sap netweaver application server - administration guide

Administration Guide

SAP NetWeaver Application Server, JavaTM EE 5 Edition

Copyright Copyright 2006 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden. SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

Administration Guide 2


Icons in Body Text

Icon Meaning

Caution

Example

Note

Recommendation

Syntax

Additional icons are used in SAP Library documentation to help you identify different types of information at a glance. For more information, see Help on Help General Information Classes and Information Classes for Business Information Warehouse on the first page of any version of SAP Library.

Typographic Conventions

Type Style Description

Example text Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options.

Cross-references to other documentation. Example text Emphasized words or phrases in body text, graphic titles, and table

titles.

EXAMPLE TEXT Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE.

Example text Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools.

Example text Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation.

Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system.

EXAMPLE TEXT Keys on the keyboard, for example, F2 or ENTER.



Administration Guide ....................................................................................................................... 7 Tools ............................................................................................................................................ 7

SAP Management Console ...................................................................................................... 8

Starting the SAP Management Console............................................................................... 9

Main Administration Tasks with the SAP MC ..................................................................... 11

Layout and Context Menus of the SAP Management Console .......................................... 11

Config Tool ............................................................................................................................. 16

Getting Started with the Config Tool................................................................................... 17

Remote Administration Using Telnet...................................................................................... 19

SAP NetWeaver Administrator ............................................................................................... 22

Basic Administration Tasks........................................................................................................ 23 Registering Instances............................................................................................................. 23

Starting and Stopping the Application Server ........................................................................ 25

Viewing and Configuring the Communication Ports............................................................... 27

Monitoring the Application Server .......................................................................................... 29

Log Viewing............................................................................................................................ 29

Launching Deployed Applications from the SAP MMC.......................................................... 35

Enabling Debugging ............................................................................................................... 36

Configuring JVM Parameters ................................................................................................. 39

Configuring Instances............................................................................................................. 41

Adding and Removing Server Processes .............................................................................. 42

Connecting to a Database...................................................................................................... 43

Modifying Manager or Service Properties .............................................................................. 45

Adding Filters.......................................................................................................................... 46

Operations Management ........................................................................................................... 47 Starting and Stopping Java EE Instances.............................................................................. 47

Starting and Stopping Java EE Services ............................................................................... 48

Starting and Stopping Java EE Applications.......................................................................... 48

User Management Engine and Identity Management............................................................ 49

Authorization in the Java Environment ............................................................................... 49

Architecture of Security Roles......................................................................................... 50

Permissions, Actions, and UME Roles ........................................................................... 51

Configuring Identity Management....................................................................................... 52

Database Only as Data Source ...................................................................................... 53

Editing UME Properties................................................................................................... 53

Configuring the Security Policy for User ID and Passwords........................................... 54



Configuring Simple Search ............................................................................................. 56

Configuring Search Options for the UME........................................................................ 57

Managing Principals ........................................................................................................... 58

Managing Users, Groups, and Roles.............................................................................. 59

Assigning Principals to Roles or Groups......................................................................... 63

Locking or Unlocking Users ............................................................................................ 65

Troubleshooting the UME................................................................................................... 66

Activating the Emergency User....................................................................................... 66

Logging and Tracing ....................................................................................................... 67

What is Logged?.......................................................................................................... 69

Directory Server Access Log....................................................................................... 71

Directory Server Connection Pool Log ........................................................................ 73

Checking the Consistency of Entries in the UME Database........................................... 74

Repairing Inconsistencies of Entries in the UME Database ........................................... 75

Downloading the UME Configuration.............................................................................. 77

Configuration Management........................................................................................................ 78 Virtual Host Configuration ...................................................................................................... 78

Creating a New Virtual Host ............................................................................................... 79

Configuring the General Properties .................................................................................... 80

Defining HTTP Aliases on a Virtual Host............................................................................ 80

Activating and Deactivating Application Aliases................................................................. 81

Managing Login Modules ....................................................................................................... 81

Managing Authentication Policy for AS Java Components.................................................... 82

Managing JMS Server Configuration ..................................................................................... 85

JMS Details Description...................................................................................................... 85

Viewing System Properties .................................................................................................... 87

Viewing Web Modules' Configuration..................................................................................... 88

Application Resources Management ..................................................................................... 89

Managing JDBC Drivers ..................................................................................................... 91

Managing JDBC DataSources............................................................................................ 91

Managing JDBC DataSource Aliases................................................................................. 95

Viewing Managed Connection Factories' Configuration..................................................... 96

Managing JCA Connection Factories ................................................................................. 97

Viewing Outbound Resource Adapters' Configuration ....................................................... 99

Managing Resource Adapters ............................................................................................ 99

Creating JMS Connection Factory References ................................................................ 101

Creating JMS Destination References ............................................................................. 103



Problem Management.............................................................................................................. 104 Java Class Loader Viewer.................................................................................................... 105

JNDI Browser ....................................................................................................................... 105

Log Viewer............................................................................................................................ 107

Predefined Views.............................................................................................................. 108

Predefined Views in the General View.......................................................................... 109

General Predefined Standalone Log Viewer View .................................................... 111

Predefined Views in the Development View ................................................................. 113

Filtering and Viewing Logs and Traces ............................................................................ 114

Applying Filters by Log Location ................................................................................... 116

Applying Filters by Log File and Log Type.................................................................... 116

Creating, Exporting and Importing Custom Views............................................................ 117

Searching Log and Trace Records................................................................................... 118

List of Columns for Logs and Traces................................................................................ 119

Customizing Columns for Logs and Traces...................................................................... 120

Downloading Log and Trace Records .............................................................................. 121

Specific Predefined Views ................................................................................................ 122

Specific Predefined Views in the HTTP View ............................................................... 123

Specific Predefined Views in Logging View.................................................................. 124

Specific Predefined Security View ................................................................................ 125

Specific Predefined Views in Server View .................................................................... 125

Configuring Logs and Traces ............................................................................................... 127

Filtering Categories and Locations ................................................................................... 129

Log (Destination) .............................................................................................................. 130

Terminology ............................................................................................................................. 131



Administration Guide This guide describes the main tools for administering and configuring the SAP NetWeaver Application Server, Java EE 5 Edition and the main configuration and administration tasks. The guide has the following structure:

Tools [Page 7] Basic Administration Tasks [Page 23] Operations Management [Page 47] Configuration Management [Page 78] Problem Management [Page 104] Terminology [Page 131]

Tools Purpose This section contains descriptions of the main administration tools provided with the SAP NetWeaver Application Server, Java EE 5 Edition and directions on how to use these tools to configure and administer the SAP NetWeaver Application Server, Java EE 5 Edition.

