Escolar Documentos
Profissional Documentos
Cultura Documentos
0LFURVRIW 64/6HUYHU
® TM
7UDGHPDUNV
SAP, the SAP logo, R/2, R/3, ABAP, and other SAP-related products mentioned herein are registered or
unregistered trademarks of SAP AG. All other products mentioned in this document are registered or
unregistered trademarks of their respective companies.
Simplification Group
SAP Labs, Inc.
3475 Deer Creek Road
Palo Alto, CA 94304
www.saplabs.com/simple
simplify-r3@sap.com
This book uses EcoFLEX lay-flat binding. With this lay-flat feature—developed by
and exclusively available at Johnson Printing Service (JPS)—you can open this book
and keep it open without it snapping shut on you. You need not worry about
breaking the spine. EcoFLEX makes books like this one easier to use.
&RQWHQWVDWD*ODQFH
iv Release 4.6A/B
'HWDLOHG7DEOHRI&RQWHQWV
$FNQRZOHGJHPHQWV [L[
,QWURGXFWLRQ [[L
What Is This Guidebook About?........................................................................ xxii
Who Should Read This Book?........................................................................... xxii
Prerequisites.......................................................................................................... xxiii
User ........................................................................................................................ xxiii
System.................................................................................................................... xxiv
How to Use This Guidebook .............................................................................. xxv
Organization ............................................................................................................xxv
What’s New .......................................................................................................... xxv
Content ....................................................................................................................xxv
Conventions........................................................................................................... xxvi
Special Icons...................................................................................................... xxvii
&KDSWHU 56\VWHP$GPLQLVWUDWLRQ%DVLFV ²
Overview............................................................................................................... 1–2
Roles of an R/3 System Administrator.............................................................. 1–2
Within R/3 .............................................................................................................. 1–2
External to R/3....................................................................................................... 1–3
Traits of an R/3 System Administrator.............................................................. 1–4
R/3 System Guidelines........................................................................................ 1–4
Protect the System ................................................................................................ 1–5
Do Not Be Afraid to Ask for Help........................................................................... 1–5
Network with Other Customers and Consultants.................................................. 1–6
Keep It Short and Simple (KISS)........................................................................... 1–7
Keep Proper Documentation................................................................................. 1–7
Use Checklists....................................................................................................... 1–8
Use the Appropriate Tool for the Job .................................................................... 1–9
Perform Preventive Maintenance.......................................................................... 1–9
Do Not Change What You Do Not Have To........................................................ 1–10
Do Not Make System Changes During Critical Periods...................................... 1–11
Do Not Allow Direct Database Access................................................................ 1–12
Keep all Non-SAP Activity Off the R/3 Servers................................................... 1–12
Minimize Single Points of Failure ........................................................................ 1–13
Corollaries to Murphy’s Law ............................................................................ 1–13
Special Definitions ............................................................................................ 1–14
Database server ................................................................................................... 1–14
Application server ................................................................................................. 1–14
Instance ................................................................................................................ 1–14
System.................................................................................................................. 1–14
&KDSWHU 'LVDVWHU5HFRYHU\²
Overview............................................................................................................... 2–2
What Is a Disaster? ............................................................................................... 2–2
Why Plan for a Disaster? .................................................................................... 2–3
Planning for a Disaster ....................................................................................... 2–4
Creating a Plan...................................................................................................... 2–4
What Are the Business Requirements for Disaster Recovery? ............................ 2–4
Who will provide the requirements?.............................................................................. 2–4
What are the requirements?......................................................................................... 2–4
When Should a Disaster Recovery Procedure Begin? ......................................... 2–5
Expected Downtime or Recovery Time................................................................. 2–5
Expected Downtime................................................................................................ 2–5
Recovery Time........................................................................................................ 2–6
Recovery Group and Staffing Roles ..................................................................... 2–6
Types of Disaster Recovery .................................................................................. 2–7
Onsite ..................................................................................................................... 2–7
Offsite ..................................................................................................................... 2–7
Disaster Scenarios ................................................................................................ 2–8
Three Common Disaster Scenarios ...................................................................... 2–8
A Corrupt Database................................................................................................ 2–8
A Hardware Failure................................................................................................. 2–8
A Complete Loss or Destruction of the Server Facility........................................... 2–9
Recovery Script ................................................................................................... 2–10
Creating a Recovery Script ................................................................................. 2–10
Recovery Process ............................................................................................... 2–10
Major Steps........................................................................................................... 2–10
Crash Kit.............................................................................................................. 2–11
Business Continuation During Recovery ............................................................ 2–14
Offsite Disaster Recovery Sites .......................................................................... 2–15
Integration with your Company’s General Disaster Planning ............................. 2–15
When the R/3 System Returns............................................................................ 2–15
Test your Disaster Recovery Procedure......................................................... 2–15
Other Considerations........................................................................................ 2–16
Other Upstream or Downstream Applications..................................................... 2–16
Backup Sites........................................................................................................ 2–17
Minimizing the Chances for a Disaster ........................................................... 2–17
Minimize Human Error......................................................................................... 2–17
Minimize Single Points of Failure ........................................................................ 2–18
Cascade Failures ................................................................................................ 2–18
&KDSWHU %DFNXSDQG5HFRYHU\ ²
Overview............................................................................................................... 3–2
Restore ................................................................................................................. 3–2
Strategy ................................................................................................................. 3–2
Testing Recovery.................................................................................................... 3–3
Backup.................................................................................................................. 3–3
What to Backup and When ................................................................................... 3–3
Database ................................................................................................................ 3–3
Transaction Logs .................................................................................................... 3–5
Operating System Level Files................................................................................. 3–6
Backup Types........................................................................................................ 3–6
What Is Backed Up................................................................................................. 3–7
How the Backup Is Taken....................................................................................... 3–8
vi Release 4.6A/B
Detailed Table of Contents
&KDSWHU 0XOWL5ROH7DVNV²
Starting the R/3 System ...................................................................................... 9–2
Start R/3—NT ........................................................................................................ 9–3
Stopping the R/3 System.................................................................................... 9–5
Tasks to Be Completed Before Stopping the System........................................... 9–6
System Message (SM02) ....................................................................................... 9–6
Check that No Active Users Are on the System (AL08/SM04) .............................. 9–9
Check for Batch Jobs Running or Scheduled (SM37).......................................... 9–11
Check for Active Processes on All Systems (SM51)............................................ 9–15
Check for External Interfaces ............................................................................... 9–15
Stopping R/3........................................................................................................ 9–16
STOP R/3—NT ..................................................................................................... 9–16
&KDSWHU 56\VWHP$GPLQLVWUDWLRQ ²
Overview............................................................................................................. 10–2
Major System Monitoring Tools....................................................................... 10–2
CCMS Central Alert Monitor (Transaction RZ20) ............................................... 10–2
Accessing the CCMS Alert Monitor (RZ20).......................................................... 10–4
Current View and Alert View................................................................................. 10–5
Switching Between the Current and Alert Views .................................................. 10–6
Finding an Alert .................................................................................................... 10–7
Configuring the Batch Job to Collect Historical Data (RZ21) ............................. 10–10
View the Alerts.................................................................................................... 10–12
Analyze the Alert ................................................................................................ 10–13
Acknowledge the Alert........................................................................................ 10–14
Provide System Configuration Information (Transaction RZ20)......................... 10–15
Maintaining The Alert Thresholds for RZ20........................................................ 10–17
Hiding SAP Standard Monitor Sets .................................................................... 10–19
Create a New Monitor Set .................................................................................. 10–23
Add a Monitor to the Monitor Set........................................................................ 10–24
System Administration Assistant (Transaction SSAA)...................................... 10–28
Specific Transaction Monitoring Overview .................................................. 10–32
Failed Updates (Transaction SM13) ................................................................. 10–32
Managing Update Terminates ............................................................................ 10–35
User Training ...................................................................................................... 10–37
System Log (Transaction SM21)....................................................................... 10–38
Locks (Transaction SM12) ................................................................................ 10–41
Active Users (Transactions SM04 and AL08)................................................... 10–43
Single-Instance System (Transaction SM04) ..................................................... 10–44
Multi-Instance System (Transaction AL08) ........................................................ 10–45
Work Processes (Transactions SM50 and SM51)............................................ 10–46
For a System with Application Servers............................................................... 10–46
For a System Without Application Servers......................................................... 10–47
ABAP Dump Analysis (Transaction ST22)........................................................ 10–48
Simple Selection ................................................................................................. 10–49
Free Selection..................................................................................................... 10–49
System Message (SM02)................................................................................. 10–51
Creating a Message .......................................................................................... 10–52
Editing a Message............................................................................................. 10–54
ABAP Editor (SE38) .......................................................................................... 10–55
For Information About a Program or Report....................................................... 10–56
x Release 4.6A/B
Detailed Table of Contents
Other....................................................................................................................... B–5
White papers........................................................................................................... B–5
SAPNet, Selected Items of Interest ........................................................................ B–5
Third-Party Resources ..........................................................................................B–7
Books:..................................................................................................................... B–7
R/3 .......................................................................................................................... B–7
UNIX ....................................................................................................................... B–8
NT ........................................................................................................................... B–8
OS/400.................................................................................................................... B–9
Microsoft SQL Server ............................................................................................. B–9
Informix ................................................................................................................... B–9
DB2....................................................................................................................... B–10
Oracle ................................................................................................................... B–10
Other Topics ......................................................................................................... B–10
Magazines: ........................................................................................................... B–11
Helpful Third-Party Information............................................................................. B–11
Web Sites ............................................................................................................B–11
SAP....................................................................................................................... B–11
SAP Affiliated........................................................................................................ B–12
Third Party ............................................................................................................ B–12
Internet News Groups .........................................................................................B–12
Other Resources .................................................................................................B–13
Operating System ................................................................................................. B–13
Database .............................................................................................................. B–13
Other Helpful Products: Contributed by Users..............................................B–13
UNIX ....................................................................................................................B–14
Backup.................................................................................................................. B–14
Monitor.................................................................................................................. B–14
Scheduler.............................................................................................................. B–14
Spool Management .............................................................................................. B–14
Other..................................................................................................................... B–14
NT ........................................................................................................................B–14
Backup.................................................................................................................. B–14
Monitor.................................................................................................................. B–14
Remote Control .................................................................................................... B–15
Scheduler.............................................................................................................. B–15
Spool Management .............................................................................................. B–15
Other..................................................................................................................... B–15
Common, Both UNIX and NT..............................................................................B–15
Network ...............................................................................................................B–16
$SSHQGL[& 8VHIXO6$31RWHV &²
Overview...............................................................................................................C–2
R/3 Notes ..............................................................................................................C–2
Operating System Notes.....................................................................................C–6
Common to Multiple Operating Systems ..............................................................C–6
NT ..........................................................................................................................C–6
UNIX ......................................................................................................................C–8
AS-400...................................................................................................................C–8
Database Notes ...................................................................................................C–9
MS SQL server ......................................................................................................C–9
DB2 / UDB ...........................................................................................................C–11
Informix................................................................................................................C–12
Oracle ..................................................................................................................C–13
The combined experience in SAP and general systems administration of those who contributed to this book
is measured in decades. I hope that I am able to share with you some of their wisdom.
I also wish to express appreciation to the following individuals who provided time, material, expertise, and
resources which helped make the Release 4.6A/B guidebook possible:
Customers and partners: Bill Robichaud, Bridgestone/Firestone; Chad Horwedel, XXX; Doris Steckel,
Agilent/HP; Gary Canez, Motorola; Hanumantha Kasoji, Celanese Acetate; John Blair, Steelcase; Joyce
Courtney, Infineon; Laura Shieh, John Muir Mt Diablo Health System; Kerry Ek, Finteck; Lynne Lollis,
e.coetry/Chaptec; Otis Barr, Ceridian; Paul Wiebe, TransAlta; Richard Doctor, Acuson; Sam Yamakoshi,
Timothy Rogers; Tony Schollum, Ernst & Young; Thomas Beam, NCUA; HP; Udesh Naicker, HP.
SAP AG: Andreas Graesser, Dr. Arnold Niedermaier, Dr. Carsten Thiel, Fabian Troendle, Georg Chlond,
Dr. Gert Rusch, Herbert Stegmueller, Joerg Schmidt, Dr. Meinolf Block, Michael Demuth, Michael Schuster,
Dr. Nicholai Jordt, Otto Boehrer, Rudolf Marquet, Stephen Corbett, Dr. Stefan Fuchs, Thomas Arend,
Thomas Besthorn, Dr. Uwe Hommel, Uwe Inhoff, and Dr. Wulf Kruempelman.
SAP America: “Casper” Wai-Fu Kan, Daniel Kocsis, Daniel-Benjamin Fig Zaidspiner, Jackie Wang, Lance
Pawlikowski, Maria Gregg, Sue McFarland.
SAP Labs: Dr. Arnold Klingert, Jaideep Adhvaryu, “Jody” Honghua Yang, John Wu, Kitty Yue, Nihad Al-
Ftayeh, Peter Aeschlimann, Philippe Timothee, Dr. Thomas Brodkorb.
SAP UK: Peter Le Duc.
Contributing authors: Patricia Huang, SAP America; Jerry Forsey, SAP America.
QA testers: Brad Barnes, e.coetry; Claudia Helenius; Jeff Orr, Utilx; Lynne Lollis, e.coetry; Marc Punzalan,
Heat and Control; Patrick McShane, Bramasol.
Documentation and production: Rekha Krishnamurthy, John Kanclier, Kurt Wolf.
&RQWHQWV
:KDW,V7KLV*XLGHERRN$ERXW"
3KLORVRSK\
Release 4.6 of the System Administration Made Easy Guidebook continues in the direction of the
4.0 version. The primary focus is the importance of the on-going nature of system
administration. This book is written for an installed system, where all installation tasks have
been completed. Installation and related tasks, which are usually performed once, have not
been included in this guidebook.
2UJDQL]DWLRQ
We have tried to group items and tasks in job role categories, which allows this guidebook
to be a better reference book.
&RQWHQW
Real world practical advice from consultants and customers has been integrated into this
book. Because of this perspective, some of the statements in this book are blunt and direct.
Some of the examples we have used may seem improbable, but “facts can be, and are,
stranger than fiction.”
Because system administration is such a large area, it is difficult to reduce the volume to
what can be called “Made Easy.” Although material in this book has been carefully chosen, it
is by no means comprehensive. Certain chapters can be expanded into several books [two
examples are the chapters on disaster recovery (chapter 2) and security (chapter 11)].
:KDW,V1RW3URYLGHG
Although there are chapters on problem solving and basic performance tuning, these
chapters are only introductions to the subjects. This guidebook is not meant to be a trouble
shooting or performance tuning manual. Installation tasks are not presented. We assume
that your SAP consultant has completed these tasks.
:KR6KRXOG5HDG7KLV%RRN"
Senior consultants, experienced system administrators, and DBAs may find portions of this
guidebook very elementary, but hopefully useful.
3UHUHTXLVLWHV
To help you use this guidebook, and to prevent this guidebook from becoming as thick as
an unabridged dictionary, we defined a baseline for user knowledge and system
configuration. The two sections below (User and System) define this baseline. Review these
sections to determine how you and your system match. This book is also written with
certain assumptions about your knowledge level and the expectation that particular system
requirements have been met.
8VHU
We assume that you have a baseline knowledge of R/3, the operating system, and the
database. If you lack knowledge in any of the following points, we recommend that you
consult the many books and training classes that specifically address your operating system
and database.
You should know how to complete the following tasks at the:
< R/3 System level:
Be able to log on to R/3
Know how to navigate in R/3 using menus and transaction codes
There are screens that do not have menu paths and the only way to access them is by
using the transaction codes. In the “real world,” navigating by transaction codes is
faster and more efficient than menus.
< Operating system level:
Be familiar with the file and directory structure
Be able to use the command line to navigate and execute programs
Set up a printer
Perform a backup using standard operating system tools or third-party tools
Perform basic operating system security
Copy and move files
Properly start and stop the operating system and server
< Database level
Properly start and stop the database
Perform a backup of the database
R/3 runs on more than five different versions of UNIX. In many cases, significant
differences exist between these versions. These differences contributed to our decision to
not go into detail at the operating system level.
6\VWHP
For an ongoing productive environment, we assume that the:
< R/3 System is completely and properly installed
< Infrastructure is set up and functional
The following checklist will help you determine if your system is set up to the baseline
assumptions of this book. If you can log on to your R/3 System, most of these tasks have
already been completed.
+DUGZDUH
,QIUDVWUXFWXUH
< Is the Uninterruptible Power Supply (UPS) installed?
< Is a server or system monitor available?
6RIWZDUH
< Are the following utility software installed (as appropriate)?
Backup program
Hardware monitors
System monitors
UPS control
< R/3 System
Is R/3 installed according to SAP’s recommendation?
Is the TPPARAM file configured?
(In Release 4.6, TMS creates a file to be used as the TPPARAM file.)
Is the TMS/CTS configured?
Is the SAProuter configured?
Is the OSS1 transaction configured?
Is the ABAP workbench configured?
Has initial security been configured (default passwords changed)?
Are the NT sapmnt share or UNIX NFS sapmnt exports properly configured?
Is the online documentation installed?
< Can users log on to R/3 from their desktops?
'HVNWRS
For optimal results, we recommend that the minimum screen resolution be set as follows:
< For the users, 800 × 600
< For the system administrator, 1024 × 768 and a minimum color depth of 256 colors
The Release 4.6 GUI displays better with 64K colors.
+RZWR8VH7KLV*XLGHERRN
:KDW·V1HZ
This guidebook evolved from the previous versions of this guidebook and incorporates
customer and consultant comments. Send us your comments, so we can make future
versions better meet your needs.
&RQWHQW
The new features of the Release 4.6 guidebook are:
< System Administration Assistant (transaction SSAA), chapter 10
< New chapters on:
Security (chapter 11)
Microsoft SQL Server / Windows NT (chapter 13)
Basic problem solving (chapter 17 )
Basic performance tuning (chapter 22)
The procedures to perform regularly-scheduled tasks have been moved to the Roles section.
The unscheduled tasks section from the 4.0B guidebook has become a role-oriented section.
This change accommodates customers who perform scheduled tasks at times other than the
times presented in this guidebook. Therefore, all the task procedures are classified in one
section and by job roles, where related tasks are placed together. Regardless of the job
schedule, all jobs related to a job role are grouped in one place.
&RQYHQWLRQV
In the table below, you will find some of the text conventions used throughout this guide.
Menu Bar
Standard Toolbar
Screen Title
♦ Application Toolbar
User menu
♣ Workplace Menu
Workplace
Status Bar
♦ Application toolbar:
The screenshots shown in this guide are based on full user authorization (SAP_ALL).
Depending on your authorizations, some of the buttons on your application toolbar may
not be available.
♣ Workplace menu:
Depending on your authorizations, your workplace menu may look different from
screenshots in this guide which are based on SAP_ALL. The User menu and SAP standard
menu buttons provide different views of the workplace menu.
To learn how to build user menus, see Authorizations Made Easy guidebook Release
4.6A/B.
1RWH In this guidebook, we show the technical names of each transaction. To match our
settings, choose Extras → Settings and select Show technical names.
6SHFLDO,FRQV
Throughout this guide special icons indicate important messages. Below are brief
explanations of each icon:
Exercise caution when performing this task or step. An explanation of why you should be
careful is included.
This information helps you understand the topic in greater detail. It is not necessary to
know this information to perform the task.
These messages provide helpful hints and shortcuts to make your work faster and easier.
&RQWHQWV
Overview ..................................................................................................................1–2
Roles of an R/3 System Administrator .................................................................1–2
Traits of an R/3 System Administrator .................................................................1–4
R/3 System Guidelines ...........................................................................................1–4
Corollaries to Murphy’s Law................................................................................1–13
Special Definitions ................................................................................................1–14
2YHUYLHZ
This chapter is about the roles that a system administrator plays. These roles cross all
functional areas, and the number and intensity of the tasks depends on the size of the
company. In a small company, one person can be the entire system administration
department. In a larger company, however, this person is probably part of a team. The
purpose of this “definition” is to help clarify the roles of a system administrator. This
chapter is a list of commonly used system administration terms and their definitions.
At the end of this chapter is a list of 14 R/3 System guidelines, which a system administrator
must be aware of while working with the system.
Sample guidelines include:
< Keep it short and simple (KISS)
< Use checklists
< Do not allow direct database access
5ROHVRIDQ56\VWHP$GPLQLVWUDWRU
Depending on the size of the company and available resources, R/3 administrator(s) may
range from one person to several specialized people in several departments.
Factors that affect an R/3 system administrator’s tasks, staffing, and roles:
< Company size
< Available resources (the size of the Basis group)
< Availability of infrastructure support for:
Desktop support
Database
Network
Facilities
The R/3 system administrator may wear many hats both in or directly related to, R/3 and
indirectly or external to R/3.
:LWKLQ5
< User administrator
Set up and maintain user accounts
< Security administrator
Create and maintain SAP security profiles
Monitor and manage security access and violations
Release 4.6A/B
1–2
Chapter 1: R/3 System Administration Basics
Roles of an R/3 System Administrator
([WHUQDOWR5
< DBA for the specific database on which the system is running
Manage database specific tasks
Maintain the database’s health and integrity
< Operating system administrator
Manage the operating system access and user IDs
Manage operating system specific tasks
< Network administrator
Manage network access and user IDs
Manage network support and maintenance
< Server administrator
Manage the servers
< Desktop support
Supports the user’s desktop PC
< Printers
< Facilities
Manages facilities-related support issues, such as:
Power/utilities
Air conditioning (cooling)
7UDLWVRIDQ56\VWHP$GPLQLVWUDWRU
56\VWHP*XLGHOLQHV
Release 4.6A/B
1–4
Chapter 1: R/3 System Administration Basics
R/3 System Guidelines
3URWHFWWKH6\VWHP
:KDW
Everything you do as a system administrator should be focused on protecting and
maintaining the system’s integrity.
:K\
< If the system’s integrity is compromised, incorrect decisions could be made based on
invalid data.
< If the system cannot be recovered after a disaster, your company could be out of
business.
+RZ
< The system administrator must have a positive, professional attitude.
If the system administrator has less than this attitude, critical tasks may not be properly
completed (for example, backups may not be taken as scheduled and backup logs may
not be checked, which reduces the chances for a successful recovery).
< System administrators should maintain a “my job is on the line” attitude.
This attitude helps to ensure that administrators focus on maintaining the integrity of
the system. The company may not survive if the system crashes and cannot be
recovered.
< The system must be protected from internal and external sources.
One problem today is employees “poking around” in the network.
'R1RW%H$IUDLGWR$VNIRU+HOS
:K\
< R/3 is so large and complex that one person cannot be expected to know everything.
If you are unsure which task to complete or how to complete it, you could make a
mistake and cause a larger problem.
< Mistakes within the system can be expensive.
Certain things cannot be “undone,” and once set, are set forever.
< The only way to learn is to ask.
There are no dumb questions—only dumb reasons for not asking them.
+RZ
< SAPNet R/3 notes
< Various web sites and news groups
< Consultants
Also see the section in this chapter that covers networking with other customers and
consultants.
1HWZRUNZLWK2WKHU&XVWRPHUVDQG&RQVXOWDQWV
:KDW
Get to know the R/3 Basis and system administrators in other companies.
:K\
< Other customers may be able to provide solutions to your problems.
< Customers who help each other reduce their consulting expenses.
< The more people you know, the better your chances of finding someone to help you
solve a problem.
:KHQ:KHUHDQG+RZ
When you have the opportunity, meet:
< Other SAP customers and consultants, especially those in your specialty area
< Others using your operating system or database
Where to network:
< Training classes
< SAP events
Technical Education Conference (TechEd)
SAPPHIRE
< Participate in user groups:
Americas SAP Users Group (ASUG)
Regional SAP users groups
Database user groups, such as those for Microsoft SQL Server, Informix, DB2, or
Oracle
Operating system user groups, such as those for UNIX (the various versions), NT, or
IBM (AIX, AS400, or OS390)
< Participate in professional organizations
Participation means getting involved in the organization. The more you participate, the
more people you meet and get to know.
Release 4.6A/B
1–6
Chapter 1: R/3 System Administration Basics
R/3 System Guidelines
.HHS,W6KRUWDQG6LPSOH.,66
:K\
< Complex tasks are more likely to fail as situations change.
A process with 27 steps has 27 chances to fail, because complex tasks are difficult to
create, debug, and maintain.
< It is difficult to train people for complex tasks.
< Explaining a complex task on the telephone increases the chance that what is said will
not be properly understood and an error will be made. If the error is severe, you may
have a disaster on your hands.
+RZ
< Keep tasks as simple as possible.
< Test
.HHS3URSHU'RFXPHQWDWLRQ
:KDW
Document processes, procedures, hardware changes, configuration changes, checks
performed, problems, errors, etc. If in doubt about what to document, write it all down.
:K\
< As time passes, you will forget the details of a process or problem.
At some point, you may not remember anything about the process or problem. In an
extreme situation, which happens with short-term memory, you can quickly forget the
information in minutes.
< If you violate the KISS principle, complete documentation becomes even more
important.
< If the process is complex, complete documentation reduces the chance of errors.
< If you are sick or unavailable, complete documentation can help someone else do the
job.
< If changes need to be undone, you will know exactly what needs to be done to complete
this task.
< Documentation helps train new people.
Employee turnover must be planned for. Proper documentation makes the training and
transition of new employees easier and faster.
:KHQ
Documentation must be changed when:
< Documented items change.
Inaccurate documentation could be dangerous because it describes a process that should
not be followed.
< Changes are made to the system.
< Problems, such as hardware failures, error log entries, and security violations, occur.
+RZ
< Record everything done to the system, as it is being done, so details are not forgotten.
< Document items clearly and sufficiently so that, without assistance, a qualified person
can read what you have written and perform the task.
< Re-read older documentation to see where improvements can be made. Obvious items
get “fuzzy” over time and are no longer obvious.
< Use graphics, flowcharts, and screenshots to clarify documentation.
:KHUH
< Keep a log (notebook) on each server and record everything that you do on the servers.
< Keep a log for everything done remotely to any of the servers.
< Keep a log for other related items.
8VH&KHFNOLVWV
:KDW
A checklist lists the steps required to complete a task. Each step requires an
acknowledgement of completion (a check) or an entry (date, time, size, etc.).
:K\
< Checklists enforce a standardized process and reduce the chance that you will overlook
critical steps.
For example, if you were to use a checklist every time you drive a car, then you would
remember to turn off your headlights when you park your car, or you would not drive
off with your parking brake still set.
< Checklists force you to document events, such as run times, which may later become
important.
Release 4.6A/B
1–8
Chapter 1: R/3 System Administration Basics
R/3 System Guidelines
:KHQ
Checklists are especially useful for tasks that are:
< Complex or critical
If a step is missed or done incorrectly, the result could be serious (for example, inability
to restore the database).
< Done for the first time
< Done infrequently
It is difficult to remember how to do a complicated task that you do only once a year.
+RZ
See examples in Scheduled Tasks.
8VHWKH$SSURSULDWH7RROIRUWKH-RE
Sometimes a low-tech solution is best. Depending on the situation, a paper-and-pencil
solution may work better and be more cost effective than a computerized solution. Paper
and pencil still works during a power failure.
3HUIRUP3UHYHQWLYH0DLQWHQDQFH
:KDW
Preventive maintenance is the proactive monitoring and maintenance of the system.
:K\
< It is less disruptive and stressful if you can plan a convenient time to do a task, rather
than have it develop into an “emergency” situation.
< Fix a potential problem before it negatively impacts the system and company
operations.
An extreme situation is that the entire system is down until a particular task is
completed (for example, if the log file space goes down to zero (0), the database will
stop, and then R/3 also stops. Until sufficient file space is cleared, R/3 will not run and
certain business operations, such as shipping, may stop).
:KHQ
< Checking for problems should be a part of your regular routine.
< Scheduling tasks to fix a problem should be based on your situation, and when least
disruptive to your users.
+RZ
< Monitor the various logs and event monitors
< Obtain additional disk storage before you run out of room
< Regularly clean the tape drive(s)
< Check the database for consistency and integrity
'R1RW&KDQJH:KDW<RX'R1RW+DYH7R
:KDW
< If the system works, leave it alone.
< Do not change something just to upgrade to the latest version.
:K\
< Risk
When something changes, there is a chance that something else may break.
< Cost
Upgrading is expensive in terms of time, resources, and consulting, etc.
:KHQ
< A business need exists.
< Legal requirements call for an update.
This really is not an option. If you do not keep up you will not be complying with legal
requirements. The associated penalties can be expensive.
< If the hardware or software release is no longer supported by the vendor.
< The new release offers a specific functionality that offers added business value to your
company.
< Fixing a major problem requires an upgrade.
A fix is unavailable in a patch or an “advance release.”
+RZ
< If the change fails or causes problems, make certain you can recover to a before-the-
change condition.
< All changes must be regression tested to make sure that nothing else has been affected
by the change. In other words, everything still works as it is supposed to.
Regression testing of R/3 involves the functional team and users.
< Stage the change and test it in the following order:
1. Test system (a “Sandbox” system)
2. Development system
3. Quality Assurance system
4. Production system
Even if your company does not have all the above-mentioned systems, the key is to
maintain the general order. For example, if your company does not have a test system,
test the change in the following order:
1. Development
2. Quality Assurance
3. Production
Release 4.6A/B
1–10
Chapter 1: R/3 System Administration Basics
R/3 System Guidelines
By the time you reach the production system, you should be comfortable that nothing
will break.
'R1RW0DNH6\VWHP&KDQJHV'XULQJ&ULWLFDO3HULRGV
:KDW
A critical period is when system disruptions could cause severe operational problems.
:K\
If a problem occurs during a critical period, the business maybe severely impacted.
Note the following sequence of events:
1. A system administrator changes a printer in Shipping at the end of the month.
2. R/3 cannot send output to the new printer.
3. The users cannot print shipping documents.
4. The company cannot ship their products.
5. Revenue for the month is reduced.
:KHQ
A critical period is any time where the users and the company may be “severely” impacted
by a system problem. These periods differ depending on the particular industry or
company. What is a critical period for one company may not be critical for another
company.
The following are “real” examples of critical periods:
< At end of the month, when Sales and Shipping are booking and shipping as much as
they can, to maximize revenue for the month
< At the beginning of the month, when Finance is closing the prior month
< During the last month of the year, when Sales and Shipping are booking and shipping as
much as they can, to maximize the revenue for the year
< During the beginning of the year, when Finance is closing the books for the prior year
and getting ready for the financial audit
+RZ
< Always coordinate potentially disruptive system events with the users.
Different user groups in the company, such as Finance and Order Entry, may have
different quiet periods that need to be coordinated.
< Plan all potentially disruptive systems-related activities during quiet periods when a
problem will have minimal user impact.
'R1RW$OORZ'LUHFW'DWDEDVH$FFHVV
:KDW
Direct database access means allowing a user to run a query or update directly to the
database without going through R/3.
:K\
< By not going through R/3, there is the risk of corrupting the database.
< Directly updating the database could put the database out of sync with the R/3 buffers.
+RZ
< When R/3 writes to the database, it could be writing to many different tables.
If a user writes directly to the tables, missing a single table may corrupt the database by
putting the tables out of sync with each other.
< With direct database access, a user could accidentally execute an update or delete, rather
than a read.
.HHSDOO1RQ6$3$FWLYLW\2IIWKH56HUYHUV
:KDW
< Do not allow users to directly access (telnet, remote access, etc.) the R/3 server(s).
< Do not use the R/3 server as a general file server.
< Do not run programs that are not directly related to R/3 on an R/3 server.
:K\
< Security
Not allowing users to have access to the R/3 server reduces the chance of files from
being accidentally deleted or changed.
No access also means that user cannot look at confidential or sensitive information.
< Performance
Using the production R/3 sever as a file server creates resource contention, where
performance is a primary concern. Programs running on the R/3 servers will contend
for the same resources that R/3 is using, which affects the performance of R/3.
+RZ
Use other servers to perform functions unrelated to R/3.
Release 4.6A/B
1–12
Chapter 1: R/3 System Administration Basics
Corollaries to Murphy’s Law
0LQLPL]H6LQJOH3RLQWVRI)DLOXUH
:KDW
A single-point failure is when the failure of a single component, task, or activity causes the
system to fail or creates a critical event.
:K\
Each place where a single-point failure could occur increases the chances of a system failure
or other critical event.
For example, if:
< You only have one tape drive and it fails, you cannot back up your database.
< You rely on utility line power, and do not have a UPS, the server will crash during a
power failure and possibly corrupt the database.
< You are the only one who can complete a task, and you are on vacation, the task will not
be completed until you return (or you will be “on call” while on vacation).
To guard against a single-point failure, consider the following options:
< Systems configured with a built-in backup
< Redundant equipment, such as dual power supplies
< On-hand spares
< Sufficient personnel
< On-call consultants
< Cross-training
< Outsourcing
&RUROODULHVWR0XUSK\·V/DZ
6SHFLDO'HILQLWLRQV
There are terms used in this guidebook that have very specific meanings. To prevent
confusion, they are defined below:
'DWDEDVHVHUYHU
This is where R/3 and the database resides.
The system clock of the database server is the master clock for the R/3 system.
$SSOLFDWLRQVHUYHU
This is where R/3 application runs.
On a two-tiered system, this would be combined on the database server. Application
servers can be dedicated to online users, batch processing or a mix.
,QVWDQFH
An installation of R/3 on a server.
The two types of instances are central, and dialog. More than one instance could exist on a
physical server.
6\VWHP
The complete R/3 installation for a System ID (SID), for example PRD.
A system logically consists of the R/3 central instance and dialog instances for the SID. This
physically consists of the database server and application servers for that SID.
Release 4.6A/B
1–14
Chapter 1: R/3 System Administration Basics
Special Definitions
A two-tiered configuration combines the application and database layers on a single server.
Release 4.6A/B
1–16
&KDSWHU 'LVDVWHU5HFRYHU\
&RQWHQWV
Overview ..................................................................................................................2–2
Why Plan for a Disaster?........................................................................................2–3
Planning for a Disaster...........................................................................................2–4
Test your Disaster Recovery Procedure ............................................................2–15
Other Considerations ...........................................................................................2–16
Minimizing the Chances for a Disaster ...............................................................2–17
2YHUYLHZ
The purpose of this chapter is to help you understand what we feel is the most critical job of
a system administrator—disaster recovery.
We included this chapter at the beginning of our guidebook for two reasons:
< To emphasize the importance of the subject
Disaster recovery needs to be planned as soon as possible, because it takes time to
develop, test, and refine.
< To emphasize the importance of being prepared for a potential disaster
Murphy’s Law says:
“Disaster will strike when you are not prepared for it.”
The faster you begin planning, the more prepared you will be when a disaster does happen.
This chapter is not a disaster recovery “how to.” It is only designed to get you thinking
and working on disaster recovery.
:KDW,VD'LVDVWHU"
The goal of disaster recovery is to restore the system so that the company can continue
doing business. A disaster is anything that results in the corruption or loss of the R/3
System.
Examples include:
< Database corruption.
For example when test data is accidentally loaded into the production system.
This happens more often than people realize.
< A serious hardware failure.
< A complete loss of the R/3 System and infrastructure.
For example, the destruction of the building due to natural disaster.
The ultimate responsibility of a system administrator is to successfully restore R/3 after a
disaster.
The ultimate consequence of not restoring the system is that your company goes out of
business.
The administrator’s goal is to prevent the system from ever reaching the situation where the
ultimate responsibility is called upon.
Disaster recovery planning is a major project. Depending on your situation and the size and
complexity of your company, disaster recovery planning could take more than a year to
prepare, test, and refine. The plan could fill many volumes. This chapter helps you start
thinking about and planning for disaster recovery.
:K\3ODQIRUD'LVDVWHU"
< A system administrator should expect and plan for the worst, and then hope for the best.
< During a disaster recovery, nothing should be done for the first time.
Unpleasant surprises could be fatal to the recovery process.
Here are some of the reasons to develop a disaster recovery plan:
< Will business operations stop if R/3 fails?
< How much lost revenue and cost will be incurred for each hour that the system is down?
< Which critical business functions cannot be completed?
< How will customers be supported?
< How long can the system be down before the company goes out of business?
< Who is coordinating and managing the disaster recovery?
< What will the users do while R/3 is down?
< How long will the system be down?
< How long will it take before the R/3 System is available for use?
If you plan properly, you will be under less stress, because you know that the system can be
recovered and how long this recovery will take.
If the recovery downtime is unacceptable, management should invest in:
< Equipment, facilities, and personnel
< High availability (HA) options
HA options can be expensive. There are different degrees of HA, so customers need to
determine which option is right for them.
HA is an advanced topic beyond the scope of this guidebook. If you are interested in this
topic, contact an HA vendor.
3ODQQLQJIRUD'LVDVWHU
This chapter is not a disaster recovery “how to.” It is only designed to get you thinking
and working on disaster recovery.
&UHDWLQJD3ODQ
Creating a disaster recovery plan is a major project because:
< It can take over a year and considerable time to develop, test, and document.
< The documentation may be extensive (literally thousands of pages long).
If you do not know how to plan for a disaster recovery, get the assistance of an expert. A
bad plan (that will fail) is worse than no plan, because it provides a false sense of security.
:KDW$UHWKH%XVLQHVV5HTXLUHPHQWVIRU'LVDVWHU5HFRYHU\"
Who will provide the requirements?
< Senior management needs to provide global (or strategic) requirements and guidelines.
< The business units’ needs drive the specific detailed requirements.
These units should understand that as the requirement for the recovery time decreases,
the cost for disaster recovery increases. The units should budget for it, or if the funds
come from an administrative or IT budget, the units should support it.
What are the requirements?
Each requirement should answer the following questions:
< Who is the requestor?
< What is the requirement?
< Are other departments or customers affected by this requirement?
< Why is the requirement necessary?
When R/3 is offline, what does (or does not) happen?
What is the cost (or lost revenue) of an hour or a day of R/3 downtime?
The justification should be a concrete objective value (such as $20,000 an hour).
Define the cost (per hour, per day, etc.) of having the R/3 System down.
([DPSOH
What: No more than one hour of transaction data may be lost.
Why: The cost is 1,000 transactions per hour of lost transactions that are entered
in R/3 and cannot be recreated from memory.
This inability to recreate lost transactions may result in lost sales and upset
customers. If the lost orders are those that the customer quickly needs, this
situation can be critical.
([DPSOH
What: The system cannot be offline for more than three hours.
Why: The cost (an average of $25,000 per hour) is the inability to book sales.
([DPSOH
What: In the event of disaster, such as the loss of the building containing the R/3
data center, the company can only tolerate a two-day downtime.
Why: At that point, permanent customer loss begins.
Other: There must be an alternate method of continuing business.
:KHQ6KRXOGD'LVDVWHU5HFRYHU\3URFHGXUH%HJLQ"
Ask yourself the following questions:
< What criteria constitute a disaster?
< Have these criteria been met?
< Who needs to be consulted?
The person must be aware of the effect of the disaster on the company’s business and the
critical nature of the recovery.
([SHFWHG'RZQWLPHRU5HFRYHU\7LPH
([SHFWHG'RZQWLPH
Expected downtime is only part of the business cost of disaster recovery. For defined
scenarios, this cost is the expected minimum time before R/3 can be productive again.
Downtime may mean that no orders can be processed and no products shipped.
Management must approve this cost, so it is important that they understand that downtime
are potential business costs.
To help business continue, it is important to find out if there are alternate processes that can
be used while the R/3 System is being recovered.
5HFRYHU\*URXSDQG6WDIILQJ5ROHV
There are four key roles in a recovery group. The number of employees performing these
roles will vary depending on your company size. In a smaller company, for example, the
recovery manager and the communication liaison could be the same person. Titles and tasks
will probably differ based on your company’s needs.
We defined the following key roles:
< Recovery manager
Manages the entire technical recovery. All recovery activities and issues should be
coordinated through this person.
< Communication liaison
Handles user phone calls and keeps top management updated with the recovery status.
One person handling all phone calls allows the group doing the technical recovery to
proceed without interruptions.
To reduce interruption of the recovery staff, we recommend you maintain a status board.
The status board should list key points in the recovery plan and an estimate of when the
system will be recovered and available to use.
< If the disaster is a major geographical event (like an earthquake), your local staff will be
more concerned with their families—not the company.
< Depending on the disaster, key personnel could be injured or killed.
You should expect and plan for these situations. Plan for staff from other geographic sites
to be flown in and participate as disaster recovery team members.
