SAP Basis Series - Setup OSS Connection via SNC

SAP Basis Series

Setup OSS connection via SNC2010-06-24

Documented by: Sea Zhang

ContentDESCRIPTION ........................................................................................................................................... 3 STEPS ....................................................................................................................................................... 3 PREPARE THE SAPROUTER MACHINE .................................................................................................................3 APPLY THE CONNECTION FROM SAP ....................................................................................................................3 DOWNLOAD THE LATEST SAPROUTER SOFTWARE.................................................................................................3 APPLY FOR A SAPROUTER CERTIFICATE ..............................................................................................................4 PREPARE SAPROUTTAB ..................................................................................................................................9 ACTIVATE SAPROUTER ................................................................................................................................10 CONFIGURATION FOR SAP ...............................................................................................................................10 SET SAPROUTER AS WINDOWS SERVICE ..........................................................................................................13

2 of 16


DescriptionAfter installation of SAP environment, the client always wants to establish a connection to SAP, its so called OSS connection. Theres lots of VPN connection you can use, e.g. VPN via firewall, or SNC (Secure Network Communication). SNC is implemented and guaranteed by SAP. With this solution, you dont have to setup a hardware VPN, what you need to do is to map a public IP to your SAPROUTER server and claim to SAP to add your IP to its trusted route list. Currently, most of clients are using SNC to establish their connection between SAP and their LAN. This document is to describe how to complete the whole process, from applying to completion the connection.

StepsPrepare the SAPROUTER machineNormally, SAPROUTER would be installed with where the SAP Solution Manager server resides. Then this server would have the necessary tools, e.g. SAPGENPSE. Then ask your IT guy to map a public IP address to this server, also remember to allow port 3299 to access to the Internet. SAP needs to know your host name and public IP address of SAPROUTER server.

Apply the connection from SAPSend message to SAP, remember to choose the component XX-SER-NET-NEW, and of course remember to tell what your host name and IP address of the SAPROUTER server. SAP will send you back your distinguished name, in order to let you apply the certificate and complete the rest works.

Download the latest SAPROUTER softwareGo to SAP service marketplace, navigate to download tab, and refer to the path below to download SAPROUTER.

3 of 16


Apply for a SAPROUTER CertificateNavigate to http://service.sap.com/saprouter-sncadd

Click Apply Now!

4 of 16


Your distinguished name is shown up in the table, click Continue

And it needs your Certificate file generated by sapgenpse. Back to your OS, and make sure the user environment has been set the parameters of SECUDIR and SND_LIB, these two parameters need to point to your SAPCRYPTO.DLL.

5 of 16


Execute: sapgenpse get_pse v r certreq p local.pse

It needs a PIN (password), create your own one, say abcD1234, press Enter. Notice: your generated certificate file will be generated with option r, by default it generates under where you run the command.

6 of 16


Open this txt file, copy the content.

And paste to the page, click Request Certificate.

7 of 16


Then copy the generated string from page to local, I named it as srcert.txt.

Execute: sapgenpse import_own_cert c s:\srcert.txt p local.pse

8 of 16


Execute: sapgenpse seclogin p local.pse O And is something like \, input your PIN created before when it mentioned you type in.

Check your result, and execute: sapgenpse get_my_name v n Issuer If the result is not the same as what it shown above, there must be somewhere doing wrong, and you need to do it again.

Prepare SAPROUTTABUnzip SAPROUTER, copy to somewhere of your machine, there are only two files under that folder: SAPROUTER and NIPING. And then create a txt file, named it as SAPROUTTAB.

9 of 16


Content is something like this (replace 172.17.xx.xx with your private IP).

Activate SAPROUTER

Remember the string should be p: follow with option k.

Test it, and remember to use your private IP in the string, everything seems ok.

Configuration for SAPT-codeOSS1

10 of 16


After the configuration, click Logon

11 of 16


The popup window shows up, and proves that you succeed. And then test if you are able to download NOTE, T-codeSNOTE

-> Download SAP Note

12 of 16


Input a random NOTE number, click Execute

You can see this note has been downloaded.

Set SAPROUTER as Windows Service

Execute: ntscrmgr install SAPROUTER b \saprouter.exe p service r K ^p:^

13 of 16


Run regeditand gotoHK_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAPROUTER, modify ImagePath, and change ^ into , click OK.

14 of 16


And change the service startup type into Automatic

15 of 16


And change the user as the user you set before, save and startup the service

SAPROUTER is started, complete the whole process. And remember to close your message in SAP Service Marketplace.

16 of 16

SAP Basis Series - Setup OSS Connection via SNC

Documents

Transcript of SAP Basis Series - Setup OSS Connection via SNC