ADM800 EN Col81 FV Part A4

ADM800 AS Java 7.3 – Administration SAP NetWeaver Date Training Center Instructors Education Website Participant Handbook Course Version: 81 Course Duration: 5 Day(s) Material Number: 50105165 An SAP course - use it to learn, reference it for work Copyright Copyright © 2011 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Trademarks • Microsoft®, WINDOWS®, NT®, EXCEL®, Word®, PowerPoint® and SQL Server® are registered trademarks of Microsoft Corporation. • IBM®, DB2®, OS/2®, DB2/6000®, Parallel Sysplex®, MVS/ESA®, RS/6000®, AIX®, S/390®, AS/400®, OS/390®, and OS/400® are registered trademarks of IBM Corporation. • ORACLE® is a registered trademark of ORACLE Corporation. • INFORMIX®-OnLine for SAP and INFORMIX® Dynamic ServerTM are registered trademarks of Informix Software Incorporated. • UNIX®, X/Open®, OSF/1®, and Motif® are registered trademarks of the Open Group. • Citrix®, the Citrix logo, ICA®, Program Neighborhood®, MetaFrame®, WinFrame®, VideoFrame®, MultiWin® and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc. • HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. • JAVA® is a registered trademark of Sun Microsystems, Inc. • JAVASCRIPT® is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. • SAP, SAP Logo, R/2, RIVA, R/3, SAP ArchiveLink, SAP Business Workflow, WebFlow, SAP EarlyWatch, BAPI, SAPPHIRE, Management Cockpit, mySAP.com Logo and mySAP.com are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other products mentioned are trademarks or registered trademarks of their respective companies. Disclaimer THESE MATERIALS ARE PROVIDED BY SAP ON AN "AS IS" BASIS, AND SAP EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS OR APPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THESE MATERIALS AND THE SERVICE, INFORMATION, TEXT, GRAPHICS, LINKS, OR ANY OTHER MATERIALS AND PRODUCTS CONTAINED HEREIN. IN NO EVENT SHALL SAP BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES OF ANY KIND WHATSOEVER, INCLUDING WITHOUT LIMITATION LOST REVENUES OR LOST PROFITS, WHICH MAY RESULT FROM THE USE OF THESE MATERIALS OR INCLUDED SOFTWARE COMPONENTS. g2012095420 About This Handbook This handbook is intended to complement the instructor-led presentation of this course, and serve as a source of reference. It is not suitable for self-study. Typographic Conventions American English is the standard used in this handbook. The following typographic conventions are also used. Type Style Description Example text Words or characters that appear on the screen. These include field names, screen titles, pushbuttons as well as menu names, paths, and options. Also used for cross-references to other documentation both internal and external. 2011 Example text Emphasized words or phrases in body text, titles of graphics, and tables EXAMPLE TEXT Names of elements in the system. These include report names, program names, transaction codes, table names, and individual key words of a programming language, when surrounded by body text, for example SELECT and INCLUDE. Example text Screen output. This includes file and directory names and their paths, messages, names of variables and parameters, and passages of the source text of a program. Example text Exact user entry. These are words and characters that you enter in the system exactly as they appear in the documentation. <Example text> Variable user entry. Pointed brackets indicate that you replace these words and characters with appropriate entries. © 2011 SAP AG. All rights reserved. iii About This Handbook ADM800 Icons in Body Text The following icons are used in this handbook. Icon Meaning For more information, tips, or background Note or further explanation of previous point Exception or caution Procedures Indicates that the item is displayed in the instructor's presentation. iv © 2011 SAP AG. All rights reserved. 2011 Contents Course Overview ......................................................... vii Course Goals ...........................................................vii Course Objectives .................................................... viii Unit 1: Fundamentals ..................................................... 1 Fundamental Concepts of Java .......................................2 Architecture of the SAP NetWeaver Application Server ......... 15 Java Cluster Architecture ............................................ 22 The Internal Structure of SAP NetWeaver AS Java .............. 27 Load Balancing in the SAP NetWeaver AS Java Environment . 34 Unit 2: Starting and Stopping ......................................... 47 Overview of the Process for Starting and Stopping an SAP NetWeaver AS Java .............................................. 49 Tools for Starting and Stopping ..................................... 57 Java Startup and Control Framework .............................. 73 Logs of the Start and Stop Processes of SAP NetWeaver AS Java ................................................................. 82 Unit 3: Basic Configuration............................................ 91 Overview of the Administration Tools............................... 92 Basic Configuration of AS Java with the Config Tool............109 Configuring AS Java with SAP NetWeaver Administrator ......132 Further Configuration Activities ....................................138 Unit 4: Secure Infrastructure ......................................... 151 Network Security .....................................................152 Setting Up SSL .......................................................160 Unit 5: User and Authorization Administration .................. 185 Structure and Configuration of the User Management Engine (UME) ..............................................................187 User and Group Administration .................................... 211 The Java Authorization Concept ...................................224 Special Principles ....................................................235 Logon Procedure of the AS Java ..................................246 Unit 6: Java Connector and Destinations ......................... 267 Connections to other Systems .....................................268 2011 © 2011 SAP AG. All rights reserved. v Contents ADM800 Appendix: Connections to other Systems with the Java Connector Architecture .......................................................282 Unit 7: Change Management and Software Logistics .......... 295 Overview of the Standard Java EE Development Process.....297 Introduction to SAP NetWeaver Development Infrastructure (NWDI) ............................................................309 Preparing for the Development of Java Applications............336 Developing Java Objects in SAP NetWeaver Developer Studio ..............................................................366 Transporting Java Developments..................................386 Unit 8: Monitoring....................................................... 413 Monitoring SAP NetWeaver AS Java .............................414 Connecting to a Central Monitoring System......................425 Availability Monitoring ...............................................443 Log Viewer and Log Configuration ................................456 Introduction to Monitoring Using SAP Solution Manager .......477 Unit 9: Software Maintenance........................................ 491 Preparation for Software Maintenance............................492 Importing Corrections................................................509 Backing Up AS Java.................................................530 Glossary................................................................... 539 Index ....................................................................... 541 vi © 2011 SAP AG. All rights reserved. 2011 Course Overview This course provides an overview of the various tasks of the system administration for systems that are based on SAP NetWeaver AS Java 7.3. This course provides a solid foundation for the training of system administrators of SAP NetWeaver AS Java 7.3. This course deals with the basic activities that affect SAP NetWeaver AS Java 7.3. However, no application-specific or product-specific activities are taught. Target Audience This course is intended for the following audiences: • Administrators and consultants for SAP systems that are based on SAP NetWeaver AS Java 7.3, for example SAP NetWeaver Portal 7.3 and SAP NetWeaver PI 7.3 Course Prerequisites Required Knowledge • SAPTEC - Fundamentals of SAP NetWeaver Application Server Recommended Knowledge • 2011 ADM100 - Administration AS ABAP I © 2011 SAP AG. All rights reserved. vii Course Overview ADM800 Course Goals This course will prepare you to: • • • • • • • • • • • • • • • • Explain the architecture of SAP NetWeaver AS Java Start and stop SAP NetWeaver AS Java Carry out basic configurations for SAP NetWeaver AS Java Classify network security concepts Set up SSL encryption for SAP NetWeaver AS Java Explain the architecture of the User Management Engine Configure the User Management Engine Carry out user and authorization maintenance Understand and change the standard logon procedure of SAP NetWeaver AS Java Maintain destinations and the JCo RFC Provider Understand the architecture and the tasks of the SAP NetWeaver Development Infrastructure Explain the process flow of the development process using the SAP NetWeaver Development Infrastructure Specify the options for monitoring SAP NetWeaver AS Java Connect SAP NetWeaver AS Java to a central Monitoring system Display Monitoring and logging data using the SAP NetWeaver Administrator Implement corrections for SAP NetWeaver AS Java Course Objectives After completing this course, you will be able to: • • • • • • • • • • viii Explain the architecture of SAP NetWeaver AS Java Start and stop SAP NetWeaver AS Java Carry out basic configurations for SAP NetWeaver AS Java Classify network security concepts Set up SSL encryption for SAP NetWeaver AS Java Explain the architecture of the User Management Engine Configure the User Management Engine Carry out user and authorization maintenance Understand and change the standard logon procedure of SAP NetWeaver AS Java Maintain destinations and the JCo RFC Provider © 2011 SAP AG. All rights reserved. 2011 ADM800 Course Overview • • • • • • 2011 Understand the architecture and the tasks of the SAP NetWeaver Development Infrastructure Explain the process flow of the development process using the SAP NetWeaver Development Infrastructure Specify the options for monitoring SAP NetWeaver AS Java Connect SAP NetWeaver AS Java to a central Monitoring system Display Monitoring and logging data using the SAP NetWeaver Administrator Implement corrections for SAP NetWeaver AS Java © 2011 SAP AG. All rights reserved. ix Course Overview x ADM800 © 2011 SAP AG. All rights reserved. 2011 Unit 1 Fundamentals Unit Overview SAP NetWeaver Application Server is a scalable and reliable component platform. It provides a complete development infrastructure, to develop, distribute, and execute platform-independent, robust, and scalable Web services and business applications. SAP NetWeaver Application Server supports both ABAP and Java and Web services. To do this, the classic SAP Basis was extended with the Internet Communication Manager (ICM) for SAP Web Application Server 6.10. In the next evolutionary step, SAP Web Application Server was extended with the SAP Web Application Server Java for SAP Web Application Server 6.20. As of Release 6.40, SAP NetWeaver AS ABAP and SAP NetWeaver AS Java is a central component of SAP NetWeaver. This unit describes the technical fundamentals and the architecture of AS Java 7.3x. Unit Objectives After completing this unit, you will be able to: • • • • • • • Use basic Java terminology Explain the architecture of SAP NetWeaver Application Server Explain the term Central Services of SAP NetWeaver AS Java Understand and use concepts such as Java instance, ICM, and server Name the most important managers of the SAP NetWeaver AS Name the most important services of the SAP NetWeaver AS Explain how load balancing can be realized in the SAP system Unit Contents Lesson: Lesson: Lesson: Lesson: Lesson: 2011 Fundamental Concepts of Java .......................................2 Architecture of the SAP NetWeaver Application Server .......... 