A final staffing role is to plan for at least one staff member to be “unavailable.” Without this
person, the rest of the department must be able to perform a successful recovery. This issue
may become vital during an actual disaster.
7\SHVRI'LVDVWHU5HFRYHU\
Disaster recovery scenarios can be grouped into two types:
< Onsite
< Offsite
2QVLWH
Onsite recovery is disaster recovery done at your site. The infrastructure usually remains
intact. The best case scenario is a recovery done on the original hardware. The worst case
scenario is a recovery done on a backup system.
2IIVLWH
Offsite recovery is disaster recovery done at a disaster recovery site. In this scenario, all
hardware and infrastructure are lost as a result of facility destruction such as a fire, a flood,
or an earthquake. The new servers must be configured from scratch.
A major consideration is that once the original facility has been rebuilt and tested, a second
restore must take place back to the customer’s original facility. While this second restore can
be planned and scheduled at a convenient time to disrupt as few users as possible. The
timing is just as critical as the disaster. While the system is being recovered, it is down.
'LVDVWHU6FHQDULRV
There are an infinite number of disaster scenarios that could occur. It would take an infinite
amount of time to plan for them, and you will never account for all of them. To make this
task manageable, you should plan for at least three and no more than five scenarios. In the
event of a disaster, you would adapt the closest scenario(s) to the actual disaster.
The disaster scenarios are made up of:
< Description of the disaster event
< High level plan of major tasks to be performed
< Estimated time to have the system available to the users
To create your final scenario:
1. Use the Three Common Disaster Scenarios section below as a starting point.
2. Prepare three to five scenarios that cover a wide range of disasters that would apply to
you.
3. Create a high-level plan (are made up of major tasks) for each scenario.
4. Test the planned scenario, by creating different test disasters and determining if (and
how) your scenario(s) would adapt to an actual disaster.
5. If the test scenario(s) cannot be adapted, modify or develop more scenarios
6. Repeat the process.
7KUHH&RPPRQ'LVDVWHU6FHQDULRV
The following three examples range from a best-to-worst scenario order:
The downtimes in the examples below are only samples. Your downtimes will be different.
You must replace the sample downtimes with the downtimes applicable to your
environment.
$&RUUXSW'DWDEDVH
< A corrupt database could result from:
Accidentally loading test data into the production system.
A bad transport into production, which results in the failure of the production
system.
< Such a disaster requires the recovery of the R/3 database and related operating system
files.
< The “sample” downtime is eight hours.
$+DUGZDUH)DLOXUH
< The following types of items may fail:
A system processor
A drive controller
$&RPSOHWH/RVVRU'HVWUXFWLRQRIWKH6HUYHU)DFLOLW\
< The following items can be lost:
Servers
All supporting infrastructure
All documentation and materials in the building
The building
< A complete loss of the facility can result from the following types of disasters:
Fire
Earthquake
Flood
Hurricane
Tornado
Man-made disasters, such as the World Trade Center bombing
< Such a disaster requires:
Replacing the facilities
Replacing the infrastructure
Replacing lost hardware
Rebuilding the server and R/3 environment (hardware, operating system, database,
etc.)
Recovering the R/3 database and related files
< The “sample” downtime lasts eight days and comprises:
At least five days to procure hardware.
In a regional disaster, this purchase could take longer if your suppliers were also
affected by the disaster.
Use national vendors with several regional distribution centers and, as a backup,
have an out-of-area alternate supplier.
Two days to rebuild the NT server (one person); 16 hours actual work time
As the hardware is procured and the server is being rebuilt, an alternate facility is
obtained and an emergency (minimal) network is constructed
One day to integrate into the emergency network
5HFRYHU\6FULSW
:KDW
:K\
&UHDWLQJD5HFRYHU\6FULSW
Creating a recovery script requires:
< A checklist for each step
< A document with screenshots to clarify the instructions, if needed
< Flowcharts, if the flow of steps or activities is critical or confusing
5HFRYHU\3URFHVV
To reduce recovery time, define a process by:
< Completing as many tasks as possible in parallel
< Adding timetables for each step
0DMRU6WHSV
1. During a potential disaster, anticipate a recovery by:
< Collecting facts
< Recalling the latest offsite tapes
< Recalling the crash kit (see page 2–11 for more information).
< Calling all required personnel
These personnel include the internal SAP team, affected key
users, infrastructure support, IT, facilities, on-call consultants, etc.
< Preparing functional organizations (sales, finance, and shipping) for alternate
procedures for key business transactions and processes.
2. Minimize the effect of the disaster by:
< Stopping all additional transactions into the system
Waiting too long could worsen the problem
< Collecting transaction records that have to be manually reentered
3. Begin the planning process by:
< Analyzing the problem
< Fitting the disaster to your predefined scenario plans
< Modifying the plans as needed
4. Define when to initiate a disaster recovery procedure.
< What are the criteria to declare a disaster, and have they been met?
< Who will make the final decision to declare a disaster?
5. Declare the disaster.
6. Perform the system recovery.
7. Test and sign off on the recovered system.
Key users, who will use a criteria checklist to determine that the system has been
satisfactorily recovered should perform the testing.
8. Catch up with transactions that may have been handled by alternate processes during
the disaster.
Once completed, this step should require an additional sign-off.
9. Notify the users that the system is ready for normal operations.
10. Conduct a postmortem debriefing session.
Use the results from this session to improve your disaster recovery planning.
&UDVK.LW
:KDW
:K\
During a disaster, everything that is needed to recover the R/3 environment is contained in
one (or a few) containers. If you have to evacuate the site, you will not have the time to run
around, gathering the items at the last minute, hoping that you get everything you need.
In a major disaster you may not even have that opportunity.
:KHQ
When a change is made to a component (hardware or software) on the server, replace the
outdated items in the crash kit with updated items that have been tested.
A periodic review of the crash kit should be performed to determine if items need to be
added or changed. A service contract is a perfect example of an item that requires this type
of review.
:KHUHWR3XWWKH&UDVK.LW
The crash kit should be physically separated from the servers. If it is located in the server
room, and the server room is destroyed, this kit is lost.
Some crash kit storage areas include:
< Commercial offsite data storage
< Other company sites
< Another secure section of the building
+RZ
The following is an inventory list of some of the major items to put into the crash kit. You
will need to add or delete items for your specific environment. This inventory list is
organized into the following categories:
< Documentation
< Software
'RFXPHQWDWLRQ
An inventory of the crash kit should be taken by the person who seals the kit. If the seal is
broken, items may have been removed or changed, making the kit useless in a recovery.
The inventory list below must be signed and dated by the person checking the crash kit. The
following documentation must be included in the crash kit:
< Disaster recovery script
< Installation instructions for the:
Operating system
Database
R/3 System
< Special installation instructions for:
Drivers that have to be manually installed
Programs that must be installed in a specific manner
Ensure that maintenance agreements are still valid and check if the agreements expired.
These should be part of a regular schedule task.
6RIWZDUH
< Operating system:
Installation kit
Drivers for hardware, such as a Network Interface Card (NIC) or a SCSI
controller, which are not included in the installation kit
Service packs, updates, and patches
< Database:
Installation kit
Service packs, updates, and patches
Recovery scripts, to automate the database recovery
< For R/3:
Installation kit
Currently installed kernel
System profile files
tpparam file
saprouttab file
saplogon.ini
< Other R/3 integrated programs (for example, a tax package)
< Other software for the R/3 installation:
Utilities
Backup
UPS control program
Hardware monitor
FTP client
Remote control program
System monitor
%XVLQHVV&RQWLQXDWLRQ'XULQJ5HFRYHU\
Business continuation during a recovery is an alternate process to continue doing business
while recovering from a disaster. It includes:
< Cash collection
< Order processing
< Product shipping
< Bill paying
< Payroll processing
< Alternate locations to continue doing business
:K\
+RZ
2IIVLWH'LVDVWHU5HFRYHU\6LWHV
< Other company sites
< Commercial disaster recovery sites
< Share or rent space from other companies
,QWHJUDWLRQZLWK\RXU&RPSDQ\·V*HQHUDO'LVDVWHU3ODQQLQJ
Because there are many dependencies, the R/3 disaster recovery process must be integrated
with your company’s general disaster planning. This process includes telephone, network,
product deliveries, mail, etc.
:KHQWKH56\VWHP5HWXUQV
How will the transactions that were handled with the alternate process be entered into R/3
when it is operational?
7HVW\RXU'LVDVWHU5HFRYHU\3URFHGXUH
Unless you test your recovery process, you do not know if you can actually recover
your system.
A test is a simulated disaster recovery which verifies that you can recover the system and
exercise every task outlined in the disaster recovery plan.
< Test to find out if:
Your disaster recovery procedure works
Something changed, was not documented, or updated
There are steps that need clarification for others
The information that is clear to the person documenting the procedure may be
unclear to the person reading the procedure.
Older hardware is no longer available
Here, alternate planning is needed. You may have to upgrade your hardware to be
compatible with currently available equipment.
Since many factors affect recovery time, actual recovery times can only be determined by
testing. Once you have actual times (not guesses or estimates), your disaster planning
becomes more credible. If the procedure is practiced often, when a disaster occurs, everyone
will know what to do. This way, the chaos of a disaster will be reduced.
+RZ
1. Execute your disaster recovery plan on a backup system or at an offsite location.
2. Generate a random disaster scenario.
3. Execute your disaster plan to see if it handles the scenario.
:KHQ
:KHUH
< The disaster recovery test should be done at the same site that you expect to recover.
If you have multiple recovery sites, perform a test recovery at each site. The
equipment, facilities, and configuration may be different at each site. Document
all specific items that need to be completed for each site. You do not want
to discover that you cannot recover at a site after a disaster occurs.
< A backup onsite server
< Another company site
< At another company where you have a mutual support agreement
< A company that provides disaster recovery site and services
:KR6KRXOG3DUWLFLSDWH
< Primary and backup personnel who will do the job during a real disaster recovery
A provision should be made that some of the key personnel are to be unavailable during
a disaster recovery. A test procedure might involve randomly picking a name and
declare that person unavailable to participate. This procedure duplicates a real situation
in which a key person is seriously injured or killed.
< Personnel at other sites
Integrate these people into the test, since they may be needed to perform the recovery
during an actual disaster. These people will fill in for unavailable personnel.
2WKHU&RQVLGHUDWLRQV
2WKHU8SVWUHDPRU'RZQVWUHDP$SSOLFDWLRQV
For the company to function, other up (or down) stream applications also need to be
recovered with R/3. Some of these applications may be tightly associated with R/3. The
applications should be accounted for and protected in the company-wide disaster recovery
planning.
Applications located on only one person’s desktop computer must be backed up to a safe
location.
%DFNXS6LWHV
Having a contract with a disaster recovery site does not guarantee that the site will be
available. In a regional disaster, such as an earthquake or flood, many other companies will
be competing for the same commercial disaster sites. In this situation, you may not have a
site to recover to, if others have booked it before you.
The emergency backup site may not have equipment of the same performance level as your
production system. Reduced performance and transaction throughput must be considered.
Examples:
< A reduced batch schedule of only critical jobs
< Only essential business tasks will be done while on the recovery system
0LQLPL]LQJWKH&KDQFHVIRUD'LVDVWHU
There are many ways to minimize chances for a disaster. Some of these ideas seem obvious,
but it is these ideas that are often forgotten.
0LQLPL]H+XPDQ(UURU
Many disasters are caused by human error, such as a mistake or a tired operator. Do not
attempt dangerous tasks when you are tired. If you have to do a dangerous task, get a
second opinion before you start.
< Dangerous tasks should be scripted and checkpoints included to verify the steps.
Such tasks include:
Deleting the test database
Check that the delete command specifies the Test, not the
Production, database.
Moving a file
Verify that the target file (to be overwritten) is the old, not the new, file.
Formatting a new drive
Verify that the drive to be formatted is the new drive, not an existing drive with data
on it.
0LQLPL]H6LQJOH3RLQWVRI)DLOXUH
A single-point failure is when the failure of one component causes the entire system to fail.
To minimize single-point failure:
< Identify conditions where a single-point failure can occur
< Anticipate what will happen if this component or process fails
< Eliminate as many of these single points of failure as practical.
Practical is defined as the level of work involved or cost compared to the level of risk
and failure.
Types of single points of failure include:
< The backup R/3 server is located in the same data center as the production R/3 server.
If the data center is destroyed, the backup server is also destroyed.
< All the R/3 servers are on a single electrical circuit.
If the circuit breaker opens, everything on that circuit loses power, and all the servers
will crash.
&DVFDGH)DLOXUHV
A cascade failure is when one failure triggers additional failures, which increases the
complexity of a problem. The recovery involves the coordinated fixing of many problems.
([DPSOH $&DVFDGH)DLOXUH
&RQWHQWV
Overview ..................................................................................................................3–2
Restore.....................................................................................................................3–2
Backup .....................................................................................................................3–3
Tape Management.................................................................................................3–13
Performance ..........................................................................................................3–20
Useful SAP Notes..................................................................................................3–24
2YHUYLHZ
5HVWRUH
6WUDWHJ\
Business recovery time is the result of the time needed to:
< Find the problem
< Repair the damage
< Restore the database
Factors that affect the chosen restore strategy include:
< Business cost of downtime to recover
< Operational schedule
< Global or local users
< Number of transactions an hour
< Budget
Release 4.6A/B
3–2
Chapter 3: Backup and Recovery
Backup
The actual process to restore R/3 and the database will not be covered in this book. This
critical task has specific system dependencies, and we leave it to a specialist to teach. If a
restore must be done, contact a specialist or your Basis consultant. Work with your DBA or
consultant to test and document the restore process for your system. With proper training,
you should be able to do the restore.
If the restore is not done properly and completely, it could fail and must be restarted, or be
missing other files. There may be special data that you must record about your database to
recover it. Work with your specialist to identify and document this data.
7HVWLQJ5HFRYHU\
Since the restore procedure is one of the key issues of the R/3 System, database recovery
must be regularly maintained and tested. See chapter 2, Disaster Recovery.
%DFNXS
Backup is like insurance. You only need a backup if you need to restore your system.
:KDWWR%DFNXSDQG:KHQ
There are three categories of files to backup:
< Database
< Log files
< Operating system files
Note; you may need to use different tools to backup all the files. Some tools may only be
able to backup one or two of the three categories of files that need to be backed up. Example,
using the SAP DBA Calendar DB13 for on Microsoft SQL Server, it can backup the database
and the transaction log, but not the operating system files.
'DWDEDVH
:KDW
This is the core of the R/3 system and your data. Without the database backup, you cannot
recover the system.
:KHQ
The frequency of a full database backup determines how many days back in time you must
go to begin the restore:
< If a daily full backup is done, you will need yesterday’s full backup.
Only logs since yesterday’s backup need to be applied to bring the system current.
< If a weekly full backup is done, you will need last week’s full backup.
All the logs for each day (since the full backup) must now be applied to bring the system
current.
A daily full backup reduces the number of logs that need to be applied to bring the database
current. This backup reduces the risk of not getting a current database backup because of a
“bad” (unusable) log file.
If a daily full backup is not done, more logs would need to be applied. This step lengthens
the recovery process time and increases the risk of not being able to recover to the current
time. A point may be reached when it would take too long to restore the logs, because so
many logs need to be applied. For additional safety, we recommend that you do a full
monthly database backup in addition to the full daily backups.
([DPSOH:HHNO\%DFNXS
A restore from last week’s full backup that was done four days ago.
< There are 10 logs a day.
< A total of 40 logs (10 logs per day × 4 days) need to be restored.
< It takes 120 minutes to restore the log file from tape to disk (40 log x 3 minutes per
log).
< It takes 200 minutes to restore the log files to the database (40 logs x 5 minutes per
log).
< The total time to do the restore, excluding database files, is 320 minutes (5.3 hours).
([DPSOH:HHNO\%DFNXS
These examples show that the time it takes to do a log restore depends on how many days
back you have to go to get to the last full backup. Increasing the frequency of the full backup
(with less days between full backups) reduces the recovery time.
Also consider maintaining two backup cycles of the logs on disk to reduce the need to
restore these logs from tape.
Release 4.6A/B
3–4
Chapter 3: Backup and Recovery
Backup
7UDQVDFWLRQ/RJV
:KDW
Transaction logs are critical to the database recovery. These logs contain a record of the
changes made to the database, which is used to roll forward (or back) operations. It is
critical to have a complete chain of valid log backups. If you have to restore and one log is
corrupted, you cannot restore past the corrupt log.
Transaction log is stored in a directory, which must not be allowed to become full. If the
transaction log fills the available filespace, the database will stop, and no further processing
can be done in the database (and consequently) in R/3. It is important to be proactive and
periodically back up the transaction logs. Refer to the chapter specific to your database for
more information.
:KHQ
The frequency of the log backups is a business decision based on:
< Transaction volume
< Critical period(s) for the system
< Amount of data senior management is willing to lose
< Resources to perform the backups and take them offsite
Also see the examples in the database section above.
If your transaction volume is high, decrease the time interval between log backups. This
reduced time interval decreases the amount of data that could be lost in a potential data
center disaster.
+RZ
If you do not have an offsite backup server, back up the transaction log backups to tape
after each log backup and immediately send the tape offsite.
Do not back up the logs to the tape drive in “append” mode and append multiple
backups on the same tape. If a data center disaster occurs, the tape with all these logs
will be lost.
2SHUDWLQJ6\VWHP/HYHO)LOHV
:KDW
Operating system level files, which must also be backed up, are for:
< Operating environment (for example, system and network configuration)
< R/3 files
Spool files, if stored at the operating system level
(system profile: rspo/store_location = G)
Change management transport files located in /usr/sap/trans
< Other R/3 related applications
Interface or add-on products, such as those used for EDI or taxes, that store their
data or configuration outside the R/3 database.
The amount of data is small in relation to the R/3 database. Depending on how your system
is used, the above list should only require several hundred megabytes to a few gigabytes of
storage. In addition, some of the data could be “static” and may not change for months.
:KHQ
The frequency of the operating system level backup depends on the specific application. If
these application files must be kept in sync with the R/3 System, they must be backed up at
the same frequency as the log backup files. An example of this situation is a tax program
that stores its sales tax data in files external to the R/3 database. These files must be in sync
with the sales orders in the system.
A simple and fast method to back up operating system files is to copy all data file directories
to disk on a second server; from the second server, you can back up those files to tape. This
process minimizes file downtime.
Use the sample schedule below to determine your backup frequency:
%DFNXS7\SHV
Backup types is like a three-dimension matrix, where any combination can be used:
< What is backed up: full database vs incremental of the logs
< How the backup taken: online vs offline
< When the backup is made: scheduled vs nonscheduled (ad-hoc)
Release 4.6A/B
3–6
Chapter 3: Backup and Recovery
Backup
:KDW,V%DFNHG8S
< Full database backup
A backup of the entire database.
Advantages:
The entire database is backed up at once, making the restore of the database easier
and faster. There are less logs that need to be applied to bring the restored database
current.
Disadvantages:
Takes longer to run than an incremental log backup. Because of the longer backup
window there is more impact on the users while the backup is running.
< Incremental backup of the transaction logs
A backup of the transaction logs.
A full database backup is still required on a periodic basis. The usual arrangement is; a
full backup on the weekend and incremental backups during the week.
Advantages:
Much faster than a full database backup. Because of the smaller backup window,
there is less impact to the users.
Disadvantages:
A full backup is needed, as a starting point to restore the database.
To restore the database takes significantly longer and is more complicated than
restoring a full backup. The last full database backup must be restored, then all log
backups since the full backup. This can be many logs if for example the system
crashed on Friday, then the logs from Monday through Friday have to be applied.
If one log cannot be restored, all the logs after that point cannot be restored.
< Differential backup
Depending on your database and operating system, you may (or may not) have a third
option. A differential backup is a backup of only what has changed since the last full
backup. A full database backup is still required on a periodic basis. The usual
arrangement is; a full backup on the weekend and differential backups during the week.
Differential backup is not supported from within R/3 using DB13, you must use other
tools to perform a differential backup.
Microsoft SQL Server; to do a differential backup you must execute the differential
backup using Microsoft SQL Server tools.
Advantages:
The exposure to a corrupt log backup is reduced. Each differential backup is backing
up all the changes to the database since the last full backup.
Disadvantages:
Like the incremental log backup, a full backup is needed as the starting point.
The backup window for a differential is longer than a transaction log backup. It
starts as being short (just after the full backup) and gets longer as more data is
changed.
+RZWKH%DFNXS,V7DNHQ
< Offline
An offline backup is taken with the database and R/3 System down.
Advantages:
An offline backup is faster than an online backup.
During the backup, there is no issue with data changing in the database.
If the files are backed up at the same time, the related operating system files will be
in sync with the R/3 database.
Disadvantages:
R/3 is unavailable during an offline backup.
Buffers for R/3 and the database are flushed.
This process will impact performance until the buffers are populated.
< Online
An online backup is taken with the database and R/3 running.
Advantages:
R/3 is available to users during a backup.
This is needed where the system is running and used 24 hours a day and seven days
a week.
The buffers are not flushed.
Since buffers are not flushed, once the backup is complete, there is no impact on
performance.
Disadvantages:
An online backup is slower than an offline backup (a longer backup time).
Backup time is increased because processes such as R/3 are running and competing
for system resources.
Online performance is degraded while the backup is running.
Data may change in the database while it is being backed up.
Therefore, the transaction logs become critical to a successful recovery.
Related operating system level files may be out of sync with the R/3 database.
If you are using online backups, the transaction logs are critical to successfully
recovering the database.
Release 4.6A/B
3–8
Chapter 3: Backup and Recovery
Backup
:KHQWKH%DFNXS,V0DGH
< Scheduled
Scheduled backups are those that are run on a regular schedule, such as daily or weekly.
For normal operations, configure a scheduled backup. Automated backups should use
the DBA Planning Calendar (transaction DB13). This calendar provides the ability to set
up and review backup cycles. It also has the ability to process essential database checks
and update statistics. You can also set up CCMS to process the backup of transaction
logs.
Depending on the operating platform, backups and other processes configured here can
be viewed in the Batch Processing Monitors (transaction SM37). In general, the status of
the backups can be viewed using Backup Logs overview (transaction DB12).
< On-demand
On-demand backup is done on an ad hoc basis. It is done before a major change to the
system, such as for an R/3 upgrade. Backups that are controlled directly by an operator,
or on-demand, can be performed either by the DBA Planning Calendar (transaction
DB13), at the database, or at operating system level.
Although the DBA Planning Calendar can schedule backups for periodic use, it can also
be used to perform an immediate backup. For an on-demand backup, it is more common
to use tools at the database level such as Enterprise Manager (Microsoft SQL Server) or
SAPDBA (Oracle and Informix).
Regardless of the chosen backup method, you should achieve the following goals:
< Provide a reliable backup that can be restored.
< Keep the backup simple.
< Reduce the number of dependencies required for operation.
< Provide the above items with little or no impact to business units.
%DFNXS6WUDWHJ\'HVLJQ
SAP provides tools under CCMS-DB Administration in R/3 to assist in implementing your
strategy. The DBA Planning Calendar (transaction DB13) is designed for scheduling backups.
The other tool, the CCMS Monitoring tool (transaction DB12), provides historical
information to review backup statistics and tape management information. At the operating
system or database level, there are additional tools you can use to administer backup and
restores. These tools include SQL Enterprise Manager (Microsoft SQL Server) and SAPDBA
(Oracle and Informix).
To design your backup procedures:
1. Determine the recovery requirements based on an acceptable outage.
It is difficult to define the concept of acceptable outage, because “acceptable” is
subjective and will vary from company to company. The cost of what is an outage
includes productivity loss, time, money, etc. spent on recovery. This cost should be
evaluated in a manner similar to insurance. (The more coverage you want, the more the
insurance will cost.) Therefore, the faster the recovery time requirements, the more
expensive the solution.
2. Determine what hardware, software and process combinations can deliver the desired
solution.
Review the section on performance to decide which method is best. Follow the “Keep It
Simple” (KISS) rule, but more importantly, make sure your method is reliable.
3. Test your backup procedures by implementing the hardware and reviewing the actual
run times and test results.
Ensure that you get results from all types of backup that could be used in your
environment, not just the ones you think might be used. This information will aid
further evaluation and capacity planning decisions and provide useful comparison
information as needed.
4. Test your recovery procedures by creating various failure situations.
Document all aspects of the recovery including the process, who should perform various
tasks, who should be notified, etc. Remember that a recovery will be needed when you
least expect it so be prepared. Testing is not a one-time event. It should occur regularly,
with additional tests as hardware or software components change.
6XSSOHPHQWDU\%DFNXSV
Supplementary backups are made on special days (month-end, year-end), so that you can
restore the database to a previous state.
*HQHUDO3URFHGXUHV
%DFNXS
The unattended backup is performed based on the backup frequency table. The scheduling
functionality of the R/3 CCMS is used to schedule the backup. In CCMS, the required tapes
can be listed by choosing theVolumes Needed button on the backup scheduling screen. Extra
backups, such as the monthly and yearly backup, should be performed offline.
7UDQVDFWLRQ/RJ%DFNXS
If transaction log backup is performed during normal system operation, there is no user
impact. You can also find the tapes needed by choosing Volumes Needed.
No special archiving is required for offline backup. (Since the backup is performed offline,
the database remains in a consistent state.)
9HULI\LQJ%DFNXSV
Backups must be verified following a regular schedule. Transaction DB13 and other backup
utilities provide buttons such as Verify Backup to perform this task. Unless the backup is
verified, you will not know that you have properly backed up everything onto tape.
Release 4.6A/B
3–10
Chapter 3: Backup and Recovery
Backup
([DPSOH
A backup of several files was done, but the “append” switch was not properly set for
second and later files. Consequently, rather than appending the files one after the other,
for each file, the tape was rewound and the backed up. The end result was that only the
last backed up file was on the tape.
File verify has to be done after all files have been backed up. If it was done after each file, it
would not detect that the previous file was erased.
0RQLWRULQJ&RQWUROOLQJ
For each system, after backing up the database and finishing the archives, all logs must be
printed and placed in the folder.
'DWDEDVH,QWHJULW\
An integrity check of the database must be performed in one retention period to ensure that
no corrupted blocks exist in the database. These blocks may go unrecognized during backup
(see the chapter written for your database for more information).
To avoid backing up a hidden, inconsistent database, the database must be checked at least
once during a retention period.
5ROHVDQG5HVSRQVLELOLWLHV
Task Role
Backup Database Operator
Backup Archives Operator
Verifying Backups Operator/DBA
Monitoring/Controlling Operator/DBA
Database check DBA
'HVLJQ5HFRPPHQGDWLRQV
< Database
Assuming the size of your database and backup window permits it, we recommend a
full database backup be taken every day. For databases that are too large for daily full
database backup, a full backup should be taken weekly.
< Transaction Logs
Backing up the transaction logs is critical. If the filespace is used up, the database will
stop, which stops R/3.
Between 6:00 a.m. and 9:00 p.m., we recommend that you back up these logs at least
every three hours. A company with high transaction volume carries higher risk and
would increase the frequency accordingly, perhaps to every hour. Similarly, if you have
a Shipping department that opens at 3:00 a.m. and a Finance department that closes at
10:00 p.m., you would need to extend the start and end times.
< Operating System Level Files
The frequency of the operating system level backup depends on the application. If these
files must be kept in sync with R/3, they must be backed up with the same frequency
and at the same time as the database and log backups. An option for a non-sync-critical
situation is to back up these operating system level files once a day.
$6WUDWHJ\&KHFNOLVW
It is important to set up a proper procedure to back up the valuable system information.
Procedures should be defined as early as possible to prevent possible data loss. Resolve the
following list of backup issues before you go live:
< Decide how often to perform complete database backups
< Decide whether partial or differential backups are necessary
< Decide when to perform transaction log backups
< Have the ability to save a day’s worth of logs on the server.
< Provide ample disk space for the transaction log directory
< Consider using DBA Planning Calendar (DB13) to schedule transaction log backups
< Set the appropriate R/3, operating system, and database authorizations
< Create a volume labeling scheme to ensure smooth operations
< Decide on a backup retention period
< Determine tape pool size (tapes needed per day × retention + 20 percent)
Allow for growth and special needs.
< Initialize tapes
< Determine physical tape storage strategy
< Decide whether to use unattended operations
If using unattended operations, decide where (in CCMS or elsewhere).
< Document backup procedures in operations manual
< Train operators in backup procedures
Release 4.6A/B
3–12
Chapter 3: Backup and Recovery
Tape Management
7DSH0DQDJHPHQW
7UDFNLQJDQG'RFXPHQWLQJ
To easily retrieve tapes from storage, you need to track and document them.
The issues are:
< Labeling
< Tracking
< Handling
< Retention requirement
/DEHOLQJ
Tapes should be clearly labeled using one of many labeling methods. Three simple methods
are described in the examples below. Two of these methods are used by R/3 and are
important if you use DB13 to schedule your backups. Third-party backup management
software may assign their own tracking number for the labels. In this case, you must use the
label specified by the software.
([DPSOH
This five-character naming convention is used by DB13 on Microsoft SQL Server 7.0. (see
SAP note 141118). Microsoft SQL server 6.5 had a different naming convention.
Each label has the following data:
< What is backed up:
R = R/3 database or transaction log
M = msdb database
S = master database
C = combination
< Type of backup:
L = transaction log
D = database
F = file
G = file group
+ = differential
< Day of the month (01-31)
< Parallel or Sequential backup (P or S)
([DPSOH
Release 4.6A/B
3–14
Chapter 3: Backup and Recovery
Tape Management
([DPSOH
This method is more visual, where the length of the label name is less of a limitation.
Each label has the following data:
< System ID <SID>
< What is backed up
db = database
tl = transaction log
os = operating system files
< Day of the month
< Multiple tape indicator for a single day (can be omitted if only one tape is used)
Sample Label:
PRD-db-06-a
PRD (Production database) + db (database) + 06 (6th day of the month) + a
(tape “a”, the first tape)
If DB13 is not used, for all of above naming conventions, additional codes can be used to
indicate additional types of files that are backed up.
In addition to the naming schemes, use a different color label for each system. A color
scheme is one more indicator to help identify the tape and reduce confusion.
An example of a color scheme is:
< PRD = orange
< QAS = green
< DEV = white
7UDFNLQJ
Tapes should be logged to track where they are stored, so you can locate them when you
need them.
In addition to tracking and documenting tapes when tape locations change, tapes should be
tracked and documented when they are:
< Used
< Sent to offsite storage
< Returned from offsite storage
< Moved to a new location
To help you track and retrieve the offsite backup, log the:
< Date of backup
< Database
< Tape number
+DQGOLQJ
When you transport tape cartridges, carry them in a protected box to minimize damage and
potential data loss if they are accidentally dropped. The box should have foam cutouts for
each tape cartridge you use.
For a small company, an ideal tape collection device is a small or medium-sized plastic tool
box with a foam insert that has cutouts for each tape cartridge. Plastic is used because it is
nonmagnetic.
We recommend that you use two boxes. One box should collect the tapes to be sent offsite,
and a second box should contain the new backup tapes. The second box should be empty
when you finish changing tapes.
To change tapes:
1. Remove the tape cartridge from the tape drive.
2. Insert it in the collection box.
3. Remove the next tape.
4. After all tapes have been removed, insert the new tapes in the drive in the same manner.
If you are using preinitialized tapes, you must use the correct tape for that day, or the
backup program will reject the tape. The backup program reads the tape header for the
Release 4.6A/B
3–16
Chapter 3: Backup and Recovery
Tape Management
initialization information (which includes the tape label name) and compares it to the next
label in the sequence.
When you initialize a tape, some programs write an expiration date on the tape. The tape
cannot be overwritten by that same program before the expiration date. However, it might
be overwritten by another program that ignores the tape header.
The next section discusses the importance of retention requirements.
5HWHQWLRQ5HTXLUHPHQWV
There are legal requirements that determine data retention. Check with your company’s
legal department on complying with federal, state, and local data retention requirements.
Complying with these requirements should be discussed with your legal and finance
departments, external auditors, and consultants. The retention requirement should then be
documented.
The practical side of data retention is that you may be unable to realistically restore an old
backup. If the operating system, database, and the R/3 System have each been upgraded
twice since the backup, it is unlikely that the backup can be restored without excessive
cost—if at all.
Retention is related to your backup cycle. It is important to have several generations of full
backups and all their logs because:
< If the database is corrupted, you will have to return to the last full backup before the
database corruption.
< If the last full backup is corrupted, you will have to return to the previous full backup
before the corruption or disaster and roll forward using the backup of the logs from that
backup until the corruption.
How far back you go depends on the level of corruption.
< Since R/3 is an online real-time system, to recover the database from a full database
backup, you must apply all the logs since that backup. If this is a significant amount of
time, the number of logs could be tremendous. Therefore, the number of logs you may
need to apply is a practical constraint to how far back you can recover.
5HFRPPHQGDWLRQV
< If a full database backup is taken each day, we recommend that you keep at least two
weeks of backups and all the logs for these weeks.
< If a full database backup is taken weekly, you should go back at least three generations.
The traditional three generations of backup are:
Grandfather
Father
Son
< Store selected backup sets (month-end, quarter-end, year-end, etc.) for extended periods,
as defined by your legal department and auditors.
Tape Retention Period
Even if one tape (backup/archive) is damaged or lost, the tape retention period assures the
ability to recover the database.
6WRUDJH
2IIVLWH
:KDW
The offsite storage site is a separate facility (building or campus) from the R/3 data center.
:K\
:KHUH
The magnitude of the disaster will determine what is considered adequate protection:
< Sending tapes to a separate location in the building or another building in the campus
will be sufficient.
If the disaster is confined to the building where the data center is located.
Release 4.6A/B
3–18
Chapter 3: Backup and Recovery
Tape Management
< If the disaster is local or regional (for example, a flood or earthquake) adequate
protection means sending tapes to a distant location several hundred miles away.
Offsite data storage can be at a separate company facility or a commercial data storage
company.
The offsite data storage facility or vendor should have a certified data storage site. Data
tapes have different handling and storage requirements than paper.
Once the backup is complete, send the tapes offsite immediately. If there is a data center
disaster and the backup tapes are destroyed, you can only recover to the last full backup
that you have offsite. For log backups, it is critical to send the tapes offsite immediately. If
not, everything since this backup is lost.
2QVLWH
:KDW
Onsite storage means storing your data in the same facility as your data center.
+RZ
Tape cartridges should be properly stored, following the tape manufacturer’s storage
requirements.
The most difficult requirement to comply with is magnetic fields. The problem is
determining if there is a strong magnetic field near the tape storage location. A vacuum
cleaner motor or a large electric motor on the opposite side of the wall from where the data
tapes are stored can generate a magnetic field strong enough to damage tapes.
When storing tape cartridges, keep all related tape cartridges together. All the tapes used in
a daily backup should be considered as a set, comprising backups for:
< Database
< Logs
< Operating system files
Tapes and files in a set need to be restored as a set. For example, if operating system files are
not restored with database and log files, the operating system files will not be in sync with
the database and critical information will be missing.
3HUIRUPDQFH
The most important performance target is the time required to restore the database. This
determines how long the R/3 system will be down and not available for use. With R/3
down, certain company operations may not occur.
Backup performance is important, especially if the system is global or used 24 hours a day.
When doing a backup, it is important to minimize the impact on users. The key is to reduce
backup time, which in turn reduces the impact on the users.
To increase performance:
1. Identify the bottleneck or device that is limiting the throughput.
2. Eliminate the bottleneck.
Repeat steps 1 and 2 until the performance is adequate or the additional cost is no longer
justified.
This iterative process is subject to cost considerations. Additional performance can always
be purchased, which is almost always a business cost justification exercise.
%DFNXS
All of the backup performance items that follow also apply to restoring the database.
There are three major variables that affect performance:
< Database size
The larger the database, the longer it will take to back up.
< Backup window
The backup window is the time allocated for you to take the regular backups of the
system. This window is driven by the need to minimize the impact on users.
An online backup
The backup window for this backup type is defined as the time when there are the
fewest users on the system and is usually done early in the morning.
An offline backup
The backup window for this backup type is defined by when and for how long R/3
can be brought down and is usually done during the weekend.
< Hardware throughput
This variable limits how fast the backup can run and is defined by the slowest link in the
backup chain such as:
Database drive array
I/O channel that is used
Tape drive
Release 4.6A/B
3–20
Chapter 3: Backup and Recovery
Performance
%DFNXS2SWLRQV
Our backup options assume that the backup device is local to the database server. A backup
performed over a network will be affected by network topology, overhead, and traffic.
Rarely is the full capacity of the network available. If a backup is done over the network, it
will decrease performance for other network users. Although technically possible,
performing a backup over a network is beyond the scope of this guidebook.
%DFN8SWR)DVWHU'HYLFHV
All of the backup options attempt to eliminate the bottleneck at the backup device. The
backup device, usually a tape drive, is the throughput-limiting device.
The table below contains capacity and throughput values to help you plan tape drive
selection:
The compressed capacity values in this table assume the use of hardware compression and
use a more conservative 1.7x ratio, as opposed to the typical 2x compression ratio. The
actual compression ratio and rate depends on the nature of the file and how much it can be
compressed.
A 20 GB database with only 9 GB of data will only require 9 GB of tape space. As the
volume of data in the database increases, so will the tape space requirement. However, if
you are backing up at the operating system level, the entire file is being backed up.
Therefore, you will need to provide tape space for the entire 20 GB database.
As technology advances, and the capacity and throughput of tape drives increases, these
values will become obsolete. We recommend that you investigate what is currently available
at the time of your purchase.
Advantages:
Faster and larger capacity tape drives allow you to back up an entire database on a single
tape cartridge in a reasonable period of time (for example, a two-hour backup of a 60 GB
database to a DLT7000).
Disadvantages:
< A backup to a single tape drive is the slowest option.
< Unless an automated changer or library is used, without manually changing the
cartridge, you are limited to the maximum capacity of the tape cartridge.
Not all databases and backup tools support tape changers or libraries; make certain that
these tools are compatible before purchasing them. For example, SAPDBA supports tape
changers, but Microsoft SQL Server Enterprise Manager and NT Backup do not.
3DUDOOHO%DFNXS
Backing up to multiple tape drives uses a RAID-0 (stripe) array, in which several tape drives
are written to in parallel. In certain environments, like Oracle, individual tablespaces or files
are simultaneously backed up to separate tape drives. Because you are writing to multiple
tape drives in parallel, total performance is significantly faster than if you were using a
single tape drive.
With sufficient tape drives in parallel, the bottleneck can be shifted from the tape drives to
another component. You must consider the performance of each subsystem when using tape
drives in parallel. This subsystem includes the tape drive(s), controller(s), CPU, and I/O
bus. In many configurations, a controller or bus is the limiting factor.
To restore a parallel backup, all the tapes in the set must be readable. If one tape is bad, the
entire backup set will not be usable. The more tapes you have in a set, the greater the chance
that one tape will be bad.
%DFNLQJ8SWR'LVNV7KHQWR7DSH
Advantages:
< For the database, this option is the fastest.
Under most situations, you can back up to disk faster than to tape.
< This option allows you to make several identical backup copies (for example, one for
onsite storage and one for offsite storage).
< Once the backup has been made to disk, R/3 System performance is minimally affected.
Because the tape backup is made from the disk copy, and not the live database, the
backup to tape is not competing with database activity for significant system resources.
< During an onsite disaster recovery to the same equipment, the recovery can be done
from the on-disk backup.
Disadvantages:
< Significant additional disk space, up to the same amount of space as the database, is
required.
This additional space makes this option the most expensive, especially for a large
database.
< Until the backup to tape is completed, you are vulnerable to a data center disaster.
Release 4.6A/B
3–22
Chapter 3: Backup and Recovery
Performance
< In a major disaster recovery, you have to first restore the files to disk, then execute the
database recovery from the files on disk.
This process increases the time to recover the system.
There are other options available for a faster backup, such as the various High Availability
options, but these options are beyond the scope of this guidebook.
5HFRYHU\
The performance requirement for a recovery is more critical than for backup. Recovery
performance determines how quickly the system will be available for use and how soon
business can continue. The goal is to restore the database and related files to make the
system quickly available for general use. The longer this restore takes, the greater the impact
on your business.
5HVWRUH2SWLRQV
To increase database restore performance, all of the above database backup options are
valid. The option also exists to restore to a faster disk array with a higher data-write
throughput.
There are different ways to restore to a faster disk array:
< Dedicated drives
In conjunction with parallel backups, restoring files and tablespaces to individually
dedicated disk drives makes the process faster. Because at any one time, only one
tablespace or file is written to the drive, you do not have head contention writing
another tablespace to the same drive.
< RAID type
Mirrored stripe (RAID 0+1) is faster than RAID5, but this speed depends on the specific
hardware. In most cases, the task of computing the parity data for the parity drive
(RAID5) takes more time than it would to write all the data twice (RAID 0+1). This
option is expensive because the usable capacity is 50 percent of the total raw capacity—
significantly less than RAID5:
RAID 0+1 = [single_drive_capacity × (number_of_drives/2)]
RAID5 = [single_drive_capacity × (number of drives – 1)]
< Drives with faster write performance
< Drive array “system” with faster write performance
8VHIXO6$31RWHV
0LFURVRIW64/6HUYHU
Release 4.6A/B
3–24
&KDSWHU 6FKHGXOHG'DLO\7DVNV
&RQWHQWV
Overview ..................................................................................................................4–2
Critical Tasks...........................................................................................................4–3
The R/3 System .......................................................................................................4–4
Database ..................................................................................................................4–6
Operating System ...................................................................................................4–6
Other.........................................................................................................................4–7
Notes ........................................................................................................................4–7
The R/3 System .......................................................................................................4–8
Critical Tasks...........................................................................................................4–9
2YHUYLHZ
We have provided sample checklists that you may use and modify depending upon your
specific needs. The checklists provided for your convenience include:
< Critical tasks
< R/3 System
< Database
< Operating system
< Other
< Notes
Release 4.6A/B
4–2
Chapter 4: Scheduled Daily Tasks
Critical Tasks
&ULWLFDO7DVNV
System: __________
Date: ____/____/____
Admin: _____________________
7KH56\VWHP
Check that all application servers SM51 – SAP 16 & 10 Check that all servers
are up. Servers are up.
Check the CCMS alert monitor RZ20 – 10 Look for alerts.
(4.0+). CCMS
Monitor (4.0)
Check work processes (started SM50 – 16 & 10 All work processes
from SM51). Process with a “running” or a
Overview “waiting” status
Look for any failed updates SM13 – 10 < Set date to one year
(update terminates). Update ago
Records < Enter * in the user
ID
< Set to “all” updates
Check for lines with
“Err.”
Check system log. SM21 – 10 Set date and time to
System Log before the last log
review.
Check for:
< Errors
< Warnings
< Security messages
< Abends
< Database problems
< Any other different
event
Review for cancelled jobs. SM37 – 16 Enter an asterisk (*) in
Select User ID.
Background
Verify that all critical
jobs
jobs were successful.
Check for “old” locks. SM12 – Lock 10 Enter an asterisk (*) for
entry list. the user ID.
Release 4.6A/B
4–4
Chapter 4: Scheduled Daily Tasks
The R/3 System
'DWDEDVH
2SHUDWLQJ6\VWHP
Release 4.6A/B
4–6
Chapter 4: Scheduled Daily Tasks
Other
2WKHU
1RWHV
System: __________
Date: ____/____/____
Admin: _____________________
7KH56\VWHP
Look for any failed updates SM13 – Update 10 < Set date to one year ago
(update terminates). Records < Enter * in the user ID
< Set to “all” updates
Check for lines with “Err.”
Check System Log SM21- System Log 10 Set date and time to before the
last log review.
Check for:
< Errors
< Warnings
< Security messages
< Abends
< Database problems
Any other different event
Review for cancelled and SM37 – Select 16 Enter * in User ID
critical jobs Background jobs
Verify that all critical jobs were
successful.
Release 4.6A/B
4–8
Chapter 4: Scheduled Daily Tasks
Critical Tasks
&ULWLFDO7DVNV
There are a few critical tasks that should be completed every morning. These tasks answer
the following questions:
< Is the R/3 System running?
< Did the backups execute and complete successfully?
If the answer to either question is “no,” then the situation must be resolved quickly because:
< If the R/3 System is down, no work can be done.
< If the backups failed, and a disaster occurs, you could lose all the data since your most
recent good backup.
9HULI\WKDW5,V5XQQLQJ
Your first task of the day is to perform a high-level check to see if the R/3 System is
running.
:K\
If the system is not running, your users will be calling to find out what happened and when
the system will be up again.
As a basic level check, if you can connect to the R/3 System, the following questions are
answered:
< Is the R/3 System working?
< Is the network between you and the R/3 System working?
+RZ
From a workstation, log on with the SAP GUI. If you can log on, the test is successful.
9HULI\WKDWWKH%DFNXSV5DQ6XFFHVVIXOO\
:KDW
You need to verify that the backups that were supposed to run last night, ran successfully.
Backups of the R/3 database and related nondatabase operating system level files are
essential to recover the R/3 System.
Types of nondatabase files include:
< Database log dumps
< Data files for third-party applications that do not store their data in the system
Examples of such files are external tax files.
< Transport files
< Inbound and outbound interface files
< Externally stored print files
:K\
If there is a problem with any of the backups, the problem needs to be quickly resolved. If a
database failure occurs that requires a restore, and the last backup failed, you will have to
recover using the last successful backup. If you do not have a good (usable) backup, you
will have to go to an older backup. This process requires applying more logs the further
back you go and increases the time required to restore the database and bring it current.
Once the problem has been fixed, if it does not significantly impact performance, execute an
online backup. Even if it impacts performance, your company may make it policy to run the
online backup. This step gives you a more recent backup.
At the operating system level, some of these files may need to be in sync with the R/3
database. Restoring the R/3 System without these files results in an incomplete (unusable)
restore (for example, external tax files that need to be in sync with the system data or the tax
systems reports will not match the R/3 reports).
:KHQ
These critical tasks need to be done first thing in the morning. If there is a “graveyard”
operations shift, the backup check should be done once the backup job is complete. The
“graveyard” shift is the third shift of the day and is typically from 10:00 p.m. to 7:00 a.m.
Any failed backup must be immediately investigated and resolved. Do not maintain a “we
will just run the backup again tonight and see if it works” attitude. If that backup fails, you
have another day without a backup.
In chapters 4–8, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
8VHUV7UDQVDFWLRQ$/
:KDW
This transaction displays all the users who are currently logged on to the system. It shows
both the user’s ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to unfamiliar
terminals. This step may indicate that someone—other than the designated user—is using
that user ID. A user is logged on to more than one terminal may indicate that the user ID is
being used or shared by more than one person.
Release 4.6A/B
4–10
Chapter 4: Scheduled Daily Tasks
Critical Tasks
260RQLWRU7UDQVDFWLRQ26
:KDW
The system logs are where the operating system and some applications write event records.
Depending on the operating system, there may be multiple logs.
:K\
There may be indications of a developing problem (for example, a hard drive generating
errors or a failing drive that needs to be replaced).
6HOHFW%DFNJURXQG-REV*UDSKLFDO-RE0RQLWRU7UDQVDFWLRQ
605=
:KDW
Background jobs are batch jobs scheduled to run at specific times during the day.
:K\
If you are running critical jobs, you need to know if the job failed, because there may be
other processes, activities, or tasks that are dependent on these jobs.
&&06$OHUW0RQLWRU7UDQVDFWLRQ5=
:KDW
Transaction RZ20 is a centralized alert monitor and is new with Release 4.0. With this
transaction, you can monitor the servers in your landscape, such as development, QA,
testing, production, etc. You no longer have to individually log into each system to search
for alerts. If there is an alert, the monitor will link to many of the other transactions later in
this chapter.
:K\
An alert indicates a potentially serious problem that should be quickly resolved. If not
contained, these problems could degenerate into a disaster.
8VHUV7UDQVDFWLRQV60
:KDW
These transactions display all the users who are currently logged on to the system and show
the user’s ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to “unfamiliar”
terminals, indicating that someone—other than the designated user—is using that user ID.
A user logged on to more than one terminal indicates that the user ID is being:
< Used by someone else
< Used or shared by several people
/RFN(QWU\/LVW7UDQVDFWLRQ60
:KDW
A lock is a mechanism that prevents other users from changing the record on which you are
working. An example that illustrates the importance of using this function follows.
([DPSOH
You are changing a customer mailing address. Someone else is changing the customer’s
telephone number at the same time. You save your change first; then the other person
saves their change. The other person’s change overwrites your change, and your change
will be lost.
:K\
There may be old locks still in place from transactions that did not release, or from when the
user was cut off from the network. Unless cleared, these locks prevent access or change to
the record until the system is cycled. The easiest way to locate them is to look for locks from
prior days.
We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter
defines an automatic logout of the user if there is no activity for the set number of minutes.
8SGDWH5HFRUGV7UDQVDFWLRQ60
:KDW
A failed update, or an “update terminate,” is an update to the failed database. These failed
updates occur when a user entry or transaction is not entered or updated in the database.
The following analogy should help clarify this concept:
1. A secretary gives a file clerk a folder (similar to a save).
2. The file clerk gives the secretary a receipt (similar to the R/3 document number).
3. On the way to the file cabinet, the clerk falls, and gets hurt.
The folder in not put into the cabinet (this is the failed update).
4. The end result is the folder is not in the cabinet—even though the secretary has the
receipt.
For performance reasons, the database update is done in asynchronous mode. In this mode,
the user continues to work while the system takes over the update process and waits for the
Release 4.6A/B
4–12
Chapter 4: Scheduled Daily Tasks
Critical Tasks
database update to complete. In synchronous mode, users would have to wait until the
database successfully updated before they could continue to work.
:K\
The users probably received a document number, so they assume that the entry is in the
system; however, if a failed update occurred, the entry is not in the system. In a customer
order, unless the order is reentered, the customers would not get their order and no trace of
it would be found in the system!
6\VWHP/RJ7UDQVDFWLRQ60
:KDW
The system log is the R/3 System’s log of events, errors, problems, and other system
messages.
:K\
The log is important because unexpected or unknown warnings and errors could
indicate a serious problem.
%DWFK,QSXW7UDQVDFWLRQ60
:KDW
This transaction shows jobs that need to be processed or started, and jobs with errors that
need to be resolved.
:K\
This transaction is important because it alerts you to batch input jobs that are:
< New
These are jobs that are waiting to be processed (for example, a posting from an interface
file). If not processed, the data will not post to the system.
< Incorrect
These are jobs that have failed due to an error. The danger is that only a portion of the
job may have posted to the system. This increases the potential for data corruption of a
different sort, as only part of the data is in the system.
:RUN3URFHVVHV7UDQVDFWLRQV60DQG60
:KDW
These transactions allow users to view the status of work processes and monitor for
problems. Transaction SM51 is a central transaction from which you can select the instance
to monitor. SM51 starts transaction SM50 for each application server. Transaction SM50 is
used for systems without application servers.
:K\
Transaction SM51 is one place to look for jobs or programs that may be “hung,” (indicated
by long run times). If batch jobs are not running, if all the batch work processes are in use,
transaction SM50 may provide a hint of the problem.
6SRRO7UDQVDFWLRQ63
:KDW
The spool is the R/3 System’s output manager. Data sent to the printer is sent to the R/3
spool and then sent to the operating system to print.
:K\
There may be problems with the printer at the operating system level. These problems need
to be resolved immediately for time-critical print jobs (for example, checks, invoices,
shipping documents, etc.) or there may be an operational impact.
Active spool jobs that have been running for over an hour could indicate a problem with the
operating system spool or the printer.
7XQH6XPPDU\7UDQVDFWLRQ67
:KDW
The buffer tune summary transaction displays the R/3 buffer performance statistics. It is
used to tune buffer parameters of R/3 and, to a lesser degree, the R/3 database and
operating system.
:K\
The buffer is important because significant buffer swapping reduces performance. Look
under Swaps for red entries. Regularly check these entries to establish trends and get a feel
of the buffer behavior.
:RUNORDG$QDO\VLVRI6,'!7UDQVDFWLRQ67
:KDW
Release 4.6A/B
4–14
Chapter 4: Scheduled Daily Tasks
Critical Tasks
+RZ
Check statistics and record trends to get a feel for the system’s behavior and performance.
Understanding the system when it is running well helps you determine what changes may
need to be made when it is not.
'DWDEDVH3HUIRUPDQFH$QDO\VLV7UDQVDFWLRQ67
:KDW
:K\
$%$3'XPS$QDO\VLV7UDQVDFWLRQ67
:KDW
An ABAP dump (also known as a short dump) is generated when a report or transaction
terminates as the result of a serious error. The system records the error in the system log
(transaction SM21) and writes a snapshot (dump) of the program termination to a special
table. This transaction can also be called from the system log (transaction SM21).
:K\
You use an ABAP dump to analyze and determine why the error occurred, and take
corrective action.
Release 4.6A/B
4–16
&KDSWHU 6FKHGXOHG:HHNO\7DVNV
&RQWHQWV
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Release 4.6A/B
5–2
Chapter 5: Scheduled Weekly Tasks
Database
'DWDEDVH
2SHUDWLQJ6\VWHP
Check file system for adequate RZ20 – CCMS Alert 10 Review space usage
space. and that sufficient
Files system free space exists in
the file systems.
2WKHU
1RWHV
In chapters 4–8, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
'DWDEDVH3HUIRUPDQFH7UDQVDFWLRQ'%
:KDW
:K\
&&06$OHUW0RQLWRU7UDQVDFWLRQ5=
:KDW
Transaction RZ20 is a centralized alert monitor and is new with Release 4.0. With this
transaction, you can monitor the servers in your landscape, such as development (DEV),
quality assurance (QAS), testing, production (PRD), etc. You no longer have to individually
log into each system to search for alerts. If there is an alert, the monitor will link to many of
the other transactions later in this chapter.
:K\
An alert indicates a potentially serious problem that should be quickly resolved. If not
contained, these problems could degenerate into a disaster.
6SRRO7UDQVDFWLRQ63
:KDW
The spool is the R/3 System’s output manager. Data sent to the printer is first sent to the
R/3 spool and then to the operating system to print.
Release 4.6A/B
5–4
Chapter 5: Scheduled Weekly Tasks
Notes
:K\
There may be problems with the printer at the operating system level. These problems need
to be resolved immediately for time-critical print jobs (for example, checks, invoices,
shipping documents, etc.) or there may be an operational impact. You should check for
active spool jobs that have been running for over an hour. These long-running jobs could
indicate a problem with the operating system spool or the printer.
7HP6H7UDQVDFWLRQ63
:KDW
:K\
The relationship between the object and data in the TemSe may be destroyed as a result of:
< Restore from backups
< Copying databases
< Copying clients using improper tools
< Deleting clients without first deleting their objects
7UDQVDFWLRQ67067066\VWHP
:KDW
:K\
To move objects and configuration between systems or clients in the production pipeline. A
transport starts in DEV, is transported to QAS where it is tested, and is finally moved into
PRD.
Release 4.6A/B
5–6
&KDSWHU 6FKHGXOHG0RQWKO\7DVNV
&RQWHQWV
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
'DWDEDVH
Release 4.6A/B
6–2
Chapter 6: Scheduled Monthly Tasks
Operating System
2SHUDWLQJ6\VWHP
Is “house cleaning”
needed?
2WKHU
Release 4.6A/B
6–4
Chapter 6: Scheduled Monthly Tasks
Notes
1RWHV
In chapters 4-8, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
'DWDEDVH3HUIRUPDQFH7UDQVDFWLRQ'%
:KDW
:K\
Release 4.6A/B
6–6
&KDSWHU 6FKHGXOHG4XDUWHUO\7DVNV
&RQWHQWV
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Release 4.6A/B
7–2
Chapter 7: Scheduled Quarterly Tasks
Database
'DWDEDVH
2SHUDWLQJ6\VWHP
2WKHU
1RWHV
In chapters 4-8, we have included a list of transactions like the ones below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
(GLW6\VWHP3URILOH3DUDPHWHUV7UDQVDFWLRQ5=
:KDW
There are security parameters for the user’s password (for example, the minimum password
length, the time interval that the user must change their password, and so on).
The following is a list of the most important password parameters:
< Minimum password length: login/min_password_lng
A longer password is more difficult to break or guess.
The standard for many companies is five (5) characters.
< Password expiration time: login/password_expiration_time
This is the length of time before the user must change their password.
The length of time that auditors recommend is thirty (30) days.
The maximum that should be used is ninety (90) days.
< Password lockout: login/fails_to_user_lock
This parameter locks out users after attempting to log in with an invalid password for a
defined number of times.
The standard is to lock a user after three (3) failed attempts.
Release 4.6A/B
7–4
Chapter 7: Scheduled Quarterly Tasks
Notes
:K\
Properly assigned parameters will make it more difficult to break into the system.
6HOHFW%DFNJURXQG-REV7UDQVDFWLRQ60
:KDW
Background jobs are batch jobs scheduled to run at specific times during the day.
:K\
If you are running critical jobs, you need to know if the job failed because there may be
other processes, activities, or tasks that are dependent on these jobs.
8VHU0DLQWHQDQFH7UDQVDFWLRQ68
:KDW
The lock/unlock function is part of the logon check, which allows or prevents the user from
logging onto the R/3 System. For terminated users, the user’s ID should be locked and the
user assigned to the user group “term.”
:K\
< Locking a user
If an employee leaves the company, is assigned to a different group, or is on leave, their
R/3 access should be removed. With the lock function, the user’s ID and security profile
remain on the system but the user cannot log on. This function is ideal for temporary
personnel or consultants where, unless the access is required, the user ID remains
locked.
< Unlocking a user
If users incorrectly log on more that the allowed number of times, they are automatically
locked out of the system. (An incorrect logon is usually the result of a forgotten
password.) The administrator must unlock the user ID and more than likely reset the
user’s password.
Release 4.6A/B
7–6
&KDSWHU 6FKHGXOHG$QQXDO7DVNV
&RQWHQWV
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Release 4.6A/B
8–2
Chapter 8: Scheduled Annual Tasks
Database
'DWDEDVH
2SHUDWLQJ6\VWHP
2WKHU
1RWHV
In chapters 4–8, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
7UDQVDFWLRQ6$6(
:KDW
All users who have left the company should have their R/3 access terminated immediately.
By locking or deleting these user IDs, you limit access to only those users who should have
access to R/3. Periodic review assures the task of locking or deleting has been completed.
:K\
Proper audit control requires that a user who no longer has a valid business need to access
R/3 should not be allowed to keep that access.
Deleting or locking these user IDs also prevents anyone who had been using the terminated
user ID from accessing the system under that ID.
7UDQVDFWLRQ6(6&&
:KDW
There are switches that prevent changes from being made in the system. In the production
system, these should be set to Not modifiable.
Release 4.6A/B
8–4
Chapter 8: Scheduled Annual Tasks
Notes
The purpose of setting the production system to Not modifiable is to make sure that changes
are made using the development pipeline.
In the development pipeline, changes are:
1. Created in the development system
2. Tested in the development system
3. Transported from the development system to the test system
4. Tested in the test system
5. Transported from the test system to the production system
Using this procedure, changes are properly tested and applied to the systems in the
pipeline.
:K\
Objects should not be modifiable in the quality assurance or production systems. This rule is
to protect the production system from object and configuration changes being made,
without first being tested. By setting the production system to Not modifiable, the integrity of
the pipeline is preserved.
7UDQVDFWLRQ60
:KDW
:K\
< If a user accidentally accesses these transactions, they could corrupt or destroy the R/3
System.
Access to dangerous transactions is more critical in the production system than the
development or test systems. This is because of live data and the fact that the company’s
operations are dependent on the R/3 System.
< Certain transactions should be locked in the production system, but not in the
development, test, or training systems.
Standard security normally prevents access to these transactions. However, some
administrators, programmers, consultants, and functional key users could have access to
the transactions depending on the system they are on. In these cases, the transaction lock
provides a second line of defense.
There are over 48,000 English transaction codes in the R/3 System. To make it manageable,
only the critical ones need to be locked. Your functional consultants should supply you with
any additional critical transactions in their modules.
Release 4.6A/B
8–6
&KDSWHU 0XOWL5ROH7DVNV
&RQWHQWV
6WDUWLQJWKH56\VWHP
To start the R/3 System, at the restart, wait for 60 seconds before you change the server’s
clock. This step makes it easier to read the system log. For example, the last stop entry is
19:26:xx and the first start entry is 19:27:xx, where time is reported as hh:mm:ss.
Release 4.6A/B
9–2
Chapter 9: Multi-Role Tasks
Starting the R/3 System
6WDUW5³17
1. On the NT desktop, double-click
SAP R3 Management Console.
Tools such as QuickSlice and Perfmon allow you to monitor the activity of the server and
know when it is OK to logon to the system.
Release 4.6A/B
9–4
Chapter 9: Multi-Role Tasks
Stopping the R/3 System
6WRSSLQJWKH56\VWHP
< When you stop R/3, coordinate and plan this stoppage with all users or their
representatives.
< Stopping a system at “your convenience” is unprofessional and usually causes
considerable operational issues with users who need (and expect) the system to be up
and running.
6WRS5&KHFNOLVW
7DVNVWR%H&RPSOHWHG%HIRUH6WRSSLQJWKH6\VWHP
< Coordinate the shutdown with all effected parties.
If an organization has planned to do something and expects the system to be
operational, they may or may not be able to reschedule. You may have to reschedule
your shutdown around them and shutdowns are usually negotiated activities.
([DPSOH
An IT person in a company rebooted a server in the middle of the day without telling
anyone. He had a date that evening and did not want to stay late. The CFO said,
“Yeah, he’ll have a date with the unemployment line.”
Before stopping the system, there are several checks that need to be made. The purpose
is to determine that there is no activity on the system when the system is stopped.
Certain activities (such as a large posting job), if interrupted, could have some
transactions posted and some not yet posted. Recovery could then become an issue.
If you are the cause of the emergency, be prepared to take the consequences.
An example of an emergency is not monitoring the file system, having it fill up, which
results in stopping R/3.
< Reschedule or cancel jobs that will be running or starting during the scheduled
shutdown.
Check SM37 for these jobs and cancel or reschedule them to run after the shutdown.
Watch for repeating jobs, such as daily or weekly jobs.
These jobs are not created until the job for the prior period (day, week, etc.) has run.
In other words, a daily job cannot exist several days in advance.
< Create a system message announcing the planned shutdown.
< Emergency or priority shutdowns (for example, file system full, log full, equipment
failure, etc.) are a different matter.
In these instances, you need to shutdown immediately and users need to accommodate
you. There may be little—if any—negotiating.
6\VWHP0HVVDJH60
:KDW
A system message is a popup that users see when they first log on to the R/3 System. This
window appears after a new message has been created or when users move between
screens.
Release 4.6A/B
9–6
Chapter 9: Multi-Role Tasks
Stopping the R/3 System
*XLGHG7RXU
In the Command field, enter transaction SM02 and choose Enter
(or from the SAP standard menu, choose Tools → Administration → Administration →
SM02-System messages).
Choose Create.
When referencing the time for the shutdown, always enter the specific time, time zone, and
date (for example, 0230 PDST-Mon–Jun 8,1998). Entering vague information, such as “in 15
minutes” creates possible confusion as to when and where an event has been scheduled.
Some examples of confusion that may arise include:
< 15 minutes (from when?)
< 0230 (where? Corporate offices or where the user is?)
< 6:00 (a.m. or p.m.?)
< Monday (of which week?)
Release 4.6A/B
9–8
Chapter 9: Multi-Role Tasks
Stopping the R/3 System
&KHFNWKDW1R$FWLYH8VHUV$UHRQWKH6\VWHP$/60
*XLGHG7RXU
Release 4.6A/B
9–10
Chapter 9: Multi-Role Tasks
Stopping the R/3 System
&KHFNIRU%DWFK-REV5XQQLQJRU6FKHGXOHG60
Check for any batch jobs that are running or are scheduled to run during the shutdown.
*XLGHG7RXU
Change the display to show the planned start date and time.
From the menu bar, on the screen above, choose Settings → Display variant → Current.
On the field selection screen, move the planned start date and planned start time from the
hidden fields on the right, to the displayed fields on the left.
10
Release 4.6A/B
9–12
Chapter 9: Multi-Role Tasks
Stopping the R/3 System
11
12
13
15
Release 4.6A/B
9–14
Chapter 9: Multi-Role Tasks
Stopping the R/3 System
&KHFNIRU$FWLYH3URFHVVHVRQ$OO6\VWHPV60
*XLGHG7RXU
&KHFNIRU([WHUQDO,QWHUIDFHV
External interfaces are interfaces where data is being moved to or from the R/3 System.
Checking for active interfaces depends on the specific interface and how it has been
designed, built, and implemented. The developer or consultant can help you determine if
the interface is active.
6WRSSLQJ5
< When you bring down or stop R/3, coordinate and plan this event with all the R/3 users
or their representatives.
< Stopping a system at “your convenience” is unprofessional and usually causes
considerable operational issues with users who need (and expect) the system to be up
and running.
Stop R/3 only after all checks have been made and you are certain that there is no activity
on the system.
To stop the R/3 System:
1. If there are application servers in the system, stop the instance on the application
server(s).
2. Stop the instance on the database server.
< NT/SQL: Use the SAP Management Console.
< UNIX: At the command prompt, enter stopsap
This script may also stop the database; check your specific
installation.
3. If needed, stop the database.
The database must be stopped separately. Unlike the start process, stopping the system
does not also stop the database.
< NT/SQL: Use SQL Server Service Manager to stop the database.
< NT/Oracle: Use SAPDBA to stop the database.
< UNIX: Use either SAPDBA or the stopsap script to stop the database.
4. If needed, stop the operating system.
67235³17
1. On the NT desktop,
double-click SAP R3
Management Console.
Release 4.6A/B
9–16
Chapter 9: Multi-Role Tasks
Stopping the R/3 System
2b
3. Choose Yes.
4a
3. Choose Yes.
Release 4.6A/B
9–18
&KDSWHU 56\VWHP$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................10–2
Major System Monitoring Tools ..........................................................................10–2
Specific Transaction Monitoring Overview ......................................................10–32
System Message (SM02) ....................................................................................10–51
2YHUYLHZ
This chapter will help you understand how to monitor your system. It is crucial that a
system administrator gets a quick overview of the system status and is quickly notified of
critical situations. In this chapter, the reader will learn about the following items:
< Some CCMS tools
< Major tasks
< Specific transactions
< System messages
0DMRU6\VWHP0RQLWRULQJ7RROV
The major tools of system monitoring provide a quick mechanism to monitor your system.
The two major tools, the CCMS Central Alert Monitor and the System Administration
Assistant (SAA), perform two different functions. The CCMS Central Alert Monitor is
primarily an alert monitor. The SAA is a control panel from which you can directly access
the specific monitoring tools and be notified of any alerts. If you have time constraints, these
major tools provide a quick overview of the system status and notify you of critical
situations that warrant your immediate attention.
&&06&HQWUDO$OHUW0RQLWRU7UDQVDFWLRQ5=
:KDW
Transaction RZ20 is a centralized alert monitor. With this transaction, you can monitor the
servers in your landscape, such as development, QA, testing, production, etc. You no longer
have to individually log into each system to search for alerts. If there is an alert, the monitor
will link to many of the other transactions in this guidebook.
You can do many of your system monitoring tasks with the Central Alert Monitor.
To find Alert Monitor documentation, from the menu bar, choose:
1. Help → SAP Library.
2. SAP Library → Basis Components → Computing Center Management System (BC-CCM) →
BC-Computing Center Management System
3. BC-Computing Center Management System → the Alert Monitor.
The Central Alert Monitor is not a replacement for examining the other checklist tasks.
Certain alerts, such as Microsoft SQL Server and TMS have not yet been integrated into
the Central Alert Monitor.
Release 4.6A/B
10–2
Chapter 10: R/3 System Administration
Major System Monitoring Tools
:K\
An alert indicates a potentially serious problem that should be quickly resolved. If not
contained, these problems could deteriorate into a disaster.
*XLGHG7RXU
$FFHVVLQJWKH&&06$OHUW0RQLWRU5=
1. From the CCMS Alert Monitor
screen, we have the display with
only two monitor sets:
< SAP-delivered SAP CCMS
Monitor Templates
< User-created SystemAdmin docu
Release 4.6A/B
10–4
Chapter 10: R/3 System Administration
Major System Monitoring Tools
8b
&XUUHQW9LHZDQG$OHUW9LHZ
The display has two modes:
< The current system status
This mode shows the alert situation right now.
< Open alerts
This mode shows alerts that have been generated but not yet “acknowledged.” In this
mode, alerts are collected over time.
The recommended process is to look for:
1. Immediate problems (current system status)
2. Prior or transient problems (open alerts)
6ZLWFKLQJ%HWZHHQWKH&XUUHQWDQG$OHUW9LHZV
On the View: Current system status
screen:
1. To view alerts, choose Open alerts. 1
Release 4.6A/B
10–6
Chapter 10: R/3 System Administration
Major System Monitoring Tools
)LQGLQJDQ$OHUW
From the monitor screen:
1. Look for red node text.
If a node text is highlighted in red,
there is an alert somewhere below 4
that text.
2. Drill down to the bottom node.
Here, the alert node is Percentage
Used of the file system on drive H.
3. Select the node text.
4. Choose .
3
2
Release 4.6A/B
10–8
Chapter 10: R/3 System Administration
Major System Monitoring Tools
12
&RQILJXULQJWKH%DWFK-REWR&ROOHFW+LVWRULFDO'DWD5=
The batch job that collects historical data must be running. The default situation is that the job will not run.
But, running this job will add more data to the database and affect database growth. The batch jobs
provide the data for the performance history option above.
Do not run this batch job unless you want performance history data (RZ20).
Release 4.6A/B
10–10
Chapter 10: R/3 System Administration
Major System Monitoring Tools
9LHZWKH$OHUWV
1. Choose Display alerts.
Release 4.6A/B
10–12
Chapter 10: R/3 System Administration
Major System Monitoring Tools
$QDO\]HWKH$OHUW
1. Select the alert.
2. Choose .
2
1
$FNQRZOHGJHWKH$OHUW
1. From the detail screen, choose
Display alerts.
You still have to perform a task based on the alert. Acknowledging the alert only means
that you received the alert notification.
Release 4.6A/B
10–14
Chapter 10: R/3 System Administration
Major System Monitoring Tools
3URYLGH6\VWHP&RQILJXUDWLRQ,QIRUPDWLRQ7UDQVDFWLRQ5=
1. Under the SAP CCMS Monitor
Templates, select System
Configuration.
2. Choose . 2
Release 4.6A/B
10–16
Chapter 10: R/3 System Administration
Major System Monitoring Tools
0DLQWDLQLQJ7KH$OHUW7KUHVKROGVIRU5=
:KDW
The alert threshold is the point where the alert indicator changes color from:
< Green to yellow
< Yellow to red
< Red to yellow
< Yellow to green
:K\
Each installation is different, so the point at which an alert changes color depends on the
individual installation.
Sample situations where you would want to change the threshold levels when:
< A high amount of paging is a cause for concern on the production system, but it is
expected on the development system.
< The only file on a drive may be the database file, which is completely filling the drive.
A “filesystem full” alert on that particular drive is of no concern, because the database
would have been configured to take up the whole drive.
+RZ
*XLGHG7RXU
3. Choose Properties.
6. Choose .
7. The threshold value field will
change color from grey to white.
Release 4.6A/B
10–18
Chapter 10: R/3 System Administration
Major System Monitoring Tools
10
+LGLQJ6$36WDQGDUG0RQLWRU6HWV
The monitor sets that are being “hidden” are not usually needed.
1. On the CCMS alert monitor screen,
from the menu bar, choose
1
Extras → Activate maintenance
function.
5
6
Release 4.6A/B
10–20
Chapter 10: R/3 System Administration
Major System Monitoring Tools
Release 4.6A/B
10–22
Chapter 10: R/3 System Administration
Major System Monitoring Tools
&UHDWHD1HZ0RQLWRU6HW
1. On the CCMS alert monitor screen,
from the menu bar, choose
1
Extras → Activate maintenance
function.
$GGD0RQLWRUWRWKH0RQLWRU6HW
1. From the menu bar, choose 1
Extras → Activate maintenance
function.
Release 4.6A/B
10–24
Chapter 10: R/3 System Administration
Major System Monitoring Tools
8. Choose .
8
10
Release 4.6A/B
10–26
Chapter 10: R/3 System Administration
Major System Monitoring Tools
13
12
15
15
6\VWHP$GPLQLVWUDWLRQ$VVLVWDQW7UDQVDFWLRQ66$$
:KDW
The System Administration Assistant (SAA) was developed as part of the Ready-to-Run-
R/3 project. The core of the SAA has been brought into standard R/3 and is now available.
The SAA lists all the R/3 administrative tasks and tracks tasks that need to be done. It also
provides documentation on each task and displays critical, and non-critical, alerts.
:K\
It helps the system administrator track work by providing a point of reference for all
relevant system administration transactions.
+RZ
*XLGHG7RXU
Release 4.6A/B
10–28
Chapter 10: R/3 System Administration
Major System Monitoring Tools
3. Choose .
4. Choose .
5
5. From the menu bar, choose View →
Transaction code to display the
transaction codes on the right side.
Release 4.6A/B
10–30
Chapter 10: R/3 System Administration
Major System Monitoring Tools
10
12
6SHFLILF7UDQVDFWLRQ0RQLWRULQJ2YHUYLHZ
)DLOHG8SGDWHV7UDQVDFWLRQ60
:KDW
An update terminate (or failed update) is an update to the database that failed. These
terminates occur when a user entry or transaction is not entered or updated in the database.
The following example should help clarify this concept:
([DPSOH
1. The accountant gives a file clerk a folder (similar to the “save” in a transaction).
2. The file clerk gives the accountant a receipt (similar to the R/3 document number).
3. On the way to the file cabinet, the clerk falls and gets hurt.
The folder in not filed in the cabinet (the failed update).
4. The end result is that the folder is not in the cabinet—even though the accountant
has the receipt.
This same end result occurs in an update environment, the document is not in the
R/3 System—even though the user has a document number.
Release 4.6A/B
10–32
Chapter 10: R/3 System Administration
Specific Transaction Monitoring Overview
For performance reasons, the database update is done in an asynchronous mode. In this
mode, the user continues to work while the system takes over the update process and waits
for the database update to complete.
In a synchronous mode, users would have to wait until the database has successfully
updated before they could continue to work.
:K\
Users assume that when they receive a document number, the entry is in the system. But it
is not. Even if the users received a document number, because of the update terminate, no
trace of it exists in the system.
([DPSOH
Even though a sales order document number is generated, the order does not exist.
Therefore, customers would not receive their order, and no trace of the order would exist
in the system.
:KHQ
The longer you wait after the update terminate has occurred, the more difficult it is for users
to remember what they did when the update terminate occurred. If you wait too long, the
user will not remember.
When things go wrong, they can really go wrong. For example, in one situation, there were
over 600 update terminates that occurred in a 30-minute period. The system administrators
were not alerted to the problem so prompt action was not taken. Therefore, normal business
transactions continued to be entered and each one was terminated.
On Windows NT, from R/3 Release 3.0F and higher, system log entries are written to the
NT event log. You might consider configuring an “event log monitor” to page you when an
update terminate occurs. This step reduces the need to constantly check transaction SM13. It
also reduces the exposure between the time the update terminate occurs, when you find out
about it, and when you can get to the user.
The following message appears: “You have express mail in you inbox.” This message means
that an update terminate has occurred on the user’s transaction.
*XLGHG7RXU
Release 4.6A/B
10–34
Chapter 10: R/3 System Administration
Specific Transaction Monitoring Overview
0DQDJLQJ8SGDWH7HUPLQDWHV
1. Double-click on an entry with an
Err status.
Do not attempt to reapply the failed update! There are conditions under which this
reapplication can lead to corruption of the database.
Always advise users to reenter the transaction.
Release 4.6A/B
10–36
Chapter 10: R/3 System Administration
Specific Transaction Monitoring Overview
Some of the problems that can occur with an update terminate include:
< No short dump
In this case, the only clues you have are the:
User ID
Date
Time
Transaction
< Difficulty reading the short dump
Do not be discouraged because you cannot understand a short dump. The ability to read
a short dump comes with experience and practice. Some of the content is only useful to
the developer. You may recognize a pattern of characters as a part number, document
number, vendor code, etc.
< Short dump with little usable information
< Update terminate occurring “downstream” from the actual transaction
The data in the short dump may be of little value in finding the root of the update
terminate. (For example, if the terminate occurred in the FI posting of an SD transaction,
you will not know which SD transaction document caused the problem.)
< Update terminate occurring in a batch job
There is no indication of which batch job (by job name) caused the update terminate.
SAP is aware of the inability to identify the batch job which was the source of an update
terminate.
6. The users need to be contacted.
7. The users should check for the missing entry and reprocess the missing transaction.
8VHU7UDLQLQJ
When a user receives the following message, “You have express mail in your inbox,” usually
signals a problem. The user should immediately stop and get assistance to determine what
happened. R/3 uses “express mail” to notify the user of a failed update. It is during this
“window” (immediately after the error has occurred) that the user has the best chance of
correcting the problem.
6\VWHP/RJ7UDQVDFWLRQ60
:KDW
The system log is the R/3 System’s log of events, errors, problems, and other system
messages.
:K\
The log is important because unexpected or unknown warnings and errors could
indicate a serious problem.
:KHQ
*XLGHG7RXU
Release 4.6A/B
10–38
Chapter 10: R/3 System Administration
Specific Transaction Monitoring Overview
To minimize the video processing overhead, many NT servers are configured with a video
color depth of 16 colors. On these servers, increase the video color depth to 256 colors to see
the alerts in color, or view the log from a computer that has the video set to at least a color
depth of 256 colors.
Release 4.6A/B
10–40
Chapter 10: R/3 System Administration
Specific Transaction Monitoring Overview
/RFNV7UDQVDFWLRQ60
:KDW
A “lock” is a mechanism that prevents other users from changing the record on which you
are working. The example below illustrates the importance of using this function.
([DPSOH
You are changing a customer mailing address, while someone is simultaneously changing
the customer’s telephone number. You first save your change; then the other person saves
his or her change. The other person’s change overwrites your change, and your change
will be lost.
:K\
There may be “old” locks still in place from transactions that did not release, or from when
the user was cut off from the network. Unless cleared, these locks prevent access or change
to the record until the system is cycled. The easiest way to locate these locks is to look for
locks from prior days.
We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter
defines an automatic logout of the user if there is no activity for the set number of minutes.
Setting the auto_logout parameter is recommended for security. It is also an item for which
your external auditors may test. The parameter is a global setting that applies to all users
on the instance. You cannot have different logout times for different groups of users on the
same instance.
The only way to have different logout times for different groups of users is to have specific
groups (for example, Finance) log in to specific instances (for example, the Finance
application server) where this parameter is set in the instance profile of that instance.
*XLGHG7RXU
4. Choose .
2
3
Release 4.6A/B
10–42
Chapter 10: R/3 System Administration
Specific Transaction Monitoring Overview
Is the user logged on any of the servers? < Transaction SMO4 (without application
servers)
< Transaction AL08 ( with application servers)
If the user is not on the system, but transaction
SM04 shows them on the system, delete their
sessions as described in chapter 9, Deleting a User’s
Session. This step, alone, may clear the lock.
Are there are processes running under the user ID? < Transaction SM50
< Transaction SM51
Also see the Processes section later in this chapter.
Are there batch jobs running under the user ID? < Transaction SM37
Also see the Background Jobs section in this chapter.
Are there updates in process for that user ID? < Transaction SM13
Also see Failed Updates section in this chapter.
Once you know that there is no activity using the user’s ID:
1. Select the lock entry for deletion.
2. From the menu bar, choose Lock entries→ Delete.
< Double-check the user ID of the entry that you selected to delete.
If you delete the wrong lock, you could corrupt the database.
< Clear only one lock entry at a time.
< Do not use the mass delete option.
This option will delete all the locks, not just the ones for the user you have selected.
$FWLYH8VHUV7UDQVDFWLRQV60DQG$/
:KDW
These transactions display all the users who are currently logged on to the system. They
show both the user’s ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to “unfamiliar”
terminals. An unfamiliar terminal may indicate that someone—other than the designated
user—is using that user ID.
A user logged on to more than one terminal may indicate that the ID is being used:
< Used by someone else
< Used/shared by several people
Release 4.6 allows you to prevent concurrent sharing of user IDs by activating the
disable_mult_gui_login system profile. We recommend that you activate this parameter.
3UREOHPV
Transaction SM04 may show a user as active, when the user has actually logged off. Because
the user session was not properly closed, the system “thinks” that the user is still logged on.
This condition can be caused by one of the following:
< A network failure, which cuts off the user.
< Users who turn off their computer without logging off from the R/3 System.
6LQJOH,QVWDQFH6\VWHP7UDQVDFWLRQ60
*XLGHG7RXU
Release 4.6A/B
10–44
Chapter 10: R/3 System Administration
Specific Transaction Monitoring Overview
0XOWL,QVWDQFH6\VWHP7UDQVDFWLRQ$/
If you have several instances in your system, using AL08 is easier, because you can
simultaneously see all users in all instances on the system.
3
4
:RUN3URFHVVHV7UDQVDFWLRQV60DQG60
:KDW
Process overview transactions allow users to view the status of work processes and monitor
for problems. Transaction SM51 is a central transaction from which you can select the
instance to monitor. SM51 starts transaction SM50 for each application server, which is used
for a system without application servers.
:K\
Transaction SM51 is one place to look for jobs or programs that may be “hung,” which
maybe indicated by long run times. If batch jobs are not running, transaction SM50 may
provide a hint of the problem, if all the batch work processes are in use.
)RUD6\VWHPZLWK$SSOLFDWLRQ6HUYHUV
*XLGHG7RXU
Release 4.6A/B
10–46
Chapter 10: R/3 System Administration
Specific Transaction Monitoring Overview
)RUD6\VWHP:LWKRXW$SSOLFDWLRQ6HUYHUV
*XLGHG7RXU
$%$3'XPS$QDO\VLV7UDQVDFWLRQ67
:KDW
An ABAP dump (also known as a short dump) is generated when a report or transaction
terminates as the result of a serious error. The system records the error in the system log
(transaction SM21) and writes a snapshot (dump) of the program termination to a special
table. This transaction can also be called from the system log (transaction SM21).
:K\
An ABAP dump is used to analyze and determine why the error occurred and take
corrective action.
Release 4.6A/B
10–48
Chapter 10: R/3 System Administration
Specific Transaction Monitoring Overview
*XLGHG7RXU
Proceed to step 8.
)UHH6HOHFWLRQ
5. Choose Selection.
Release 4.6A/B
10–50
Chapter 10: R/3 System Administration
System Message (SM02)
Despite being called a “short dump,” ABAP dumps may be more than 75 pages long. We
recommend you save the dump locally and print out only the portion you need.
If the SAP hotline asks for a copy of the short dump, rather than fax the entire dump, it is
easier to e-mail or upload the file (see SAP note 40024).
6\VWHP0HVVDJH60
:KDW
:K\
< To send a broadcast message to everyone on the system (for example, “SAP will be down
for scheduled maintenance from 6:00 p.m. PST Friday, October 23 to 12:00 p.m. PST Saturday,
October 24.”).
< To inform the user about the system they are logging on to.
This information is recommended for systems other than the production system, such as
development, test, sandbox, training, etc. (for example, “You are logging into QAS, copy of
PRD as of Nov-1-98 at 0100 PST”).
&UHDWLQJD0HVVDJH
*XLGHG7RXU
Release 4.6A/B
10–52
Chapter 10: R/3 System Administration
System Message (SM02)
To prevent the message from expiring, enter a date several years in the future.
When referencing the time for an event, always enter the specific time, time zone, and date
(for example, 0230 PDST-Mon–Jun 8,1998). Entering vague information (such as “in 15
minutes”), creates confusion as to when and where an event has been scheduled. Some
examples of confusion that may arise includes:
< 15 minutes (from when?)
< 0230 (which time zone?)
< 6:00 (a.m. or p.m.?)
< Monday (of which week?)
(GLWLQJD0HVVDJH
*XLGHG7RXU
5c
Release 4.6A/B
10–54
Chapter 10: R/3 System Administration
System Message (SM02)
$%$3(GLWRU6(
:KDW
An R/3 system administrator will need to execute certain reports and programs to apply a note or in
relation to everyday duties and tasks.
+RZ
)RU,QIRUPDWLRQ$ERXWD3URJUDPRU5HSRUW
1. In the Program, enter RSPO0041.
2. Select Documentation.
3. Choose Display.
Release 4.6A/B
10–56
Chapter 10: R/3 System Administration
System Message (SM02)
Release 4.6A/B
10–58
&KDSWHU 6HFXULW\$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................11–2
Audits .....................................................................................................................11–4
Security Layers .....................................................................................................11–6
Operational Security...........................................................................................11–25
Audit Tools ..........................................................................................................11–37
Audit Tasks..........................................................................................................11–57
2YHUYLHZ
The purpose of this chapter is to make you aware of your responsibilities as the R/3 system
administrator(s) for security. These responsibilities include:
< Protecting the R/3 System
< Preparing you for a computer security audit
When an audit is performed on an R/3 System, the administrator(s) will be responsible for
responding to the audit findings. This chapter is an attempt to prepare you for these audits.
Each auditing firm has their own audit procedures and may look at many different items, so
we cannot prepare you for everything. However, we will try to prepare you for the core
group of items that all firms normally look at.
This chapter is only an introduction to computer security and its importance. Although an
entire book can be written on this subject, even that would be insufficient. We recommend
that you contact and work with all the parties (external auditors, internal auditors, finance
department, legal department, and others) who might be affected by system security.
:KDWLV6HFXULW\"
Security is more than the R/3 authorization (or keeping “undesirables” out of the system).
It is concerned with the following issues regarding data:
< Protecting it from hardware problems
< Maintaining its integrity
< Restoring it in the event of a disaster
Security is a broad topic and can be organized in many different ways. Some of the areas
covered include:
< Keeping unauthorized people out of the system
< Keeping people out of places that they should not be
< Safeguarding the data from damage or loss
< Complying with legal, regulatory, and other requirements
Each of these areas can be further divided.
.HHSLQJ8QDXWKRUL]HG3HRSOHRXWRIWKH6\VWHP
This area is what we usually think about as security and includes the R/3 authorization
concept, operating system and network logon security, and physical security.
.HHSLQJ3HRSOHRXWRI3ODFHV:KHUH7KH\6KRXOG1RW%H
This area covers users having access to more parts of the system and to more data than they
need to perform their job. The data may not be damaged but accessing and revealing this
data could be equally damaging.
Release 4.6A/B
11–2
Chapter 11: Security Administration
Overview
&RPSO\LQJZLWK/HJDO5HJXODWRU\DQG2WKHU5HTXLUHPHQWV
:KDW
Other reasons for security are defined by laws, contracts and other parties.
Security is a sensitive issue, and it has legal implications. One good example of security is
insider trading. Before defining insider trading, we have to first define insider knowledge or
inside information. Insider knowledge or inside information means you have information,
which is not known or available to the general public. If the information is known to the
general public, it could affect the stock price. Insider trading is using inside information to
buy or sell stock and make a profit or reduce a loss. Even if you do not profit from the sale,
you could be held liable.
([DPSOH
([DPSOH
The IS director of a company asked for authorization to log into the production R/3
System. This request raised the concern of the accounting/finance department. Access to
financial information is typically on a “need-to-know” or “need-to-access” basis, and the
IS director did not need to access the production R/3 System. “Red flags” went up when
he started asking about financial performance information (quarterly earnings), well
before this information was made public. He was asking for insider information.
+RZ
You will need the assistance of your company’s legal department.
$XGLWV
)LQDQFLDO$XGLW
:KDW
Release 4.6A/B
11–4
Chapter 11: Security Administration
Audits
be placed on the data in the R/3 System. Your external auditors will evaluate your system
security to determine what audit tests to perform and how much testing they will have to
do.
:K\
If their evaluation results are not good, they may need to increase the scope of their audit.
This increased scope also increases the cost of the audit, and the extra work could delay the
completion of the audit. In a worst case scenario, they could determine that the security is so
weak that they cannot issue an opinion on the company’s financial statements. This
situation is really bad.
Because of the effect on the stock price (down) that this inability to issue an opinion will
probably cause, the chief financial officer (CFO), and likely the president, will be quite
upset. Is your resume updated?
6HFXULW\$XGLW
:KDW
A security audit is performed specifically to test the security of the R/3 environment. This
audit is usually done as a part of the financial audit or to comply with government or other
regulatory agencies. It can also be done by your company’s internal audit group.
:K\
As a security audit.
As a part of the financial audit, the CPA will typically do a security audit of R/3 and the
associated systems. The purpose of the security audit is to determine how much reliance can
be placed on the data in the R/3 System. Your external auditors will evaluate your system
security to determine what audit tests to perform and how much testing they will have to
do.
The audit is also done to test the security of confidential data, such as:
< Financial information
< Customer data
< Product information
< Company personnel data (from the HR module)
$XGLW&RQVLGHUDWLRQV
:KDW
Audit considerations are the things that auditors will look at when they do the financial
audit, or a computer security audit.
Some of these considerations are:
< Physical security
< Network security
:K\
These tasks are done to support the financial or security audit. Without knowing what the
auditors will look for, you cannot properly prepare yourself, and protect the system.
1RWH This section is not an all-inclusive SAP security audit. It is only to make you
aware of some of the things that could be reviewed as part of a security audit. We
recommend that you work with your auditors before the financial audit, to review your
system and bring it up to acceptable standards for the audit.
6HFXULW\/D\HUV
To make security more manageable, we have chosen to use the security layer model, one of
the many existing security models. It uses the following three major layers of security:
Data
Security
Access
security
Release 4.6A/B
11–6
Chapter 11: Security Administration
Security Layers
$FFHVV6HFXULW\
3K\VLFDO6HFXULW\
:KDW
Physical security controls the physical access to R/3 and network equipment.
Like the graphic on the previous page, to get to the inner circle, an intruder must penetrate
the outer circles as follows:
< Onto the property or site
< Into the building
< Into the areas of the building where the users are or where the equipment is located
Finance
MIS
Computer operations
< Into the specific equipment rooms within these areas of the building
Server room
Wiring closet
Network room
:K\
This layer is probably the most important. If an intruder can physically access your
equipment, all your other security layers can be bypassed.
When this layer is bypassed:
< Equipment can be physically damaged or destroyed.
< The system can be accessed from the operators console (and could bypass strong
network security).
< Equipment can be removed.
< Data could be hacked.
Without physical access to the equipment, the intruder must electronically access the system
through the network.
+RZ
The R/3 equipment should be located in a secured room. Access to the room should be only
through a locked door. It is crucial to control who is allowed access to the server room.
If you have electronic card key access, periodically audit the access log for the server room.
The periodic review of the access log may be an item for which auditors will test.
1HWZRUN6HFXULW\
:KDW
Network security also has sublayers of security. The goal of this security type is to control
the following types of access to the network:
< External
< Logon
This type controls on-site and remote access and where on the network users can go
once they gain access.
:K\
If intruders access your network, they could have an electronic link to your computers.
+RZ
Use network security specialists to properly configure the various access points into your
network and, once users are on the network, control their movements.
Some of these points of control are:
< Outside access
Dial-in access
Internet access
Other remote access methods, such as VPN
< Network login access
This access method is the actual logon to the network (for example, the NT domain).
< Access to portions of the network.
NT domains
1RWH We recommend that you have:
< A dedicated SAP domain where only the administrators are allowed to directly log
onto.
< Other domains where users will log onto, trust the SAP domain, but the SAP domain
does not trust other domains.
Router tables
This table can be used to control (by IP address) which users can access the SAP
servers.
Release 4.6A/B
11–8
Chapter 11: Security Administration
Security Layers
$SSOLFDWLRQ6HFXULW\
:KDW
Like the other layers, application security has sublayers of security, which controls:
< The ability to log into the application, such as logging into R/3
< Where a user can go in the application
< What a user can do in the application
< What a user can do based on the system data in the application [such as the R/3 System
(for example, limiting the user to company 001 and cost center 200)]
R/3 security functions at this layer.
:K\
This layer provides the fine or specific security of what a user can do [for example, read (not
change) accounting data for only cost center 200 in company 001].
+RZ
2SHUDWLRQDO6HFXULW\
:KDW
This layer is security at the operational or user level. Because it is primarily procedures and
control, there are few computer or systems issues related at this level.
:K\
These are organizational and people issues, which are always a problem, because people
need to comply with guidelines and rules. The problem is, of course, that some people never
want to comply with guidelines.
+RZ
'DWD6HFXULW\
This layer is closely knit to the material in chapter 2, because disaster recovery is an integral
part of data security.
:KDW
:K\
+RZ
< Data on the servers
The goal is to prevent or minimize loss of data in a disaster. Some of the items below can
be referred to as High Availability (HA) items:
RAID arrays for drives
Redundant equipment
Using reliable equipment and vendors
Premium hardware support agreements for the production system
The following are facilities-related items:
Uninterruptible Power Supplies (UPS)
Fire detection and prevention devices
Release 4.6A/B
11–10
Chapter 11: Security Administration
Security Layers
Intrusion alert
Environmental alerts
< Backups
Backup tapes should be sent to a secure, off-site data storage facility.
This step protects the backup data from damage or destruction a disaster.
Tapes at both the off-site backup and the on-site tape storage facilities must be
secured to prevent the theft of the backup tapes.
If the backup tapes were stolen, the data can be restored and hacked. Using database
tools, most R/3 security could be bypassed by directly reading the tables.
$SSOLFDWLRQRU56HFXULW\
&RQWUROOLQJ$FFHVVWR5
Also see the Password section in this chapter.
3UHYHQW0XOWLSOH8VHU/RJLQV
:KDW
This process prevents users from logging onto the system multiple times. Multiple user
logons is when several users are sharing a user ID, or someone is using a user’s ID without
the user’s knowledge. Preventing multiple user logons is not allowing more than one R/3
logon from one user ID.
:K\
+RZ
3UHYHQWLQJ&KDQJHVLQWKH3URGXFWLRQ6\VWHP
:KDW
The production system should be set to Not modifiable. The “locks” on the system should be
set so that configuration changes (client-independent and client-dependent) cannot be made
directly into the production system. The purpose for this setting is to ensure that all changes
are completed in a controlled manner.
:K\
Configuration changes should not be made directly into the production system. This
restriction maintains the integrity of the production system. If changes are made directly
into the production system, it may “break” because the change:
< Was not tested
< Is not the same as the one made in the development system
The goal is to protect the production system from changes, without the changes being
properly tested and to preserve the integrity of the pipeline. If changes are made into the
production system, the development and testing pipeline could become out of sync with the
production system. If the pipeline is out of sync, it get difficult to develop and test with any
certainty that things will not be different in the production system.
All changes should be made in the development system and then transported through the
pipeline into production. In this way, all systems get the same changes. A common excuse is
that making changes directly into the production system, “takes too long to transport the
fix.”
By making changes directly into the production system, you:
< Create an “out of sync” landscape, where the change made to the production system is
not the same as the changes made to the development or test systems.
< Allow emergency transports to occur at any time, with coordination.
([FHSWLRQV
Release 4.6A/B
11–12
Chapter 11: Security Administration
Security Layers
6HWWLQJWKH3URGXFWLRQ6\VWHPWR´1RW0RGLILDEOHµ7UDQVDFWLRQV6(6&&
:KDW
There are switches that prevent changes from being made in the system. In the production
system, these switches should be set to Not modifiable. The purpose of this setting in the
production system is to make sure that changes are made using the development pipeline.
With this procedure, changes are properly tested and applied to the systems in the pipeline.
:K\
Objects should not be modifiable in the production system. This rule protects the
production system from object and configuration changes before being tested. By setting the
production system to Not modifiable, before the integrity of the pipeline is preserved.
+RZ
There are two transactions (SE03 and SCC4) that you will use to set the system to Not
modifiable. (These transactions can also be used for other tasks.)
&OLHQW,QGHSHQGHQW&KDQJHV7UDQVDFWLRQ6(
*XLGHG7RXU
Release 4.6A/B
11–14
Chapter 11: Security Administration
Security Layers
&OLHQW,QGHSHQGHQWDQG&OLHQW'HSHQGHQW&KDQJHV6&&
*XLGHG7RXU
3. To continue, choose .
Release 4.6A/B
11–16
Chapter 11: Security Administration
Security Layers
9HULI\LQJWKDW'DQJHURXV7UDQVDFWLRQV$UH/RFNHG
:KDW
:K\
If users accidentally access these transactions, they could corrupt or destroy the R/3 System.
< In a production system:
Access to dangerous transactions is more critical in the production system than the
development or test systems. This criticality is because of live data and the company’s
operational dependency on the R/3 System.
< In a developmental system:
Certain transactions should be locked in the production system, but not in the
development, test, or training systems. Standard security normally prevents access to
these transactions, but some administrators, programmers, consultants, and functional
key users could access them depending on which system they are. In these cases, the
transaction lock provides a second line of defense.
There are over 48,000 English transaction codes in the R/3 System. To manage such a large
number of transactions, lock only the critical ones. Your functional consultants should
supply you with any additional critical transactions in their modules.
The table below is organized with input from Basis consultants and users and lists
transactions that we recommend you lock. The transactions are categorized by the following
risk categories:
< Dangerous
< Security-related
< Performance impact
Release 4.6A/B
11–18
Chapter 11: Security Administration
Security Layers
Release 4.6A/B
11–20
Chapter 11: Security Administration
Security Layers
The following table shows dangerous transactions that probably cannot be locked because
they are (or could be) used regularly. These transactions may have other valid reasons for
use in a production system—but because of the potential danger, need to have restricted
access.
Table TSTCT contains the transaction codes and the name of the transaction. The current
content is over 93,000 entries in the table, with over 48,000 in English.
+RZ
*XLGHG7RXU
Release 4.6A/B
11–22
Chapter 11: Security Administration
Security Layers
Check which transactions you are locking. You could accidentally lock yourself out of a
key transaction, which would prevent you from unlocking this or other transactions.
7R/LVW/RFNHG7UDQVDFWLRQV
1. In the Command field, enter transaction SECR and choose Enter.
2. Select Complete audit.
3. Choose .
Release 4.6A/B
11–24
Chapter 11: Security Administration
Operational Security
2SHUDWLRQDO6HFXULW\
6HJUHJDWLRQRI'XWLHV
:KDW
There are standard audit guidelines that cover job or task combinations that are considered
“risky” or that reduce internal controls.
Some of these combinations are:
< Accounts Payable and Check Generation
< Accounts Receivable and Cash Receipts
< ABAP development and transport control
Your external auditors should help you define these risky combinations. Testing for
segregation of duties is a standard audit procedure.
:K\
+RZ
The review of segregation of duties should be completed with the various user owners (key
users of each functional area).
Out of necessity, smaller companies must assign multiple functions to a single person. Be
aware of the potential security risks in this situation. If you must combine functions,
combine them in a way that minimizes risks.
5HVWULFWLQJ$FFHVVWR6$3
RU'',&
:KDW
These are system user IDs that have restricted uses for specific purposes.
:K\
There are certain functions that can only be performed by SAP* or DDIC. If an R/3 user
requires similar functionality, they should have a copy of the SAP* profile. These users
should be grouped as “super users,” with the appropriate security approvals.
The security profile for SAP* is SAP_ALL. This profile is extremely powerful because it
grants the user complete access to the system. For more information, see chapter 12,
Recommended Polices and Procedures: System Administration.
A user with user administration rights cannot change the password to gain access to a user
ID and then change it back to the original password. Passwords are not visible to the
administrators, so they cannot restore the original password if they do not know it. At the
next logon, the owner of the user ID will know that the password has been altered because
they will be unable to log on with their current password.
Release 4.6A/B
11–26
Chapter 11: Security Administration
Operational Security
+RZ
1. Log on using SAP* and DDIC to determine if someone has changed the password.
2. Periodically change the password for these users in all:
< Systems
< Clients in those systems
This step prevents a person who knows the password from accessing the system.
3. Update the secured password list.
4. Verify that the system profile parameter login/no_automatic_user_sapstar has been
configured, to prevent the use of the automatic user sap*.
If the user ID has been deleted, this step prevents the “backdoor” usage of user sap*.
&KDQJH0DQDJHPHQW
:KDW
Change management is the process of controlling what changes are made to the system. In
this context, “system” refers to the entire system environment, not just R/3.
:K\
One aspect of security is to control and know what changes are made to the system.
+RZ
Item of concern:
< Is there a change management procedure for changes being made to the R/3 System?
< Is a QA testing process in place?
< Are reviews and approvals required to move changes into the production system?
6KDULQJRI8VHU,'V
:KDW
This process occurs when more than one person uses a single user ID.
:K\
2WKHU
Despite the cautionary statements above, there are a few situations where it is not practical
to have individual user IDs. These situations must be treated individually and with
management and internal audits review and approval.
([DPSOH$:DUHKRXVH
In a warehouse, there is one computer and several employees who use that computer to
post their warehouse transactions such as goods issued, goods received, etc. This process
occurs because the user ID is used to log on, not at the individual transaction level, but
the R/3 System. For each transaction that the warehouse employee access, it is
impractical to log on to R/3, access transaction, and log off from R/3. The alternative is
to have a computer for each warehouse person, although this step may not be
economically justified.
+RZ
3DVVZRUG,VVXHVDQG7DVNV
The password is the users key to accessing R/3. Like the key to your house, safeguarding
this key is important to keep “undesirables” out. Your company should have a clear and
practical company password policy, which should be distributed to all users informing
them not to use easy-to-guess passwords.
A password policy that is too restrictive or difficult to comply with could defeat the
purpose of this policy. Users will write their passwords down and leave it in an easily seen
place, which means you have lost your security.
Release 4.6A/B
11–28
Chapter 11: Security Administration
Operational Security
6HWWLQJ3DVVZRUG6WDQGDUGV8VLQJ7UDQVDFWLRQ5=
:KDW
There are security parameters for the user’s password (for example, the minimum password
length, the time interval that the user must change their password, etc.).
The following is a list of the most important password parameters:
< Minimum password length: login/min_password_lng
A longer password is more difficult to break or guess, so the standard is usually five (5)
characters.
< Password expiration time: login/password_expiration_time
This time period is the limit before users must change their password.
Auditors usually recommend 30 days.
A practical number that customers use is 90 days.
< Password lockout: login/fails_to_user_lock
This parameter locks out users who, after a specified number of times, try to logon with
an incorrect password. Users are usually locked out after three failed attempts.
:K\
Properly assigned parameters will make it more difficult to break into the system.
Your external auditors may check to see if you have set the security parameters.
+RZ
To set up password parameters, maintain system profiles with transaction RZ10 (for more
information on this transaction, see chapter 20).
(OLPLQDWLQJ6RPH(DV\3DVVZRUGV
:KDW
There are certain passwords (for example, 123, QWERTY, abc, sex, sap, <your company name>)
that are well known or easy to guess. You can prevent these passwords from being used by
loading them into a table (USR40) that the system checks when the user attempts to save a
new password.
Table USR40 is only a basic level of password security and is maintained manually.
There are third-party password security programs that can be integrated into R/3.
:K\
A password is the key to enter the system, similar to the key you use to enter your home. If
users choose easy-to-guess or well-known passwords, security is compromised and your
system is potentially at risk.
Your external auditors may check to see if you have a mechanism to secure against users
with “easy-to-guess” passwords.
+RZ
:KDW
A table of prohibited passwords is a user-defined list of passwords that are prohibited from
being used in the R/3 System. This table is not a substitute for good password policies and
practices by the users. Interaction occurs between a system profile parameter and the table
of prohibited passwords.
If the minimum password length is set to five characters, there is no reason to prohibit
passwords like “123” or “SAP,” because these passwords would fail the minimum length
test. However, if company security policy requires it, you could include all passwords that
are considered “risky” in the table.
The following is a list of easily guessed passwords that cannot be put into any table:
< <your name>
< <your spouse’s name>
< <your child’s name>
< <your pet’s name>
< <your car’s license plate>
< <your driver’s license number>
< <your social security number>
:K\
There are many lists circulating of commonly used user passwords. If one of these
passwords is used, the chances of an unauthorized person accessing a user’s account
increases.
+RZ
Changes will be made to table USR40 using transaction SM31, the general table maintenance
transaction. (For more information on this transaction, see chapter 19, Change Management:
Release 4.6A/B
11–30
Chapter 11: Security Administration
Operational Security
Table Maintenance.). This change creates a transport that can then be transported throughout
the landscape.
5HFRPPHQGHG3URFHVV
< All passwords for all system IDs should be:
Recorded
Placed in a sealed envelope
Put in a company safe (possibly both an onsite and offsite safe) that has restricted
access.
Only a select list of company personnel should have access to this information.
< User IDs that are used or needed to maintain the R/3 System include:
SAP*
DDIC
SAPCPIC (see note 29276)
EarlyWatch (client 066)
All user-created administrative IDs
Any other non-SAP user ID that is required to operate the system, such as for the
operating system, the database, and other related applications.
< The password list should be updated and replaced whenever passwords are changed.
Two people should prepare the list, change the password, and verify the new password—
one user ID at a time. If the recorded password is wrong, those “keys” are lost, and you may
not be able to log on to the system.
Release 4.6A/B
11–32
Chapter 11: Security Administration
Operational Security
BATCH1 Newpass
<SID>ADM Newpass
SAPCPIC Newpass
All systems should have entries for clients 000 and 001. In addition, the production system
should have an entry for client 066. Clients 000 and 001 are default clients in all systems,
and client 066 is the EarlyWatch client and may not exist in every system.
NT Finance/DEVADM Newpass
Finance/PRDADM Newpass
SQLserver sa Newpass
sapr3 Newpass
UNIX root Newpass
<SID>ADM Newpass
Oracle system Newpass
SYS Newpass
OPS$<SID>ADM Newpass
OPS$SAPSERVICE<SID> Newpass
SAPR3 Newpass
*XLGHG7RXU
3
4
Release 4.6A/B
11–34
Chapter 11: Security Administration
Operational Security
At this point, if the new password fails, use another administrative user ID to reset the
password. This reason is why password changes should be made one user ID at a time.
This process must be repeated for every system and client in which the user ID has an entry.
With Central User Management, you can manage users across all systems (for more
information, see Authorizations Made Easy, Release 4.6).
2SHUDWLQJ6\VWHP/HYHO
At the operating system level, the following user IDs should have their passwords changed:
17
In some places, NT is case sensitive (for example, at the initial login screen).
8VHU,'V
< <SID>ADM
< SAPService<SID>
6HUYLFHV
< SAP
These services will either use user ID <SID>ADM or SAPService<SID>
SAP<SID>_<instance>
SAPOsCol
SAProuter
< Oracle
OracleService<sid>
OracleTNSListener80
The default user that the Oracle services runs under is system
< SQLserver
MSSQLServer
SQLServerAgent
The user ID that they run under is either <SID>ADM or SAPService<SID>
< Informix
INFORMIX-OnLineDynamicServer
INFORMIX-OnLineMessageService
< DB2
DB2-DB2DA400
81,;
8VHU,'V
< <sid>adm
< root
6HUYLFHV
ora<sid>
'DWDEDVHV
For the databases, the following user IDs should have their passwords changed:
'%
NT/DB2 (see SAP note 80292)
,QIRUPL[
See note 15399
0LFURVRIW64/6HUYHU
< See SAP note 28893
< sa
< sapr3
2UDFOH81,;
User IDs:
< SAPR3
< SYS
< SYSTEM
8VHIXO6$31RWHVIRU2UDFOH81,;
117736 4.5A
101318 4.0B
086857 4.0A
Release 4.6A/B
11–36
Chapter 11: Security Administration
Audit Tools
Use the program chdbpass to change the passwords. This program automatically updates the
SAPUSER table and enables the user <sapsid>adm to access the database.
2UDFOH17
< system
< sys
< op$<sid>adm
< ops$sapservice<sid>
< sapr3
$XGLW7RROV
$XGLW,QIRUPDWLRQ6\VWHP7UDQVDFWLRQ6(&5
:KDW
The Audit Information System (AIS) is designed for the system and business audits and will
likely be requested to be run by internal or external auditors. It puts into one place many of
the R/3 security tools. The center of the AIS is the Audit report tree. AIS uses standard R/3
reports and transactions to conduct the review and is a standard component in Release 4.6A.
However, you can import the AIS into your system back to Release 3.0D or higher. AIS also
provides an interface to export data to an external auditing system that analyzes financial
statements.
:K\
Auditors examine the results of automated and manual financial and system procedures to
ensure that there is a checks-and-balances infrastructure to prevent fraud, etc. AIS enables
the auditors to test transactions and run reports during the inspection.
+RZ
&RPSOHWH$XGLW
In the Command field, enter transaction SECR and choose Enter
(or from the SAP standard menu, choose Information Systems → SECR-Audit Info System).
1. Select Complete audit.
2. Choose .
2
Release 4.6A/B
11–38
Chapter 11: Security Administration
Audit Tools
6\VWHP$XGLW
Release 4.6A/B
11–40
Chapter 11: Security Administration
Audit Tools
%XVLQHVV$XGLW
8VHU'HILQHG$XGLW
You can also conduct a user-defined audit by creating a view or subset of a complete audit.
1. In the Command field, enter transaction SECR and choose Enter
(or from the SAP standard menu, choose Information Systems → SECR-Audit Info System)
2. Select User-defined audit.
3. Under User-defined audit, enter a view name (for
example, ZVUE).
4. Choose .
4
2
3
9. Choose .
10. Choose . 8
Release 4.6A/B
11–42
Chapter 11: Security Administration
Audit Tools
12
13
6HFXULW\$XGLW/RJ60
:KDW
The Security Audit Log records the security-related activities of users in the system. These
activities include successful and failed:
< Dialog logon attempts
< Report and transaction starts
< RFC/CPIC logons
Other events written into the log are:
< Locked transactions or users
< Changed or deleted:
Authorizations
Authorization profiles
User master records
< Changes to the audit configuration
The log is created each day, and previous logs are neither deleted nor overwritten. The log
files can become numerous and large, so we recommend that the logs be periodically
archived before being manually purged. An audit analysis report can be generated from the
audit logs. You can analyze a local server, a remote server, or all the servers in an R/3
System.
:K\
Based on certain criteria, the information in the security audit files can be manipulated to
tailor the audit analysis report.
The report assists the administrator:
< Reconstruct or analyze incidents
< Improve security by recognizing inadequate measures
Release 4.6A/B
11–44
Chapter 11: Security Administration
Audit Tools
+RZ
1RWH You cannot set both parameters. You have to choose the method by which the
audit files are created.
5XQQLQJWKH$XGLW/RJ
*XLGHG7RXU
This procedure assumes that the audit has been running for some time and that audit logs have been
created.
1. In the Command field, enter transaction SM20 and choose Enter
(or from the SAP standard menu, choose Tools → Administration → Monitor → Security Audit log →
SM20-Analysis).
2. Complete the steps below:
a. In From date/time, enter a time and a date (for
example, 13:00). 3
b. Under Audit classes, select:
< Dialog logon 2a
< Transaction start
< Report start
2b
3. Choose Re-read audit log.
This button is used to read a log for the first
time.
Release 4.6A/B
11–46
Chapter 11: Security Administration
Audit Tools
6HWWLQJ6HFXULW\$XGLW/RJ3DUDPHWHUV60
:KDW
The audit log parameters are the criteria used to write the types of audit messages into the
audit log file. The parameters are grouped into audit profiles that can be activated at the
next system startup (configuration status) or applied “on the fly” (dynamic configuration).
:K\
Audit profiles need to be first created before audit logs can be written. These profiles limit
the amount and type of data written into the security audit files, which makes the
subsequent security reports more meaningful to the administrator.
+RZ
Decide what to audit and set selection criteria at the database level or dynamically at the
application server level:
< If the audit configuration is permanently stored at the database level, all application
servers use the identical criteria to save events in the audit log.
The settings take effect at the next application server start.
< At the application server level, however, dynamic changes can be set to individual
application servers and distributed to the entire system.
The new criteria will remain in effect until the server is brought down.
You can define up to 5 sets of selection criteria or filters. The system parameter,
rsau/selection_slots (that defines the number of filters has a default value of 2). You can
activate an audit in the dynamic configuration using transaction SM19.
*XLGHG7RXU
Release 4.6A/B
11–48
Chapter 11: Security Administration
Audit Tools
'HILQH)LOWHU*URXS
6. Choose Filter 1.
7. Under Selection criteria, in:
< Client, enter *
< User Names, enter *
8. In Audit classes, select:
< Dialog Logon
< Transaction Start
9. Under Events, select All. 6
10
10. Select Filter active.
7 8 9
'HILQH)LOWHU*URXS
11. Choose Filter 2.
This filter traces the reports started by one user.
12. Under Selection criteria:
< In Client, enter *.
< In User Names, enter a user ID (for example,
GARYN).
13. In Audit Classes, select Report start. 11
14. Under Events, select Severe and critical. 16
15
15. Deselect Filter active.
This setting allows you to save the filter settings 12 13 14
but does not activate them.
16. Choose Detail setting to drill down the audit
class and event class categories.
17
Release 4.6A/B
11–50
Chapter 11: Security Administration
Audit Tools
19
21
Release 4.6A/B
11–52
Chapter 11: Security Administration
Audit Tools
5XQQLQJDQ$XGLWRQD'LIIHUHQW8VHU
*XLGHG7RXU
In this procedure, we will run an audit on a different user and check on all the reports that were started.
1. Under Selection criteria, in:
< Client, enter *.
< User names, enter a user ID (for example,
Patricia).
5
2. Under Audit classes, select Report start.
3. Under Events, select All.
4. Under Filter 1, select Filter active.
5. Choose .
1 2 3
6. Choose Yes.
8VHU6HFXULW\$XGLW-REV
Many of these reports are included as part of the AIS.
:KDW
Release 4.6A/B
11–54
Chapter 11: Security Administration
Audit Tools
that security issues may exist. If you have a small company, these issues cannot be avoided
because “one person often must wear many different hats.”
:K\
Your external auditors may require some of these reports to be executed as part of the
annual financial audit.
+RZ
6$²$%$3([HFXWH3URJUDP
6(²$%$3(GLWRU
1RWHVIRU6SHFLILF5HSRUWV
RSUSR008 (lists critical combinations of authorizations or transactions):
< These combinations are maintained on table SUKRI.
< Dangerous combinations include the following transactions:
RZ02 (with anything)
RZ03 (with anything)
SE14 (with anything)
SU01 (with security, users, and profiles)
SU02 (with security, users, and profiles)
Release 4.6A/B
11–56
Chapter 11: Security Administration
Audit Tasks
$XGLW7DVNV
5HYLHZWKDWDOO1DPHG8VHUVDUH9DOLG
:KDW
All users who have left the company should have their R/3 access terminated immediately.
By locking or deleting these user IDs, you limit access to only those users who should have
access to R/3. Periodic review assures that the task of locking or deleting has been
completed.
:K\
Proper audit control requires that a user who no longer has a valid business need to access
R/3 should not be allowed to do so.
Deleting or locking these user IDs also prevents anyone who had been using the terminated
user ID from accessing the system with that ID.
One of the audit procedures that your external auditors will use is to test whether a person
who does not need to access R/3 has a live user ID.
+RZ
*XLGHG7RXU
2. Choose .
For additional information on how to “lock” a user, see chapter 12, User Administration.
5HYLHZLQJ3URILOHVIRU$FFXUDF\DQG3HUPLVVLRQ&UHHS
:KDW
:K\
Your external auditors may have an audit step to check for permission creep.
+RZ
Release 4.6A/B
11–58
Chapter 11: Security Administration
Audit Tasks
4. Review the activity groups and profiles assigned to the individual for reasonableness.
Reasonableness is defined as, “Does it make sense?”
5. Review the individual profiles assigned for content and check to see if the profile has
been recently changed.
< Profiles (transaction SU02) and authorizations (transaction SU03)
Check if the change date is recent.
You can also execute the following audit reports:
< RSUSR100 (user changes)
< RSUSR101 (profile changes)
< RSUSR102 (authorization changes)
For additional information on these reports, see the User Security Audit on page 11–54.
Release 4.6A/B
11–60
&KDSWHU 8VHU$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................12–2
Recommended Policies and Procedures ...........................................................12–3
New User Setup.....................................................................................................12–7
Maintaining a User (SU01)..................................................................................12–24
Resetting a Password (SU01) ............................................................................12–26
Locking or Unlocking a User (SU01).................................................................12–27
User Groups ........................................................................................................12–29
Deleting a User’s Session (Transaction SM04)................................................12–32
2YHUYLHZ
User administration is a serious function, not just a necessary administrative task. Security is
at stake each time the system is accessed. Because the company’s financial and other
proprietary information is on the system, the administrator is subject to external
requirements from the company’s external auditors, regulatory agencies, and others.
Customers should consult with their external auditors for audit-related internal control user
administration requirements. For example, human resources should be consulted if the HR
module is implemented or if personnel data is maintained on the system.
A full discussion on security and user administration is beyond the scope of this guidebook.
For example, manually creating and maintaining security profiles and authorizations is also
not covered. Our discussion is limited to a general introduction and a list of the major
issues related to security. The two sections below affect all aspects of security, which is why
we begin with them.
8VHU*URXSV
User groups are created by an administrator to organize users into logical groups, such as:
< Basis
< Finance
< Shipping
For additional information, refer to the section User Groups on page 12–29.
3URILOH*HQHUDWRU
The Profile Generator is a tool used to simplify the creation and maintenance of SAP
security. It reduces (but does not eliminate) the need for specialized security consultants.
The value of the Profile Generator is more significant for smaller companies with limited
resources that cannot afford to have dedicated security administrators. For more
information on the Profile Generator, see the Authorizations Made Easy guidebook.
Release 4.6A/B
12–2
Chapter 12: User Administration
Recommended Policies and Procedures
5HFRPPHQGHG3ROLFLHVDQG3URFHGXUHV
Some of the tasks in this guidebook are aimed at complying with common audit procedures.
Obtaining proper authorization and documentation should be a standard prerequisite for all
user administration actions.
8VHU$GPLQLVWUDWLRQ
User administration tasks comprise the following:
< User ID naming conventions
The employee’s company ID number (for example, e0123456)
Last name, first initial, or first name, last initial
In a small company where names are often used as ID, it is common to use the
employee’s last name and first initial of the first name or the employee’s first name
and first initial of the last name (for example, doej or johnd, for John Doe).
Clearly identifiable user IDs for temporary employees and consultants (for example,
T123456, C123456).
< Adding or changing a user
The user’s manager should sign a completed user add-or-change form.
The form should indicate the required security, job role, etc., that defines how
security is assigned in your company.
If security crosses departments or organizations, the affected managers should also
give their approval.
If the user is not a permanent employee, or if the access is to be for a limited time, the
time period and the expiration date should be indicated.
The forms should be filed by employee name or ID.
A periodic audit should be performed, where all approved authorizations are
verified against what was assigned to the user.
< Users leaving the company or changing jobs
This event is particularly sensitive.
The policies and procedures for this event must be developed in advance and be
coordinated by many groups. As an example, see the table below.
Group Responsibility
Similar to banks, there should be a “secret word” that users could use to verify their
identity over the phone. This word would be used when the user needs their password
reset or their user ID unlocked. But, realize that others can “overhear” this secret word
and render it useless.
Release 4.6A/B
12–4
Chapter 12: User Administration
Recommended Policies and Procedures
6\VWHP$GPLQLVWUDWLRQ
< Special user IDs
The two user IDs (SAP* and DDIC) should only be used for tasks that specifically
require either of those user IDs. A user who requires similar “super user” security rights
should have a copy of the SAP* user security.
The security rights of SAP* and DDIC are extensive, dangerous, and pose a security
risk. Anyone who requires or requests similar security rights should have an extremely
valid reason for the request. Convenience is not a valid reason. The security profiles
that serves as the “master key” are SAP_ALL, and to a lesser degree, SAP_NEW.
The user IDs SAP* and DDIC should have their default passwords changed to prevent
unauthorized use of these special user IDs.
An external audit procedure checks the security of these two user IDs.
For medium- and large-size companies, granting developers SAP* equivalent security
rights in the development and test systems is usually inappropriate. SAP* equivalent
security in the production system is a security and audit issue and should be severely
limited.
Company ID:
R/3 User Change Request
System/Client No. PRD 300
QAS 200 210 220
DEV 100 110 120
Employee: Type of Change W Change user
Department Name/Cost Center Number: W Delete user
W Add user
User ID:
Position: Expiration Date (mandatory
for temporary employees)
Secret Word: Request Urgency W High
Requester: W Medium
Requester’s position: W Low
Requester’s phone:
Employee’s Job Function (If similar to others in department, name and user ID of a person with similar job function):
Special Access/Functions:
Requester Signoff
Name Signature Date Signed
Manager Signoff
Name Signature Date Signed
Owner Signoff
Name Signature Date Signed
Release 4.6A/B
12–6
Chapter 12: User Administration
New User Setup
1HZ8VHU6HWXS
3UHUHTXLVLWHV
*HQHUDO3URFHVVRU3URFHGXUH
Before you set up a new user, have “in hand” the user add form (with all the required
information and approvals).
7KH8VHU·V'HVNWRS
Does the user’s desktop meet the following criteria:
< Does the system configuration meet the minimum requirements for SAP?
< Is the display resolution set to a minimum of 800 x 600?
< Is there sufficient space on the hard disk to install the SAP GUI with sufficient room for
desktop application to run?
For windows, a minimum of 50MB free space should remain after installing SAP GUI. A
practical minimum however, is at least 100MB of free space.
1HWZRUN)XQFWLRQDOLW\
Can the user log on to the network?
From the user’s computer:
< Can you “ping” the SAP application server(s) that the user will be logging onto?
< If the SAP GUI will be loaded from a file server, can you access the file server from the
user’s computer where the SAP GUI will be installed?
)RU,QVWDOODWLRQRI6$3*8,
Before you install the SAP GUI, you should have the R/3 server name and the R/3 System
(instance) number (for example, xsysdev and 00). You will need to enter this information
during the installation.
5HFRPPHQGHG3UHUHTXLVLWHIRUWKH*8,,QVWDOODWLRQ
The online documentation should be installed according to the instructions in the SAP
document Installing the Online documentation. The online documentation installation and
access method has changed since Release 3.x.
,QVWDOOLQJWKH)URQWHQG6RIWZDUH²6$3*8,
The SAP GUI or frontend installation instructions are in the installation guide, Installing SAP
Frontend Software for PCs.
The SAP GUI can be installed from:
< A copy of the presentation CD on a file server
< The presentation CD or a copy of the CD
,QVWDOOLQJ6$3*8,IURPD)LOH6HUYHU
The preferred method is to install SAP GUI from a file server because you do not need to
carry the presentation CD around. Also, remote installations can be completed without
shipping out and potentially losing the original CD.
The following is a list of the prerequisites to install SAP GUI from a file server:
< Copy the SAP GUI load files from the presentation CD to a shared directory on a file
server.
< Have access to the shared directory from the user’s PC.
+RZWR,QVWDOOWKH6$3*8,
*XLGHG7RXU
1. Map a drive to the shared drive on the network where the presentation CD has been copied.
Select the mapped drive to the
presentation CD software.
In this example, Sim-cd on
‘Pal100767’ (E:).
2. Navigate down to the directory for 1
the gui. 2
Release 4.6A/B
12–8
Chapter 12: User Administration
New User Setup
4. Choose Next.
7. Choose Next.
8. Select SAPgui.
Steps 9–12 are optional.
9. Click on Desktop Interfaces.
10. Choose Change option. 9
8
10
12
Release 4.6A/B
12–10
Chapter 12: User Administration
New User Setup
13
14
15
16
17
19
19
20
21
Release 4.6A/B
12–12
Chapter 12: User Administration
New User Setup
22
24
25
To add systems to the SAP Logon see section Adding Systems in the SAP Logon.
,QVWDOOLQJ6$3*8,IURPWKH3UHVHQWDWLRQ&'
When the network connection between the SAP GUI files on the network and the user is too
slow to permit installation, install SAP GUI from the presentation CD. A slow connection
could result from a slow modem or a slow network link.
A copy should be made of the original presentation CD and the copy shipped to the user
site. You then maintain control of the original CD and reduce the chance that it might get
lost. The SAP GUI installation files can also be copied to other high-capacity removable
media such as ZIP® or optical disk, as appropriate for your company.
The copy of the presentation CD can then be safely sent to the user’s site. From there, it can
be either loaded onto a local file server for installation or installed directly from the delivery
media. The prerequisites for such an installation is that the user has a CD drive or other
drive compatible with the delivery media (ZIP®, optical, etc.) on which the SAP GUI files are
delivered.
To install SAP GUI from a CD:
1. Insert the CD into the drive.
2. In Windows Explorer, choose this drive.
3. Choose Gui → Win32.
4. Double-click on Setup.exe.
5. Follow the same procedure as when loading from a file server.
6. Test your connection
7. Log on to the system.
Release 4.6A/B
12–14
Chapter 12: User Administration
New User Setup
$GGLQJ$GGLWLRQDO6\VWHPV
*XLGHG7RXU
7R$GG$GGLWLRQDO6\VWHPVLQWKH6$3/RJRQ
1. On the SAP Logon window, choose
New.
6HWWLQJ8SD1HZ8VHU68
The procedural prerequisite is to check that all documentation and authorizations required
to set up a new user are present.
There are two ways to create a new user:
< Copy an existing user
< Create a new user from scratch
&RS\LQJDQ([LVWLQJ8VHU68
You can copy from an existing user if you have a good match. The new user will have the
same security profiles as the existing user. This process is the easiest and is the
recommended method for a small company.
Create “template” users for the various job functions that can be copied to create new
users.
Prerequisite:
A valid user ID to copy is identified on the user setup form.
Release 4.6A/B
12–16
Chapter 12: User Administration
New User Setup
*XLGHG7RXU
Release 4.6A/B
12–18
Chapter 12: User Administration
New User Setup
13
14
A telephone number should be a 15 15 15
required entry field. If there is a
system problem identified with the
user, you need to contact that user. 16
Release 4.6A/B
12–20
Chapter 12: User Administration
New User Setup
&UHDWLQJD1HZ8VHU68
Sometimes it becomes necessary to create a completely new user. You may need to create a new user when
you do not have another user from which to copy.
*XLGHG7RXU
6
7
8 8 8
A telephone number should be a
required entry field. If there is a
system problem identified with the
user, you need to contact that user. 9
12
Release 4.6A/B
12–22
Chapter 12: User Administration
New User Setup
21
0DLQWDLQLQJD8VHU68
Before maintaining a user, have a properly completed and approved user change form.
:K\
Release 4.6A/B
12–24
Chapter 12: User Administration
Maintaining a User (SU01)
*XLGHG7RXU
5HVHWWLQJD3DVVZRUG68
:K\
The most common reason to reset a password is that users forget their password. In this
situation, the user has probably attempted to log on too many times with an incorrect
password. The user has probably also locked their user ID, which also needs to be unlocked.
Make certain the person who requests their password to be reset is indeed the valid user.
A basic user verification method is to have a telephone with a display so that the displayed
caller’s phone number can be compared to the user’s phone number, which is stored in the
system or can be found in the company phone directory.
We recommend that you use a method similar to what banks use where the user has a
“secret word” that verifies their identity on the phone. This method is not foolproof because
someone can overhear the secret word.
You should maintain a security log of password resets. This log should be periodically
audited to look for potential problems.
*XLGHG7RXU
Release 4.6A/B
12–26
Chapter 12: User Administration
Locking or Unlocking a User (SU01)
For security, you can only set an initial value for the user’s password. Users are then
required to change the password when they log on. You cannot see what the users current
password is, nor can you set a permanent password for the user.
/RFNLQJRU8QORFNLQJD8VHU68
:KDW
The lock/unlock function is part of the logon check, which allows the user to log on (or
prevents the user from logging on) to the R/3 System.
:K\
< Locking a user
R/3 access should be removed if a user:
Leaves the company
Is assigned to a different group
Is on leave
The lock function allows the user ID and the user’s security profile remains on the
system but does not allow the user to log on. This function is ideal for temporary
personnel or consultants where the user ID is locked unless they need access.
< Unlocking a user
Users are automatically locked out of the system if they attempt to incorrectly log on
more than a specified number of times. The administrator must unlock the user ID and
more than likely reset the user’s password.
Maintain a security log of unlocking users, which should be periodically audited for
potential problems.
*XLGHG7RXU
Release 4.6A/B
12–28
Chapter 12: User Administration
User Groups
8VHU*URXSV
:KDW
A user group is a logical grouping of users (for example, shipping, order entry, and finance).
The following restrictions apply to user groups:
< A user can belong to only one user group.
< A user group must be created before users can be assigned to it.
< A user group provides no security until the security system is configured to use user
group security.
Create the group “term” for terminated users. Lock all users in this group and, for most of
these users, delete the security profiles. This process maintains the user information for
terminated users, and prevents the user ID from being used to log on.
:K\
8VDJH
Group Definition
+RZWR&UHDWHD8VHU*URXS68
*XLGHG7RXU
Release 4.6A/B
12–30
Chapter 12: User Administration
User Groups
'HOHWLQJD8VHU·V6HVVLRQ7UDQVDFWLRQ60
:KDW
:K\
Transaction SM04 may show a user as being active when the user has actually logged off.
This condition is usually caused by a network failure, which cuts off the user, or that the
user has not properly logged off the system. (For example, the user turned the PC off
without logging off the system.)
A user may be on the system and needs to have their session terminated:
< The user’s session may be “hung” and terminating the session is the only way to remove
the user’s session.
< The user may have gotten into a “one way” menu path without an exit or cancel option.
This situation is dangerous, and the only safe option is to terminate the session.
Release 4.6A/B
12–32
Chapter 12: User Administration
Deleting a User’s Session (Transaction SM04)
+RZWR7HUPLQDWHD8VHU6HVVLRQ
*XLGHG7RXU
1. Verify that the user is actually logged off from R/3 and that there is no SAP GUI window minimized
on the desktop. Verification is done by physically checking the user’s computer.
Verification is important because users may have forgotten that they minimized a
session.
In step 3 above, double-check that the selected user is the one you really want to delete.
It is very easy to select the wrong user.
$FWLYH8VHUV7UDQVDFWLRQV60DQG$/
:KDW
These transactions display all the users who are currently logged on to the system. They
show both the user’s ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to “unfamiliar”
terminals. This recognition may indicate that someone—other than the designated user—is
using that user ID.
A user logged on to more than one terminal indicates that the user ID is being:
< Used by someone else
< Used or shared by several people
3UREOHPV
Transaction SM04 may show a user as active, when in fact the user has actually logged off.
Because the user session was not properly closed, the system “thinks” that the user is still
logged on.
This condition can be caused by the following (among others):
< A network failure, which cuts off the user from the network or R/3.
< The user turning off their computer without logging off from the R/3 System.
Release 4.6A/B
12–34
Chapter 12: User Administration
Deleting a User’s Session (Transaction SM04)
6LQJOH,QVWDQFH6\VWHP7UDQVDFWLRQ60
*XLGHG7RXU
0XOWL,QVWDQFH6\VWHP7UDQVDFWLRQ$/
If you have several instances in your system, using AL08 is easier, because you can
simultaneously see all users in all instances.
Release 4.6A/B
12–36
&KDSWHU 'DWDEDVH$GPLQLVWUDWLRQ²
0LFURVRIW64/6HUYHU
&RQWHQWV
Overview ................................................................................................................13–2
Starting and Stopping the Database ...................................................................13–2
Database Performance .........................................................................................13–4
Scheduling Database Tasks (DB13)....................................................................13–9
Checking the Database Backup (DB12)............................................................13–15
Initializing Backup Tapes ...................................................................................13–18
Database Backups with Microsoft Tools..........................................................13–19
Database Error Logs...........................................................................................13–28
Verify Database Consistency.............................................................................13–29
Run Update Statistics .........................................................................................13–29
System passwords .............................................................................................13–30
2YHUYLHZ
Microsoft SQL Server is a low maintenance database that is increasingly popular with smaller R/3
installations. This chapter will review the database administrative tasks that can be accomplished within
the R/3 System with associated tasks utilizing the Microsoft administrative tools.
6WDUWLQJDQG6WRSSLQJWKH'DWDEDVH
6WDUWLQJWKH'DWDEDVH
1. From the NT desktop, choose Start → Programs → MS SQL Server 7.0 → Service Manager.
2. Choose Start/Continue.
Release 4.6A/B
13–2
Chapter 13: Database Administration – Microsoft SQL Server
Starting and Stopping the Database
6WRSSLQJWKH'DWDEDVH
1. Verify that R/3 has been stopped.
If R/3 has not been stopped, stop R/3 now.
2. From the NT desktop, choose Start→ Programs→ MS SQL Server 7.0 →Service Manager.
3. Choose Stop.
4. Choose Yes.
'DWDEDVH3HUIRUPDQFH
2YHUYLHZ
The CCMS System has tools available for R/3 Administrators to monitor the database for
growth, capacity, I/O statistics, and alerts. This section will discuss the initial transactions
that can help the database administrator.
'DWDEDVH$FWLYLW\67
:KDW
:K\
To manage your system performance, the database must be monitored. One of the
important items is the ability to view the database error log from within R/3. This view
saves the extra effort of logging into the database to view this log.
Release 4.6A/B
13–4
Chapter 13: Database Administration – Microsoft SQL Server
Database Performance
+RZ
*XLGHG7RXU
a. Memory Usage
Procedure cache and Data cache hit
ratio can reflect memory problems.
These values should be greater than 2b
95 percent for optimal memory usage.
b. Server Engine/Elapsed 2c 2c
Shows how hard the CPU has been
working on Microsoft SQL Server
processes. You are interested in the
ratio of busy : idle time.
c. SQL Requests
Allows for snapshots of how SQL
queries are utilizing table access
pertaining to full table or index scans.
A high ratio of full table scans vs. index
scans can indicate performance
bottlenecks.
d. Detail analysis menu
3b
Release 4.6A/B
13–6
Chapter 13: Database Administration – Microsoft SQL Server
Database Performance
'DWDEDVH$OORFDWLRQ'%
:KDW
:K\
One critical reason is to monitor database growth. Using the growth rate you could project
the growth to determine when you may need to get additional disk storage for the database.
+RZ
*XLGHG7RXU
Release 4.6A/B
13–8
Chapter 13: Database Administration – Microsoft SQL Server
Scheduling Database Tasks (DB13)
6FKHGXOLQJ'DWDEDVH7DVNV'%
:KDW
The DBA Planning Calendar (DB13) is the scheduling tool for DBA tasks in R/3. Using the
Calendar, the DBA can schedule many of the DBA tasks that need to be performed, such as:
< Database and transaction log backup
< Update statistics
< Check table and database consistency
:K\
These tasks can be conveniently managed and scheduled without going to the database. The
DBA Planning Calendar works with transaction DB12 (Backup logs). For more information on
transaction DB12, see page 13–15.
+RZ
To schedule a backup task using the DBA Planning Calendar, the backup must be able to
run “unattended,” which means that you must have one of the following options:
< A single tape drive with sufficient capacity to back up the database without changing
tapes.
< Multiple tape drives with sufficient total capacity to back up the database without
changing tapes.
*XLGHG7RXU
Release 4.6A/B
13–10
Chapter 13: Database Administration – Microsoft SQL Server
Scheduling Database Tasks (DB13)
8
9. Select the backup device.
(Select R3DUMP0 if you only have
a single tape drive attached.)
9
10. Choose OK.
10
a. Unload tape
To eject the tape after the 11b
backup is completed.
b. Initialize tape
To overwrite existing data, 11c
rather than appending to last
backup.
11d
c. Verify backup
To verify the backup after it has
run.
If you are doing an online 12
backup when transactions are
being performed, selecting this
option is not useful because the
database changes during this 13
time will cause this test to fail.
d. Format tape
To erase the entire tape and
write a new tape label.
This option is selected when
using a brand new tape, or a
tape that was previously used
with a different application.
12. In Expiration period for backup
volumes, enter the number of days
to protect the tape.
The backup tape is protected from
overwriting by the backup
program for this number of days.
13. Choose OK.
Release 4.6A/B
13–12
Chapter 13: Database Administration – Microsoft SQL Server
Scheduling Database Tasks (DB13)
14
'HOHWLQJDQ(QWU\IURPWKH3ODQQLQJ&DOHQGDU'%
1. On the DBA Planning Calendar,
double-click on the date.
Release 4.6A/B
13–14
Chapter 13: Database Administration – Microsoft SQL Server
Checking the Database Backup (DB12)
3a 3
4. Choose Yes.
&KHFNLQJWKH'DWDEDVH%DFNXS'%
:KDW
The Backup Logs transaction (DB12) provides backup and restore information, such as:
< Log file size and free space in the log file
< Date and time of last successful restore for:
R/3 database
Transaction log
Master database
Msdb database
< Backup history
< Restoration history
< Backup device list
:K\
Do not rely on the “tapes needed for restore” feature. You must have a method that does
not rely on R/3 being available to tell you what tapes you will need to do a restore of the
R/3 system.
If there is a severe disaster, and the R/3 system is lost, R/3 is not available for you to look
at this report.
The only missing information is the run time (duration) of the backup job. This is a problem
indicator, when compared to the expected duration of the backup.
+RZ
*XLGHG7RXU
a. Backup history 4c
A spreadsheet summary of
2 4d
each backup is listed. Each
backup type can be reviewed 4e
with detailed log information
available using History info. 3
(see the SAP R/3 screen below).
b. Restoration history
A spreadsheet of detailed
restoration information is
listed.
Release 4.6A/B
13–16
Chapter 13: Database Administration – Microsoft SQL Server
Checking the Database Backup (DB12)
4e
,QLWLDOL]LQJ%DFNXS7DSHV
:KDW
Initializing the tape writes a label on the tape header. This label is the same as the physical
label of the tape (for example, CD26S).
:K\
The tape label and the expiration date are additional safety levels to prevent backing up to
the wrong tape, and possibly, destroying needed data. When using the DBA Planning
Calendar (DB13) for backups, the tape must be properly labeled to execute a backup to tape,
because the transaction expects a specific tape to be in the drive. If the tape label does not
match the required label, the backup will fail.
+RZ
Initializing and labeling is an option when executing the backup using DB13, SQL Server
Enterprise Manager, or NT Backup. (For SQL Server, see SAP note 141118 for a description
of the tape label naming convention used by DB13).
Release 4.6A/B
13–18
Chapter 13: Database Administration – Microsoft SQL Server
Database Backups with Microsoft Tools
'DWDEDVH%DFNXSVZLWK0LFURVRIW7RROV
Backing up R/3 on SQL Server involves backing up the following SAP-specific and
database-related directories:
< \usr\sap
< \usr\sap\trans
< <homedirectory> of <sid>adm
< \<sid>data
The R/3 database files
< \<sid>log
The R/3 log file
If the log is allowed to grow to capacity and use all available filespace on the drive, SQL
Server will stop. This event is critical, because when R/3 stops, so does the business
processes that require R/3 to be running.
< \tempdb
Also backup the following Microsoft SQL Server databases:
< Master
In case of failures or hardware or software disasters, the Master database contains the
data necessary to recover the database.
< MSDB
The MSDB database contains the data for the SQL Server job scheduler and the database
backup history.
To make the backup process easier, and open to fewer errors, we recommend that you
backup the entire server and not just specific directories and files.
2QOLQH%DFNXS²8VLQJ64/VHUYHU(QWHUSULVH0DQDJHU
:KDW
The SQL 7.0 Enterprise manager is Microsoft SQL Server’s “general tool.” Here it is used to
backup the following while R/3 is running:
< The R/3 database
< The R/3 log
To clear the log, the log backup must periodically be done in the initialization mode.
If the log is allowed to grow to capacity and use all available filespace on the drive, SQL
Server will stop. This event is critical, because when R/3 stops, so does the business
processes that require R/3 to be running.
< \tempdb
You must also backup the following SQL Server databases:
< Master
If there is a hardware or software disaster, the master database contains the data
necessary to recover the database.
< MSDB
The MSDB database contains the data for the SQL Server job scheduler and the database
backup history.
:K\
An online backup allows you to backup the database(s) when R/3 and the database is
running, so that system users are not impacted.
+RZ
Release 4.6A/B
13–20
Chapter 13: Database Administration – Microsoft SQL Server
Database Backups with Microsoft Tools
2. Choose OK.
The backup will now begin.
2
Release 4.6A/B
13–22
Chapter 13: Database Administration – Microsoft SQL Server
Database Backups with Microsoft Tools
2IIOLQH%DFNXS²8VLQJ17%DFNXS
:KDW
The offline backup is done when R/3 and the database are down. Here, we also use the
offline backup to also backup other files which are needed to restore R/3. Since high
capacity tape drives are now more common, it is simpler and safer to backup the entire
server. This full server backup eliminates the possibility of not backing up an important file.
For smaller customers, the entire server could be backed up to a single DLT cartridge.
At a minimum, backing up R/3 on SQL Server involves backing up the following SAP-
specific and database-related directories:
< \usr\sap
< \usr\sap\trans
< <homedirectory> of <sid>adm
< \<sid>data (the R/3 database files)
< \<sid>log (the R/3 log file)
< \tempdb
In addition to these directories, you must back up any directories and files for third-party
products, interfaces, etc. that store their data outside the R/3 database. Getting all the
required files and directories can be difficult, which is why we recommend that you backup
the entire server.
:K\
The data in the database does not change while the backup is being made, which means that
you have a static “picture” of the database and do not have to deal with the issue of data
changing while the backup is being run. With some third party applications, you cannot
back up the files unless they are closed, and this is not possible unless R/3 and the
application are shut down. Therefore, an offline backup needs to be done. A “full server”
offline backup also gives you the most complete backup in the event of a catastrophic
disaster. On one tape, you have everything on the server.
+RZ
Due to system limitations on the documentation system, the location of the files in this
example are presented differently from the recommendations in the SAP installation
manual.
Release 4.6A/B
13–24
Chapter 13: Database Administration – Microsoft SQL Server
Database Backups with Microsoft Tools
*XLGHG7RXU
13
16
17
Release 4.6A/B
13–26
Chapter 13: Database Administration – Microsoft SQL Server
Database Backups with Microsoft Tools
'DWDEDVH(UURU/RJV
5²67
You can view the database error logs from within R/3 using transaction ST04. For more
information on database error logs, see the Database Performance Analysis (ST04) section
earlier in this chapter.
0LFURVRIW64/6HUYHU(QWHUSULVH0DQDJHU
*XLGHG7RXU
1. From the NT desktop, choose Start → Programs → Microsoft SQL Server 7.0 → Enterprise Manager.
In the Enterprise Manager:
2. Expand the SQL Server Group
under which your server is
located.
3. Expand the server where the R/3
system is installed. 2
3
4. Expand Management.
4
5. Expand the SQL Server Logs.
Release 4.6A/B
13–28
Chapter 13: Database Administration – Microsoft SQL Server
Verify Database Consistency
9HULI\'DWDEDVH&RQVLVWHQF\
:KDW
In a database management system, consistency can be represented from the logical and
physical levels. R/3 must insure a logical consistency when communicating with the SQL
Server engine, and SQL Server must insure a physical consistency for the database.
:K\
Sometimes a physical inconsistency can occur in the database’s internal structures. This
problem occurs when R/3 “thinks” the data is, and where the data actually is, in the
database are different.
+RZ
SQL Server uses the DBCC CHECKDB command to correct and repair the database to a
consistent state. This is executed using:
< CCMS Scheduling calendar (DB13)
< The SQL Server Enterprise Manager
The consistency checks should be done during non-peak hours or when R/3 users are
offline. For those coming from SQL Server 6.5 environments, SQL Server 7.0 executes the
DBCC CHECKDB job much faster than SQL Server 6.5.
5XQ8SGDWH6WDWLVWLFV
:KDW
:K\
The optimizer of the database engine will perform better if the table index’s statistical
information is current. This information helps R/3 find an item in the database faster.
+RZ
By default, SQL Server 7.0 has automatic statistics turned on. The possibility of manually
scheduling update statistics using the CCMS scheduling calendar still exists. Examples of
when this scheduling might be necessary after large data inserts or deletes from a given
table (for example, client copy, BDC sessions, and archiving).
6\VWHPSDVVZRUGV
64/VHUYHU
For additional information, see SAP note 28893.
User IDs to change:
< sa
< sapr3
+RZ
*XLGHG7RXU
1. From the NT desktop, choose Start → Programs → Microsoft SQL Server 7.0 → Enterprise Manager.
In the SQL server Enterprise Manager:
2. Expand the SQL Server Group.
3. Expand the server.
4. Expand Security.
5. Choose Logins.
2
3
4
5
Release 4.6A/B
13–30
Chapter 13: Database Administration – Microsoft SQL Server
System passwords
11
12
Release 4.6A/B
13–32
Chapter 13: Database Administration – Microsoft SQL Server
System passwords
Release 4.6A/B
13–34
&KDSWHU 2XWSXW0DQDJHPHQW
&RQWHQWV
Contents.................................................................................................................14–1
Printer Setup (SPAD) ............................................................................................14–2
Check the Spool for Printing Problems (Transaction SP01) ............................14–9
Check that Old Spools are Deleted (SP01) .......................................................14–12
Printing the Output (SP01) .................................................................................14–15
Printing the Screen .............................................................................................14–18
Check Spool Consistency (SPAD) ....................................................................14–21
Check TemSe Consistency (SP12)....................................................................14–23
3ULQWHU6HWXS63$'
*XLGHG7RXU
Release 4.6A/B
14–2
Chapter 14: Output Management
Printer Setup (SPAD)
3. Choose .
4. Choose .
Release 4.6A/B
14–4
Chapter 14: Output Management
Printer Setup (SPAD)
13
14
For:
< NT
Select C – Direct operating
system call.
< UNIX
Select L – Print locally via
LP/LPR.
15. In Host printer, enter the printer
name as defined in your network
(required).
16. Select the Output Attributes tab.
17. In this section, you can specify a 19
cover page (optional).
18. Select Monitor using monitoring
architecture.
If you have a large number of 16
printers, do not select this option.
19. Choose Save.
17
18
20a
22
21
Release 4.6A/B
14–6
Chapter 14: Output Management
Printer Setup (SPAD)
25
26
27
28
30
32
Release 4.6A/B
14–8
Chapter 14: Output Management
Check the Spool for Printing Problems (Transaction SP01)
&KHFNWKH6SRROIRU3ULQWLQJ3UREOHPV7UDQVDFWLRQ63
:KDW
The spool is the R/3 System’s output manager. Data is first sent to the R/3 spool and then to
the operating system for printing.
:K\
There may be problems with the printer at the operating system level. These problems need
to be resolved immediately for time-critical print jobs (for example, checks, invoices,
shipping documents, etc.) or there may be an operational impact.
You should check for active spool jobs that have been running for over an hour. These long-
running jobs could indicate a problem with the operating system spool or the printer.
*XLGHG7RXU
12
Release 4.6A/B
14–10
Chapter 14: Output Management
Check the Spool for Printing Problems (Transaction SP01)
13
15
&KHFNWKDW2OG6SRROVDUH'HOHWHG63
:KDW
The SAP spool is the output manager for R/3. From the SAP spool, the print job goes to the
operating system’s print spooler or manager. You need to check that old spool jobs are being
properly cleared by the daily batch job.
:K\
< Depending on how the spool system has been configured, old spools will use database
space or file system space.
Whether it is database or file system space, potentially available “space” is being used
by these spools.
< Look for any errors that may indicate problems in the printing process.
*XLGHG7RXU
Release 4.6A/B
14–12
Chapter 14: Output Management
Check that Old Spools are Deleted (SP01)
Two reasons for failure of the job that runs the RSPO0041 program are:
< The user ID under which the job is run does not have the proper security authorization
to execute the program.
< The job is routed to an invalid printer.
6
6
10
Release 4.6A/B
14–14
Chapter 14: Output Management
Printing the Output (SP01)
3ULQWLQJWKH2XWSXW63
:KDW
:K\
To print the contents of a spool request immediately or at another date and time using
different parameters.
+RZ
Release 4.6A/B
14–16
Chapter 14: Output Management
Printing the Output (SP01)
3ULQWLQJWKH6FUHHQ
:KDW
You can quickly and easily print the contents of most screens or do a “print screen” by
choosing the printer icon. A spool request and an output request are also generated by using
this procedure.
:K\
This is most useful in testing that a new printer was setup correctly.
Release 4.6A/B
14–18
Chapter 14: Output Management
Printing the Screen
+RZ
Continue from the prior step or any screen with a printer icon:
*XLGHG7RXU
6. Choose Continue.
Release 4.6A/B
14–20
Chapter 14: Output Management
Check Spool Consistency (SPAD)
&KHFN6SRRO&RQVLVWHQF\63$'
:KDW
A spool consistency check compares data in the spool and output request tables (TSP01 and
TSP02), with the entries in the TemSe tables (TST01 and TST03), TSP0E (archive) and
TSP02F (frontend print request) tables. It also displays a list of obsolete write locks which
should be deleted.
:K\
If you delete table entries manually from the spool and TemSe tables or delete spool and
TemSe objects from the directories, inconsistencies can occur. Other causes of
inconsistencies are report and transaction terminations or an incorrectly executed client
copy.
*XLGHG7RXU
Release 4.6A/B
14–22
Chapter 14: Output Management
Check TemSe Consistency (SP12)
1RWH There is another report, RSPO1043, that can be used for the spool consistency check. It should be
scheduled as a periodic batch job (see SAP note 98065).
&KHFN7HP6H&RQVLVWHQF\63
:KDW
:K\
The relationship between the object and data in the TemSe may be destroyed due to the
following activities:
< Restore from backups
< Copying databases
< Copying clients using improper tools
< Deleting clients without first deleting their objects
*XLGHG7RXU
Release 4.6A/B
14–24
&KDSWHU 1HWZRUN266HUYHU
$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................15–2
Operating System Tasks ......................................................................................15–2
Other Tasks .........................................................................................................15–12
2YHUYLHZ
This chapter is about using transactions to get to the operating system log, regardless of the
platform.
2SHUDWLQJ6\VWHP7DVNV
2SHUDWLQJ6\VWHP$OHUW$/
*XLGHG7RXU
Use the operating system alert monitor for a quick visual review.
1. In the Command field, enter transaction AL16 and choose Enter
(or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → Performance menu →
Operating System → Local → Alerts → AL16-Operating system).
2. Review this screen for potential
problems.
Release 4.6A/B
15–2
Chapter 15: Network/OS/Server Administration
Operating System Tasks
6\VWHP/RJV26
:KDW
The system logs are where the operating system and some applications write event records.
Depending on the operating system, there may be multiple logs.
:K\
There may be indications of a developing problem (for example, a hard drive that generates
errors may indicate that it is failing and needs to be replaced).
+RZ
*XLGHG7RXU
3. Choose OS Log.
Release 4.6A/B
15–4
Chapter 15: Network/OS/Server Administration
Operating System Tasks
17(YHQW/RJV
:KDW
:K\
There may be indications of a developing problem. If the security audit parameters have
been properly set, you could detect unauthorized attempts to access files.
*XLGHG7RXU
The following steps show you how to open the NT event logs.
1. On the NT desktop, choose Start → Programs → Administrative Tools → Event Viewer.
2. The following logs can be selected
2
under Log:
< System
< Security
< Application
3. Look for unusual entries.
Monitor these entries regularly to
recognize unfamiliar events such
as errors, failures, or security-
related entries. These events do
not usually occur.
&KHFNLQJ)LOH6\VWHP6SDFH8VDJH5=
:KDW
The file system should have sufficient “free space” for normal operations. Over time,
various activities will write files that will use up file space. These files need to be
periodically reviewed and moved or backed up and deleted.
A few of the items that consume file space when monitoring file space usage include:
< Transports
< Support packages
< Extract files from the R/3 System
< Program logs
< Backup logs
< Error logs
< Inbound interface files
< Third-party programs that store their data outside the R/3 database
< Trace files
< Spool files (if stored at the OS level)
In addition to these items, check to see that the “house cleaning” programs are running
properly (see SAP note 16083).
:K\
If your file system fills up, the R/3 System may stop because the database cannot write to a
file. If R/3 stops, any business operations that use the system will also stop.
For example, note the following sequence of events:
1. The SQL Server transaction log fills up the file system.
2. SQL Server cannot write anymore entries into the log.
3. SQL Server will stop.
4. R/3 will stop.
Your user will not be able to perform activities such as:
< Enter orders
< Generate shipping documents to ship products
Release 4.6A/B
15–6
Chapter 15: Network/OS/Server Administration
Operating System Tasks
*XLGHG7RXU
You can use the R/3 Alert Monitor or go to the operating system to check file system space usage. In this
section, we use the R/3 Alert Monitor, because we can set alert points.
1. In the Command field, enter transaction RZ20 and choose Enter
(or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → RZ20-Alert Monitor).
2. Click the node (+) to expand the
monitor set.
3. Select the monitor set (for
example, SAS for docu). 4
4. Choose .
Release 4.6A/B
15–8
Chapter 15: Network/OS/Server Administration
Operating System Tasks
&KDQJLQJWKH$OHUW7KUHVKROG5=
Also see chapter 10, Maintaining the Alert Thresholds for RZ20.
To customize the points when the
alert indicator changes from green to
yellow, yellow to red, back from red
to yellow, and yellow to green:
1. Click the node of the drive for 3
which you want to change the
threshold (for example, drive H:).
2. Select an alert (for example,
Freespace).
3. Choose Properties.
1
2
4. Then:
7
a. Choose .
b. The Threshold values fields will 4a
change color from grey to
white, indicating that you can
change the values.
5. Under Threshold values, select a
threshold change point (for
example, Change from GREEN to
YELLOW).
6. Enter the new value for when the 5 4b
alert will change color (for 6
example, 500).
These threshold values are specific
to your system and even to
specific drives in your system.
7. Choose Save.
8. A message appears in the status 8
bar indicating that the new
properties were saved.
Release 4.6A/B
15–10
Chapter 15: Network/OS/Server Administration
Operating System Tasks
&OHDQLQJ2XW2OG7UDQVSRUW)LOHV
:KDW
Transport files are used to transport or move SAP objects and customizing changes between
clients and systems.
:K\
If left unchecked, transport files could gradually fill up the file system.
If the file system fills, operations may be affected because:
< Outbound R/3 System files may not be created.
< Transport export may fail.
< Inbound files may not be created.
In an extreme situation, if you run out of file system space, R/3 may stop, or you may have
other failures because R/3 or other applications cannot write to the necessary files.
:KHQ
+RZ
2WKHU7DVNV
&OHDQWKH7DSH'ULYH
To minimize a backup failure due to a dirty head, clean the tape drive as part of a
preventive maintenance program.
To keep your tape drive clean:
< Follow the tape drive manufacturer’s instructions for your tape drive.
Some drives specify a specific interval of use for cleaning, typically based on hours of
use. Adjust your cleaning frequency to account for your usage. Remember, that these are
recommendationsnot rules. If you consistently have recording errors or “head dirty”
messages, then decrease the time between cleanings. If you have to clean your tape
drives more or less frequently, this task should be moved to the appropriate interval.
Some drives (for example, DLT) do not require regular cleaning. They only need
cleaning when the “clean head” indicator light is activated.
< Use the manufacturer’s approved cleaning cartridge for the tape drive.
< Use the cleaning cartridge according to the manufacturer’s instructions.
< Between uses, store the cleaning cartridge according to the manufacturer’s instructions.
Release 4.6A/B
15–12
Chapter 15: Network/OS/Server Administration
Other Tasks
8QLQWHUUXSWLEOH3RZHU6XSSO\
&KHFNWKH8QLQWHUUXSWLEOH3RZHU6XSSO\
:KDW
The uninterruptible power supply (UPS) that you use should be monitored by a control
program. This program, when triggered by a power event, records the event and initiates a
shutdown process of the R/3 environment (R/3, the database, related applications, and the
operating system), and finally the server. In addition, most UPSs have a self-test and
capacity calibration function. The results of these tests are logged. Specific data logged
depends on the program and the UPS.
:K\
You need to review the power events that triggered the UPS control program.
While the UPS protects the server, the control program should be recording power events
such as power dips, brown outs, power failures, etc. This recording could help you or the
facilities person solve electrical problems in the facility. For example, a pattern of power
dips or outages may indicate a problem elsewhere in the building.
The batteries in the UPS must be periodically replaced. If the batteries are low, the capacity
test will indicate that the batteries do not have sufficient capacity to shutdown the system
before failing.
+RZ
:KDW
Verify that your UPS shutdown process works. A shutdown process is an automated script
for the UPS to shut down R/3, the database, other applications, the operating system, and
the UPS.
:K\
This check verifies that the entire shutdown process works as planned and documented.
When there is a power failure, the R/3 environment should be shut down in an orderly
manner. There should be sufficient reserve in the UPS to reach the end of the shutdown
process. Something might have changed since your last test to cause the shutdown process
to fail. If this process fails, you need to find out why and fix the problem.
The stopsap command does not work within all UPS control programs. You need to
verify that your UPS control program will properly stop R/3 and the database before
shutting down the server.
Like a car battery, UPS batteries wear out over time and must be replaced. If the battery is
worn out, the UPS will not have sufficient power to complete the shutdown process.
&KHFN0DLQWHQDQFH&RQWUDFWV
:KDW
Many of the servers and related equipment are under maintenance or service contracts with
the manufacturer or distributor.
< The production system and critical equipment should be under a “premium” 24 hour x 7
day (x 2 hour response) support agreement.
< Less critical equipment can be under a next-business-day support agreement.
:K\
If you need support or service and the service contract has expired, the confusion and time
to reestablish the service contract could be critical.
:KDW
The support level should be selected based on equipment use. If a piece of equipment
becomes critical to the company’s operation, its support level should be upgraded to reflect
the critical nature of that equipment. Conversely, equipment could become “noncritical” or
be replaced. In this situation, the service contracts could be downgraded or dropped as
appropriate.
+RZ
< Keep a list of service contracts.
Include what these contracts are for and the expiration date in the list.
< Review equipment usage to determine if the support level for equipment should be
upgraded, downgraded, or dropped.
< Review the list for expiration dates each quarter.
How long in advance of the expiration date to do this review depends on the time it
takes to go through the purchase requisition and approval process in your company.
< Renew service contracts.
Release 4.6A/B
15–14
Chapter 15: Network/OS/Server Administration
Other Tasks
5HYLHZ+DUGZDUHRUD6\VWHP0RQLWRU3DJLQJ6\VWHP
:KDW
A hardware or system monitor paging system generates alert messages (including e-mail)
and pages based on your predefined parameters. Depending on the software, the following
can be monitored:
< Hardware items (such as servers, routers, and printers)
< Logs (such as operating system, applications, and database)
By monitoring the NT event logs, you can monitor events from the SAP system log. This
way, critical events such as an Update Terminate can be detected and acted on as soon as
they happen.
The following screen is courtesy of TNT Software.
The screenshot above shows that the monitor has three functional windows:
< Notification Rules
This mechanism passes or filters events, and determines what action will be taken on the
events that are passed.
< Events
These are the events that have been passed to the monitor program. (They got through
the filters in Notification Rules.)
< Monitored device
:K\
You may need to change alert parameters to filter noncritical events and to generate alerts
for critical events. The key to remember is that this process is dynamic. Some of these tasks
are as follows:
< Account for new events that have never occurred.
Critical, you need to generate a page
Important, you need to generate a message (for example, e-mail)
< Determine if an event that used to be filtered now needs to generate an alert
< Filter out events (both old and new) that should not generate alert messages
Filtering is necessary to manage the messages that are reviewed. If too many irrelevant
messages get through the filter, it becomes difficult to review the alert message log.
< Adjust for personnel changes
There may be other events that require action (for example, shift or duty changes for
organizations with several people “on call”).
< Test that all alert mechanisms are functional.
The paging/messaging function needs to be tested regularly. If the monitoring program is
unable to send a page, you will not receive the page when a critical alert occurs.
The inability to send a page can be caused by:
< Someone changing something in the e-mail or phone system that prevents alert
messages from being sent.
< A phone patch cable that has disconnected from the modem.
+RZ
Release 4.6A/B
15–16
&KDSWHU 2SHUDWLRQV
&RQWHQWV
Overview ................................................................................................................16–2
Check that All Application Servers Are Up (Transaction SM51)......................16–2
Background (Batch) Jobs ....................................................................................16–3
Background Jobs (SM37)...................................................................................16–15
Operation Modes.................................................................................................16–21
Backups ...............................................................................................................16–36
Checking Consumable Supplies .......................................................................16–42
2YHUYLHZ
Operations is a generic category that refers to the tasks that would be done by a computer
operations group. These are the tasks that the people in the “glass room” in a data center
would be doing. If you do not have a data center, these tasks do not disappear; they must be
assigned to the appropriate employees.
This chapter is important because operations is a crucial part of system administration.
While learning to manage operations, readers will learn how to perform:
< Batch jobs
< Background jobs
< Operation modes
< Backups
&KHFNWKDW$OO$SSOLFDWLRQ6HUYHUV$UH8S7UDQVDFWLRQ
60
:KDW
Transaction SM51 allows you to look at all the servers in your system (for example, the PRD
database server and all of its application servers). You do not have to log into each server
individually.
