ADM - AS Java Administration (1).pdf - Ebook download as PDF File .pdf ) or read ADM - Performance and Tuning - SAP System With Sybase ASE. ADM AS Java – Administration. SAP NetWeaver. Course Outline Some software products marketed by SAP AG and its distributors. DOWNLOAD PDF - MB. Share Embed Donate. Report this ADM AS Java – Administration SAP NetWeaver. Date Training Center.
|Language:||English, Spanish, French|
|Genre:||Academic & Education|
|Distribution:||Free* [*Register to download]|
, ADM - Administration AS Java (Col73).pdf. , ADM - Administration AS Java (Col74).pdf. , ADM (Intructor) - SAP. SAP - SAP Enterprise Portal – System Administration. Suggested Operate and Monitor an SAP Enterprise Portal Securely. Implement in ADM course. ADM SAP AS Java - Administration course by New Horizons can help you reach your career goals.
That answer could be closer than you think. Take a moment to learn more about SAP careers. Your career can lead you down a number of interesting and diverse paths.
You ll see that reflected in our SAP recruitment process. What you won t see are standardized tests or group assessments because we feel there are much better ways to learn about you from both a personal and a professional standpoint. Take a moment to review our five-step application process below. Get started We re looking forward to meeting you soon.
They train thousands of people each year in the tools and techniques of business intelligence. With over 13 years experience delivering training for SAP BusinessObjects, they have trained over 15, delegates, developing the BI skills of beginners, end users, and advanced technical users.
Blueprint deliver scheduled courses in Asia. E-Learning for Key Solutions This series designed for executives, business consultants, and technical experts focuses on the value of several key SAP solutions, including core functionality and business benefits. You'll see how these solutions can improve processes throughout your organization and how you can manage change and increase end-user acceptance. Role-Specific Training SAP's learning curriculum caters to a wide range of learning styles and subject-matter requirements.
Experienced consultants, project team members, support professionals, end users, power users, and executives will find courseware to meet their needs. All courses are based on real-world business scenarios and the latest learning methodologies and technological standards to provide an e-learning environment that will enable users to work more productively with the SAP solutions related to their business functions.
Business Process-Oriented Learning from SAP This series gives users a clear understanding of how SAP solutions support key business processes, and how their own work fits into the bigger picture. Introduction The SAP all Modules has the capability of meeting all the integration needs of an organization. It is within this module that Managers as well as other Manager. There will also be plenty of opportunity to network with other SAP customers and partners and we will also have a mini exhibition with stands from our Authorized Education Partners, SAP Consulting and many others for you to look at on the day.
To register an interest in attending, please drop us an at and we ll send you an official invite nearer the time. Q2- Do your instructors have SAP project implementation experience?
Our SAP Training Program has a team of professionally trained and certified senior consultants, who impart of training. Our instructors offer a dynamic combination of specific hands-on industry experience, technology expertise and strong project management skills. Most of our instructors have an average of 5 years of SAP experience and have been involved in various SAP full cycle implementations for different industries. Q3: I am working full time pm. How can I attend your day session?
Generally, It happened with all, therefore, we conduct SAP classes after pm Monday to Sunday, We will be happy to provide the information upon request. Q4 - Does SAP provide job placements after successful completion of training? SAP does not guarantee placements but SAP and its education centers inform candidates about the opportunities available in companies who have a requirement for SAP certified consultants.
SAP training helps you maximize and accelerate the return on your investment in SAP solutions and gain the competitive advantage from your SAP solutions. What are the recommended courses? Beginners are encouraged to take up level 1 SAP Overview course, which are relevant to beginners. Once your admission procedure has completed, You will be sit in our on-line class according to announced timings dates according to consultant available time. Q9- We are group like 3 to 6 persons so will there be any package for us?
You are welcome but Sorry, We didn't announced any discount package to public, due to maintain quality standard of education services. The certification exam for core modules consists of 80 mcq s questions, for 3 hours.
The no. The questions are objective in nature. These examinations are release specific and reflect the actual tasks of an SAP consultant. The exams are standardized worldwide and carried out under the supervision of SAP. The best way to use them is to establish where you want to get to and work out what lies along the way.
Each map has a key to help you identify the level of the course, plus any prerequisites that course may have. They are designed for attendance by company managers, project managers and project teams. Level 2 - Foundation courses These courses introduce you to fundamental business processes that can be modeled using SAP.
