Add an example: "Off-Internet-topology-options"

README.md

@@ -1,8 +1,6 @@
-# SAP Private Link service use cases for SAP Cloud Integration and SAP Launchpad  
+# SAP Private Link Service Use Cases for SAP Cloud Integration and SAP Build Work Zone, Standard Edition
 
-<!--- Register repository https://api.reuse.software/register, then add REUSE badge:
-[![REUSE status](https://api.reuse.software/badge/github.com/SAP-samples/REPO-NAME)](https://api.reuse.software/info/github.com/SAP-samples/REPO-NAME)
--->
+[![REUSE status](https://api.reuse.software/badge/github.com/SAP-samples/btp-privatelink-approuter)](https://api.reuse.software/info/github.com/SAP-samples/btp-privatelink-approuter)
 
 ## Description
 
@@ -19,21 +17,32 @@ The main idea of this architecture is to use the Application Router as a proxy f
 ![solution diagram](./img/approuter-cloudintegration.png)
 
 
-## SAP Private Link service for frontend applications accessible from SAP Launchpad Service 
+## SAP Private Link service for frontend applications accessible from SAP Build Work Zone, Standard Edition
 
-SAP Launchpad service plays an important role to increase users’ productivity and efficiency by enabling organizations to establish a central point of access to SAP, custom-build, third-party applications, and extensions.  
+SAP Build Work Zone, Standard Edition plays an important role to increase users’ productivity and efficiency by enabling organizations to establish a central point of access to SAP, custom-build, third-party applications, and extensions.  
 
 The frontend extensions of your SAP S/4HANA system running on SAP BTP can now also benefit from the new SAP Private Link service by establishing private connectivity to your SAP backend systems.  
 
 Like the above-mentioned scenario, the main idea of this architecture is to use the Application Router as a proxy for the private connectivity between SAP S/4HANA and frontend extensions running on SAP BTP. Detailed configuration steps can be found [here](approuter-launchpad/).
 
->Please note that for the moment, we cannot use SAP Private Link service directly from SAP Launchpad service; nevertheless, we can bridge this gap with help of SAP’s Application Router (approuter), which can play the role of a proxy between SAP Private Link service and SAP Launchpad service, meanwhile product team is working to enable direct integration.
+>Please note that for the moment, we cannot use SAP Private Link service directly from SAP Build Work Zone; nevertheless, we can bridge this gap with help of SAP’s Application Router (approuter), which can play the role of a proxy between SAP Private Link service and SAP Build Work Zone, Standard Edition, meanwhile product team is working to enable direct integration.
 
 >Please note that this scenario covers only the frontend extensions. The federated SAP S/4HANA content is out of scope.
 
 ![solution diagram](./img/approuter-launchpad.png)
 
 
+# Azure Blob Storage connectivity to SAP Cloud Integration with help of SAP Private Link service
+
+With the help of the SAP Private Link service, Azure Blob storage can now be linked to SAP Cloud Integration, enabling the easy exchange of massive amounts of unstructured data like images and documents. This integration provides a secure solution for businesses that need to transfer unstructured data between the two platforms.
+
+The main idea of this architecture is to use the Application Router as a proxy for the private connectivity between Azure Blob Storage and SAP Cloud Integration. The detailed configuration steps can follow [here](azure-blob-approuter-cloud-integration/).
+
+>Please note that for the moment, we cannot use SAP Private Link service directly from SAP Cloud Integration; nevertheless, we can bridge this gap with help of SAP’s Application Router (approuter), which can play the role of a proxy between SAP Private Link service and SAP Cloud Integration, meanwhile product team is working to enable direct integration.
+
+![solution diagram](./img/azure-blob-cloud-integration.png)
+
+
 ## How to achieve this?  
 
 [Application Router](https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/01c5f9ba7d6847aaaf069d153b981b51.html?locale=en-US) is a package available in the public [npm repository](https://www.npmjs.com/package/@sap/approuter), usually used as a single-entry point to your applications. It can help dispatch incoming requests to other microservices, facilitate authentication & authorization, and finally integrate other SAP BTP services like the Destination service or the HTML5 Application Repository.  

