General
BlueWorx can be used against the following software releases.
BlueWorx Support Pack 14
The use of new and improved controls means that Support Pack 13 plus requires higher releases to the Neptune Software and SAPUI5 libraries as follows:
Supported Neptune Software Versions
- Neptune DXP23
Support SAP Software Versions
- ECC6 EHP6 plus
- SAP NetWeaver 7.31 plus
- S4 HANA 1809, 1909, 2020, 2021, 2022, 2023, 2023 FPS01
- SAPUI5 1.108
BlueWorx Support Pack 13
The use of new and improved controls means that Support Pack 13 plus requires higher releases to the Neptune Software and SAPUI5 libraries as follows:
Supported Neptune Software Versions
- Neptune DXP21 or
- Neptune DXP22
Support SAP Software Versions
- ECC6 EHP6 plus
- SAP NetWeaver 7.31 plus
- S4 HANA 1809, 1909, 2020, 2021, 2022
- SAPUI5 1.71.x or SAPUI5 1.108 (with Neptune DXP22 only)
BlueWorx Support Pack 12
The use of new and improved controls means that Support Pack 10 plus requires higher releases to the Neptune Software and SAPUI5 libraries as follows:
Supported Neptune Software Versions
- Neptune Planet 8: 6.0.18 - v6.0.24 or;
- Neptune DXP21
Support SAP Software Versions
- ECC6 EHP6 plus
- SAP NetWeaver 7.31 plus
- S4 HANA 1809, 1909, 2020, 2021
- SAPUI5 1.71.x
BlueWorx Support Pack 10 thru 11
The use of new and improved controls means that Support Pack 10 plus requires higher releases to the Neptune Software and SAPUI5 libraries as follows:
Supported Neptune Software Versions
- Neptune Planet 8: 6.0.18 - v6.0.24 or;
- Neptune DXP21
Support SAP Software Versions
- ECC6 EHP4 plus
- SAP NetWeaver 7.31 plus
- S4 HANA 1809, 1909, 2020, 2021
- SAPUI5 1.71.x
BlueWorx Releases prior to Support Pack 10
Supported Neptune Software Versions
- Neptune 4 SP3 and SP4
- Neptune 4 SP4
- Neptune Planet 8 - 5.3.1 through 6.0.20
Support SAP Software Versions
- ECC6 EHP4 plus
- SAP NetWeaver 7.31 plus
- S4 HANA 1809, 1909
- SAPUI5 1.44 through to 1.71.x
Please check with via a support ticket from this site for more specific compliance queries on other or new releases as we may be working on these.
Forward Releases
Generally speaking our advice to customers is that they should stick to the release ranges defined above and not get ahead of the supported BlueWorx releases. This is particularly relevant to the Neptune major releases.
On occasions customers have elected to move to S4 Hana releases not yet listed above as part of a larger work program. This can occur where they are an early adopter and we have not had the opportunity to get, install and test an SAP release particularly in the context of a Neptune release. Our customers experience in these circumstances has to date been very positive. That's because the SAP tables/ views/ functions in use by BlueWorx have remained as valid objects on upgrade. There have been either no or only minor adjustments that the BlueWorx support team has worked through with the customer's implementation team, for example: a single BAPI's shape definition change by SAP in the S4 HANA 1909 release. Such support, from an SAP Transport perspective, will only be limited if some as yet undiscovered technical change is found - in which case manual updates can generally be provided.
Based on what has been outlined above, and through our customers experience to date, we believe that the risk of moving to an SAP release not yet tested with BlueWorx is low, and that the risk to moving to an untested Neptune Software release is moderate.
Security Assessment
If this is the first time that you've exposed SAP services to the internet, and or deployed corporate mobile applications, then we strongly recommend the use of a security services company to test and mitigate your vulnerability to external attacks.
Multi-Factor Authentication (MFA)
Accenture strongly recommends the use of multifactor authentication (MFA) for the deployment of BlueWorx. The MFA option provides additional security to your BlueWorx application and, more importantly, your SAP ERP (ECC) system. It should be a conscious and considered decision not to deploy the application using MFA and, for Accenture delivered projects, should include a customer waiver acknowledging deployment against advice where not used.
If SAP GUI has been enabled for MFA then its use for BlueWorx (through Neptune Software) should be simpler. Neptune Software has provided a detailed video explaining the MFA steps for Azure AD with SAP and Neptune Software. This is available here: https://www.youtube.com/watch?v=tPINF0LNbTI
Mobile Devices
For discussion and requirements on mobile devices see Run BlueWorx
Optional ESRI Integration
For ESRI related information see: What ESRI Services does BlueWorx integrate with?
Systems Landscapes
There are a variety of systems landscape options that can be impacted by a number of factors – including existing infrastructure, data, network, and mobile security policies and standards. In general, we highly recommend that:
- BlueWorx is accessed through a secure HTTPs connection.
- SAP Web Dispatcher, or an equivalent security device, be used as part of a properly architected DMZ for external exposure.
The following summarily illustrates a selection of deployment options. Your SAP Basis and Network Security personnel should be able to recognise options specific to your site and security requirements from within these examples. In addition, there are authentication options with Neptune using Microsoft ADFS; SAP Portal; or SAP Mobile Cloud - see Neptune Our Architecture for more on this. Also, see the FAQ What about Application and Data Security.
Architectural Model Example 1 - SAP Web Dispatcher
Under this model, the SAP ERP system serves the BlueWorx Neptune content through SAP Web Dispatchers.
For some customers:
- There may not be a firewall between their Internal Users and the Server zone
- There may be a different security appliance used instead of SAP Web Dispatcher
- SAP ERP and Plant Maintenance
- SAP Web Dispatcher
Architectural Model Example 2 - SAP Web Dispatcher and VPN
Under this model, the SAP ERP system serves the BlueWorx Neptune content through SAP Web Dispatchers and a VPN. The activation of the VPN on the device can be a frustrating step for end users. So while technically viable, this option may not provide a viable long-term functional solution.
Some cellular providers also provide options for customer encrypted connections or offer an alternative VPN option.
Architectural Model Example 3 - SAP Gateway via Web Dispatcher
Under this model, the SAP ERP system and Gateway systems have the Neptune Add On installed. The UI traffic is served by the Gateway server with the connection to the ERP system using the RFC protocol.
The advantages of this option are:
- You can use a single destination for SAP Fiori and Neptune traffic from Gateway
- You have an added layer of protection and a protocol shift between Gateway and your ERP system.