The main tools provided are:

SAP Management Console [Page 8] The SAP Management Console (SAP MC) can be used to centrally monitor and perform basic administration tasks, such as starting or stopping the application server, monitoring log files, and so on. The SAP MC is available as a standalone, as a Web-based, and as an Eclipse-based version that is integrated in the Developer Studio.

Config Tool [Page 16] The Config Tool can be used for offline configuration of the application server, such as adding additional server processes to a Java instance, viewing and reconfiguring system properties, and so on.

For more information about the main configuration and administration steps that you can perform using the SAP Management Console and the Config Tool, see Basic Administration Tasks [Page 23].

Remote Administration Using Telnet [Page 19] When you need to administer the application server remotely or when you need to perform more advanced administration or runtime configuration steps, you can use Telnet to connect to the server and execute the available server shell commands.

Web-based SAP NetWeaver Administrator



The SAP NetWeaver Administrator is a Web-based tool that offers a way of administering, troubleshooting, and diagnosing an SAP NetWeaver system.

For more information about how to install and start the tool, see SAP NetWeaver Administrator [Page 22].

For more information about the different tasks that you can perform using the SAP NetWeaver Administrator, see the following sections:

Operations Management [Page 47] This section contains more information about how to start and stop application server instances, services, applications, and about the identity management in the SAP NetWeaver Application Server, Java EE 5 Edition.

Configuration Management [Page 78] This sections provides additional configuration capabilities, such as configuring virtual hosts, login modules, authentication policy, application resources management, and so on.

Problem Management [Page 104] This section provides features for advanced problem management of the system. These features include log configuration and viewing functions, a viewer for the class loaders, and a JNDI browser.

SAP Management Console Purpose The SAP Management Console provides a common framework for centralized system management. It allows you to monitor and perform basic administration tasks on the SAP system centrally, thus simplifying system administration.

Implementation Considerations The SAP Management Console in the SAP NetWeaver Application Server, Java(TM) EE 5 Edition is available in three modes:

Standalone SAP Microsoft Management Console SAP has developed the SAP Systems Manager snap-in which allows you to monitor, start or stop the SAP system centrally from the MMC.

We recommend that you use the SAP Microsoft Management Console to manage your SAP NetWeaver Application Server, Java(TM) EE 5 Edition system.

Web-based SAP Management Console The Web-based SAP MC is a Java applet that can be run from any Web browser supporting Java. Thus, it is possible to administer remote systems without the need of having a local installation.

Eclipse-based SAP Management Console in the Developer Studio



The SAP MC perspective in the Developer Studio enables application developers to administer and monitor their local and remote systems from their development environment without the need to use additional administration tools.

Features Using the SAP MC you can:

Monitor and control (start, stop, or restart) the SAP system and its instances with a single tool.

Display SAP log and trace files, start profiles, instance parameters, the system environment, SAP environment, ICM queue statistics, and so on.

Display and control Java processes. Monitor system alerts. Display the list of all access points to an SAP system. Display information about the AS Java threads, sessions, caches, aliases, EJB sessions,

remote objects.

Display Java Virtual Machine garbage collection and heap memory information of the application server.

Save the current console configuration in a file to reuse it later or to forward it to other users. (only for SAP MMC)

Start third-party tools (such as Telnet), if available, to manage an application server. (only for SAP MMC)

See also:

For more information how to use the SAP Management Console, see:

Starting the SAP Management Console [Page 9] Main Administration Tasks [Page 11] Layout and Context Menus of the SAP Management Console [Page 11]

Starting the SAP Management Console Use By default, the standalone SAP Microsoft Management Console is automatically launched after completing the installation procedure.

Procedure Starting the Microsoft Management Console The most common way is to start the MMC from the Windows Start menu:



Choose Start Programs SAP NetWeaver Start SAP Management Console The MMC opens.

When you expand the SAP Systems node, all instances running on the current host are displayed. If you want to change the configuration so that the instances on other hosts of your system are also displayed, follow the instructions given in Registering Instances [Page 23].

Starting the Eclipse-Based Management Console in the Developer Studio ...

To open the SAP Management Console perspective in the Developer Studio, choose Window Open Perspective Other SAP Management Console. The instances installed on the host you have connected to are displayed in the SAP Systems tree structure.

Starting the Web-Based SAP Management Console 1. Make sure that you have fulfilled the following requirements:

You have JRE 5.0 installed. Your browser supports Java. Your browsers Java plug-in is installed and activated.

2. In your Web browser, execute the following URL: http://: where:

host is the host where the SAP NetWeaver Application Server, Java(TM) EE 5 Edition is installed.

port is the SAP MC port. It consists of 513. For example, if the instance number of the Java instance is 60, the SAP MC port is 56013.

This will start the SAP MC Java applet.

If your browser displays a security warning message, choose the option that indicates that you trust the applet.

3. Choose Start.

The SAP Management Console screen appears.

By default, the Java instances installed on the host you have connected to are already added in the SAP Management Console.

Result Next steps:

To register an instance in the SAP Management Console, see Registering Instances [Page 23].

To start, stop, or restart the instances, see Starting and Stopping the Application Server [Page 25].

For more information about the main administration tasks that you can perform, see Administration [Page 23].



Main Administration Tasks with the SAP MC The following are the main administration tasks that can be performed with the SAP Management Console:

Registering Instances [Page 23] Starting and Stopping the Application Server [Page 25] Viewing and Configuring the Communication Ports [Page 27] Monitoring the Application Server [Page 29] Log Viewing [Page 29] Launching Deployed Applications from the SAP MMC [Page 35] Enabling Debugging [Page 36]

For more information about the other configuration and administration procedures in the SAP NetWeaver Application Server, Java(TM) EE 5 Edition, see Basic Administration Tasks [Page 23].

Layout and Context Menus of the SAP Management Console Layout The standalone SAP MMC and the Web-based SAP MC present information on two panes of a window. The pane on the left is the scope pane, which displays available information in a tree structure that can be expanded and collapsed. The pane on the right is the result pane, which shows detailed information about any item selected in the scope pane:



The Eclipse-based SAP MC in the Developer Studio presents information on three panes of a window The pane on the left is the scope pane, which displays available information in a tree structure that can be expanded and collapsed. The SAP Management Console (Result) pane on the bottom-right is the result pane, which shows detailed information about any item selected in the scope pane. If you choose to display log, trace or other types of files of the application server, these files will be displayed in the top-right pane:



The system icons and the nodes for instances, processes, and alerts are displayed in different colors, depending on their state. The colors mean the following:

Gray: Unknown state, only outdated values, system is offline Green: Running Yellow: Starting or critical Red: Error

To access detailed information about your SAP system, you have to fully expand the Java or central services instance and then select an item. Once an item has been selected, the corresponding information is displayed in the result pane. The following table summarizes the available options:

Tree Node Description

SAP system ( )

for example, JP1

Node for an SAP system. The colors indicate states that are derived from the SAP instance subnodes and are automatically refreshed.