REUSE.toml

@@ -0,0 +1,11 @@
+version = 1
+SPDX-PackageName = "btp-privatelink-approuter"
+SPDX-PackageSupplier = "harutyun.ter-minasyan@sap.com"
+SPDX-PackageDownloadLocation = "https://github.com/SAP-samples/btp-privatelink-approuter"
+SPDX-PackageComment = "The code in this project may include calls to APIs (\"API Calls\") of\n SAP or third-party products or services developed outside of this project\n (\"External Products\").\n \"APIs\" means application programming interfaces, as well as their respective\n specifications and implementing code that allows software to communicate with\n other software.\n API Calls to External Products are not licensed under the open source license\n that governs this project. The use of such API Calls and related External\n Products are subject to applicable additional agreements with the relevant\n provider of the External Products. In no event shall the open source license\n that governs this project grant any rights in or to any External Products,or\n alter, expand or supersede any terms of the applicable additional agreements.\n If you have a valid license agreement with SAP for the use of a particular SAP\n External Product, then you may make use of any API Calls included in this\n project's code for that SAP External Product, subject to the terms of such\n license agreement. If you do not have a valid license agreement for the use of\n a particular SAP External Product, then you may only make use of any API Calls\n in this project for that SAP External Product for your internal, non-productive\n and non-commercial test and evaluation of such API Calls. Nothing herein grants\n you any rights to use or access any SAP External Product, or provide any third\n parties the right to use of access any SAP External Product, through API Calls."
+
+[[annotations]]
+path = "**"
+precedence = "aggregate"
+SPDX-FileCopyrightText = "2022 SAP SE or an SAP affiliate company and btp-privatelink-approuter contributors"
+SPDX-License-Identifier = "Apache-2.0"

approuter-launchpad/README.md

@@ -1,6 +1,6 @@
-# SAP Private Link service for frontend applications accessible from SAP Launchpad Service
+# SAP Private Link service for frontend applications accessible from SAP Build Work Zone, Standard Edition
 
-SAP Launchpad service plays an important role to increase users’ productivity and efficiency by enabling organizations to establish a central point of access to SAP, custom-build, third-party applications, and extensions.  
+SAP Build Work Zone, Standard Edition plays an important role to increase users’ productivity and efficiency by enabling organizations to establish a central point of access to SAP, custom-build, third-party applications, and extensions.  
 
 The frontend extensions of your SAP S/4HANA system running on SAP BTP can now also benefit from the new SAP Private Link service by establishing private connectivity to your SAP backend systems.  
 
@@ -49,22 +49,22 @@ Another benefit of using Business Application Studio is, that you can add a new
 
 ![metadata](../img/metadata.png)
 
-Please also add the **flp configuration**, so we can later register our application in the SAP Launchpad service.
+Please also add the **flp configuration**, so we can later register our application in the SAP Build Work Zone, Standard Edition.
 
 ![FLP](../img/flp-wizard.png)
 
-## Expose the application as a content provider for the SAP Launchpad service
+## Expose the application as a content provider for the SAP Build Work Zone
 
-To expose our app with a **Standalone Application Router** as a Content Provider for SAP Launchpad service, a couple of further steps are required. 
-First of all, we need to change the app settings to a multitenant application by using the saas-registry service. Then we can subscribe to the application and add the app to SAP Launchpad Service. Please follow the [help documentation](https://help.sap.com/docs/Portal_Service/ad4b9f0b14b0458cad9bd27bf435637d/8a25fddb747f4ba992969049de96f836.html?locale=en-US) or have a look at the provided [sample application](mta.yaml).
+To expose our app with a **Standalone Application Router** as a Content Provider for SAP Build Work Zone, a couple of further steps are required. 
+First of all, we need to change the app settings to a multitenant application by using the saas-registry service. Then we can subscribe to the application and add the app to SAP Build Work Zone. Please follow the [help documentation](https://help.sap.com/docs/Portal_Service/ad4b9f0b14b0458cad9bd27bf435637d/8a25fddb747f4ba992969049de96f836.html?locale=en-US) or have a look at the provided [sample application](mta.yaml).
 