15 Java Cluster Architecture............................................. 22 The Internal Structure of SAP NetWeaver AS Java .............. 27 Load Balancing in the SAP NetWeaver AS Java Environment.. 34 © 2011 SAP AG. All rights reserved. 1 Unit 1: Fundamentals ADM800 Lesson: Fundamental Concepts of Java Lesson Overview This lesson provides a short overview of the fundamental Java concepts for all participants that have not yet been confronted with Java. The architectural concept and the properties of Java are briefly outlined. Lesson Objectives After completing this lesson, you will be able to: • Use basic Java terminology Business Example As of SAP Web Application Server 6.20, you have the option of using Java as well as the ABAP programming language. You should therefore familiarize yourself with the fundamental concepts of the Java environment. Introduction If you search for the meaning of the word Java in an encyclopedia, you find the following definitions, among other things: • • • • • One of the four main islands of the Indonesian republic in the Indian Ocean. A programming language developed by the company Sun Microsystems. An aromatic type of coffee, particularly used to make espresso. A popular dance of the 1920s. A coarse, loose mesh canvas for embroidery, made of linen or cotton. It would undoubtedly be worthwhile to investigate each of these definitions individually in more detail. In this course, we want to concentrate exclusively on the second definition in this list. The Java programming language was first introduced in 1995 by Sun Microsystems Inc.™. Java is an object-oriented and platform-independent programming language that has spread across many areas. The powerful concept of Java allows the development of a large number of different types of application - from the classic application using applets implemented in Web pages to client/server applications. Java has been designed to be platform independent. This means that the same Java program can be executed on any system for which a Java Runtime Environment (JRE) is available. In particular, Java applications can run on different systems that are based on different hardware. Java can be used to create programs for UNIX, Microsoft Windows, Linux, MacOS, or OS/2, for workstations or servers; 2 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Fundamental Concepts of Java for x86, MIPS, Alpha, or Sparc; for computers, organizers, or cell phones, and for the micro computers built into household and industry devices, such as washing machines, video recorders, cars, and traffic lights. Properties of Java You need to differentiate between two basic types of Java programs: applications and applets. • Applications Java applications are computer programs with the full functional range also provided by other programming languages. Applications can run as local programs on the user's computer or as client/server systems across the Internet or using an Intranet, or as server programs (servlets, CGI programs) on a Web server. • Applets The term applet essentially means "little application". It usually means a Java applet, a small computer program that runs in a Web browser and is written in the Java programming language. Java applets are intended for execution within the Java Runtime Environment of a browser. They are transferred (as is also the case, for example, with embedded images) with the HTML page using the HTTP protocol, and then executed on the client computer. Special security guidelines apply to Java applets; that is, they are not permitted to perform everything on the client that locally-installed programs are permitted to. In this way, for example, they can only create network connections to the host from which they were downloaded. Hint: You need to be careful when using the name “Java”. Not everything that has Java as its linguistic root is actually connected to Java; JavaScript is completely unrelated to Java. JavaScript is a script language that can be embedded in HTML and, with some Web browsers (Netscape, Microsoft Internet Explorer), produces the execution of certain functions and actions within the Web browser. JavaScript was developed with the intention of dynamically organizing static HTML pages. Unlike server-side script languages such as Perl or PHP, JavaScript is executed on the client. In contrast to Java, JavaScript is not an independent programming language, is not independent of the browser version, and does not have the required security mechanisms. Initially, Java is a programming language like any other. Unlike traditional compilers for a programming language, which generate machine code for a specific platform (see the Compiled Programming Languages figure), the Java compiler produces program code for a virtual machine (the Java Virtual Machine). This is known as bytecode. A virtual machine is a model of a processor (which often 2011 © 2011 SAP AG. All rights reserved. 3 Unit 1: Fundamentals ADM800 does not exist as real hardware) and the associated system architecture. It is a computer program that emulates a processor. The effort required to transfer this software to other real CPUs is small in comparison. The virtual machine is therefore viewed as the interface between Java and the actual hardware. It must therefore be developed for each processor architecture and, as such, is the only platform-dependent component of a Java development system (see the figure Concept of the Java Virtual Machine). SAP also uses the concept of a cross-platform virtual machine in the ABAP world. The ABAP programs of the SAP system are also converted into a bytecode, which is interpreted by the ABAP Virtual Machine, the ABAP work process. Figure 1: Compiled Programming Languages Hint: Virtual machines play an important role nowadays, since Microsoft has followed Sun's example of the Java Virtual Machine (Java VM) with its .NET architecture. The concept of the virtual machine was already in use in the late 1960s; Martin Richards' O code for the BCPL programming language is an early example. Better-known examples are the Pascal P code system (UCSD Pascal) from the 1970s, and the virtual machine on which programs in the Smalltalk programming language run. The bytecode generated by the Java compiler is comparable to microprocessor code for a conceived processor , which understands instructions such as arithmetic operations, gotos, and so on. A Java compiler, such as the one from Sun, which is 4 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Fundamental Concepts of Java itself implemented in Java, generates this bytecode. However, so that the program code of the virtual processor can be executed, after the conversion phase, the runtime environment (also known as the runtime interpreter), the Java Virtual Machine, runs the bytecode. In this way, Java is a compiled, but also an interpreted programming language. Figure 2: Concept of the Java Virtual Machine The interpretation causes speed problems, since the identification, decoding, and execution of the commands takes time. Java programs are generally slower than programs that were converted specifically for the target environment (such as C(++) programs). The technology of the Just In Time (JIT) compiler alleviates the problem. A JIT compiler accelerates the execution of the programs by converting the program statements of the virtual machine for the physical machine. There is then a program adjusted for the architecture available in memory, which is executed quickly without interpretation. Even with this technology, the speed is slower than that of C in many cases, but the difference is smaller. A Java Development Kit (JDK) is required to write platform-independent Java programs. The Java Development Kit includes the software required to create and test Java applications and applets, the packages with the Java classes that are part of the basic configuration, and the online documentation. The software includes the Java compiler, the Java Runtime Environment (the Java Virtual Machine) for running applications, the applet viewer for running applets, a Java debugger, and various utilities. The online documentation describes all language elements and all classes of the Application Program Interface API. 2011 © 2011 SAP AG. All rights reserved. 5 Unit 1: Fundamentals ADM800 Java is a relatively new programming language and is therefore still in development, that is, new versions with extensions and improvements are constantly being released: the original version is JDK 1.0 (1995). Since Version 1.2, the JDK has also been called “Java Platform 2” and in Version 1.3.0 to Version 1.4, the JDK is called “Java 2 Software Development Kit (SDK)”. It is called JDK again from Version 1.5.0 and SDK is used in another context. From Version 1.6.0, Java™ Platform 2 is no longer used, rather Java™ Platform is used. From Version 1.5.0, there is a differentiation between a developer version and a product version with 1.5.0 as the developer version. The related product version is “5.0”. Product version “6” belongs to developer version 1.6.0. • • • Java Standard Edition (Java SE). The standard edition is the normal software environment and defines the Java™ SE Development Kit (JDK). This includes the Java SE Runtime Environment (JRE). Java Enterprise Edition (Java EE). The enterprise edition builds on the JDK and integrates additional packages such as Enterprise JavaBeans (EJB), servlets, JavaServer Pages (JSP), Java Mail API, and Java Transaction Service (JTS). The Java EE 5 SDK (Software Development Kit) includes the Sun Java System Application Server and requires a JDK. This can be JDK Version 5.0 or JDK Version 6 in Version 5. Java Micro Edition (Java ME). The micro edition is a small runtime environment for small devices such as Personal Digital Assistants (PDAs) or telephones. The following figure “SDK Structure” describes the interaction between the terms “Java EE SDK”, “JDK” and “JRE”. Figure 3: SDK Structure 6 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Fundamental Concepts of Java The Java SE Runtime Environment is also referred to as JRE and contains the runtime environment to which the JVM and other libraries with which Java applications can be executed belong. The JRE cannot be used to develop any Java programs. The JDK is required for this. It contains the JRE with the Java compiler “javac” and other tools which are of use for programming. When performing client-server programming, you need a server. The SDK contains the reference implementation of an application server, namely the “Sun Java System Application Server”. You can use the Java EE SDK to program, among other things, “Enterprise Java Beans”, “Servlet”s and “JSP”; however, a JDK is required. Figure 4: AS Java with SAP JVM SAP NetWeaver AS Java is the SAP implementation for a Java-based application server. SAP NetWeaver AS Java 7.3x is Java™ EE 5-compliant and was the first (along with Sun) to correspond to this standard. SAP NetWeaver AS Java 7.3x does not require a JDK from the operating system manufacturer (unlike its predecessors); instead, the SAP-specific JDK is used on all operating systems. 