Deployment Guide

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net

Part Number: 710066-001 April 2007

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

Table of Contents
Introduction.............................................................................................................3 SAP..DX.Deployment.............................................................................................4 DX.Integration.in.the.SAP.Infrastructure..................................................................5 .DX.Configuration....................................................................................................6 DX.IP.Configuration.................................................................................................7 DX.Enterprise.Portal.VIP..........................................................................................8 DX.Composite.VIP................................................................................................. 11 DX.Failover............................................................................................................15 DX.Configuration.Synchronization.........................................................................15

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

Introduction
SAP.provides.a.comprehensive.range.of.enterprise.software.applications.and.business.solutions. to.empower.every.aspect.of.a.business. The.Juniper.Networks.DX.application.load.balancing.and.accleration.platform.delivers.a. complete.data.center.acceleration.solution.for.many.Web-enabled.and.IP-based.business. applications.like.SAP..The.DX.platform.greatly.improves.the.end.user.experience.by.delivering. Web-based.content.quicker.and.offloading.servers,.allowing.them.to.process.more.data. with.fewer.resources..The.DX.platform.also.solves.IT.budget,.high-availability,.and.security. requirements.through.a.combination.of.centralized.services.that.include.server.load.balancing,. global.server.load.balancing,.Secure.Sockets.Layer.(SSL).acceleration.and.termination,.Hypertext. Transfer.Protocol.(HTTP).compression,.and.application.security..all.on.a.single.device..The. DX.platform.offers.scaling.options.in.both.functionality.and.performance.for.any.business. environment. The.SAP.application,.when.deployed.with.the.Juniper.DX.platform,.provides.a.complete.solution. for.enterprises.that.require.improved.availability,.reliability,.security,.and.performance.for.their. mission-critical.SAP.application.environment. This.guide,.created.through.the.collaborative.efforts.of.SAP.and.Juniper.Networks,.describes. how.to.deploy.and.test.the.Juniper.Networks.DX.platform.with.the.SAP.business.applications.. Additional.technical.and.marketing.documents.are.available.on.the.SAP.and.Juniper.Networks. Web.sites,.as.well.as.through.the.Juniper.Networks.community.portal.(https://communities. juniper.net/dca).

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

SAP DX Deployment
The.SAP.businss.applications.are.composed.of.multiple.servers.

Clients

Internet

DMZ

EP

COMP BackEnd

ESA-1

ESA-2

Enterprise Portal:
LogOn SSO

Original ESA Discovery Server

Exchange Infrastructure XI ECC BW MDM

EP

ESA-1

Composite
J2EE App

2ndary SAP Application Server

Exchange Infrastructure XI ECC BW

COMP

WebDynpro Suppliers Companys Application (ex. Product Catalog) Note: Co-hosted on this conguration

ESA-2

Figure 1: SAP Deployment Architecture

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

DX Integration in the SAP Infrastructure

In.an.SAP.infrastructure,.the.DX.platform.integrates.as.shown.in.Figure.2:

Clients

Internet

DMZ
DX DX

EP-VIP COMP-VIP

EP BackEnd

COMP

ESA-1

ESA-2

Figure 2: SAP deployment architecture with DX platform integration

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

DX Configuration
The.following.DX.platform.configuration.is.based.on.the.following.infrastructure:

EP/COMP (Web https) EP/COMP (Web http or https) SAP propriatary binary RFC Web-Service, http/XML SAP propriatary binary MDM

Clients

Internet

DMZ
169.145.90.0/24

.15

DX DX

EP-VIP: .22:443 COMP-VIP: .23:443

EP

COMP

DX1/DX2
.20/.21

.11:52000/52400 (http) .12:50200/50400 (http) .11:52201/52401 (https) .12:50201/50401 (https)

BackEnd
169.145.91.0/24

ESA-1
.11

ESA-2
.12

Figure 3: Traffic flow in SAP deployment architecture with DX integration The.DX.platform.configuration.can.be.done.via.command.line.interface.(CLI).(telnet.or.SSH).or.a. WebUI.(http.or.https). This.chapter.details.the.step-by-step.configuration.using.the.WebUI.

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms DX IP Configuration This.section.describes.how.to.configure.the.DX.platforms.IP.address.and.default.gateway..Refer. to.Figure.3.to.identify.DX1.and.DX2. . DX1:.In.Admin..Network

. DX2:.In.Admin..Network

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms DX Enterprise Portal VIP This.section.describes.how.to.configure.the.Enterprise.Portal.Virtual.IP.(VIP).address.that.frontends.load-balanced.applications.on.the.DX.platform. As.shown.in.Figure.3,.the.EP.traffic.from.the.clients.to.the.DX.platform.is.always.encrypted..The. traffic.from.the.DX.platform.to.the.servers.can.be.encrypted.(SSL.end-to-end.configuration).or. not.(AutoSSL.configuration). The.SSL.end-to-end.configuration.improves.security.since.all.traffic.is.encrypted,.without.adding. extra.load.on.the.servers;.see.the.Improving.the.Performance.of.Web-enabled.SAP.Solutions. Solution.Brief.for.the.results.of.joint.DX-SAP.testing. The following is an SSL end-to-end configuration: Note:.This.configuration.is.performed.only.on.DX1;.the.configuration.synchronization.feature. will.push.the.configuration.to.DX2. . DX1-EP-SSL-end-to-end..VIP.creation . In.Services..Clusters..Cluster.Groups..New.Cluster Note: Sections.not.mentioned.retain.default.settings.

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

. Note: SAP.does.not.provide.a.default.test.page.to.validate.server.status..If.you.have.such. a.test.page.in.your.installation,.you.can.ask.the.DX.platform.to.continuously.test.this. page.to.validate.server.availability.

. If.your.servers.dont.run.SSL.(https),.then.you.must.configure.the.DX.platform.in.AutoSSL. mode. The following is an AutoSSL configuration: . Note: This.configuration.is.performed.only.on.DX1;.the.configuration.synchronization. feature.will.push.the.configuration.to.DX2. . DX1..AppRule . Technical Note: SAP.uses.absolute.links.(with.http.or.https.information)..In.the.case.of. AutoSSL.configuration,.the.servers.work.on.http.and.use.links.on.http..The.DX.platform. has.to.rewrite.the.SAP.http.links.to.https.so.the.clients.remain.on.https..This.is.done.via. AppRules.(requires.HTTP.Advanced.license). . In.Services..Clusters..AppRules..Create.RuleSet

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

..DX1-EP-AutoSSL..VIP.creation . In.Services..Clusters..Cluster.Groups..New.Cluster Note: Sections.not.mentioned.retain.default.settings.

10

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

Note: SAP.does.not.provide.a.default.test.page.to.validate.server.status..If.you.have.such. a.test.page.in.your.installation,.you.can.ask.the.DX.platform.to.continuously.test.this. page.to.validate.server.availability.

DX Composite VIP This.section.describes.how.to.configure.the.composite.VIP.on.the.DX.platform. As.shown.in.Figure.3,.the.comp.traffic.from.the.clients.to.the.DX.platform.is.always.encrypted.. Traffic.from.the.DX.platform.to.the.servers.can.be.encrypted.(SSL.end-to-end.configuration).or. not.(AutoSSL.configuration). The.SSL.end-to-end.configuration.improves.security.since.all.traffic.is.encrypted,.without.adding. extra.load.on.the.servers;.see.the.Improving.the.Performance.of.Web-enabled.SAP.Solutions. Solution.Brief.for.the.results.of.joint.DX-SAP.testing. The following is an SSL end-to-end configuration: . Note:.This.configuration.is.performed.only.on.DX1;.the.configuration.synchronization. feature.will.push.the.configuration.to.DX2. . DX1-Comp-SSL-end-to-end..VIP.creation . In.Services..Clusters..Cluster.Groups..New.Cluster
Copyright 2007, Juniper Networks, Inc.

11

Deploying SAP Business Applications with DX Data Center Acceleration Platforms . Note:.Sections.not.mentioned.retain.default.settings.