 >Note: This step is required since we are not using the Managed Application Router
 
 After adding the required configuration please deploy the app and subscribe to the multitenant application 
 
 ![saas-subscription](../img/saas-subscription.png)
 
-## Register the frontend application in the SAP Launchpad service
+## Register the frontend application in the SAP Build Work Zone, Standard Edition
 
 Go to Content Manager and look for "PrivateLinkProxy" as a provider (this will be available once you subscribe to the application in the previous step)
 
@@ -78,13 +78,13 @@ Go to "My Content" and add the selected Fiori application to your **Group, Catal
 
 ![saas-subscription](../img/flp-app-catalog.png)
 
-Launch the Launchpad, where you will find your Fiori application with SAP Private Link service connectivity
+Launch the SAP Build Work Zone, where you will find your Fiori application with SAP Private Link service connectivity
 
 ![saas-subscription](../img/flp-plink-app.png)
 
 ## Summary
 
-Congratulations, you successfully registered your Fiori application with Standalone Application Router to SAP Launchpad with SAP Private Link service connectivity
+Congratulations, you successfully registered your Fiori application with Standalone Application Router to SAP Build Work Zone, Standard Edition with SAP Private Link service connectivity
 
 
 

approuter-launchpad/ui/package.json

@@ -13,8 +13,7 @@
     "devDependencies": {
         "@ui5/cli": "^2.14.1",
         "@sap/ux-ui5-tooling": "1",
-        "@sap/ux-specification": "UI5-1.102",
-        "@sap/ux-ui5-fe-mockserver-middleware": "1",
+        "@sap-ux/ui5-middleware-fe-mockserver": "2",
         "@sap/ui5-builder-webide-extension": "^1.1.8",
         "ui5-task-zipper": "^0.5.0",
         "mbt": "^1.2.18"
@@ -33,12 +32,12 @@
     "ui5": {
         "dependencies": [
             "@sap/ux-ui5-tooling",
-            "@sap/ux-ui5-fe-mockserver-middleware",
+            "@sap-ux/ui5-middleware-fe-mockserver",
             "@sap/ui5-builder-webide-extension",
             "ui5-task-zipper",
             "mbt"
         ]
     },
     "sapux": true,
     "sapuxLayer": "CUSTOMER_BASE"
-}
+}

