1

2
3
4
5
6
7
8
9
Also ledgers, EKAER Number for Hungary...
11
12
13
14
15
16
17
Communication platforms: 1) SAP CP, integration service; 2) SAP EU; 3)
3rd Party

18
19
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Before you Start
For the VAT Register for Spain you create and submit electronic documents to the tax authorities (Immediate Information Sharing system, SII) using the eDocuments solution.
Note: For more information about the eDocuments solution for Spain, see SAP Help Portal at https://help.sap.com. Search for the product SAP ERP, select the version as required and open SAP Library under Application Help. Select SAP ERP Central
Component -> Accounting or Logistics-> Country Versions -> (select Spain)->Cross-Application Functions -> eDocument.
To be able to create and submit eDcouments for VAT Register, you need to install and configure the following:
eDocument Framework
SAP ERP, option for e-document processing
SAP Cloud Platform Integration
Besides that, you need to maintain Spain-specific settings for the VAT Register. See the Appendix section for more information.
Refer to the following sections for detailed information.
1 Install the eDocument Framework
Description
The eDocument Framework is a set of generic features in SAP ERP or SAP S/4HANA that enables you to create eDocuments out of source documents created in various source applications such as Financial Accounting (FI) or Sales and Distributions
(SD).
You create and manage your eDocuments in the eDocument Cockpit.
Installation Steps

Step
How to
Prerequisite:
Install SAP ERP or SAP S/4HANA in your system
Install the latest Support Package (SP) existing for your release.
Alternatively, if you do not install the SP, you can manually install the SAP Notes mentioned in the SAP Note linked.

Please note: SAP Note Transport-Based Correction Instructions (TCI) is planned to be released by the middle of March. SAP suggests to install TCI instead of all the notes above.

Go to SAP note 2134248 à Notes for eDocument Framework

Proceed with the settings explained in the link to customize SAP ERP or S/4HANA for eDocument
General Settings and Business and Add-Ins to customize SAP ERP for eDocument
Note: The views are only displayed in the SPRO transaction if you have installed the support package. Otherwise, you can access the customizing views using SM30 transaction. However, the documentation will not be available in the system. As a
workaround, you can find the customizing view documentation in the attachment of SAP Note 2170013.
Proceed with the steps explained in the link to maintain further settings in SAP ERP or S/4HANA for eDocument
Implementation Considerations for eDocument in SAP ERP

2 Install the ERP, option for e-document processing add-on

Description
The eDocument Full solution requires that you implement the ERP, option for e-document processing add-on. This add-on has a limited runtime usage right for the Application Interface Framework (AIF) and is used to map the transactional data to the
required XML format.
Installation Steps
Step
How to
Acquire a license for the ERP, option for e-document processing add-on.
For more information, refer to the SAP Note 2378414 or contact your SAP Account Executive.
Install/upgrade AIF
Refer to SAP Note 2071823 for information on how to install and upgrade AIF in your system.
Install the latest Support Package (SP) existing for your release.
Alternatively, if you do not install the SP, you can manually install the SAP Notes mentioned in the SAP Note linked.

Go to SAP note 2134248 à Notes for SAP ERP option for e-document processing add-on
After you have installed the SP or the notes, proceed with the steps explained to integrate both SAP ERP and SAP AIF
Implementation Considerations for eDocument in SAP AIF

Useful links
For more information about AIF, see the application help here
3 Implement SAP Cloud Platform Integration
Description
You use SAP Cloud Platform Integration to establish communication with the external system by using Web services to send data from SAP ERP/SAP AIF and to receive data from the external systems. This application also formats the data to comply
with the Web service parameters, signs the document digitally, and establishes a secure connection using SSL.
Installation Steps
Step
How to
Subscribe to SAP Cloud Platform Integration. For more information, contact your SAP Account Executive.

Access SAP Cloud Platform Integration

Once you subscribe to SAP Cloud Platform Integration, you will be provided with an SDN account that enables you to access the platform using this link https://cloudintegration.hana.ondemand.com
Get HCI Certificates
Download the certificates from the link received in the provisioning e-mail for your tenant from SAP Cloud Operations Team.
Proceed with the steps in the linked page in order to configure SAP NetWeaver AS for ABAP to support SSL
Configuring SAP NetWeaver AS for ABAP to support SSL
Proceed with the steps in the HCI guide linked in order to use HCI for eDocument

HCI guide (Best access via Chrome or Firefox)

36
Please note: this link only works if you already have the SDN
account mentioned above. Alternatively, you can access this
document by following the steps below:

In the catalog page, look for the eDocument: electronic Invoice

for Spain package. Click on the package to get to the eDocument
Spain page. On this page, click on Documents icon to find the
eDocument Spain – Electronic Invoicing ERP SOAMANAGER
and HCI Set-Up.
The document guides you through all necessary settings you need
to make in HCI to enable the eDocument Full solution for Spain. It
contains the following chapters
Set up the iFlows
Download integration flows and adapt them
Deploy the certificate and the credentials to the HCI tenants
Set up the connection with ERP on test/productive tenants
Deploy integration flows on test/productive tenants
Create the logical ports in ERP SOAMANAGER
Testing the solution

Useful links
For more information about SAP HANA Cloud Platform Integration,
see on the SAP Help Portal here

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
From SAPPHIRE Now 2016 – Quote from Bernd Leukert’s keynote:

“SAP CP Integrations become the future SAP integration technology.

Remember that!
The new standard integration model to integrate our entire portfolio will
be based on this technology supporting both - cloud to cloud or as well
on premise to cloud scenarios. And the integration content for our
products will be delivered by us.
But this technology is open as well for all the partners who want to bring
in their content to connect their solutions to the digital core.

So the SAP CP and related integration services will become a

mandatory component in your entire landscape if you don't want to give
up your biggest asset of integration.”

Video http://events.sap.com/sapandasug/en/session/26902 (starting at

min 39).

51
52
53
54
Germany
Virginia
Austaralis

55
56
57
58
59
n Provides an overall management and control framework for managing
the organization's information security risks

n It ensures an increased security and reliability of information systems,

a high level of security awareness of SAP’s employees and
demonstrates due diligence.

60
61
62
63
64
SAP CP Integration packages as of May 9th 2016

65
.

66
67
68
We have a 2 or 3-tier system landscape for integration (i.e. 2 or 3
systems for an OnDemand app, 2 or 3 systems for an OnPremise
system, 2 or 3 SAP CP Integration systems). So called 2-tier are
possible (test landscape would be discarded). As of February there
are discussions which type to use.
Note that both on the customer site as well as in the Avatar Cluster,
2 tier landscapes are technically also possible.

Development content can be fetched from GIT and ESR, be

adjusted in local Eclipse, be deployed on test system. Integration
specific adaptations are done on the corresponding application
systems too.

20
70
71
72
73
74
75
76
77
78
79
80
81
82
83
Ø Login, Logout, Session Handling - The Integration developer need not create separate flow steps and manage the
Login/Logout calls. Adapter internally handles Login, SessionID management and Logout when connecting to the
SuccessFactors system.
Ø SFQL Modeling support – With the Operations Modeler a step by step guided UI is available using which the
Successfactors Query Language (SFQL) can be modeled. The Operations Modeler ensures that the SFQL generated is
as per the semantics required by SuccessFactors system. The Modeler ensures the user is presented with the required
fields and operations based on the Entity being selected. Example in case of Insert operation the required fields are
automatically populated; In case of Query only queryable fields are shown; the Modeler shows up only the supported
operations for an Entity, example in case an Entity does not support Upsert this is not shown up in the Modeler. The
Operation Modeler ensures that the Integration developer only specifies the correct SFQL.
Ø Query, Insert, Upsert, Update – The Adapter supports all the standard operations of SFAPI.
Ø Simple, Compound API support – With the Operations Modeler one can configure both the Simple as well as
Compound SuccessFactors API. The Adapter allows calling of both these types of API.
Ø Simple API’s are SuccessFactors Entities with a flat field structure. Compound API’s are Entities with a nested
structure. The Compound API Entity in SuccessFactors is the CompoundEmployee Entity. More information on
SuccessFactors API is available in the blog Employee Central Entities and Interfacing
Ø Auto XSD generation for mapping – When SFQL is modeled using the Operations Modeler the XSD (data format in
which the messages are exchanged with the SuccessFactors system) is automatically generated which can be used in
Message Mapping.
Ø Scheduler to poll at specified intervals – In case the integration scenario has the requirement of polling the
SuccessFactors system at regular intervals the Adaptre can be used as a Sender channel in which case a Scheduler is
available. The scheduler allows a lot of easy settings in the UI [Example: Schedule on the 3rd of every month, schedule
every day at hh:mm hours, schedule everyday between xx-yy hours, schedule on mm-dd-yyy between xx-yy hours]
Ø Delta sync to fetch only changed records – There is no need to explicitly create logic to fetch changed records after
a previous run. This is specifically required when SuccessFactors is used in polling scenarios and it is required to fetch
only changed records in subsequent runs. To enable this Delta Sync option has to be included as a parameter on the
query. The Operations Modeler enables inclusion of this parameter in an easy manner.
Ø Dynamically pass values to SFQL Query – It is possible to dynamically pass values to the SFQL based on the input
payload. Example if you have an existing message payload in your message bus and you would like to use this in your
SFQL query filter condition you could do so by specifying the XPATH from where the content can be read. The
Operations Modeler enables inclusion of this parameter in an easy manner.
Ø Multiple SFSF calls and merge payload –In case you have a requirement to make separate calls to different Entities
in the SuccessFactors system and merge the payload you can use the SuccessFactors Adapter with the Content
Enricher step. By using the multi-mapping (Multiple source XSD to one destination XSD) capability you can merge the
payload to a single structure if required.
Ø OData Support – The SFSF Adapter has been extended to support SuccessFactors Adhoc and OData API's along with
several other features. Within the channel configuration, by switching the message protocol from SOAP to ODATA, you
can communicate with the OData API's exposed by the SuccessFactors system. It currently focuses on the
consumption of OData services and hence available only as a receiver channel. All OData operations are supported
and you can choose the desired operation within the channel configuration itself.
Ø OData API - The SFSF adapter can be used to communicate with the SuccessFactors OData API's. The OData
operations supported by the SFSF adapter are Query, Read, Create, Update, Merge & Delete
Ø Support for REST Protocol: REST (Representational State Transfer) is an software architecture style for designing
client-server applications based on HTTP which is less complex than the SOAP (Simple Object Access Protocol)
approach, which requires dedicated server programs (producer of data) and a client programs (consumer of data) for
exchange data. REST permits many different data formats whereas SOAP only permits XML. REST supports JSON
and AtomPub which are part of the OData web protocol.

