Hi sunilk11,
I'll do my best to answer your questions below:
- Do I need to configure custom domains for Neo and CF portals separately? If yes, can the same primary Custom Domain be used for both the portals?
Simple answer is: Yes. Neo and CF are completely different platforms. So Portal service in Neo is different from CF. Just to let you know, Portal service in CF now has been replaced by Launchpad Service. Custom domain will require you to issue a valid certificate by a trusted CA. That certificate could be a wildcard certificate or a single host certificate. If you choose to use a wildcard certificate, it will be valid for the configuration of both custom domains. Meaning: the same wildcard certificate for domain "*.foor.bar" will be used for configuring "portal_A.foo.bar" and "portal_B.foo.bar". On Neo you will be using the NEO CLI to manage certificates and custom domain maintenance. On CF there is an UI to help you manage such tasks - but you could always rely on CF CLI & BTP CLI for such tasks as well.
Here are the documentations for Neo and CF respectively:
https://help.sap.com/viewer/ea72206b834e4ace9cd834feed6c0e09/LATEST/en-US/77cf0e6cd32e496c9cc8eeac4b...
https://help.sap.com/viewer/6f35a23466ee4df0b19085c9c52f9c29/LATEST/en-US/4f4c3ff62fd2413089dce8a973...
- I need to buy separate quotas for Neo and CF and then configure custom domains for Neo and CF portals separately?
When you subscribe to custom domains, you have a quota of up to 4 certificates - but just one can be used for productive usage. Therefore, if you plan on having more than one productive system on Neo, you should consider purchasing additional domain quotas for it.
Please read about quotas on CF here:
https://help.sap.com/viewer/6f35a23466ee4df0b19085c9c52f9c29/Cloud/en-US/b791984a063a48169b9e0b9af80...
My understanding on quotas is that they are shared between Neo and CF. Therefore, you should purchase production quotas to be used by both platform variants (1 for Neo and 1 for CF). However, IMHO, you should discuss about that topic with an SAP sales rep.
- If yes, can the same primary Custom Domain be used for both the portals (will all the applications hosted on CF and NEO would work on a single custom domain)?
I believe your understanding on the custom domain service is not correct when you think about Neo and CF. You purchase a the material number with your sales rep. Then you assign an entitlement to the platform you want. For CF the Global Account Manager can can do it via Control Center Cockpit. For Neo, you would be requesting this when you purchase the service. Therefore, if you purchase two units of the Custom Domain Service, you would have one for Neo and another for CF. This will allow you to upload the same SSL wildcard certificate for both Neo and CF for productive usage + 3 more certificates for each platform variant.
- As I understand, I need to set up 2 SSL hosts. Any special recommendations for SSL host and certificate for Neo and CF environment?
There are pros and cons while using SSL certificates. You could use single host SSL certificates which are well known and accepted by most browsers and corporations. The "newer" certificate type (wildcard and SAN) are more economic to purchase, but it wasn't well accepted by some entities out there. Nowadays, I would say wildcard and SAN certificates could be considered well accepted. It is up to you to choose which certificate you want to use. I would say your case falls into either the wildcard or the single host certificate cases - being the first more economic. In any case, you ought to either configure your public DNS for both hostnames you want to use or add a CNAME to your custom domains via Admin UI.
- Within my CF subaccount, there are multiple spaces (6 spaces in total); do I need to configure custom domain service for each of 6 spaces separately?
No. As Best Practice, you could create one space where you will be managing this service and domain configuration for all hostnames you need in CF.
- Can I use my existing domain (e.g. . edu.in) for on-prem portals or I have to buy another custom domain from NEO and CF domain registrars?
You could use any domain you would like - just as long as its SSL certificate is signed by a trusted CA that is well known to your audience. If your audience already has the root certificate for an internal CA, then its fine - because no one else will be accessing your portal anyway. However, if you plan on calling your portal from unknown machines or you don't know who your audience might use to access your portal site, then you ought to use a very well known and trusted CA to sign your certificate.
As state above, if this domain is managed by you on your corporate DNS, then you are going to be in charge of adding any related DNS entry to support requests being resolved at your site and forwarded to SAP BTP.
ATTENTION: certificates will expire and SAP will not send any notification about it. So, you ought to have an internal process to monitor the certificate expiration time. CAs will usually inform you when a certificate is about to expire by email communication. However, many companies will purchase a certificate with a personal account. Eventually when this person leaves the company and the certificate expires no one will be warned about an expired certificate.
Please let me know if you still have any further questions.
Best regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.