on 10-16-2014 4:28 PM
Dear Experts,
Now we are using SAP portal for ESS & MSS only inside our network,How to publish SAP portal in web? So that our users can access it from outside our network.What are the requirements to do this?
Hi Prathish,
Please go through the below help available for implementing SAP Portal as a public website or an external facing portal.
Implementing an External-Facing Portal - Portal - SAP Library
Implementing an External-Facing Portal (SAP Library - IT Scenarios at a Glance)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, publishing portal to internet is slightly different than the concept of external facing portal. EFP is mostly used for informational Portal scenario, using a light framework page on Portal and of course putting it to internet.
Light Framework page is not suitable for transactional portal..
Since you are using ess/mss, you keep your portal as is. one option is to have your portal accessible from public domains is thru a reverse proxy ( like Apache RP). The RP basically do lot of URL re-writing.
You need to talk to your network people about the viability.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Prathish,
As Sandip has suggested, you can consult your network team to set up a reverse proxy in DMZ so that your ESS / MSS apps can be accessed over Internet.
You can also look for SAP Web Dispatcher and can configure it to act as a reverse proxy.
In our landscape, we've used SAP Web Dispatcher that is kept in DMZ and accessible from outside. This web dispatcher makes 302 redirect calls to our portal server and R/3 back end server to access WDA apps for ESS / MSS.
Please let me know should you need any additional info on how to configure SAP Web Dispatcher for accessing the SAP back end apps through Portal on Internet.
BR,
Anurag
Dear Prathish,
You can refer the following documents / guides for SAP Web dispatcher Installation and Configuration:
Basically, you'll have to involve your BASIS team and the Network team to set up the SAP Web Dispatcher and configure the ports so that the request can be received on those ports.
In our case, we've configured 2 Ports: 1 for Portal System and 1 for ECC (ABAP System).
Please let me know in case you need any additional information.
BR,
Anurag
Dear Anurag,
So i have to install WebDispatcher first right,
1)After that i have to do the reverse proxy configuration?
2)After reverse proxy, people can access sap portal from outside our network with browsers?
3)Can we change the http://hostname:port/irj/portal to https://www.mywebsite.com?
4)Should we need separate server for web dispatcher?
Dear Prathish,
Yes, you've to first install Web Dispatcher.
1. Once it is installed, then do the reverse proxy configurations.
2. People will be able to access SAP Portal over Internet and for that your web dispatcher should be accessible through Internet.
3. Once you configure your web dispatcher to act as a reverse proxy, you can achieve 3rd point.
4. Ideally, you should have a separate server for Web Dispatcher because it is generally placed in DMZ and hence should not be installed on your SAP server.
BR,
Anurag
Dear Anurag,
Downloaded the software and kept it in a separate server, where no other installations are there.
Our landscape for portal is in cluster environment, is there any difference on the installation?
In CMD its asking for message server hostname, i have to assign the message server and ports of sap portal right?
Have you got any installation guide for 7.4 in cluster environment?
Is the below link is correct, they installed it in a same server where sap is already there?
How to Install SAP Web Dispatcher in Microsoft Failover Cluster? | Deepak Khadye
Dear Prathish,
There is no difference in the installation of Web Dispatcher whether your portal is single server or in cluster environment.
Yes, you've to give your message server host name of Portal and HTTP port of message server in the profile parameters of Web Dispatcher.
Something like this will help:
wdisp/system_1 = SID=Portal SID, MSHOST=<FQDN of Portal>, MSPORT=81XX,SRCURL=/, SRCSRV=<FQDN of Web Dispatcher>:*
Please let me know in case you need any additional info on configuring the profile parameters of Web Dispatcher.
BR,
Anurag
Dear Anurag,
I got the below document,But if i am installing in different server, how i can do the configuration as in the note 1564222?
1564222 - How to install the SAP Web Dispatcher in a Microsoft Failover Cluster?
Dear Prathish,
Have you already installed the Web Dispatcher?
You can follow the below help document to configure Web Dispatcher to route the requests to multiple SAP systems.
One Web Dispatcher, Two Systems: Configuration Example - SAP Web Dispatcher - SAP Library
Now in your case, as it's a cluster environment, you will have to provide the central instance host name as host name of Message Server.
You can find the port information in the SCS profile of central instance.
You can get in touch with your BASIS team to do these configurations.
BR,
Anurag
Dear Prathish,
Please configure the instance profile parameters now like the one that I've shared in one of my posts above.
