sap router

10
http://service.sap.com/remote-supportability Getting started with SAProuter How to install and configure SAProuter for remote supportability and how to maintain your system data in the SAP Support Portal TABLE OF CONTENTS INSTALL THE SAPROUTER SOFTWARE IN YOUR SYSTEM..................................3 REGISTER YOUR SAPROUTER WITH SAP...............................................3 CONFIGURE SAPROUTER IN TEH SAP SUPPORT PORTAL..................................4 Setting up the route permission table..........................................4 RUNNING SAPROUTER..............................................................5 Running with IPSEC connectivity................................................5

Upload: omer-farooq

Post on 24-Oct-2014

535 views

Category:

Documents


4 download

TRANSCRIPT

Page 1: Sap Router

http://service.sap.com/remote-supportability

Getting started with SAProuter How to install and configure SAProuter for remote supportability and how to maintain your system data in the SAP Support Portal

TABLE OF CONTENTS

INSTALL THE SAPROUTER SOFTWARE IN YOUR SYSTEM......................................................................3

REGISTER YOUR SAPROUTER WITH SAP..................................................................................................3

CONFIGURE SAPROUTER IN TEH SAP SUPPORT PORTAL......................................................................4Setting up the route permission table..........................................................................................................4

RUNNING SAPROUTER................................................................................................................................. 5Running with IPSEC connectivity................................................................................................................. 5Running with SNC connectivity..................................................................................................................... 5

GETTING HELP............................................................................................................................................... 6

MORE INFORMATION..................................................................................................................................... 7

Page 2: Sap Router

http://service.sap.com/remote-supportability

SAProuter is an application level gateway that increases network security by protecting your SAP network against unauthorized access and simplifying the configuration of routes. SAProuter is the backbone of establishing a secure connection between SAP Support and a customer SAP landscape and functions as the cornerstone of many of the remote access technologies and tools utilised by SAP. It needs to be installed and configured by customers on their own network and is usually installed on the system with the firewall.

SAProuter can deny or allow a network connection between the SAP network and external customer networks. SAProuter is essentially a proxy that controls incoming and outgoing traffic according to the access list defined by the customer. Communication between SAP software components is based on TCP/IP. SAProuter software enables communication between the customer and SAP using one single IP address. Therefore it is not necessary to enter your entire network; instead it is sufficient to establish one single TCP/IP connection between your SAProuter and the appropriate SAP support server.

Connections established using SAProuter have the additional advantage that no end-to-end connections between the participating systems are necessary on network level. For example, if accessing a frontend PC on an R/3 server with an intermediate SAProuter, it is not necessary to define the complete path between the two systems at TCP/IP level. It is sufficient if both parties can reach the SAProuter. From an SAP communication viewpoint, this represents a point of concentration in your network that serves as a starting point for each sub-connection. Each sub-network stored logically behind a SAProuter is therefore reduced to the network address of the SAProuter.

These are the basic steps for a customer to set up a connection to SAP with SAProuter:

1. Install the SAProuter software on your system.

2. Register your SAProuter with SAP and provide the data needed to set up the connection between your SAProuter system and the SAP support server.

3. Configure your network components (e.g. SAProuter) in Service MarketPlace.

2

Page 3: Sap Router

http://service.sap.com/remote-supportability

INSTALL THE SAPROUTER SOFTWARE IN YOUR SYSTEM

To install SAProuter you need both the SAProuter software and the SAPCAR software that is used to unpack the software bundle. The SAProuter and SAPCAR software are available to download on Service Marketplace.

1. Go to the Software Download Center on the SAP Support Portal: http://service.sap.com/swdc. 2. Click on ‘Support Packages and Patches’.3. Click on ‘Browse our Download Catalog’.4. Click on ’Technology Components’.5. Click on ’SAPROUTER’ to download it or add to your download basket.6. Click on ‘SAPCAR’ to download it or add to your download basket.7. Choose your operating system. It is recommended that you always download the newest SAProuter

version for your operating system.

8. Create a subfolder called saprouter on your local drive in the location <drive>:\usr\sap.9. Save both the downloaded .SAR file for SAProuter and the executable for SAPCAR in the new

folder.10. To extract the SAProuter software, open a command line prompt and run the command:

SAPCAR_0-xxxxxxxx.exe –xvf “<path of xxxxxxxx.SAR>”

Ensure double quotes are placed before and after the .SAR file. The following files should populate the saprouter folder after extraction.

Niping.exe, ntscmgr.exe, saprouter.exeFor use of Niping.exe, see this link: http://wiki.sdn.sap.com/wiki/pages/viewpage.action?pageId=54196

REGISTER YOUR SAPROUTER WITH SAP

SAProuter configuration requires SAP IT to add a your external IP address to the SAP Network. This creates a secure communication route between SAP and your landscape.

Page 4: Sap Router

http://service.sap.com/remote-supportability

To register your configuration with SAP, follow the instructions in SAP Note 28976 - Remote connection data sheet to create a message with the necessary data so that one of SAP’s external partner companies will assist you.

If you are an SAP BusinessObjects customer, you should instead follow the instructions in SAP Note 1631007 - Maintaining system data for BusinessObjects systems with SAProuter.

An example of a completed form can be seen here: http://service.sap.com/~sapidb/011000358700001047432011E

If you have any questions after reading the SAP note, log a message on component XX-SER-NET-NEW and explain what you need help with and one of SAP’s external partner companies will assist you to set up SAProuter.

For more information on connection types, go to: http://service.sap.com/~sapidb/011000358700001656441997E/connecting_en.htm

You can also log in to the SAP Support Portal via http://service.sap.com/access-support and navigate to Technical Prerequisites, then How to set up a Remote Network Connection.

CONFIGURE SAPROUTER IN THE SAP SUPPORT PORTAL

Once a remote connection is established by SAP IT as requested via the message created in the previous section, you will get a confirmation message similar to the one shown below in your SAP Support Portal Inbox.

Enter the required logical connections between your SAP systems and SAP. This is described in detail in Connect to SAP section in SAP Support Portal as well as in SAP Note 31515 - Service connections. Log in to the SAP Support Portal and select Help & Support, then click on Connect to SAP, then click on the Documentation link in the left-hand navigation.

This is the direct link to the same information: http://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000677085&_SCENARIO=01100035870000000202&

If you have questions about maintaining your system data in the SAP Support Portal, log a message on component XX-SER-SAPSMP-SYS to get help.

Set up the route permission tableSAProuter is a proxy to control incoming and outgoing traffic and the access list is defined in a text file called “SAPROUTTAB”. This route permission table contains the host names and port numbers of the predecessorand successor points on the route (from the SAProuter’s point of view) as well as the passwords required to set up the connection. If you don’t have a “SAPROUTTAB” file, SAProuter will not run.

Page 5: Sap Router

http://service.sap.com/remote-supportability

The basic structure of the SAPROUTTAB file is as follows:P/S/D <source host> <dest host> <dest serv> <password>

The most basic “SAPROUTTAB” contains only the following line, which means that all traffic is permitted.P * * *

For more information on how to configure the SAPROUTTAB file, see the section called “Route Permission Table” in the online documentation for SAProuter.

Note: Native TCP connections (such as the WinDbg connection to enable remote debugging for Business Objects Enterprise 3.1) always require a port number to be specified in the route. You can still use the wildcard character to allow traffic to and from any service on a specific port.

There are many different connection types using SAProuter but the two most commonly used connection types are IPSEC/VPN and SNC (your public/business internet encrypted with certificate).

RUN SAPROUTER

The SAProuter executable should be started with at least the following parameter:saprouter –r

Note: this command assumes that the default ‘listening-port’ 3299 is being used and that the SAPROUTTAB file is available in the same directory as the SAProuter executable.

If the default settings are not used you need to specify which port to use and the location of the SAPROUTTAB file in the parameters when launching SAProuter. For more information about the options to run SAProuter, see this help page in Service Marketplace.

Run with IPSEC connectivityWhen using IPSEC connectivity, you connect to the SAProuter at SAP called sapserv1.

For IPSEC connectivity to ‘sapserv1’ the SAPROUTTAB needs to have the following structure:

# Connection from SAP to internal systemP 194.117.106.129 <IP of server> <instance of service># Access from the local Network to SAPP <IP of server> 194.117.106.129 3299# Deny all other connectionsD * * *

Example:# Connection from SAP to internal systemP 194.117.106.129 10.10.10.11 3200# Access from the local Network to SAPP 10.10.10.11 194.117.106.129 3299# Deny all other connectionsD * * *

Run with SNC connectivityPlease be sure to generate and install the required SNC-certificate exactly as described in the online documentation: http://service.sap.com/saprouter-sncdocThe online documentation also describes the structure of the SAPROUTTAB file for SNC connectivity.

Page 6: Sap Router

http://service.sap.com/remote-supportability

GETTING HELP

If you have any questions or problems installing, running or setting up SAProuter or problems with the connectivity, please open a message in the SAP Support Portal using component XX-SER-NET-NEW and describe the problem at hand with as much background as possible and one of SAP’s external partner companies will assist you.

If you have any questions about maintaining your system data in the SAP Support Portal, log a message using component XX-SER-SAPSMP-SYS to get help.

Page 7: Sap Router

http://service.sap.com/remote-supportability

MORE INFORMATION

The main information page for SAProuter in SMP is: https://service.sap.com/saprouter

The full SAProuter installation guide is available in PDF format here:https://service.sap.com/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700003588172003&_SCENARIO=01100035870000000202

The SAProuter installation guide is also available in HTML format here:http://help.sap.com/saphelp_nwpi711/helpdata/en/48/7612ed5ca5055ee10000000a42189b/frameset.htm

SAP Note 30289 - SAProuter documentation with list of other related SAP notes.

The section called “Route Permission Table” explains how to set up a route access table, this is the direct link: http://help.sap.com/saphelp_nwpi711/helpdata/en/48/6c7a3fc1504e6ce10000000a421937/content.htm

SAP Note 35010, contains the available physical connection types to SAP (ISDN, VPN, SNC, etc.). This is also explained in SMP:https://service.sap.com/~sapidb/011000358700001656441997E/connecting_en.htm

All available parameters for SAProuter explained here:http://help.sap.com/saphelp_nwpi711/helpdata/en/48/6e2ef629540e27e10000000a421937/content.htm

For step-by-step screen shots on setting up SAProuter, log on to SMP and navigate to Connect to SAP, and then click the Documentation link. This is the direct link: https://service.sap.com/~form/sapnet?_SHORTKEY=01100035870000216300&_SCENARIO=01100035870000000202

Contact addresses to external partners are available in Note 28976 and also on SMP here: https://service.sap.com/~sapidb/011000358700001656541997E/adr.htm

Maintaining connections: https://service.sap.com/~sapidb/011000358700003071932006/

Available service connection types for the Service Connector are listed on this page in SMP:http://service.sap.com/~sapidb/011000358700000201242006E/conntypes.htm

SAP Note 195715 - Service connection types "BW RFC" and "BW GUI"

SAP Note 35010 - Service connections: Composite note (overview)

©2011 SAP AG. All rights reserved.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company.

Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies (“SAP Group”) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.