The article “Bridging the Gap: Google Cloud Pub/Sub with SAP using ABAP SDK for Google Cloud” showcased the potential of integrating Google Cloud Pub/Sub and SAP to create robust event-driven solutions. The article Consuming Events from Pub/Sub into SAP using ABAP SDK for Google Cloud explored the use of pull subscriptions to retrieve events from a Pub/Sub topic. While this method is viable, it requires implementing a polling job on the SAP side, which would execute at regular intervals.

This blog explores alternative strategies for sending events from Google Cloud services to SAP, venturing beyond the pull subscription-based approach. Google Cloud Pub/Sub offers push subscriptions, which enable Pub/Sub to proactively deliver messages to subscribers without the need for explicit requests. This approach caters to applications demanding low latency and real-time event processing.

However, implementing push subscriptions requires a publicly addressable target endpoint for the messages. This may pose challenges in certain SAP environments where external network access is restricted.

In this blog post, we will explore alternative strategies for sending events from Google Cloud services to SAP, addressing the limitations of pull subscriptions and circumventing the requirement for a public endpoint in push subscriptions.

Here are couple of design draft for achieving this:

Push using Cloud Function triggered by Pub/Sub via Serverless VPC Connector

Architecture:

Key Terms:

• Cloud Function is a serverless compute platform that lets you run code without provisioning or managing servers.
• VPC stands for Virtual Private Cloud, and it refers to an isolated virtual network within a public cloud provider like Google Cloud Platform (GCP). This network is private to your organization and provides a secure environment for running your cloud resources.
• Serverless VPC Connector is a Google Cloud service that allows you to connect your serverless functions and applications to your VPC network. Thus enabling you to call Internal (Private) HTTP Endpoint.

Key Points:

• By design managed serverless services like Cloud Function, PubSub cannot access any Internal Endpoint (Private IP Address) inside a VPC.
• Serverless VPC Access enables you to connect directly to your Virtual Private Cloud (VPC) network from serverless environments such as Cloud Run, App Engine, or Cloud Functions. By configuring Serverless VPC Access, your serverless environment can send requests to your VPC network by using internal DNS and internal IP addresses. The responses to these requests also use your internal network. This is achieved by creating a Serverless VPC connector.
• A Pub/Sub triggered Cloud Function which is configured to use a VPC connector can be used to relay the event data to the Internal Endpoint.
• If the SICF HTTP service is authenticated, you can pass the authentication details from within the cloud function which in turn can be stored in Secret Manager.

Conclusion:

This design allows you to send events from Google Cloud Pub/Sub to SAP without requiring a public endpoint. The use of a Cloud Function to relay the event provides an opportunity to read and route the event to the appropriate endpoints.

Receive Pub/Sub events at an internal HTTP endpoint in a VPC network

Architecture:

Key Terms:

• Eventarc is a fully managed eventing service that connects events from Google Cloud and SaaS applications to target systems like Cloud Run, Cloud Functions, Kubernetes Engine, Workflows and Internal HTTP Endpoints (Preview).
• Network attachment is a resource that lets a producer Virtual Private Cloud (VPC) network initiate connections to a consumer VPC network through a Private Service Connect interface.

Note: At the time of writing this article, services like Network Attachment and Eventarc Internal HTTP Endpoint feature were available as preview only(pre-GA) offerings.

Key Points:

• The architecture uses the Eventarc trigger which declares your interest in a certain event and enables you to configure event routing by specifying filters for the trigger, including the event source, and the target destination.
• The SICF service URL will be configured as the internal (Private) HTTP Endpoint within the Eventarc trigger.
• Firewall rule will also need to be define for your VPC network to allows ingress traffic from a specific IP address range to any instance on the network using port 8080 (Assuming the SAP system HTTP service is using 8080 port)
• The entire setup is no-code setup as Eventrac would take up the task of calling the Internal HTTP Endpoint (SAP SICF HTTP Service), but please note that internal service has to be unauthenticated as currently there is no provision to save the service credentials.
• As Eventarc supports events provided from various Google Cloud sources, you can create triggers for them as well. For example you can trigger the SAP SICF HTTP service when a file is uploaded on the specific Google Cloud Storage bucket (Example Event: google.cloud.storage.object.v1.finalized)

Conclusion:

This innovative design eliminates the need for a public endpoint, enabling seamless communication between Google Cloud Pub/Sub and SAP. By leveraging the power of Google Eventarc and Network Attachment, you can effortlessly connect SAP SICF services to Google Cloud, empowering SAP processes to react swiftly to events from diverse sources.

In an upcoming blog post, I will provide a step-by-step guide to implementing these architectures using ABAP SDK for Google Cloud. Stay tuned to embark on this transformative journey!

Join the community today !!!!

The ABAP SDK for Google Cloud Community is now open! This is a place for you to ask questions, share knowledge, and collaborate with other ABAP developers who are using Google Cloud. We encourage you to get involved in the community and help us make the ABAP SDK for Google Cloud even better. We have a lot of exciting things planned for the future, and we want you to be a part of it.

Click the link to join and innovate with us.

Subscribe to the youtube channel where you would find, a quick 5 minutes overview covering the design principles and capabilities of ABAP SDK, reference architectures and art of the possible SAP solutions based on Google’s AI services, Google Workspace APIs and Google Maps Platform APIs…. along many more insightful references.

Follow this medium tag for more content on ABAP SDK for Google Cloud.

Happy Learning! and Happy Innovating!