sap host agent en-us

INTERNAL

SAP Host AgentDocument Version: 1.0 - 2015-01-22

SAP Host AgentValid for SAP Host Agent 7.20 Patch Level 201 and higher

Content

1 SAP Host Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

2 SAP Host Agent Change Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

3 Architectural Overview of SAP Host Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

4 Downloading the SAPHOSTAGENT Archive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

5 SAP Host Agent Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

5.1 Installing SAP Host Agent Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

5.2 Installing SAP Host Agent Using Software Provisioning Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

6 SAP Host Agent Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

6.1 Upgrading SAP Host Agent Manually. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

6.2 Automated Upgrade of SAP Host Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Configuring the Automated Upgrade Behavior of SAP Host Agent. . . . . . . . . . . . . . . . . . . . . . . . . . 19

Avoiding Incomplete Upgrade of SAP Host Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

Configuring Delayed Auto-Upgrade of SAP Host Agent to Avoid Network Bottlenecks. . . . . . . . . . . .22

7 SAP Host Agent Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

7.1 Enabling SAP Host Agent Registration in SLD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

7.2 SSL Configuration for the SAP Host Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Configuring SSL for SAP Host Agent on Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Configuring SSL for SAP Host Agent on UNIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Configuring SSL for SAP Host Agent on IBM i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

7.3 Enabling Audit Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

7.4 Binding Only Specific IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

8 Uninstalling SAP Host Agent. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

9 SAP Host Agent Reference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

9.1 SAP Host Agent Reference - Command Line Options of the saphostexec Executable. . . . . . . . . . . . . . . 40

9.2 SAP Host Agent Reference - Command Line Options of the hostexecstart Executable. . . . . . . . . . . . . . 42

2I N T E R N A L© 2015 SAP SE or an SAP affiliate company. All rights reserved.

SAP Host AgentContent

1 SAP Host Agent

SAP Host Agent is an agent that can accomplish several life-cycle management tasks, such as operating system monitoring, database monitoring, system instance control and provisioning.

Validity of this Documentation

This documentation is valid for SAP Host Agent 7.20 Patch Level (PL) 201 and higher. For information about how to check the version of an existing SAP Host Agent installation, see SAP Host Agent Reference - Command Line Options of the saphostexec Executable [page 40].

See SAP Note 1907566 about how to update older versions of this documentation within your local SAP Library installations.

SAP Host Agent Usage

SAP Host Agent is installed automatically during the installation of new SAP instances with SAP kernel 7.20 or higher. SAP Host Agent is upgraded automatically as part of the SAP instance, when you patch or upgrade the SAP kernel. However, you can also install and upgrade SAP Host Agent independently from an SAP instance.

Features

SAP Host Agent provides you with the following features:

● SAP instance discovery and inventory● SAP instance control● Database monitoring and management● System or instance provisioning:

○ Hosting the infrastructure of SAP Landscape Virtualization Management (LVM), formerly known as SAP NetWeaver Adaptive Computing Controller (ACC)

○ Hosting software lifecycle (SL) tools interfaces● Operating system monitoring:

○ Using saposcol○ Using Common Information Model (CIM) based infrastructures

● IBM i-specific features:

○ Dynamically adopted authorization for SAP kernel 7.20 and higher○ SAP ILE daemon (SAPILED)

SAP Host AgentSAP Host Agent

I N T E R N A L© 2015 SAP SE or an SAP affiliate company. All rights reserved. 3

http://help.sap.com/disclaimer?site=https://service.sap.com/sap/support/notes/1907566

○ SAP Database Performance Collector for IBM i

Related Information

SAP Host Agent Change Log [page 5]Architectural Overview of SAP Host Agent [page 6]Downloading the SAPHOSTAGENT Archive [page 10]SAP Host Agent Installation [page 11]SAP Host Agent Upgrade [page 16]SAP Host Agent Configuration [page 24]Uninstalling SAP Host Agent [page 38]SAP Host Agent Reference [page 40]


SAP Host AgentSAP Host Agent

2 SAP Host Agent Change Log

Some features are only available as of a certain patch level (PL) version of the SAP Host Agent archive. SAP recommends that you use the highest available PL version, even if you want to monitor a component of SAP NetWeaver with a lower release.

Table 1:

Feature Description Available as of

Verification of Digital Signature The production version of the SAP Host Agent is available as a digitally signed SAR archive. You can now use the additional parameter -verify to verify the content of the SAP Host Agent archive against the SAP digital signature during installation and upgrade.

SAP HOST AGENT 7.20 PL201

Audit Logging SAP Host Agent provides the means to audit-log every operation the SAP Host Agent is performing. If you want to use audit logging, you have to activate it.

For more information, see Enabling Audit Logging [page 35]


sapcrypto library and command line tool sapgenpse already contained in the SAPHOSTAGENT<version>.SAR archive

The sapcrypto library and the command line tool sapgenpse are already contained in the SAPHOSTAGENT <version>.SAR archive.

For more information, see SSL Configuration for the SAP Host Agent [page 26].


Automated upgrade SAP Host Agent is enabled to check for updates automatically and get upgraded if a version of the SAP Host Agent executable is found that is higher than the existing one.

For more information, see Automated Upgrade of SAP Host Agent [page 19].


Related Information

SAP Host Agent [page 3]

SAP Host AgentSAP Host Agent Change Log


3 Architectural Overview of SAP Host Agent

SAP Host Agent provides a bunch of executables and services which are described in this section from an architecture point of view.

The following graphics provide an overview about SAP Host Agent and its components:


SAP Host AgentArchitectural Overview of SAP Host Agent

Executables and Services

The executable directory of SAP Host Agent is in the following location:

Table 2:

UNIX /usr/sap/hostctrl/exe

Windows %ProgramFiles%\SAP\hostctrl\exe

IBM i /usr/sap/hostctrl/exe and objects in library R3SAP400

SAP Host Agent has the following executable programs and services:

Table 3:

The SAPHostExec service

saphostexec is a service or daemon that only runs under privileged user accounts such as root on UNIX or Local System under Windows.

saphostexec hosts the life-cycle management processes of the SAP Host Agent itself, such as upgrade and installation.

The sapstartsrv service SAPHostControl

SAPHostControl runs within SAP Host Agent under the sapadm user.

SAPHostControl should not be confused with sapstartsrv which runs under the <sapsid>adm user in the SAP system instance with the instance profile.

NoteSAPHostControl contains the functionality of the previous CCMS agent SAPCCMSR, that is, the agent that monitors hosts. For more information, see Central Monitoring with SAP NetWeaver Management Agents in the SAP NetWeaver Application Server for ABAP (AS ABAP) documentation.

