CONSTRUCTION SPECIFICATION FOR GENERAL ELECTRICAL INSTALLATIONFull description
fiber
Description complète
Installation Qualification
Description complète
WRF on Linux
Electrical PracticesDescripción completa
nokia fsebFull description
gas turbine construction
Guide to install Mentum planet
Descripción: Installation Wellflo
vccvcFull description
Descripción completa
nokia fsebDescripción completa
Opennebula ubuntu setupDeskripsi lengkap
Full description
fyiFull description
Installation electriqueDescription complète
Nokia Flexi Multiradio Installation
SAProuter Installation
SAProuter Installation on UNIX
1. Create Create the subdirec subdirectory tory SAProut SAProuter er in the the directory directory /usr/ /usr/sap/. sap/. 2. Download Download the the latest latest version version from from service.sap. service.sap.com. com. 3. Copy prorams prorams !saprouter !saprouter!! and !nipin! !nipin! into the directory directory /usr/sap/saprouter. ". Add the foll followi owin n line liness to the file file /users/#S$D%adm/startsap&#hostname%&#instance /users/#S$D%adm/startsap&#hostname%&#instance number% before the lines !'Start (S)Collector daemon!. ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) ' ' Start saprouter ' S*D$*+/usr/sap/saprouter if , )f -S*D$*/saprouter then echo 0nStartin 0nStartin saprouter Daemon 0 tee )a )a -(4$5 echo 0 0 tee )a -(4$5 -S*D$*/saprouter )r )6 37777 )* -S*D$*/saprouttab tee )a -(4$5 8 fi ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) 9his entry automatically starts starts the SAProuter durin the system start and it ensures that the SAProuter is is always started. Since Since the SAProuter should continue to run after */3 is is shut down no respective entry is included included in the Stopsap Script. $f you you boot the */3 several times: the system displays displays error messaes when the SAProuter is started. ;ou ;ou can inore these error messaes. 9he entry of the SAProuter in the the Startup Script is a recommendation. <. =owever: =owever: you can also start start the SAProuter SAProuter manually manually usin saprouter saprouter )r 9he correspondin routin table must be maintained in /usr/sap/saprouter/saprouttab. $f you do not want an authori>ation authori>ation chec? use the line !P @ @ @!.
Opening/Closing a Service Connection
$n order to access SAPs remote services such as 5arly6atch or *emote Consultin: or to allow a customer support consultant to have access to your system: you need to open a service connection. 9o open and close a service connection: follow these stepsB 1. 2. 3. ". <.
5stablish a remote connection et to the Service Connection: Select System screen. Define your installations (pen a service connection Close the service connection.
9he followin sections eplain the above steps in more detail ettin to the Service Connection: Select System Screen 9o et to the Service Connection: Select System screen: follow these stepsB 1. $f you are not already there: o to the Inbox: screen. See Getting Started .E 2. $n the first row of buttons: select SAPNet . 3. $n the SAPNet roup: select Service. 9he roup directly below SAP Net becomes Service. ". $n the centermost Service roup: select Service connection. 9he Service Connection: Select System screen appears. Defining Your Installations
(nce in the Service Connection: Select System screen: follow these steps to define your installationsB 1. Double clic? on the installation that you would li?e to define. 2. Select System data. Fa?e sure that all the information are correct: if not 3. 5nter the appropriate information in the screen: usin the table below as needed.
Field
Wat !ou enter
Installation
5nter the */3 installation number.
Database ID
5nter the three character alphanumeric code that represents the database.
Database system
5nter the name of the database you are usin for this installation.
Database release
5nter the number representin the release version of the database software.
SAP release
5nter the number representin the release version of */3 this installation uses.
State o !"# System 5nter the code representin productive: test: or development system. SAProuter
5nter the $P address for this system!s SAProuter.
SAProuter instance 5nter the number representin the instance of your SAProuter. 1. Save. 9he Service Connection: System $aintenance screen appears. 2. Gnder Service selection: double)clic? on the service that you want to define. ets ta?e */3 as eample 1. 9he Select Service screen appears. 2. Gse the arrows at the riht ends of the fields to select the appropriate contact personnel. 3. Save. ". *epeat steps five throuh seven for all the services that you miht want to use on this installation. <. 9o open a service connection: follow the steps in the net section.
Opening a Service Connection
(nce your installations are defined and you want to benefit from a specific service that reHuires an open service connection: follow these steps to open a service connectionB 1. et to the Service Connection: Select System screen see Getting to t%e Service Connection: Select System ScreenE. 2. Double)clic? on the system for which you would li?e to open a service connection or clic? once on the system and select Select systemE. 9he Service Connection: System $aintenance screen appears. 3. Gnder Connections: clic? once on the service for which you would li?e to open a service connection.
". Select Create"&'en. 9he Connection Inormation ( Create screen appears. <. NO"# (nly services that you previously defined appear here see Deining Your InstallationsE. I. $n the closing in: Days and : and %ours fields: enter the amount of time for which you want to leave the service connection open. ;ou can leave the system open for up to J days and 2" hours. K. $n the Contact 'erson field: enter a person at your company who could assist SAP in the case that SAP has difficulty connectin to your system. L. $n the P%one: or : and )ax fields: enter the appropriate information for the contact person you listed. J. Save. 9he service connection is now open.
Closing a Service Connection
9o close a service connection: follow these stepsB 1. et to the Service Connection: Select System screen see Getting to t%e Service Connection: Select System ScreenE. 2. Double)clic? on the system for which you would li?e to close the service connection or clic? once on the system and select Select systemE. 9he Service Connection: System $aintenance screen appears. 3. Gnder Connections: clic? once on the service for which you would li?e to close the service connection. ". Select Close. 9he Conirmation Prom't screen appears. <. Select Yes. 9he connection is closed.
SAProuter Installation on Windo$s XP
(n GM$N: SAProuter is installed as a daemon. (n 6indows it is installed as a service. 6indows NP allows you to run prorams as service. 9his document will help you install SAProuter on windows NP. Do$nload SAProuter%
;ou will find the latest SAProuter in the SAP Service Far?etplace under Download SAP Software here $n the hierarchy choose O Fy Company!s Application Components %% SAP*(G95* %%SAP*(G95* K.77 %%6indows server on $A 32 bit.
Download the file saprouter.. ;ou miht also need SAPCA*: which can be downloaded from here for 6indows to unpac? these files. Installation%
Create a directory usrsapsaprouter: and unpac? all the files in this directory. $ unpac?ed it in dBusrsapsaprouter Create the saprouttab file in dBusrsapsaprouter. Fore detail about saprouttab Define the service with the followin commandB ntscmr install SAProuter )b dBusrsapsaproutersaprouter.ee )p service )r )* saprouttab MoteB ntscmr can be downloaded from SAP note I1L7<3. Define the eneral attributes of the serviceB $n Control Panel O Services: set the startup type to automaticQ and enter a user. SAProuter should not run under the SystemAccount. 9o avoid the error messae 9he description for 5vent $D 7EQ in the 6indows M9 event lo: you must enter the followin in the reistryB Gnder =R5;&(CA&FAC=$M5 O S;S95F O CurrentControlSet O Services O 5ventlo O Application: create the ?ey saprouter and define the followin values under itB 5ventFessae4ile *5&SEB dBusrsapsaproutersaprouter.ee 9ypesSupported *5&D6(*DEB 7K Note: 9hese adTustments are not obliatory for runnin SAProuter. 9hey are only used for providin detailed error messaes in the event lo.
OSS Configuring &PN Introduction
SAP has embar?ed on a proTect to enable its customers to establish secure connections to SAP over the $nternet for support purposes. Currently: SAP offers two alternative ways to connect to the Support Metwor? over the $nternetB •
SAProuter with Secure Metwor? Communications SMCE over the $nternet
•
$nternet Uirtual Private Metwor? UPME
Overvie$ of "ecnical Setup
SAP has implemented a functional subset of the *emote Customer Support Metwor? services in an $nternet DF demilitari>ed >oneE in SAP A: 6alldorf. 6ith this infrastructure in place: the suite of *emote Customer Support Metwor? service offerins is accessible over the $nternet.
SAProuter/SNC via Internet •
•
•
Internet &PN
SMC secured SAProuter V SAProuter connections are established between SAP and the customers SAProuter to provide data confidentiality and interity services. 9hese SMC connections complement the leased lines in the current SAPMet */3 4rontend environment. State)of)the)art encryption: authentication: and access control technoloy will be employed. Mo additional hardware compared to a leased)line setup is reHuired at either end of the connection. See diaram belowE. Customers are reHuired to install a SAProuter with an official: static $P address D=CP Addresses will not wor?E runnin SMC inbound and outbound connection to SAP at their end of the connection in a Demilitari>ed one. 9his SAProuter must be accessible from the $nternet. All service connections between SAP and the customer must be made over the respective SAProuters. Certificates needed are available on the SAP Service Far?etplace.
•
•
•
•
AM)to)AM $PSec UPMs are established between SAP and the customers networ? to provide data confidentiality and interity services. 9hese UPMs complement the leased lines in the current *emote Customer Support Metwor? environment. State)of) the)art encryption: authentication: and access control technoloy will be employed. UPM eHuipment is reHuired at both ends of the connection. 9he UPM switch at customers side must be reachable from the $nternet. See diaram belowE. Wesides the UPM eHuipment also called UPM switch or UPM atewayE: customers are also reHuired to install a SAProuter with an official $P address at their end of the connection. All service connections between SAP and the customer must be made over the respective SAProuters. 4or the pilot proTect: access control and authentication at the UPM ateways will be reulated usin static ?eys. SAP will enerate these ?eys and provide them to the customer. $n future: certificate)based authentication is li?ely to be utili>ed. UPM access can also be achieved throuh a telecommuncations provider. 9he provider will then be connected to SAPs UPM switch: and the provider can offer connections to customers over the $nternet. SAP will ma?e a list of UPM) enabled providers. 9his option is not
covered in this document. 4or more information: contact SAP.