The courses serve as an introduction to a particular solution component, such as SCM - Processes in Procurement. While Level 2 courses are primarily designed for project team members, managers can also benefit from a more in-depth look at business processes and functionality.
Level 3 - Detailed courses These courses focus on providing detailed information about individual application areas, and concentrate on customization and function descriptions. They usually build on information covered in the corresponding Level 2 courses. Scheduled training dates Our scheduled training dates, prices are detailed in an easy reference table under each curriculum map. SAP training courses are scheduled at different frequencies according to their popularity.
However, some courses can be scheduled on demand, so it s always worth checking with us if you don t see a suitable date. To achieve certification, you must pass an exam which will test you on the knowledge gained throughout the training curriculum so you need to follow the path shown to gain the necessary knowledge. Start the Terminal Server Client, enter the physical host name under Server and then choose connect.
Log on to the operating system as the adm user. Depending on whether you selected an individual instance or the SAP system, either an individual instance or the entire SAP system is stopped. In the context menu right-click , choose the Start function. Start the other instances in the same way. You should always start the Central Services instance first. You can see the following Java process types after your SAP system has been started: ICM and multiple JStart.
If you can see the HTTP port there, then you can call the start page of your instance as follows: Task 3: Log on with the user adm and the password assigned for your user.
Tools for Starting and Stopping 2.
You can do this, for example, by executing the Process Explorer program to display an overview of operating system processes. Replace the specifications in the angled brackets with the values for your system. In the telnet console, enter the command sapcontrol -user adm -nr -function StartSystem ALL to start your system. Java Startup and Control Framework Lesson: The functions of the processes are described in this lesson. Understanding the process flow of the start process is crucial to troubleshooting when start problems occur.
This framework is used to start, stop, and monitor the Java stack processes within the SAP system not the Central Services however. It consists of the following processes: SAP Signal Handling is implemented with the Instance Controller to forward the start and stop commands to the processes of the Java stack.
The Instance Controller restarts terminated processes, ends hanging processes, and sends a shutdown signal to the processes of the Java stack. The Instance Controller reads the description of the instance from profile files. The Instance Controller starts the server processes and the ICM, as well as the processes for the offline deployment and the bootstrap.
The Instance Controller creates a shared memory segment for the internal administration data of all processes. The parameterizing of the JVM is imported before the loading. Starting with the Startup and Control Framework 1. The Instance Controller is started: The Instance Controller connects to the Central Services instance.
The Instance Controller reads the file instance. Run-level 1: The Instance Controller reads configuration files from the file system different. The jstart process finishes after the offline deployment. Run-level 2: The bootstrap process synchronizes data from the database to the file system. For example, instance.
The bootstrap process also synchronizes all required binaries for the Java nodes from the database to the file system. This is necessary, since the Class Loading is performed using the file system in the Java environment.
The database always contains the current deployed binaries and properties and distributes these to every Java node when starting. The jstart process finishes after the bootstrap process. Run-level 3: These jstart processes run with the JVM parameters usually several gigabytes of memory.
You will get to know the settings for this in a later unit.
The server processes connect to the database. The Instance Controller monitors the Java instance processes during their runtime, restarts terminated processes, ends hanging processes, and sends the shutdown signal to the ICM or the server processes. The following profile files exist: The Central Services profiles are imported when the Central Services are started. Stopping with the Startup and Control Framework 1. The Signal Handler of the Instance Controller receives a stop signal from the sapstartsrv.
The Instance Controller passes the signal on to all running server processes via named Pipe and waits until they are stopped. When the server processes of this instance are all stopped, the Instance Controller sends the stop signal to the ICM. If a soft shutdown is triggerd, the server process enters the state Preparing to stop and stays in this state until all user sessions are ended.
If there is no more user session, the server changes his state to Ready to stop and continues the stop process as usual.
JSmon belongs to the kernel and is located in the kernel directory. JSmon provides an administration interface for elements in the Java cluster that can be called from the operating system. JSmon In the Process menu option, processes can be started, stopped or their trace level can be changed. In the Instance menu option, an instance can be started or stopped. The Instance Controller is not stopped at this point; that is, the Instance menu option refers only to the processes of the Startup and Control Framework.
In the test menu option, parameters can be evaluated. This evaluation refers to the parameters of the default and instance profiles for the start time of jsmon. Another useful command is repeat. You can use repeat process view to monitor the start process of an instance very effectively.
The commands can also be shortened so long as they are distinct; r p v has the exact same effect as rep proc view for example. Choose "Return" to exit repeat mode. Java Startup and Control Framework Exercise 2: To understand parameter maintenance, it is important to understand how parameters are transferred to Java instances.