Database ( ) Node for the database of the SAP system.



SAP instance

( or )

Node for the SAP instance. The color indicates the state that is automatically refreshed and inherited from the Process List subnode.

Process List Displays the processes started by the start service and their status. The color is automatically refreshed and reflects the worst state of all started processes.

Syslog Displays the system log, even if the SAP system is not functioning properly or is offline. You have to refresh the information manually.

Queue Statistic Displays the status of the ICM queues. You have to refresh the information manually.

Access Points Displays the communication ports used by the system. See Viewing and Configuring the Communication Ports [Page 27].

J2EE Process Table Displays information about the application server processes. The application server has to be started, but does not have to be functioning properly as the shared memory of the application server is accessed. You have to refresh the information manually.

J2EE Caches Displays monitoring information about the performance and contents of the caches in the Java instance.

The red state of the caches icons does not indicate problems in the system but only notifies that the red cache has not yet brought performance value to the system. Therefore, it is very likely that right after application server startup there are many caches with red state. This indicated that these caches are not yet used and does not indicate a problem.

J2EE Threads Displays details and statistics for the threads managed by the application server.

J2EE Web Sessions Displays details and statistics for the application server HTTP sessions.

J2EE EJB Sessions Displays details and statistics for the application server EJB sessions.

J2EE Remote Objects Displays statistics for the remote objects to which external users are connected at the time of monitoring.

J2EE Aliases Displays a list of the aliases of the currently started applications. See Launching Deployed Applications from the SAP MC [Page 35].

J2EE GC History Displays statistics and details for the last few garbage collection events.



J2EE Heap Memory Displays details about the current size of the application server heap memory.

ICM Provides Web access to the ICM administration.

Log Files Displays the log, trace, and system files.

With the context menu option View, you can display the information you require in different ways. For lists that normally have many rows, there is an additional filter function in the table header ( ). If you enter data in the filter fields, only matching table rows are displayed. You can use wildcards * and ? in the filter setting.

You can update the information displayed at any time by choosing Refresh ( ) from the context menu.

Context Menus of the SAP MMC The context menus differ depending on the item that is selected in the scope pane. To access the context menu of an item, select that item and click the right mouse button. Some of the main context menu options are:

Start Starts the instance(s) related to the selected items. Stop Stops the instance(s) related to the selected items. Shutdown Sends a shutdown request to the instance(s) related to the selected item. The

instances will reject new requests and stop when all open requests are finished.

Restart Restarts the selected instance. All Tasks View Developer Traces Displays a list of the developer trace files, provided

the user has sufficient authorization.

J2EE Telnet Opens a Telnet session to the application server. See Remote Administration Using Telnet [Page 19].

Properties Displays technical data about the selected item and allows you to change the start/stop permissions for the selected instance.

Enable/Disable/Restart Process Enables/disables/restarts an application server process. Dump Stack Trace Dumps the Java stack trace for the selected server process. See Log

Viewing [Page 29].

All Tasks Enable/Disable Debugging Enables/disables Java VM debugging for the server processes. See Enabling Debugging [Page 36].

Developer Trace Displays the developer trace file of the selected process. All Tasks Decrease/Increase trace level Decreases/increases the launcher trace level

of the selected process.



Config Tool Use The Config Tool enables offline configuration of the SAP NetWeaver Application Server Java. It allows you to modify the properties of all services, managers, and applications. In addition, it enables you to manage log configurations offline, add filters, edit the JVM parameters.

All modifications made using the Config Tool can be exported to an XML file for later use.

When you work offline, you do not need to have the application server running as the Config Tool connects directly to database and applies the changes.

Features When the Config Tool is running, it displays the system configuration and the secure store. The cluster data contains the configuration template that is chosen during installation time. This template consists of:

Log configurations, applications, managers, services These nodes contain template default and custom data that is valid for all instances within the system.

All instances available in the cluster Each instance contains a list of managers, services, log configurations, and applications. These nodes have:

Template property data this data corresponds to template default data. Custom property data consists of template values and custom values, as the

template values correspond to template custom values. In case there are no template custom values, the template values correspond to the template default values.

The priority of the property values, in decreasing order, is: instance value, template custom value, template default value. This means that for a given property, the template default value is not valid if there is a template custom value, which is not valid if there is an instance value.

If you set a custom value to a property in a manager in a given instance, this value is valid only for this instance.

If you set a template custom value to a property in a manager in a given instance, this value is visible as a template value in the custom property data of the same manager in any instance. This value is valid to those instances that do not have a custom value set for this property.

This template is configured to apply the most suitable settings for a given configuration. Nevertheless, if you want to edit a property value, you can set a custom value to this property and it will have priority over the default value.



Activities Start the Config Tool from

///j2ee/configtool by double clicking the configtool script file.

Connect to a remote database [Page 43] View and configure JVM parameters [Page 39] View and edit instance settings [Page 41] Add server processes to an instance [Page 42] Add filters [Page 46] Change manager or service properties [Page 45]

Getting Started with the Config Tool Config Tool Icons

Icon Menu Path Description

File Reload Data from DB Enables you to reload the current configuration from the database

File Apply changes Applies the changes you have made

File Export Unsaved Changes to XML

Exports the system configuration to an XML file

Tools Configuration Editor Switches between the Offline Configuration Editor and the Config Tool.

Represents the application server cluster

Tools Edit Secure Store Represents Secure Store management

Represents an instance of the application server.

Tools UME LDAP Editor Represents UME LDAP data configuration

Represents a group of managers

Represents a single manager

Represents a group of services

Represents a single service



File Exit Exits the Config Tool File Backup Custom Data Exports custom configuration

to an archive file

File Restore from Backup Imports custom archive configuration

File Safe Mode Enables/disables safe mode in the application server

File Change System Template

Provides a list of installation templates. You can select a given template and edit its configuration.

View Expert Mode Displays additional configuration.

View Tasks View Displays an additional view for the current tasks.

Property Features

Feature Description

Type Specifies the type of the value (for example, String, Long, and so on.)

Range Specifies if the value is in a defined range (for example, [1-65534]). The asterisk (*) means the there is not any range defined.

Link Settings containing a link to other settings (value link) are used, in case a setting is dependent on another setting that is stored somewhere else. During runtime, a value link is transparently resolved and substituted.

Parameterized These parameters are transparently substituted during runtime.

Computed Simple arithmetic expressions containing system parameters from the system profile (provided within the configuration manager). During runtime, the parameters are transparently substituted and the arithmetic expression is evaluated.

Final This option cannot be changed. It specifies that you cannot add custom values for the selected property.

Secured This option cannot be changed. It specifies that the value for the selected property is hidden and not visible.

Online modifyable This option cannot be changed.



Remote Administration Using Telnet Use By using a Telnet client via the Telnet protocol, you can connect to the SAP NetWeaver Application Server remotely and administer it using a predefined set of shell commands.

