Thursday, July 7, 2011

How To install SAProuter via SNC

The first thing we need to do, is to send a customer message to SAP Support (component XX-SER-NET-OSS-NEW) and tell them to register the hostname and IP of our new Saprouter.

(In our case it is system name (hostname) = " **"and Public Ip =*******)

We have to register it with the official IP address (no internal IPs allowed), but it's allowed to use NAT in the firewall/router.
Ports to be allowed in firewall/router (for Secured connection).
• 32nn: R3 Support Connection
• 23: Telnet
• 1503: Netmeeting
• 5601: PC-Anywhere
• 3389: Windows Terminal Server (WTS)
After we've received a confirmation from SAP that our Saprouter has been registered, we are ready to configure the Saprouter.
2.1 Go to www.service.sap.com/downloads and down latest SAP Crypto Library
2.2 copy sapcar.exe from exe/run directory of SAP Server
2.3 uncar the dlls and sapgenpse.exe from this using sapcar -xvf xxxxxxxx.car

If our Saprouter directory is C:\saprouter, these are the steps to follow.

STEP 1: Copy the unpacked files into C:\saprouter

STEP 2: Set 2 environment variables: SECUDIR and SNC_LIB according to the
guide we've downloaded.

SECUDIR=C:\Saprouter
SNC_LIB=C:\Saprouter\sapcrypto.dll

STEP 3: To generate a certificate request, run the command -
sapgenpse get_pse -v -r C:\usr\sap\saprouter\certreq -p C:\saprouter\local.pse ""

[In our case Distinguished Name =CN=***, OU=*****, OU=SAProuter, O=SAP, C=DE available at system data maintaince and also at www.service.sap.com /saprouter-sncadd

In this step certreq and local.pse files are created at C:\saprouter folder

Note: We will be asked for a PIN code. Just pick our own 4 numbers, but we'll have to use the same PIN every time we are asked to enter one. This number is important because, the same number should be provided in future when our Saprouter secure certificate validity expires, so remember the PIN code. (In our case it is PIN:****)]

STEP 4: Then we have to follow the guide and request the certificate from
http://service.sap.com/saprouter-sncadd-> SAProuter Certificate

You may apply for a SAProuter certificate from the SAP Trust Center Service of SAP service marketplace http://service.sap.com/saprouter-sncadd
> SAP Trust Center Service in Detail > SAProuter Certificates


SAProuter Certificate "Apply Now"

STEP 5: Copy the contents of the certreq file and paste the contents in the place provided there.

STEP 6: Then, clicked the "Continue" button.

STEP 7: This will generate a certificate details: then copy the contents and create a file srcert (without any extension) in C:\Saprouter and copy the certificate details and paste it in this file.

STEP 8: Run the command -
sapgenpse import_own_cert -c C:\saprouter\srcert -p C:\saprouter\local.pse

(This will create files dev_rout etc. In C:\saprouter folder then create a file saprouttab (Without any extension and copy the following contents the file.



STEP 9: To generate credentials for the user that's running the SAProuter
service, run command:

sapgenpse seclogin -p C:\saprouter\local.pse -O administrator

(this will create the file "cred_v2" in C:\saprouter folder )

STEP 10: Check the configuration by running command:

sapgenpse get_my_name -v -n Issuer
(This should always give the answer "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE")
sapgenpse get_my_name(to find the validity of license)
STEP 11: Create SAProuter service on Windows with the command :(download ntscmgr from Sap note 618053) and run the command -

ntscmgr install SAProuter -b C:\saprouter\saprouter.exe -p
"service -r -R C:\saprouter\saprouttab -W 60000 -K ^p:^"

STEP 12: Edit the Windows Registry key as below: (regedit)

MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAProuter\ImagePath --> Change both the (^) to (")

RECOMMENDED TO RESTART

STEP 13: Start the SAProuter service (there maintain logon user details as administrator and password.)

STEP 14: Enter the below parameters in OSS1 -> Menu - Technical Settings

a). Click on Change -

Saprouter at Customer Site:

Name:
IP Address:
Instance no:

Saprouter at SAP:

Name:
IP Address:
Instance no:

Save the settings.

Now you can log on to SAPNet by clicking on Logon to SAPNet.

Use your OSS ID and password.

Controls:
Start router : saprouter -r
Stop router : saprouter -s
Soft shutdown: saprouter -p
Router info : saprouter -l (-L)
new routtab : saprouter -n
toggle trace : saprouter -t
cancel route : saprouter -c id
dump buffers : saprouter -d
flush " : saprouter -f

source : http://wiki.sdn.sap.com/wiki/display/Basis/SAProuter+via+SNC

No comments: