Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
ravi_kumar123
Explorer

This blog intends to support all consultants who work with SAP ROUTER setup and maintenance.

Introduction:

The step by step configuration procedure is to install SAP ROUTER on Windows platform (The same procedure can be used in Unix environment)

Importantly, if the system is in Domain, perform entire operation with domain admin user only. Not with local admin.


Configurations steps:

OSS message to SAP: Raise an OSS message to SAP for component XX-SER-NET-NEW with following information.

“Request you to please register our Public IP & Host Name for SNC connection for SAP Router <saprouter box hostname>

Details:

Public ip:<public of your saprouter server>

Hostname:<hostname of your saprouter server>

Please contact <name> and <number > for more information on this“


Response from SAP would be:

Dear customer,

We've registered your data for the SNC connection to SAP Support.

Please do the following:

- Go to the http://service.sap.com/saprouter-sncadd

- Click on "Apply Now!"

- Follow the steps detailed in the documentation

- More details can be found on the following page:

  >>> http://service.sap.com/saprouter-sncdoc <<<<)>

You can test the connection with the following parameter:

Destination IP address at SAP side:     <169.145.197.110>

Hostname of this machine          : <sapserv9>


Customer data

Hostname SAProuter     : <SAPROUTER HOSTNAME >

IP address SAProuter   :     <SAPROUTER IP ADDRESS>

Your Distinguished Name:

"CN=<HOSTNAME>, OU=<OU GIVEN BY SAP>, OU=SAProuter, O=SAP, C=DE

Request SAP ROUTER Certificate:

Go to the http://service.sap.com/saprouter-sncadd

Copy this distinguished name which is required to execute below commands.

Once you copied distinguished name then click on continues.


Creating  SAP Router folder in /usr/sap


In SAPRouter box create a folder saprouter in /usr/sap

Check if <sid>adm has got all permissions to this user.

Copy downloaded cryptographic Binary to SAPROUTER folder and extracts it with SAPCAR –xvf.


Set Environment variable

Generate or register the certificate/(local pse) request –

Open command prompt as “run as administrator” in your SAPROUTER box.

>sapgenpse.exe get_pse –v –r certreq –p local.pse “CN=<hostname>, OU=<OU number>, OU=SAProuter, O=SAP, C=DE”

After executing above commands, you will get two additional files get created in SAPROUTER folder.

Local.pse  - created in /saprouter/nt-x86_64 folder

Certreq – created in /saprouter   folder

Copy the content of certreq file and past in the certificate request text area of last SMP window.


    Then click “Request certificate”

     Create a file “srcert” in /ntx86_64 and copy the above contents of the screen to created file.

     Importing certificate and creating credentials.

    Once the file srcert is created in /ntx86_64 , run the import command to install the certificate in SAP Router.


    >sapgenpse import_own_cert –c  srcert –p local.pse

  Creating credentials for user responsible to start SAPRouter service:

  After importing the certificate create credential for user <sid>adm  (or a user who have domain admin access) who will be responsible to start

  SAPRouter

>sapgenpse seclogin –p local.pse -0  <sidadm>


    Verifying the configuration:

   >sapgenpse get_my_name  -v  -n Issuer


     Post configuration activity:

     One of the important configuration step in SAP Router installation, is to create SAPROUTTAB.


     SAPROUTTAB is a file which contains information on who should be able to access SAP system using SAP Router.

     (who would be allowed to access SAP system)

    Create a file with name saprouttab and copy the same in /usr/sap/saprouter folder

    <sap server ip> is ip address of the server which is need to be access via SAP Router

    <port> is port of sap application for access.

    D * * *  meaning reject all the connection accept the entry of the server ip which mention in saprouttab.

    Register the service in windows box:

   You need to create saprouter service explicitly on this windows machine.

   This will be visible in services in windows box and will be up and running all the time.

   You can check the log file dev_rout  in /usr/sap/saprouter which could give information on service start and stop.

   Start the service in UNIX:

  # saprouter -r -S 3299 -V 3 -K "p:CN=<saprouter hostname>, OU=<Customer Name>, OU=SAPRouter, O=SAP, C=DE" &


 



1 Comment
Labels in this area