Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • SAP Router Under Linux Environment RHEL5

    Enviado por

    gauravpanwar8
    229 visualizações3 páginas
    SAP Router

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    DOCX, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    SAP Router

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    229 visualizações3 páginas

    SAP Router Under Linux Environment RHEL5

    Enviado por

    gauravpanwar8
    SAP Router

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 3

    SAP Router under Linux Environment

    (RHEL5)
    SAP Router Installation using RHEL 5 and SAP Router for Unix/Linux
    1. Install VM + RHEL 5
    a. Firewall disabled
    b. SELinux is Permissive Mode
    2. Login as root user
    3. Set network parameters
    Host name = SAPROUTER
    IP Address (Private) = xxx.xxx.xxx
    Subnet Mask= xxx.xxx.xxx
    Gateway=xxx.xxx.xxx.xxx
    DNS = xxx.xxx.xxx, xxx.xxx.xxx
    PUBLIC IP ADDRESS = xxx.xxx.xxx
    4. Create folder /usr/sap/saprouter
    5. Download the following files and extract to /usr/sap/saprouter
    1. SAPCRYPTOLIB_34-10010845.SAR
    2. saprouter_4-20002414.sar
    6. for sapcrytolib rename the folder linux-x86_64-glibc2.3 to lib
    Old folder was /usr/sap/saprouter/linux-x86_64-glibc2.3
    new folder will be /usr/sap/saprouter/lib
    7. Create the following files on folder /usr/sap/saprouter
    7.1 saprouttab
    # Example saprouttab
    # SNC connection to and from SAP
    KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx *
    Note: xxx.xxx.xxx means IP Address from SAP
    # SNC connection to local system for R/3-Support
    # Soluton Manager Server: xxx.xxx.xxx
    # Instance: 00
    KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx *
    Note: xxx.xxx.xxx means the local IP Address of your Solution Manager
    # SNC connection to local WINDOWS system for WTS, if applicable
    # Windows server: xxx.xxx.xxx
    # Default WTS port: 3389

    KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx 3389


    # SNC connection to local UNIX system for SAPtelnet, if applicable
    # UNIX server: xxx.xxx.xxx
    # Default Telnet port: 23
    KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx 23
    # SNC connection to local Portal system for HTTP URL access, if applicable
    # Portal server: xxx.xxx.xxx
    # HTTP Port: 50003 #
    KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx 50003
    # Access from the local Network to SAP P 10.0.*.* xxx.xxx.xxx 3299
    # Deny all other connections
    D***
    7.2 startsaprouter (executable)
    ./saprouter -r -R /usr/sap/saprouter/saprouttab -S 3299 -K "p:CN=SAPROUTER, OU=0000########,
    OU=SAProuter, O=SAP, C=DE"
    7.3 stopsaprouter (executable)
    ./saprouter -s
    8. Set environment variables
    a. gedit /etc/bashrc
    # SAP Environment
    export SECUDIR=/usr/sap/saprouter
    export SNC_LIB=usr/sap/saprouter/lib/libsapcrypto.so
    export LD_LIBRARY_PATH=usr/sap/saprouter/lib
    export LIBPATH=usr/sap/saprouter/lib
    #end of SAP Environment
    9. Add the following protocol to the /etc/services file
    # Start of SAP Protocol/Ports
    Sapdp99
    3299/tcp
    #End of SAP Protocol/Ports
    10. restart the system and login as root
    11. Generate Certificate

    a. Execute the command on folder /usr/sap/saprouter/lib


    sapgenpse get_pse -v -r certreq -p local.pse CN=SAPROUTER, OU=0000######, OU=SAProuter, O=SA
    C=DE

    PIN: sap123
    Display the output /usr/sap/saprouter/lib/"certreq" and copy (including the BEGIN and END statement)
    Update Certificate request in SAP Market Place and paste.
    In response you will receive the certificate signed by the CA in the Service Marketplace.
    Copy & paste the text to a new local file named "srcert", which must be created in the folder
    /usr/sap/saprouter/lib
    With this in turn you can install the certificate in your saprouter by calling:
    /usr/sap/saprouter/lib/sapgenpse import_own_cert -c srcert -p local.pse
    PIN: sap123
    Now you will have to create the credentials for the SAProuter with the same program (if you omit -O
    <user_for_saprouter>, the credentials are created for the logged in user account).
    /usr/sap/saprouter/lib>sapgenpse seclogin -p local.pse -O sapadm
    Note: The account of the service user should always be entered in full saprouter \sapadm

    This will create a file called "cred_v2" in the same directory as "local.pse"
    For increased security please check that the file can only be accessed by the user running the SAProuter. Do
    not allow any other access (not even from the same group)
    Check if the certificate has been imported successfully with the following command:
    /usr/sap/saprouter/lib>sapgenpse get_my_name -v -n Issuer
    The name of the Issuer should be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
    If this is not the case, delete the files "cred_v2"and "local.pse" and start over at Item c. If the output still
    does not match please open a customer message in component XX-SER-NET stating the actions you have
    taken so far and the output of the commands c.,f.,g. and h.
    12. Start the SAP Router by executing the following in the /usr/sap/saprouter directory
    ./startsaprouter
    13. Stop the SAP Router by executing the following command in the /usr/sap/saprouter directory
    ./stopsaprouter

    Você também pode gostar