Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
3,711
In this blog you will find information how to setup a SSL encrypted connection between the SAP Solution Manager and a HANA DB. In a scenario using SAP Solution Manger to monitor the System Landscape a connection must be established between the HANA DB and the ABAP of the Solution Manager. To do this you need to create a connection in the ABAP of Solution Manger, which accesses the HANA DB using the user “DBACOCKPIT”. To guarantee a higher level of security you can enable an SSL encryption for this connection. It is possible to enable SSL connection to all DBs but also for single DBs in a Multi DB Landscape. This blog is focused on enabling SSL connection between SAP Solution Manger and only one single SAP HANA Tenant.

 

Create DBACOCKPIT user


This DB-user must be created previously on the HANA DB. To create this user, you can use a SQL command, HANA Studio or HANA Cockpit. To prevent the connection from errors, caused by expired user password, disable the password lifetime of DBACOCKPIT. You can use the following SQL command:

ALTER USER DBACOCKPIT DISABLE PASSWORD LIFETIME;

 

Enable SSL connection on all HANA DB


To enable the SSL connection between Solution Manager and HANA DB follow the instruction of SAP note: 2475246 (- How to configure HANA DB connections using SSL from ABAP instance). This enables SSL for all DB connections.

 

Enable SSL connection for single HANA DBs


In case SSL should only be used for several database connections, please follow the installation instruction of Note  2572975 (- Solman monitoring of only specific HANA DBs using SSL).

Enable SSL Connection to Host Agent

Please follow the instructions in note 2514150 (- SAP Host Agent for SAP HANA: SSL connection to SAP HANA).

Create a DB connection using the correct configuration

In the ABAP of SAP Solution Manger open the transaction DBCO. Find more information in SAP Note - 1983389 (- DBCON entry for SAP HANA).

Enable Change > New Entry



 

For Multi Tenant HANA DBs you have to create a connection for the System DB and the Tenant itself. In our example we use the following connection parameters.

System DB:




















Host HOST= hdb-01.sap.test.com
User DBACOCKPIT
SQL-Port 30013;CON_PARAM=ENCRYPT=TRUE,CONNECTTIMEOUT=50000
Parameter HOST=hdb-01.sap.test.com:30013;CON_PARAM=ENCRYPT=TRUE,CONNECTTIMEOUT=50000


Tenant:




















Host HOST= hdb-01.sap.test.com
User DBACOCKPIT
SQL-Port 30041;CON_PARAM=ENCRYPT=TRUE
Parameter HOST= hdb-01.sap.test.com:30041;CON_PARAM=ENCRYPT=TRUE


 

Enter connection parameters in following syntax:

HOST=<host name>:<SQLPort>[,...,<host name>:<SQLPort>][;SCHEMA=<schema>][;CON_PARAM=<dbparam>,...,<dbparam>]

Make sure to set the parameter ENCRYPT=TRUE, for enabling the SSL-connection.

 

Creating DBCO connection for System DB using SSL



Creating DBCO connection for DB Tenant using SSL



Connection can be found in the DBCO list now.



SSL connection between SAP Solution Manager and HANA DB is enabled.

 

Testing HANA-DB connection using report


To test the status of the DB connection you can use a report. Therefore open the transaction SE38 and execute the report ADBC_TEST_CONNECTION.



Select the connection, which you want to test and execute.



As result you will either get a success message.

 

Testing HANA-DB connection using DBACOCKPIT


In Solution Manger ABAP open transaction DBACOCKPIT. Go to System Landscape > Database Connections > Select your Connection > Select test



Find the connection success or error message below.

 

Summary


Let´s summarize the contents once again. First of all make sure you have an existing user on your HANA DB. Don´t forget to disable the passwords lifetime, to avoid future connection failures. Enable the SSL encryption to your HANA DB. Depending on whether it is an Single or a Multi Tenancy DB use the right parameters. You can test your connection by using the test function of transaction DBACOCKPIT, or by running the report ADBC_TEST_CONNECTION. Checking this connection can be one step for troubleshooting for monitoring issues.

Notes mentioned in this blog:

Note: 2475246

Note: 2572975

Note: 1983389

Note: 2514150
1 Comment