Diagra's and Infrastructure
4iure 1 ) SAProuter with SMC over $nternet
4iure 2 ) $nternet UPM Co'parison of te "$o Options
Propert!
SAProuter / SNC via Internet
Internet &PN
=ardware reHuirements
4irewall X SAProuter host in DF
UPM switch X firewall X SAProuter host UPM and firewall may be the same boE
Software
SAProuter startin from M$ version 3< M.A. SAPS5CG$W can be obtained from the Service Far?etplace
Metwor? 1 official static $P address for addresses SAProuter besides address of $nternet router: firewall: YE
1 official static $P address for UPM switch X 1 official static $P address for SAProuter host
Confiuration issues
Careful setup of routin confiuration in UPM switch necessary for security. Saprouttab influences security less stronly as access is controlled via UPM switch: SAProuter software and
Careful setup of saprouttab necessary for security. Saprouttab influences security stronly as access is controlled via saprouttab and firewall.
firewall 5ncryption
Wy software
5ncrypted data
9CP pac?ets $Psec $P pac?etsE (nly the data stream between 5ncryption is handled on $P layer SAProuters is encrypted (S$ networ? layer 3E 5ncryption is handled on Application layer (S$ networ? layer KE
Finimum reHuired free bandwidth
I" ?bit/s but may wor? also with 32 ?bit/s
Supported All ecept 49P files downloadE services on SAP side
Wy hardware
I" ?bit/s
All includin 49P files downloadE
Rey manaementDiital certificates bein reHuested via Pre)shared ?eys provided by SAP: Service Far?etplace Public Rey later Public Rey $nfrastructure PR$E $nfrastructure PR$E Rey storae
$n file system
(peratin systemSAProuter resides on a computer therefore it is necessary to harden the security at the operatin system level for eample: C2 level (SE to minimi>e the ris? of the machine bein hac?ed from the $nternet
Additional epertise
$n UPM switch UPM switch has a very small and limited operatin system: thus no additional security hardenin is reHuired. 9he SAProuter machine is not reachable from the $nternet: thus the ris? of hac?in is much less. =owever: security hardenin measures at the SAProuter operatin system level are also recommended
SAProuter ?nowlede usually UPM hardware reHuires special available: SMC confiuration reHuires ?nowlede: hiher technical epertise additional ?nowlede
Standards
Wased on SMC: SAP proprietary standard 4irewall hardware and Contributin to software costs •
Wased on $PSec: well established industry standard 4irewall hardware and software •
•
•
4irewall administration costs Mo additional license fee for security library based on S5CGD5
•
•
4irewall administration costs Costs for UPM hardware and setup
W! &PN over SNC
$n this proTect $nternet UPM was selected over SMC for the followin reason UPM usin $Psec is industry standard and have better encryption 49P is not possible with SMC. (e)uire'ent •
• • • •
•
•
•
$nternet connectionB recommended minimum bandwidth + I" ?bps SAProuter machine (fficial $P address staticE for the SAProuter host. SAProuter installation pac?ae SAP SMC libraries and eecutables. 9hese may be downloaded from the SAP Service Far?etplace. A Demilitari>ed one at the customer site with a minimal setup as described in the networ?in section of the SAP Security uide: Parts 1)3 available in the S ervice Far?etplace atB httpB//service.sap.com/S;S95FFAMA5F5M9 ChooseB Security % 9echnical 9rac? % SAP Security uide. Fore information on SMC connections is also available in the SAP Service Far?etplace. Since the host runnin the SAProuter software is a full computer with operatin system: the security at the operatin system level must be hardened in order to minimise the ris? of the machine bein hac?ed from the $nternet. (ne recommendation will be for eample to run a C2 security level compliant operatin system. SAP ta?es no liability if the security of the companys networ? is compromised. (ther networ?in eHuipment routers and hubsE needed to form the networ? at the customers premises see 4iure 1E.
Adding OSS to SAP logon •
Create a file saproute.ini under ZwinntZ directory and add
,*outer sapserv1+/=/.../=/yy.yy.yy.yy/=/ *%ere xx+xx+xx+xx is SAP router at customer site
yy+yy+yy+yy is SAP router at SAP Note: ,%is ino can be ound by using "n&SS•
Create sapms.ini under ZwinntZ directory and add
,Fessae Server (71+oss771.wdf.sap)a.de •
## Add this line%%
(pen SAP loon
Clic? roups System $D (71 Fessae server oss771.wdf.sap)a.de SAP *outer for sapserv1