Log on to the operating system of your host and display the process overview. Log on to the operating system as for task 1. Navigate to the profile directory and open a command prompt there cmd. Display all the processes of your PAS with the command process view. Java Startup and Control Framework Task 1: You can obtain an overview of the started processes in the Task Manager on your host. Open the Task Manager by right-clicking on the taskbar at the bottom of the screen and choosing Task Manager.
Open the Processes tab page, and ensure that you are viewing all processes of the instances on your host. Search for the processes icman and JStart. You can find the instance profile under: If problems occur during this phase, you should be familiar with the relevant log and trace files.
If problems occur during it, the administrator must be familiar with the most important logs that are written during the start process. The administrator uses these to perform an error analysis, identify the cause, and solve the problem as quickly as possible. These files are also used for error logging during operation. Log and Trace Files In the case of an error or unexpected behavior of the Startup and Control Framework, it is important to check the following trace and log files: Log Files for Starting and Stopping The trace and log files are stored in the work directory of an instance.
Current messages are written at the end of the file. Starting and Stopping ADM For most of the log files listed above, you will also find log files in the work directory with the ending.
In the start process of an instance, the files mentioned above are rewritten and the file names are changed from x. Beside the node names for ICM and Server there are also developer traces for data collections datcol.
In case of start problems, the data collector collects information about the problem and write these information in his developer traces. See the above figure. List the most important log files that are written when starting and stopping. Open the most important log files see task 1 and perform a time-based search for errors.
Open an Explorer window, and navigate to the following directory: Check the entries since the last start of the system. Determine whether this statement is true or false. The Central Services instance is started before the database if the database is not running. The Central Services instance can also be started after the database, for example if the database is already running. True All developer traces and all important start files are stored in the work directory of each instance.
After a basic overview of the tools, some basic configuration activities are carried out using the Config Tool. Further system configurations are then introduced.
Overview of the Administration Tools Calling the Administration Tools Configuration with the Config Tool Further Configuration Activities During the course of this lesson, you learn more about the most important of these tools and their primary usage areas. You do this using the various administration tools. This lesson provides an overview of these various administration tools.
Usage Areas of the Tools This section provides you with an overview of the various tools and their usage areas. Some tools are particularly suitable for a usage area, or are the only tool that can be used for a usage area.
Several tools are suitable for other usage areas on the other hand. This is explained in more detail in this section. Overview of the Administration Tools Figure It is therefore necessary that the database is started, so that you can change the settings with the Config Tool. Config Tool: The Config Tool is available in the file system of each application server. Authentication on the database is usually carried out via Secure Store.
Therefore, at least one application server of the system must be started. Even when the system is stopped and the database is stopped , you can use the SAP Management Console to monitor the system status and evaluate the log files for example. The process sapstartsrv must be running since Release 7. It can therefore be used centrally and remotely to monitor the system status. Telnet is available on many operating systems and can therefore be used for administration without additional installation.
However, in the standard delivery, the telnet access to the AS Java is only released for the localhost. A remote access can be set up by configuring the related ICM parameter. Shell Console Administrator: The Shell Console Administrator is also suitable for starting and stopping services. You can use the Shell Console Administrator to configure the services and managers of all Java instances in the Cluster. It is significantly easier to make the changes to managers and services with the Config Tool.
Therefore, only specialists should make changes to managers and services using the Shell Console Administrator. Calling the Administration and Configuration Tools This section describes the features when calling the different tools. Features for using tools in the J2EE environment.
The start file is stored under the following path at operating system level: To do so, you use the data stored in the Secure Store of the system user and password in the default setting.
You must still confirm whether you want to use these default settings or whether you want to make other settings. Call During the start process of the SAP NetWeaver AS Java instance, the parameters for the start and running operation are read from the database and copied to the file system. With the Config Tool, these parameters are maintained in the database. It is therefore necessary that the database is running so that the Config Tool can read the current parameters from the database. When the Config Tool is opened, you can see and change the default settings for logging on to the database by choosing No.
The window contains the connection data for the database on the tab page Via SecureStore. This is stored during the installation process. The Config Tool then displays the configuration settings saved in the database. You can now view these settings and change them if required. Logon with Secure Store To log on to a remote database using the Config Tool, you can also use the pushbutton Select Security Folder, as shown in the above figure, to store the path for the Secure Store of another system.
