INSTALLING THE SAPCRYPTO LIBRARY AND STARTING THE SAPROUTERCONTENTS
This section describes the necessary steps to download and install the sapcrypto library for use with SAProuter. The SAProuter must be started with the options described later in this section. For License conditions of SAP Cryptographic Library please refer to SAP note 597059. Please note, that only for the connection between SAProuters at SAP and the first SAProuter on customer sites, certificates signed by a CA provided by SAP are being used. For all other uses of SAPCRYPTOLIB for SNC in backend connections, customers are free to choose any CA of their preference or simply use self-signed certificates as proposed by SAP for SNC connections in general. Downloading necessary software components from SAP Service Marketplace
Creating the certificate request
Additional actions necessary before you can start SAProuter
|
Reason and Prerequisites
A SAProuter connection to SAP (SAPserv X) has already been set up.
This note does not provide information on how to setup the SAProuter connection - see Note 35010.
Solution
The procedure for setting up the R/3 support connection is divided into three sections:
- Setting up SAProuter.
- Maintaining the system data in the SAP Support Portal of the SAP Service Marketplace.
Note that SAP employees can ONLY log on to servers that are maintained in the system data.
- Setting up the service in the SAP Support Portal of the SAP Service Marketplace and opening the service connection.
Setting up SAProuter:
- Check with which route permission table 'saprouttab' the used SAProuter works.
Create an entry of the type:
P <IP address SAP-SR> <IP server> <instance number>
Example:
P 147.204.2.5 10.10.10.10 3200
or for SNC encryption (SAPserv2):
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP Server>
<Instance number>
Example:
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.10.10.10 3200
in the corresponding table.
Instance number: Instance number, under which the R/3 system is accessible on this server. This number is NOT 3299, but in most cases 3200 or 3201. You can also maintain several instances.
- Read the changed table in the SAProuter with the command 'saprouter - n ' or restart the SAProuter.
- Check whether the SAProuter can reach the target host (IP address or, if necessary, host name) on the corresponding port of the application. If not, set up the network accordingly. Note that only the current SAProuter software supports all services. If necessary, update your SAProuter software.
Maintaining the system data in the SAP Support Portal of the SAP Service Marketplace:
System data maintenance:
- Log on to the SAP Support Portal, alias 'serviceconnection' (URL: http://service.sap.com/serviceconnection).
- Choose 'Manage connections'.
- Select the desired system by clicking the system ID.
- Choose 'Display system data' (in the lower part of the screen).
- Select the 'DB server' or 'Application server' tab.
- Choose 'Create server'.
- Enter the required data (IP address in particular). Note that the entries for the additional SAProuter are only needed if two SAProuters are to be used in a row on your side.
- Save the entries.
Creating the service and opening the connection:
- Log on to the SAP Support Portal, alias 'serviceconnection' (URL: http://service.sap.com/serviceconnection).
- Select the desired system by clicking the system ID
Creating the service:
- Choose 'Manage services'.
- Select the service R/3 Support by clicking the icon in front of the service name.
- Choose a contact person.
- Copy the selection using the 'Save' button at the end of the list.
- Press the back button to go back to the view 'Service connections - System SID'
Opening the connection:
- Use the 'Manage connections' button to display the list of the active services.
- Click the icon in front of the service to open the corresponding service connection. You can maintain the contact person manually or make a selection from the registered contact persons.
Reason and Prerequisites
You must already have a physical link to SAP (for example, using ISDN, VPN, and so on).
The addresses of external providers, such as network providers, are available in Notes 33953 (network providers Europe/EMEA), 200330 (network providers CIS and Baltic states), 40739 (network providers America), 37946 (network providers Asia), 39894 (network providers Japan) or 102414 (network providers Australia and New Zealand).
Solution
Table of contents:
1. Technical requirements
1.1 Setting up your network
1.2 Configuration of the SAProuter
1.3 Setting up your R/3 system
1.4 Testing the network connection to SAP
2. Setting up the service connection (access by SAP to your systems, support connection)
2.1 Releases on the SAProuter (for customer)
2.2 Maintaining your system data in the SAP Support Portal
2.3 Setting up or activating the service connections
2.4 Opening the service connection in the SAP Support Portal
1. Technical requirements
To set up the service connection, you require a data line to SAP. A SAProuter must also be installed and configured on both sides (customer, SAP).
1.1 Setting up your network
Choose the network type that you require for your remote connection:
- ISDN dial-up connection (Note 32500)
- Internet connection (VPN or SNC connection, see SAP Note 486688, or URL http://service.sap.com/internetconnection)
- Provider connection (SAP Note 33953 Europe/EMEA, SAP Note 200330 CIS and Baltic states, SAP Note 37946 Asia, SAP Note 39894 Japan, SAP Note 102414 Australia/New Zealand, or SAP Note 40739 America/Canada).
The main document for registering your connection/SAProuter IP address with SAP is SAP Note 28976 (Remote Connection Data Sheet). This SAP Note contains all of the information that you require when setting up your connection to SAP. You must therefore fill out this document completely and send it to SAP. SAP Note 28976 contains the contact addresses.
If you have any problems or any questions about this paragraph, create an incident under the component XX-SER-NET in the SAP Support Portal. This is located at http://service.sap.com/message (for help, see point 3).
