Connect Microsoft Power Platform and SAP
Power Platform offers two connectors to fit varying needs for integrating with your SAP environments. The SAP ERP and SAP OData connectors allow you to easily access and manipulate SAP data, including creating custom applications and agents and automating workflows. Both connectors support data encryption in motion. Secure Network Communications (SNC) encrypts data between the on-premises data gateway and SAP.
SAP ERP connector
The SAP ERP connector uses SAP Remote Function Calls (RFCs) protocol to connect to your SAP ERP environments for create, read, and update operations on SAP data. The connector also uses Business APIs (BAPIs) and tables, including intermediate documents (IDOCs). The ERP connector is compatible with SAP ECC and S/4HANA environments and any SAP product that runs on the NetWeaver stack. The SAP ERP connector supports SAP authentication, Windows authentication, and Microsoft Entra ID with Kerberos or certificates.
The SAP ERP connector runs on SAP's API layer, which typically has better system performance than running the same activity in the SAP GUI. As more users transition off the SAP GUI and to an external user interface like a canvas app, CPU consumption on the SAP servers drops significantly.
The SAP ERP connector uses the message server to invoke APIs that create, read, and update SAP data. This traffic typically flows over port 33XX for single application servers or port 39XX for load-balanced connections, where XX is the system number of the SAP instance.
SAP OData connector
The SAP OData connector can consume data from all SAP products that support the OData Version 4.01 protocol. Using the OData connector with SAP ECC or prior versions requires configuration of OData endpoints that are not included in the ECC out-of-box setup. The SAP OData connector supports basic, anonymous, Microsoft Entra ID using Azure API Management, and Microsoft Entra ID using SuccessFactors (preview) authentication.
On-premises data gateway
An on-premises data gateway acts as a bridge to securely transfer data between on-premises systems and Microsoft cloud services. A Windows virtual machine (VM) with at least 8 GB of RAM is required for the on-premises data gateway, which acts as a proxy server to listen for requests from your Power Platform tenant and relays them to SAP. One Windows machine is sufficient for testing, but a cluster of Windows VMs should be set up for deployment to production to avoid single points of failure.
The recommended practice is to set up a separate gateway for each environment. This practice allows you to test changes without affecting other environments, and eliminates any risk of development testing affecting test and production environments.