2011 © 2011 SAP AG. All rights reserved. 7 Unit 1: Fundamentals ADM800 The SAP Java Virtual Machine (JVM) is a Java Virtual Machine for application servers that are reliable, scalable and can be supported for using SAP products. The SAP JVM implements the standard Java SE 5.0 and provides a reliable foundation for SAP NetWeaver AS Java. Some of the SAP JVM properties were developed especially to meet the requirements of SAP customers: • Additional “Supportability” The SAP JVM provides functions for supporting complex Java applications. One prominent function here is the “extended stack trace”. It helps developers to identify problems and software errors. • “Profiling” and “Memory Debugging” Discovering problems in memory management has the same value as identifying functional errors. Therefore, the SAP JVM provides enhanced options in the area of performance and memory profiling. • “Debugging on demand” You can use the SAP JVM in productive use to switch to and back from debugging mode without restarting the VM. This dramatically reduces the amount of effort required for troubleshooting. For details of available SAP JVM patches, see SAP Note 1434916: How to find out the SAP JVM build version. Programming in Java When creating Java programs, the developer first creates a source file in the format “MyProgram.java” (see the figure Tools of the Java Development Kit). The Java compiler generates a separate file for each class from the source file that contains the bytecode for this class. The file name is then the name of the class with the extension “.class”, and therefore has the format “MyProgram.class”. In accordance with the object-oriented approach, Java “functions” are grouped in classes. Each Java source file may only contain one public class. The file name of the source file must then be the name of this class (which is case-sensitive) with the extension “.java”. This bytecode is platform-independent: irrespective of the type of system on which the Java compiler was called, the bytecode can also be executed on any other computer system, at least in the case of “100% pure Java”, which unfortunately cannot be guaranteed for all products. 8 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Fundamental Concepts of Java Figure 5: JDK tools You can also combine multiple class files into a compressed archive file. Java archive files of this type then have, for example, names in the format “MyArchive.jar”. A Java archive contains files and possibly also entire directory structures in the same compressed format used by PKZIP and WinZip. They are administered with the program jar (Java Archiver); the call is similar to that of the UNIX program tar (tape archiver). It is not usually necessary to extract or unpack archive files: The Java compiler and the Java Virtual Machine can read and load the class files directly from the archive files. For this purpose, the file name of the archive file must be specified in a defined format. The bytecode of a Java application is executed by calling the Java Virtual Machine JVM (in the Java Runtime Environment JRE) in the format java MyProgram. In a similar way to sub program libraries in other programming languages, in Java there are also small Java programs (classes) with precisely defined conventions for the interfaces that allow reuse in multiple applications (applications and applets). These programs are known as Java Beans. Java EE Specification Java became popular with the Internet as a language of the World Wide Web. Life can be added to static HTML pages using Applets and Java Script. By extending Web servers with the Common Gateway Interface (CGI), these can perform simple database accesses and display the results formatted in the browser. However, these technologies are limited in the case of simultaneous accesses from very large numbers of users who expect reliable information and quick response times. Sun provides a solution to these problems in terms of server-side architecture for Internet applications with the Java Platform Enterprise Edition (Java EE). Java EE is a vendor standard for a complete palette of software components, which are primarily created in the Java programming language. Sun wishes to ensure that developments comply with the specification of the Java Enterprise Edition using compatibility tests for Java EE. 2011 © 2011 SAP AG. All rights reserved. 9 Unit 1: Fundamentals ADM800 The purpose of the specifications is to make available a generally accepted framework for developing distributed, multilayer applications with modular components. Clearly defined interfaces between the components and layers ensure that software components from different vendors are interoperable, provided they adhere to the specifications. With the Java EE specification, Sun wishes to ensure that Web applications that conform to the specification run on all Java EE-compatible servers. The application logic is packed in components (Enterprise Java Beans) in accordance with the Java EE specifications. They represent modular java program components. A container provides the components implicitly with the services of the runtime environment. Three-level client/server architectures for enterprise applications can be realized in accordance with the Java EE specifications. The Java EE application server forms the core of these architectures (see the figure Three-Level Java(TM) EE 5 Architecture). Figure 6: Three-Level Java(TM) EE 5 Architecture The Java EE application server processes client requests, executes the application logic, and returns the results to the clients. The application data is accessed from the database level. The application logic is implemented in the form of Enterprise Java Beans. These are executed in an EJB Container, which is part of the Java EE Application Server. The communication between the client and the Java EE is based on Web standards such as HTTP, HTML, and XML. The Java EE server uses Java Server Pages (JSP) and Java Servlets to generate HTML pages or XML data. Java Server Pages and Java servlets are executed in a Web Container, 10 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Fundamental Concepts of Java which is, in turn, part of the Java EE Application Server. Java applets can be included in the HTML pages that are sent to the Web browser. These applets are executed in the browser. Java Server Pages (JSP) are a technology developed by Sun, which essentially allow the simple dynamic generation of HTML and XML output for a Web server. This technology enables Java code and specific JSP actions to be embedded in static content. The advantage of this technology is that the logic can be implemented independent of the design. JSP are converted Java source code using a special JSP compiler. This source code, which corresponds to a Java servlet, is then converted to bytecode by the Java compiler. Figure 7: Architecture of the Java(TM) EE 5 Application Server Each application component is executed in a container. These containers provide the application components with services in accordance with the Java EE specification. Examples of these services are transaction management, availability, security, scalability, client connection, and database access. This means that the developer can concentrate purely on the application logic and does not need to deal with these system functions. The following figure shows an example of the processing of a client request by a Java EE Server. 2011 © 2011 SAP AG. All rights reserved. 11 Unit 1: Fundamentals ADM800 Figure 8: Processing of a Client Request by the Java™ EE 5 Server To achieve the aims of quick response times and reliable information, the Java EE application server must also provide scalability and reliability in addition to the functional side. The Java EE Server must handle clustering and load balancing for this. Java EE Server in the SAP Environment SAP takes into account the increasing importance of Java for creating business applications, together with the larger market of Java developers. SAP began a fundamental evaluation of Java as early as 1998 and, since SAP Web Application Server 6.20, provides a complete Java EE-compatible runtime infrastructure. Up to Release SAP NetWeaver AS Java 7.0, they were AS Java J2EE 1.3-compliant; since AS Java 7.1x, they are EE 5-compliant. The architecture of an application server in accordance with the Java EE specification is similar to the ABAP runtime environment used for SAP solutions, since both are platform-independent, executed in a multi-level architecture, and have a separate presentation logic and business logic. 12 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Fundamental Concepts of Java The use of Java EE in SAP technology has the following advantages for SAP NetWeaver Application Server: • • • • • 2011 The open integration architecture SAP NetWeaver integrates perfectly into the openness of Java EE. Java EE is further proof of the strategy of platform-independence pursued by SAP. The Java EE Connector architecture allows standardized integration of external applications. Web Services technologies are supported directly by Java. The quickly-growing Java community provides simple access to experienced developers. © 2011 SAP AG. All rights reserved. 13 Unit 1: Fundamentals ADM800 Lesson Summary You should now be able to: • Use basic Java terminology 14 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Architecture of the SAP NetWeaver Application Server Lesson: Architecture of the SAP NetWeaver Application Server Lesson Overview This lesson presents the architecture of SAP NetWeaver Application Server. Particular attention is paid to SAP NetWeaver Application Server Java. SAP NetWeaver Application Server ABAP is presented here only in as far as it is required for the understanding of the rest. Lesson Objectives After completing this lesson, you will be able to: • Explain the architecture of SAP NetWeaver Application Server Business Example SAP NetWeaver Application Server is the technical basis for many SAP components. To be able to administrate SAP NetWeaver Application Server, you need to understand its internal structure and architecture. Introduction You can implement both server-side and client-side Web applications with the SAP NetWeaver Application Server. Server applications (such as online shops or portals) can be created in the integrated development environment or with an external tool; the Web pages contain dynamic script code in addition to static HTML code. SAP NetWeaver Application Server can - depending on the chosen installation variant - execute ABAP and/or Java programs. This means that when you are creating Web applications, you can use both the ABAP-based Business Server Pages and Java-based programming (JSPs, and so on). SAP NetWeaver Application Server is the application platform of SAP NetWeaver. It represents the basis for the other SAP NetWeaver components. The following figures show the structure and components of the SAP NetWeaver Application Server. 2011 © 2011 SAP AG. All rights reserved. 15 Unit 1: Fundamentals ADM800 Figure 9: Architecture of the SAP NetWeaver Application Server Java Figure 10: Architecture of the SAP NetWeaver AS ABAP+Java An SAP NetWeaver AS ABAP+Java system consists of two integrated parts that are referred to as ABAP Stack or Java Stack. 