To do so, you must be able to reach the Secure Store of the remote system using a network; that is, it must be accessible as a share or mount point for example. If you want to access this database repeatedly, you can save this new connection data as a file using Save Connection As before the logon and use it again later via Load Connection Settings. Logon with Direct Login You can also use the tab page Via Direct Login to log on to a remote database see above figure.
You must fill fields independently here. You can also save this connection data as a file to use it again later. If you choose the option Do not ask me again in the Connection Settings dialog, the default settings are always used. The start page of the NWA is displayed after the logon. Which functions are available in the NWA depends on the installed product.
The functions are sorted into work sets and these are then sorted into work centers. For example, the function Identity Management is located in the work set Security, which in turn is located in the work center Operation. A function can also be available in several work sets.
Which work sets, work centers and functions you see depends on the profile that is selected. You can change the profile by choosing the Personalize menu. Using the search field you can find functions by their names or descriptions.
After you select the function, the display changes in the NWA as shown in the figure below. History allows you to view the functions that you have called during this logon session in NWA. Home takes you back to the work center and work set overview. Confirm any security warnings. The system list can also be read from a directory service via the LDAP protocol. You can use the file sapmc. You use, for example, the same user to do this as for the NWA.
Call After you logon via telnet, you are taken directly to a server node of the system. The command jump takes you to another node. The command man currently lists available commands. Overview of the Administration Tools Exercise 4: Calling the Administration Tools Exercise Objectives After completing this exercise, you will be able to: Your instructor will give you the exact access data.
Config Tool Start the Config Tool 1. Display the standard access data for the database of your system and connect to this database. Keep in mind that you can use the telnet access only from the host of your SAP system.
Calling the Administration Tools Task 1: You can find this file under D: Overview of the Administration Tools Task 3: Knowledge about the available tools is required to do this. One of these tools is the Config Tool, which is explained in more detail in this lesson. You can make settings for applications applications , managers managers , services services and the log configuration log configuration at template level and individually for each instance.
The instances are displayed in the Config Tool with the instance number leading zeros are omitted. The parameters of the selected elements are displayed and maintained in the window on the right of the Config Tool. The aim is to simplify the technical configuration of the AS Java and to adjust it dynamically to changes in the system environment. Configuration templates are provided to implement the concept; they enable a simple adjustment of the AS Java configuration to the requirements of the installed product.
In addition, dynamic configuration parameters that can be used to make changes, for example, to the hardware without reconfiguring the AS Java are introduced. For example, the heap memory of the VM can be configured as a fraction of the physical RAM available or the number of server processes as a multiple of the available CPU.
The customer can continue to adjust the default settings that are delivered. However, the amount of effort required to make changes is less than in previous releases. Furthermore, the template concept also enables the default settings to be updated smoothly via Support Packages without overwriting customer settings. The following figure shows the infrastructure of the AS Java configuration.
Configuration infrastructure The developer determines the potential configuration settings of an application or a manager, or services and their default values Default level.
Changes to these default settings that are valid throughout the system can be made at Custom Global level. The changes made there are retained if you switch from the template that is currently active to another template and if these settings are not overwritten at template level.
SAP provides concrete default configuration settings for individual products with the templates Template Default. The corresponding template is activated by the installation program SAPinst during the installation of the product. There are different templates for different products.
In the template, filter rules are used to decide which applications and services are already started when the system is started. These changes override the settings of the previous levels.
If no instance-specific customer changes are made Instance Custom , the settings apply at template level throughout the system. Certain system parameters can be used for the dynamic configuration that are evaluated dynamically at runtime; for example, the number of processors, the working memory of the host that is physically available or the instance number. These parameters can also be set when customer changes are made. You can display the parameters and their values in the Config Tool by selecting an instance in the Config Tool and then choosing the Instance Profile tab page.
Some of these parameters can be set by setting profile parameters in the default profile or in the instance profile of the system. The term Instance Profile is used in two ways.
On the other hand, the term Instance Profile refers to the collection of the dynamic configuration parameters of the AS Java. The dynamic parameters of the Instance Profile of the AS Java are named differently from the related profile parameters that are used in the profile files default profile, instance profile of the system. The settings that can be configured on the different levels can be divided into the following areas: Basic Configuration of AS Java with the Config Tool The runtime filters are used to determine which applications and services are started when the system is started.
