Symptom
- You have questions or require clarifications on the IP Allowlist topic in SAP Datasphere.
- This is about the external SAP Datasphere IP address information required to add them to an IP allowlisting.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP Datasphere
Cause
- In Datasphere, System -> About -> More section, the information of "Outbound IP Address" and "HANA IP Address" can be found.
- Below is a screenshot with the IP's and other details masked out for security purposes.
- Replication/Data Flow NAT IP (egress):
- SAP HANA Cloud NAT IP (egress): - these can be checked in SAP HANA Cloud Administration Guide Domains and IP Ranges (see See Also section below for more details)
Resolution
In SAP Datasphere there are 3 kinds of IP addresses used for Allowlisting requirements:
-
Outbound (from Datasphere) IP Address of the Datasphere tenant
- This is the outbound IP used by Datasphere Replication Flows and Data Flows.
- This IP needs to be maintained in any system being called by these flows and should be provided to the Admins of any such systems.
- Note: the "Outbound IP Address" is NOT the outbound IP address of the Datasphere's HANA Cloud DB instance, but instead the outbound IP address of Datasphere's Flows Cluster.
- This IP can be found in the "Replication/Data Flow NAT IP (egress)" in the "About" popup.
-
Outbound (from Datasphere) IP Addresses of Datasphere's HANA Cloud Database instance
- This is the outbound IP address of the SAP Datasphere's HANA Cloud Database instance.
- These are used in the below 2 scenarios:
- If connecting a REST remote source to the HANA Cloud instance through SDI (for example, OData Adapter), then he REST remote source is accessed using one of the NAT / egress IPs.
- If connecting a remote source using SDA to the HANA Cloud instance, then the connection uses the NAT / egress IP in case the Cloud Connector is not used in the scenario.
- This IP can be found in the "SAP HANA Cloud NAT IP (egress)" in the "About" popup.
-
Load Balancer IP Addresses of Datasphere's HANA Cloud Database
- These are the SAP Load Balancer (LB) IP addresses for incoming requests (ingress) to the Datasphere's HANA Cloud Database.
- They are required for any connection established to SAP HANA Cloud including the Data Provisioning Agent and the SAP Cloud Connector.
- Most connections to SAP Datasphere are through the LB/ingress IPs with the exception of the 2 scenarios with NAT IPs explained the above.
- These IP's are NOT listed in the "About" popup but can be found in the SAP HANA Cloud Administration Guide Domains and IP Ranges.
-
For connections using SAP Cloud Connector
-
- Add the Cloud Connector IP address in SAP Datasphere (System -> Configuration -> IP Allowlist -> Trusted Cloud Connector IPs).
- Add the SAP Datasphere Outbound IP address in the Cloud Connector firewall rules.
- Refer to Set up Cloud Connector in SAP Datasphere and Prerequisites -> Network for more details.
See Also
- For both NAT IPs and LB IPs information, they can be checked in SAP HANA Cloud Administration Guide Domains and IP Ranges as below.
- SAP Datasphere Help page Finding SAP Datasphere IP addresses
- SAP Datapshere Help page Add IP address to IP Allowlist
- SAP Note 2894588 IP Allowlist in SAP Datasphere
- KBA 3369433 How to troubleshoot Cloud Connector related issues when creating connection in Datasphere
- SAP Help pages: Add IP address to IP Allowlist and Finding SAP Datasphere IP addresses
- SAP Help Configure Cloud Connector
- SAP Help Cloud Connector Prerequisites
- SAP Community Cloud Connector Guided Answers and Troubleshooting
Keywords
Datasphere, IP Address, IP Addresses, outbound, whitelist, allow list, firewall, network, router, device , KBA , DS-DI-CON , Connections , Known Error
Product
SAP Datasphere all versions
Attachments
Pasted image.png |