SAProuter Installation
1. Introduction
The purpose of this document is to set out the process used in the creation of a SAProuter
connection to SAP.
2. Installation Process
2.1. Server
A dedicated server (hostname) has been built for the SAProuter). The spec of this server
is:
2 hyper-threading (HTT) CPUs with 2GHz tact frequency
2 GB RAM
50 MB free space on the hard drive for SAProuter and configuration
20GB D: drive for SAP router & log files
64bit server
OS Windows 2008
Its internal IP address: Host IP
The following version of the SAProuter software was downloaded from the SAP
Marketplace:
SAProuter 7.20 (patch level 423) for Windows on x64 64bit
We also downloaded the following cryptographic software for the SNC connection
SAPCRYPTOLIB 5.5.5 (patch level 36) for Windows on x64 64bit
Once the software has been installed on the server the next step is to set the environment
variables SECUDIR and SNC_LIB. These are as follows:
SECUDIR = D:\usr\sap\sap\saprouter
SNC_LIB = D:\usr\sap\sap\saprouter\ntintel\sapcrypto.dll
One set reboot the system once you have checked that the terminal services have started.
From the SAP Marketplace download a certificate and then install it on the server. The
process for doing this is as follows.
Go to the SAP Marketplace and obtain the Distinguished Name for the new SAProuter
installation as advised by SAP. For this installation it is:
CN=HOSTNAME, OU=0000848841, OU=SAProuter, O=SAP, C=DE
Generate the certificate request with the command: sapgenpse get_pse -v -r certreq -p
local.pse "" as follows:
sapgenpse get_pse -v -r certreq -p local.pse "CN=hostname, OU=0000848841,
OU=SAProuter, O=SAP, C=DE"
From the directory D:\usr\sap\sap\saprouter\ntintel\, copy the content of the file certreq to
the second tab Create and Enter CSR in the SAP Marketplace.
Copy and paste the text to a new local file named "srcert", which must be created in the
same directory as the sapgenpse executable (D:\usr\sap\sap\saprouter\ntintel\)
Now you will have to create the credentials for the SAProuter to do this execute the
following command in the /saprouter/ntintel directory.
sapgenpse seclogin -p local.pse
Enter PIN: ????? (same as point 9)
To check whether the certificate has been imported correctly execute this command in the
/saprouter/ntintel directory.
sapgenpse get_my_name -v -n Issuer
The successful result will be: Issuer : "CN=SAProuter CA, OU=SAProuter, O=SAP,
C=DE".
Network Part.
|
|
Network Part.
Steps described in SAP note 525751(Installation of the SNC SAP Router as
NT Service)
Routtab configuration.
The corresponding file saprouttab must contain at least the following entries
# Outbound connections to will use SNC
KT "p:CN=sapservX, OU=SAProuter, O=SAP, C=DE"
# Inbound connections MUST use SNC
KP "p:CN=sapservX, OU=SAProuter, O=SAP, C=DE"
# Repeat this for the servers and port_numbers you will need to
# allow. Please make sure that all explicit ports are inserted
in
# front of a generic entry '*' for port_number
# Permission entries to check if connection is allowed at all
P
# All other connections will be denied
D***
Go to technical settings
Maintain the details. (New SAP router details)
Cross check the Msg Server string, it should be with the new SAP router,
/H/Router Host IP/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001