The operating system collector saposcol

saposcol is a stand-alone program that runs in the operating system background. It runs independently of SAP instances exactly once per monitored host. saposcol collects data about operating system resources, including:

● Usage of virtual and physical memory● CPU utilization● Utilization of physical disks and file systems● Resource usage of running processes

saposcol makes the data available using a segment of the shared memory for various applications and all SAP instances on a host.

The DB4STATS program and command (IBM i only )

The DB4STATS program and command are partly contained in the R3SAP400 library. They provide the SAP Database Performance Collector for IBM i. You can find a detailed description of this collector in SAP Note 1622665 and in the documentation attached to this SAP Note.

The

SAP ILE daemon (IBM i only )

The SAP ILE daemon is needed to update ILE components (objects in libraries) from the patch archive after installing a SAP kernel patch. You can find a detailed description of the SAP ILE daemon in SAP Note 1637588 .





NoteThe installed programs are started automatically when the host is booted.

Table 4:

Windows On Windows hosts, this is done by the services SAPHostControl and SAPHostExec.

UNIX On UNIX the automatic start is ensured by the startup script sapinit.

IBM i On IBM i, the programs are started by the auto-start job entry SAPINIT in subsystem QUSRWRK, which was created during the installation.

Profile File

The profile parameters of SAP Host Agent are stored in the host_profile file. This file is located in the executable directory of the SAP Host Agent (see Executables and Services above).

Working Directory

The working directory of SAP Host Agent is in the following location:

Table 5:

UNIX, IBM i

/usr/sap/hostctrl/work

Windows %ProgramFiles%\SAP\hostctrl\work

The working directory contains, among other things, the following configuration files:

Table 6:

CSMCONF Start file for the agents that contains connection data for the central monitoring system

SAPCCMSR.INI Contains information about the extent to which plug-ins, log files, and SAPOSCOL information should be considered; this file is read when the agent is started. For more information, see Parameters of the SAPCCMSR.INI Configuration File in the SAP NetWeaver Application Server for ABAP (AS ABAP) documentation.

In an ABAP system, you can display all files in the working directory of SAP Host Agent in the central monitoring system. You can use transaction RZ21 to do this. In the Topology group box, select one of the Agents for ... radio buttons. The Monitoring: Display Technical Topology screen appears. Now select SAP Host Agent and then choose Working Directory of the Agent. The system displays the files of the directory. To display the contents of a file, choose the file by double-clicking it.



Log Files

The following log files are created during runtime for SAP Host Agent. They are available in the working directory of SAP Host Agent:

Table 7:

sapstartsrv_ccms.log

This log file is for central monitoring. It is stored in subdirectory sapccmsr of the working directory.

sapstartsrv.log Contains the developer trace for sapstartsrv

dev_saphostexec Contains the developer trace for saphostexec.

dev_sapdbctrl Contains the developer trace for sapdbctrl.

A log file is also created during runtime for SAP Host Agent with the name sapstartsrv_ccms.log, and log files are created for RFC communication. The log files are stored in the sapccmsr subfolder of the working directory.

AL Files

For system instances, the AL* files ( ALMTTREE, ALPERFHI, and ALALERTS) are in the working directory of the SAP Host Agent. $DIR_LOGGING directory. These files contain the monitoring segment data.

Related Information




4 Downloading the SAPHOSTAGENT Archive

The SAPHOSTAGENT<SP-version>.SAR archive contains all of the required elements for centrally monitoring any host. It is available for all operating system platforms supported by SAP.

Context

It is automatically installed during the installation of SAP systems or instances with SAP kernel 7.20 or higher.

Procedure

1. Go to the SAP Software Distribution Center of the SAP Service Marketplace at http://support.sap.com/swdc.

2. Log on with your SAP Support Portal ID.

3. In the navigation bar, choose Download Software Support Packages and Patches Browse Download Catalog SAP Technology Components SAP HOST AGENT SAP HOST AGENT 7.20 <operating system> .

4. Select the appropriate SAPHOSTAGENT<SP-version>.SAR archive from the Download tab.

RecommendationAlways select the highest SP version of the SAPHOSTAGENT<SP-version>.SAR archive, even if you want to monitor a component of SAP NetWeaver with a lower release.

5. Make sure that the SAPCAR tool is available on the host where you want to install SAP Host Agent.

You need the SAPCAR tool in order to be able to decompress the SAPHOSTAGENT<SP-version>.SAR archive. For more information about SAPCAR and how to get it, see SAP Note 212876 .

Related Information



SAP Host AgentDownloading the SAPHOSTAGENT Archive

http://help.sap.com/disclaimer?site=http://support.sap.com/swdc

http://help.sap.com/disclaimer?site=http://support.sap.com/swdc


5 SAP Host Agent Installation

In many cases SAP Host Agent is installed automatically. However, there are certain cases when you have to install it manually.

SAP Host Agent is installed automatically during the installation of all new SAP system instances or instances with SAP kernel 7.20 or higher.

RecommendationThe general strategy in high availability (HA) environments is to install the SAP Host Agent locally on each cluster node.

The following sections describe how you can install SAP Host Agent separately:

● Installing SAP Host Agent Manually [page 11]● Installing SAP Host Agent Using Software Provisioning Manager [page 15]

Related Information


5.1 Installing SAP Host Agent Manually

You can install SAP Host Agent manually by executing the saphostexec executable with option -install from the extracted SAPHOSTAGENT<SP-version>.SAR archive.

Prerequisites

● You have downloaded the SAPHOSTAGENT<SP-version>.SAR archive as described in Downloading the SAPHOSTAGENT Archive [page 10]

● You have made sure that the following operating system-specific requirements are met:

Table 8:

Windows You have installed the specified Microsoft security patch in accordance with the instructions in SAP Note 1375494 . You also need to install the latest version of the Microsoft Runtime used by SAP as described in SAP Note 684106 .

SAP Host AgentSAP Host Agent Installation




IBM i Option 33 of the operating system must be installed. Use menu GO LICPGM to check whether the option is installed and install it if required.

IBM i The system startup program (specified in system value QSTRUPPGM) must contain the STRSBS command to start subsystem QSYS/QUSRWRK. This is needed because SAPHOSTAGENT will be started as an auto-start job in subsystem QSYS/QUSRWRK

Procedure

1. Log on as a user with the required authorization:

Table 9:

Windows As a member of the local Administrators group

UNIX As a user with root authorization

IBM i As a user profile with special authorities *SECADM and *ALLOBJ, for example as user profile QSECOFR.

