SCN's most interesting blogs for SAP Architects

As we all know SCN now has a Category for NetWeaver Architecture, a container for everything NetWeaver Architecture related. Searching around 2000 Blogs, Andy Silvey picked a list of 36 blogs that are most important for SAP Architects. This blog will become a monthly delivery, of a selection of the previous months most interesting SCN blogs for SAP Architects. (November 2013)

The New SCN SAP NetWeaver Architecture Category - An Introduction

Andy Silvey has fulfilled one of his small personal goals and contributed to the realization of a new Category on the SCN, for everything NetWeaver Architecture and concerning SAP NetWeaver Architects. The new Category can be found here, SAP NetWeaver Architecture Category On the SAP SCN.

SAP NetWeaver Process Orchestration @ SAP TechEd 2013

The Process Orchestration team has prepared a wonderful selection of sessions this year. In this blog Alexander Bundschuh is sharing a glimpse of what you will experience in the areas of SAP NetWeaver BPM | PI | Process Orchestration, SAP HANA Cloud Integration, Business Rules, B2B and SAP Operational Process Intelligence powered by SAP HANA.

This guide is consisted with step by step procedure with Screens

The solution manager key is created though the solution manager installation which is related to SAP system

• Use Tcode SMSY to Start System Landscape Maintenance.

.

• Then select the landscape components -->  Systems then right click --> Create New System.

• Then Fill the appropriate entries related to the required system to generate solution manager key.
• After filling all the information click on save button.

• To generate the key,
  • go to the   -- > Landscape Components or   System Landscape
  • select the relevent entry eg(TRN)
  • Go to main menu system -- > Other Object
  • Following screen will be appeared

• Then Click on the key icon to generate key
• Generate key with following window.

Now you have the installation solution manager key..

Cheers

Hi,

I'd like to mention that majority of configurations of WPB Producer / Manager are described on provided manuals on:

        http://help.sap.com/wpb

On last monday was released SP1 to 9.2 version, that corrects many identified issues on first 9.2 version.

SP1 is available on Marketplace:

        https://service.sap.com/swdc   -> 'Installations and Upgrades' -> 'A - Z Index' -> 'W'

           ** find desired package for Producer/Manager

What's new and procedures for migration are described on:

        https://service.sap.com/~sapidb/011000358700000753742013E/SAP_WPB_92_SP1_WhatsNew_EN.pdf

In addition, I'd like to emphasize some SAP notes about common issues on WPB:

Thanks.

Rodrigo

With the script below you will be able to use command :

• "service saprouter start" to start saprouter on linux.
• "
• service saprouter stop" to stop saprouter on linux.
• "service saprouter status
• " to have status and pid of saprouter on linux.

usefull command :

to increase trace : saprouter -t -V 2

to see list on client saprouter -l :

Mon Aug 26 13:59:04 2013
SAP Network Interface Router, Version 40.4

Mon Aug 26 13:59:05 2013
peer SAProuter with NI version 40 ...
send info-request to running SAProuter ...

SAP Network Interface Router running on port 3299 (PID = 4838)
Started on: Mon Aug 26 11:58:00 2013

ID  CLIENT                         | PARTNER                        service
-----------------------------------+---------------------------------------
8   localhost                      | (no partner)
76  10.126.104.193                 | 10.134.235.67                  sapdp00
170 10.126.104.193                 | 10.134.235.67                  sapdp00
62  10.126.104.193                 | 10.134.235.79                  3281
130 sapserv3                       | 10.134.235.79                  3281
81  10.126.104.193                 | 10.126.115.14                  3200

Total no. of clients: 11
Working directory   : /usr/saprouter
Routtab             : /usr/saprouter/ACL/saprouter.tab

Hi all,
According to my current project requirement we needed to retrieve the specific Data of an attachment(mainly for .txt type of file) of PO:Purchase Order(which can only be retrieved in an

internal table in binary format) using function module 'BBP_PD_PO_GETDETAIL' and send it in base64 format using 'SCMS_BASE64_ENCODE_STR' Conversion method.
All were working fine but the data we were getting in the attachment was not as per standards.
we were getting a lots of "null"s at the end of our Data.(PFA-Attachment1 )
Large number of "null" characters were getting added at the end of the attachment contents when we opened the newly generated attachment as a text file from

target side/destination side.
The internal table in which we were getting this attachment data in binary format has the row contents (The only field 'LINE')as type of RAW and of length

