Community
Technology Blog Posts by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP Router, install as a Windows service on AWS

avinashkumar223221
Explorer
‎2025 Feb 06 6:12 PM
1,048

Hello everyone, and welcome back to the blog!

Quick update: I've been helping a friend troubleshoot a frustrating connectivity issue with their SAP system on AWS. Every time the system reboots, the connection drops. Here's what we've tried so far.

  1. First, automate the sap router execution when the EC2 instance is started or stopped, to do this open the CMD terminal and execute this command:

 

sc create SAPRouter binPath="C:\saprouter\saprouter.exe service -r -R C:\saprouter\saprouttab" start=auto obj="NT AUTHORITY\LocalService"

 

As you can see the a new service called SAP Router is added as local service and it is managed by Windows.

avinashkumar2232_0-1738599385513.png

  1.  Modify the Windows firewall, go to Control Panel > System and Security > Windows Firewall > Advanced Settings, select Inbound Rules > Actions New Rule, and add a new Port rule to allow the TCP traffic with Specific ports32993200. Then select Allow connection into Action and select the profiles to apply it, finally set a name as «SAP Router» and click on Finish.

avinashkumar2232_1-1738599423933.png

3. Review the network configuration in AWS, the next image shows the architecture, there is a VPC with two subnets (one public and another private), the user access from Internet to connect with the Bastion Host and this one is used to redirect the traffic to the SAP server using the SAP Router:

avinashkumar2232_2-1738599523405.png

 

To keep it simple, this is the checklist to complete the configuration:

  1. Verify the main route table on the VPC, it must to have an entry to route the traffic to internet (Internet Gateway) and the local traffic.
  2. Open the Network ACL and ensure the TCP ports are allowed in Inbound and Outbound rules for TCP ports 3200 and 3299.
  3. Verify the routing table on each Subnet, the Public Subnet has a Route Table A to route traffic to the Internet, the Private Subnet has a Route Table B to route the traffic to the NAT Gateway for the App server.
  4. For Bastion host, add the Inbound and Outbound rules into the Security Group to receive the connections from internet with the SAP Router over the Public IP (using an Elastic IP).
  5. For the App server, add the Inbound and Outbound rules into the Security Group to receive the connections from the Bastion host using only the private IP or the security group from sender.

4.  An extra tip, to validate the connectivity from the Bastion host to the App server a simple test can be executed in AWS, go to VPC Network Analyze > Reachability Analyzer > Create and analyze path, in source type select the Bastion instance and the target the App server with the port 3299, when the analyze is finished the path is showed with all network components in AWS.

avinashkumar2232_3-1738599566713.png

 

This network configuration overview has been simplified for brevity. Further details can be provided upon request. Thank you.😊😎

References

1 Comment