Procedure Connecting Using Telnet

1. Check the Telnet port on which you can connect to the application server (see Viewing and Configuring the Communication Ports [Page 27]).

2. Run a Telnet client and connect to the target system by specifying the host and the Telnet port. Once a connection is established, the Telnet administration console of the application server is opened.

Alternatively, you can open a Telnet client from the SAP MMC:

...

i. Select the SAP system on which you want to start Telnet.

ii. Browse to the J2EE Process Table node.

iii. In the right-hand pane, select the ICM and choose J2EE Telnet from the context menu.

The Telnet administration console of the application server is opened.

3. Enter valid login info (user name and password) to authenticate yourself.



If the input information is incorrect, the link is disconnected and the console disappears. You must then complete the above steps again to open a new Telnet console.

If your connection is successful, the console remains open, you are logged on to one of the server processes in the instance, and you can start your administration.

4. Use the LSC command to display all server processes with their ID, name, host, port, state, and so on. The first component displayed is the one you are currently administering.

5. To switch from one server process to another use the JUMP shell command and specify the server processs ID as a parameter. For example, executing JUMP 8931750 enables remote administration of a server process with ID 8931750.

If you have only one server process configured in your instance, you are already connected to it and the JUMP command will display a message that you are already administering the current server process.

Using the Application Server Shell Commands The application server has a predefined set of shell commands grouped according to the functions they provide. To use the shell commands from a group, you first have to activate that group by adding it to the shell environment. By default, only the ADMIN, SYSTEM, DEPLOY, and TELNET groups are activated due to their vital importance. ...

1. To view the names of all available groups of shell commands (both activated and not activated), execute the MAN -g command.



2. To add a group of shell commands to the shell environment, enter ADD [groupName] in the command line. The groupName parameter is the name of the group of shell commands to be added.

3. To view all activated groups and their shell commands, execute the MAN command. 4. To view the help message for a shell command, execute MAN and the command name in

the command line. For example MAN ADD displays the help message of the ADD command. The conventions used in the help messages are as follows:

The brackets encompassing the shell command parameters have a special meaning explained below. There is no need to type them when executing a command on the command line, unless it is indicated explicitly in the corresponding command description.

The type of brackets means that the parameter is required. If this parameter is not specified when executing the shell command, the command displays the help message.

The [] type of brackets means that the parameter is optional. Example:

LISTPROPS [clusterID] where [clusterID] is optional, and is required.

The commands are displayed in capital letters for example, LISTPROPS; however, you do not have to type them in capital letters in the command line. The shell language is case-insensitive.

When a shell command has an abbreviated alternative, it is given in () (brackets) after the command name. For example

Example:

CHECK_POINT(CP) If the parameters of a shell command contain key words, when executing the

shell command, you must specify the key words exactly as they are given in the command syntax. That is, you must not replace the key words with other values. Key words are identified by the - (hyphen), with which they begin.

Example:

VERSION [-more]

Closing a Telnet Session Execute the EXIT command in the command line.



SAP NetWeaver Administrator Use SAP NetWeaver Administrator (NWA) is the new Web-based tool for administration and monitoring of the SAP NetWeaver Application Server, Java EE 5 Edition.

Features The NWA unifies the most important administration and monitoring tools. The most important advantages of the NWA are:

You no longer need to switch between different tools for administration, troubleshooting, and problem analysis of your system.

There is an administration tool available to you for starting and stopping instances, checking configuration settings, viewing logs, and so on.

The interface follows the current guidelines for interface design, is easy-to-use, task-oriented, and complete.

The interface allows seamless navigation to other SAP NetWeaver administration tools (User Management Engine).

The NWA represents the crossover from various expert tools to an integrated, simple, and clear solution. The NWA also completes the integration of the data sources for monitoring.

Activities To use the NWA, you have to install it first. Go to

///j2ee/NWAdmin folder and execute the install.bat file.

The installation process may take some time.

To start the NWA, enter the following data in a Web browser: http://:/nwa, where: is the host where the SAP NetWeaver Application Server, Java EE 5

Edition is installed.

is the HTTP port of the ICM. It consists of 500. For example, if the instance number of the Java instance is 60, the HTTP port is 56000.

See also:

Operations Management [Page 47]

Configuration Management [Page 78]

Problem Management [Page 104]



Basic Administration Tasks The main configuration and administration tasks that you can perform on the SAP NetWeaver Application Server, Java(TM) EE 5 Edition are:

Registering Instances [Page 23] Starting and Stopping the Application Server [Page 25] Viewing and Configuring the Communication Ports [Page 27] Monitoring the Application Server [Page 29] Log Viewing [Page 29] Launching Deployed Applications from the SAP MC [Page 35] Enabling Debugging [Page 36] Configuring JVM Parameters [Page 39] Configuring Instances [Page 41] Adding and Removing Server Processes [Page 42] Connecting to a Database [Page 43] Modifying Manager or Service Properties [Page 45] Adding Filters [Page 46]

For more information about the administration tools that you use to perform these configuration and administration tasks, see Tools [Page 7].

Registering Instances Use Use this procedure to extend the list of systems and instances displayed in the SAP MC so that you can monitor and administer all systems and instances from a single console.

Prerequisites The SAP Management Console is started [Page 9].

Procedure Standalone SAP Microsoft Management Console

1. In the MMC window, select Console Root and choose File Add/Remove Snap-In. 2. In the Add/Remove Snap-In dialog box, choose Add and then select the SAP Systems

Manager snap-in.



3. Confirm your selection with Add.

4. In the General Settings dialog box, select the options you require:

Screen Area Option

Options Select Use fix SAP instance list.

Auto refresh Enter the periods in which you want system information to be updated automatically.

Select Expert user mode if you want to access more detailed system information later when you start working with the SAP snap-in.

Select Always show local SAP instances if you want to display the instances installed.

Options

Select Enable Single Sign-On, if you want to use Single Sign-On to log on to SAP instances that support SNC. Single Sign-On is only supported if the snap-in is configured to use a LDAP directory.

5. Choose Next to close the General Settings dialog box.

6. In the Security dialog box, choose a security level for communication between the snap-in and remote SAP instances.

7. Choose Next to close the Security dialog box.

8. In the Fixed Server List dialog box, create a list of the instances you want to monitor from the SAP snap-in:

a. In the System field, enter the system ID (SID) of the SAP system that the instance belongs to.

b. In the Instance field, enter the name of the host on which the instance is running, and the instance number, for example, testmachine 60

c. Choose Add to include the instance in the Fixed Instances List.

An entry in the instance list looks like this: N30 testmachine 60

d. When you have entered all the instances you want to monitor, choose Finish.

9. You can save the configuration in a file when you exit the MMC. Whenever you need the newly created configuration, you can start it simply by double-clicking on the saved file.

Web-Based SAP Management Console ...

1. Choose File New. 2. In the New System dialog box that appears, enter the required data.

If you have already registered systems in the SAP MC, they are stored in the history. To open the Systems History dialog box, choose the browsing button next to the SAP System ID field. Select the system that you want to add and choose OK.

3. Choose Finish.



SAP Management Console in the Developer Studio ...

1. Select SAP Systems and from the context menu, choose New Instance.

2. In the dialog box that appears, enter the instance number and host. If you want to register all instances installed on the specified host, select the Always show all SAP instances indicator.

Result The instances are displayed in a tree view in the left-hand pane.

For more information about the main administration tasks that you can perform, see Administration [Page 23].

Starting and Stopping the Application Server Use To start and stop the SAP NetWeaver Application Server system, you can use either of the following:

SAP MC Windows Start menu dedicated options

Procedure 1. Start the SAP Management Console [Page 9].

The following screen appears:



The instances installed on the local host will be automatically displayed in the SAP MC. If you need to monitor and administer remote systems, proceed with step 2, otherwise you can skip it.

2. Register your system or instance [Page 23].

3. Open the tree structure in the left-hand pane and browse to the system or instance node that you want to start.

4. Select the system or instance and choose Start or Stop from the context menu. (The system may prompt for the OS user and password to complete the operation.)

Result The SAP MC will start the database instance, the central services instance, and the Java instance.

If you want to start or stop individual instances, proceed as follows:

To start or stop the central services or the Java instance, select the relevant node and choose All Tasks Start/Stop from the context menu.

To start or stop the database instance, select the database instance and use the Online and Offline options in the Web view that is displayed in the right-hand screen in the MMC.

Alternatively, you can start and stop the SAP NetWeaver Application Server, Java(TM) EE 5 Edition using the Windows Start menu by choosing Programs SAP NetWeaver Application Server Start Application Server or Stop Application Server. This will start/stop all processes.



Viewing and Configuring the Communication Ports Use The installed SAP NetWeaver Application Server, Java(TM) EE 5 Edition system has a preconfigured set of communication ports that are used both for internal and external communication. If some of these ports are already in use by other processes running on your machine, you may need to change the ports of the SAP NetWeaver Application Server, Java(TM) EE 5 Edition.

Procedure Viewing the Communication Ports In the SAP MMC, browse the tree structure in the left-hand pane to locate the Access Points node. The result in the right-hand pane differs according to the type of the chosen instance. For each port, you can view the process that uses that port, the communication protocol, the host to which it is bound, and whether the port is currently open.

When you run the examples from the tutorials, you need to specify the ICM HTTP port in the URL of the applications. You can view this port in the Access Points section of the Java instance:



Changing the Communication Ports

We recommend that you do not change any of the default communication ports unless there are other processes on your machine that use the same communication ports.

To change the Java instance ports, proceed as follows:

1. Open the Java instance profile located in the directory :\SAP\\SYS\profile with a text editor. The Java instance profile is named as follows: __ (for example, N30_JC60_sofD60154927A).

2. You can edit the values of the following ports:

HTTP port the HTTP port open on the ICM. To edit it, change the following section in the profile: # http port configuration icm/server_port_0 = PROT=HTTP, PORT=5$(SAPSYSTEM)00, TIMEOUT=600

For example, changing the above configuration to icm/server_port_0 = PROT=HTTP, PORT=60000, TIMEOUT=600 changes the HTTP port to 60000.

P4 port the port open on the ICM for establishing connections via the P4 protocol. To edit it, change the following section in the profile: # p4 port configuration icm/server_port_1 = PROT=P4, PORT=5$(SAPSYSTEM)04

For example, changing the above configuration to icm/server_port_1 = PROT=P4, PORT=60004 changes the P4 port to 60004.

IIOP port the port open on the ICM for establishing connections via the IIOP protocol. To edit it, change the following section in the profile: # IIOP port configuration icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07

For example, changing the above configuration to icm/server_port_2 = PROT=IIOP, PORT=60007 changes the IIOP port to 60007.

Telnet port the port open on the ICM for establishing connections via the Telnet protocol. To edit it, change the following section in the profile: # TELNET port configuration icm/server_port_3 = PROT=TELNET, PORT=5$(SAPSYSTEM)08

For example, changing the above configuration to icm/server_port_3 = PROT=TELNET, PORT=60008 changes the Telnet port to 60008.

3. Save your changes and restart the Java instance.



Monitoring the Application Server Use With the monitoring options provided by the SAP MMC, several main monitoring scenarios are available.

Prerequisites The SAP Management Console is started. [Page 9]

Procedure Request/Response Monitoring You can use this scenario to monitor the requests executed by your applications and to check the status of the application threads that are processing these particular requests.

1. Locate your application by selecting the SAP Systems J2EE Aliases node from the tree structure in the left-hand pane. The result pane on the right-hand side displays the started applications, their aliases, and other details.

Launch the application, if necessary. (see Launching Deployed Applications from the SAP MC [Page 35])

2. To monitor the Web, EJB, and remote-object requests to your application via HTTP and RMI, select the node J2EE Web Sessions, J2EE EJB Sessions, or J2EE Remote Objects respectively. The right-hand pane displays details about the incoming requests.

3. To monitor the threads that process these requests, select the J2EE Threads node and locate the threads that serve the incoming requests. (If necessary, use the column filter options.) Details about the threads such as the task executed by the thread, start time, the user triggering the request, status, and so on are displayed in the right-hand pane.

System Monitoring Use this scenario to monitor system performance and operation. ...

1. To monitor the status of the Java processes, use the J2EE Process Table node.

2. To view the overall cache and thread system information, use the nodes J2EE Caches and J2EE Threads.

3. To view the overall VM performance, use the nodes J2EE GC History and J2EE Heap Memory.

Log Viewing Use The trace and log messages contain important information about the system operation. It is helpful to check and analyze them if you experience errors or undesired behavior.

Using the SAP MMC log viewing functions you can:



View all system log and trace files View developer trace files Create stack traces for the processes And so on.

Types of Log and Trace Files

Process startup and control framework logs Contain information about the startup process. You can check these files in case of errors or undesired behavior during the startup process. By default, the data from the last three restarts is kept.

The developer trace files of the Java instance are located in the directory :\sap\\\work, where is the system ID (for example, JP1) and is the instance name of the Java instance (for example, JC00).

The developer trace files of the central services instance are located in the directories :\sap\\\work and :\sap\\\log, where is the system ID (for example, JP1) and is the instance name of the central services instance (for example, SCS01).

Java server logs The log and trace files generated by the Java server process(es) and the applications running on top of AS Java are stored in the :\sap\\\j2ee\cluster\server\log directory.