84
85
86
87
88
89
90
91
SAP TechEd 08

Eavesdropping
Eavesdropping means the act of listening to a private conservation. Eavesdropping in terms of network and security is the intentional interception of data
(such as usernames, passwords, credit cards etc) as it passes from a user computer to a server and vice versa.
SQL Injection
SQL Injection happens when a developer accepts user input that is directly placed into a SQL Statement and doesn't properly filter out dangerous
characters. This can allow an attacker to not only steal data from your database, but also modify and delete it.
Buffer Overflow
A buffer overflow occurs when a program or process tries to store more data in a buffer than it was intended to hold. Since buffers are created to contain a
finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in
them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In
buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer
that could, for example, damage the user's files, change data, or disclose confidential information.
Tampering
Tampering means changing or deleting a resource without authorization. One example is defacing a Web page, where the malicious user gets into your
site and changes files.
Repudiation
Repudiation means denial of authenticity or sending or receiving of a message.
Non repudiation is the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the
sending of a message that they originated.
On the Internet, the digital signature is used not only to ensure that a message or document has been electronically signed by the person that purported to
sign the document, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the
signature.
Data Integrity
Integrity, in terms of data and network security, is the assurance that information can only be accessed or modified by those authorized to do so. Measures
taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining
rigorous authentication practices.
Spoofing
To spoof is to impersonate a user or process in an unauthorized way. At its simplest, spoofing can mean typing in a different user's credentials. A malicious
user might also change the contents of a cookie to pretend that he or she is a different user or that the cookie comes from a different server.
Denial of service
A denial of service attack is to deliberately cause an application to be less available than it should be. A typical example is to overload a Web application so
that it cannot serve ordinary users. Alternatively, malicious users might try to simply crash your server.
Masquerading
In terms of communications security issues, a masquerade is a type of attack where the attacker pretends to be an authorized user of a system in order to
gain access to it or to gain greater privileges than they are authorized for. A masquerade may be attempted through the use of stolen logon IDs and
passwords, through finding security gaps in programs, or through bypassing the authentication mechanism.
The attempt may come from within an organization, for example, from an employee; or from an outside user through some connection to the public
network. Weak authentication provides one of the easiest points of entry for a masquerade, since it makes it much easier for an attacker to gain access.
Once the attacker has been authorized for entry, they may have full access to the organization's critical data, and (depending on the privilege level they
pretend to have) may be able to modify and delete software and data, and make changes to network configuration and routing information.
SAP TechEd 08
See RFC 1945 - http://tools.ietf.org/html/rfc1945#section-11 for BASIC
Auth Spec

94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
There is the option to set up multiple tenant management nodes for a
tenant in order to implement failover scenarios and thus to ensure high
availability. When one management node fails, one of the additional
nodes can take over the tasks.

129
130
131
132
133
134
135
136
137