16 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Architecture of the SAP NetWeaver Application Server The individual components and their tasks are briefly presented in the following: • The Internet Communication Manager (ICM) creates contact with the Internet. It can process Web requests as both a server and client. It supports the protocols HTTP, HTTPS, IIOP, IIOPSEC, P4SEC, Telnet and SMTP. SAP NetWeaver AS can act as a Web server or client. The SMTP protocol is only processed by SAP NetWeaver AS ABAP; therefore, it is not used in SAP NetWeaver AS Java. The protocols IIOP, IIOPSEC, P4SEC and Telenet are processed by SAP NetWeaver AS Java; therefore, they are not used in SAP NetWeaver AS ABAP. The ICM forwards incoming requests of the protocols mentioned above to the appropriate stack (ABAP or Java) for processing and sends the response back to the inquiring partners. • • • • • The ABAP dispatcher distributes the requests to the work processes. If all processes are busy, the requests are stored in the dispatcher queue. The ABAP work processes execute the ABAP code. The ABAP message server is used to exchange messages in SAP NetWeaver AS ABAP and to balance the load in the SAP system with SAP NetWeaver AS ABAP und SAP NetWeaver AS ABAP+Java. The Java server processes are responsible for processing, for example, Java server pages, servlets and so on. An SAP system that contains SAP NetWeaver AS Java has a central services instance that contains a Java message server and a Java enqueue server. The Java message server is used to exchange messages in SAP NetWeaver AS Java and to balance the load in SAP systems without an ABAP stack. The Java enqueue server is responsible for lock management in SAP NetWeaver AS Java. SAP NetWeaver Application Server with ABAP and Java This section describes the architecture of the integrated version of the SAP NetWeaver Application Server ABAP and Java. The architecture of a system of this type with one instance is shown in the figure Architecture of SAP NetWeaver Application Server ABAP+Java. The structure with multiple instances is outlined in principle in the following figure. 2011 © 2011 SAP AG. All rights reserved. 17 Unit 1: Fundamentals ADM800 Figure 11: Architecture of SAP NetWeaver AS ABAP+Java with multiple Instances Each of these integrated SAP NetWeaver AS instances contains the (ABAP) dispatcher and its work processes, which can process ABAP programs, and the ICM with its server processes, to which it distributes the incoming Java™ EE 5 requests. One of the instances must be installed as the (ABAP) central instance; that is, provide the enqueue service. Alternatively, the system can be set up with the standalone enqueue server, and without a central instance. It is, of course, possible to log on to a SAP system of this type not only using the Web client, but also using SAP GUI. The Java cluster requires a special instance, the Central Services, to administer locks and transfer messages and data. Finally, all the applications and data for ABAP and Java each have a schema in a shared database. 18 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Architecture of the SAP NetWeaver Application Server The users can log on to the SAP system using either the SAP GUI or a Web client (browser): • Communication with the SAP GUI The users log on using the message server (load balancing) or directly to the ABAP dispatcher, and the work processes process the user input. An additional task of the message server is to transmit requests in the ABAP stack. • Processing Web requests Web requests are received by an Internet Communication Manager (ICM). These HTTP(S) requests can be intended for the Internet Communication Framework (ICF), that is, processed in the ABAP work process (such as BSP applications or Java™ EE 5 requests, which are intended for SAP NetWeaver AS Java. The ICM decides where to forward the request using the URL. The HTTP(S) requests are distributed across all instances of an SAP system using the SAP Web Dispatcher. It is the central point of entry to the SAP system from the internet. For each incoming request, it must decide on the SAP NetWeaver AS instance to which it forwards the request. In each case, the ICM of an application server receives the Web requests from the SAP Web Dispatcher. The ICM then uses the URL to decide whether it should forward the request to the SAP NetWeaver AS ABAP or the SAP NetWeaver AS Java for processing. Installation Variants of SAP NetWeaver AS Depending on what is required of the SAP NetWeaver Application Server, there are various installation variants, depending on which installation routine is used. 2011 © 2011 SAP AG. All rights reserved. 19 Unit 1: Fundamentals ADM800 Figure 12: Installation variants of SAP NetWeaver AS • SAP NetWeaver Application Server ABAP System. Complete infrastructure in which ABAP-based applications can be developed and used. An SAP NetWeaver BW 7.3 system contains SAP NetWeaver AS ABAP. • SAP NetWeaver Application Server Java System. Complete infrastructure for developing and using Java™ EE 5-based applications. An SAP NetWeaver Portal 7.3 system contains SAP NetWeaver AS Java. • SAP NetWeaver Application Server ABAP and Java System. Complete infrastructure in which ABAP- and Java™ EE 5-based applications can be developed and used. This installation focuses on seamless Java-ABAP integration. An SAP NetWeaver Process Integration 7.3 system contains SAP NetWeaver AS ABAP+Java. • Java Developer Workplace Complete infrastructure for developing and using Java™ EE 5-based applications in a single-user system. 20 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Architecture of the SAP NetWeaver Application Server Lesson Summary You should now be able to: • Explain the architecture of SAP NetWeaver Application Server 2011 © 2011 SAP AG. All rights reserved. 21 Unit 1: Fundamentals ADM800 Lesson: Java Cluster Architecture Lesson Overview This lesson describes the architecture of SAP NetWeaver AS Java. The individual components of SAP NetWeaver AS Java and their functions are introduced. A Java cluster encompasses all Java components of an SAP system. Lesson Objectives After completing this lesson, you will be able to: • • Explain the term Central Services of SAP NetWeaver AS Java Understand and use concepts such as Java instance, ICM, and server Business Example After the installation of a SAP NetWeaver Application Server Java, configuration is still required. You should therefore be familiar with the basic architecture of the cluster of SAP NetWeaver Application Server Java. The Java Instance Concept SAP NetWeaver Application Server Java takes the instance concept of SAP Basis, which combines multiple components that are monitored, started, and stopped together into an administrative unit. The following components are part of a Java instance: • • The server processes provide the infrastructure in which the Java™ EE 5 applications run. The Internet Communication Manager distributes the client requests to the free server processes of the instance. An instance always runs on one physical server, but there can be multiple instances on one server. Within an SAP system, an instance is defined using the system ID (SID) of the SAP system and the instance number. An SAP system consists of a database and one or more instances. These instances can either be purely ABAP or Java instances, or instances with ABAP and Java infrastructure, with the instances of a system always having the same infrastructure (that is, there is no system that has ABAP instances (without Java) and Java instances (without ABAP). 22 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Java Cluster Architecture The Central Services form a special Java instance. They provide the basis of communication and synchronization within a Java cluster. Another special instance is the instance that is installed first. It is often referred to as the Primary Application Server Instance or PAS for short. Further instances for a system are referred to as Additional Application Server Instances or AAS for short. To ensure high-performance when processing Java requests, the SAP system can be scaled using the number of server processes for each instances or using the number of instances. Java Cluster Architecture All Java components of an SAP system are known as a Java cluster. A Java cluster consists of: • • • • A Java instance with an ICM and at least one server process. The Central Services, which contain a message server and an enqueue server. A database for the central storage of data. Optionally, additional Java instances The following figures illustrate an installation with several SAP NetWeaver AS Java instances. Figure 13: Cluster with Multiple SAP NetWeaver AS Java Instances 2011 © 2011 SAP AG. All rights reserved. 23 Unit 1: Fundamentals ADM800 ICM and Server Processes Client requests to SAP NetWeaver AS Java are received by ICM. It selects a free server process to process the request and creates the connection between the client and the server process. The ICM distributes new incoming requests to the available server processes using a “round robin” algorithm. If a connection to the client exists, the request is forwarded to the server process that is already processing requests for this client. The server process of the SAP NetWeaver Application Server Java runs the Java applications. The server processes are implemented as multi-threaded servers and can therefore process multiple requests in parallel. The system or application threads take over the processing of the requests. Central Services The Central Services run on one host and form a separate Java instance. They consist of the Java message server and the Java enqueue server. The Central Services provide the basis for communication and synchronization for the Java cluster: • • The message service administers a list of the ICM and the server processes of the Java cluster. It represents the infrastructure for data exchange (small datasets only) between the participating nodes. In the case of load balancing between a large number of Java instances, it also provides the load balancing information for the SAP Web Dispatcher. The enqueue service administers logical locks that are set in a server process by the executed application program. It is also used for cluster-wide synchronization. The Central Services are essentially required when a Java cluster is installed. They are started on a host with a separate system number and the system ID (SID) of the entire system. Message Service The message service is an individual program used to communicate between the elements of a Java cluster. The message service knows all active Java instances. The terms message server and message service are used with the same meaning in the training material. To be precise, the message server is a program/process that provides the message service. 24 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Java Cluster Architecture The message service performs the following tasks in the Java cluster: • • • • • • Notification of events that arise in the cluster, for example, if a node of the cluster disappears (due to failure or the instance being shut down), or when a service is started or stopped. Communication between different services Forwarding of messages and requests to all participants (broadcast) Prepare logon information for the SAP Web Dispatcher Guaranteed message transmission Exchange of cache information in the cluster The same technology is used as with the SAP Message Server for the earlier SAP NetWeaver AS versions without Java. Enqueue Service The enqueue service runs on the Central Services instance of the Java cluster. It manages the lock table in the main memory and receives requests for setting or releasing locks. It uses the tried and tested SAP lock concept. The terms enqueue server and enqueue service are used with the same meaning in the training material. To be precise, the enqueue server is the program or process that provides the enqueue service. The enqueue service has the following tasks: • • 2011 Internally, it is used for synchronization within the Java cluster The applications can lock objects are release locks again. The enqueue service processes these requests and manages the lock table with the existing locks. © 2011 SAP AG. All rights reserved. 