Procedure Viewing Developer Trace Files To view the developer trace file of a process, select the relevant process and choose Developer Trace from the context menu. If the information in the developer trace is insufficient or too detailed, you can use the context menu options All Tasks Decrease/Increase Trace Level to adjust the launcher trace level to the desired level.



Dumping the Java Stack Trace To dump the server processes Java stack trace, select the relevant server process and choose Dump Stack Trace from the context menu.

To view the dump stack trace, choose Show Developer Trace (see above).

The resulting Java server stack trace is stored in the dev_server file in the :\sap\\\work directory.



Log Viewing from the Standalone SAP MMC ...

1. To view all log and trace files of an instance, in the left-hand pane select the instance and from the context menu choose All Tasks View Developer traces:



2. In the Trace file selection dialog box that appears, select the file whose contents you want to view and double-click it:



A dialog box appears. This dialog box is an integrated log viewer where you can browse the log messages and view their detailed description:



Log Viewing from the Web-Based and Eclipse-Based SAP MCs ...

1. To view all log and trace files of an instance, browse the tree structure of that instance to locate the Log Files node.

2. Select the file that you want to view and from the context menu, choose Show Log File:

For more information about the available context menu options, see Layout and Context Menus of the SAP Management Console [Page 11].

Launching Deployed Applications from the SAP MMC Use Using the MMC you can view the defined aliases for started applications and launch these applications in a Web browser.

Procedure ...



1. In the SAP MMC, browse the tree structure in the left-hand pane to locate the J2EE Aliases node. The result pane on the right-hand side displays the deployed applications, their aliases, and further details.

2. To launch the application from the MMC, either double-click the alias or select it and from the context menu choose Launch Application. The application is launched in a new Web browser.

Enabling Debugging Use Using the SAP MMC, you can enable debugging mode of the Virtual Machine on the fly without the need to restart. This functions opens a debug port on the application server where you can connect your Developer Studio debugger and debug your applications. By default, the debugging mode is deactivated.

Procedure ...

1. In the SAP MMC, browse the tree structure in the left-hand pane to locate the J2EE Process Table node.

2. Select the server process, on which you want to open a debug port and choose All Tasks Enable Debugging



3. In the Access Points node, check if the debug port is opened. (When the port is not open the icon in front of it is red .)



4. In the J2EE Process Table node, check if the Debug state of the server process indicated that debugging is switched on:



5. To disable debugging (that is, to close the debug port on the server process), browse to the J2EE Process Table node, select the server node and choose All Tasks Disable Debugging

Configuring JVM Parameters Use This procedure enables you to view and edit the Java Virtual Machine (JVM) parameters using the Config Tool. The JVM is used for running the SAP NetWeaver Application Server, Java(TM) EE 5 Edition and all deployed applications. You can change the values in the template configuration or in the configuration of a specific instance. If you want your settings to be valid for all instances, then select the template and choose the VM Parameters or VM Environment tab.

Note that the template configuration is valid for those instances that do not have custom configuration.

If you want to set JVM parameters for a particular instance, you have to select the instance and choose the VM Environment or VM Parameters tab.



Prerequisites The Config Tool is connected to a database [Page 43].

Procedure Configuring JVM Environment Properties ...

1. Choose View Expert Mode. 2. Select VM Environment.

3. Select a property from the table list on the right.

4. In Default property data, you can see the default value of the property.

5. In Custom value, you can enter a new value for the property.

Avoid editing properties whose values are not static, such as DebugPort, ClassPath.

6. Choose Set.

7. Choose Apply Changes.

Configuring JVM Parameters ...

1. Choose View Expert Mode. 2. Select VM Parameters.

3. In VM Type, you can make configuration changes that are specific to the selected JVM. These changes apply only if the current platform and vendor matches the selected ones. GLOBAL changes apply to all vendors and platforms.

We recommend that you use SAP JVM on all supported platforms.

4. Select one of the following tabs and view the template properties contained therein:

a. Memory JVM memory settings. ...

i. JVM heap size

If you want to increase the JVM heap, we recommend that you change only the maxHeapSize directly by typing the needed memory value (in megabytes) in the Custom value field.

ii. JVM perm size

If you want to adjust the JVM perm size, choose the appropriate JVM vendor.

Not all JVM vendors support perm size configuration.

If you enter an illegal value (for example, the value is not a number), the application server will not start. If you enter a too low memory value, the application server will experience problems and may restart.

b. System All system properties usually specified with -Dxx=yy (for example, -DmyKey=myValue). If you want to add a custom property, choose New. The Config Tool automatically adds D to all new-entered parameters.



c. Additional Any additional parameters, supported by the VM (for example, -verbose:gc). To add JVM parameters, choose New. The actual parameters used by a running JVM can be seen in the development trace file of the corresponding server process.

key="-agentlib:myagent" value="port=12345,dir=C:/Mydir" will result in parameter "-agentlib:myagent=port=12345,dir=C:/Mydir".

By default, all properties are enabled.

5. If you want to disable a property, select it and choose Disable.

The property is added to Custom parameters.

Since you cannot delete default template properties, using the Disable option you can deactivate a given property.

6. Choose Disable.

You cannot change the default template parameters, you can only view them.

7. If you want to change the value of a specific property, select it and in Custom value, enter the new value.

8. Choose Set.

9. Choose Apply Changes.

Configuring Instances Use This procedure enables you to manage Java instances. You can add and remove server processes, disable instances, or view and edit the JVM settings. If you change the properties of an instance, the changes will apply only to the selected instance.

Procedure From the tree structure on the left side, select the instance you want to configure.

If You Want To Then

Add or remove a server process ...

See Adding and Removing Server Processes [Page 42]

View or edit the JVM settings for a specific instance

For the changes to take effect, you have to restart the instance.

See Configuring JVM Parameters [Page 39]



Disable and enable an instance

1. Select VM Environment.

2. Select the Execute property.

The value is set to true by default and its function is to start the specified instance automatically when running the application server cluster.

3. In Custom value, enter false. 4. Choose File Apply changes. 5. To run an instance if it has been

stopped, set the value of the Execute property to true, and restart the application server cluster to update the status.

View or edit the debug properties for an instance.

When you set an instance in debug mode, first make sure that you have stopped all message-driven beans running on that instance. In case your applications contain message-driven beans whose destination type is Topic, you also have to start the message-driven beans on another server process.

In VM Environment Custom value, enter the new value of the following settings and then choose Apply changes:

1. Debuggable specifies that the selected instance is debuggable (that is, the debug mode feature for this instance is enabled).

2. Enabled debug mode specifies whether the instance is in debug mode and the debug port is open.

3. Restricted load balance specifies whether the instance is part of the load balancing system.

4. Debug port specifies the JVM debug port. The default value depends on the instance number and server process index number. For example, if the instance number is 00, then the debug port is 50026 for server0.

