SAP Knowledge Base Article - Public

3456052 - FAQ: About IP Addresses used in SAP Datasphere

Symptom

  • You have questions or require clarifications on the IP Allowlist topic in SAP Datasphere.
  • This is about the external SAP Datasphere IP address information required to add them to an IP allowlisting.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental. 

Environment

SAP Datasphere 

Cause

  • In Datasphere, System -> About -> More section, the information of "Outbound IP Address" and "HANA IP Address" can be found.
  • Below is a screenshot with the IP's and other details masked out for security purposes. 
    • Replication/Data Flow NAT IP (egress): 
    • SAP HANA Cloud NAT IP (egress): - these can be checked in SAP HANA Cloud Administration Guide Domains and IP Ranges (see See Also section below for more details)

Resolution

In SAP Datasphere there are 3 kinds of IP addresses used for Allowlisting requirements:

  1. Outbound (from Datasphere) IP Address of the Datasphere tenant

    • This is the outbound IP used by Datasphere Replication Flows and Data Flows.
    • This IP needs to be maintained in any system being called by these flows and should be provided to the Admins of any such systems. 
    • Note: the "Outbound IP Address" is NOT the outbound IP address of the Datasphere's HANA Cloud DB instance, but instead the outbound IP address of Datasphere's Flows Cluster.
    • This IP can be found in the "Replication/Data Flow NAT IP (egress)" in the "About" popup.
          
  2. Outbound (from Datasphere) IP Addresses of Datasphere's HANA Cloud Database instance

    • This is the outbound IP address of the SAP Datasphere's HANA Cloud Database instance. 
    • These are used in the below 2 scenarios:
    • If connecting a REST remote source to the HANA Cloud instance through SDI (for example, OData Adapter), then he REST remote source is accessed using one of the NAT / egress IPs.
    • If connecting a remote source using SDA to the HANA Cloud instance, then the connection uses the NAT / egress IP in case the Cloud Connector is not used in the scenario.  
    • This IP can be found in the "SAP HANA Cloud NAT IP (egress)" in the "About" popup.
          
  3. Load Balancer IP Addresses of Datasphere's HANA Cloud Database    

    • These are the SAP Load Balancer (LB) IP addresses for incoming requests (ingress) to the Datasphere's HANA Cloud Database.
    • They are required for any connection established to SAP HANA Cloud including the Data Provisioning Agent and the SAP Cloud Connector.
    • Most connections to SAP Datasphere are through the LB/ingress IPs with the exception of the 2 scenarios with NAT IPs explained the above. 
    • These IP's are NOT listed in the "About" popup but can be found in the SAP HANA Cloud Administration Guide Domains and IP Ranges.
      
  4. For connections using SAP Cloud Connector  

See Also

  • For both NAT IPs and LB IPs information, they can be checked in SAP HANA Cloud Administration Guide Domains and IP Ranges as below.

         

Keywords

Datasphere, IP Address, IP Addresses, outbound, whitelist, allow list, firewall, network, router, device , KBA , DS-DI-CON , Connections , Known Error

Product

SAP Datasphere all versions

Attachments

Pasted image.png