The configuration of the applications is usually carried out using a special UI of the application, in some cases online in the NWA. Some services, for example the User Management Engine, provide an individual UI for online configuration. Some of these settings options are described in more detail below, starting with the VM parameters. The configuration of the VM parameters will then be discussed. Memory Allocation Terms The memory area of a Java Virtual Machine JVM or VM is mainly divided into three areas, which are called the young generation, the tenured generation, and the permanent generation.
We will first consider the commonalities, however. This occupancy of this space is administered internally by the VM. Once the initial space has been used, the VM allocates further operating system memory space in stages up to a maximum amount.
The VM automatically takes care of the allocation of memory space for Java applications. The memory space is implicitly assigned when an object is created. Even if a large amount of memory is required, this does not mean that the system is at risk. The VM determines which objects are no longer used and releases the memory areas which they currently occupy.
Its job is to prevent the occurrence of situations in which there is a danger of memory bottlenecks. The memory space that is available is called the available memory or allocated memory. The space that is not yet reserved is called virtual memory. If less space is required, the memory is returned to the operating system, also in stages. The reserved memory space available memory is potentially available to the VM.
However, it does not have to be used in full. The memory space that is actually used by Java applications is referred to as used memory. The objects that have been newly created by the applications are stored in the young generation.
Objects that have been required for a longer period of time by an application are automatically moved to the tenured generation. Objects that are permanently required by the VM, such as classes and methods, are stored in the permanent generation. This process is known as garbage collection. PermSize and -XX: You can maintain the VM parameters at template level or individually for each instance.
The values then apply either to all server processes of the entire system template level or to all server processes of the respective instance. Choose View and select the option Expert Mode. You should only activate Expert Mode if it is absolutely necessary. As a result, the UI of the Config Tool becomes more confusing. The normal mode is sufficient for most activities. You must now decide which combination of VM and operating system or processor architecture your changes are valid for; for example Vendor sap and Platform ntamd Then choose one of the tab pages Memory, System, or Additional, depending on which type of VM parameter you want to maintain.
You cannot create new parameters on the Memory tab page; you can only change or deactivate existing ones. You can enter parameters of the type -D However, leave out the -D here. Maintaining the VM Parameters: Template Level If you want to add a new parameter that is not yet in the parameter list, choose New in the lower area of the window on the right. The new parameter is added in the area Custom Parameters.
Enter the new value for the parameter in the input field Custom value and choose Set. The changed value is in turn displayed in the list of the Custom Parameters. To return to the default value, select the custom parameter and choose Remove. You can also deactivate existing parameters.
In this way, you can test the effects of the change on the system but retain the entry with the set value. To do this, select the parameter and choose Disable. If it is a template default value, the Config Tool enters the value if requested as a custom parameter, which is then deactivated checkmark in column Enabled is missing. You can use Enable to reactivate a deactivated parameter.
The settings at instance level override those at template level. Select an entry of the type instance - ID host name from the window of the Config Tool on the left.
Then choose the tab page VM Parameter from the window on the right. The parameters are maintained in the same way as at template level. You are advised to deactivate Expert Mode when maintaining the VM parameters. This way you can ensure that you are maintaining the parameters for the VM that is currently being used.
If you have already saved the changes, the old settings cannot be restored.
Instance-specific The parameter in the Memory tab page does not have its technical name. The following names are used in the Config Tool. This file is located in the work directory of the instance.
The set parameters are listed under this line. Configuration of Managers and Services The properties of managers and services can also be maintained at instance level or at template level. Parameter Maintenance of Managers and Services: Template Level Expand the tree structure under the entry template - in the left screen area until you are taken to the required manager or service. Select this entry to display the parameters. To change parameters, select a parameter, enter the required value in the input field Custom value and choose Set.
You can use Restore to Default to delete the Custom value for the selected parameter and the template default value will be valid again. Save your changes. The changes will be active once the system is restarted if no instance-specific entries exist for the changed parameters. The Config Tool does not indicate, if you maintain values at template level, that instance-specific values already exist, which override the template values.
Instance-specific For instance-specific maintenance, expand the tree structure below an entry of the type instance - ID host name.
Select the required manager or service entry to display the parameters. You can use Restore to Template to delete the Custom value for the selected parameter and the template value will be valid again.
When the instance in question is started, the changes for this instance will be active. Configuration of Runtime Filters In the Config Tool, you can use filter rules to determine which managers, services and applications are started or remain stopped during the system start. The template activated during the installation already provides a useful initial status that has low impact on resources, which can be adjusted customer-specifically. Select the entry template - to set system-wide filters. To set instance-specific filters, select the corresponding entry of the type instance ID host name.