1022.
Thus this length of 1022 was the issue because after assigning the attachment data it considers the remaining characters as "null" if the assigned data is not

large enough.
It can be undestood in more detail using following example.

e.g. :

The attachment that is the textfile of a Purchase Order contains the string data as :
"Test Proxy completed"//(The only Data needs to be sent as a contents of a text file )

Instead the textfile which was generated at destination contained data :

Test Proxy completed.nullnullnullnullnullnullnullnullnullnullnullnullnull
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull
....(continued)."

(PFA-Attachment1 )

---------------------------------------------------------------------------------------------------------
Actual Issue was:

      The actual issue was those nulls were getting added while retrieving this data in binary format itself(got it with the help of Debugging)
when we were calling that "BBP_PD_PO_GETDETAIL" method and retrieving the attachment data in Binary format in an internal table.
The size of normal string is much greater than the actual data provided hence it considers remaining spaces as "null"
("0" in binary/hexadecimal format).

----------------------------------------------------------------------------------------------------------

So after few RND I came up with the solution for this issue which can be stated as follow:

Consider that we have retrieved binary Data into an internal table :
lt_contents.(Last field of lt_attachment table which is the outcome of 'BBP_PD_PO_GETDETAI' function module)
**********************************************************************************************************

DATA: lv_file TYPE string,
      lv_file_con1 TYPE xstring,
      lv_file_con2 TYPE xstring,
      lv_file_space type xstring,
      lv_file_con TYPE xstring.

LOOP AT lt_contents INTO lw_content.      // Get the RAW/Binary Data into a local work area for further usage.

lv_file_con1 = lw_content-line.
CONCATENATE  lv_file_con2 lv_file_con1 INTO lv_file_con2 IN BYTE MODE. //collecting the attachment contents in a variable from an internal table.

ENDLOOP.

lv_file_con = lv_file.
CLEAR lv_file.
lv_file_space = '0'.       // Hexadecimal symbol for space that is 0 which is to be eliminated.

shift lv_file_con2 right deleting trailing lv_file_space in byte mode.  // removing RHS spaces/'0's/null's.

**After RIGHT SHIFT  the spaces are get added at LHS of Data which can be eliminated using left shift.

shift lv_file_con2 left deleting leading lv_file_space in byte mode.  // all spacess/0's/"null"s are get eliminated in this step

CALL FUNCTION 'SCMS_BASE64_ENCODE_STR'      // converting Data into base64 format
  EXPORTING
  input    = lv_file_con2
**      unescape = 'X'
  IMPORTING
  output   = lv_file.        // This lv_file will content the required data (without any "null" characters)hexadecimal form.

**-------------------------------------------------------------------------------------------------------------

Thats it from my side.
If you expert guyz can suggest any changes I need to be made or can come up with a better solution
then you are most welcome.

Thanks and Regards,

Vikas Kailas Khanase
(+91) 9324758106

1. Purpose:

This document is intended to introduce Web Dispatcher and give detailed information on the associated advantages, implementation scenarios and SSL options.

In general, below are the few questions those arise from the customer when they are looking towards protection / load balancing of an SAP system.

• What is SAP Web dispatcher?
• What are the functions of SAP Web dispatcher?
• Is it technically possible to have a single Web Dispatcher instance to support multiple backend systems?
• How to use the SAP Web Dispatcher to distribute workload across the different instances of an SAP system?
• How to configure the SAP Web Dispatcher to Support SSL?

2.  What is Web dispatcher?

Just assume that your company offers its customers browser-based access to data from SAP systems. Technically, the Web applications in ABAP and Java are implemented on the SAP NetWeaver AS. Since a very large number of your customers use this service, your SAP system, which is connected to the Internet, has multiple instances. In this scenario how will you implement load distribution across the different instances of this SAP system? Answer is very simple: Web dispatcher.

