SAP Router Installation with SNC
-
Upload
gary-jackson-mbcs -
Category
Technology
-
view
226 -
download
8
Transcript of SAP Router Installation with SNC
SAP Router Installa0on with SNC
• SAP Router is a program that acts as a proxy between SAP systems and external networks
• It controls access to your network from external network systems such as SAP AG
• It acts as an applica?on level gateway and is useful for enhancing an exis?ng firewall
• This document focuses on the installa?on of SAP Router using Secure Network Communica?on (SNC) and is aimed at system administrators responsible for seGng up connec?vity from SAP to customer
Introduc0on
• Download of the latest installa?on media for SAP Router and the SAP Cryptographic library from SAP Support Portal
• Register your with SAP Router with SAP o obtain public IP and hostname of your SAP Router host o fill in remote connec?on data sheet from note 28976 o raise incident with SAP under component XX-‐SER-‐NET-‐NEW o SAP will provide your Dis?nguished Name
• E.g. CN=<SAP Router host>, OU=<Customer Number>, OU=SAProuter, O=SAP, C=DE
• Prepare SAP Router host o create a user e.g. “sapadm” in group sapsys o create and installa?on filesystem e.g. /usr/sap/saprouter o set ownership of installa?on filesystem to “sapadm:sapsys”
Pre-‐Requisites
Installa0on • Perform the installa?on as user sapadm • Unpack the so]ware into your installa?on file system
o SAPCAR -‐xvf <saprouter so]ware archive> o SAPCAR -‐xvf <sapcryptographic so]ware archive>
• Update environment of sapadm o PATH = ${PATH}:<installa?on directory> o SECUDIR = <installa?on directory> o SNC_LIB = <installa?on directory>/<sapcryptographic_library> o LD_LIBRARY_PATH = <installa?on directory>
Registering SAP Router • Go to
hfps://support.sap.com/remote-‐support/saprouter/saprouter-‐cer?ficates.html
• Generate SAP Router cer?ficate request using dis?nguished name registered at SAP with sapadm and command sapgenpse o sapgenpse get_pse -‐v -‐a sha256WithRsaEncryp?on -‐s 2048 -‐r certreq -‐p
local.pse “<Dis?nguished Name>”
• Copy and paste the content of text file (certreq) created by sapgenpse into the SAP support page and request cer?ficate
• Copy and paste the result of the cer?ficate request onto the saprouter host as a text file “srcert” under the /usr/sap/saprouter directory
Import Cer0ficate • Import “srcert” onto saprouter using sapgenpse command
below and create creden?als for user “sapadm” to access local pse o sapgenpse import_own_cert -‐c srcert -‐p local.pse
o sapgenpse seclogin -‐p local.pse -‐O sapadm
Create Router Table • The SAP Router table is a permission file containing details of
who can communicate through the SAP Router
• As “sapadm” create the text file saproufab under /usr/sap/saprouter and configure similar to the example below
Opera0ng SAP Router • Operate SAP Router with the user created for the installa?on • Issue start/stop commands from the installa?on directory
• Start the SAP Router with the following command – saprouter -‐r -‐S <port> -‐G saprouter.log -‐K "<DN>" & – where:
o -‐K : to start with loading SNC library
o <DN> : Dis?nguished Name
o -‐S : saprouter port
o -‐G : name of the log file • Stop the SAP Router with the following command
– saprouter -‐s
Thank-‐you