Then choose the Filters tab page. Then choose Add to add the new filter rule. The changes take effect after you save your changes and restart the system.
Configuration of the Number of Server Processes The number of server processes can be calculated dynamically just like the VM parameters. The delivered template values can be overridden by the customer. Number of Server Processes Depending on whether you set the number at template level or instance level, all instances have the same or different number of server processes. Fixed values may also be entered instead of the dynamic formula. The corresponding number of server processes starts after you save your changes and restart the system.
The system does not start if you enter a formula incorrectly or if a value is calculated or entered that is not a whole number. You should therefore check at instance level whether a whole number appears as a result after the input field. Changes can be exported from the database in this way and later reimported to restore earlier settings without having to also implement a database backup without having to carry out a restore.
You can access maintenance at Custom Global level only using this Editor; for example, this may be necessary for specific parameters of the User Management Engine. Configuration with the Config Tool Exercise Objectives After completing this exercise, you will be able to: Stop your system.
Add the VM paramerter -Dcom. Start your system. Result The changed values are now used by the respective VM. Thread Manager Change the properties of the Thread Manager. Basic Configuration ADM 3. Change the parameter InitialThreadCount of the Thread Manager for an instance of your system to the value Result You have maintained different values for the instances of your system for the parameter InitialThreadCount.
Filter Rules Define your own filter rule at template level.
Number of Server Processes Change the number of server processes. Set the number of server processes to 3 at template level. Set the number of server processes for the Primary Application Server to 2. Result You have configured the number of server processes instance-specifically and for the whole system via the template custom settings. You can see, that the instance specific settings have a higher priority than the template custom settings. Configuration with the Config Tool Task 1: Choose Yes to confirm the dialog box.
Choose the tab page VM Parameters. Leave the other fields empty and choose OK to confirm. If required the instructor can give you the correct instance ID. Note that the leading zeros are omitted.
Basic Configuration 4. ADM Start your system. Select the tab page Filters. Choose the value Application under Component. Choose the Servers tab page. In addition, you must make adjustments during further operative business activities. A good knowledge of the tools and relationships is required to execute the activities. The NWA displays the value that is currently valid in the process. System Properties in the SAP NetWeaver Administrator Choose the active template or the required instance and then the appropriate tab pages, for example Kernel, if you want to view the properties of the manager.
Then select the required entry. In the list of the object properties, for example of a service, the column Modifiable shows whether the value can be changed online with the NWA. The pushbutton Show Details displays further detailed information about the selected property.
The current value is also shown for example if the property is calculated using a formula. Some of these options are discussed in other units of this course. Depending on the installed product, the NWA also provides further product-specific functions along with the basic functions. What value does this parameter have? Check the value of the maxHeapSize for all instances. Log on with your user and password.
Which value is this parameter set to? Note that there are default and customer values. The field Formatted Value contains the technical name of the parameter and the calculated value. Configuration Wizard The Configuration Wizard is integrated in the NWA and provides different configuration tasks depending on the installed product and the Support Package level.
The Configuration Wizard reduces in particular the effort required initially for the configuration for certain applications directly after the installation of the system. The installation guide or the documentation of the application usually refers to the tasks to be executed in the Configuration Wizard. Further Configuration Activities Figure Configuration Wizard You first select one of the executed tasks. Choose Start to start the configuration task.
Here the user is required to make entries in several steps depending on the task. The Configuration Wizard logs the execution of tasks. You can execute tasks again that have already been executed using Re-execute. If you have already made settings in the system, they are overwritten by executing a corresponding task in the Configuration Wizard. You should therefore use the Configuration Wizard only for the initial configuration of an application or a function and not during running operation.
There is no special tool for maintaining these files in the AS Java. You can use a simple text editor for this purpose. In this way, for example, some properties of the message server and of the enqueue server are maintained using profile parameters. We will first consider the interaction with the message server. Message Server When the Central Services are started, the system reads the profile parameters for the message server. Usually, port 39 is chosen.
The instance number is also usually used for the last two digits in this case. The developer trace also contains the hardware key which is required for requesting a license and the host on which the message server is running.
Select Message Server Parameters under Show. Further Configuration Activities Alternatively, you can use the Config Tool to display the current parameters. Select an entry instance - ID These parameters are used by the ClusterManager properties ms. Message Server: Ports are, of course, changed in the instance profile of the Central Services instance. In the example from the figure, internal communication port and HTTP port have been set, and the new host is called twdfxxxx.