View instance profile constants Select the Instance Profile tab and see information such as system name, instance name, instance number, operation system name, and so on.

Adding and Removing Server Processes Use This procedure enables you to specify the number of server processes in an instance.



If you set the number in the template configuration, this means that all instances will have this number of server processes. If you specify the number for a particular instance, this means that only this instance will have this number of server processes.

Procedure ...

1. Choose the Servers tab.

2. In the Custom number of server nodes field, enter the number of server processes you want to have.

This procedure enables you to add and remove server processes. You have to specify the number of server processes you want to have.

3. Choose Check Values to verify that your machine is capable of handling the number of server processes you entered. Correct the value if necessary.

This option is available at instance level only.

If the template configuration allows you to enter a formula instead of a exact value, then the Check Values option calculates the formula and displays the value.

If the number of current server processes is displayed like this: 1 max round(((${CPU_COUNT}/1.3) min ((${AMOUNT_MEMORY}-512)/1536))) and this is equal to one server process, then if you enter 1 max round(((${CPU_COUNT}/1.3) min ((${AMOUNT_MEMORY}-512)/1536))) + 1 and choose the Check Values button, the tool will calculate the formula and will display that this is equal to two server processes.

4. Choose Set.

5. Choose Apply changes.

Result The number of server processes has changed. If you have changed it for a particular instance, you have to restart this instance to run the system with the new number of server processes.

If you have set new number or server processes in the template configuration, you have to restart the whole system.

Connecting to a Database Use This procedure enables you to connect to a remote database and display an installed SAP NetWeaver Application Server Java configuration.

Procedure ...

1. Start the Config Tool by double clicking the configtool script file in ///j2ee/configtool.

The tool starts and a dialog box appears.

2. If you want to connect to the default database, then choose Yes. To connect to a different database, choose No.



The Connect dialog box appears. There are two ways of connecting to a remote database: via secure store and via direct login.

If you had selected the Do not ask me again option and now you want to connect to a different database, you have to go to the configtool folder, delete the visual.properties file and run the Config Tool again.

3. To connect via secure store, enter the following information:

To have access to the secure store of the remote system, the secure store folder has to be shared or copied to the local file system.

a. Secure Store File contains the path to the secure store properties file. This file contains secure data for connecting to the database. It is encrypted for security reasons.

b. Secure Store Key File contains the path to the secure store key file. The key file contains the password for the encrypted store file.

c. System Name displays the name of the system to which this data applies.

d. Secure Store Lib contains the path to the IAIK package. It enables the encrypting of the properties file.

e. RDBMS Connections contains a property key of which the value contains the DB connection settings.

4. To connect via direct login, enter the following data:

a. RDBMS URL specifies the URL for the database connection in the correct format for the corresponding driver. For example, jdbc:nwmss:sqlserver://2xeon-smteam2:1433;databasename=N25, where:

i. Jdbc is a mandatory element.



ii. nwmss:sqlserver is the type of the database.

iii. 2xeon-smteam2 is the host name.

iv. 1433 is the port.

v. databasename=N25 is the name of the database schema.

b. Driver name specifies the class name of the JDBC driver to be used for database connections. For example, com.sap.nwmss.jdbc.sqlserver.SQLServerDriver

c. RDBMS user specifies the user name for this database connection. For example, SAPN25DB.

d. RDBMS password specifies the password for the user of this database connection.

These properties are available in the secure store of the corresponding system.

5. Enter the following data:

a. For a secure store connection: RDBMS Driver Location contains the path to the RDBMS driver. For example, .\jdbc\base.jar;.\jdbc\spy.jar;.\jdbc\sqlserver.jar;.\jdbc\\util.jar

For a direct connection, you have to add the IAIK JAR files to the JDBC driver files. The IAIK files are located in //SYS/global/security/lib/tools.

b. RDBMS Initial Connections specifies the number of database connections to be created initially in the connection pool.

c. RDBMS Maximum Connections specifies the maximum number of database connections to be kept in the connection pool.

6. Choose Load.

Result You are connected to the database.

Next time you run the Config Tool and if you still want to connect to a different database than the default one, you have to enter the connection settings again.

Modifying Manager or Service Properties Use This procedure enables you to change a particular service or manager properties, which are displayed with their keys and values on the right when you select a service or manager.

The properties of the managers and services in the template configuration are divided into two sections:

Default property data Displays default template configuration settings for a manager or service. These settings cannot be changed.

Custom property data



When you want to add custom values to the default vales of the properties, they are displayed in the Custom property data. These settings are valid for all instances. But if you set a property value in the template configuration and then set another value for the same property in the same manager or service, in a given instance, then this value will be valid.

The instance configuration has priority over the template configuration.

The properties of the managers and services in the instance configuration are divided into two sections:

Template property data Displays the template value of a specific property. If there is a template custom value, then it is displayed. Otherwise, the template default value is displayed.

Custom property data All custom settings for a specific instance are added and displayed in this area.

The properties may be defined with additional parameters, such as computed, parameterized, type, range, link. For more information, see Getting Started with the Config Tool [Page 17].

Procedure If You Want To Then

Set a template custom property value that is valid for all instances

...

1. Open the template configuration and select a service, manager or application.

2. Select the property from the table that is displayed.

3. In Custom value, enter a new value.

4. Choose Set.


Set a custom property value for a specific instance

...

1. Open an instance and select a service, manager or application.

2. Select the property from the table that is displayed.

3. In Custom value, enter a new value.

4. Choose Set.


Restore a template value Select a property from the list and choose Restore to Template. In that way the custom value is restored to its default value.

Adding Filters Use This procedure enables you to add filters. A filter is an action that enables you to start, stop, or disable services, libraries and applications. In addition, you can edit and delete already created filters.



If you set action filters in the template configuration, this means that the filters will apply to all instances. If you set filters for a particular instance, this means that only this instance will have such filters applied.

Procedure ...

1. Choose View Expert Mode. 2. Select Filters.

A table of default actions for particular components is displayed.

3. In Custom rules, select what action should be performed: start, stop, or disable.

4. Select the type of component: service, library, application, or all components.

5. In Vendor Mask, enter the vendor of the component.

6. In Component Name Mask, enter the name of the component or part of the name.

You can use the asterisk sign (*) to replce part of the name or the question mark (?) to replace a single letter.

7. Choose Add.

The action is added to the Custom rules table.

8. In the table with custom actions, select the added entry and choose Set.


Operations Management The operations management section of the SAP NetWeaver Administrator includes the following administration options:

Viewing system information You can see general information about instances in the current system such as database, Java central services, and application server instances. To access this information, choose Problem Management Infrastructure Management System Info.

Starting and stopping Java EE instances [Page 47] Starting and stopping Java EE services [Page 48] Starting and stopping Java EE applications [Page 48] User Management Engine and Identity Management [Page 49]

As an administrator, you control who has access to applications by creating users and providing these users with a means of authenticating themselves to an application.