:K\
Release 4.6A/B
16–2
Chapter 16: Operations
Background (Batch) Jobs
*XLGHG7RXU
:KDW
In the R/3 System, a batch job is referred to as a background job. This job runs
independently of a user being logged on.
There are two kinds of background jobs:
< Regular
These are jobs that are run on a regular schedule.
< Ad hoc
These are jobs that are run as needed or required.
:K\
5HJXODUO\6FKHGXOHG-REV
:KDW
Regularly scheduled jobs are background jobs that will run on a schedule (for example,
daily at 11:00 a.m., Sundays at 5:00 a.m., etc.)
:K\
+RZ
The job is scheduled like any other background job, but with a few additional
considerations:
%DWFK8VHU,'
< Create a special user ID to be used only for scheduling batch jobs, such as BATCH1.
The reason for special user IDs is to keep scheduled jobs independent of any user. This
way, when a user leaves the company, the jobs will not fail when the user ID is locked,
shut down, or deleted.
< Consider multiple-batch user IDs when batch jobs are scheduled by or for different
organizations or groups. This method has the disadvantage of having to manage
multiple accounts. For example:
BATCH1 System Jobs
BATCH2 Finance
BATCH3 Accounts Payable
BATCH4 Warehouse
BATCH5 Material Planning/Inventory
3HUIRUPDQFH
For more information on performance, see 16–5.
+RXVHNHHSLQJ-REV
These background jobs must be run regularly to perform administrative tasks, such as:
< Deleting old spools
< Deleting old batch jobs
< Collecting statistics
Release 4.6A/B
16–4
Chapter 16: Operations
Background (Batch) Jobs
See SAP note 16083 for the required SAP housekeeping jobs, and to schedule the spool
consistency check, see SAP note 98065.
2WKHUV
Various modules and functions may require their own regularly scheduled jobs. For
example, the Special Ledger requires a regular job to copy data from the FI/CO modules
and to regenerate sets in Special Ledger. There may be various database and operating
system-level housekeeping jobs that also need to run.
3HUIRUPDQFH)DFWRUVIRU%DFNJURXQG-REV
Background jobs consume a significant amount of system resources. As a result, they could
adversely affect online system performance. There are several ways to improve system
performance while running background jobs. These methods benefit both online users and
other background jobs.
To reduce the system impact from background jobs:
< Run batch jobs on a dedicated “batch” application instance/server.
This step separates the processing requirements of the background job from the
processing requirements of online users and of the database. Even with as little as 10
users on a “small” central instance (no application servers), two batch jobs can
significantly slow down the online system response. Therefore, even for a small
installation, there may be a need for application servers to offload the batch processing
from the central instance. The instance profile for this application server would be tuned
for background jobs rather than dialog (online) performance (for example, five
background work processes and only two dialog work processes).
Specifying a target host is a “double-edged sword.” If you specify the target host, load
balancing is not performed. There may be the situation where all the batch work
processes on the batch application server are in use, and other application servers are
idle. However, by specifying that the job is to run on the batch application server, it will
not run on any of the other available application servers. This job will wait until a batch
work process is available on the specified batch application server.
< Schedule background jobs to run during nonpeak periods, such as at night or during
lunch.
If no one is on the system, slow system performance does not matter.
< Minimize job contention.
Two background jobs are running at the same time and contending for the same files,
possibly even the same records. Minimizing this conflict is one reason to coordinate
background job scheduling (for example, by not simultaneously running two AR aging
reports). In such cases, the reports may finish sooner if they are run sequentially, rather
than in parallel.
< For global operation, consider the local time of your users.
For example, scheduling a resource intensive background job to start at 1:00 a.m. PST in
California (0900 GMT) corresponds to 10:00 a.m. CET in Germany. This time may be
good for Americans who are not working, but it is the middle of the workday morning
in Germany.
When these jobs run can be critical, for tasks such as backing up operating system-level
files, because of the following:
A backup of these files may require that the file not be changed or used during the
backup, or the backup will fail.
Programs attempting to change the file will fail because the backup has the file
locked.
Make a chart that converts your local time to the local time for all affected global sites. With
this chart you can quickly see what the local time is for locations that would be affected by a
job (see following example):
A corporate “master clock” (or time) should be defined for a company with operations in
multiple time zones.
Two common methods are:
< The time zone where the corporate office is located.
For SAP in Walldorf, Germany this is Central European Time (CET).
For United Airlines in Chicago, IL, this is Central Standard Time (CST).
< Coordinated Universal Time (UTC), formerly known as Greenwich Mean Time (GMT).
This common time is used by global operations, such as the airlines.
The change to and from “daylight savings time” does not occur on the same day in all
countries. During that interim time, the “offset” time could be different.
The time conversion table (based on a 24-hour clock) below shows selected times around the
world.
Release 4.6A/B
16–6
Chapter 16: Operations
Background (Batch) Jobs
The Microsoft Excel file for this table is included on this guide’s companion CD, which is
located inside the back cover of this book.
< Highlight the column for your local time zone, so you do not accidentally read the
wrong column.
< Using a 24-hour clock eliminates the common A.M./P.M. confusion.
If you use daylight savings time, you need to be aware of the days when the time changes:
< Daylight savings time starts
A one-hour time period will “disappear.” Jobs scheduled to run in this missing hour
may either not run or run as a late job. Any tasks following this change, which rely on a
job scheduled to run during the missing hour, need to be reviewed.
&UHDWLQJDQG6FKHGXOLQJD%DWFK-RE60
:K\
1RWHV
< The job class determines the start priority of the job.
For example, a “class A” job would start before a “class B” job, and a “class B” job would
start before a “class C” job.
< Once started, all job classes have equal priority.
A “class A” job will not take processing resources away from a “class B” job to finish
faster.
< Jobs in the start queue do not affect running jobs.
A “class A” job in the start queue will not replace a currently running “class C” job.
Avoid “playing priority games” with the job class. If you make every job a “class A” job,
there is no priority, because every job will be at the same priority level.
The recommended method is to assign all jobs to job “class C”. The exceptions to this
recommendation are those jobs that need the priority. This priority increase should be
properly justified.
3UHUHTXLVLWH
A batch job may require that a variant be created to execute the job.
Release 4.6A/B
16–8
Chapter 16: Operations
Background (Batch) Jobs
*XLGHG7RXU
5. Choose Date/Time.
5
6
7
13
12
Release 4.6A/B
16–10
Chapter 16: Operations
Background (Batch) Jobs
15
14
16
19
21
Release 4.6A/B
16–12
Chapter 16: Operations
Background (Batch) Jobs
22
25
26
27
29
Release 4.6A/B
16–14
Chapter 16: Operations
Background Jobs (SM37)
%DFNJURXQG-REV60
:KDW
Background jobs are batch jobs scheduled to run at specific times during the day.
:K\
If you are running critical jobs, you need to know if the job failed because there may be
other processes, activities, or tasks that depend on these jobs.
+RZ
You should have a list of all the critical jobs that are scheduled to run. For each of these jobs,
you should have a list that shows:
< When the jobs are scheduled to run
< The expected run time
< An emergency contact (names and phone numbers) for job failure or problems
< Restart or problem procedures
*XLGHG7RXU
Release 4.6A/B
16–16
Chapter 16: Operations
Background Jobs (SM37)
&KHFNLQJWKH-RE/RJ
To check a job log:
1. Select the job.
2
2. Choose Job log.
8VLQJWKH-RE7UHH
To get basic job information at a
glance using the job tree:
1. Select the job.
2. Choose . 2
Release 4.6A/B
16–18
Chapter 16: Operations
Background Jobs (SM37)
*UDSKLFDO-RE0RQLWRU7UDQVDFWLRQ5=
:KDW
The graphical job monitor is useful when coordinating many background jobs because it
allows you to see individual job statistics.
:K\
The graphical job monitor is a visual format where status is indicated by the following
colors:
< Aborted job (red)
< Active job (blue)
If a job ran past its expected end time, and other jobs are scheduled to start, the graphical job
monitor lets you see the conflict.
*XLGHG7RXU
%DWFK,QSXW-REV1HZRU,QFRUUHFW60
:KDW
This transaction shows jobs that need to be processed or started, and jobs with errors that
need to be resolved.
:K\
This transaction is important because it alerts you to batch input jobs that are:
< New
These are jobs that are waiting to be processed (for example, a posting from an interface
file). If not processed, the data will not post to the system.
< Incorrect
These are jobs that have failed due to an error. The danger is that only a portion of the
job may have posted to the system. This partial posting increases the potential for data
corruption of a different sort, since only part of the data is in the system.
*XLGHG7RXU
Release 4.6A/B
16–20
Chapter 16: Operations
Operation Modes
2SHUDWLRQ0RGHV
:KDW
When switching operation modes, the R/3 work processes are automatically redistributed,
without stopping and restarting the instance. Only the work process type changes. For
example, a work process used as a dialog process can be switched for use as a background
process. The total number of work process remains the same.
The new process type is not activated until the process is free, which means that a process
may not be immediately switched. Instead, it is set for switching at the earliest possible
time. For example, if all background processes to be switched to dialog processes still have
jobs running, the processes are individually switched when the jobs are completed.
Processing is not interrupted and normal system operation continues uninterrupted during
the operation mode switch.
Operation mode switches are recorded in the system log. The old process type and the new
process type are recorded for each switched work process.
:K\
A batch job runs on a batch work process until it is completed and does not “time share” the
work process. Therefore, to increase the number of batch jobs that are processed during a
given period, you need to increase the number of batch work processes. To achieve this
increase, you must also decrease the number of dialog (online) work processes by the same
amount.
This process is usually done to increase the number of batch sessions available to process
batch sessions at night, when most of the online users have gone home and you have many
batch jobs to run. During the day the opposite situation occurs. The number of batch work
processes is reduced, and the number of dialog work processes is increased to accommodate
the number of online users.
For example:
Day 5 2
Night 2 5
There should always be a minimum of two dialog processes. Do not reduce the value below
two.
There must be at least two batch work processes on the system. An individual instance,
such as a dialog application server, could be configured without a batch work process. But
there must be batch work processes to use somewhere on the system, or a task (such as a
transport) will fail if it needs a batch work process to execute.
For small clients with little batch processing at night, the additional process of configuring
and maintaining operation modes may not be necessary. Not using operation modes
reduces the level of administration required to maintain the system. Although once
configured and running, there is little maintenance required.
+RZ
Release 4.6A/B
16–22
Chapter 16: Operations
Operation Modes
7R'HILQHWKH2SHUDWLRQ0RGH5=
*XLGHG7RXU
3
4
Make the name and descriptions meaningful, such as day mode and night mode, which makes it
easier to select them later.
Release 4.6A/B
16–24
Chapter 16: Operations
Operation Modes
$VVLJQDQ,QVWDQFH'HILQLWLRQWRDQ2SHUDWLRQ0RGH5=
*XLGHG7RXU
7KH)LUVW7LPH<RX*HQHUDWHDQ,QVWDQFH2SHUDWLRQ0RGH
The first time the CCMS: Maintain Operation Modes and Instances screen is opened, there are no operation
modes. This process populates the screen.
1. In the Command field, enter transaction RZ04 and choose Enter
(or from the SAP standard menu, choose Tools → CCMS → Configuration → RZ04 - OP Modes/instances).
2. Choose Instances/operation modes.
$GGLQJD1HZ2SHUDWLRQ0RGH
1. In the Command field, enter transaction RZ04 and choose Enter
(or from the SAP standard menu, choose Tools → CCMS → Configuration → RZ04 - OP Modes/instances).
2. Choose Instances/operation modes.
Release 4.6A/B
16–26
Chapter 16: Operations
Operation Modes
10
Release 4.6A/B
16–28
Chapter 16: Operations
Operation Modes
11
'HILQLQJ'LVWULEXWLRQRI:RUN3URFHVVHV5=
*XLGHG7RXU
Release 4.6A/B
16–30
Chapter 16: Operations
Operation Modes
10
$VVLJQLQJ2SHUDWLRQ0RGHV60
*XLGHG7RXU
Release 4.6A/B
16–32
Chapter 16: Operations
Operation Modes
10. Choose .
10
11
Release 4.6A/B
16–34
Chapter 16: Operations
Operation Modes
14
%DFNXSV
3HULRGLF$UFKLYDOV
At the end of the quarter:
< Made certain you get a usable backup at the end of the quarter.
< Send quarter-end backup tapes offsite for an extended period.
At the end of the year:
< Make certain to get a usable backup at year-end.
< Send the backup tapes offsite for an extended period.
Be aware that you may have two year-end backup dates:
< End of the calendar or fiscal year
< After the financial books are closed for the year
This period may be several months after the end of the fiscal year.
The length of the “extended” period should be determined by your legal and finance
departments, external auditors, and others as appropriate in the company (for more
information, see discussion in chapter 3).
%DFNXSWKH'DWDEDVH
See the procedures in chapter 3, 15, and 17.
3HUIRUPLQJD)XOO6HUYHU%DFNXS
:KDW
An offline backup of the entire server is done at the operating system level. This process
requires that the R/3 System and the database be down so that no files are open.
:K\
Performing an offline backup is necessary for files that cannot be backed up if the R/3
System or the database is active. With this full-server backup, you know you have
“everything” on the server. If you experience major system problems, you will have a
defined point from where everything is backed up and from where you can begin a restore.
Release 4.6A/B
16–36
Chapter 16: Operations
Backups
:KHQ
A full-server backup should be performed before and after major changes on the server,
such as:
< Installing new software
< Upgrading installed software
< Changing hardware
If a change has a catastrophic effect (a disaster), you will need to recover the server to its
“before-the-change” state.
+RZ
*XLGHG7RXU
Release 4.6A/B
16–38
Chapter 16: Operations
Backups
*XLGHG7RXU
2SHUDWLQJ6\VWHP/HYHO%DFNXSV
The general process is as follows:
1. Record the usual or expected run time for the backup.
2. Compare the actual backup time to the expected (usual) run time for the backup.
If the backup takes longer or shorter than this time, there may be a problem that needs
to be investigated.
81,;
For your UNIX-level backup, review the results using the appropriate UNIX backup
application.
17
We assume that you are using the NTBackup application. If you are using another program,
use that program’s documentation to determine its status after backup.
NTBackup records some log information in the NT event logs. A more specific log is written
to a file as specified when NTBackup is run.
*XLGHG7RXU
Release 4.6A/B
16–40
Chapter 16: Operations
Backups
5HYLHZWKH17%DFNXSORJ
&KHFNLQJ&RQVXPDEOH6XSSOLHV
:KDW
Consumable supplies are those that you use regularly, such as:
< Cleaning cartridges
< Data cartridges (tape and disk)
< Laser printer toner
< Ink cartridges
< Batteries
< Forms
< Envelopes, etc.
Within the group of consumable supplies are “critical supplies.” If these supplies run out,
your business operations could be affected or stopped. Examples are preprinted forms with
your company’s name or other special printing and magnetic toner cartridges. The amount
of spare supplies purchased and available on-hand should be enough to accommodate
varying usage levels and to allow for time to purchase replacements.
:K\
&ULWLFDO6XSSOLHV
If an item is critical, and you run out of it, business operation may stop.
Release 4.6A/B
16–42
Chapter 16: Operations
Checking Consumable Supplies
([DPSOH
If you run out of the magnetic toner cartridge for the check printer, you will not be able
to generate checks out of the system. At this point, either you cannot print checks to pay
your vendors, or you have to manually type the checks (if you have blank manual check
stock on hand).
Special or custom supplies such as the following require special consideration:
< Special magnetic ink toner cartridges to print the MICR characters on checks.
Not every computer supplier will stock these special cartridges.
< Preprinted forms (with company header, instructions, or other custom printing).
Due to the customized nature of these items, there is usually a significant lead time to
restock these items.
If it is a critical item, stock extras, the first spare may be bad or defective.
Murphy says: “When you need something immediately, it will be Friday evening and
vendors and stores will be closed.”
+RZ
([DPSOH
Certain DAT tapes are rated for 100 full backups. After that they should be discarded
and replaced with new tapes. (This usage limit can be entered into the SAPDBA control
file for Oracle.)
< Keep in touch with your purchasing agent and the market place.
Market conditions may make certain supplies difficult to purchase. In such conditions,
the lead time and quantities to be purchased need to be increased.
For example, at one time, 120 meter DAT tapes cartridges were difficult to buy, at any
price.
< Track usage rates and adjust stocking levels and purchasing plans as needed.
2WKHU&RQVLGHUDWLRQV
Certain supplies may have long lead times for purchase, manufacture, or shipping.
Do not make your lack of planning the purchasing agent’s emergency. If you do this too
often, you will soon “use up your favors.” Then when you really need help, the purchasing
agent may not be as willing to help you.
Release 4.6A/B
16–44
&KDSWHU &KDQJH0DQDJHPHQW
&RQWHQWV
7DEOH0DLQWHQDQFH7UDQVDFWLRQ60
Use this method if, and only if, there is no transaction to maintain the table. Directly
maintaining a table circumvents all edits and validations in the system.
When a change is made directly to a table and the table is saved, the change is immediate.
There is no “undo” function.
&UHDWLQJDQ(QWU\LQWKH7DEOH60
*XLGHG7RXU
1RWH This procedure shows how to create new entries in the Prohibited Password table, USR40.
1. In the Command field, enter transaction SM31 or SM30 and choose Enter
(or from the menu bar, choose System → Services → Table maintenance → Extended table maintenance).
2. In Table Views, enter the table
name (for example, USR40).
3. Choose Maintain.
Release 4.6A/B
17–2
Chapter 17: Change Management
Table Maintenance (Transaction SM31)
10
Release 4.6A/B
17–4
Chapter 17: Change Management
Table Maintenance (Transaction SM31)
12
13
15
'HOHWLQJDQ(QWU\IURPD7DEOH60
*XLGHG7RXU
1. In the Command field, enter transaction SM31 or SM30 and choose Enter
(or from the menu bar, choose System → Services → Table maintenance → Extended table maintenance).
2. Enter the table name (for example,
USR40).
3. Choose Maintain.
Release 4.6A/B
17–6
Chapter 17: Change Management
Table Maintenance (Transaction SM31)
10. Choose .
10
12
14
15
Release 4.6A/B
17–8
Chapter 17: Change Management
Change Control
&KDQJH&RQWURO
Change control is the managing of the changes, modifications and customizing made to
your system. This control allows you to be aware of and control what changes are made.
These change must be made in a controlled manner, because uncontrolled changes are a
recipe for disaster.
The process is:
< Managing the changes:
SAP notes that are applied to the system.
Authorization process for moving the changes from one system to another.
< Making the changes to the R/3 System.
< Moving the changes from one system to another.
The SAP training class BC325 (Software Logistics) covers change management and
transports. Also see Software Logistics by Sue McFarland.
0DQDJLQJ6$31RWHV
:KDW
:K\
There are several reasons to track SAP notes that are applied to your system:
< If a problem arises, SAP may ask if a specific note has been applied.
If you do not have a record of what notes you have applied, then you must manually
investigate your system. This process can be difficult and time consuming.
< When the system is upgraded, for conflict resolution, you need to know what notes have
been applied.
You must know what notes:
Are included in the upgrade, so you can go back to SAP standard code
May need reapplying because they are not included in the upgrade
+RZ
< Document all SAP notes applied to your system(s), and specify which system and
instance to which it is applied.
< Document all code changes with the SAP note number that applies.
This documentation is important especially if a program is changed by an upgrade or
support package. It helps you determine if your code change is included in the upgrade
or patch and, therefore, whether the program can revert back to “SAP standard.”
< In addition to a high-level tracking table, detailed records should be kept on the
individual notes.
The record should include the problem to be fixed, objects changed, release in which the
note was fixed (important for upgrades), and other applied or recommended notes (see
sample form in chapter 12).
< Document all SAP notes that are “noted” and do not require actual changes to be made
to the system (for example, procedural or informational notes).
< Document SAP notes that have not been applied to your systems.
There may be cases in which you review a note and determine that it does not apply.
You should document the reason(s). If SAP asks why a specific note was not applied,
you will have an answer.
6DPSOH)RUPV
Release 4.6A/B
17–10
Chapter 17: Change Management
Managing SAP Notes
Note – Applied
Note # :
Short text:
Module:
Problem to solve:
Objects changed:
Fixed in release:
Comments:
Other notes
applied with this
problem:
Applied to:
DEV 100
110
QAS 200
210
PRD 300
&KDQJH&RQWURO0DQDJLQJ7UDQVSRUWV
:KDW
Change control is the process of managing changes, modifications and customizing made to
the system and the transport of those changes through the pipeline from the development to
the test system, and finally to the production system. One of the most important change
management tasks involves notifying the appropriate people of the changes and getting
their approvals.
:K\
Because R/3 is an integrated system, there are items that may impact many other modules
or groups. If, for example, a change is made to a module which impacts other modules, and
this change is done without the knowledge of the appropriate people, a process may cease
to function. If something stops functioning in the production system, business may stop
until the problem is resolved.
In the past, most application systems were independent, so changes in one system were
insulated from the other systems. Because of this independence, users may not be used to
consulting with other organizations when making changes to what they consider “their”
systems.
In change control, there is a review and approval process. You should not make a change
and apply it to the system without a review and approval of the changes. These changes
apply to changes to SAP objects and system configuration.
+RZ
Release 4.6A/B
17–12
Chapter 17: Change Management
Change Control (Managing Transports)
Operations review
< Review any changes that may affect the operations staff
< Schedule new jobs
< Program error or problem procedure
Document the program restart procedure. Is it “safe” for the operator to restart the
job, if it fails or hangs?
4. Verify the change in the target system
Change control should also contain a recovery plan that includes:
< What to do if the import to the production system creates a problem?
< How to roll back? Will it be possible to roll back?
< Will a problem require a database restore?
Request to Transport
Transport number:
Transport title/description:
Objects:
QAS 200
210
PRD 300
Release 4.6A/B
17–14
Chapter 17: Change Management
Transporting Objects
7UDQVSRUWLQJ2EMHFWV
7UDQVSRUWVLQWRWKH3URGXFWLRQ6\VWHP
:KDW
:KHQ
Complete the transport in the production system during a “quiet” period (for example,
Sunday afternoon or evening) when users are not logged on the system.
Ideally, a full system backup should have been completed before transports are imported.
:K\
During a transport, objects may be overwritten. If an object is being used in the target
system when a transport is performed, the transport may cause inconsistent results or
terminate the transaction. In the worst case scenario, a transport may “break” the
production system and you will need to restore the system.
+RZ
Transports are only done when necessary (when you have a transport that needs to be
moved). You may also have the occasional “emergency” transport that must be moved at a
time other than at your normal weekly transport time.
7UDQVSRUWLQJ2EMHFWV
The transport system has been significantly changed in Release 4.x. (It used to be known as
Correction and Transport System.) It is still CTS, but is now called the Change and Transport
System; In CTS are the Transport Management System (TMS) and Change and Transport
Organizer (CTO).
The purpose of transports is to move objects and configuration from one system to another
in the production pipeline. This pipeline is defined in a three-system landscape as systems
comprising development to quality assurance to production. A transport starts in the
development system, is transported to the quality assurance system where is tested, and
finally into the production system.
To transport objects, use one of the following methods:
< Transport Management System (TMS)
< Operating system (OS)
Transports are taught in BC325 (Software Logistics).
7060HWKRG
The TMS method uses a new transaction, STMS, to perform the transports.
Benefits:
< The user does not have to go into the operating system to do the transport.
< The user selects the transport from a GUI to do the import.
There is no risk of incorrectly typing the wrong command or transport number.
< Because the import is done from within R/3, there is no need to physically go down to
the server or use a “remote connection” (for NT) to the server to do the import.
< The transport route can be specific to clients.
With one export, the TMS system is set up to import into several combinations of system
and client as defined in the transport route. (This functionality is new in Release 4.6.)
< Transport requests can be grouped into projects, and the transport request selected and
moved by these projects.
This grouping reduces the chances of transporting the wrong transport request when
there are many activities and projects going on. (This functionality is new in Release 4.6.)
< Advanced quality assurance prevents transports from being imported into the
production system until they are released after successful testing in the quality
assurance system. (This functionality is new in Release 4.6.)
< The import of transport requests can be scheduled.
You no longer have to manually import the transport requests or write scripts to do the
import. (This functionality is new in Release 4.6.)
706GRFXPHQWDWLRQ
The TMS documentation (including configuration) can be found on the R/3 online
documentation by choosing Help→ SAP Library → Basis Components → Change and Transport
System (BC-CTS) → BC-Transport Management System.
2SHUDWLQJ6\VWHP0HWKRG
The operating system (OS) method requires you to go down to the OS level to execute the
transport program (tp) at the command line.
Disadvantages:
< The user must go into the operating system to do the transport.
This action is a security issue in companies that restrict which employees can have this
level of access.
< The import is done from the command line.
There is the risk of incorrectly typing and importing the wrong transport.
Release 4.6A/B
17–16
Chapter 17: Change Management
Transporting Objects
6WDQGDUG7UDQVSRUW3URFHVV
This section describes the standard transport process from your development system to
your production system.
The following steps are part of your company’s change management process:
1. Obtain proper authorization to transport the objects.
Obtaining this authorization is the responsibility of the person who requests the
transport move. The required authorizations and approval process differ based on the
company. Some companies require the approval of only one person, while other
companies require the approval of numerous people.
A major purpose of the approval process is to give other functional groups a “heads up”
as to what you are moving.
If the move affects any of the functional groups, and they know about it, they can take
the appropriate action: review, test, etc. If necessary, your transport is delayed until the
affected functional groups are satisfied. This way, there will not be problems related to
your transport.
2. Define other necessary transport management related information, such as:
< Who to contact in case of problems
The person doing the transport typically is not a programmer. If there is a problem
with the transport, that person will need assistance to determine what failed.
< What recovery process to follow if the transport fails
< Who will test the transport in the target system to determine that it works as
intended
< The transport number
< The source system
< The target system(s)
< Relationship to other transports, such as sequence order, etc.
For more information, see chapter 12.
3. Use transactions SE01, SE09, or SE10 as necessary to release the transport.
First release the task, then release the request (or transport).
The TMS (normal) import and one of the OS import options, tp import all, will
import all transports in the import buffer. The assumption is that all objects released
into the import buffer have been tested and approved for transport into the target
system. If you use either method, it is important to not release the objects until they have
been tested and approved for transport.
Up to, and including Release 4.5, in a three-system landscape, once the transport is
imported into the quality assurance system, it is added into the production system
import buffer, and there is no “second release” out of the quality assurance system.
4. Import the request into the target system.
6SHFLDO7UDQVSRUWVIURP6$3
Special manual transports fix specific problems, add features, or add functionality from
third-party software vendors. U.S. customers can download the transport files from
SAPSERV4. These files are usually a single file that you have to unpack using the CAR
program. The downloading and unpacking procedure is described in chapter 22.
1. Get the files from SAP or the delivery media, such as a CD.
Two files (sometimes there is a third file) are normally combined as a set (for example,
K174511.P30, R174511.P30, and D174511.P30).
2. Copy the files into the appropriate transport directories:
a. Copy files beginning with “K” into:
< NT <drive>:\usr\sap\trans\cofiles
\\<host>\sapmnt\trans\cofiles
< UNIX /usr/sap/trans/cofiles
b. Copy files beginning with “R” and “D” into:
Release 4.6A/B
17–18
Chapter 17: Change Management
Transporting Objects
< NT <drive>:\usr\sap\trans\data
\\<host>\sapmnt\trans\data
< UNIX /usr/sap/trans/data
3. Add the special transport to the import buffer (process described in 17–25 and 17–34).
4. Import the transport (process described in 17–27 and 17–34).
5HOHDVLQJD5HTXHVW7UDQVSRUW
To release a request:
1. Release all tasks associated with the request.
2. Release the request.
*XLGHG7RXU
10
Release 4.6A/B
17–20
Chapter 17: Change Management
Transporting Objects
12
5HOHDVLQJWKH5HTXHVW
Release 4.6A/B
17–22
Chapter 17: Change Management
Transporting Objects
11
12
,I7KHUH,VD3UREOHP
If there is a problem, review the transport log. For more information, see the transport log later in this
chapter.
7060HWKRGRI7UDQVSRUWLQJ
7KH0DLQ7066FUHHQ
*XLGHG7RXU
Release 4.6A/B
17–24
Chapter 17: Change Management
Transporting Objects
$GGLQJD6SHFLDO7UDQVSRUWLQWRWKH,PSRUW%XIIHU
*XLGHG7RXU
Adding a special transport into the import buffer is usually not done. The release process adds the
transport into the appropriate input buffer. This task is only performed for special transports that are
downloaded from SAPSERV4 or received via CD.
3UHUHTXLVLWH
The transport files have been moved into the appropriate directories.
1. From the TMS screen, choose .
7. Choose Yes.
Release 4.6A/B
17–26
Chapter 17: Change Management
Transporting Objects
8VLQJ706WR,PSRUWD7UDQVSRUW5HTXHVW
*XLGHG7RXU
,PSRUWD6HOHFWHG5HTXHVW
Release 4.6A/B
17–28
Chapter 17: Change Management
Transporting Objects
6. Choose Yes.
,PSRUW$OO5HTXHVWV
Release 4.6A/B
17–30
Chapter 17: Change Management
Transporting Objects
5. Choose Yes.
&KHFNWKH7UDQVSRUW/RJ
*XLGHG7RXU
Release 4.6A/B
17–32
Chapter 17: Change Management
Transporting Objects
By using TMS to review the transport logs, the inconsistency encountered in the OS method of viewing
the transport log does not occur. The inconsistency is when the tp return code (received when the
import is done) does not match the return code in the transport log. The following line would appear in
the above screen:
Request SID S RC
260HWKRGRI7UDQVSRUWLQJ
$GGLQJD6SHFLDO7UDQVSRUW,QWRWKH,PSRUW%XIIHU
Adding a special transport into the import buffer is normally not done. This task is only
performed for special transports that are downloaded from SAPSERV4 or received via CD.
3UHUHTXLVLWH
< The transport files have been moved into the appropriate directories.
< You must be on the target system (PRD).
1. Go to the transport program directory:
< NT: <drive>:\usr\sap\trans\bin
< UNIX: /usr/sap/trans/bin
2. Load the transport into the import buffer with the following command:
tp addtobuffer <transport> <target sid>
tp addtobuffer P30K174511 DEV
Where the:
< Target system is DEV
< File is K174511.P30
< Transport number is P30K174511
< The transport number is derived from the transport file number, where the first three
characters are the file extension (P30), and the rest of the name is the base name of
the file (K174511).
3. Import the transport.
,PSRUWLQJWKH7UDQVSRUW
3UHUHTXLVLWH
< You must be on the target system.
< For NT, on the target system, you must have mapped a drive to the shared directory
(\sapmnt) on the source system (for example, where drive S: is mapped to
\\devsys\sapmnt).
+RZ
Release 4.6A/B
17–34
Chapter 17: Change Management
Transporting Objects
You may be instructed in an SAP note or by the SAPNet hotline to use Unconditional codes
or U codes. These are special program option switches that the tp program uses during the
import process.
< In NT, use QuickSlice, an application included with the NT resource kit, and the CPU
activity in the NT Performance Monitor to monitor the import process. After a few
times, you will recognize the activity pattern of a transport.
< In UNIX, use the utilities top or xload to monitor the import process.
1. Record the start and finish time for the transport on the transport log or the transport
form.
2. Check the exit code.
If you receive an exit code of 8 or higher, the import failed. You must resolve the
problem and reimport the transport. If you get a return code of 8, there is a known
condition where this return code does not match the transport log. This condition is
described in Checking the Transport Log section below.
3. Check the transport log (see below).
&KHFNLQJWKH7UDQVSRUW/RJ7UDQVDFWLRQ6(
:K\
+RZ
The information in this chapter is only a portion of the first half of the process, that is,
determining if the transport succeeded or failed. The second half of the process,
investigating why the transport failed, is not covered. If the transport involves an object
such as an ABAP program or SAPscript layout, you will need the assistance of your
programmers to determine why it failed and how to fix it.
The transport could still have failed even if you did not receive a failed return code. The
final test is to verify in the target system that the transport arrived properly. The developer
and functional area owner are responsible for this verification.
&KHFNLQJWKH7UDQVSRUW/RJ
*XLGHG7RXU
1RWHYou must check the transport log from the transaction that released the transport (SE09 or SE10).
Release 4.6A/B
17–36
Chapter 17: Change Management
Transporting Objects
10
11
You may run into a rare inconsistency between the return code in this log and the return code
when you ran the import program tp. This condition occurs when the tp program ends with a
return code 8 (Error) and the log above shows a maximum return code of 4 (Warning). This
inconsistency is caused by a step in the import that is not associated with the transport number
(in the example RW6K9000079). Thus when the log is reviewed, the maximum return code of 4
[(and not 8) (Warning)] appears. However, it is still a failed transport.
The TMS method does not have this inconsistency.
Release 4.6A/B
17–38
&KDSWHU 7URXEOHVKRRWLQJ
&RQWHQWV
Overview ................................................................................................................18–2
Basic Troubleshooting Techniques ....................................................................18–2
2YHUYLHZ
This chapter is a basic problem solving chapter. We will present you with some of the tools
and techniques to help you solve the problem yourself. We will not be going into advanced
troubleshooting techniques. Troubleshooting is learned by doing; the more experience you
have, the better you become.
The next chapter is on performance tuning. Performance tuning is a specialized
troubleshooting, so troubleshooting techniques are also relevant for performance tuning.
%DVLF7URXEOHVKRRWLQJ7HFKQLTXHV
The general procedure when working on troubleshooting is not new. It is the standard
problem solving procedure that has been in use for years by many professions. Your auto
mechanic would follow the same procedure when repairing your car:
< Gather data
< Analyze the problem
< Evaluate the alternatives
< Make a change
Remember to make only one change at a time.
< Document the changes
< Evaluate the results
*DWKHU'DWD
< Ask the following questions:
What is the problem?
What error messages, dumps, or other diagnostic aids are available from the
problem?
What conditions caused the problem?
Is the problem repeatable?
< To analyze the problem, use your available tools, such as:
System Log (SM21)
Update Failure (SM13)
ABAP Dump (SM22)
Spool (SP01)
Release 4.6A/B
18–2
Chapter 18: Troubleshooting
Basic Troubleshooting Techniques
$QDO\]HWKH3UREOHP
< What are the resources you have to help solve the problem:
Online documentation
Reference books
SAP notes
Other customers (this is your network)
< Call for assistance:
Consultants
SAPNet help desk
(YDOXDWHWKH$OWHUQDWLYHV
0DNHRQO\2QH&KDQJHDWD7LPH
< If there is a problem, and you made several changes at once, you will not know which
change caused or fixed a problem.
< There are times where several changes need to be made, to fix a problem.
Unless they must be done together, such as related program changes, make the changes
separately.
'RFXPHQWWKH&KDQJHV
< If a change causes a problem, you need to undo the change.
To do that you need to know what the configuration was before the change and what
you did.
< If the change needs to be applied to multiple systems, you need to know exactly what
changes to make and how to do it. This process must be repeated exactly the same on all
systems.
*HWWKH&RPSOHWH(UURU0HVVDJH
*XLGHG7RXU
When you get an error message in an R/3 transaction, you need all the information on the error to forward
to SAP. To get the complete error message, do the following:
1. When an error occurs, the field
with the error is highlighted.
2. Double-click on the error message.
Release 4.6A/B
18–4
Chapter 18: Troubleshooting
Basic Troubleshooting Techniques
*HWWKH6$33DWFK/HYHO
:KDW
This level is the R/3 kernel patch level that is being used.
:K\
This patch level is needed when submitting problem messages to SAP. It tells the hot line
personnel on what kernel patch level you are. Different problems are fixed in different patch
levels.
([DPSOH
You are on patch level 50 and have a particular problem. The fix to your problem may
have been done in patch level 61. This level identifies that the problem is an older kernel
that contains the problem. The solution is to upgrade to the current kernel, “at least” patch
level 61.
+RZ
*XLGHG7RXU
'HWHUPLQLQJ:KDW6XSSRUW3DFNDJHV+DYH%HHQ$SSOLHG
:KDW
:K\
As with the SAP Patch level, problems you have may be related to the level of the applied
support package.
Release 4.6A/B
18–6
Chapter 18: Troubleshooting
Basic Troubleshooting Techniques
+RZ
*XLGHG7RXU
Release 4.6A/B
18–8
&KDSWHU 3HUIRUPDQFH
&RQWHQWV
Overview ................................................................................................................19–2
General Procedure ................................................................................................19–3
R/3...........................................................................................................................19–4
Database ..............................................................................................................19–11
Operating System ...............................................................................................19–11
Hardware..............................................................................................................19–15
2YHUYLHZ
&ULWLFDO$VVXPSWLRQ
The hardware, operating system, database, and R/3 have been properly installed based
upon SAP’s recommendations.
:K\
As with the design of this book, performance tuning has to have a starting point. This point
is the SAP-recommended configuration for hardware, database, operating system, network,
etc.
An extreme example (that did occur with a customer) is where the operating system, the
database, and R/3 has been installed on a single logical drive. In this situation, all the drives
in the server were configured in a single RAID5 array and treated as a single, huge drive.
This situation created a classic condition known as “head contention,” where R/3, the
database, and the operating system all simultaneously competing for the same disk drive
head.
Head contention is similar to you being asked to do many things at the same time, such as:
< Cook dinner
< Read a book
< Help your child with homework
< Water the yard
< Fix the fence
You run around doing a little of each task then going to the next. None of the tasks get done
with any reasonable speed.
Release 4.6A/B
19–2
Chapter 19: Performance
General Procedure
This is an example of a problem that is not new. Head contention existed in the early days of
computing. The solution now is essentially the same as it was back then, that is, to spread
the data over multiple drives.
3ULRULW\RI(YDOXDWLRQ
The SAP EarlyWatch group has determined that the majority of the performance issues and
gains are from within R/3. This gain is followed first by database issues, then operating
system, then hardware. Thus we will primarily discuss R/3 performance issues.
*HQHUDO3URFHGXUH
The general procedure when working on performance issues is not new. It is the standard
problem-solving procedure:
< Gather data
< Analyze the problem
< Evaluate the alternatives
< Make only one change at a time
If there is a problem, you will not know which change caused a problem. There are
times where several changes need to be made to fix a problem. Even so, unless they
must be done together, such as related program changes, make the changes one at a
time.
< Document the changes.
If a change causes a problem, you need to undo the change.
To do that you need to know what the configuration was before the change and
what you did.
If the change needs to be applied to multiple systems, you need to know exactly
what changes to make, and how to do it.
This process must be repeated exactly the same on all systems.
5
One of the most common reasons for R/3 performance problems is poorly written custom
(or modified standard) ABAP programs.
:RUNORDG$QDO\VLVRIWKH6\VWHP7UDQVDFWLRQ67
:KDW
+RZ
You should check statistics and record trends to get a “feel” for the system’s behavior and
performance. Understanding the system when it is running well helps you determine what
changes may need to be made when it is running poorly.
*XLGHG7RXU
Release 4.6A/B
19–4
Chapter 19: Performance
R/3
8
7
Judgment must be applied when reviewing statistical values. If you just started the R/3
System, the buffers will be empty and many of the statistics will be unfavorable. Once the
buffers are loaded, values can be properly evaluated.
In this example, the Av. response time of almost 4 seconds must be evaluated with other
factors in mind.
The R/3 user default for a decimal point is a comma. If your default profile for decimal point,
(point or comma) is not appropriately set, the display may be misread. For example, rather
than 3,888 ms, it would read 3.888 ms. Quite a difference!
Release 4.6A/B
19–6
Chapter 19: Performance
R/3
11
Analysis of transaction ST03 is covered in BC315 (the Workload Analysis and Tuning class).
We recommend you take this class.
13
A few standard functional transactions will exceed the one-second guideline. They include,
but are not limited to the following:
Type Transaction
%XIIHUV67
:KDW
The buffer tune summary transaction displays the R/3 buffer performance statistics. It is
used to tune buffer parameters of R/3 and, to a lesser degree, the R/3 database and
operating system.
:K\
The buffer is important because significant buffer swapping reduces performance. Look
under Swaps for red entries. Regularly check these entries to establish trends and get a feel
for buffer behavior.
Release 4.6A/B
19–8
Chapter 19: Performance
R/3
*XLGHG7RXU
2a 2b
Analysis of transaction ST02 is covered in BC315 (the Workload Analysis and Tuning
class). We recommend you take this class.