azure-blob-approuter-cloud-integration/README.md

@@ -0,0 +1,135 @@
+# Azure Blob Storage connectivity to SAP Cloud Integration with help of SAP Private Link service
+
+The SAP Cloud Integration capability of SAP Integration Suite enables enterprises to connect different systems and applications in hybrid and cloud landscapes, that are developed and maintained on different technology stacks. These stacks, usually follow different security standards and requirements. 
+
+With the help of the SAP Private Link service, you can extend your hybrid integration scenarios to suit stricter security policies and communicate with your workloads on Microsoft Azure through private network connectivity. Azure Blob storage can now be linked to SAP Cloud Integration, enabling the easy exchange of massive amounts of unstructured data like images and documents. This integration provides a secure solution for businesses that need to transfer unstructured data between the two platforms.
+
+The main idea of this architecture is to use the Application Router as a proxy for the private connectivity between Azure Blob Storage and SAP Cloud Integration. Detailed configuration steps you can find below.
+
+>Please note that for the moment, we cannot use SAP Private Link service directly from SAP Cloud Integration; nevertheless, we can bridge this gap with help of SAP’s Application Router (approuter), which can play the role of a proxy between SAP Private Link service and SAP Cloud Integration, meanwhile product team is working to enable direct integration.
+
+![solution diagram](../img/azure-blob-cloud-integration.png)
+
+## Create a Service Instance for SAP PrivateLink Service
+
+You can either use the **CLI** or **BTP Cockpit** to create a service instance. Below you can find sample command.
+
+>Please note to replace the **resourceId** with your Azure Blob Storage resourceId
+
+```bash
+cf cs privatelink standard privatelink-blob -c '{"requestMessage":"Please approve blob connection","resourceId":"/subscriptions/xxxxx/resourceGroups/tests-services/providers/Microsoft.Storage/storageAccounts/xxxx","subResource":"blob"}'
+```
+
+After initiantion, remember to approve the connection request from **Azure Portal**
+
+
+
+
+
+## Configure and deploy Application Router 
+
+You can clone this repository and use the provided sample approuter by using the IDE of your choice.
+
+Another approach is using **SAP Business Application Studio (BAS)**, where you can take advantage of the provided templates for your Application Router configuration.
+
+If you choose BAS, select **Standalone Approuter** as an option in the template wizard. 
+
+![Approuter configuration](../img/approuter-config.png)
+
+Define the route and the destination used for the SAP Private Link connectivity. This can be done in the xs-app.json file where **blob-approuter** is the destination configured for SAP Private Link connectivity in the target SAP BTP subaccount (see destination configuration below).  
+
+>NOTE: Please change the **source** and **target** properties as required in your scenario (e.g. other path instead of /myfiles)
+
+
+```json
+{
+  "authenticationMethod": "route",
+  "routes": [
+    {
+        "source": "^/myfiles/(.*)$",
+        "target": "/myfiles/$1",
+        "destination": "blob-approuter",
+        "authenticationType": "xsuaa",
+        "csrfProtection": false
+    }
+  ]
+}
+```
+
+![Destination configuration](../img/destination-blob.png)
+
+
+After setting up the route with destination and authentication, you can deploy the Application Router to your SAP BTP subaccount e.g. by
+
+```bash
+mbt build && cf deploy mta_archives/privatelink-proxy_0.0.1.mtar
+```
+
+Once the Application Router is up and running, it can be used by your integration flows to connect with the Azure Blob Storage. 
+
+## Use the Application Router proxy in SAP Cloud Integration iFlows
+
+All your standard integration patterns can stay the same, you need to add a couple of additional steps to use the approuter proxy with the private link connectivity to your Azure Blob Storage.
+
+![iflow](../img/iflow-blob.png)
+
+Following additional steps are required:
+
+1.	Get the access token from the XSUAA component of approuter. Please maintain the *client_id* and *client_secret* of XSUAA component as **"User Credentials"** in the **Security Material** of SAP Cloud Integration
+
+ ![iflow xsuaa connection](../img/iflow-connection.png)
+
+2.	Transform the response to XML (to add in a next step the custom header attribute)
+
+  ![iflow converter](../img/iflow-converter.png)
+
+3.	Modify the content by adding the header “x-approuter-authorization” (required by approuter) from the Authorization header value
+
+  ![iflow modifier](../img/iflow-content-modifier.png)
+
+4.	Make the final call to the approuter, which will route the request to Azure Blob Storage via Private Link connectivity
+
+  >The address correspondence to the Approuter URL 
+
+  ![iflow azure blob requiest](../img/iflow-azure-blob-connect.png)
+
+Having all these steps in place, you can deploy the integration flow and test it by calling your integration endpoint.
+
+The example iFlow configuration you can get [here](iflow/PrivateLinkProxyAzureBlob.zip) and import to your SAP Cloud Integration tenant.
+
+Go to your Cloud Integration cockpit and **import** the above-provided package.
+
+  ![iflow import](../img/iflow-import.png)
+
+Open the imported package
+
+  ![iflow import](../img/iflow-import-open.png)
+
+Open the integration flow
+
+  ![iflow import](../img/iflow-blob-open.png)
+
+Configure the parameters based on your tenant
+
+  ![iflow import](../img/iflow-configure-blob.png)
+
+Provide the XSUAA URL and Credential name from Security Material
+
+  ![iflow import](../img/iflow-configure1-blob.png)
+
+Provide the Approuter URL
+
+  ![iflow import](../img/iflow-configure2-blob.png)
+
+Deploy the iFlow
+
+  ![iflow import](../img/iflow-deploy-blob.png)
+
+After deployment you can run your integration flow based on SAP Private Link connectivity.
+
+## Summary
+
+Congratulations, you successfully connected your hybrid integration flow with the SAP Private Link service
+
+
+