1.2 Configuration of the SAProuter
Information about setting up the SAProuter is available in the SAP Support Portal at http://service.sap.com/saprouter or in Note 30289 "SAProuter documentation" (refer to the attachment).
If you have any problems or any questions about the SAProuter, create an incident under the component BC-CST-NI in the SAP Support Portal. This is located at http://service.sap.com/message (for help, see point 3).
1.3 Setting up your R/3 system
SAP Note 33135 describes the procedure for setting up transaction OSS1 for the connection test. You have to set up and test the connection in transaction OSS1, because RFC connections, for example, also transfer and use the settings that are maintained here.
If you have any problems or any questions about this paragraph, create an incident under the component XX-SER-NET in the SAP Support Portal. This is located at http://service.sap.com/message (for help, see point 3).
1.4 Testing the network connection to SAP
Perform a connection test to ensure that the settings, and therefore the function of the network connection to SAP, are correct.
If you have any problems or any questions about this paragraph, create an incident under the component XX-SER-NET in the SAP Support Portal. This is located at http://service.sap.com/message (for help, see point 3).
2 Setting up the service connection (access by SAP to your systems, support connection)
The service connection from SAP to your systems uses only the existing connection between the SAProuter in SAP and the SAProuter that is set up in your network infrastructure and registered with SAP (SAProuter of customer). No provision is made for other service connections, such as browser-supported connections using the public Internet (without sapserv1 or sapserv2).
Your SAProuter enables you to access all of your SAP solutions, but you can use the maintained system data, the setting of the service accesses to be used (for example R/3 Support, HTTP Connect URLAccess, and so on) and the setting of your SAProuter (keyword 'saprouttab') to determine which accesses you want to allow. This means that a service connection allows you to have control over all access options.
2.1 Releases on the SAProuter (for customer)
The SAProuter must be registered and set up as described in paragraph 1 and the paragraphs that follow. This means that the data transfer to the SAProuter software must also be possible from the SAP system (SAPservX) to the port that is maintained in the system data (see point 2.2 for system data maintenance). The accesses by SAP to the systems must be released in the route permission table 'saprouttab' (see point 1.2 or SAP Note 30289 "SAProuter documentation" and refer to the attachment).
If you have any problems or any questions about this paragraph, create an incident under the component XX-SER-NET in the SAP Support Portal. This is located at http://service.sap.com/message (for help, see point 3).
2.2 Maintaining your system data in the SAP Support Portal
To enable an SAP employee to access your systems, you must completely maintain the system data in the SAP Support Portal at http://service.sap.com/system-data. The portal also describes the maintenance of the system data. Note that SAP employees can ONLY log on to systems or servers that are maintained in the system data. SAP employees CANNOT manually select the target system or server, for example, by entering their IP addresses.
If you have any problems or any questions about this paragraph, create an incident under the component XX-SER-SAPSMP-SYS in the SAP Support Portal. This is located at http://service.sap.com/message (for help, see point 3).
If you are using the SAP Solution Manager, you can use a background job to periodically transfer your system data to the SAP Support Portal (see SAP Note 993775).
If you have any problems or questions regarding the SAP Solution Manager, create an incident in the SAP Support Portal at http://service.sap.com/message (for help, see point 3). For questions about the installation or configuration, create the incident under the component SV-SMG-INS and for questions and problems regarding the setting-up of the service connection, create the incident under the component SV-SMG-SVC.
2.3 Setting up or activating the service connections
Before you can open a certain service connection, you must set it up or activate it. A list of the individual service types including the corresponding SAP Note is available here:
https://support.sap.com/remote-support/connection-types.html
If you have any problems or any questions about this paragraph, create an incident under the component XX-SER-NET in the SAP Support Portal. This is located at http://service.sap.com/message (for help, see point 3).
If you are using the SAP Solution Manager, you can use transaction SOLMAN_CONNECT to set up the service connections. You can also migrate connections that have already been set up in the SAP Support Portal to the Solution Manager. Further support for this issue is available in the SAP Support Portal under http://help.sap.com/saphelp_sm40/helpdata/en/28/9015dd452e48fabfb86098cda89e5b/frameset.htm or
http://help.sap.com/saphelp_sm40/helpdata/de/28/9015dd452e48fabfb86098cda89e5b/frameset.htm. If you have any problems or questions regarding the SAP Solution Manager, create an incident in the SAP Support Portal at http://service.sap.com/message (for help, see point 3). For questions about the installation or configuration, create the incident under the component SV-SMG-INS and for questions and problems regarding the setting-up of the service connection, create the incident under the component SV-SMG-SVC.
2.4 Opening the service connection in the SAP Support Portal
SAP Note 31515 describes how to open a service connection. Use the following link: http://service.sap.com/access-support. Define the logon data for your systems as described in SAP Note 508140.
If you have any problems or any questions about this paragraph, create an incident under the component XX-SER-SAPSMP in the SAP Support Portal. This is located at http://service.sap.com/message (for help, see point 3).
If you are using the SAP Solution Manager, you can use transaction SOLMAN_CONNECT to open the service connections.
If you have any problems or any questions regarding the SAP Solution Manager, create an incident under the component SV-SMG in the SAP Support Portal. This is located at http://service.sap.com/message (for help, see point 3).