25 Unit 1: Fundamentals ADM800 Lesson Summary You should now be able to: • Explain the term Central Services of SAP NetWeaver AS Java • Understand and use concepts such as Java instance, ICM, and server 26 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: The Internal Structure of SAP NetWeaver AS Java Lesson: The Internal Structure of SAP NetWeaver AS Java Lesson Overview This lesson introduces the internal architecture of SAP NetWeaver AS. This architecture is the foundation for realizing a Java™ EE 5 application server in accordance with the Java™ EE 5 specification. Lesson Objectives After completing this lesson, you will be able to: • • Name the most important managers of the SAP NetWeaver AS Name the most important services of the SAP NetWeaver AS Business Example SAP NetWeaver AS Java consists internally of several managers and services. To be able to configure these managers and services, you should first understand their significance and functions. Introduction The internal structure of SAP NetWeaver AS Java is divided into three logical levels (see the figure Internal Structure of SAP NetWeaver AS Java): • • • 2011 SAP Java Enterprise Runtime - provides fundamental functions of the runtime environment, such as class loading, cluster communication, management of configuration data, and so on . AS Java System Components - contain interfaces, libraries, services and facades. Applications Layer - relates to the applications that are deployed and run in SAP NetWeaver Application Server Java. © 2011 SAP AG. All rights reserved. 27 Unit 1: Fundamentals ADM800 Figure 14: Internal Structure of SAP NetWeaver AS Java The following general rule applies to the interaction between these three logical entities in SAP NetWeaver AS Java: higher-level components can use the functions of the lower-level layers. On the other hand, the lower levels are not aware of the higher levels and cannot therefore use their functions. This rule is a consequence of the start sequence of the individual modules of the system. First, the runtime environment is started, then the services are started, and then the applications are started. Communication between the individual components takes place using defined Application Programming Interfaces (APIs). The components of the higher levels use these APIs to use functions of the lower levels. The AS Java System components use the Framework APIs to talk to the SAP Java Enterprise Runtime. The applications can talk with the AS Java System components either using APIs defined by the Java™ EE 5 specifications, or using proprietary SAP APIs. The functions of these logical levels and their interaction are described in the following. 28 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: The Internal Structure of SAP NetWeaver AS Java SAP Java Enterprise Runtime The SAP Java Enterprise Runtime provides the core functions of the system. These core functions are realized by multiple subsystems of the lowest level. These subsystems are called managers. A selection of these managers with a short description is listed below: • Log Manager: manages the process of logging system events. It configures the logging routines of the kernel. The Log Manager is the first manager that is started during the startup of SAP NetWeaver Application Server Java. • Application Thread Manager: manages inbound client requests. Searches for free threads to process inbound requests. If no threads are free, the requests are buffered in a request queue. • Thread Manager: manages threads in which internal operations of SAP NetWeaver AS Java are executed. • Locking Manager: Represents the interface between the server process and the enqueue service. • Configuration Manager: Allows SAP NetWeaver AS Java to store and access data in a relational database. Uses the Open SQL for Java Framework to do this. • Classloading Manager: Central location for the registration and removal of loaders and references between them. • Cluster Manager: Manages the elements of a cluster (server processes) and is responsible for the communication in the cluster. It updates information about the status of the individual elements of a cluster and the services that are provided by it. Important settings: – • element.joinPort: Port with which servers listen for inbound connections. – ms.host: Host on which the Java message server runs. Service Manager Represents a container in which all services in the cluster are executed. 2011 © 2011 SAP AG. All rights reserved. 29 Unit 1: Fundamentals ADM800 AS Java System Components The AS Java System components form the second level within the three-level structure of SAP NetWeaver AS Java. They provide the complete infrastructure for executing Java™ EE 5 applications and proprietary SAP applications. Four types of AS Java System components can be classified: • Interfaces: Agreements that define how different components of SAP NetWeaver AS Java work together. They do not provide any runtime functions themselves, but rather are used by services that provide their implementation. • Libraries: They provide names, classes, and objects within SAP NetWeaver AS Java. These objects are created by the system when it loads the library, or when an object is first requested. • Services: The services that SAP NetWeaver AS Java provides for processing requests are defined and configured using the Services. Service components can access and utilize functions of the runtime environment through the Framework API. They are the most important of these four types of AS Java System components. • Facades: The facades are special APIs that the Java EE API and SAP API use to access libraries, interfaces and services. 30 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: The Internal Structure of SAP NetWeaver AS Java A selection of the most important services with a short description is listed below: • Security Provider: Administration of users and groups and authorization administration. Controls access to resources or applications deployed in SAP NetWeaver AS Java. • Monitoring Service: Allows access to information about the current system status. Provides general and statistical information, among other things, about the nodes in the cluster, memory utilization, performance, applications, and user connections. • Log Configurator service Manages the configuration of the logging and tracing mechanism of SAP NetWeaver AS Java. • Deploy Service: Manages the deployment of Java applications. • EJB Container Service: Manages all Enterprise Java Beans (session beans, entity beans, and message-driven beans), which are executed in the EJB Container of SAP NetWeaver AS Java. • HTTP Provider: Is responsible for processing HTTP requests. Applications Layer The applications form the third level within the architecture of SAP NetWeaver AS Java. The boundary between the applications and the AS Java System components is defined by the Java EE APIs and a few proprietary SAP APIs. Applications use these APIs to utilize the functions of the AS Java System components. 2011 © 2011 SAP AG. All rights reserved. 31 Unit 1: Fundamentals ADM800 An enterprise application can contain different types of application components: • • • • Servlet: A program module written in the Java programming language, which is used to respond to requests to a Web server in such a way that the content of the returned HTML Web page is dynamically generated. Servlets are standardized in the context of the Java™ EE 5 specification. Java Server Pages (JSP): Technology for dynamically generating HTML and XML output of a Web server. This technology enables Java code and specific JSP actions to be embedded in static content. The advantage of this technology is that the logic can be implemented independent of the design. Java Server Pages are converted to Java source code, which corresponds to a Java servlet, using a special JSP compiler. Enterprise Java Beans (EJB): Used for the standardized, simplified development of business applications using Java. They are part of the central elements of the Java™ EE 5 specification. Java Database Connectivity (JDBC): Uniform interface to databases from different vendors, defined specifically for relational databases. The tasks of JDBC include creating and managing database connections, forwarding SQL queries to the database, and converting the results into a format that is usable for Java and making them available to the program. These components reside in different containers of SAP NetWeaver AS Java (see the figure Containers of SAP NetWeaver AS Java). The containers provide runtime services for the application components. 32 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: The Internal Structure of SAP NetWeaver AS Java Lesson Summary You should now be able to: • Name the most important managers of the SAP NetWeaver AS • Name the most important services of the SAP NetWeaver AS 2011 © 2011 SAP AG. All rights reserved. 33 Unit 1: Fundamentals ADM800 Lesson: Load Balancing in the SAP NetWeaver AS Java Environment Lesson Overview An SAP system can be scaled using the number of application servers and the number of dialog work processes (ABAP) or server processes (Java) for each instance. Requests to the SAP system should be distributed as equally as possible across all application servers and processes. A load balancing procedure is required to do this. The techniques used for this in the SAP system are introduced in this lesson. Lesson Objectives After completing this lesson, you will be able to: • Explain how load balancing can be realized in the SAP system Business Example With large applications, it is best to spread the load across several components. Load balancing is also possible with SAP NetWeaver AS Java. Overview In this section, the different mechanisms for load balancing that are available for SAP NetWeaver AS are presented. You can essentially differentiate between two mechanisms for load balancing: Client-based and server-based load balancing. In general, we recommend server-based load balancing. Server-Based Load Balancing A load balancer connected in front acts as a central entry point to the SAP system. This is the case, even if the SAP system is made up of multiple application servers. These technique offers the following advantages: • • • 34 All application servers can be addressed using a common IP address or a common name. The users always use the same URL to access the system. The advantages listed above reduce the operating and maintenance effort and costs. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Load Balancing in the SAP NetWeaver AS Java Environment This central entry point to the SAP system can be realized using an additional component, known as a “load balancer”. As shown in the following figure, this load balancer receives inbound requests and distributes these to the application servers. Figure 15: Server-Based Load Balancing Client-Based Load Balancing In addition to SAP's preferred method of server-based load balancing, there are other methods, which can be preferred in certain circumstances. In particular, if a simple implementation of load balancing is desired. With this client-based load balancing, all inbound client requests are initially directed to a central location in the system, a load balancing server, when the connection is first made. The load balancing server informs the client which application server it should address. This is illustrated by the following figure. Figure 16: Client-Based Load Balancing 2011 © 2011 SAP AG. All rights reserved. 35 Unit 1: Fundamentals ADM800 Client-based load balancing can be realized using the following mechanisms: Rerouting the requests using functions • • That provide the HTTP protocol (redirect) That provide the Domain Name System (DNS) protocol, with which the namespace in the Internet is managed A simple method of load balancing is already implemented in SAP NetWeaver AS, based on the rerouting of HTTP requests. Their function is shown in the following figure. Figure 17: Load Balancing Using the SAP Message Server This mechanism functions as follows: 1. 2. 3. 4. 36 The browser sends a request to the message server. The message server returns the address of an appropriate application server to the browser (redirect). The browser now sends a request to this application server. The user remains connected to this application server for the rest of the duration of the session. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Load Balancing in the SAP NetWeaver AS Java Environment Although this method is implemented in SAP NetWeaver AS using the message server (for AS ABAP or AS ABAP and Java System, this is the ABAP Message Server; for AS Java, this is the Java Message Server), and is already available after installation, it is not the preferred method due to a number of disadvantages. Some of these disadvantages are listed briefly here: • • • Can lead to confusion of the user, since the URL displayed in the browser changes with the rerouting If Favorites are created in the browser, these point to the server to which the user was rerouted Can cause problems if a firewall is used Stateless and Stateful Web Applications The programming model that underlies the development of Web applications has an important influence on a load balancer. The programming model differentiates between “stateless” and “stateful” Web applications. The programming model for stateless requests is used for simple applications, for which each request to SAP NetWeaver AS is independent of all other requests. The programming model for stateful requests is used for more complex applications, which are based on a transactional concept. With these applications, information about the status of the user session must be stored in the application server. The mechanism for load balancing in the SAP system must support both stateless and stateful requests. Stateful requests are a particular challenge for the load balancer, since the HTTP protocol only supports stateless requests. This is illustrated in the following figure. The first request is forwarded to an application server by the load balancer. If a subsequent request is forwarded to a different application server, this has no information about the user context. 2011 © 2011 SAP AG. All rights reserved. 37 Unit 1: Fundamentals ADM800 Figure 18: Stateful Requests The load balancer must therefore ensure that stateful requests are always forwarded to the same application server. This can be achieved by different implementations in the load balancer. However, these different techniques are not presented in more detail here. Realization of Load Balancing in SAP NetWeaver AS Java After these initial considerations about load balancing, the realization in SAP NetWeaver AS Java is now presented in this section. Load balancing within SAP NetWeaver AS Java allows the optimal distribution of the incoming requests to the available resources. SAP NetWeaver Application Server provides load balancing at different levels, as shown in the following figure. 38 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Load Balancing in the SAP NetWeaver AS Java Environment Figure 19: Load balancing in SAP NetWeaver AS Java In a cluster with multiple SAP NetWeaver AS Java instances, load balancing is performed using a load balancer connected in front (1). Within the Java instance, the ICM (2) distributes the inbound requests to the server processes with which it is connected. Load Balancing Between Many Java Instances The following figure shows a system with multiple Java instances, for which the SAP Web Dispatcher is already activated in the DMZ as a load balancer. This performs the load balancing between the Java instances. The ICMs of the instance distributes the requests to their server processes. Hint: You can also use any other load balancing device instead of the SAP Web Dispatcher. In this case, you need to register the hosts and ports with it; the communication with the message server does not take place. 2011 © 2011 SAP AG. All rights reserved. 39 Unit 1: Fundamentals ADM800 Figure 20: Load Balancing Between Many Java Instances The SAP Web Dispatcher fetches the information that it requires from the message server about: • • All ICMs with their HTTP ports, to which it can forward requests The capacities of the connected Java instances, so that it can use the weighted round robin procedure. For this, the SAP Web Dispatcher simply needs, in its profile file, the host name and the port at which it can reach the message server (parameter rdisp/mshost,ms/http_port). The SAP Web Dispatcher is delivered with the message server. In the standard installation, you will find this, for example, in a subdirectory of /usr/sap/<SID>/SYS/exe. The SAP Web Dispatcher can be used for load balancing in the following scenarios: • • • 40 Java-only scenario, as described here. ABAP-only scenario (see SAP customer training course ADM102, “Administration AS ABAP II”) Integrated scenario (Java+ABAP) (see SAP customer training course ADM102, “Administration AS ABAP II”) © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Load Balancing in the SAP NetWeaver AS Java Environment Appendix: SAP Web Dispatcher As previously described, the SAP Web Dispatcher, which lies between the Internet and the SAP system, can be used as a load balancer. It is the entry point for HTTP(S) requests into your system, which consists of one or more Web application servers. As a "software Web switch", it can reject or accept connections. When it accepts a connection, it distributes the requests to ensure an even distribution across the servers (load balancing). Hint: Not only does using the SAP Web Dispatcher allow you to realize load balancing across multiple SAP NetWeaver AS instances, it also provides security functions (entry point in the DMZ, SSL, URL filtering). The SAP Web Dispatcher forwards inbound requests (HTTP, HTTPS) to the SAP NetWeaver AS instances of the SAP system in turn, where the number of requests that a SAP Web AS receives is weighted according to its capacity. The capacity of a SAP NetWeaver AS ABAP depends on the number of configured dialog work processes. For SAP NetWeaver AS Java, the capacity is determined by the number of server processes. If the application is stateful, the SAP Web Dispatcher ensures at the next request that the user is again forwarded to the server processing his or her application. It uses the session cookie to do this for HTTP connections, and the client IP address for end-to-end SSL. The SAP Web Dispatcher also decides whether the inbound request is to be forwarded to a SAP NetWeaver AS ABAP or a SAP NetWeaver AS Java. Hint: Unlike the HTTP load balancing performed by the SAP message server, no redirect is performed when using the SAP Web Dispatcher. In this way, the associated disadvantages (a large number of IP addresses must be known, bookmarking is not possible, authentication after a change of application server) are also avoided. 2011 © 2011 SAP AG. All rights reserved. 41 Unit 1: Fundamentals ADM800 The SAP Web Dispatcher is a separate program that can run on a host that is directly connected to the Internet. It requires minimal configuration. You only need to enter the following data in the profile file for the SAP Web Dispatcher: • • Port on which the HTTP(S) requests are to be received (parameter icm/server_port_<xx>) Host and HTTP port of the SAP message server (parameter rdisp/mshost and parameter ms/http_port) If you want to be able to call the Web application externally, for example with the URL http://shop.sap.com, this host name must be mapped internally to the SAP Web Dispatcher. This then forwards the HTTP(S) request to a suitable SAP NetWeaver AS. Hint: The SAP Web Dispatcher is presented in detail in the SAP customer training course ADM102, “Administration AS ABAP II”. For information about the change history of the SAP Web Dispatcher, see the composite SAP Note on the SAP Web Dispatcher (SAP Note 538405 and 1093023). 42 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Load Balancing in the SAP NetWeaver AS Java Environment Lesson Summary You should now be able to: • Explain how load balancing can be realized in the SAP system 2011 © 2011 SAP AG. All rights reserved. 43 Unit Summary ADM800 Unit Summary You should now be able to: • Use basic Java terminology • Explain the architecture of SAP NetWeaver Application Server • Explain the term Central Services of SAP NetWeaver AS Java • Understand and use concepts such as Java instance, ICM, and server • Name the most important managers of the SAP NetWeaver AS • Name the most important services of the SAP NetWeaver AS • Explain how load balancing can be realized in the SAP system 44 © 2011 SAP AG. All rights reserved. 2011 ADM800 Test Your Knowledge Test Your Knowledge 1. Which of the programming languages listed below are implemented platform-independently? Choose the correct answer(s). □ □ □ □ A B C D Fortran ABAP Java C/C++ 2. Briefly describe the function of the Java Virtual Machine (JVM). 3. Which of the software components listed below are components of SAP NetWeaver AS? Choose the correct answer(s). □ □ □ 4. A B C ABAP Work Processes Java Message Server Internet Communication Manager Which software components allow load balancing in the context of SAP NetWeaver AS Java? Choose the correct answer(s). □ □ □ 2011 A B C SAP Web Dispatcher ABAP Dispatcher Server processes © 2011 SAP AG. All rights reserved. 45 Test Your Knowledge ADM800 Answers 1. Which of the programming languages listed below are implemented platform-independently? Answer: B, C ABAP and Java are programming languages that are implemented platform-independently. 2. Briefly describe the function of the Java Virtual Machine (JVM). Answer: The JVM executes the platform-independent bytecode generated by the Java compiler on the relevant hardware. 3. Which of the software components listed below are components of SAP NetWeaver AS? Answer: A, B, C Components of SAP NetWeaver AS: Internet Communication Manager, ABAP dispatcher, ABAP work processes, ABAP message server, Java server processes, Java message server und Java enqueue server. 4. Which software components allow load balancing in the context of SAP NetWeaver AS Java? Answer: A The SAP Web Dispatcher distributes inbound requests across multiple SAP NetWeaver AS Java instances. 46 © 2011 SAP AG. All rights reserved. 2011 Unit 2 Starting and Stopping Unit Overview This unit describes the process when starting an SAP NetWeaver AS Java. SAP NetWeaver AS Java uses the Startup and Control Framework to perform the start process of the Java instances. On all operating systems, it is possible to use the SAP Management Console for starting and stopping. In the Windows operating system, it is also possible to use the Microsoft Management Console (SAP MMC). In the UNIX operating system, it is also possible to use the startsap and stopsap scripts. Finally, the log and trace files of the start/stop process are listed. Unit Objectives After completing this unit, you will be able to: • • • • • • • • • Describe the sequence in which the components of an SAP system and started and stopped Describe the general start process for an SAP NetWeaver AS Java Describe the general start process for an SAP NetWeaver AS ABAP + Java Operate the tools to start and stop SAP NetWeaver AS ABAP + Java Operate the tools to start and stop SAP NetWeaver AS Java Use the term Startup and Control Framework Describe the individual steps during the start and stop processes of a Java instance Find the storage locations of trace and log files of the Startup and Control Framework. Name the most important trace and log files of the Startup and Control Framework and review their content. Unit Contents Lesson: Overview of the Process for Starting and Stopping an SAP NetWeaver AS Java ............................................................. 49 Lesson: Tools for Starting and Stopping ...................................... 57 Exercise 1: Tools for Starting and Stopping.............................. 67 Lesson: Java Startup and Control Framework............................... 73 2011 © 2011 SAP AG. All rights reserved. 47 Unit 2: Starting and Stopping ADM800 Exercise 2: Java Startup and Control Framework ...................... 79 Lesson: Logs of the Start and Stop Processes of SAP NetWeaver AS Java ................................................................................ 82 Exercise 3: Logs of the Start and Stop Processes of SAP NetWeaver AS Java ....................................................................... 85 48 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Process for Starting and Stopping an SAP NetWeaver AS Java Lesson: Overview of the Process for Starting and Stopping an SAP NetWeaver AS Java Lesson Overview There are different techniques for initiating the start and stop processes for the SAP NetWeaver AS, depending on the installation (with or without an ABAP stack). An SAP NetWeaver AS ABAP + Java is automatically started and stopped by the ABAP dispatcher. The start and stop process for an SAP NetWeaver AS Java (without ABAP stack) can be performed using the SAP Management Console (SAP MC). Lesson Objectives After completing this lesson, you will be able to: • • • Describe the sequence in which the components of an SAP system and started and stopped Describe the general start process for an SAP NetWeaver AS Java Describe the general start process for an SAP NetWeaver AS ABAP + Java Business Example An SAP system should be stopped before maintenance work to the hardware and started again later. To be able to do this, it is necessary to become familiar with the tools for starting and stopping the system, and the process flow. System Start: Process The starting of an SAP system is the basic prerequisite for being able to work with the system. The start process presented in this lesson describes the process flow when starting an SAP system with ABAP and Java stack as well as when starting an SAP system with a Java stack but without an ABAP stack. Every SAP system has a database and at least one instance. Systems with the Java stack have at least two instances. The instances can be divided into three different categories with different priorities for the start and stop process. 1. 2. 3. Instances with enqueue but without ABAP dispatcher Instances with enqueue and with ABAP dispatcher All other instances The enqueue plays a special role in the ABAP stack and in the Java stack for the start sequence; the enqueue is on one instance only for each stack. These instances that usually also contain the message server must be started before all other instances. The Java Central Services instance (priority 1) does not require 2011 © 2011 SAP AG. All rights reserved. 49 Unit 2: Starting and Stopping ADM800 a running database; therefore, the database is not started when this instance is started. An instance with an ABAP dispatcher and an enqueue work process (priority 2) requires a started database that the ABAP work processes log on to. Therefore, the first step is to start the database when starting this type of instance (unless it is already running). In principle, the start process is performed in multiple steps. The start process is performed with the operating system user <sid>adm: 1. Starting the Central Services Instance The Central Services consist of the Java message server and the Java enqueue server. The ICM and server Java cluster elements connect to the Java message server during their own start process. 2. Starting the database The database is the fundamental element of the entire SAP system. This must be in an operational state before SAP instances that contain an ABAP dispatcher or Java server process are started. However, it may not run or be started before the Central Services instance is started. 3. Starting the PAS or AAS The Primary Application Server Instance (PAS) or Additional Application Server Instance (AAS) first checks whether the database is started; it starts the database if it is not already started. If there is an enqueue work process in a PAS or AAS (usually in a PAS with ABAP stack), this instance must be given priority and started before the other instances. For the start process, you differentiate between the starting of SAP systems with purely Java instances (without ABAP) and instances with Java and ABAP stack. Additional details are provided in the following sections. System Stop: Process The stopping of an SAP system is performed in reverse sequence. The instances with enqueue are always stopped last. For SAP system installations on the Microsoft Windows operating system, the database is not stopped at the same time. This can be done with the tools of the relevant database. In the case of SAP system that are installed on UNIX operating systems, the database is generally stopped at the same time. Hard Shutdown The hard shutdown tops the system or the instance immediately, regardles if user requests are currently processed or not. 50 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Process for Starting and Stopping an SAP NetWeaver AS Java Soft Shutdown If the soft shutdown for an instance is triggered, there is no logon to the instance possible anymore. The instance is removed from the load balancing list of the message server. However, requests of logged on users are still dispatched to the related instance by the message server (e.g. http requests). On the AS ABAP, no more long running tasks are scheduled and it is been waiting for the end of long running tasks e.g. batch jobs or updates. If there is no long running task anymore, than it is been waited until all user sessions are ended. Afterwards all internal tasks are stopped and if all work processes are idle, the instance shuts down. On the AS Java, every server process enters the state preparing to stop if no critical task is running. If there is no user session alive, the server process stops the application and shuts down. In case that user sessions exists, the server process waits, until all user sessions have ended. In case of an AS ABAP+Java system, the behavior is nearly the same except that the stopping of the ABAP internal tasks is delayed, until the Java part is stopped already. Starting and Stopping an SAP NetWeaver AS ABAP + Java The instances are started and stopped using appropriate tools - such as the SAP Management Console (SAP MC). The start of the Java stack is controlled by the ABAP dispatcher within an instance of a dualstack system. In concrete terms, this means that the start and stop processes are triggered by the ABAP dispatcher. To do this, the ABAP dispatcher sends a start command to the so-called Startup and Control Framework. The corresponding Java cluster elements are started using the Startup and Control Framework. Note: The Startup and Control Framework consists of the Java Instance Controller and the server processes in a dualstack system. The ICM also belongs to the Startup and Control Framework in an SAP NetWeaver AS Java system. 2011 © 2011 SAP AG. All rights reserved. 51 Unit 2: Starting and Stopping ADM800 Figure 21: Starting an SAP NetWeaver AS ABAP+Java The tools (explained in more detail in the next lesson) can be used to start or stop individual instances or also the entire system. You should proceed as described above for the start process. If the complete system is started, you can be selected, for example in the SAP MC All Instances. The tools communicate with sapstartsrv. This is a service in Windows operating systems; it should be scheduled as a daemon in other operating systems. There is an sapstartsrv for each instance; this is responsible for starting and stopping the instance. If an sapstartsrv now receives the start command for the system, it must pass this on to the other sapstartsrv; this happens via HTTP or HTTPS. The sapstartsrv write a 1 byte control file every minute to the directory $(DIR_GLOBAL)\sapcontrol whose name specifies, among other things, the port and host on which it can be reached and the priority that its instance has. Using the control files, the sapstartsrv recognizes which other sapstartsrv are still active and passes the start signal on to them according to the priority. Therefore, the above figure shows that the Central Services instance is started first because it has priority 1. The PAS has priority 2 (since no ABAP Central Services instance was installed); therefore, it is the next one to be started. At this point, a check is performed to see whether the database is running (step 3). If it is not running, it is started. The ABAP message server and the ABAP dispatcher are now started (step 4). The ABAP dispatcher starts its work processes, the ICM and the Startup and Control Framework (step 5) to which the Java server processes belong. 52 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Process for Starting and Stopping an SAP NetWeaver AS Java The AAS is then started since it has priority 3. The start process is similar to PAS; however, there is no ABAP message server started. In the start process, a timeout is specified for the start of the instances with the next highest priority. This means that all instances with the same priority have to be started within the timeout for the instances with the next highest priority to be started. The stop process is performed by the ABAP dispatcher in the same way as the start process. The ABAP dispatcher also informs the Startup and Control Framework and transfers the stop command in this case. Starting an SAP NetWeaver AS Java In an SAP NetWeaver AS Java system, the Startup and Control Framework is started directly by the sapstartsrv. The ICM also belongs to the Startup and Control Framework along with the Java Instance Controller, the server processes. Using the relevant tools, for example SAP Management Console (SAP MC) or the Microsoft Management Console (SAP MMC) under Windows, the start command is passed on to an sapstartsrv, which forwards this to the appropriate sapstartsrv, which starts “its” instance. Figure 22: Starting an SAP NetWeaver AS Java (without ABAP) If the start command for the system start is passed on to an sapstartsrv, the procedure here is the same as described above for starting an SAP NetWeaver AS ABAP + Java system. 2011 © 2011 SAP AG. All rights reserved. 