BlueWorx can be used against the following software releases.

BlueWorx Support Pack 10 plus

The use of new and improved controls means that Support Pack 10 plus requires higher releases to the Neptune Software and SAPUI5 libraries as follows:

Supported Neptune Software Versions

  • Neptune Planet 8: 6.0.18 - v6.0.20

Support SAP Software Versions

  • ECC6 EHP4 plus
  • SAP NetWeaver 7.31 plus
  • S4 HANA 1809, 1909
  • SAPUI5 1.71.x

BlueWorx Releases prior to Support Pack 10

Supported Neptune Software Versions

  • Neptune 4 SP3 and SP4
  • Neptune 4 SP4
  • Neptune Planet 8 - 5.3.1 through 6.0.20

Support SAP Software Versions

  • ECC6 EHP4 plus
  • SAP NetWeaver 7.31 plus
  • S4 HANA 1809, 1909
  • SAPUI5 1.44 through to 1.71.x

Please check with Zag via a support ticket from this site for more specific compliance queries on other or new releases as we may be working on these.

Foward Releases

Generally speaking our advice to customers is that they should stick to the release ranges defined above and not get ahead of the supported BlueWorx releases. This is particularly relevant to the Neptune major releases. However, on occasion, customers have elected to move to S4 Hana releases not yet listed above as part of a larger work program. Their and our experience in these circumstances has been very positive. That's because the SAP tables/ views/ functions in use by BlueWorx have remained as valid objects on upgrade. There have been either no or only minor adjustments that the BlueWorx support team has worked through with the customer's implementation team. For example a single BAPI's shape definition change by SAP in the S4 HANA 1909 release. 

Two customers, as of Oct 21, are currently upgrading/ re-implementing to S4 HANA 2020, and have progressed through testing. To our knowledge, they have not experienced any S4 HANA 2020 | BlueWorx version-related issues. For this reason, while we have not fully internally tested against an S4 HANA 2020 release, we are confident we can provide technical support to your implementation team if you upgrade to the 2020 release prior to it being included above. Such support, from an SAP Transport perspective, will only be limited if some as yet undiscovered technical change is found. We believe the risk of that to be low.

Security Assessment

If this is the first time that you've exposed SAP services to the internet, and or deployed corporate mobile applications, then we strongly recommend the use of a security services company to test and mitigate your vulnerability to external attacks.

Multi-Factor Authentication (MFA)

Zag (part of Accenture) strongly recommends the use of multifactor authentication (MFA) for the deployment of BlueWorx. The MFA option provides additional security to your BlueWorx application and, more importantly, your SAP ERP (ECC) system. It should be a conscious and considered decision not to deploy the application using MFA and, for Accenture delivered projects, should include a customer waiver acknowledging deployment against advice where not used.

If SAP GUI has been enabled for MFA then its use for BlueWorx (through Neptune Software) should be simpler. Neptune Software has provided a detailed video explaining the MFA steps for Azure AD with SAP and Neptune Software. This is available here:

Mobile Devices

For discussion and requirements on mobile devices see Run BlueWorx

Optional ESRI Integration

For ESRI related information see:  What ESRI Services does BlueWorx integrate with?

Systems Landscapes

There are a variety of systems landscape options that can be impacted by a number of factors – including existing infrastructure, data, network, and mobile security policies and standards. In general, we highly recommend that:

  • BlueWorx is accessed through a secure HTTPs connection. 
  • SAP Web Dispatcher, or an equivalent security device, be used as part of a properly architected DMZ for external exposure. 

The following summarily illustrates a selection of deployment options. Your SAP Basis and Network Security personnel should be able to recognise options specific to your site and security requirements from within these examples. In addition, there are authentication options with Neptune using Microsoft ADFS; SAP Portal; or SAP Mobile Cloud - see Neptune Our Architecture for more on this. Also, see the FAQ What about Application and Data Security.

Architectural Model Example 1 - SAP Web Dispatcher

Under this model, the SAP ERP system serves the BlueWorx Neptune content through SAP Web Dispatchers. 

 For some customers:

  • There may not be a firewall between their Internal Users and the Server zone
  • There may be a different security appliance used instead of SAP Web Dispatcher
  • SAP ERP 6 and Plant Maintenance
  • SAP Web Dispatcher

Architectural Model Example 2 - SAP Web Dispatcher and VPN

Under this model, the SAP ERP system serves the BlueWorx Neptune content through SAP Web Dispatchers and a VPN. The activation of the VPN on the device can be a frustrating step for end users. So while technically viable, this option may not provide a viable long-term functional solution.

Some cellular providers also provide options for customer encrypted connections or offer an alternative VPN option.

Architectural Model Example 3 - SAP Gateway via Web Dispatcher

Under this model, the SAP ERP system and Gateway systems have the Neptune Add On installed. The UI traffic is served by the Gateway server with the connection to the ERP system using the RFC protocol. 

The advantages of this option are:

  • You can use a single destination for SAP Fiori and Neptune traffic from Gateway
  • You have an added layer of protection and a protocol shift between Gateway and your ERP system.