The SAP Web Dispatcher is an application-level gateway for HTTP requests to an SAP Web Application Server. The SAP Web Dispatcher is used as a software Web switch between the Internet and an SAP System. The SAP Web Dispatcher consists of one or more Web Application Servers. As a result, you have only one point of access for HTTP(S) requests in your system. In addition, the SAP Web Dispatcher balances the load so that the request is always sent to the server with the highest capacity.         

Please note that apart from web dispatcher, web requests can also be distributed through message server or ICM. However, these have only limited functionality and some disadvantages and is therefore not recommended by SAP.

SAP web dispatcher is the SAP recommended process/method of distributing web requests as it has some advantages and additional functionality

3.  What are the functions of SAP Web dispatcher?

• Distribution of requests to both ABAP and Java application instances
• Denial of unwanted requests (i.e. Request filtering)
• Buffering of web requests
• Ensures that customers can access the SAP system via one address
• Provides security as it runs in DMZ (Demilitarized zone)
• Handles distribution of both http and https requests.

4.  Architecture of the SAP Web Dispatcher:

The SAP Web dispatcher is located between the Web client (browser) and your SAP system that is running the Web application.

SAP web dispatcher forwards the incoming requests (HTTP, HTTPS) in turn to the SAP Web AS of the SAP system. The number of requests that are sent to a Web AS ABAP depends on its capacity, which depends on the number of configured dialog work processes. The capacity of a Web AS Java depends on the number ofServer Processes. If the application is stateful, the SAP Web dispatcher ensures that with the next request, the user is forwarded to the server that is processing his or her application. To do this, it uses the session cookie with HTTP connections, and the client IP address with end-to-end SSL.

Furthermore, the SAP Web dispatcher decides whether the incoming request should be forwarded to an ABAP or Java server.

5.  Server Selection and Load Balancing Using the SAP Web Dispatcher:

5.1.      Server Selection:

The SAP Web Dispatcher forwards each incoming HTTP(S) request to an appropriate SAP NW Application Server for processing, as illustrated in the following graphic.

Process Flow:

• The SAP Web Dispatcher first checks whether the request is an ABAP or J2EE request. This distinction is based on the analysis of the URL prefix. For the URL  http://portal.mindtree.com/A/B/C/Default.html, the prefix to be analyzed is the character string /A/B/C/. If this prefix is known in the ICF, this is an ABAP request. If the URL contains only one forward slash (/) after the host name, special handling is required: The value of the profile parameter is/HTTP/default_root_hdl determines the destination.
• In the case of an ABAP request, the SAP Web Dispatcher first uses a cookie to identify whether the request concerns a stateful application. If this exists, the decision is simple. The request is sent to the application server that is processing this session.For a stateless application, the internal group !DIAG is selected, which consists of all ABAP application servers. This is used only if a logon group (maintained with transaction SMLG) is inherited or specified explicitly in the ICF service.
• AS Java also recognizes the concept of logon groups. If a specific logon group has not been configured for the prefix of the Java request called, the SAP Web Dispatcher uses the internal group !J2EE. In the case of a stateful application, this is indicated through the session information in the URL or a load-balancing cookie. For compatibility reasons, the session cookie jsessionid can also still be used here.
• The SAP Web Dispatcher obtains information about the logon groups and URL mapping from an ABAP application server via HTTP or HTTPS. For this to happen, the services /sap/public/icman and /sap/public/icf_info/* must be activated in the ICF.

5.2.      Load Balancing:

One of the basic functionality of web dispatcher is that, it can help to balance the load between the application servers. Web Dispatcher does not establish connectivity directly with the application servers, rather it will establish the connectivity to Message Server to ensure the load is balanced across application servers.

The SAP Web Dispatcher obtains information about the application servers of the SAP system from the message server via HTTP(S). You can use the SAP Web Dispatcher in pure ABAP systems as well as in combined ABAP + Java systems and pure Java systems. In this way, the installation option determines the message server with which the SAP Web Dispatcher communicates.

6.  Configuring the SAP Web Dispatcher to Support SSL:

If you are using a stand-alone SAP Web Dispatcher in front of the SAP Web AS, then use the procedures below to configure the SAP Web Dispatcher to support SSL. The SAP Web Dispatcher can either pass the SSL connection to the server in the backend, or it can terminate the SSL connection. See the graphics below.

