on 05-28-2012 7:36 AM
I need some help with the ideal architecture for the following scenario:
1) We need to run two portals on the same domain: portal.mycompany.com
2) The portals will be accessed from the internet via an Apache reverse proxy
3) Differentiating access based on domain prefix is not an option, so we cannot have abc.portal.mycompany.com and xyz.portal.mycompany.com
4) Users need to be given a start URL such as portal.mycompany.com/abc or portal.mycompany.com/xyz
Unfortunately, each portal has the same resource URLs, such as irj/portal. With some tricks on the reverse proxy, I can recognize which portal the initial request needs to go to, but each page that loads contains internal links that are virtually indistinguishable from each portal to the other. I have scoured the internet (without success) to see if there's any way a Netweaver portal can have a default suffix on the URL, for instance:
instead of https://portal.mycompany.com/irj/portal , use https://portal.mycompany.com/abc/irj/portal but found very little in this direction.
Would appreciate it if anybody's done this kind of thing before
Hi John,
As far as I know you can configure the /irj/... part of the URL to be whatever you like, the IRJ (iView Runtime for Java) is basically a Web Application running on the J2EE Engine. Perhaps you could just change the mappings on the two portals to be /abc and /xyz instead. I have never had the need to do this - so I am not 100% sure, but I think it is possible. Perhaps someone reading this will be able to provide more info.
Out of interest can you not just use the same portal with different aliases (e.g. /irj/portal/abc and /irj/portal/xyz)? I am interested in what the requirement is that drives this architecture.
Thanks,
Simon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
John
As Simon has mentioned, you can acheive the same using one portal only (you should also)..
Create 2 aliases, and bind 2 different desktops to it..One for Internal and other for external..
External one - /irj/portal/external...have a re-direct rule at Apache server which will transform www.externalportal.com to /irj/portal/external..use a DNS look up server which will resolve your hostname (externalportal) to your internal Portal hostname...
Internal one - /irj/portal/internal ...just can be accessed by LAN users..no internet access to this..
Also add a web dispatcher between Portal and Apache to have a load balancing since the portal is being accessed by lot of users..
Hi Simon,
We also need to run multiple portals on the same domain. The reason for running multiple portals instead of alias is we are using different clients from the same backend SAP R/3 server. We cannot integrate two clients from the backend with same portal.
After reading your post, I got an idea if I can change the alias of the irj application , it will point to the custom alias value i maintain. so I can refer portal as
http://hostname:port/alias/portal
I am also not sure will this work.? Let me try ....
Regards,
Eben Joyson
Yes , we can create two different system objects in portal for different client. I know that.
What about ume integration? Can you integrate two clients with same portal. This means you need to maintain same users in both the clients which is not wise way.
Here is an example:
I have two clients 600 and 700 in sap R/3 and one portal system.
User A is in 600 and User B is in 700. In portal, I have assigned UME as ABAP Engine with client 600. How will the user B will login to portal.?
Eben Joyson
Ok, so thats the scenario. yes you are right, you cant integrate 2 clients for UME??
For your scenario, then why dnt you use CUA...make one client as CUA lets say 500 and add the other 2 clients as satelite clients..
Point Ume to 500, create composite roles in CUA which will have single roles from 600 & 700...
So users from both client co-exist depending on whether they have singles roles form respective system..Create few Badis in CUA, which will push user profile when ever you want to create a user only in one of the sub-clients.
Sandip
James
Can you pls show me any documents/notes to validate if this is not the best practice?
The portal is designed to connect to one R3 system on the back end
I dnt quite agree to this statement. It is designed to connect multiple SAP systems.
using CUA is one of the way of doing central user management and with multiple backend systems. I had done this earlier, and never had a issues.
And reg your point on ESS/MSS, i cant really see any issue. ESS.MSS work son System object concept, you can create SO for any client. where do you see the issues?
Regards
Sandip
Sorry for taking this long, and thanks to all for their inputs. However, I still don't have a definitive answer to this question. Here is why:
1) Simon mentioned that we could call the irj part, just about anything. We're trying this out, but the standard application does not seem to permit changes to the alias, and making a copy seems a little cumbersome, but if that's the only way... this is the most promising possibility.
2) Sandip, it is not an option for us to use a common portal, or CUA, since each customer is contractually represented by a different and differentiated portal environment and backend client. Yes, it would have been convenient, but it is not an option.
Hi, I'm not sure about why this is an issue at all to be honest.
We have a Dev, QA, Training and production Enterprise portal all running in the same domain.
you use a proxy or ssl accelerator as the following :-
http://server.xx.xx:50000/irj/portal becomes https://mydevsystem. etc. etc.
so
https://mysapdev.xx.xx.xx:443/irj/portal is forwarded to https://mysapdev.xx.xx.xx/irj/portal
then
http://server.xx.xx:50000/irj/portal becomes https://myqasystem. etc. etc.
Also one portal system can only ever point to one SAP R3 client system. Its a limitation of the architecture.
Thus needing a dev /qa /training /production portals.
Regards
James
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi James,
As mentioned in point 3) in my original post, differentiating portals based on subdomains or prefixes is not an option. We do not have control over the domain, and the webmaster has provided us only with a single domain for this deployment.
To clarify, we only have portal.mycompany.com and I can only use portal.mycompany.com/abc and portal.mycompany.com/xyz to differentiate between the portals.
So there shouldn't be an issue then John.
I think your over complicating the issue.
A Simple forward or alias should be enough !
Use http://portal.mycompany.com/development - http://mysap.company.com:50000/irj/portal - dev portal.
Use http://portal.mycompany.com/qa - http://mysap.company.com:50000/irj/portal
I take it your dev / qa / productions systems are running on different servers !
James
Hi James,
Yes, my systems are running on different servers, and I did try the following approach using Apache mod_proxy:
ProxyPass /abc http://internal1.mycompany.com/irj/portal
ProxyPass /xyz http://internal2.mycompany.com/irj/portal
With the corresponding ProxyPassReverse options, which I am not typing here to avoid clutter, mod_proxy only rewrites the first access URL. So if a user types http://portal.mycompany.com/xyz into the browser, the reverse proxy translates it and responds with ...http://internal1.mycompany.com/irj/portal or have relative addressing such as /irj/portal which again cannot be resolved/differentiated on the reverse proxy.
What are you using as the entry point to your portal cluster, a reverse proxy, hardware proxy/firewall or web despatcher?
Hi
We use a SSL Accelerator / Loadbalancer which strips the URL so
http://xxx.ss.xx:50000/irj/portal becomes https://mydevserver.xx.ax/portal stripping out the port number so everything runs on 443 / https.
so a end user points their browser at https://mydevsystem.co.uk/irj/portal which points to http://mydevserver.co.uk:50000/irj/portal
the we do the same for qa and production.
James
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.