. Note:.SAP.does.not.provide.a.default.test.page.to.validate.server.status..If.you.have.such.a. test.page.in.your.installation,.you.can.ask.the.DX.platform.to.continuously.test.this.page. to.validate.server.availability.

. If.your.servers.dont.run.SSL.(https),.then.you.must.configure.the.DX.platform.in.AutoSSL. mode. The following is an AutoSSL configuration: Note: This.configuration.is.performed.only.on.DX1;.the.configuration.synchronization. feature.will.push.the.configuration.to.DX2. . DX1..AppRule 12
Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms . Technical Note: SAP.uses.absolute.links.(with.http.or.https.information)..In.an.AutoSSL. configuration,.the.servers.work.on.http.and.use.http.links..The.DX.platform.must.rewrite. the.SAP.http.links.to.https.links.so.the.clients.remain.on.https..This.is.done.via.AppRules. (HTTP.Advanced.license.required). . In.Services..Clusters..AppRules..Create.RuleSet

Copyright 2007, Juniper Networks, Inc.

1

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

. DX1-Comp-AutoSSL..VIP.creation . In.Services..Clusters..Cluster.Groups..New.Cluster . Note:.Sections.not.mentioned.retain.default.settings.

. Note:.SAP.does.not.provide.a.default.test.page.to.validate.server.status..If.you.have.such.a. test.page.in.your.installation,.you.can.ask.the.DX.platform.to.continuously.test.this.page. to.validate.server.availability. 14

Copyright 2007, Juniper Networks, Inc.

Deploying SAP Business Applications with DX Data Center Acceleration Platforms

DX Failover This.section.describes.how.to.configure.the.failover.on.the.DX.platform.pair. . Note:.This.configuration.is.performed.only.on.DX1;.the.configuration.synchronization. feature.will.push.the.configuration.to.DX2. . DX1..Failover . In.Admin..Failover . Note: Sections.not.mentioned.retain.default.settings.

DX Configuration Synchronization This.section.describes.how.to.synchronize.the.configuration.to.the.backup.DX.platform. . Note:.This.configuration.is.performed.only.on.DX1;.the.configuration.synchronization. feature.will.push.the.configuration.to.DX2. This.feature.is.available.only.through.the.CLI.(telnet.or.SSH.or.console). . DX1..conf.sync.definition -.Create.sync.group: add.sync.group.DX-SAP -.Define.DX.members.(include.the.IP.of.the.local.device.as.well): add.sync.group.DX-SAP.member.169.345.90.20 add.sync.group.DX-SAP.member.169.345.90.21 -.Define.DX.administrator.user.name.enabled.on.member.(by.default,.it.is.user.admin):. set.sync.group.DX-SAP.member.169.345.90.20.user.admin set.sync.group.DX-SAP.member.169.345.90.21.user.admin -.Define.the.administrator.users.password: set.sync.group.DX-SAP.member.169.345.90.20.password set.sync.group.DX-SAP.member.169.345.90.21.password . Note:.After.the.command,.enter.the.user.admin.password.(by.default,.admin). . DX1..launch.the.conf.sync. -.Launch.the.conf.sync: sync.group.DX-SAP
Copyright.2007,.Juniper.Networks,.Inc..All.rights.reserved..Juniper.Networks.and.the.Juniper.Networks.logo.are.registered.trademarks.of.Juniper.Networks,.Inc..in. the.United.States.and.other.countries..All.other.trademarks,.service.marks,.registered.trademarks,.or.registered.service.marks.in.this.document.are.the.property.of. Juniper.Networks.or.their.respective.owners..All.specifications.are.subject.to.change.without.notice..Juniper.Networks.assumes.no.responsibility.for.any.inaccuracies. in.this.document.or.for.any.obligation.to.update.information.in.this.document..Juniper.Networks.reserves.the.right.to.change,.modify,.transfer,.or.otherwise.revise.this. publication.without.notice. Copyright 2007, Juniper Networks, Inc.

15