Just in case, you should check whether these parameters are also set in the instance profiles. The values there would override the values from the default profile. After you have maintained all of the parameters, you can start all instances.
Enqueue Server Now that you have seen the settings for the message server, we will consider the enqueue server. The figure shows the profile parameters that are relevant for the enqueue server in the instance profile of the Central Services instance.
However, these are not maximum values, and it may be necessary to further increase the values. Select the active template, choose the tab page Kernel and select the entry LockingManager. The relevant parameters are enqu. Choose Show Details to display the concrete values. Alternatively, you can use the Config Tool to display the current parameters. Enqueue Server: In the example from the figure, port has been set, and the new host is called twdfxxxx. Further Configuration Activities Exercise 7: Further Configuration Activities Exercise Objectives After completing this exercise, you will be able to: Adjustments to the Central Services Adjust the parameters of the enqueue server.
Stop the system including the Central Services Instance. Change the profile parameters of the enqueue server according to the table below. Further Configuration Activities Task: Stop your system completely.
The instance profile of the Central Services instance is located in the directory: Only change the parameters that have been specified. True You can maintain parameters such as Xms with the Config Tool. Xms is a Java VM parameter. The first lesson should give an overview of different aspects of network security, whereas the second lesson concentrates on the theoretical background and concrete configuration activities with regard to the Secure Socket Layer SSL.
Network Security Setting Up SSL Setting up SSL Business processes in this system landscape are distributed across several systems and access takes place using Intranet and Internet.
Safeguarding the landscape against unauthorized accesses is essential. This lesson gives an overview of the types of communication used in an SAP system landscape and how they can be safeguarded.
This communication contains users' access data passwords for example and sensitive business data. If unauthorized users have access to this data, this may have serious consequences for the company in question. Network Security Security of the Communication Layer Different technologies are available to safeguard communication depending on the communication protocol used.
Communication Protocols as of the AS Java 7. HTTP communication is also possible here. Furthermore, the protocol P4 is used in some scenarios. The following table provides an overview of the security of the different communication protocols. SSL can be used for authentication, integrity and encryption.
P4 supports HTTP tunneling. Communication can be secured depending on the driver that is used. Telnet Not available Communication via Telnet is not encrypted. Therefore, Telnet access to the AS Java has been restricted to host Session Not available Session is a communication protocol that is used only between ICM and server process.
Since this communication is not used outside an instance, encryption is not required. The table below contains some important ports for AS Java. The Web service technology is a technical foundation for SOA. A Web service WS is a modular function that can be published, localized and called via a network. A Web service provides functions that are based on the technological communication layer.
The following figure gives a rough overview of the communication. Network Security Figure Web services can communicate using any number of connections and intermediary stations. A connection-based security of communication, such as via SSL, is therefore insufficient or inadequate. The following table gives an overview of the security mechanisms for Web services.
SAP recommends that you use separated network zones and demilitarized zones DMZ , as shown in the following figure. Also in the case of Web applications, such as a portal for example, only a controlled access should be allowed by a firewall for users.
In practice, an Application Gateway is implemented, for example, by a reverse proxy, a load balancer or similar products. Setting Up SSL Lesson Overview This lesson gives you a brief introduction to cryptography and its adoption in the communication between different communication partners. In the second part you will learn how to set up a secure http-communication SSL.
Since sensitive data is transferred between the SAP system and the client a Web browser for example , a secure connection should be established.
Introducing Cryptography Cryptography is the science of encrypting information. Why is this a very important topic in today's IT world? Everyone connected to a specific network is able, with more or less effort and knowledge, to listen to the packages and its content transferred with the IP protocol in that network. This vulnerable protocol makes it necessary to encrypt the transferred data itself. Eavesdropping In the above example, Alice 1 initiates a communication with Bob and requests some data about customers from him.
Bob gathers the requested data and responds to Alice's request 2. The entire exchange is eavesdropped by Mallory. He now knows about the information that was discussed 3. The solution for securing this communication is the encryption of the transferred data; this involves making the conversation impossible for the attacker to understand but making it understandable to the participants involved in the conversation only. Encryption Encryption Methods Encryption itself is based on mathematical operations.
A key therefore has to be exchanged between the communication partners in order to have a computable basis for encrypting and decrypting information.
There are three different methods for exchanging these keys. Encryption Methods Symmetric Key Encryption is the classical cryptography method for encrypting and decrypting messages. The sender uses this key to encrypt the message. The receiver also uses this key to decrypt the message. Symmetrical Encryption The shared secret is called a secret key. It consists of a value of a certain length, bits for example.