If user profile R3GROUP does not exist on your server, it will be created during the installation of SAP Host Agent. If you have already installed SAP systems on other servers, we recommend that you use the same group ID (GID) for all sapsys and R3GROUP groups in the system landscape. To obtain the group ID (GID) for R3GROUP on another IBM i server in your landscape, enter the command DSPUSRPRF USRPRF(R3GROUP) and scroll down until you see the value for Group ID number.

2. IBM i only: Enter the command CALL PGM(QP2TERM) to start a PASE interactive terminal session.

3. Download the SAPHOSTAGENT<SP-version>.SAR archive as described in Downloading the SAPHOSTAGENT Archive [page 10]

4. Copy the downloaded SAPHOSTAGENT<SP-version> archive to a temporary directory, for example:

Table 10:

Windows c:\temp\hostagent

UNIX, IBM i

/tmp/hostagent

5. Change to the temporary directory that now contains the downloaded SAPHOSTAGENT<SP-version>.SAR archive.

6. Extract the SAPHOSTAGENT<SP-version>.SAR archive using SAPCAR.

Take SAP Note 212876 into account when doing so. Use the following command for extraction, and execute them in the directory of the archive:

Table 11:

Windows <path to SAPCAR> sapcar.exe -xvf SAPHOSTAGENT<SP-version>.SAR

UNIX <path to SAPCAR> sapcar -xvf SAPHOSTAGENT<SP-version>.SAR

IBM i <path to SAPCAR> SAPCAR -xvf SAPHOSTAGENT<SP-version>.SAR

Among others, the archive contains the saphostexec program.




7. Start the installation by entering the following command:

Table 12:

Windows saphostexec.exe -install

If user sapadm does not yet exist, it is automatically created as a local user and you are prompted to enter a password for this user to be created.

NoteIn some cases it might be useful to configure sapadm as a domain user instead of a local user, for example if you have multiple Windows hosts in your system landscape each of which has SAP Host Agent. Enter the following command to install saphostexec while specifying sapadm as the domain user:

saphostexec.exe -install -user <domain>\sapadm

RecommendationUse the additional parameter -verify to verify the content of the installation package against the SAP digital signature:

saphostexec.exe -install -verify

UNIX ./saphostexec -install

The administrator user sapadm of the SAP Host Agent is created automatically during the installation, but it does not get assigned a password.

NoteYou can set the password in one of the following ways:

○ During the installation using the following command: ./saphostexec -install -passwdIn this case saphostexec will prompt you to enter a password

○ After the installation has finished by entering the following command as user root: passwd sapadm


./saphostexec -install -verify



IBM i ./saphostexec -install -gid <gid>

NoteIf you have already installed SAP systems on other servers, we recommend that you use the same group ID (GID) for all sapsys or R3GROUP groups in the system landscape. To do this, enter your landscape system GID into <gid> on the above command. If user profile R3GROUP already exists, or if you want the saphostcontrol installation to automatically generate a new group ID, enter the command saphostexec -install without the addition -gid <gid> .


./saphostexec -install -verify

The progress of the installation is displayed on the command line.

8. After the installation has finished successfully, you can check whether SAP Host Agent is up and running by executing the following command from the directory of the SAP Host Agent executables:

Table 13:

Windows %ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe -status

UNIX, IBM i

/usr/sap/hostctrl/exe/saphostexec -status

9. IBM i only: Leave the PASE interactive terminal session using function key F3

Results

After the installation has finished successfully, SAP Host Agent is up and running.

Next Steps

You can now delete the temporary directory with all its content.

IBM i only: If it did not already exist, R3GROUP was created during the installation. Even though SAP Host Agent does not require special authorities, we recommend that you grant the required authorities for system API's that need to be authorized for user profile R3GROUP for your SAP system now. For more information, see SAP Note 175852 .




Related Information

SAP Host Agent Installation [page 11]

5.2 Installing SAP Host Agent Using Software Provisioning Manager

You can also install SAP Host Agent using software provisioning manager 1.0 (formerly known as SAPinst).

Context

The required files are on the kernel medium for the current release.

Procedure

Proceed as described in section Installing SAP Host Agent Separately in the documentation Installation Guide - SAP Systems Based on the Application Server <ABAP or Java> of SAP NetWeaver on <OS>: <DB> - Using Software Provisioning Manager 1.0 at: http://service.sap.com/sltoolset

Related Information

SAP Host Agent Installation [page 11]



http://help.sap.com/disclaimer?site=http://service.sap.com/sltoolset

6 SAP Host Agent Upgrade

As part of the SAP instance, SAP Host Agent is upgraded automatically when you patch or upgrade the SAP kernel. However, we recommend upgrading SAP Host Agent independently from the SAP instance, either by doing this manually or by configuring automated upgrade.

RecommendationIf you have a 720_EXT patch level (PL) of SAP Host Agent installed, we recommend that you upgrade it to the latest version of SAP Host Agent 720.

The following sections describe how to do this:

● Upgrading SAP Host Agent Manually [page 16]● Automated Upgrade of SAP Host Agent [page 19]

Related Information


6.1 Upgrading SAP Host Agent Manually

You perform the upgrade by running saphostexec -upgrade from the directory to which you extracted the SAPHOSTAGENT<SP-version>.SAR archive before.

Prerequisites

You have downloaded the desired target release version of the SAPHOSTAGENT<SP-version>.SAR archive as described in Downloading the SAPHOSTAGENT Archive [page 10].

Procedure

1. Log on as a user with the required authorization:


SAP Host AgentSAP Host Agent Upgrade

Table 14:


UNIX As a user with root authorization or as a member of the sapsys group, for example <sapsid>adm



3. Copy the downloaded SAPHOSTAGENT<SP-version>.SAR archive to a temporary directory, for example:

Table 15:

Windows c:\temp\hostagent

UNIX, IBM i

/tmp/hostagent

4. Change to the temporary directory that now contains the downloaded SAPHOSTAGENT<SP-version>.SAR archive.

5. Extract the SAPHOSTAGENT<SP-version>.SAR archive using SAPCAR.

Take SAP Note 212876 into account when doing so. Use the following command for extraction, and execute them in the directory of the archive:

Table 16:

Windows <path to SAPCAR> sapcar.exe -xvf SAPHOSTAGENT<SP-version>.SAR

UNIX <path to SAPCAR> sapcar -xvf SAPHOSTAGENT<SP-version>.SAR

IBM i <path to SAPCAR> SAPCAR -xvf SAPHOSTAGENT<SP-version>.SAR

Among others, the archive contains the saphostexec program.

6. Perform the upgrade by running the following command from the temporary directory:

Table 17:

Windows saphostexec.exe -upgrade


saphostexec.exe -upgrade -verify




UNIX ○ If you are logged on as a user with root authorization, the command is as follows: ./saphostexec -upgrade


./saphostexec -upgrade -verify

○ If you are logged on as a member of the sapsys group, for example <sapsid>adm, the command is as follows: /usr/sap/hostctrl/exe/hostexecstart -upgrade <path to temporary directory with extracted SAPHOSTAGENT<SP-version>.SAR>

IBM i ./saphostexec -upgrade


./saphostexec -upgrade -verify

The progress of the upgrade is displayed on the command line.

7. After the upgrade has finished successfully, you can check the version of the upgraded host agent by executing the following command from the directory of the SAP Host Agent executables:

Table 18:

Windows %ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe -version

UNIX, IBM i

○ If you are logged on as a user with root authorization, the command is as follows: /usr/sap/hostctrl/exe/saphostexec -version

○ If you are logged on as a member of the sapsys group, for example <sapsid>adm, the command is as follows: /usr/sap/hostctrl/exe/hostexecstart -version

/usr/sap/hostctrl/exe/saphostexec -version

8. IBM i only: Leave the PASE interactive terminal session using function key F3

Next Steps

Post-requisites:

You can now delete the temporary directory with all its content.

Related Information

SAP Host Agent Upgrade [page 16]



6.2 Automated Upgrade of SAP Host Agent

SAP Host Agent is enabled to check for updates automatically and get upgraded if a version of the SAP Host Agent executable is found that is higher than the existing one.

● Configuring the Automated Upgrade Behavior of SAP Host Agent [page 19]● Avoiding Incomplete Upgrade of SAP Host Agent [page 21]● Configuring Delayed Auto-Upgrade of SAP Host Agent to Avoid Network Bottlenecks [page 22]● See also SAP Note 1473974 .

Related Information

SAP Host Agent Upgrade [page 16]

6.2.1 Configuring the Automated Upgrade Behavior of SAP Host Agent

The running saphostexec executable regularly checks a directory $DIR_NEW, by default /usr/sap/hostctrl/new (on UNIX and IBM i) or %ProgramFiles%\SAP\hostctrl\new (on Windows), where it expects to find the latest version of the executable of SAP Host Agent from the unpacked SAPHOSTAGENT.SAR archive.

Prerequisites

Table 19:

Windows You must be logged on as a member of the local Administrators group.

UNIX You must be logged on as a user with root authorizations.

IBM i You must be logged on as a user profile with special authorities *SECADM and *ALLOBJ, for example as user profile QSECOFR.

Context

An upgrade is only performed if a version of the SAP Host Agent executable programs is found in the $DIR_NEW directory that is higher than the version of the executable programs that exist in the SAP Host Agent executable directory.




RecommendationThe production version of the SAP Host Agent is available for customers as a digitally signed SAR archive. It is recommended that you create an empty file .verify in the $DIR_NEW directory to enable the verification of the package integrity using SAP digital signature during the auto-upgrade step.

Procedure

1. You can configure the automated upgrade behavior by adapting the host_profile file which you can find in the following directory:

Table 20:

UNIX and IBM i /usr/sap/hostctrl/exe


○ By default, the saphostexec program performs a check for updates every 5 minutes. You can change this behavior by adapting profile value hostexec/autoupgrade_delay= <minutes> .

○ In addition, you can also change the name and path of the directory that contains the newest SAP Host Agent version using profile value DIR_NEW= <path to a directory> .Windows: If the new SAP Host Agent version is located on a network share, you have to use the UNC path for the value of the DIR_NEW profile parameter, for example: DIR_NEW = \\<your_host>\<your_share>\SAPHostAgent\SAPHostAgent_Update

2. Once you have changed the SAP Host Agent profile, you need to restart SAP Host Agent in order to make the changes take effect:a. IBM i: Enter the command CALL PGM(QP2TERM) to start a PASE interactive terminal session .b. Change to the directory of the saphostexec executable:

Table 21:

UNIX, IBM i /usr/sap/hostctrl/exe


c. Run the following command to restart SAP Host Agent:

Table 22:

UNIX, IBM i ./saphostexec -restart

Windows saphostexec.exe -restart

Related Information

Automated Upgrade of SAP Host Agent [page 19]



6.2.2 Avoiding Incomplete Upgrade of SAP Host Agent

We recommend that you create an empty file called .upgrading in the $DIR_NEW directory to avoid that saphostexec starts the upgrade procedure during the extraction of SAPHOSTAGENT<SP-version>.SAR - with the consequence that only part of the newest version of the packages is upgraded.

Procedure

1. Create the .upgrading file in the $DIR_NEW directory.

2. Extract SAPHOSTAGENT<SP-version>.SAR to $DIR_NEW.

3. Remove .upgrading from the $DIR_NEW directory.

ExampleThis example shows how you proceed on UNIX. You can proceed analogously on other operating system platforms:

Sample Codecd /usr/sap/hostctrl/new/

touch .upgrading

SAPCAR -xvf SAPHOSTAGENT <SP-version>.SAR

rm .upgrading

Related Information




6.2.3 Configuring Delayed Auto-Upgrade of SAP Host Agent to Avoid Network Bottlenecks

Within large installations, it normally makes sense to use one single share where the content of SAPHOSTAGENT<SP-version>.SAR is extracted regularly.

Context

With this configuration the simultaneous upgrade of many machines is very easy. Unfortunately, if all machines start to access a single network share, it could result in a network bottleneck, and in case of a restrictive firewall configuration, to a complete outage.

To avoid this kind of problem, for large landscapes you can additionally create a configuration file within $DIR_NEW, containing the maximum time range of an upgrade. In this case the various saphostexec processes of the different machines will plan the upgrade in a random way within a well defined time window.

Procedure

Create a file in $DIR_NEW called .delay.

The format of the file is as follows: <Value1> random- <Value2> :

○ <Value1> represents the number of minutes after an auto-upgrade is checked, and <Value2> the maximum value of minutes after which the auto-upgrade is started.The real upgrade delay value in minutes is given by: Delay = <Value1> + <randomValue> *<Value2>

Example500

Auto-upgrade checks the version of the file contained in $DIR_NEW every 500 minutes.

○ <Value2> is optional and could be omitted.

Example500random500

Auto-upgrade checks the version of the file contained in $DIR_NEW every 500 minutes.

Once the version of SAP Host Agent contained within $DIR_NEW is newer, the upgrade will be started within the next 500 minutes. The exact time when the upgrade is started is a random value between 1 and 500 minutes.



Related Information




7 SAP Host Agent Configuration

Here you find information about the most relevant aspects of SAP Host Agent configuration.

● Enabling SAP Host Agent Registration in SLD [page 24]● SSL Configuration for the SAP Host Agent [page 26]● Enabling Audit Logging [page 35]● Binding Only Specific IP Addresses [page 36]

Related Information


7.1 Enabling SAP Host Agent Registration in SLD

To enable the automatic registration to SLD you have to configure the connectivity information using the command line tool sldreg.

Prerequisites

● You must be logged on as a user with the appropriate authorizations:

Table 23:

Windows As a member of the local Administrators group.

UNIX As a user with root authorizations.


Procedure

1. You are on the host that you want to register in the SLD.

2. IBM i: Enter the command CALL PGM(QP2TERM) to start a PASE interactive terminal session .

3. Change to the following directory as current directory ( DIR_GLOBAL Directory):


SAP Host AgentSAP Host Agent Configuration

Table 24:

Windows (language-dependent)

%ProgramFiles%\SAP\hostctrl\exe

UNIX, IBM i

/usr/sap/hostctrl/exe

4. Call the sldreg executable with the following command:

Table 25:

Windows sldreg -configure slddest.cfg

UNIX, IBM i

./sldreg -configure slddest.cfg

CautionYou have to make sure that the SLD connection file is named slddest.cfg and that it is located in the DIR_GLOBAL directory of SAP Host Agent. Otherwise the registration does not work.

NoteUNIX, IBM i: To be able to access its libraries, the sldreg program requires the path /usr/sap/hostctrl/exe in the search path for libraries.

○ UNIX: For example, under Linux with a C shell, you can achieve this with the following command:setenv LD_LIBRARY_PATH /usr/sap/hostctrl/exe:$LD_LIBRARY_PATH

○ IBM i: From within QP2TERM, you can achieve this with the following command: export LIBPATH=/usr/sap/hostctrl/exe:$LIBPATH

5. Enter the connection data for the SLD with which you want to register this host:

○ SLD user that has been assigned the role DataSupplierLD○ Password of the above user○ Host and HTTP port of the SLD○ Protocol (HTTP or HTTPS)

6. Confirm that you want to save this data in the encrypted file slddest.cfg.

7. Restart SAP Host Agent by executing the following command:

Table 26:

Windows saphostexec.exe -restart

UNIX, IBM i

./saphostexec -restart

The restart generates an XML file in the working directory of SAP Host Agent and transfers it to the SLD. This XML file contains all of the information about the host that the SLD requires.



Results

You have registered the local host with an SLD.

Next Steps

You can check if the registration was performed successfully. To do this, call the start page of the SLD with the URL http:// <host>: <port>/sld, and choose Technical Systems. Choose AS Java In the Technical System Type drop-down list box. The host that you have just registered is displayed.

Related Information

SAP Host Agent Configuration [page 24]

7.2 SSL Configuration for the SAP Host Agent

Configuring secure socket layer (SSL) for SAP Host Agent is a multi-step procedure. The following sections exemplarily describe SSL configuration on UNIX, Windows and IMB i.

The main steps are as follows:

1. Preparing the environment for SAP Cryptographic Library2. Preparing the Personal Security Environment (PSE) for the server3. Preparing the Personal Security Environment (PSE) for the client4. Establishing trust between the client and SAP Host Agent5. Allowing the client to issue administrative commands

The following sections exemplarily describe SSL configuration on UNIX, Windows and IMB i:

● Configuring SSL for SAP Host Agent on Windows [page 27]● Configuring SSL for SAP Host Agent on UNIX [page 29]● Configuring SSL for SAP Host Agent on IBM i [page 32]

Related Information




7.2.1 Configuring SSL for SAP Host Agent on Windows

This section exemplarily describes SSL configuration for the SAP Host Agent on Windows.

Prerequisites

You must be logged on as a member of the local Administrators group.

Context

In the following procedure we assume that you are using the default naming for the server PSE. If you want to override the default .pse name, you can use the following value in the profile file of SAP Host Agent ( host_profile):

ssl/server_pse= <Path to Server PSE>

Procedure

1. Prepare the environment for SAP Cryptographic Library:a. Open a command line prompt and change to the %PROGRAMFILES%\SAP\hostctrl\exe directory.b. Create a subdirectory named sec and set the SECUDIR environment variable to refer to the new directory

using the following commands:

%PROGRAMFILES%\SAP\hostctrl\exe> mkdir sec

%PROGRAMFILES%\SAP\hostctrl\exe> set SECUDIR=%PROGRAMFILES%\SAP\hostctrl\exe\sec

NoteAlternatively, you can also use another directory, but then you have to specify the location of the PSE file using the parameter ssl/server_pse as described above.

RecommendationSet up SECUDIR as an absolute path in order to avoid trouble with the sapgenpse tool.

c. Make sure that the files are readable and executable by user sapadm.

2. Prepare the Personal Security Environment (PSE) for the server:

The server PSE contains the server certificate, which is presented to the client when establishing the SSL connection, and the names and public keys of the trusted certificates. Trusted certificates can be either certificates issued by a Certification Authority (CA) or individually trusted certificates.



a. Create the server PSE, the server certificate therein, and the Certificate Signing Request (CSR) .

Example%PROGRAMFILES%\SAP\hostctrl\exe> sapgenpse gen_pse -p SAPSSLS.pse -x passwd1 -r myhost-csr.p10 "CN=myhost.wdf.sap.corp, O=SAP AG, C=DE"

This command creates a PSE file named SAPSSLS.pse (name is fixed), which can be used to authenticate myhost.wdf.sap.corp for incoming SSL connections. The access to the PSE file is protected with passwd1. Use the -r option to direct the certificate signing request to a file, or omit it if you intend to copy and paste the CSR into a Web form.

b. Grant the SAP Host Agent access to the server PSE.

Example%PROGRAMFILES%\SAP\hostctrl\exe> sapgenpse seclogin -p SAPSSLS.pse -x passwd1 -O sapadm

c. Get the certificate as follows:

1. If you do not use individually trusted certificates, send the certificate signing request to an appropriate CA.

2. Assuming that the CA replies to the request file with a CA-response-file which contains the signed certificate in the PKCS#7 format, you can use this file as an input for importing the signed certificate into the server PSE.

d. Import the signed certificate into the server PSE.

Example%PROGRAMFILES%\SAP\hostctrl\exe> sapgenpse import_own_cert -p SAPSSLS.pse -x passwd1 -c myhost.p7b (if the used format is PKCS#7).

e. Verify the server certificate chain.

Example%PROGRAMFILES%\SAP\hostctrl\exe> sapgenpse get_my_name -p SAPSSLS.pse -x passwd1 -v

3. Restart SAP Host Agent.

4. Prepare the Personal Security Environment (PSE) for the client:

The client PSE contains the client certificate that is sent to SAP Host Agent when establishing the SSL connection, and the names and public keys of the trusted certificates. For the client, trusted certificates can only be certificates that are issued by a Certification Authority (CA).

The configuration steps are client-specific, that is why we only describe them in a generic way. Follow the instructions in the specific client documentation.

Examples for possible clients are the SAP Management Console (SAP MC), the Diagnostics Agent in SAP Solution Manager, or the SAP Landscape Virtualization Management (LVM) software (formerly known as Adaptive Computing Controller (ACC)).



Results

RecommendationIf you successfully applied the procedure described above, SAP Host Agent also serves port 1129 for SSL communication.

Related Information

SSL Configuration for the SAP Host Agent [page 26]

7.2.2 Configuring SSL for SAP Host Agent on UNIX

This section exemplarily describes SSL configuration for the SAP Host Agent on UNIX.

Prerequisites

You are logged on as a user with root authorization.

Context



Procedure


The server PSE contains the server certificate that is presented to the client when establishing the SSL connection, and the names and public keys of the trusted certificates. Trusted certificates can be either certificates issued by a Certification Authority (CA) or individually trusted certificates.

Proceed as follows:

a. Create a directory /usr/sap/hostctrl/exe/sec using the mkdir command.



NoteAlternatively, you can also use another directory, but then you have to specify the location of the PSE file using the parameter ssl/server_pse as described above. In the following steps we always refer to the sec directory for the sake of simplicity.

b. Assign the ownership for the sec directory to sapadm:sapsys.c. Set up the shared library search path ( LD_LIBRARY_PATH, LIBPATH or SHLIB_PATH) and SECUDIR

environment variables, and change to the exe directory of SAP Host Agent.

Example○ On Linux and Solaris, the required commands are as follows:

export LD_LIBRARY_PATH=/usr/sap/hostctrl/exe/export SECUDIR=/usr/sap/hostctrl/exe/seccd /usr/sap/hostctrl/exe

○ On HP-UX, the required commands are as follows:export SHLIB_PATH=/usr/sap/hostctrl/exe/export SECUDIR=/usr/sap/hostctrl/exe/seccd /usr/sap/hostctrl/exe

○ On AIX , the required commands are as follows:export LIBPATH=/usr/sap/hostctrl/exeexport SECUDIR=/usr/sap/hostctrl/exe/seccd /usr/sap/hostctrl/exe


d. Create the server PSE, the server certificate therein, and the Certificate Signing Request (CSR).Run the command as user sapadm so that the created files are owned by this user.

Examplesudo -u sapadm LD_LIBRARY_PATH=/usr/sap/hostctrl/exe SECUDIR=/usr/sap/hostctrl/exe/sec /usr/sap/hostctrl/exe/sapgenpse gen_pse -p SAPSSLS.pse -x <password> -r /tmp/myhost-csr.p10 "CN=myhost.wdf.sap.corp, O=SAP AG, C=DE"

This command creates a PSE file named SAPSSLS.pse (name is fixed), which can be used to authenticate myhost.wdf.sap.corp for incoming SSL connections. The access to the PSE file is protected with a password. Use the -r option to direct the certificate signing request to a file, or omit it if you intend to copy and paste the CSR into a web formular.

e. Grant SAP Host Agent access to the server PSE.

Examplesudo -u sapadm LD_LIBRARY_PATH=/usr/sap/hostctrl/exe SECUDIR=/usr/sap/hostctrl/exe/sec /usr/sap/hostctrl/exe/sapgenpse seclogin -p SAPSSLS.pse -x <password> -O sapadm



f. Get the certificate as follows:

1. Send the certificate signing request to an appropriate CA.2. Assuming that the CA replies to the request file with a CA-response-file which contains the signed

certificate in the PKCS#7 format, you can use this file as an input for importing the signed certificate into the server PSE.

ExampleIf the used format is PKCS#7, the text file could be named myhost.p7b. We use this file name in the following examples.

g. Import the signed certificate into the server PSE.

Examplesudo -u sapadm LD_LIBRARY_PATH=/usr/sap/hostctrl/exe SECUDIR=/usr/sap/hostctrl/exe/sec /usr/sap/hostctrl/exe/sapgenpse import_own_cert -p SAPSSLS.pse -x <password> -c /tmp/myhost.p7b

h. Verify the server certificate chain.

Examplesudo -u sapadm LD_LIBRARY_PATH=/usr/sap/hostctrl/exe SECUDIR=/usr/sap/hostctrl/exe/sec /usr/sap/hostctrl/exe/sapgenpse get_my_name -p SAPSSLS.pse -x <password> -v

2. Restart SAP Host Agent.

3. Prepare the Personal Security Environment (PSE) for the client:

The client PSE contains the client certificate that is sent to SAP Host Agent when the SSL connection is established, and the names and public keys of the trusted certificates from CA.


Examples for possible clients are the SAP Management Console (SAP MC), the SAP Solution Manager Diagnostics Agent, or the SAP Landscape Virtualization Management (LVM) software (formerly known as Adaptive Computing Controller (ACC)).

Results

RecommendationIf you successfully applied the procedure described above, SAP Host Agent also serves port 1129 for SSL communication.



Related Information


7.2.3 Configuring SSL for SAP Host Agent on IBM i

This section exemplarily describes SSL configuration for the SAP Host Agent on IMB i.

Prerequisites

You must be logged on as a user profile with special authorities *SECADM and *ALLOBJ, for example as user profile QSECOFR.

Context



Procedure


The server PSE contains the server certificate, which is presented to the client when establishing the SSL connection, and the names and public keys of the trusted certificates. Trusted certificates can be either certificates issued by a Certification Authority (CA) or individually trusted certificates.

a. You must temporarily enable the login for user SAPADM. To change the user profile, enter the following command:CHGUSRPRF USRPRF(SAPADM) INLMNU(MAIN) LMTCPB(*NO)

b. Create a directory /usr/sap/hostctrl/exe/sec using the following command:CRTDIR DIR('/usr/sap/hostctrl/exe/sec') DTAAUT(*EXCLUDE) OBJAUT(*NONE)

NoteAlternatively, you can also use another directory, but then you must specify the location of the PSE file using the parameter ssl/server_pse as described above. In the following steps we always refer to the sec directory for the sake of simplicity.



c. Change the owner and primary group of the PSE directory and set the appropriate authorities using the following command:

QSYS/CHGOWN OBJ('/usr/sap/hostctrl/exe/sec') NEWOWN(SAPADM)

QSYS/CHGPGP OBJ('/usr/sap/hostctrl/exe/sec') NEWPGP(R3GROUP) DTAAUT(*RWX)d. Now log on as user SAPADM and execute the command CALL PGM(QP2TERM) before entering the

commands of the following steps.e. Set up the shared library search path ( LIBPATH) and SECUDIR environment variables, and change to the

exe directory of SAP Host Agent.

The required commands are as follows:

export LIBPATH=/usr/sap/hostctrl/exe

export SECUDIR=/usr/sap/hostctrl/exe/sec

cd /usr/sap/hostctrl/exe


f. Create the server PSE, the server certificate therein, and the Certificate Signing Request (CSR) using the following command:

. ./sapgenpse gen_pse -p SAPSSLS.pse -x <PASSWORD>-r <PKCS#10 requestfile> <DISTINGUISHED NAME>

This command creates the PSE file /usr/sap/hostctrl/exe/sec/SAPSSLS.pse (the name is fixed), which can be used to authenticate the host described by <DISTINGUISHED NAME> for incoming SSL connections. Access to the PSE file is protected with password <PASSWORD> .

The CSR is written into the stream file <PKCS#10 requestfile> . You can ignore the warning sapgenpse WARNING: Environment variable "USER" not defined!

Example./sapgenpse gen_pse -p SAPSSLS.pse -x pass -r /tmp/myhost-csr.p10 "CN=myhost.wdf.sap.corp, O=SAP AG, C=DE"

This command creates the PSE file /usr/sap/hostctrl/exe/sec/SAPSSLS.pse, which can be used to authenticate myhost.wdf.sap.corp for incoming SSL connections. Access to the PSE file is protected with the password pass. The CSR is written into the stream file /tmp/myhost-csr.p10.

g. Grant SAP Host Agent access to the server PSE using the following command:

./sapgenpse seclogin -p SAPSSLS.pse -x <PASSWORD>-O sapadm

Example./sapgenpse seclogin -p SAPSSLS.pse -x pass -O sapadm

h. Get the certificate as follows:

1. Transfer the stream file containing the CSR (certificate signing request) to a PC and send it to the Certification Authority (CA) you are using.



2. Assuming that the CA replies to the request file with a CA-response-file which contains the signed certificate in the PKCS#7 format, you can use this file as an input for importing the signed certificate into the server PSE. Transfer this text file to a stream file on your IBM i.

ExampleThe text file could be named myhost.p7b and transferred to the stream file /tmp/myhost.p7b. We use this file name in the following examples.

i. Import the signed certificate into the server PSE using the following command:

./sapgenpse import_own_cert -p SAPSSLS.pse -x <PASSWORD>-c <CA-response-file>

Example./sapgenpse import_own_cert -p SAPSSLS.pse -x pass -c /tmp/myhost.p7b

j. Verify the server certificate chain using the following command:

./sapgenpse get_my_name -p SAPSSLS.pse -x <PASSWORD>-v

Example./sapgenpse get_my_name -p SAPSSLS.pse -x pass -v

k. To reset the changes to user profile SAPADM that you have made in step 1.a), leave program QP2TERM with function key F3 and enter the following command:CHGUSRPRF USRPRF(SAPADM) INLMNU(*SIGNOFF) LMTCPB(*YES)

l. Log on as a user profile with special authorities *SECADM and *ALLOBJ, for example as user profile QSECOFR and execute the command CALL PGM(QP2TERM) before entering the command following which restarts SAP Host Agent:

/usr/sap/hostctrl/exe/saphostexec -restart2. Prepare the Personal Security Environment (PSE) for the client:

The client PSE contains the client certificate, which is sent to SAP Host Agent when the SSL connection is established, and the names and public keys of the trusted certificates from CA.


Examples for possible clients are the SAP Management Console (SAP MC), the Diagnostics Agent in SAP Solution Manager, or the SAP Landscape Virtualization Management (LVM) software (formerly known as Adaptive Computing Controller (ACC)).

Results

If you successfully applied the procedure described above, SAP Host Agent also serves port 1129 for SSL communication.



Related Information


7.3 Enabling Audit Logging

SAP Host Agent provides the means to perform audit logging for every operation the SAP Host Agent is executing. If you want to use audit logging, you have to activate it using the related entries in the host_profile file.

Context

The operating systems which are supported by Host Agent have built-in means of audit logging. On UNIX and Linux, SAP Host Agent uses the syslog (/var/log/messages), and in Windows the Application Eventlog. The user can decide if audit logging is done using OS means or provide a file to which all audit messages are written. Audit logging is disabled by default. You can enable and configure it using host_profile parameters.

Procedure

1. Edit the host_profile file.

For information about where you can find this file, see the Profile File section in Architectural Overview of SAP Host Agent [page 6].

2. Change the following parameters according to your needs:

Table 27:

Parameter Description

service/auditlevel=0/1 0 disables audit logging, 1 enables audit logging.

service/auditlogfile=<PATH_TO_FILE>

If an audit logfile is provided by the user, SAP Host Agent uses the logfile for audit logging. Eventlog and Syslog will not be used in this case. If the file does not exist, it is created by SAP Host Agent.

service/auditlogfilesize=0...X

If an audit logfile is provided, the user can decide to which extent the logfile is allowed to grow. All sizes must be given in MB (Megabyte). If the configured size is exceeded, the current audit logfile is saved to <FILENAME>.old and a new audit logfile is created. If the size is set to 0 or if the parameter is not configured at all, the audit logfile can grow unlimitedly.

3. Restart SAP Host Agent to activate the changed configuration settings.



ExampleAudit logging output is always written in one line and can look like this:

[2012/08/24 11:22:16][AUDIT SUCCESS]Operation ListInstances; Socket type Network Socket; Remote IP 127.0.0.1; Remote port 60779; Username Not Available Labels parameters

Related Information


7.4 Binding Only Specific IP Addresses

You can configure SAP Host agent only to accept network connections for specific IP addresses or host names.

You can achieve this in one of the following ways:

Using the profile value service/hostname

1. Specify the following value in the host_profile of the SAP Host Agent:service/hostname = <host_name>orservice/hostname = <IP_Address>

Example

service/hostname = 127.0.0.1

2. Restart the SAP Host Agent by executing the following command:saphostexec -restart

SAP Host Agent should now bind only the specified IP address.

ExampleOn Linux, you can check this as follows:

/usr/sap/hostctrl/exe# netstat -tlnp | grep 1128

tcp 00 127.0.0.1:11280 0.0.0:* LISTEN 8368/sapstartsrv

/usr/sap/hostctrl/exe#



You can see that only 127.0.0.1 is bound

Using Network ACL (Access Control List)

1. Specify the following value in the host_profile of the SAP Host Agent:service/http/acl_file = <Path_to_an_ACL_file> or service/https/acl_file = <Path_to_an_ACL_file> if you use HTTPS.You can also set both values.

2. Restart the SAP Host Agent by executing the following command:saphostexec -restart

The ACL file should be configured as specified in SAP Note 1495075 .

SAP Host Agent will still bind all available addresses, but as soon a client tries to connect, it is either refused or accepted according to the ACL file configuration.




8 Uninstalling SAP Host Agent

You can uninstall SAP Host Agent by running the saphostexec executable from the command line.

Prerequisites

Table 28:

Windows You must be logged on as a member of the local Administrators group.

UNIX You must be logged on as a user with root authorizations.

IBM i You must be logged on as a user profile with special authorities *SECADM and *ALLOBJ, for example as user profile QSECOFR.

Context

On Windows, you can also unistall the SAP Host Agent using Control Panel Programs and Features .

Procedure


2. Run the following command from the command line:

Table 29:

UNIX, IBM i

/usr/sap/hostctrl/exe/saphostexec -uninstall

Windows %ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe -uninstall

Results

This command stops the executables and services of SAP Host Agent and deletes the following:

● The work directory of SAP Host Agent● The exe directory of SAP Host Agent● Windows: The local sapadm user and SAP_LocalAdmin group


SAP Host AgentUninstalling SAP Host Agent

Related Information


SAP Host AgentUninstalling SAP Host Agent


9 SAP Host Agent Reference

Here you can find a reference of the command line options available for the SAP Host Agent executables.

● SAP Host Agent Reference - Command Line Options of the saphostexec Executable [page 40]● SAP Host Agent Reference - Command Line Options of the hostexecstart Executable [page 42]

Related Information


9.1 SAP Host Agent Reference - Command Line Options of the saphostexec Executable

Usually SAP Host Agent is automatically started when the operating system is booted. You can also manually control it using the saphostexec program.

Prerequisites

You are logged on as a user with the required authorization:

Table 30:


UNIX As a user with root authorization

IBM i As a user profile with special authorities *SECADM and *ALLOBJ, for example as user profile QSECOFR

Features

You call the program from the command line with the following syntax:

Table 31:

Windows %ProgramFiles%\SAP\hostctrl\exe\saphostexec.exe -[option] [pf=<ProfilePath>]


SAP Host AgentSAP Host Agent Reference

UNIX, IBM i /usr/sap/hostctrl/exe/saphostexec -[option] [pf=<ProfilePath>]

where <ProfilePath> is path to the profile file ( host_profile) of SAP Host Agent. By default the host_profile file is located in the executable directory.

You can execute saphostexec with the following command line options:

Table 32:

Option Meaning

-help Lists all command line options of saphostexec with documentation

-install [-verify] Installs SAP Host Agent

RecommendationUse the additional parameter -verify to verify the content of the installation package against the SAP digital signature.

-upgrade [-verify] Upgrades SAP Host Agent

RecommendationUse the additional parameter -verify to verify the content of the installation package against the SAP digital signature.

-uninstall Uninstalls SAP Host Agent

-restart Starts or restarts SAP Host Agent

-stop Stops a running SAP Host Agent

-status Returns the status of SAP Host Agent

-version Returns the version of SAP Host Agent with detailed information

Related Information

SAP Host Agent Reference [page 40]



9.2 SAP Host Agent Reference - Command Line Options of the hostexecstart Executable

The hostexecstart program is a command line tool available for UNIX operating systems. It allows a user that does not have root authorization to perform some control operations relevant for the lifecycle of SAP Host Agent.

Prerequisites

You have to be member of group sapsys, for example <sapsid>adm, to be able to execute the program.

Features

You call the program from the command line with the following syntax:

/usr/sap/hostctrl/exe/hostexecstart -[option] [pf=<ProfilePath>]

Calling hostexecstart without any arguments starts SAP Host Agent

You can execute hostexecstart with the following command line options:

Table 33:

Option Meaning

-help Lists all command line options of hostexecstart with documentation

-upgrade <path> Upgrades SAP Host Agent using the path to the extracted SAPHOSTAGENT <SP-version>.SAR

-start Starts SAP Host Agent if it is not running

-restart Restarts SAP Host Agent

-status Returns the information whether SAP Host Agent is running or not running

-version Returns the version of SAP Host Agent with detailed information

Related Information

SAP Host Agent Reference [page 40]



Important Disclaimers and Legal Information

Coding SamplesAny software coding and/or code lines / strings ("Code") included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended to better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, unless damages were caused by SAP intentionally or by SAP's gross negligence.

AccessibilityThe information contained in the SAP documentation represents SAP's current view of accessibility criteria as of the date of publication; it is in no way intended to be a binding guideline on how to ensure accessibility of software products. SAP in particular disclaims any liability in relation to this document. This disclaimer, however, does not apply in cases of wilful misconduct or gross negligence of SAP. Furthermore, this document does not result in any direct or indirect contractual obligations of SAP.

Gender-Neutral LanguageAs far as possible, SAP documentation is gender neutral. Depending on the context, the reader is addressed directly with "you", or a gender-neutral noun (such as "sales person" or "working days") is used. If when referring to members of both sexes, however, the third-person singular cannot be avoided or a gender-neutral noun does not exist, SAP reserves the right to use the masculine form of the noun and pronoun. This is to ensure that the documentation remains comprehensible.

Internet HyperlinksThe SAP documentation may contain hyperlinks to the Internet. These hyperlinks are intended to serve as a hint about where to find related information. SAP does not warrant the availability and correctness of this related information or the ability of this information to serve a particular purpose. SAP shall not be liable for any damages caused by the use of related information unless damages have been caused by SAP's gross negligence or willful misconduct. All links are categorized for transparency (see: http://help.sap.com/disclaimer).

SAP Host AgentImportant Disclaimers and Legal Information


http://help.sap.com/disclaimer/

www.sap.com/contactsap

© 2015 SAP SE or an SAP affiliate company. All rights reserved.No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice.Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary.These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.Please see http://www.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.

Material Number:

**

http://www.sap.com/contactsap

http://www.sap.com/corporate-en/legal/copyright/index.epx

http://www.sap.com/corporate-en/legal/copyright/index.epx

sap host agent en-us

Documents

upgrade sap host agent

sap host agent configuration

uninstalling sap host

highercontent1 sap host

sap host agent registration

sap host agent upgrade166

sap host agentvalid

host agent usagesap