sap router installation with snc
TRANSCRIPT
![Page 1: SAP Router Installation with SNC](https://reader037.vdocuments.mx/reader037/viewer/2022100217/58ad30d01a28ab02268b5af1/html5/thumbnails/1.jpg)
SAP Router Installa0on with SNC
![Page 2: SAP Router Installation with SNC](https://reader037.vdocuments.mx/reader037/viewer/2022100217/58ad30d01a28ab02268b5af1/html5/thumbnails/2.jpg)
• SAP Router is a program that acts as a proxy between SAP systems and external networks
• It controls access to your network from external network systems such as SAP AG
• It acts as an applica?on level gateway and is useful for enhancing an exis?ng firewall
• This document focuses on the installa?on of SAP Router using Secure Network Communica?on (SNC) and is aimed at system administrators responsible for seGng up connec?vity from SAP to customer
Introduc0on
![Page 3: SAP Router Installation with SNC](https://reader037.vdocuments.mx/reader037/viewer/2022100217/58ad30d01a28ab02268b5af1/html5/thumbnails/3.jpg)
• Download of the latest installa?on media for SAP Router and the SAP Cryptographic library from SAP Support Portal
• Register your with SAP Router with SAP o obtain public IP and hostname of your SAP Router host o fill in remote connec?on data sheet from note 28976 o raise incident with SAP under component XX-‐SER-‐NET-‐NEW o SAP will provide your Dis?nguished Name
• E.g. CN=<SAP Router host>, OU=<Customer Number>, OU=SAProuter, O=SAP, C=DE
• Prepare SAP Router host o create a user e.g. “sapadm” in group sapsys o create and installa?on filesystem e.g. /usr/sap/saprouter o set ownership of installa?on filesystem to “sapadm:sapsys”
Pre-‐Requisites
![Page 4: SAP Router Installation with SNC](https://reader037.vdocuments.mx/reader037/viewer/2022100217/58ad30d01a28ab02268b5af1/html5/thumbnails/4.jpg)
Installa0on • Perform the installa?on as user sapadm • Unpack the so]ware into your installa?on file system
o SAPCAR -‐xvf <saprouter so]ware archive> o SAPCAR -‐xvf <sapcryptographic so]ware archive>
• Update environment of sapadm o PATH = ${PATH}:<installa?on directory> o SECUDIR = <installa?on directory> o SNC_LIB = <installa?on directory>/<sapcryptographic_library> o LD_LIBRARY_PATH = <installa?on directory>
![Page 5: SAP Router Installation with SNC](https://reader037.vdocuments.mx/reader037/viewer/2022100217/58ad30d01a28ab02268b5af1/html5/thumbnails/5.jpg)
Registering SAP Router • Go to
hfps://support.sap.com/remote-‐support/saprouter/saprouter-‐cer?ficates.html
• Generate SAP Router cer?ficate request using dis?nguished name registered at SAP with sapadm and command sapgenpse o sapgenpse get_pse -‐v -‐a sha256WithRsaEncryp?on -‐s 2048 -‐r certreq -‐p
local.pse “<Dis?nguished Name>”
• Copy and paste the content of text file (certreq) created by sapgenpse into the SAP support page and request cer?ficate
• Copy and paste the result of the cer?ficate request onto the saprouter host as a text file “srcert” under the /usr/sap/saprouter directory
![Page 6: SAP Router Installation with SNC](https://reader037.vdocuments.mx/reader037/viewer/2022100217/58ad30d01a28ab02268b5af1/html5/thumbnails/6.jpg)
Import Cer0ficate • Import “srcert” onto saprouter using sapgenpse command
below and create creden?als for user “sapadm” to access local pse o sapgenpse import_own_cert -‐c srcert -‐p local.pse
o sapgenpse seclogin -‐p local.pse -‐O sapadm
![Page 7: SAP Router Installation with SNC](https://reader037.vdocuments.mx/reader037/viewer/2022100217/58ad30d01a28ab02268b5af1/html5/thumbnails/7.jpg)
Create Router Table • The SAP Router table is a permission file containing details of
who can communicate through the SAP Router
• As “sapadm” create the text file saproufab under /usr/sap/saprouter and configure similar to the example below
![Page 8: SAP Router Installation with SNC](https://reader037.vdocuments.mx/reader037/viewer/2022100217/58ad30d01a28ab02268b5af1/html5/thumbnails/8.jpg)
Opera0ng SAP Router • Operate SAP Router with the user created for the installa?on • Issue start/stop commands from the installa?on directory
• Start the SAP Router with the following command – saprouter -‐r -‐S <port> -‐G saprouter.log -‐K "<DN>" & – where:
o -‐K : to start with loading SNC library
o <DN> : Dis?nguished Name
o -‐S : saprouter port
o -‐G : name of the log file • Stop the SAP Router with the following command
– saprouter -‐s
![Page 9: SAP Router Installation with SNC](https://reader037.vdocuments.mx/reader037/viewer/2022100217/58ad30d01a28ab02268b5af1/html5/thumbnails/9.jpg)
Thank-‐you