These encryption algorithms are in widespread use and are employed in most Web browsers and Web servers. Typical Symmetric Key Encryption Algorithms include: Asymmetric Key Encryption uses a key pair that consists of a private and a public key.
These keys belong to each other. A message that is encrypted with the public key can only be decrypted with the matching private key. The public key can be made public. The private key must be kept secret. Only the recipient can then decrypt the message using his or her private key. Typical public key encryption algorithms are: Encryption is only possible in one direction with a single key pair.
Alice can encrypt a message to send to Bob, but not vice versa. If Alice also has a key pair, then Bob can send her an encrypted message.
However, there is an easier way. Hybrid Encryption Process is the combination of both above explained encryption processes. The Hybrid Encryption Process make use of the advantages of both process types. For the better understanding we describe this process in the following example.
Hybrid Encryption Process: Only the server can decrypt the received Secret Key cause its holding the Private Key which is necessary for the decrypting. The communication partners perform a "Handshake"; they shake hands. Further communication between the client and the server is encrypted using the Secret Key Authentication and Digital Signatures In the first part of this lesson we described a possible attack to the transport protocol and what can be done to secure this communication.
But what happens if Mallory interferes with the communication and pretends to be Bob? The question here is now, how can we make sure that Alice is really communicating with Bob and therefore the public key she received is really Bob's public key? Masquerading The problem is also covered by cryptography and is called Authentication.
Authentication normally takes place using the user ID and password. But with cryptographic mechanisms it is possible to authenticate communication partners, in means of verifying that the communication partner is the one she or he pretends to be. Basis for the authentication of communication partners are Digital Certificates. Authentication Understanding Digital Certificates and Digital Signatures The digital certificate is the individual's "digital identity card" on the Internet.
Compared to the "real world", digital certificates can be compared to a passport which contains information about owner, issuer, serial number, and validity period. The format of the certificate is specified by the X. Digital Certificates X. This one must be kept on a safe place. The certificate is issued to a person or server by an authorized entity called a Certification Authority CA.
The CA ensures by digitally signing the certificate that the public key, which matches to a private key, belongs to a specific person or server. Thus, the CA ensures that the certificate cannot be "faked". The complete infrastructure that manages the issue and verification of certificates is called the Public Key Infrastructure PKI. Certificate Enrollment The certification of digital certificates is performed, for example, as follows: SAP's process for applying for a digitally signed certificate is as follows: Check the details entered before, print it out and sign it Fax the signed contract back to SAP SAP checks your data and has TC TrustCenter issue a certificate The server is now sending the digitally signed certificate, which includes the public key, to the communication partner.
This kind of authentication is called Server Authentication. But how can the communication partner ensure, that the digitally signed certificate is signed from a trusted CA?
The communication partner has to have a trust relationship to the CA which issued the certificate. Technically this can be achieved by importing a digital certificate of the institution CA issued the certificate for the server.
This is the so-called root certificate. The most common root certificates are pre-installed in most Web browsers. These technologies are also the fundamental of securing the HTTP communication. Secure Socket Layer SSL is a transparent protocol enhancing other protocols having no security functionalities. SSL uses a Hybrid Encryption method and provides besides data encryption the following authentication mechanisms: Server authentication 1.
The client-side server's identity is verified by checking the validity of the certificate. This is done with the CA root certificate. Cryptographic software is needed to support the different mathematical algorithms. As of Release 7. Cryptographic software was subject to export and import restrictions. In AS Java systems 7. Read up on the conditions in your country. The servers that are supported for use with AS Java are: SSL with an Intermediary Server Depending on the intermediary server used, options exist to use either an end-to-end SSL connection or to terminate the connection on the intermediary server and establish a new connection to the backend system terminated SSL.
See the figure below. Mutual Authentication Beside the server authentication mechanism and the data encryption described in the above sections, SSL can also be used for mutual authentication. In case of Mutual Authentication both, the user and the server acknowledge their authenticity by providing a digitally signed certificate to the other communication partner. The important fact is, Alice also authenticate herself to the server. Mutual Authentication Server authentication is performed using the same process as described within the SSL scenario.
Alice obtains a certificate, as shown in the figure: When communicating with the server, both parties are authenticated and the data communication is encrypted.
Log on at operating system level of your SAP system and check, that the files sapcrypto. Check, that the file ticket exits in all of the following directories: