sap basis series - setup oss connection via snc
TRANSCRIPT
SAP Basis Series
Setup OSS connection via SNC2010-06-24
Documented by: Sea Zhang
ContentDESCRIPTION ........................................................................................................................................... 3 STEPS ....................................................................................................................................................... 3 PREPARE THE SAPROUTER MACHINE .................................................................................................................3 APPLY THE CONNECTION FROM SAP ....................................................................................................................3 DOWNLOAD THE LATEST SAPROUTER SOFTWARE.................................................................................................3 APPLY FOR A SAPROUTER CERTIFICATE ..............................................................................................................4 PREPARE SAPROUTTAB ..................................................................................................................................9 ACTIVATE SAPROUTER ................................................................................................................................10 CONFIGURATION FOR SAP ...............................................................................................................................10 SET SAPROUTER AS WINDOWS SERVICE ..........................................................................................................13
2 of 16
Documented by: Sea Zhang
DescriptionAfter installation of SAP environment, the client always wants to establish a connection to SAP, its so called OSS connection. Theres lots of VPN connection you can use, e.g. VPN via firewall, or SNC (Secure Network Communication). SNC is implemented and guaranteed by SAP. With this solution, you dont have to setup a hardware VPN, what you need to do is to map a public IP to your SAPROUTER server and claim to SAP to add your IP to its trusted route list. Currently, most of clients are using SNC to establish their connection between SAP and their LAN. This document is to describe how to complete the whole process, from applying to completion the connection.
StepsPrepare the SAPROUTER machineNormally, SAPROUTER would be installed with where the SAP Solution Manager server resides. Then this server would have the necessary tools, e.g. SAPGENPSE. Then ask your IT guy to map a public IP address to this server, also remember to allow port 3299 to access to the Internet. SAP needs to know your host name and public IP address of SAPROUTER server.
Apply the connection from SAPSend message to SAP, remember to choose the component XX-SER-NET-NEW, and of course remember to tell what your host name and IP address of the SAPROUTER server. SAP will send you back your distinguished name, in order to let you apply the certificate and complete the rest works.
Download the latest SAPROUTER softwareGo to SAP service marketplace, navigate to download tab, and refer to the path below to download SAPROUTER.
3 of 16
Documented by: Sea Zhang
Apply for a SAPROUTER CertificateNavigate to http://service.sap.com/saprouter-sncadd
Click Apply Now!
4 of 16
Documented by: Sea Zhang
Your distinguished name is shown up in the table, click Continue
And it needs your Certificate file generated by sapgenpse. Back to your OS, and make sure the user environment has been set the parameters of SECUDIR and SND_LIB, these two parameters need to point to your SAPCRYPTO.DLL.
5 of 16
Documented by: Sea Zhang
Execute: sapgenpse get_pse v r certreq p local.pse
It needs a PIN (password), create your own one, say abcD1234, press Enter. Notice: your generated certificate file will be generated with option r, by default it generates under where you run the command.
6 of 16
Documented by: Sea Zhang
Open this txt file, copy the content.
And paste to the page, click Request Certificate.
7 of 16
Documented by: Sea Zhang
Then copy the generated string from page to local, I named it as srcert.txt.
Execute: sapgenpse import_own_cert c s:\srcert.txt p local.pse
8 of 16
Documented by: Sea Zhang
Execute: sapgenpse seclogin p local.pse O And is something like \, input your PIN created before when it mentioned you type in.
Check your result, and execute: sapgenpse get_my_name v n Issuer If the result is not the same as what it shown above, there must be somewhere doing wrong, and you need to do it again.
Prepare SAPROUTTABUnzip SAPROUTER, copy to somewhere of your machine, there are only two files under that folder: SAPROUTER and NIPING. And then create a txt file, named it as SAPROUTTAB.
9 of 16
Documented by: Sea Zhang
Content is something like this (replace 172.17.xx.xx with your private IP).
Activate SAPROUTER
Remember the string should be p: follow with option k.
Test it, and remember to use your private IP in the string, everything seems ok.
Configuration for SAPT-codeOSS1
10 of 16
Documented by: Sea Zhang
After the configuration, click Logon
11 of 16
Documented by: Sea Zhang
The popup window shows up, and proves that you succeed. And then test if you are able to download NOTE, T-codeSNOTE
-> Download SAP Note
12 of 16
Documented by: Sea Zhang
Input a random NOTE number, click Execute
You can see this note has been downloaded.
Set SAPROUTER as Windows Service
Execute: ntscrmgr install SAPROUTER b \saprouter.exe p service r K ^p:^
13 of 16
Documented by: Sea Zhang
Run regeditand gotoHK_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAPROUTER, modify ImagePath, and change ^ into , click OK.
14 of 16
Documented by: Sea Zhang
And change the service startup type into Automatic
15 of 16
Documented by: Sea Zhang
And change the user as the user you set before, save and startup the service
SAPROUTER is started, complete the whole process. And remember to close your message in SAP Service Marketplace.
16 of 16