explained the above. 
   • These IP's are NOT listed in the "About" popup but can be found in the SAP HANA Cloud Administration Guide Domains and IP Ranges.
     

4. For connections using SAP Cloud Connector  

• • Add the Cloud Connector IP address in SAP Datasphere (System -> Configuration -> IP Allowlist -> Trusted Cloud Connector IPs).
  • Add the SAP Datasphere Outbound IP address in the Cloud Connector firewall rules.
  • Refer to Set up Cloud Connector in SAP Datasphere and Prerequisites -> Network for more details.     
    

• For both NAT IPs and LB IPs information, they can be checked in SAP HANA Cloud Administration Guide Domains and IP Ranges as below.

• SAP Datasphere Help page Finding SAP Datasphere IP addresses
• SAP Datapshere Help page Add IP address to IP Allowlist 
• SAP Note 2894588 IP Allowlist in SAP Datasphere
• KBA 3369433 How to troubleshoot Cloud Connector related issues when creating connection in Datasphere 
• SAP Help pages: Add IP address to IP Allowlist and Finding SAP Datasphere IP addresses
• SAP Help Configure Cloud Connector
• SAP Help Cloud Connector Prerequisites
• SAP Community Cloud Connector Guided Answers and Troubleshooting 

Datasphere, IP Address, IP Addresses, outbound, whitelist, allow list, firewall, network, router, device , KBA , DS-DI-CON , Connections , Known Error