#-----------------------------------------------------------------------------
#SAP Web dispatcher parameters
#-----------------------------------------------------------------------------
wdisp/system_conflict_resolution = 1
icm/server_port_0 = PROT=HTTP, PORT=8000
icm/server_port_2 = PROT=HTTP, PORT=80
wdisp/system_0 = SID=ECC System SID, MSHOST=FQDN of ECC System,MSPORT=HTTP Port of Message Server,PROT=HTTP/HTTPS, SRCURL=/sap/bc;/sap/, SRCSRV=*:8000
wdisp/system_1 = SID=Portal System SID, MSHOST=FQDN of Portal Server, MSPORT=HTTP Port of Message Server,SRCURL=/, SRCSRV=FQDN of Web Dispatcher:*
Also, modify the ITS Hostname and Web AS Hostname properties of your existing system object to Web Dispatcher Hostname and Port.
After configuring, everything click on Monitor Application Servers (Backend and Frontend) through Admin Interface.
You can also do checkconfig to check if your config is error free.
sapwebdisp pf=<profile> -checkconfig
Once everything is fine, you can access your Portal with the Web Dispatcher URL like the one below:
http://webdispatcherhostname.abcd.com/irj/portal
BR,
Anurag
Dear Anurag,
If i am editing the names in sap portal server, is there any issues, because currently people are working on that.
Where i can change the name of my portal http://myserver.com:port/irj/portal to http://myserver.com and how i can access it from outside my network like internet?
Dear Prathish,
Yes, if you modify the system object properties for ITS and Web AS in Portal, you will not be able to use SSO if you access the Portal with your Portal server <FQDN>.
For eg. If you currently access your portal with the URL like http://<FQDN of Portal server>:<Port>/irj/portal and you modify the system object properties as I suggested, you will face issues with SSO to your backend ECC system.
For this purpose, what you can do is to have a Public (Internet Call) / Private (Intranet Call) IP of your Web Dispatcher having the same host name (mapped in DNS).
In this way, you'll have a common host name to access portal either from Intranet or through Internet.
You can get in touch with your network team to do the required mapping of IPs in DNS.
Once, you do this, there will always be a single common URL to access Portal from anywhere (Intranet or Internet) something like: http://webdispatcherhostname.abcd.com/irj/portal
As I said before, the recommended way is to place the Web Dispatcher in DMZ so that it should accept the client calls coming from Internet and route it to the respective SAP server inside firewall.
Now, coming to your second question, you can achieve this by specifying the start URL of Portal server in NWA. Follow the below steps:
Access NWA by the url : http://<FQDN>:<port>/nwa
Follow menu path: Configuration > Connectivity > HTTP Provider Configuration
Enter /irj/portal in the default start page property and click on Save.
Now you'll be able to access portal without having need to type /irj/portal all the time.
Also, the default HTTP port is 80 and that's what we've given in our WD configuration and hence there is no need to even specify Port No while calling the web dispatcher.
Hope this info is useful.
BR,
Anurag
Dear Anurag,
I connected the webdisp to my ides portal and changed the profile, now its not starting the instance.
Webdispatcher profile:
# Profile generated by sapwebdisp bootstrap
# unique instance identifier
SAPSYSTEMNAME = WDP
# unique instance number
SAPSYSTEM = 05
# add default directory settings
DIR_EXECUTABLE = .
DIR_INSTANCE = .
# Accessibility of Message Servers
rdisp/mshost = AWQAFIDES-HQ
ms/http_port = 8104
# SAP Web Dispatcher Parameter
wdisp/auto_refresh = 25
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
# configuration for default scenario (medium size)
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 500
wdisp/HTTPS/max_pooled_con = 500
# SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=8005
icm/server_port_1 = PROT=HTTPS,PORT=4305
# SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,PORT=4305,DOCROOT=./admin,AUTHFILE=icmauth.txt
wdisp/system_conflict_resolution = 1
icm/server_port_0 = PROT=HTTP, PORT=8000
icm/server_port_2 = PROT=HTTP, PORT=80
wdisp/system_0 = JDT, MSHOST=AWQAFIDES-HQ.awqaf.gov.kw,MSPORT=8104,PROT=HTTP/HTTPS, SRCURL=/sap/bc;/sap/, SRCSRV=*:8000
wdisp/system_1 = JDT, MSHOST=AWQAFIDES-HQ.awqaf.gov.kw, MSPORT=8104,SRCURL=/, SRCSRV=AWQ-WEBDISP1.awqaf.gov.kw:*
Default profile for IDES:
SAPDBHOST = AWQAFIDES-HQ
j2ee/dbtype = mss
j2ee/dbhost = AWQAFIDES-HQ
j2ee/dbname = JDT
dbs/mss/server = AWQAFIDES-HQ
SAPSYSTEMNAME = JDT
OS_UNICODE = uc
SAPGLOBALHOST = AWQ-WEBDISP1
system/type = J2EE
SAPFQDN = awqaf.gov.kw
SAPLOCALHOSTFULL = $(SAPLOCALHOST).$(SAPFQDN)
service/protectedwebmethods = SDEFAULT
#-----------------------------------------------------------------------
# SAP Central Service Instance for J2EE
#-----------------------------------------------------------------------
j2ee/scs/host = AWQAFIDES-HQ
j2ee/scs/system = 04
j2ee/ms/port = 3904
icm/HTTP/mod_0 = PREFIX=/,FILE=$(DIR_GLOBAL)/security/data/icm_filter_rules.txt
ssf/name = SAPSECULIB
Instance profile for portal
SAPSYSTEMNAME = JDT
SAPGLOBALHOST = AWQ-WEBDISP1
SAPSYSTEM = 03
INSTANCE_NAME = J03
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_INSTANCE)\exe
DIR_PROFILE = \\AWQAFIDES-HQ\sapmnt\JDT\SYS\profile
_PF = $(DIR_PROFILE)\JDT_J03_AWQAFIDES-HQ
SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%
#-----------------------------------------------------------------------
# Copy SAP Executables
#-----------------------------------------------------------------------
_CPARG0 = list:$(DIR_CT_RUN)/j2eeinst.lst
Start_Program_00 = immediate $(DIR_CT_RUN)\sapcpe$(FT_EXE) pf=$(_PF) $(_CPARG0)
_CPARG1 = list:$(DIR_CT_RUN)/igsexe.lst
Start_Program_01 = immediate $(DIR_CT_RUN)\sapcpe$(FT_EXE) pf=$(_PF) $(_CPARG1)
_CPARG2 = list:$(DIR_CT_RUN)/dbclient.lst
Start_Program_02 = immediate $(DIR_CT_RUN)\sapcpe$(FT_EXE) pf=$(_PF) $(_CPARG2)
_CPARG3 = list:$(DIR_CT_SAPJVM)/sapjvm_6.lst
_CPARG4 = source:$(DIR_CT_SAPJVM)
Start_Program_03 = immediate $(DIR_CT_RUN)\sapcpe$(FT_EXE) pf=$(_PF) $(_CPARG3) $(_CPARG4)
_CPARG5 = list:$(DIR_CT_RUN)/sapcrypto.lst
Start_Program_04 = immediate $(DIR_CT_RUN)\sapcpe$(FT_EXE) pf=$(_PF) $(_CPARG5)
jstartup/trimming_properties = off
jstartup/max_caches = 500
j2ee/dbdriver = $(DIR_EXECUTABLE)\mssjdbc\jdbc4\sqljdbc4.jar
igs/listener/rfc/disable = 1
SAPJVM_VERSION = 6.1.018
DIR_SAPJVM = $(DIR_EXECUTABLE)$(DIR_SEP)sapjvm_6
jstartup/vm/home = $(DIR_SAPJVM)
#-----------------------------------------------------------------------
# Start J2EE database
#-----------------------------------------------------------------------
Start_Program_05 = immediate $(DIR_CT_RUN)\strdbsj2ee.cmd JDT j2ee
#-----------------------------------------------------------------------
# Start Java application server
#-----------------------------------------------------------------------
_JC = $(DIR_EXECUTABLE)\jstart$(FT_EXE)
Start_Program_06 = local $(_JC) pf=$(_PF)
#-----------------------------------------------------------------------
# Start internet graphics server
#-----------------------------------------------------------------------
_IG = $(DIR_EXECUTABLE)\igswd$(FT_EXE)
Start_Program_07 = local $(_IG) -mode=profile pf=$(_PF)
ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)
sec/libsapsecu = $(ssl/ssl_lib)
ssf/ssfapi_lib = $(ssl/ssl_lib)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
j2ee/instance_id = ID319232
login/create_sso2_ticket=2
login/accept_sso2_ticket=1
icm/host_name_full=AWQ-WEBDISP1.awqaf.gov.kw
login/password_change_for_SSO=0
start profile for portal:
SAPSYSTEMNAME = JDT
SAPGLOBALHOST = AWQ-WEBDISP1
SAPSYSTEM = 04
INSTANCE_NAME = SCS04
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_INSTANCE)\exe
DIR_PROFILE = \\AWQAFIDES-HQ\sapmnt\JDT\SYS\profile
_PF = $(DIR_PROFILE)\JDT_SCS04_AWQAFIDES-HQ
SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%
#-----------------------------------------------------------------------
# Copy SAP Executables
#-----------------------------------------------------------------------
_CPARG0 = list:$(DIR_CT_RUN)/scs.lst
Start_Program_00 = immediate $(DIR_CT_RUN)\sapcpe$(FT_EXE) pf=$(_PF) $(_CPARG0)
_CPARG1 = list:$(DIR_CT_RUN)/sapcrypto.lst
Start_Program_01 = immediate $(DIR_CT_RUN)\sapcpe$(FT_EXE) pf=$(_PF) $(_CPARG1)
DIR_INSTANCE = E:\usr\sap\$(SAPSYSTEMNAME)\$(INSTANCE_NAME)