0HPRU\'HIUDJPHQWDWLRQ
:KDW
A computer’s memory behaves similar to a hard disk. As different programs execute, they
are loaded into, and later deleted out of, memory. Over time, like a hard disk, the usage of
the computer’s memory becomes fragmented with unused spaces scattered throughout.
:K\
At a certain point you may have sufficient “free memory” (that is, the total of all the unused
spaces), but not a contiguous (single) piece of memory large enough to allow certain
programs to execute. At that point, those types of programs attempting to run that need
contiguous memory will fail because they cannot be loaded into memory.
+RZ
When R/3 is restarted, the buffers are refreshed. This process means that the first person
who accesses the buffered object will have a long response because the system must get the
data from disk and load it into the buffer. The second person will have a normal (quick)
response time. This process repeats until all normally used objects are loaded into the
buffer, which usually takes up to a day to accomplish.
Release 4.6A/B
19–10
Chapter 19: Performance
Database
'DWDEDVH
See chapter 13 (Database Administration – Microsoft SQL Server) for the database-related
performance tuning transactions:
< Activity - ST04
< Tables/Indexes - DB02
2SHUDWLQJ6\VWHP
2SHUDWLQJ6\VWHP0RQLWRU26
:KDW
The operating system monitor allows you to view relevant operating system and hardware
details.
The operating system-related detail, such as:
< Memory paging
< Operating system log
In addition, the following hardware details are available:
< CPU utilization
< Free space on disks
:K\
+RZ
*XLGHG7RXU
Release 4.6A/B
19–12
Chapter 19: Performance
Operating System
Release 4.6A/B
19–14
Chapter 19: Performance
Hardware
+DUGZDUH
&38DQG'LVN
Also see Operating System – Operating System Monitor (OS07) to get data on:
< CPU utilization
< Free space on disks
0HPRU\
The hardware item that has the largest effect on R/3 performance is memory. The R/3
System uses memory extensively. By keeping data in buffer, physical access to the drives is
reduced. Thus, in general, the more memory you have, the faster R/3 will run.
Release 4.6A/B
19–16
&KDSWHU 6$31HW³:HE)URQWHQG
&RQWHQWV
Overview ................................................................................................................20–2
Logging on to SAPNet ..........................................................................................20–3
Online Services .....................................................................................................20–4
Solving a Problem with SAPNet ..........................................................................20–5
Registering a Developer or Object ....................................................................20–15
Online Correction Support.................................................................................20–24
2YHUYLHZ
SAPNet–Web Frontend (SAPNet–web) is the internet access to SAP resources and SAPNet–
R/3 (formerly OSS) functions such as:
< Registering developers and objects
< Searching for SAP notes
< Downloading support packages
Most of the OSS functions will be migrated to SAPNet. The entering and retrieving of
customer messages on SAPNet has just become available and is currently in pilot.
However, not all OSS functions will be migrated to SAPNet. The opening and use of the
SAP service connections for Earlywatch and SAP hotline access to customer systems will
remain in OSS or SAPNet–R/3.
We recommend that you use SAPNet–Web as your primary SAPNet access method. For
most companies with an existing (flat fee) internet access line, the cost of the internet
access is already paid for. The SAP service connection required for SAPNet-R/3, if using
ISDN, is additional per minute cost.
+RZ
Release 4.6A/B
20–2
Chapter 20: SAPNet—Web Frontend
Logging on to SAPNet
/RJJLQJRQWR6$31HW
*XLGHG7RXU
2
3
2QOLQH6HUYLFHV
*XLGHG7RXU
Release 4.6A/B
20–4
Chapter 20: SAPNet—Web Frontend
Solving a Problem with SAPNet
6ROYLQJD3UREOHPZLWK6$31HW
6HDUFKLQJIRU6$31RWHV
*XLGHG7RXU
Release 4.6A/B
20–6
Chapter 20: SAPNet—Web Frontend
Solving a Problem with SAPNet
6
7
7R6HDUFKIRU1RWHV5HODWHGWR,QVWDOODWLRQ
2
1
&XVWRPHU0HVVDJHV
1RWH As this guidebook is going to print, the Customer Message function has just been
released to SAPNet-Web. Since this function is in pilot mode, it may change from the
process described here. At present, you can only create and view messages via SAPNet-
Web, modifying messages is only possible via SAPNet-R/3.
If you have searched both the online documentation and SAP notes and not found the
answer to your question or problem, then you should submit a SAPNet message for
assistance.
1RWH The SAPNet customer message function is not meant to replace consulting.
Messages entered into SAPNet are for reporting and getting resolution on SAP problems
or bugs. If a message is interpreted as a request for consulting information, it will be
returned to you, and you will be advised to seek consulting assistance.
Release 4.6A/B
20–8
Chapter 20: SAPNet—Web Frontend
Solving a Problem with SAPNet
(QWHULQJ&XVWRPHU0HVVDJHV
Include as much information as possible in your message, so the SAPNet Hotline
consultants can help you. Indicate where in the online documentation you have searched
and which SAP notes you have reviewed.
3ULRULW\WDEOH
Priority Situation
Very High < In your production system, only for system or application
shutdown
< In your nonproductive system, during a critical project phase
These messages are reviewed by an Online Service System/SAPNet
consultant within 30 minutes of arrival. If the problem does not fall
within the defined description for a “very high” priority problem,
the priority is immediately reduced.
Do not assign a message this priority if you cannot be available to
receive a call back from SAP. If SAP attempts to call you and you
cannot be reached, your message may be downgraded.
Medium For errors with less serious consequences than the above two cases,
where the operation of the productive system is not seriously
affected.
Use care when assigning a priority to your message. If the problem does not meet the Very
High criteria, assigning the message this priority will not guarantee you a quicker response
time.
The following list contains hints that can improve total problem resolution time:
&RPSRQHQW
< If you know the specific component, assign it.
If you do not know it, do not assign to a detailed component level (for example, assign it
to level 3, BC-CCM-PRN rather than a level 4, BC-CCM-PRN-DVM). The Online Service
System Hotline consultant can assign a specific component. If you assign the message to
a wrong component, and it is forwarded to the incorrect person, time is lost. It will take
that much more time to resolve your problem.
< Be aware that the cause of the problem may be in an area other than the module you are
working on.
3UREOHP'HVFULSWLRQ
< Be clear and descriptive.
The better the information you provide, the better the results. Information that is clear to
you may not be clear to the hotline consultant.
< Provide enough data so that SAPNet Hotline personnel will not have to ask additional
questions before beginning work on your problem.
Examples of complete data includes:
If there is an error message, enter it exactly as it appears.
Provide the transaction or menu path describing where the error or problem
occurred.
Indicate if the problem can be duplicated on your test system.
Describe the circumstances that created the problem.
Describe anything unique about the data entered in the transaction where the
problem occurred.
List which problem-related SAP notes that have been reviewed and which notes
have been applied.
List which actions and research you have already performed.
< The following examples are messages in which the SAPNet hotline requires more
information before beginning on the problem:
“FB01 does not work.”
“The system is slow.”
Keep your system technical information in SAPNet current and correct. This information
is used by hotline personnel when they work on your problem.
Release 4.6A/B
20–10
Chapter 20: SAPNet—Web Frontend
Solving a Problem with SAPNet
+RZ
*XLGHG7RXU
(QWHULQJ&XVWRPHU0HVVDJHV
3
3
11
12
13
14
Release 4.6A/B
20–12
Chapter 20: SAPNet—Web Frontend
Solving a Problem with SAPNet
16
17
18
19
20 21
9LHZLQJ&XVWRPHU0HVVDJHV
The response to your message is often in the form of an electronic message, rather than a
telephone call. It is, therefore, important to monitor the status of your messages.
9LHZLQJ&XVWRPHU0HVVDJHV
1. On the SAPNet screen, on the menu
bar, choose Inbox.
Release 4.6A/B
20–14
Chapter 20: SAPNet—Web Frontend
Registering a Developer or Object
5HJLVWHULQJD'HYHORSHURU2EMHFW
:KDW
To modify an SAP object, both the developer and the object that will be modified need to be
registered with SAP. A developer, once registered for the installation, does not have to
register again. Similarly, an SAP object once registered for the installation, does not have to
be registered again. It is for this reason that on the registration screen either or both the
developer or object access key would be required.
:K\
< Only an SAP-registered developer can make changes to SAP objects.
Restricting access to registered developers provides a record of who has made changes
to the system.
< Registering an SAP object provides a record of which SAP objects have been modified
by the customer.
The assumption is that if you requested an object access key, you will be modifying the
object.
+RZ
See the following sections for registering a developer and an SAP object.
5HJLVWHULQJD'HYHORSHU
To modify an SAP object, the developer needs to be registered with SAP. Once registered for
the installation, the developer does not have to register again.
:K\
Only an SAP-registered developer can make changes to SAP objects. Restricting access to
registered developers provides a record of who has made changes to the system.
+RZ
*XLGHG7RXU
'HYHORSHU5HTXHVWV'HYHORSHU.H\
1. This screen is seen by the
developer when a developer key is
required.
a. If the developer Access key is
blank, you need to obtain a
developer access key. b
b. Give the developer User name a
(2) to the system administrator
to get a developer access key.
7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\
1. On the Online Services screen, choose SSCR.
Release 4.6A/B
20–16
Chapter 20: SAPNet—Web Frontend
Registering a Developer or Object
5HJLVWHULQJD'HYHORSHU
1. If your site has several R/3 installations, select
the one for which you wish to perform
registrations.
2. Choose Register Developer.
(QWHUWKH'HYHORSHU.H\
In the development system:
1. In the developer Access key field,
the developer enters the key
received from the system
administrator.
Release 4.6A/B
20–18
Chapter 20: SAPNet—Web Frontend
Registering a Developer or Object
'HOHWLQJD'HYHORSHU
On the same screen that was used to
register a developer:
1. In Developer, enter the user ID of the
developer to delete.
2. Select Delete.
3. Choose Register.
4. To check if the deletion is
successful, choose Overview, which 4
displays a list of developers.
5HJLVWHULQJDQ2EMHFW
:K\
Registering an SAP object provides a record of which SAP objects have been modified by
the customer. The assumption is that if you requested an object access key, you will be
modifying the object. If the customer modifies an object and problems arise, resolving the
problem may be the customer’s responsibility. If an object is not modified and problems
arise, resolving the problem is SAP’s responsibility.
+RZ
*XLGHG7RXU
'HYHORSHU5HTXHVWV2EMHFW.H\
1. This screen is seen by the
developer when an object key is
required:
a. If the object Access key is blank,
you need to obtain an object
access key.
b. Give the three object fields to
the system administrator (for
example, R3TR, PROG, b
RSPARAM). c
All three fields are required to a
obtain the object key.
c. If you are in a mixed release
environment, also give the
system administrator the SAP
Release for the system.
7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\
1. On the Online Services screen, choose SSCR.
Release 4.6A/B
20–20
Chapter 20: SAPNet—Web Frontend
Registering a Developer or Object
5HJLVWHULQJDQ2EMHFW
Release 4.6A/B
20–22
Chapter 20: SAPNet—Web Frontend
Registering a Developer or Object
(QWHUWKH2EMHFW.H\
In the development system:
1. In Access key, the developer would enter the
object key received from the system
administrator.
10
'HOHWHDQ2EMHFW
From the Register Object Screen:
1. In TADIR Object, enter the Program
ID/Object/Object name of the object to
be deleted.
2. Select Delete.
3. Choose Register.
4. To check whether the deletion is
4
successful, choose Overview, which
displays a list of developers.
2
3
2QOLQH&RUUHFWLRQ6XSSRUW
The SAP Online Correction Support provides information and tools to retrieve support packages such as
hot packages, legal change packages, SPAM updates, etc.
*XLGHG7RXU
Release 4.6A/B
20–24
Chapter 20: SAPNet—Web Frontend
Online Correction Support
*HWWLQJWKH/DWHVW63$0YHUVLRQ
4. Choose Download.
9. Choose OK.
Release 4.6A/B
20–26
Chapter 20: SAPNet—Web Frontend
Online Correction Support
'RZQORDGLQJ6XSSRUW3DFNDJHV
1. On the download screen, from the left frame,
select R/3 Support Packages.
6SHFLILF6XSSRUW3DFNDJH5HODWHG1RWHV
To look at the notes related to the specific Support
Package:
1. On the Option screen, choose R/3 Notes.
Release 4.6A/B
20–28
Chapter 20: SAPNet—Web Frontend
Online Correction Support
'RZQORDGLQJ6XSSRU3DFNDJHV
To download the Support Package:
1. On the option screen, choose Download.
Release 4.6A/B
20–30
Chapter 20: SAPNet—Web Frontend
Online Correction Support
7
After downloading the support packages (whether SPAM update or support package), complete the
following steps:
1. Unpack the patch archive file (see Unpacking a CAR file in chapter 22).
2. Transfer the resulting *.ATT and *.PAT files to the /usr/sap/trans/EPS/in subdirectory.
Release 4.6A/B
20–32
&KDSWHU 6$31HW²5)URQWHQG
&RQWHQWV
Overview ................................................................................................................21–2
Useful SAP Notes..................................................................................................21–3
Connecting to SAPNet–R/3 ..................................................................................21–3
Researching a Problem with SAPNet-R/3...........................................................21–6
Registering a Developer or Object ....................................................................21–22
Opening a Service Connection..........................................................................21–30
2YHUYLHZ
If you have an ISDN connection, the telephone bill can become high. ISDN is normally
billed “by the minute” of connect time. Manage the time that you are connected to
SAPNet-R/3, or you could get a large phone bill for your SAP service connection.
Check with your networking person or company about how your SAP service connection
is configured. Some will hold the ISDN connection open even if there is no traffic, which
could result in an even larger phone bill.
3UHUHTXLVLWHV
< The SAP Service connection must be set up and working
SAProuter must be installed and configured
OSS1 technical settings must be configured
< You must have a valid SAPNet/OSS user ID and password for your company
Release 4.6A/B
21–2
Chapter 21: SAPNet–R/3 Frontend
Useful SAP Notes
8VHIXO6$31RWHV
&RQQHFWLQJWR6$31HW²5
*XLGHG7RXU
3. Select 1_PUBLIC.
4. Choose Continue.
3
Release 4.6A/B
21–4
Chapter 21: SAPNet–R/3 Frontend
Connecting to SAPNet–R/3
5HVHDUFKLQJD3UREOHPZLWK6$31HW5
SAPNet-R/3 contains a large database of problem notes. If you have a particular problem or
question, you should first search the online documentation, then search these notes. You can
also access SAP notes through SAPNet-Web.
)LQGLQJ1RWHVLQWKH6$31HW5
*XLGHG7RXU
Release 4.6A/B
21–6
Chapter 21: SAPNet–R/3 Frontend
Researching a Problem with SAPNet-R/3
2. Choose Notes.
3. Choose Find.
Release 4.6A/B
21–8
Chapter 21: SAPNet–R/3 Frontend
Researching a Problem with SAPNet-R/3
10
11
The SAPNet message function does not replace consulting. Messages entered into SAPNet
are for reporting and getting resolution on SAP problems or bugs. If a message is
interpreted as a request for consulting information, it will be returned to you, and you will
be advised to seek consulting assistance.
Priority Situation
Very High < In your production system, only for system or application
shutdown
< In your nonproductive system, during a critical project phase
These messages are reviewed by an Online Service System/SAPNet
consultant within 30 minutes of arrival. If the problem does not fall
within the defined description for a “very high” priority problem,
the priority is immediately reduced.
Do not assign a message this priority if you cannot be available to
receive a call back from SAP. If SAP attempts to call you and you
cannot be reached, your message may be downgraded.
Medium This priority is for errors with less serious consequences than the
above two cases, where the operation of the productive system is
not seriously affected.
Use care when assigning a priority to your message. If the problem does not meet the Very
High criteria, assigning the message this priority will not guarantee you a quicker response
time.
Release 4.6A/B
21–10
Chapter 21: SAPNet–R/3 Frontend
Researching a Problem with SAPNet-R/3
The following list contains hints that can improve total problem resolution time:
&RPSRQHQW
< If you know the specific component, assign it.
If you do not know it, do not assign to a detailed component level (for example, assign it
to level 3, BC-CCM-PRN rather than a level 4 BC-CCM-PRN-DVM). The SAPNet Hotline
consultant can assign a specific component. If you assign the message to a wrong
component, and it is forwarded to the incorrect person, time is lost. It will take that
much more time to resolve your problem.
< Be aware that the cause of the problem may be in an area other than the module you are
working on.
3UREOHPGHVFULSWLRQ
< Be clear and descriptive.
The better the information you provide, the better the results. Information that is clear to
you may not be clear to the hotline consultant.
< Provide enough data so that SAPNet Hotline personnel will not have to ask additional
questions before beginning work on your problem:
Examples of complete data includes:
If there is an error message, enter it exactly as it appears.
Provide the transaction or menu path describing where the error or problem
occurred.
Indicate if the problem can be duplicated on your test system.
Describe the circumstances that created the problem.
Describe anything unique about the data entered in the transaction where the
problem occurred.
List which problem-related SAP notes that have been reviewed and which notes
have been applied.
List which actions and research you have already performed.
< The following examples are messages in which the SAPNet hotline requires more
information before beginning on the problem:
“FB01 does not work.”
“The system is slow.”
Keep your system technical information in SAPNet current and correct. This information
is used by hotline personnel when they work on your problem.
*XLGHG7RXU
Release 4.6A/B
21–12
Chapter 21: SAPNet–R/3 Frontend
Researching a Problem with SAPNet-R/3
To control access to your system and mange how long the service connection is open, request
that you be contacted to:
< Get the password
< Open the SAP service connection
16
17
18
Release 4.6A/B
21–14
Chapter 21: SAPNet–R/3 Frontend
Researching a Problem with SAPNet-R/3
*HWWLQJ6WDWXVRQ<RXU0HVVDJH
The response to your message is often in the form of an electronic message rather than a
telephone call. It is, therefore, important to monitor the status of your messages.
*XLGHG7RXU
5HYLHZWKH$FWLRQ/RJ
1. Choose Action Log.
Release 4.6A/B
21–16
Chapter 21: SAPNet–R/3 Frontend
Researching a Problem with SAPNet-R/3
'LVSOD\/RQJ7H[W
1. Choose Long text.
5HRSHQ
1. Choose Reopen.
Release 4.6A/B
21–18
Chapter 21: SAPNet–R/3 Frontend
Researching a Problem with SAPNet-R/3
9. Choose Back.
Release 4.6A/B
21–20
Chapter 21: SAPNet–R/3 Frontend
Researching a Problem with SAPNet-R/3
&RQILUP
1. Choose Confirm.
2. Choose Yes.
5HJLVWHULQJD'HYHORSHURU2EMHFW
:KDW
To modify an SAP object, both the developer and the object that is to modified needs to be
registered with SAP. A developer, once registered for the installation, does not have to
register again. Similarly, an SAP object once registered for the installation, does not have to
be registered again. It is for this reason that on the registration screen either or both the
developer or object access key would be required.
:K\
Only an SAP-registered developer can make changes to SAP objects. Restricting access to
registered developers provides a record of who has made changes to the system.
Registering an SAP object provides a record of which SAP objects have been modified by
the customer. The assumption is that if you requested an object access key, you will be
modifying the object.
+RZ
See the following sections for registering a developer and registering an SAP object.
5HJLVWHULQJD'HYHORSHU
To modify an SAP object, the developer needs to be registered with SAP. A developer, once
registered for the installation, does not have to register again.
:K\
Only an SAP-registered developer can make changes to SAP objects. Restricting access to
registered developers provides a record of who has made changes to the system.
+RZ
Release 4.6A/B
21–22
Chapter 21: SAPNet–R/3 Frontend
Registering a Developer or Object
*XLGHG7RXU
'HYHORSHU5HTXHVWV'HYHORSHU.H\
1. This screen is seen by the
developer when a developer key is
required.
a. If the developer Access key is
blank, you need to obtain a
developer access key. b
b. Give the developer User name a
(2) to the system administrator
to get a developer access key.
7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\
1. From the main SAPNet–R/3
screen, choose Registration.
Release 4.6A/B
21–24
Chapter 21: SAPNet–R/3 Frontend
Registering a Developer or Object
(QWHUWKH'HYHORSHU.H\
In the development system:
1. In the User name Access key field,
the developer enters the key
received from the system
administrator.
The easiest way to enter the developer key is to use “copy and paste.” This function can
be done either:
< From screen to screen
< Into an intermediate file using a text editor, such as Notepad (NT) or vi (UNIX)
5HJLVWHULQJDQ2EMHFW
:K\
Registering an SAP object provides a record of which SAP objects have been modified by
the customer. The assumption is that if you requested an object access key, you will be
modifying the object. If the customer modifies an object and problems arise, resolving the
problem may be the customer’s responsibility. If an object is not modified and problems
arise, resolving the problem is SAP’s responsibility.
+RZ
*XLGHG7RXU
Release 4.6A/B
21–26
Chapter 21: SAPNet–R/3 Frontend
Registering a Developer or Object
7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\
1. On the main SAPNet–R/3 screen,
choose Registration.
Release 4.6A/B
21–28
Chapter 21: SAPNet–R/3 Frontend
Registering a Developer or Object
(QWHUWKH2EMHFW.H\
The developer completes this step:
1. In Access key, the developer enters
the object key received from the
system administrator.
The easiest way to enter the developer key is to use the “copy and paste” function. Copy
and paste can be done either from screen to screen or into an intermediate file using a
text editor, such as Notepad (NT) or vi (UNIX).
2SHQLQJD6HUYLFH&RQQHFWLRQ
:KDW
:K\
< SAPNet Hotline personnel use the connection to remotely examine and diagnose your
system while investigating your question or problem.
< EarlyWatch consultants use the connection to remotely review performance and system
configuration.
1RWHYou can only specify the length of time for a connection to remain open, not the
start time.
To schedule the time when a service connection will open, you must apply SAP note
170102. This note is valid back to Release 3.1G.
2UGHURI$FFHVVWR6\VWHPV
< Try to first duplicate the problem in your development or test server, and have SAP
access that server first.
< As a last resort, and only if the problem cannot be duplicated on the development or test
server, grant access to the production server.
:K\
Problem solving may require making an entry into the system to observe the problem.
Testing is not an activity that should be done in the production system. Entering test data,
even if “reversed,” could affect operational statistics. If the problem is basis related, an
“accident” could result in a disaster. The Service Connection function has changed in
September 1999.
Release 4.6A/B
21–30
Chapter 21: SAPNet–R/3 Frontend
Opening a Service Connection
*XLGHG7RXU
Release 4.6A/B
21–32
Chapter 21: SAPNet–R/3 Frontend
Opening a Service Connection
11
10
12
13
Release 4.6A/B
21–34
Chapter 21: SAPNet–R/3 Frontend
Opening a Service Connection
To schedule the time when a service connection will open, you must apply SAP note 170102.
This note is valid back to Release 3.1G.
14
Release 4.6A/B
21–36
&KDSWHU 5HPRWH6HUYLFHV
&RQWHQWV
Overview ................................................................................................................22–2
Retrieving Files from SAP, SAPSERV4 ..............................................................22–2
EarlyWatch Session............................................................................................22–14
2YHUYLHZ
In this chapter, readers will learn about SAPSERV4 and EarlyWatch. The information in this
chapter should help the user understand how to:
< Retrieve files from SAP and SAPSERV4
< Connect to SAPSERV4
< Download files
< Arrange for an EarlyWatch session
5HWULHYLQJ)LOHVIURP6$36$36(59
:KDW
SAPSERV is a series of servers that contain patches and other downloadable files for
customers. In this guidebook, we specifically discuss the U.S. server, SAPSERV4. The
difference between the various SAPSERV servers is the name, the IP address, and the
location (see table below). At present, we are not aware of any plans to move this
functionality to SAPNet–Web.
:K\
Release 4.6A/B
22–2
Chapter 22: Remote Services
Retrieving Files from SAP, SAPSERV4
:KHUH
If you cannot connect to SAPSERV4, you may not be on the machine where SAProuter is
installed.
The SAProuters at SAP are configured to only recognize their counterpart SAProuter on the
customer’s side. Therefore, you must connect from the computer where the SAProuter is
installed and running.
17
81,;
+RZ
You can connect to, navigate within, and download files from SAPSERV4 using:
< Command prompt
< Windows FTP GUI client
< Internet browser
For ease of use and navigation, use an FTP GUI client to access SAPSERV.
&RQQHFWLQJWR6$36(598VLQJD*8,17
Using an FTP GUI client is much easier than using the command prompt.
In this guidebook, we use only one of the many available FTP clients. Other FTP clients are
listed in the resources section of appendix A. SAP does not endorse any particular product.
Also, it is your responsibility to perform compatibility testing to determine if the software
you select functions on your system without conflict (for example, without crashing the
system).
3UHUHTXLVLWHV
$Q([DPSOHRIDQ)73&OLHQW
*XLGHG7RXU
Release 4.6A/B
22–4
Chapter 22: Remote Services
Retrieving Files from SAP, SAPSERV4
&RQQHFWLQJWR6$36(598VLQJWKH&RPPDQG3URPSW
1DYLJDWLQJLQ6$36(59
SAPSERV4 is a UNIX server.
< UNIX differences to remember for NT users:
UNIX is a case-sensitive operating system, NT is not. When navigating in SAPSERV4
or downloading a file, enter the directory or filename exactly as it is displayed (for
example, Rel40B is not the same as rel40b).
UNIX commands differ from NT commands (for example, dir [NT] = ls [UNIX] ).
< Important UNIX commands:
ls List (similar to the dir command in NT and DOS)
cd Change directory (similar to the cd command in NT and DOS)
get Get or download a file
bin Switch to binary mode, to download programs
bye Log off
&RQQHFWLQJDWWKH&RPPDQG3URPSW
*XLGHG7RXU
Both UNIX and NT use a command prompt window, and the commands entered are the same. The NT
command prompt window is shown in the following example.
The directory you are currently in is the directory into which file will be downloaded. To
download the file to a different directory, change to that directory after you open the
command prompt window and before you enter the FTP command.
Release 4.6A/B
22–6
Chapter 22: Remote Services
Retrieving Files from SAP, SAPSERV4
In NT, to increase the screen buffer size and prevent the text from scrolling off the screen:
1. On the NT desktop, choose My Computer → Control Panel → Console→ Layout tab.
2. Under screen buffer size, increase the height to 100.
Release 4.6A/B
22–8
Chapter 22: Remote Services
Retrieving Files from SAP, SAPSERV4
'RZQORDGLQJ)LOHV
< Download patches, kernels, transports, and other files in binary format.
< Many of the files are in *.CAR archives.
Use the CAR program to unpack these files (see Unpacking a CAR file on page 22–13).
*XLGHG7RXU
3DUWLDO2UJDQL]DWLRQRI6$36(59
Not all directories on SAPSERV4 are listed or expanded. For those that are similar (release, database,
operating system), only one is expanded in detail. Over time, the directory structure may change or be
reorganized. See below for the SAPSERV4 structure.
Release 4.6A/B
22–10
Chapter 22: Remote Services
Retrieving Files from SAP, SAPSERV4
R3server
abap
note.* corrections specific to a note number
binaries
NT
support
i386
UNIX
languages
Note.*-------------------------specific note numbers
patches -----------------------------------R/3 patches, where most of the downloads will be
COMMON ------------------Kernel, release-independent programs
NT
i386 ---this dir has car.exe, sappad.exe, tar.exe
OS400
UNIX
NT
ALPHA
I386 ---------------this dir has car.exe, sappad.exe, tar.exe
MSSQL
rel31H
rel31I
rel40A
rel40B -----------------------Kernel release, OS, hardware, db specific programs
NT
I386
MSS --------------MS SQLserver
ORA --------------Oracle
OS400
UNIX
AIX
DEC
HPUX
ORA
HPUX_SHM
RELIANT
SOLARIS
rel45A
Release 4.6A/B
22–12
Chapter 22: Remote Services
Retrieving Files from SAP, SAPSERV4
8QSDFNLQJD&$5)LOH
:KDW
A CAR file is a packaged file similar to a zip file. Like a zip file, a CAR file may contain
more than one file. SAP delivers transports, patches, and other programs and files in CAR
files. To use the contents of these files, you must unpack them using car.exe.
3UHUHTXLVLWHV
1. Get car.exe from SAPSERV4 (for the latest version) or from the directory
NT: \usr\sap\<sid>\sys\exe\run\
UNIX: /usr/sap/<sid>/SYS/exe/run
If your version of the CAR program is older than six months, replace it with the latest
version.
2. Create an “unpacking” directory where you “unpack” files (for example, d:\sap\unpack).
3. Copy the file car.exe into this directory.
8QSDFNLQJD)LOH
*XLGHG7RXU
To reduce confusion:
< Begin the “unpacking” session with only the car.exe program in the unpacking
directory.
< Handle only one CAR file at a time.
Complete everything for that file before proceeding to the next file.
1. Copy the file to be unpacked into the unpacking directory (for example, sapdba_64.car).
2. Open a command prompt window.
3. Change to the unpacking directory.
6SHFLDO6$31HW1RWHV
Note # Function
(DUO\:DWFK6HVVLRQ
:KDW
The underlying concept of EarlyWatch is to prevent problems before they occur or escalate.
EarlyWatch diagnoses a system’s potential problems and resource bottlenecks so they can
be resolved in advance.
During an EarlyWatch session, performance experts log on to your system (into client 066)
to monitor its performance, review its performance-related configuration settings, and
recommend changes to your system.
Analysis is done in five areas:
< R/3 configuration
< R/3 application
< Server
< Workload
< Database
EarlyWatch applies only to the production system, not the development system. The goal is
for satisfactory online performance, not background performance. A system, other than the
Release 4.6A/B
22–14
Chapter 22: Remote Services
EarlyWatch Session
:K\
:KHQ
< A couple of months after going live
< After implementing significant changes to your system, such as:
New modules
Expansion of existing modules
Addition of significant numbers of users to the system
These and similar items change the workload to the system. This change could render
the existing EarlyWatch parameters inapplicable. As your system or company
conditions change, we recommend that you request a new EarlyWatch session.
You do not have to do an EarlyWatch session if your system or company conditions have
remained the same.
1RWH The target response is “less than 1 second,” which excludes the network delay
from the user’s PC to the R/3 System. This delay is outside the scope and control of SAP.
+RZ
1. The customer contacts SAP to arrange for an EarlyWatch session at:
SAP America, Inc. EarlyWatch
600 East Las Colinas Blvd, Ste. 2000
Irving, TX 75039
Tel.: (800) 677-7271 or (972) 868-2094
FAX: (972) 868-2108
2. There are prerequisites to an EarlyWatch session and you will be advised of them.
These prerequisites may require technical assistance to apply.
3. The customer opens the SAP service connection to the production system for
EarlyWatch.
4. EarlyWatch connects to client 066 on the production system via SAP service connection
to gather data and record configuration. Client 066 is reserved exclusively for
EarlyWatch.
5. Once the customer’s system is analyzed, a report is generated and sent to the customer.
Recommendations may be at any of three levels:
< R/3 System
< Database
< Operating system
6. The customer reviews the report and recommendations.
If you have any questions about the report, discuss them with the EarlyWatch analyst.
If a recommended change seems drastic or does not make sense, discuss it with the
analyst before proceeding. Mistakes have been made.
Try to understand the recommendations made by EarlyWatch. As a system
administrator, the R/3 System is your responsibility.
Release 4.6A/B
22–16
&KDSWHU 6SHFLDO0DLQWHQDQFH
&RQWHQWV
Overview ................................................................................................................23–2
Changing System Profile Parameters (Transaction RZ10) ...............................23–2
Support Packages...............................................................................................23–11
Kernel Upgrade ...................................................................................................23–40
Client Copy ..........................................................................................................23–42
Production Refresh Strategies ..........................................................................23–56
2YHUYLHZ
In this chapter, the reader will learn about special maintenance. This topic includes the
following:
< Kernel upgrade
< Client copy
< Production refresh strategies
&KDQJLQJ6\VWHP3URILOH3DUDPHWHUV7UDQVDFWLRQ5=
:KDW
The system profile parameters are what R/3 uses when it starts up. Parameters may define
how many of each work process to create, the minimum length of the user password, etc.
The system uses the following three parameters:
< Start
This parameter defines which R/3 services are started.
< Default
This parameter defines the profile for all instances in the system.
< Instance
This parameter defines the profile for the specific instance, which allows individual
application servers to be configured differently for specific tasks and users.
:K\
Change a value only for a specific purpose and only with proper knowledge of what is
being changed and why it is being changed.
Before making changes to the system profiles, make certain that you have a recent, usable
copy of the system profile files. This backup is your last line of defense if a profile change is
made that results in R/3 not being able to start.
Release 4.6A/B
23–2
Chapter 23: Special Maintenance
Changing System Profile Parameters (Transaction RZ10)
*XLGHG7RXU
Use the instance profile to make the parameters of a specific application server “different”
than the other servers for specific reasons (for example, a batch application server).
Release 4.6A/B
23–4
Chapter 23: Special Maintenance
Changing System Profile Parameters (Transaction RZ10)
The point where you insert the new profile parameter has no effect on the process.
But, to make it easier to read, you may want to group or order the parameters (for
example, group the logon parameters together).
Once you enter the profile parameter, it cannot be easily moved to another location.
Therefore, be careful where you choose to insert it.
10
14
16
Release 4.6A/B
23–6
Chapter 23: Special Maintenance
Changing System Profile Parameters (Transaction RZ10)
18
20
22
24. In Version, note the profile’s version
number. 25
25. Choose Save.
24
26
Release 4.6A/B
23–8
Chapter 23: Special Maintenance
Changing System Profile Parameters (Transaction RZ10)
27. Choose .
27
28. Choose .
28
29
32
Release 4.6A/B
23–10
Chapter 23: Special Maintenance
Support Packages
6XSSRUW3DFNDJHV
:KDW
1RWH
< Hot Packages are now known as R/3 Support Packages
< Legal Change Patches (LCP) are known as R/3 HR Support Packages
A Support Package is a collection of corrections that address serious errors in the ABAP
repository. These corrections affect the Basis and functional areas. There are defined rules
about what kind of fixes should be (and are) included in a Support Package. Some rules are
technical while other rules are policy.
A Support Package is not a cumulative fix for application modules. You must still get and
apply the notes for the functional modules. However, since Support Packages contain
patches for the various functional areas, some of the notes may be applied in the Support
Package. The Support Package is not supposed to contain functional enhancements, but this
is not always the case.
:K\
The purpose of a Support Package is to fix problems before they become problems.
:KHQ
There is a conflict about when Hot Packages should be (and are) applied:
< To prevent serious problems, SAP’s position is that customers should apply all Support
Packages as they are released..
< The position of many customers is that all system changes must be regression tested.
This stance, with the frequency of Support Package releases, results in the Support
Packages not being applied.
The reason is that the amount of testing required cannot be done continuously
This customer position is not unique to SAP and has been taken by many customers
since the early days of computing.
SAP development is working on ways to make Support Package application easier.
1RWH As of Release 4.5, Hot Packages have been separated from the HR Legal Change
Patch (HR LCP). This separation allows LCPs to be applied quickly, to be in legal
compliance, and not applying Support Packages before they are scheduled to be applied.
Before Release 4.5, the LCP contained the Hot Packages; applying a LCP also meant
applying the Hot Package.
6WUDWHJ\
Obtain the notes related to the Support Package, and review what it fixes:
< If there is nothing in the Support Package that applies to you, do not apply it.
< If there is something in the Support Package that applies to you:
Determine if the entire Support Package (or just the note) must be installed.
If the Support Package is to be installed, treat the installation as a “mini-upgrade.”
+LJK/HYHO3URFHVVRI$SSO\LQJ6XSSRUW3DFNDJHV
Steps 4 through 9 assume that the Support Package is to be applied and are repeated
for all Support Packages that are to be applied at the current time.
4. Obtaining the Support Package
Depending on the size of the Support Package, it can be obtained three ways:
< Download it from the SAPNet–R/3 (formerly OSS).
This option is size limited, so large Support Packages cannot be downloaded via
SAPNet–R/3.
< Download it from SAPNet–Web.
< Upload it from the Support Package collection on CD.
The Support Package collection contains all Support Packages available at that
point in time.
Download from SAPNet – R/3 Download from SAPNet –Web Support Package collection on CD
(OSS)
Release 4.6A/B
23–12
Chapter 23: Special Maintenance
Support Packages
'HWHUPLQLQJ:KDW6XSSRUW3DFNDJHV+DYH%HHQ$SSOLHG
*XLGHG7RXU
0HWKRG
Release 4.6A/B
23–14
Chapter 23: Special Maintenance
Support Packages
*HWWLQJ,QIRUPDWLRQRQWKH6XSSRUW3DFNDJHIURP6$31HW²5
*XLGHG7RXU
1. Choose Service.
2. Choose SAP Patch Service.
3. Choose R/3 support packages.
1
2
Release 4.6A/B
23–16
Chapter 23: Special Maintenance
Support Packages
7R9LHZ$OO1RWHV
1. Right-click anywhere on the
screen.
2. Select Download list from the
popup menu (not shown).
3. Select unconverted.
4. Choose .
Release 4.6A/B
23–18
Chapter 23: Special Maintenance
Support Packages
7 8
10
1RWH The duration of the download depends on the number of notes addressed by the Support
Package. It could take 20 minutes (or more) to download the notes for a large Support Package.
13
Release 4.6A/B
23–20
Chapter 23: Special Maintenance
Support Packages
7R9LHZD6SHFLILF1RWH
1. Double-click the node (+) to
expand an individual branch (for
example, BC). 1
5HTXHVWLQJ63$0RUD6XSSRUW3DFNDJHIURP6$31HW²5
*XLGHG7RXU
1. Choose Service.
2. Choose SAP Patch Service.
3. Choose R/3 support packages.
1
2
3
Release 4.6A/B
23–22
Chapter 23: Special Maintenance
Support Packages
3UHUHTXLVLWH
The Support Package(es) must have been requested for the system/<sid> to which you are
downloading it.
*XLGHG7RXU
1. Log on to client 000, under any user that has the SAP* equivalent authorizations.
2. In the Command field, enter transaction SPAM and choose Enter
(or from the SAP standard menu, choose Tools → ABAP Workbench → Utilities → Maintenance →
SPAM-Patches).
3. Choose .
Release 4.6A/B
23–24
Chapter 23: Special Maintenance
Support Packages
Make sure that the directory /usr/sap/trans/EPS/in has enough space to download the Hot
Package.
8SORDGLQJWKH6XSSRUW3DFNDJHIURPD&'RU6$31HW²:HE
Large Support Packages (those too large to download from the SAPNet–R/3) are available
via the following two methods:
< Support Package Collection CD
< SAPNet–Web
SAP periodically releases a Support Package Collection CD, which contains all the released
Support Packages up to a certain date.
6XSSRUW3DFNDJH&ROOHFWLRQ&'
1. Load the CD containing the patches.
2. Log on to the operating system as:
< NT: <SID>adm
< UNIX: <sid>adm
3. Change to the transport directory.
< NT: <drive>:\usr\sap\trans
< UNIX: /usr/sap/trans
4. Unpack the patch archive.
< NT: CAR –xvf <CD_drive>:\<PATH>\<ARCHIVE>.CAR
< UNIX: CAR –xvf /<CD_DRIVE>/<PATH>/<ARCHIVE>.CAR
6$31HW²:HE
1. Log on to the operating system as:
< NT: <SID>adm
< UNIX: <sid>adm
2. Copy the downloaded patch files (example kh46a02.car) into an “unpack” directory.
3. Unpack the patch file by entering:
car –xvf <patch-file>
4. Copy the unpacked files from the EPS\in directory to the directory to upload patches:
< NT: <drive>:\usr\sap\trans\eps\in
< UNIX: /usr/sap/trans/eps/in
Release 4.6A/B
23–26
Chapter 23: Special Maintenance
Support Packages
*XLGHG7RXU
The next step is to upload the patch from the operating system into R/3.
1. Log on to client 000, under any user that has SAP*-equivalent authorizations.
2. In the Command field, enter transaction SPAM and choose Enter
(or from the SAP standard menu, choose Tools → ABAP Workbench → Utilities → Maintenance →
SPAM-Patches).
3. From the menu bar, choose
3
Patch → Upload.
4. Choose .
Release 4.6A/B
23–28
Chapter 23: Special Maintenance
Support Packages
8SGDWLQJ63$0
3UHUHTXLVLWHV
< The R/3 System should not be active, which means that no:
Users are logged on
Jobs are running
< All application servers should be shut down.
< The current SPAM update should have been downloaded from either SAPNet-R/3 or
from SAPNet–Web.
