Sei sulla pagina 1di 9

Introduction

The purpose of this document is to set out the process used in the creation of a
SAProuter connection to SAP.

Installation Process
Server:
A dedicated server (hostname) has been built for the SAProuter). The spec of this
server is:

2 hyper-threading (HTT) CPUs with 2GHz tact frequency


2 GB RAM
50 MB free space on the hard drive for SAProuter and configuration
20GB D: drive for SAP router & log files
64bit server
OS Windows 2008

Its internal IP address: Host IP

SAP Registration
In order to have this new SAProuter connection with SAP, registered the following
details with SAP.
On approval SAP register the following details in the SAP Marketplace

SAP Software
The following version of the SAProuter software was downloaded from the SAP
Marketplace:

SAProuter 7.20 (patch level 423) for Windows on x64 64bit

We also downloaded the following cryptographic software for the SNC connection

SAPCRYPTOLIB 5.5.5 (patch level 36) for Windows on x64 64bit


Diretrio deve conter os seguintes ficheiros:

Setting the Evironment Variable


Once the software has been installed on the server the next step is to set the
environment variables SECUDIR and SNC_LIB.
These are as follows:

SECUDIR = D:\usr\sap\sap\saprouter
SNC_LIB = D:\usr\sap\sap\saprouter\sapcrypto.dll

One set reboot the system once you have checked that the terminal services
have started.

Downloading and Installating the SAP Router certificate


From the SAP Marketplace download a certificate and then install it on the server.
The process for doing this is as follows.
Go to the SAP Marketplace and obtain the Distinguished Name for the new
SAProuter installation as advised by SAP. For this installation it is:

CN=HOSTNAME, OU=0000848841, OU=SAProuter, O=SAP, C=DE

https://websmp105.sap-ag.de/saprouter-sncadd

Generate the certificate request with the command:


sapgenpse get_pse -v -r certreq -p local.pse "CN=hostname, OU=0000848841,
OU=SAProuter,
O=SAP, C=DE"

From the directory D:\usr\sap\sap\saprouter\, copy the content of the file certreq
to the second tab Create and Enter CSR in the SAP Marketplace.
>> SAP will then return the new certificate on selecting Request Certificate
Copy and paste the text to a new local file named "srcert", which must be
created in the same directory as the sapgenpse executable
(D:\usr\sap\sap\saprouter\)
This certificate needs to be imported into SAProuter.
First of all execute the following command on the /saprouter/ directory:
CMD>

sapgenpse import_own_cert -c srcert -p local.pse

CMD>

Enter PIN: ?????

Now you will have to create the credentials for the SAProuter to do this execute
the following command in the /saprouter/ directory.
CMD>

sapgenpse seclogin -p local.pse

CMD>

Enter PIN: ????? (same as point 9)

This will create a file "cred_v2" in the same directory as local.pse.

To check whether the certificate has been imported correctly execute this
command in the /saprouter/ directory.
CMD> sapgenpse get_my_name -v -n Issuer

The successful result will be: Issuer : "CN=SAProuter CA, OU=SAProuter, O=SAP,
C=DE".

Installing the SAP Router as NT Service


Should there be registry changes also detailed here?

Use the following command to newly define the service from the command line:

sc.exe create SAPRouter binPath= "D:\usr\sap\saprouter\saprouter.exe service -r


-W 60000 -R
D:\usr\sap\saprouter\saprouttab -K ^p:CN=HOSTNAME, OU=0000848841,
OU=SAProuter, O=SAP, C=DE ^" start= auto obj= "NT AUTHORITY\LocalService"
You will receive the following success message: [SC] CreateService SUCCESS
Starting the SAP Router
To start the SAProuter use the following command line:
CMD> saprouter -r -S -K "p:"
(-K tells the SAProuter to start with loading the SNC library)
In our case the command was:
CMD> saprouter -r -K "p:CN=hostname, OU=0000848841, OU=SAProuter,
O=SAP, C=DE"
The parameter -S , was omitted and therefore the SAProuter is using the default
port 3299.

Network
Steps described in SAP note 525751(Installation of the SNC SAP Router as NT
Service)

Edit the string in the registry under


MyComputer
HKEY_LOCAL_MACHINE
SYSTEM
CurrentControlSet
Services
saprouter and change ^ to under Image Path.

Then Save it.

Routtab configuration.
The corresponding file saprouttab must contain at least the following entries

# SNC connection to SAP


KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

# Acesso Novabase
####KT "p:CN=Eslovaquia, OU=0000611718, OU=SAProuter, O=SAP, C=DE"
193.236.123.1 *
KT "p:CN=Eslovaquia, OU=0000611718, OU=SAProuter, O=SAP, C=DE"
62.48.47.225 *
KP "p:CN=Eslovaquia, OU=0000611718, OU=SAProuter, O=SAP, C=DE " * *

# SNC connection to local system for R/3-Support


KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.30 3200
# SAP Produo - FIN00199B
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.31 3200
# SAP Qualidade - FIN00199C
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.32 3200
# SAP Desenvolvimento - FIN00199D
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.33 3200
# SAP Solution Manager - FIN00199E

# SNC HTTP connections


KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.33 8000
# SAP Solution Manager - FIN00199E - ABAP HTTP
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.33 50000
# SAP Solution Manager - FIN00199E - JAVA HTTP

# SNC-connection from SAP to local R/3 Systems for EarlyWatch


KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.30 3300
# SAP Produo - FIN00199B
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.31 3300
# SAP Qualidade - FIN00199C
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.32 3300
# SAP Desenvolvimento - FIN00199D
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.33 3300
# SAP Solution Manager - FIN00199E

# SNC connection to local WINDOWS system for WTS, if applicable


KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.30 3389
# SAP Produo - FIN00199B

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.31 3389


# SAP Qualidade - FIN00199C
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.32 3389
# SAP Desenvolvimento - FIN00199D
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 172.30.129.33 3389
# SAP Solution Manager - FIN00199E

# Access from your local Network to SAPNet - R/3 Frontend


P * 194.39.131.34 3299
####P * 193.236.123.1 3299
P * 62.48.47.225 3299

# SAP
# NOVABASE
# NOVABASE

# deny all other connections


D***

Configuration in SAP market place and OSS1 (Technical Settings)


Tcode- OSS1
Go to technical settings
Maintain the details. (New SAP router details)
Destination IP address at SAP side: 194.39.131.34
Hostname of this machine : sapserv2

Cross check the Msg Server string, it should be with the new SAP router,
/H/Router Host IP/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001

Login to SMP. (SAP market place)


Help & Support -> Connect to SAP > Maintain connection
Select the system.> go to system data. Update the router information as below
indicated