6.1.      Passing the SSL Connection:

6.2.      Terminating the SSL Connection:

6.3.      Procedure:

6.3.1. Configuring the SAP Web Dispatcher to Pass the SSL Connection to the Backend Server:

If the SAP Web Dispatcher is to pass the SSL connection to the server in the backend, then, in addition to the standard parameters, set the following profile parameter in the SAP Web Dispatcher’s profile:

icm/server_port_<xx>=PROT=ROUTER,PORT=<port>,TIMEOUT=<timeout_in_seconds>

6.3.2. Configuring the SAP Web Dispatcher to Terminate the SSL Connection

If the SAP Web Dispatcher is to terminate the SSL connection, then it must possess a security environment. To set up this security environment, perform the following:

A. Install the SAP Cryptographic Library on the SAP Web Dispatcher.

• Download the SAP Cryptographic software from the market place, UNCAR the files using SAPCAR.
• Extract the contents of the SAP Cryptographic Library installation package.
• Copy the library file and the configuration tool sapgenpse.exe to a local directory, for example, the directory where the SAP Web Dispatcher is located. For this documentation, we will use the directory C:\Program Files\SAP\SAPWebDisp.
• Check the file permissions for the SAP Cryptographic Library. If, for example, you copied the library to its location using ftp on UNIX, then the file permissions may not be set correctly. Make sure that the user that runs the SAP Web Dispatcher is able to execute the library's functions.
• Create a sub-directory called sec and copy the ticket file to this directory. This is also the directory where the SAP Web Dispatcher’s PSEs and credentials are to be located.

• Location of the SAP Cryptographic Library

C:\Program Files\SAP\SAPWebDisp\sapcrypto.dll

• Location of the Configuration Tool sapgenpse

C:\Program Files\SAP\SAPWebDisp\sapgenpse.exe

• Location of the License Ticket

C:\Program Files\SAP\SAPWebDisp\sec\ticket

B. Set the profile parameters.

Make the below entries in the instance profile:

      -------------------------------------------------------------------------------

SAPSYSTEMNAME           = XYZ

# SAPSYSTEM must be set so that the shared memory areas

# can be created.

# The number must be different from the other SAP instances

# on the host.

SAPSYSTEM = 26

# Set DIR_INSTANCE so that the SAP Cryptographic Library can

# find the sec sub-directory.

DIR_INSTANCE = C:\Program Files\SAP\SAPWebDisp

# Message Server Description

rdisp/mshost = xyzmain

ms/http_port = 8000

ms/https_port = 443

# Description of the Access Points

icm/server_port_0 = PROT=HTTP, PORT=1081, TIMEOUT=900

icm/server_port_1 = PROT=HTTPS, PORT=443, TIMEOUT=900

icm/HTTPS/verify_client = 0

# Parameters for the SAP Cryptographic Library

ssl/ssl_lib = C:\Program Files\SAP\SAPWebDisp\sapcrypto.dll

ssl/server_pse = C:\Program Files\SAP\SAPWebDisp\sec\SAPSSLS.pse

# Parameters for Using SSL to the backend server

wdisp/ssl_encrypt = 2

wdisp/ssl_auth = 2

wdisp/ssl_cred = SAPSSLC.pse

wdisp/ssl_certhost = www.test.com

---------------------------------------------------------------------------------

C. Create the SAP Web Dispatcher’s PSE(s) and certificate request(s).

1. Creating the SAP Web Dispatcher’s PSEs Using the Trust ManagerTo create each PSE (SSL server PSE and SSL client PSE), using the trust manager:

• Start the trust manager (transaction STRUST).
• Using the context menu for the File node, choose Create (RSA).

The Create PSE dialog appears.

• Enter the Distinguished Name parts in the corresponding fields according to your CA’s naming convention.
• Save the PSE to local file (for example, the Web Dispatcher’s SECUDIR directory). Use the file name that you specified in the profile parameters ssl/server_pse and wdisp/ssl_cred for the SSL server PSE and the SSL client PSE respectively.

   2.   Creating the SAP Web Dispatcher’s PSEs and Certificate Requests Using SAPGENPSE

As an alternative, you can use the configuration tool sapgenpse to create the SAP Web Dispatcher’s PSEs.

• Before you can use sapgenpse to create the SSL server PSE, the environment variable SECUDIR must be set to the directory where the license ticket is located. If the environment variable is not yet set, then set it using the command line as shown below.

set SECUDIR=<SECUDIR_directory>

• Use the tool’s command get_pse as shown below to create the SAP Web Dispatcher’s PSE.

sapgenpse get_pse <additional_options> -p <PSE_Name> –r <cert_req_file_name> -x <PIN> <Distinguished_Name>

Where:

-p: Path and file name for the PSE.If the complete path is not included, then the PSE file is created in the SECUDIR directory.

-r: File name for the certificate request

-x: PIN that protects the PSE

D. Send the certificate request(s) to a CA to be signed.

For each certificate request that you created, send the contents of the certificate request to your CA. The CA will validate the information contained in the certificate request (according to its own policy) and return a response that contains the signed public-key certificate.

E. Import the certificate request response(s) into the PSE.

• Importing the Certificate Request Response Using the Trust Manager

If you used the trust manager to create the SAP Web Dispatcher’s PSE, then you can easily use it again to import the certificate request response. For each of the PSEs that you created, perform the following:

• If the certificate request dialog is still open, then close it.
• If the SAP Web Dispatcher’s PSE is not loaded in the PSE maintenance section, then load it by selecting the File node with a double-click and selecting the PSE from the file system.
• In the PSE maintenance section, choose  Import Cert. Response. The dialog for the certificate response appears.
• Insert the contents of the certificate request response into the dialog’s text box either using Copy&Paste or by loading the file from the file system.The signed public-key certificate is imported into the SAP Web Dispatcher’s PSE, which is displayed in the PSE maintenance section. You can view the certificate by selecting it with a double-click. The certificate information is then shown in the certificate maintenance section.
• Create a PIN for the PSE.

• Importing the Certificate Request Response Using SAPGENPSE

As an alternative, you can use the configuration tool sapgenpse to import the certificate request response into the PSEs. Use the tool’s command import_own_cert as shown below.

sapgenpse import_own_cert <Additional_options> -p <PSE_file>  -c <Cert_file> [-r <RootCA_cert_file>]  -x <PIN>

Where

-p: Path and file name of the PSE.

-c: Path and file name of the certificate request respons

-r: File containing the CA’s root certificate

-x: PIN that protects the PSE

F. Create credentials for the SAP Web Dispatcher.

Use the following command line to open each PSE and create credentials.

sapgenpse seclogin <additional options> -p <PSE_Name> -x <PIN> -O [<Windows_Domain>\]<user_ID>

Where:

-p: Path and file name for the PSE.

-x: PIN that protects the PSE

-O: User for which the credentials are created. (The user that runs the SAP Web Dispatcher process.)

G. Restart the SAP Web Dispatcher.

H. Test the connection.

• Start a BSP using an HTTPS connection to your SAP Web Dispatcher and the corresponding SSL port.
• If your Web browser cannot completely verify the SAP Web Dispatcher's public-key certificate, then you will receive a dialog that states the reason why. For example, if your Web browser does not possess the issuing CA's root certificate as a trusted root certificate, then you are informed and can choose to trust the server at this time.
• If you trust the server's certificate (either automatically or manually), then the next step is to authenticate yourself.If your authentication was successful, the BSP appears.

6.4.Pros and cons of End-to-End SSL / SSL-Termination:     

     SSL is required in case of any need to protect the business data such as user credentials (e.g. passwords) and data security. It      basically encrypts entire communication between browser and server.

6.4.1.  Web Dispatcher in End-To-End SSL mode:

Pro :

• Client authentication with X.509 certificates
• End-to-End data security
• Load balancer is "untrusted" component

Contra :

• Persistence based on client IP address only
• Load balancing problems :
• Proxies
• End of Session
• IP Address based persistence usually OK in internet
• No logon groups
• No distinction between J2EE and ABAP applications

6.4.2.  Web Dispatcher in SSL Termination mode :

Pro :

• Persistence based on application session ID
• Logon groups
• Detection of application type (ABAP/J2EE), select correct server
• Request parsing and URL filtering
• SSL re-encryption is possible

     Contra :

• Harder to configure
• Web Dispatcher becomes "trusted component" (secure channel to WebAS needed)
• Make sure Web Dispatcher does not become performance bottleneck as it needs higher CPU capacity

7. Key points:

We have various scenarios that can be used while implementing Web Dispatcher, the scenario to be chosen comes down to      one's requirement of security, performance, cost, effort, etc., Some of the interesting facts about web dispatcher are listed      below.