< When using SAPNet–Web, the unpacked SPAM update files (.ATT and .PAT) should
have been moved to the /usr/sap/trans/EPS/in subdirectory.
If a SPAM update is available, apply it before any Support Packages. Some Support
Package changes require the new SPAM program to properly update the system.
*XLGHG7RXU
Log on to client 000, under any user that has SAP*-equivalent authorizations (not SAP*).
1. In the Command field, enter transaction SPAM and choose Enter
(or from the SAP standard menu, choose Tools → ABAP Workbench → Utilities → Maintenance→
SPAM-Patches).
2. To upload the SPAM update file,
from the menu bar, choose Patch→
2
Import SPAM update.
3. Choose .
4. Choose .
Release 4.6A/B
23–30
Chapter 23: Special Maintenance
Support Packages
10
$SSO\LQJWKH6XSSRUW3DFNDJH
3UHUHTXLVLWHV
< The R/3 System should not be active, so no:
Users are logged on
Jobs are running
< All application servers should be shut down.
< The current SPAM update should have been downloaded from SAPNet and applied.
< The following programs should be updated to the latest version:
r3trans
tp
< The Hot Package should have been downloaded from SAPNet or uploaded from the
CD.
*XLGHG7RXU
1. Log on to client 000 under any user that has SAP*-equivalent authorizations (not SAP*).
2. In the Command field, enter transaction SPAM and choose Enter
(or from the SAP standard menu, choose Tools → ABAP Workbench → Utilities → Maintenance→
SPAM-Patches).
$GGLQJWKH+RW3DFNDJHWRWKH3DWFK4XHXH
Release 4.6A/B
23–32
Chapter 23: Special Maintenance
Support Packages
'HILQHWKH3DWFK4XHXH
$SSO\LQJWKH+RW3DFNDJH
3. Choose .
4. Choose .
1RWH Depending on the size of the Hot Package, the patch application process could run for a long
time.
Release 4.6A/B
23–34
Chapter 23: Special Maintenance
Support Packages
&KHFNWKH3DWFK/RJ
1. Choose .
&RQILUPWKH3DWFK
1. Choose .
The next Hot Package cannot be
applied until the previous one is
1
confirmed.
Release 4.6A/B
23–36
Chapter 23: Special Maintenance
Support Packages
9HULI\WKH3DWFK$SSOLFDWLRQ
2EMHFW&RQIOLFWV
:KDW
Object conflicts occur when SAP objects (such as programs, tables, etc.) that you modified
are included in a Support Package.
:K\
If an object has been modified by you and is being changed in the Support Package, you
could lose your modifications. This problem usually occurs with an “advanced correction,”
where a fix is incorporated in a future release of the R/3 System, and the advanced
correction is available before the future release.
([DPSOH
If you are on Release 4.0B and experience a problem. Your problem has already been
fixed in a higher release (for example, Release 5.0).
You do not have to wait for the upgrade. The fix is available now for you to make as an
advanced correction to your system. Support Packages may not always include this
correction. Thus, after applying the package, you may have to reapply the correction.
+RZ
< Determine if the change is (or is not) included in the Support Package by:
Reviewing the code comparison (transaction SPAU)
Checking if the advanced correction is from a future release
If so, it probably will not be included in the Support Package.
Checking if the change is your own modification
< If the change is included in the Support Package, return to the SAP standard, which will
simplify future system maintenance.
< If the change is not included in the Support Package:
1. Check to see what needs to be done to reapply the modification.
2. Apply the modification.
3. Test the modification.
This process is the same as that performed during an upgrade.
Release 4.6A/B
23–38
Chapter 23: Special Maintenance
Support Packages
5HJUHVVLRQ7HVWLQJ
Regression testing is necessary because many objects in many functional areas may be
affected by changes from a Hot Package. All functional areas must perform regression tests
to verify that a Hot Package does not create new problems as it fixes old ones. A Hot
Package is a “mini-upgrade,” especially if it is large (for example, Release 4.0B, Hot Package
10).
All existing processes should continue to function as they did before the Hot Package was
applied. A review of the notes related to a Hot Package indicates what specific tests need to
be performed by the technical and functional team. As during the implementation, the
functional teams should have a script of test procedures to test the system. This script could
also be used in the regression test.
8VHIXO6$31HW²5)URQWHQG1RWHV
SAP Note # Description
.HUQHO8SJUDGH
:KDW
The kernel upgrade process is the replacing of operating system level files (the kernel files)
with updated versions of these files.
< Special notes on the kernel version:
It is now independent of the R/3 release.
The kernel is backward compatible, which means that a user could be running a
Release 3.0F with a 3.1I kernel.
If you are on a release before 3.1I, review documentation to determine which kernel
version is applicable to your release.
You must remember the R/3 release and kernel version you are running. After the kernel
is upgraded, apply kernel patches for the upgraded version of the kernel. Do not apply
kernel patches for the old version of the kernel.
When getting which patches, remember that your R/3 release stays the same, regardless of
which version your kernel changes to. On rare occasions, a SAP note instructs you to apply
a fix based on the R/3 release of the system; not the kernel version.
All servers in a system must be on the same version of the kernel.
:K\
Kernel upgrades are normally done to fix “bugs” or other problems in the kernel. Some
kernel upgrades provide enhanced functionality.
+RZ
Release 4.6A/B
23–40
Chapter 23: Special Maintenance
Kernel Upgrade
&OLHQW&RS\
:KDW
The client copy function copies client-dependent customizing and data. Client copy allows
the copy or transport of the complete customizing environment from a source client to a
target client within the same system (instance) or to another system.
Client copy is not meant to copy client-independent objects, such as ABAP programs and
table structures. If a table is changed to add an additional field, and the added field is then
populated with data, the table change is not copied to the target system. Thus, the data in
the additional field is not copied.
6SHFLDO1RWHV
Read the current online documentation on client copy. The client copy programs and
functionality improve and change significantly with each new release.
Release 4.6A/B
23–42
Chapter 23: Special Maintenance
Client Copy
The developer of client copy maintains several informational SAP notes. Do a SAP note
search on component BC-CTS-CCO and search for notes beginning with CC*.
8VHIXO6$31RWHV
SAP Note # Description
3URFHVVLQJ1RWHV
During the copy process, do not work in the source client or the target client. The target
client is locked for all users except SAP* and DDIC.
Since large volumes of data are involved, copying a client could take several hours. If you
are copying a large productive client, the copy time could take upwards of a day. For client
copy of a large client, see SAP note 67205. Due to the long run time, the probability of an
abnormal termination due to external factors is high.
A client copy produces a large amount of log activity. If this directory runs out of space,
the database will stop. Turn off logging (i.e., truncate on checkpoint) or monitor the
filespace in the directory where the log file(s) is located.
6HFXULW\
To perform a client copy, the user ID of the person doing the copy must have the same authorizations in
the source client and in the target client. A system administrator with the same authorizations as user SAP*
will have all the required authorizations.
&UHDWLQJD&OLHQW
*XLGHG7RXU
3. Choose .
Release 4.6A/B
23–44
Chapter 23: Special Maintenance
Client Copy
7
Do not use clients: 000,001, or 8
066. These clients are reserved for
SAP. 9
Customizing allowed.
11. Under Protection: Client copier and
comparison tool, choose and select
the appropriate entry.
In this screen, we selected
Protection level 0: No restriction.
12. Under Restrictions, if CATTs are
allowed to be executed, select
Allows CATT processes to be started.
13. Choose Save.
14. The new client is listed.
In later steps, this new client may
be referred to as the “target
client.”
14
15. To log on to the “new client,” enter SAP* for the user and PASS for the password.
SAP* with the default password PASS is a known user ID password. Do not leave the
client in this condition for longer than absolutely needed. Once the client copy is
complete, verify that the passwords for all system user IDs in the new client are secure.
Release 4.6A/B
23–46
Chapter 23: Special Maintenance
Client Copy
&RS\LQJD&OLHQW
*XLGHG7RXU
&RS\LQJRQWKH6DPH6\VWHP6,'
To copy a client on the same system/<sid>, do a “local client copy.”
1. To log on to the “target client,” enter sap* for the user ID and pass for the password.
Be sure you are logged on to the correct target client. If you are on the wrong client, you
will destroy that client.
10
11
Release 4.6A/B
23–48
Chapter 23: Special Maintenance
Client Copy
13 14
16. Choose .
16
17. Choose .
17
&RS\LQJWRD'LIIHUHQW6\VWHP6,'
To copy a client to a different system/<sid>, do a “remote client copy.”
3UHUHTXLVLWH
Copying from one system to another using remote client copy uses the RFC interface,
therefore, there is no intermediate storage on disk.
*XLGHG7RXU
Be sure you are logged in to the correct target client. If you are on the wrong client, you
will destroy that client.
Release 4.6A/B
23–50
Chapter 23: Special Maintenance
Client Copy
8. Choose Continue.
3RVW&OLHQW&RS\7DVNV
< Secure the passwords for SAP* and DDIC in the new client.
If you copied the user master, the user IDs and passwords for those users have been
copied from the source client. When you create a new client, immediately change the
default passwords for user SAP*. The default password is well known and has been
posted on the Internet.
< Always have at least two administrative user IDs for each client, so you do not lock
yourself out of the client.
SAP* and DDIC should only be used for tasks that require those user IDs be used. A
better solution is to create an administrative user ID, which is a copy of the user SAP*.
'HOHWLQJD&OLHQW
To delete a client, there are two options:
< The Delete Client transaction, SCC5.
< The R3TRANS program (see SAP note 13391).
We recommend that you use SCC5 to delete the client.
Release 4.6A/B
23–52
Chapter 23: Special Maintenance
Client Copy
Before deleting a client, in the event of a major problem (for example, deleting the wrong
client), make certain you have a usable backup of the system.
'HOHWH&OLHQW7UDQVDFWLRQ
*XLGHG7RXU
Be sure you are logged in to the client you want to delete. If you are on the wrong client,
you will destroy that client.
8. Select Continue.
From this point, the process is the
same as scheduling a background
job.
5HYLHZLQJWKH&OLHQW&RS\/RJ
1. Log on to another client.
2
2. In the Command field, enter
transaction SM37 and choose Enter.
4
3. In User name, enter the user ID that
the client copy job was run under 3
(for example, garyn).
4. Choose Execute.
Release 4.6A/B
23–54
Chapter 23: Special Maintenance
Client Copy
3URGXFWLRQ5HIUHVK6WUDWHJLHV
Because data in the target system is being replaced, refreshing a system is an inherently
dangerous.
:KDW
Production refresh is where the other systems are refreshed with data from the production
system.
After the copy, actual production data exists in the test system. This data poses data
security issues which must be addressed by the various data owners. It is more critical if
the HR system is installed, because personnel records are sensitive. Financial, sales, and
other data may also be company sensitive.
:K\
:K\1RW
In the recent past, the standard procedure was to create your own test data. One major
reason was that disk storage space was expensive. Here are some are reasons for not to
refresh the system:
< Data storage is expensive
Even with cheaper disks, the volume of data more than makes up any savings.
With several copies of the entire production database, the total of all the databases
could approach a hundred gigabytes for a small company to a terabyte (or more) for
a large company.
< Data security
Data from the production system is “real.”
Even if it is old, it could be confidential and sensitive. The development and test
systems are, then, subject to the same high level of security as the production system.
Created test data is “fake” and everyone knows that.
There is much less issue with data confidentiality or sensitivity.
Release 4.6A/B
23–56
Chapter 23: Special Maintenance
Production Refresh Strategies
+RZ
'DWDEDVH&RS\RI3URGXFWLRQ6\VWHP
A database copy is done by copying the entire production database.
%HQHILWV
< The “refreshed” system will be a duplicate of the production system.
Client-independent changes will also be captured and copied to the target system.
< The copy can be made using standard backup tapes, so there is no impact on the
production system.
Making a copy also tests your backup and restore process.
'LVDGYDQWDJHV
< All revision history of the “refreshed” system is lost, which is usually:
Acceptable for the test/QA system
Not acceptable for the DEV system because version history is lost.
< The target database needs to be as large as the PRD database.
< After the copy, the target system must be reconfigured.
< The target system loses its client structure and become a duplicate of the client structure
of the PRD system.
If the PRD system has one client and the QAS system has three clients, after the database
copy, the QAS system will have one client. The other two clients are lost.
&OLHQW&RS\RIWKH3URGXFWLRQ6\VWHPZLWK'DWD
A client copy is done by performing a client copy of the active client from the PRD system
(instead of copying the entire database, like a database copy).
$GYDQWDJHV
< Unlike a database copy, the target system does not have to be reconfigured.
< The target system does not lose its client configuration.
'LVDGYDQWDJHV
< A client copy requires that the source and target systems are not in use during the copy.
Having both systems out of use may not be a practical action for many companies
because the amount of time required to do the copy could be significantly greater than
the amount of time that the production system can be “down.”
< If there are any client-independent objects (programs, table structures, etc.) that have
been changed and are not the same in the two systems, these objects will not be copied
(refer to the sections on Client Copy below).
&OLHQW&RS\RIWKH3URGXFWLRQ6\VWHP²:LWKRXW'DWD
In this option, only a basic client copy is performed (including customizing), but no master
or transactional data, and possibly no user data.
All test data is loaded into the new client using the following tools:
< Computer Assisted Test Tools (CATT)
< Data Transfer Workbench
$GYDQWDJHV
In addition to the benefits of the client copy above:
< You can control the data being loaded into the new client.
Data can be created to test specific items.
You are not subject to the randomness of real data to test specific items.
Real data may (or may not) have the appropriate data to test specific test items.
In this case, test data has to be created anyway.
'LVDGYDQWDJHV
These are the same as for a client copy with data above.
Release 4.6A/B
23–58
$SSHQGL[$8VHIXO7UDQVDFWLRQV
&RQWHQWV
8VHIXO7UDQVDFWLRQV
System administrators may find the following transactions useful. Although many of the
transactions are not discussed in this guidebook, we are listing them for your convenience.
Many of these transactions are for more “advanced” functions than targeted in the scope of
this guidebook.
7UDQVDFWLRQ&RGH6ZLWFKHV
/n<trans code> /nspad Exit the current transaction and
start the new transaction
/o<trans code> /ospad Open a new session (window) and
start the new transaction
7UDQVDFWLRQ&RGH7DEOH
The following are definitions of two of the column headers.
< Dangerous
These transactions are potentially damaging or fatal to the system if executed
incorrectly.
As a general rule, most of the Basis transactions are potentially damaging. Access to
these transactions should be restricted in all systems. Access to some of these
transactions should be even further restricted in the production system.
The problem with a table display occurs when the query does a “full table scan” for data.
When done on a large table, this query has serious impact on performance because the
system searches every record in the table to find those that meet the search criteria.
Release 4.6A/B
A–2
Appendix A: Useful Transactions
Useful Transactions
Release 4.6A/B
A–4
Appendix A: Useful Transactions
Useful Transactions
Release 4.6A/B
A–6
Appendix A: Useful Transactions
Useful Transactions
Release 4.6A/B
A–8
$SSHQGL[%8VHIXO5HVRXUFHVDQG3URGXFWV
&RQWHQWV
2WKHU6\VWHP$GPLQLVWUDWLRQ5HVRXUFHV
The references cited by no means represent an all inclusive listing of resources because SAP
training classes, guidebooks, white papers, and internet sites are constantly being created
and updated.
6$35HVRXUFHV
SAP books and CDs can be ordered from the SAP online store (http://shop.sap.com) or for
items with an SAP part number, from your SAP account executive. Books with ISBN
numbers can be ordered from Fatbrain (www.fatbrain.com/sap), Amazon (www.amazon.com)
or Barnes & Noble (www.bn.com).
Release 4.6A/B
B–2
Appendix B: Useful Resources and Products
Other System Administration Resources
%RRNV
&'V
< Accelerated SAP (ASAP)
While ASAP is an implementation project management methodology, production
system administration information is available on this CD.
< Knowledge Products
Knowledge products must be registered and a license installed (similar to saplicense),
before they can be used.
Technical Implementation and Operation Mgt 500-27903
SAP System Management 500-27391
SAP System Monitoring 500-25694
SAP Software Logistics 500-27393
SAP Database Administration – MS SQL server 500-25696
SAP Database Administration – Oracle 500-27392
SAP Database Administration – Informix 500-25695
SAP Database Administration – DB2-400 500-25697
SAP Database Administration – Adabas 500-29389
SAP Integration Technologies 500-25698
R/3 Interface Advisor 500-21636
< SAP Terminology Database 500-30826
< SAP Business Information Warehouse 500-29281
< SAP Interface Advisor, Rel 4.5 500-26902
< Computer Based Training (CBT)
Archiving CBT 500-20297
< R/3 Online Documentation
< Report Navigator (pre-Release 4.0)
See SAP Simplification Group’s web site, www.saplabs.com/simple
7UDLQLQJ&ODVVHV
In the U.S., call central registration at (888)-777-1SAP(1727) or visit SAP America’s training
web site, www.sap.com/usa/trainsupp for the most current class list.
/HYHO
SAP50 – R/3 Basis Technology
/HYHO²7HFKQLFDO&RUH&RPSHWHQFH
< BC310 – Windows NT/Oracle
< BC314 – Windows NT/MS SQL Server
< BC317 – Windows NT/DB2
< BC360 – UNIX/Oracle
< BC361 – UNIX/Informix
Release 4.6A/B
B–4
Appendix B: Useful Resources and Products
Other System Administration Resources
1HZV (YHQWV
< Press Release
< SAP INFO magazine
< Events (SAPPHIRE, TechEd, etc.)
< Media Library
SAP Knowledge Store
Media by Type
R/3 Online Documentation
6HUYLFHV
< Consulting Services
Individual Consulting Services, such as remote consulting, going live check, going live
functional upgrade, EarlyWatch, remote upgrade, conversion services, OS/DB
migration service, remote Euro conversion service, and remote archiving
< Education Services
Advanced Training Solution
SAP Standard Training
R/3 Knowledge Products
Computer Based Training
SAP TechNet, including software logistics, system management, system monitoring,
technical SD/CO/PP, DB Admin Oracle/Informix/MS SQL Server, ABAP
Development Workbench, data archiving, etc.
< SAP Team SAP Support Services
Release Information
• Release strategy
• Release notes
SAP Methodology & Tools
• ASAP
• Ready to Run R/3
• Sizing
• Interface Advisor
• Outsourcing
• Legacy System Migration Workbench
< Online Services
Installation/Upgrades
• License keys
• Installation/Upgrade guides
• Sizing
Customer data
• User Administration
Modifications
• SSCR (SAP Software Change Registration)
• Object registration
• Developer registration
SAP Online Correction Support
• Download
• SPAM
Release 4.6A/B
B–6
Appendix B: Useful Resources and Products
Other System Administration Resources
7KLUG3DUW\5HVRXUFHV
The following list of books is not all inclusive. There are good books that are not listed here.
Also, no one book will provide you with all the information you need. You will typically
need several books in each category in your library.
A listing of these books does not constitute an endorsement by SAP. This listing is provided,
as a starting point, for your convenience. We recommend you check with your vendors
(hardware, operating system, database, and other) and the various book sources (both
online and in stores) and for additional titles.
%RRNV
5
%\6$3
Brand, Hartwig. 1999. SAP R/3 Implementation with ASAP, The Official SAP Guide. Sybex.
(Release 4.0) (ISBN: 0-7821-2427-5)
*This book is about technical/Basis implementation.*
Buck-Emden, Rüdiger; and Jürgen Galimow. 1996. SAP R/3 System, A Client/Server
Technology. Addison-Wesley. (ISBN: 0-201-40350-1)
McFarland, Sue and Susanne Roehrs. 1999. SAP R/3 Software Logistics, The Official SAP Guide.
Sybex. (Release 4.0/4.5) (ISBN: 0-7821-2564-6)
Schneider, Thomas. 1999. SAP R/3 Performance Optimization: The Official SAP Guide. Sybex.
(Release 4.x) (ISBN: 0-7821-2563-8)
Will, Liane. 1998. SAP R/3 System Administration: The Official SAP Guide. Sybex. (Release 4.0)
(ISBN: 0-7821-2426-7)
7KLUG3DUW\$XWKRUV
Hernandez, Jose. 1999. SAP R/3 Administrator’s Handbook, Second Edition. Osborne.
(Release 4.x) (ISBN: 0-07-135413-1)
1997. The SAP R/3 Handbook. McGraw-Hill. (Release 3.x, Oracle, and UNIX)
(ISBN: 0-07-033121-9)
Hirao, Joey; and Jim Meade. 1999. SAP R/3 Administration for Dummies. IDG. (Release 3.x)
(ISBN: 0-7645-0375-8)
Parkinson, Robert; Johan Marneweek. 1999. Basis Administration for SAP. Prima.
(Oracle, and UNIX) (ISBN: 0-7615-1887-8)
Prince, Dennis. 1998. Supporting SAP R/3. Prima. (ISBN: 0-7615-1750-2)
Will, Liane; Christiane Hienger, Frank Strassenburg, and Rocco Himmer. 1998. SAP R/3
Administration Addison-Wesley. (Release 3.x) (ISBN: 0-201-92469-2)
81,;
Arick, Martin. 1995. Unix for DOS Users. John Wiley & Sons. (ISBN: 0471049883)
Frisch, Æleen. 1998. Essential Systems Administration: Help for Unix System Administrators.
O’Reilly. (ISBN: 1-56592-127-5)
Nemeth, Evi., [et al.]. 1995. Unix System Administration Handbook. Prentice Hall.
(ISBN: 0-13-151051-7)
Pugh, Kenneth. 1994. Unix for the MS-DOS User. Prentice Hall. (ISBN: 0-13-146077-3)
Siegert, Andreas. 1996. The AIX Survival Guide. Addison-Wesley. (ISBN: 0-201-59388-2)
17
Enck, John (Editor). 1998. Windows NT Magazine, Administrator’s Survival Guide, Volume 1.
Duke Communications. (ISBN: 188241988X)
Frisch, Æleen. 1998. Essential Windows NT System Administration. O’Reilly.
(ISBN: 1-56592-274-3)
Leber, Jody; Jody Schivley, and Robert Denn (Editor). 1998. Windows NT Backup & Restore.
O’Reilly. (ISBN: 1-56592-272-7)
McMains, John; and Bob Chronister. 1998. Windows NT Backup & Recovery. Osborne
McGraw-Hill. (ISBN: 0-07-882363-3)
Jumes, James (Editor);Neil F. Cooper, and Todd M. Feinman. 1998. Microsoft Windows NT 4.0
Security, Audit, and Control (Microsoft Technical Reference). Microsoft Press.
(ISBN: 1-57231-818X)
Microsoft Corporation. 1996. Microsoft Windows NT Server Resource Kit: for Windows NT
Server Verison 4.0. Microsoft Press. (ISBN: 1-57231-3447)
1997. Microsoft Windows NT Server Resource Kit Verison 4.0, Supplement Two. Microsoft
Press. (ISBN: 1-57231-6268)
1994. Windows NT 3.5 Guidelines for Security, Audit, and Control. Microsoft Press.
(ISBN: 1-55615-814-9)
Minasi, Mark. 1997. Mastering Windows NT Server 4, 5th Edition. Sybex. (ISBN 0-7821-2163-2)
Release 4.6A/B
B–8
Appendix B: Useful Resources and Products
Other System Administration Resources
Pearce, Eric; Robert Denn (Editor), and Beverly Scherf. 1997. Windows NT in a Nutshell: A
Desktop Quick Reference for Systems Administrators. O’Reilly. (ISBN: 1-56592-251-4)
Rutstein, Charles. 1997. Windows NT security: A Practical Guide to Securing Windows NT
Servers and Workstations , McGraw-Hill (ISBN: 0-07-057833-8)
Siyan, Karanjit. 1997. Windows NT Server 4: Professional Reference. New Riders Publishing.
(ISBN: 1-56205-805-3)
IBM. 1998. The System Administrator’s Companion to AS/400 Availability and Recovery. IBM.
(ISBN: 0-73840-038-6) (part# : SG24-2161-00)
0LFURVRIW64/6HUYHU
Baird, Sean; Chris Miller, and Michael Hotek. 1998. SQL Server System Administration.
Macmillan. (ISBN: 1-562059556)
Dalton, Patrick. 1997. SQL Black Book (v6.5). Coriolis Group Books. (ISBN: 1-57610-149-5)
Microsoft Corporation. 1998. Microsoft SQL Server 7.0 System Administration Training Kit.
Microsoft Press. (ISBN: 1572318279)
Prathak, Paritosh. 1998. Administering SQL Server 7. Osborne McGraw-Hill.
(ISBN: 0-07-134168-4)
Rankins, Ray., [et al.]. 1998. SQL server 6.5 unleashed (3rd edition). Sams. (ISBN: 0-672-31190-9)
Soukoup, Ron; Kalen Delaney. 1999. Inside Microsoft SQL Server 7.0. Microsoft Press.
(ISBN 0-735605173)
Spenik, Mark; and Orryn Sledge. 1998. Microsoft SQL Server 7 DBA Survival Guide. Sams.
(ISBN: 0-672-31226-3)
1996. Microsoft SQL Server 6.5 DBA Survival Guide. Sams. (ISBN: 0-672-30959-9)
Talmage, Ron. 1999. Microsoft SQL Server 7 Administrator’s Guide. Prima. (ISBN: 0-7615-1389-2)
,QIRUPL[
Doe, Charleton. 1997. Informix OnLine Dynamic Server Handbook, 1/e. Prentice Hall.
(ISBN: 0-13-605296-7)
Informix Software, Inc. 1996. Evolution of the High Performance Database, 1/e. Prentice Hall.
(ISBN: 0-13-594730-8)
1996. Informix Performance Tuning, 2/e. Prentice Hall. (ISBN: 0-13-239237-2)
Lumbley, Joe. 1999. Informix DBA Survival Guide, Second Edition. Prentice-Hall.
(ISBN: 0-13-079623-9)
McNally, John (Editor); Glenn Miller, Jim Prajesh, Jose Fortuny, and Robert Donat. 1997.
Informix Unleashed. Sams. (ISBN: 0-672-30650-6)
'%
Bullock, Diane; Jonathan Cook; et al. 1999. DB2 Universal Database and SAP R/3, Version 4.
Prentice-Hall. (ISBN: 0-13-082426-7)
IBM. 1997. IBM DB2 for AIX and SAP R/3 Administration Guide. IBM. (ISBN: 0-73840-990-1)
(part# : SG24-4871-00)
2UDFOH
Adkoli, Anand, and Rama Velpuri. 1998. Oracle NT handbook. Osborne. (ISBN: 0-07-211917-9)
Ault, Michael. 1997. Oracle8 Administration & Management. Wiley & Sons. (ISBN 0471192341)
Corey, Michael., [et al.]. 1997. Oracle8 Tuning. Osborne McGraw-Hill. (ISBN: 0-07-882390-0)
Koch, Loney. 1997. Oracle8: The Complete Reference. Osborne McGraw-Hill.
(ISBN: 0-07-882396-X)
Loney, Kevin. 1997. Oracle8 DBA Handbook. Osborne McGraw-Hill. (ISBN: 0-07-882406-0)
Loney, Kevin; Noorali Sonawalla, and Eyal Aronoff. 1998. Oracle8 Advanced Tuning &
Administration. Osborne McGraw-Hill. (ISBN: 0-07-882534-2)
Spence, Greg. 1999. SAP R/3 and Oracle Backup and Recovery. Addison Wesley.
(ISBN: 0-201-59622-9)
Velpuri, Rama; and Anand Adkoli. 1998. Oracle8 Backup & Recovery Handbook. Osborne
McGraw-Hill. (ISBN: 0-07-882389-7)
1997. Oracle Troubleshooting. Osborne McGraw-Hill. (ISBN: 0-07-882388-9)
2WKHU7RSLFV
< Disaster Recovery
Corrigan, Patrick. 1994. LAN: Disaster Prevention and Recovery. Prentice Hall.
(ISBN: 0-13-015819-4)
Rothstein, Philip. 1995. Disaster Recovery Testing: Exercising Your Contingency Plan.
Rothstein Associates. (ISBN: 0-964164809)
Schreider, Tari. 1998. Encyclopedia of Disaster Recovery, Security & Risk Management.
Crucible. (ISBN: 0-966272900)
Toigo, Jon. 1995. Disaster Recovery Planning. John Wiley & Sons. (ISBN: 0-471121754)
< Security
Russell, Deborah; GT Gangemi Sr. 1992. Computer Security Basics; O’Reilly.
(ISBN: 0-937175-71-4)
< Scripting
Perl, www.perl.com
Hoffman, Paul. 1997. Perl 5 for Dummies. IDG. (ISBN: 0-7645-0044-9)
Schwartz, Randal; Tom Christiansen, and Larry Wall. 1997. Learning Perl, 2nd edition.
O’Reilly. (ISBN: 1-56592-284-0)
Schwartz, Randal; Erik Olson, and Tom Christiansen. 1997. Learning Perl on Win32
Systems. O’Reilly. (ISBN: 1-56592-324-3)
Srinivasan, Sriram. 1997. Advanced Perl Programming. O’Reilly. (ISBN: 1-56592-220-4)
Release 4.6A/B
B–10
Appendix B: Useful Resources and Products
Other System Administration Resources
6$36HUYLFH&RQQHFWLRQ
SAP service connection to SAP (rcPack):
HS Network Technologies
950 Tower Lane, 12th floor
Foster City, CA 94404 USA
Tel.: (650)-286-3018, FAX: (650)-287-3372
%XVLQHVV&RQWLQXDWLRQ
< Comdisco, www.comdisco.com
< Disaster Recovery Journal, www.drj.com
< DRI International, www.dr.org
< IBM Business Recovery Services
< SunGard Recovery Services, www.recovery.sungard.com
2UJDQL]DWLRQV
< Americas’ SAP Users’ Group (ASUG), www.asug.com
For customers in the Americas, ASUG is the only vehicle to submit requests for
upgrades and enhancement to SAP.
:HE6LWHV
6$3
< SAP, www.sap.com
< mySAP.com, www.mySAP.com
< SAPNet, www.sapnet.sap.com
Note: you need a SAPNet user ID to access SAPNet
< SAP America, www.sap.com/usa
< SAP America, training, www.sap.com/usa/trainsupp
< SAP Labs, Simplification Group, www.saplabs.com/simple
< SAP Online Store, www.sap.com/store_index.htm
< SAP Complementary Software Program, www.sap.com/CSP
6$3$IILOLDWHG
Americas’ SAP Users’ Group (ASUG), www.asug.com
7KLUG3DUW\
< SAP Fans, www.sapfans.com
< SAP Club, www.sapclub.com
< SAP Assist, www.sapassist.com
< ERP site, www.erpsupersite.com
< ERP central, www.erpcentral.com
,QWHUQHW1HZV*URXSV
< SAP-related
comp.soft-sys.business.sap
< Other
comp.client-server
< Operating Systems
UNIX
comp.os.unix
comp.unix.*
NT
comp.ms-windows.nt.*
< Databases
Oracle
comp.databases.oracle.*
DB2
comp.databases.ibm-db2
Informix
comp.databases.informix
MS SQL server
microsoft.public.sqlserver.*
comp.databases.ms-sqlserver
Release 4.6A/B
B–12
Appendix B: Useful Resources and Products
Other Helpful Products: Contributed by Users
2WKHU5HVRXUFHV
2SHUDWLQJ6\VWHP
< UNIX
Digital Unix, www.unix.digital.com
HP UX, www.datacentersolutions.hp.com/2_2_index.html
IBM AIX, www.austin.ibm.com/software/aix_os.html
Siemens Reliant, www.siemens.com/servers/rm/rm_us/reliant.htm
Sun Solaris, www.sun.com/solaris
< NT
Microsoft, www.microsoft.com/ntserver
Microsoft TechNet, www.microsoft.com/technet
'DWDEDVH
< Oracle
Oracle, www.oracle.com
< SQL server
Microsoft, www.microsoft.com/sql
< Informix
Informix, www.informix.com
< DB2
IBM, www.software.ibm.com/data/
2WKHU+HOSIXO3URGXFWV&RQWULEXWHGE\8VHUV
The products listed here have been recommended by users and consultants and are
provided as a starting point for your research.
A listing of these products does not constitute an endorsement by SAP.
The following list is not all inclusive. These products have different features and prices,
which meet different requirements. It is your responsibility to test their compatibility with
your requirements and needs, and to select the product that is appropriate to your
installation. For products which have been certified by SAP to work with R/3, see
Complementary Software Program at www.sap.com/CSP.
As a precaution, you should test all third-party software for compatibility and stability on a
test system before installing them in a production environment. There are cases where a
program many conflict with another program(s) or the hardware, and crashes the system.
Testing software applies to both the server and workstation that the system administrator
uses.
81,;
%DFNXS
< Networker, Legato, www.legato.com
< OmniBack II, HP, www.hp.com/solutions/storage
0RQLWRU
< Performance monitor
Stopwatch, Envive, www.envive.com
< System monitor
OpenView, HP, www.openview.hp.com
6FKHGXOHU
< AutoSys, Platinum, www.platinum.com
< Maestro, Tivoli, www.tivoli.com
6SRRO0DQDJHPHQW
< Dazel for R/3, Dazel, www.dazel.com
2WKHU
< Messaging:
TopCall, Topcall Intl., www.topcall.com
17
%DFNXS
< ARCserve, Computer Associates, www.cai.com/arcserveit
< Backup Exec, Seagate, www.seagatesoftware.com
< OmniBack II, HP, www.openview.hp.com
< Ultraback, BEI Corp, www.ultrabac.com
0RQLWRU
< Log monitor
ELM, TNT software, www.tntsoftware.com
Provision Network Monitor (formerly AlertPage), Computer Associates
www.platinum.com/products/provis/po/nmon_pv.htm
< System monitor
LANDesk Server Manager, Intel, www.intel.com/network/products
NetIQ, NetIQ, www.netiq.com
Release 4.6A/B
B–14
Appendix B: Useful Resources and Products
Other Helpful Products: Contributed by Users
&RPPRQ%RWK81,;DQG17
< UPS control
Powerchute, APC, www.apcc.com
< Scripting
Perl, www.perl.com
1HWZRUN
< Network Analyser
Sniffer, Network Associates, www.nai.com
Release 4.6A/B
B–16
$SSHQGL[&8VHIXO6$31RWHV
2YHUYLHZ
51RWHV
Release 4.6A/B
C–2
Appendix C: Useful SAP Notes
R/3 Notes
Release 4.6A/B
C–4
Appendix C: Useful SAP Notes
R/3 Notes
2SHUDWLQJ6\VWHP1RWHV
&RPPRQWR0XOWLSOH2SHUDWLQJ6\VWHPV
17
Release 4.6A/B
C–6
Appendix C: Useful SAP Notes
Operating System Notes
81,;
$6
Release 4.6A/B
C–8
Appendix C: Useful SAP Notes
Database Notes
'DWDEDVH1RWHV
0664/VHUYHU
Release 4.6A/B
C–10
Appendix C: Useful SAP Notes
Database Notes
'%8'%
,QIRUPL[
Release 4.6A/B
C–12
Appendix C: Useful SAP Notes
Database Notes
2UDFOH
Release 4.6A/B
C–14
Appendix C: Useful SAP Notes
Database Notes
Release 4.6A/B
C–16
$SSHQGL['8SJUDGH'LVFXVVLRQ
&RQWHQWV
8SJUDGH'LVFXVVLRQ
:KDW
An upgrade is an updating of your R/3 System.
:K\
The question of whether to upgrade your system to a new release depends on many
complex factors. Most importantly, the decision to upgrade should be based on “business
need.” Some of these factors are outlined below:
< Desired functionality in new release
This can be found in the release note for the specific release.
< Problem fixes and resolutions
< The need to be on a supported release
5HDVRQV1RWWR8SJUDGH
Some reasons not to upgrade include the following:
< Cost—the following items could increase the cost of your upgrade.
You need to:
Upgrade the database and operating system (if required)
Purchase and install additional hardware (if required)
Test to find problems with the upgrade
Upgrade the SAPgui on the users computers
Find the time to do all the above
< Disruption for users, especially if there is no functional enhancement for them.
< Diversion of resources (Company resources that could be applied to other tasks would
be assigned to upgrading the R/3 System.)
< Desire to be on the latest release (While desirable for a personal resume, this reason is
not a valid business reason to upgrade your system.)
:KHQWR8SJUDGH
In deciding to upgrade your system, ask yourself the following questions:
< Have the reasons for upgrading and not upgrading been analyzed?
< Has the “business need” criteria been met?
< If you installed any Industry Solution (IS), are IS patches available for the new
release?
If the patches are not available, you cannot upgrade.
Release 4.6A/B
D–2
Appendix D: Upgrade Discussion
Upgrade Issues
8SJUDGH,VVXHV
2WKHU&RQVLGHUDWLRQV
6RIWZDUH,VVXHV
The following software has to be compatible with the R/3 release you plan to upgrade to:
< Database
< Operating system
< Third-party applications that compliment the R/3 System (for example, external tax
packages, job schedulers, system monitors, spool managers, etc.)
+DUGZDUH
< The upgrade requires free working space on disks to run.
The amount of space required differs with operating system and database.
Some of the space is released after the upgrade; other space is permanently used.
< As each release adds functionality, the required disk space, processing power and
memory required generally tends to increase.
A system configuration that was adequate for one release may be inadequate for a later
release. This is especially apparent when jumping release levels; example upgrading
from 3.1H to 4.6B. The following table is compiled from SAP notes:
3.1H to 4.0B 30 30
4.0B to 4.5B 20 20
4.5B to 4.6A 10 30
3HUIRUPDQFH
Upgrade performance is difficult to predict. Performance is sensitive to a variety of
variables, some of which can have significant impact. Therefore, an upgrade of the test
system should be done to determine timing values for your configuration.
The following are a few of the factors that affect the performance of an upgrade:
< Database and operating system
< Hardware
Processor (number of processors and speed of each)
Memory (amount available)
Drive array
– Performance factor (especially for writes)
– Configuration (minimize or eliminate drive or channel contention)
– Other I/O hardware (minimize or eliminate data channel contention)
< Data volume for changes to tables that contain data
Release 4.6A/B
D–4
,QGH[
parameters, 15–16
A threshold, changing, 15–9
views, 10–5, 10–12
ABAP Annual tasks checklists
dump analysis database, 8–3
free selection, 10–49 notes, 8–4
in general, 4–15, 10–48 operating system, 8–3
performing, 4–5 other, 8–4
simple selection, 10–49 Application server, 1–14, 9–4, 16–2
dump definition, 4–15, 10–48 Audit Information System (AIS)
editor, 10–55, 10–56, 11–56 business, 11–41
execute, 8–2, 11–55 complete, 11–38
Active processes, 9–15 in general, 11–37
Active users, 10–43, 12–34 system, 11–39
Adding additional systems user defined, 11–42
in general, 12–15 Audits
SAP logon, 12–15 business, 11–41
Administrator check for validity, 11–57
access key, 20–16, 20–20, 21–23, 21–27 complete, 11–38
guidelines. See System guidelines considerations, 11–5
requirements of, 1–4 different users, 11–53
roles financial, 11–4
external to R/3, 1–3 in general, 11–4
factors that determine, 1–2 information system. See Audit Information System
within R/3, 1–2 (AIS)
AIS. See Audit Information System (AIS) security, 11–5, 11–25
Alert monitor security logs
accessing, 10–4 filter group 1, 11–49
acknowledge alerts, 10–14 filter group 2, 11–50
adding a monitor, 10–24 in general, 11–44
alert threshold, 15–9 parameters, 11–47
alert, finding, 10–7 running, 11–46
analyze alerts, 10–13 specific reports, 11–56
checking, 4–4, 5–3, 5–4 system, 11–39
create new monitor set, 10–23 tasks, 11–57
hiding SAP standard monitor sets, 10–19 tools, 11–37
in general, 4–11, 10–2 user defined, 11–42
maintaining thresholds, 10–17 user security jobs, 11–54
views, 10–5, 10–12
Alerts B
acknowledge, 10–14
analyze, 10–13 Background jobs
database, 4–6 batch, 16–3
finding, 10–7 creating, 16–8
maintaining thresholds, 10–17 housekeeing, 16–4
messages, 15–15 incorrect, 16–20
operating system, 4–6 new, 16–20
2 Release 4.6A/B
I–2
Index
4 Release 4.6A/B
I–4
Index
6 Release 4.6A/B
I–6
Index
8 Release 4.6A/B
I–8
Index
10 Release 4.6A/B
I–10
Index
12 Release 4.6A/B
I–12