on 2008 Jul 03 6:48 AM
Dear Guru,
We had the windows ECC6 server.Our customers & Vendors needs to acessing the sap server from there place.
If any possible to access our production sever through internet with highy secured .
But we are not interested to buy a third party tool for the access the server through internet.
guna
Hi,
There is one solution to your problem is that you can have EP system which allows to access your system our internet and is highly secured means of access
Just you have to add EP system to your existing Java Box
and configure accordingly to access your system over internet.
Thanks and Regard
Khurshid
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You probably already have a SAPRouter set up, it's typically used for remote connections to SAP (the company). Go to transaction OSS1, parameters>technical settings and see if you have anything under SAProuter1.
That said, for SAProuter to be secure you'll need to have all your vendors and customers to also have a SAPRouter set up with static IPs. And I'm not sure you're allowed to do this under the terms of use for SAProuter and the cryptographic libraries.
I'd be more inclined to use a web dispatcher and the integrated ITS for the webgui. If you can live with HTTP connections that won't cost you anything. If you need HTTPS you'll need to spring for a certifcation authority.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Another option..
With strict firewall(using demilitarized zone) and using the SAP Web Dispatcher for load balancing and a single entry point you can use the integrated Internet Transaction Server with HTMLgui.
Regards,
Nelis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI,
You have two option
1) Setup secure VPN connection between two sides.
2) Connect using Secured saprouter ( SNC SAPROUTER)
in both case you need one public IP address ( Live IP )
regards,
kaushal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Follow the following steps:-
1:-Create a saprouter subdirectory under [Ex:-usr/sap/saproter]
2:-Download saprouter.sar file from service.sap.com . Extract this file using SAPCAR in
Saprouter directory. Saprouter.sar file containing two files saprouter & nipping.
3:-Download the SAP cryptographic software from service.sap.com/swdc.Extract this file
& place all files in saprouter subdirectory [sapcrypto.dll,sapgenpse.exe,ticket}.
4:-Set the environment variable for SECUDIR & SNC_LIB
CERTIFICATE FOR SAPROUTER
Note:- Owner is <sid>adm
1:-Now login on service.sap.com/tcsSAPtrust Center Service in Detail SAProuter
Certificatesapply now continue.
2:-Note down your distinguished name.
Ex:- CN=XXXXXs, OU=XXXXX, OU=SAProuter, O=SAP, C=DE
3:- Execute the following command in the saprouter/ntintel directory.
sapgenpse get_pse u2013v u2013r certreq u2013p local..pse u201CCN=XXXX, OU=XXXXX,
OU=SAProuter, O=SAP, C=DEu201D
4:- Enter PIN:-
Re Enter PIN:-
5.The "certreq" file is created in the /saprouter/ntintel directory.
5:-File cretreq is created in the /usr/sap/saprouter/ntintel directory.
6:- Open u201Ccertrequ201D file in text editor
Copy the text of certreq & paste in the space provided in sapmarket place .This space
Is available after step 1: under certificate for saprouter section.
7:-After that please click on u201C Request Certificateu201D anew screen will be displaying your
Certificate issued by SAP Certification Authority.
8:-Now using text editor copy the contect (from start to end) & save it as u201Csrcertu201D in to
usr/sap/saprouter/ntintel .(without any extension ex .txt).
IMPORTING THE CERTIFICATE
1:-To import the certificate into SAProuter execute the following command in /saprouter
/ntintel directory.
sapgenpse import_own_cert u2013c srcert u2013p local.pse
And enter PIN (same as 4 point of section certificate for saprouter)
2:- This will create a file u201Ccred_v2u201D in the same directory.
3:- Check whether the certificate has been import correctly. Execute the following
Command in saprouter/ntintel directory.
sapgenpse get_my_name u2013v u2013n Issuser
The result should be u201CCN=XXXX CA=XXXXX, OU=SAProuter, O=SAP, C=DEu201D
ROUTE PERMISSION TABLE
1:- Create a text file using text editor under usr/sap/saprouter & save it as saprouttab
Without any extension.
2:- Example of saprouttab file
#SNC-connection from and to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC-connection from SAP to local R/3-system for Support SID DEV
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.10 3200
SNC - connection from SAP to local R/3 - system for Support SID PRD
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.9 3200
SNC - connection from SAP to local R/3 - system for Support SID QAS
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.2 3210
SNC - connection from SAP to local R/3-System for SAPtelnet
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.1 23
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.4 *
#Access from the local Network to SAPnet - R/3 Frontend (OSS)
P 102.108.70.1 194.39.131.34 3299
P * 194.39.131.34 3299
Deny all other connections
D * * *
3:- Start the SAProuter with the following command:-
Saprouter u2013r u2013S <port> -K u201Cp:CN=XXXX,OU= XXXX0,OU=SAProuter,O=SAP,
C=DEu201D
MAINTAIN SYSTEM DATA ON SAPMARKETPLACE
1:- Login on service.sap.com/access-support.
2:- Click on the Maintain Connection as you see in the following screen.
3:-Select your system (Ex:- PRD or DEV)
4:-Click on connection type.
5:- after select connection type click on System data. Maintain the date.
Now you can start sap router.
Karan
User | Count |
---|---|
68 | |
10 | |
10 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.