enque/serverhost = $(SAPLOCALHOST)
OS_UNICODE = uc
#-----------------------------------------------------------------------
# Start SAP message server
#-----------------------------------------------------------------------
_MS = $(DIR_EXECUTABLE)\msg_server$(FT_EXE)
Restart_Program_02 = local $(_MS) pf=$(_PF)
#-----------------------------------------------------------------------
# Start SAP enqueue server
#-----------------------------------------------------------------------
_EN = $(DIR_EXECUTABLE)\enserver$(FT_EXE)
Restart_Program_03 = local $(_EN) pf=$(_PF)
#-----------------------------------------------------------------------
# Start gateway
#-----------------------------------------------------------------------
_GW = $(DIR_EXECUTABLE)\gwrd$(FT_EXE)
Restart_Program_04 = local $(_GW) pf=$(_PF) -no_abap
#-----------------------------------------------------------------------
# SAP Message Server for Java
#-----------------------------------------------------------------------
rdisp/msserv = 0
rdisp/msserv_internal = 3904
ms/standalone = 1
ms/server_port_0 = PROT=HTTP,PORT=81$$
#-----------------------------------------------------------------------
# SAP Enqueue Server
#-----------------------------------------------------------------------
enque/serverinst = $(SAPSYSTEM)
rdisp/enqname = $(rdisp/myname)
ipc/shm_psize_34 = 0
enque/async_req_max = 5000
enque/server/threadcount = 4
enque/server/max_requests = 5000
enque/server/max_query_requests = 5000
enque/table_size = 64000
enque/snapshot_pck_ids = 1600
ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)
sec/libsapsecu = $(ssl/ssl_lib)
ssf/ssfapi_lib = $(ssl/ssl_lib)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
Hi Prathish,
If you are getting dispatching error while accessing your Portal through Web Dispatcher, then there is certainly an issue with the instance profile of your Web Dispatcher.
Please do checkconfig to check if your Web Dispatcher config is error free / properly configured by running the following command.
sapwebdisp pf=<profile> -checkconfig
BR,
Anurag
Dear Anurag,
I restarted the server and i am able to open sap portal with address https://sapwebdisp:4305/irj/portal, but in page am getting the error as below.
How can i change the URL https://sapwebdisp:4305/irj/portal to http://sapmycompany.com
Config:
Dear Prathish,
So, your Web Dispatcher profile is fine now and the issue is because you're accessing your Portal through Web Dispatcher over HTTPS Port.
In this case, you'll have to configure the SAP Web Dispatcher to Support SSL.
BTW, did you try to access the portal through Web Dispatcher on HTTP Port. I believe that should be working fine.
You can follow the below help document for configuring the SAP Web Dispatcher to support SSL.
BR,
Anurag
Dear Anurag,
I can access with http.i need one more thing How can i change the URL https://sapwebdisp:4305/irj/portal to http://sapmycompany.com
Dear Prathish,
To remove the port in the calling URL, I think you should set the HTTPS port of Web Dispatcher to 443 instead of 4305 in the below profile parameters:
# SAP Web Dispatcher Ports
icm/server_port_1 = PROT=HTTPS,PORT=4305
Just try and let us know the outcomes.
Also, to eliminate the /irj/portal from the Portal URL,
you can achieve this by specifying the start URL of Portal server in NWA.
Follow the below steps:-
Access NWA by the url : http://<FQDN>:<port>/nwa
Follow menu path: Configuration > Connectivity > HTTP Provider Configuration
Enter /irj/portal in the default start page property and click on Save.
Now you'll be able to access portal without having need to type /irj/portal all the time.
Just try this as well as let us know if this helps!!!
BR,
Anurag
Dear Anurag,
it didn't work for the port, irj/portal, i already removed. is there any other solution, my webdisp is like http://sapwebdisp:8005
Hi Prathish,
Hope you are doing good.
What you are looking for is an external facing portal.
Please check:
External Facing Portal - Portal - SCN Wiki
and
Implementing an External-Facing Portal - SAP NetWeaver Security Guide - SAP Library
Thank you!
____________
Kind Regards,
Hemanth
SAP AGS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.