Starting and Stopping Java EE Instances ...

1. In the SAP NetWeaver Administrator, choose Operations Management Infrastructure Management Start & Stop. The Start & Stop screen appears.



2. On the left side, choose Java EE Instances.

All available instances are displayed in a table format with the corresponding instance number, system host name, and status of the processes within the instance.

3. Select an instance.

All processes for this instance are listed. You can:

Start, stop, restart, or refresh the instance. Start, stop, restart, or refresh Java EE processes. Enable or disable debug mode for server processes. Refresh OS processes.

Starting and Stopping Java EE Services ...


2. On the left side, choose Java EE Services.

All services available are displayed in a table format with the corresponding service name, service component name, status, and indicator whether the service is a core service, which means that the service provides core functions within the SAP NetWeaver Application Server, Java EE 5 Edition.

The core services cannot be stopped or restarted.

3. Select a service.

The instance to which this service belongs is displayed with the instance name, host and status information. You can now:

Start, stop, restart, or refresh a service. Start, stop, restart, or refresh the instance of the service.

Starting and Stopping Java EE Applications ...


2. On the left side, choose Java EE Applications.

All available applications are displayed in a table format with the corresponding application component name and vendor.

3. Select an application.

The Application details area appears.



4. You can perform the following activities:

If You Want To Then

Start or stop the application on all instances From the Application details, choose the Start or Stop button and select On All Instances.

View all references that the application has to other components

Choose the References tab. If the selected application has references to a library, a service or another application, the name of the referenced components will be listed along with the component type (service, library, application).

View application modules Choose the Modules tab. The modules that compose the selected application are listed there with their name and type.

View application resources

Choose the Resources tab. This tab presents the resources used by this application.

View application details Choose the Details tab. This tab provides general information about the application. It also provides an option for managing the application failover.

User Management Engine and Identity Management Purpose The user management engine (UME) provides centralized identity management for all Java applications and can be configured to work with user management data from multiple data sources. It can be administrated using the administration tools of the AS Java.

This section provides a description of the most relevant capabilities of the UME. For more information about the UME and identity management, see the documentation on the Help Portal help.sap.com SAP Library SAP NetWeaver Library SAP NetWeaver by Key Capability Security Identity Management User Management Engine. Integration The UME runs as a service in the AS Java and is set up as the default user store.

Authorization in the Java Environment Authorization in the Java environment of the SAP NetWeaver Application Server (AS) Java is dependent on user management engine (UME) roles. UME roles are managed with identity management in the AS Java. The administrator builds UME roles out of actions. These actions can be (J2EE) security roles or UME actions.



Security Roles The application developer deploys security roles together with the JEE application in accordance with the JEE specification. The deployment descriptors for the role are included in the WAR file for Web modules or the JAR file for EJB modules. For more information, see Architecture of Security Roles [Page 50].

The administrator builds UME roles with security roles which appear as actions in the identity management user interface. The security roles appear as one of the following types:

J2EE This action links roles of the same module together at the application level.

J2EE-MODULE

The administrator should use actions of type J2EE, when constructing UME roles.

UME Actions UME actions are collections of permissions used for Web Dynpro applications. UME actions are deployed with your applications and defined in the file actions.xml. For more information, see Permissions, Actions, and UME Roles [Page 51].

Architecture of Security Roles Application security roles that are based on the JEE standard and which you can use to protect resources such as URLs or EJB methods. Security roles have the following characteristics:

It is a logical grouping of permissions that is defined by the developer. It is defined in the deployment descriptor (XML files) of a particular application. The container to which the application is deployed, creates appropriate permission

collections on deployment.

The role relates only to the application for which it was defined. Purpose The security roles are suitable for purely static, functional access control. This concept is based on the assignment of authorizations by activity (such as the activity financial accountant), but not by instances (such as by cost centers). This means that all users to which the role Financial Accountant is assigned can post for all cost centers.

With the security roles, the developer can of an application can additionally decide whether he or she uses these rules purely declaratively or with programmatic role references:

Declarative security means that the container forces access control without the developer having to program it.

Programmatic security means that the developer uses a method to check whether a caller of an EJB or a Web resource has a specific role. The developer can control the display of individual control elements, according to the association of roles to the current user. In this way, for example, users to which the role queried in the reference is assigned can receive a more extensive display on the same Web page than users to which this role is not assigned. There is a mapping between the security role checked in the program (such as USER) and the actual UME role that can be assigned to users by the administrator (such



as HR_CLERK), that is, a different role may be assigned to the one that is actually checked in the program.

Work Flow for Security Roles The developers program their applications and specify the security role associated in each case in the XML file. The administrator of the system then assigns these roles to UME roles.

Permissions, Actions, and UME Roles Definition Authorizations are enforced in User Management Engine (UME) using permissions, actions, and roles.

Internally in their Java code, applications define Java permissions and use them for access control.

An action is a collection of permissions. Every application defines its own set of actions and specifies the permissions assigned to the actions either in an XML file or (more seldom) dynamically in the code. The actions are listed in the user management administration console, where you can group them together into roles.

UME Roles group together actions from one or more applications. You assign roles to users in the user management administration console. By assigning roles to users, you define the users authorizations.

Structure The following figure illustrates the relationship between permissions, actions, and roles.

UME Role 1UME Role 1



Action 1Action 1

Action 2Action 2

Action 3Action 3

Permission 1Permission 1



Assigned During developmentAt installation (XML file)

Assigned in the UM administration console

User

Group

The advantage of having both actions and permissions is:



Application developers can define finely grained permissions, but can hide the complexity by defining only a few actions.

As the actions are normally defined in an XML file, they can be changed according to your requirements when you install the service.

Administrators can assign actions to roles in the administration console. Permissions are not visible in the administration console.

Example The user management administration console is an application running on User Management Engine. The application defines permissions in the code for activities such as changing a users profile or modifying roles. In the XML file an action Manage_Roles is defined, that groups together all permissions that a user requires to administrate roles. This action includes permissions for viewing, modifying, and deleting roles.

For example, you could create a role called Role Administrator and assign the action Manage_Roles to it. Then you could assign any administrator that requires permissions to administrate roles to the Role Administrator role.

Interfaces The corresponding UME interfaces are included in the packages:

com.sap.security.api com.sap.security.api.acl com.sap.security.api.logon com.sap.security.api.ticket

Configuring Identity Management The following sections describe how to configure the user management engine (UME).

Integration UME configuration is integrated in the SAP NetWeaver Administrator of the Application Server (AS) Java. ...

1. Enter the following in your Web browser: ://:/nwa

2. Choose System Management Administration Identity Management. 3. Choose User Management Configurati

sap netweaver application server - administration guide

Documents