• Web Dispatcher is a software load balancer and application layer gateway for SAP Web AS
• Web Dispatcher is not a reverse proxy, not meant to be.
• As of Netweaver 7.2, it is possible to have single web dispatcher to cater to multiple backend systems, NW 7.2 based Web Dispatcher is backward compatible and supports up to 6.10
• Both End-to-End SSL and SSL Termination are available, SSL options to be chosen based on the requirement and by carefully analyzing the hardware and cost involved in setting up the chosen SSL option
• It is recommended to perform the sizing exercise with the realistic inputs
• No additional cost involved for license, Web Dispatcher is delivered at free of cost (part of Web AS)

As part of the consultation process of moving towards SNC providing a

     . NetWeaver Architecture (Sub) Space

we need to define what is NetWeaver Architecture.

This document serves as the placeholder and container for that discussion.

This might sound funny, but we need to start from somewhere, so I will begin with

a description of NetWeaver Architect which I received in a job description.

We can then, fine tune this list, we can remove items, more narrowly specify certain

items and add items, all where necessary.

So here goes:

     Design and Architecture of complex SAP solutions

     SAP Technical Design issues

     SAP to SAP and SAP to Non-SAP

     SAP Architecture design across all SAP Components - any architecture question for any component

     SAP System Landscape, Platform, Technology design and strategy

     Future proofing SAP strategies

     Continuous Improvement Strategies

     Upgrade and Migration Strategy and Implementation and Design

     Across all integrations of SAP with other products

     Across operating system and through databases

     Across network and server architecture and topology

     Disaster Planning and Contingency

     High Availability and DR design

     Value and return on investment

     Data Center from the SAP perspective

As part of this process let's now discuss in the comments to this document what

exactly the SAP Architecture Space should contain.

Everybody is welcome, this is a safe place so don't be shy.

My personal goal in this discussion is for me to be less vocal and let everybody else

have a good debate.

(please do _not_ click LIKE for this Document, the purpose of this is not for collecting

points)

The purpose of this paper is to introduce the SAP NetWeaver – Based System Landscapes. This paper is based upon SAP NetWeaver Release 7.0 (2004s). Target audiences for this paper will be people with some technical inclination, who want to get a better understanding of SAP NetWeaver landscape design, and what it can do for our customers. This paper relies on an understanding of SAP systems based upon release 4.6C and below. It is intended to give the reader a basic awareness of the differences, new features and issues introduced by the technology of SAP NetWeaver 7.0.

View Document

SCN's most interesting blogs for SAP Architects

As we all know SCN now has a Category for NetWeaver Architecture, a container for everything NetWeaver Architecture related. Searching around 2000 Blogs, Andy Silvey picked a list of 36 blogs that are most important for SAP Architects. This blog will become a monthly delivery, of a selection of the previous months most interesting SCN blogs for SAP Architects. (November 2013)

The New SCN SAP NetWeaver Architecture Category - An Introduction

Andy Silvey has fulfilled one of his small personal goals and contributed to the realization of a new Category on the SCN, for everything NetWeaver Architecture and concerning SAP NetWeaver Architects. The new Category can be found here, SAP NetWeaver Architecture Category On the SAP SCN.

SAP NetWeaver Process Orchestration @ SAP TechEd 2013

The Process Orchestration team has prepared a wonderful selection of sessions this year. In this blog Alexander Bundschuh is sharing a glimpse of what you will experience in the areas of SAP NetWeaver BPM | PI | Process Orchestration, SAP HANA Cloud Integration, Business Rules, B2B and SAP Operational Process Intelligence powered by SAP HANA.

This document describes how to integrate Exchange Infrastructure (XI) data and Business Intelligence (BI) data using  SAP NetWeaver 2004s with full quality of service.

View Document