53 Unit 2: Starting and Stopping ADM800 The Central Services instance is started first because it has priority 1. The PAS and AAS are then started (step 4) since they have priority 3. The sapstartsrv of the PAS and AAS check before the start of the instance (step 3) whether the database is running; if it is not, it is started before the PAS or AAS is started. Evaluating the Profiles in the Start Process There are no start profiles in SAP NetWeaver 7.10 and later releases. Information for the start process is integrated into the instance profiles. Therefore, the instance profile is also used to start the sapstartsrv. If information for the start process is changed in the instance profile, the sapstartsrv has to be restarted as before. Figure 23: Evaluation of Default and Instance Profiles If an instance of a dualstack system is started, the ABAP message server (if it belongs to the instance) evaluates the parameters of the default and instance profile and starts with this parameterization. Similarly, the ABAP dispatcher evaluates the default and instance profile and starts with this parameterization. It passes on the parameterization to the processes that it starts, for example its work processes and the ICM. Furthermore, the ABAP dispatcher starts the Startup and Control Framework, which also evaluates the default and instance profile. 54 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Process for Starting and Stopping an SAP NetWeaver AS Java In an SAP NetWeaver AS Java system, the sapstartsrv starts the Startup and Control Framework; this starts the processes with the parameters of the default and instance profiles. 2011 © 2011 SAP AG. All rights reserved. 55 Unit 2: Starting and Stopping ADM800 Lesson Summary You should now be able to: • Describe the sequence in which the components of an SAP system and started and stopped • Describe the general start process for an SAP NetWeaver AS Java • Describe the general start process for an SAP NetWeaver AS ABAP + Java Related Information • 56 SAP Help Portal: help.sap.com → SAP NetWeaver © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Tools for Starting and Stopping Lesson: Tools for Starting and Stopping Lesson Overview This lesson presents the tools for the technical implementation of a start and stop process for SAP systems. The SAP Management Console (SAP MC) can be used for the start and stop process independently of the operating system. Lesson Objectives After completing this lesson, you will be able to: • • Operate the tools to start and stop SAP NetWeaver AS ABAP + Java Operate the tools to start and stop SAP NetWeaver AS Java Business Example You are using an SAP NetWeaver Application Server with Java and different operating system platforms such as Microsoft Windows and UNIX. To start and stop the SAP systems you require information about the use of the available tools. Starting and Stopping an SAP NetWeaver AS ABAP + Java When SAP NetWeaver AS ABAP + Java is started, the entire instance is always started. If the instance is started then the Java stack can be stopped and started again individually by the ABAP dispatcher. Starting and Stopping instances of SAP NetWeaver AS ABAP + Java Figure 24: Starting and Stopping instances of SAP NetWeaver AS ABAP + Java Instances of SAP NetWeaver AS ABAP + Java can be can be started and stopped independently of the operating system using the SAP Management Console (SAP MC). 2011 © 2011 SAP AG. All rights reserved. 57 Unit 2: Starting and Stopping ADM800 As of SAP NetWeaver Release 2004, a new operating system-independent application is supplied with the SAP Management Console (SAP MC) (see SAP Notes 1014480 and 995116). This allows you to display monitoring information and perform administration tasks such as start and stop operations. The tool is a standalone Java application which can be started either as an applet or locally. The SAP MC is supplied as standard with the kernel and is ready for use without any additional installation. For the different operation systems, see SAP Note 93673. SAP MC is a Java application which is supplied as a Java applet as standard. You simply use a Web browser to do this.. To use the applet correctly, you require a JRE (Java Runtime Environment) of version 1.4 or higher. In addition, the corresponding Java plugin for the browser must be activated correctly. To start SAP MC after installing the corresponding SAP NetWeaver AS, enter the following URL in your browser: http://<Rechnername>:5<Instanznummer>13 Or, if you have configured https in sapstartsrv (see SAP Note 1036107): https://<Rechnername>:5<Instanznummer>14 Figure 25: Starting and Stopping with the SAP Management Console The SAP MC allows you to start and stop all the SAP NetWeaver AS ABAP+Java instances as well as the Central Services. You can also display information about the instances of the SAP system and the employed database (name, manufacturer and name of the host on which the database is located). Starting and Stopping with the SAP Management Console). For each instance, SAP MC displays information about the ABAP and Java stack processes (see figure: SAP Management Console: Process Information). 58 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Tools for Starting and Stopping Figure 26: SAP Management Console: Process Information The SAP Management Console also allows you to display the trace files for the individual processes.. You can use these trace files to analyze problems (see figure: SAP Management Console: Trace Files). You can also use the SAP MC to evaluate the developer traces (as well as the log and trace files) (as with the previous lesson about the SAP MMC). Figure 27: SAP Management Console: Trace Files 2011 © 2011 SAP AG. All rights reserved. 59 Unit 2: Starting and Stopping ADM800 Stopping and Starting AS Java in an SAP NetWeaver AS ABAP + Java System Figure 28: Stopping and Starting the Java Stack in an SAP NetWeaver AS ABAP+Java System In the case of SAP NetWeaver AS ABAP + Java, it is possible to allow the ABAP stack to continue running, and only stop and then restart the Java stack. You do this using transaction SMICM. You can either start/stop the (local) instance onto which you are logged in the transaction SMICM or start/stop all the instances in the (global) Java cluster (see figure: Starting and Stopping the Java Stack of an SAP NetWeaver AS ABAP + Java from transaction SMICM). Hint: Up to NetWeaver 7.0x, the Java dispatcher was also started or stopped at this point. The Java dispatcher was replaced by the ICM in SAP NetWeaver 7.1x systems or higher. However, in the above case, the ICM is not started or stopped because it does not belong to the Startup and Control Framework in an SAP NetWeaver ABAP + Java 7.3 system. 60 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Tools for Starting and Stopping Figure 29: Starting and Stopping the Java Stack of an SAP NetWeaver AS ABAP+Java from Transaction SMICM It is not possible, and also not useful, to stop only the ABAP stack and leave the Java stack started in the case of AS ABAP + Java. Starting and Stopping an SAP NetWeaver AS Java Figure 30: Starting and Stopping an SAP NetWeaver AS Java SAP NetWeaver AS Java is started and stopped in the same way as SAP NetWeaver AS ABAP + Java usingf the SAP Management Console (see figure: Starting and Stopping SAP NetWeaver AS Java with the SAP Management Console). 2011 © 2011 SAP AG. All rights reserved. 61 Unit 2: Starting and Stopping ADM800 Figure 31: Starting and Stopping SAP NetWeaver AS Java with the SAP MC In SAP NetWeaver AS Java, the instance names are J<instance-number>. SAPControl SAPControl allows the Web services of the sapstartsrv processes to be addressed. SAPControl is part of the kernel, and is available on all operating systems. Calling sapcontrol without any other option provides the syntax description. The figure SAPControl: Syntax and Examples shows the basic structure of the syntax with some selected examples. 62 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Tools for Starting and Stopping Figure 32: SAPControl: Syntax and Examples In the first example “sapcontrol -user <sid>adm password -nr <instancenumber e.g. 00 or 0> -function StartSystem LEVEL 2”, the Web method StartSystem is called with the parameter LEVEL and the value 2 for the level. As with the SAP MC, a sapstartsrv process that is used to start the instances is addressed. “LEVEL 2” means that all instances with priority 1 are started first (unless they are already running). In our AS ABAP+Java system, this is the Central Services instance. Then the central instance (and if relevant, the database) is started, but no further instances. It is not important whether the instances are running on the same or different hosts. With StartSystem LEVEL 3 (corresponds to StartSystem ALL), all the instances of the system are started according to their priority, unless they are already running. This is the same procedure used to start the system using the SAP MC. StopSystem LEVEL 2 means that all priority 3 and priority 2 instances are stopped if they are still running. StopSystem ALL has the same meaning as StopSystem LEVEL 1. In the second example, “sapcontrol -prot PIPE -nr <instancenumber> -function Start”, a Trusted Connection is used. No user name or password are specified because the operating system authentication as <sid>adm is sufficient. However, it is only possible to call Web methods for the local computer. In the example, the dialog instance (instance number 11) is started. The function StartSystem LEVEL 3 is not possible because StartSystem may have to communicate with systems outside the host, which is not permitted under Trusted Connections. This means only functions for instances are possible. Caution: Trusted Connection for Windows: -prot PIPE 2011 © 2011 SAP AG. All rights reserved. 63 Unit 2: Starting and Stopping ADM800 Trusted Connection for Unix: -prot NI_HTTP; this is the default value. See also SAP Note 927637 - Web service authentication in sapstartsrv as of release 7.00 Special Characteristics of Starting and Stopping Under Microsoft Windows With the Microsoft Windows operating system, you can use both the SAP Management Console and the Microsoft Management Console with an SAP plug-in (SAP MMC) to start and stop an SAP system. The SAP MMC allows you to start and stop all the instances of the SAP system as well as the Central Services. For some databases, you can also display administration information and the status of the database. Some database types can also be administered using the SAP MMC. The information displayed in the SAP MMC and the start and stop procedures are similar to the browser-based SAP Management Console (SAP MC). This is illustrated by the next two figures. Figure 33: Starting/Stopping an SAP Net Weaver AS ABAP + Java under Microsoft Windows 64 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Tools for Starting and Stopping Figure 34: Starting and Stopping an SAP NetWeaver AS Java under Microsoft Windows Hint: In the environment of SAP NetWeaver AS Java, there is a special Java development environment, which is installed locally on every PC. It usually consists of an SAP NetWeaver Developer Studio and an SAP NetWeaver AS Java as a test environment for Java developments. The SAP NetWeaver Application Server Java can be “restarted” from the SAP NetWeaver Developer Studio. Under Windows, the SAP system can also be started and stopped without a GUI by calling a command by means of the executable files startsap.exe and stopsap.exe. This can be done using a simple telnet access. To start an instance of the SAP system, open a telnet connection and enter the following command: startsap name=<SID> nr=<Instanz-Nr.> SAPDIAHOST=<Rechnername> To stop an instance of the SAP system, open a telnet connection and enter the following command: stopsap name=<SID> nr=<Instanz-Nr.> SAPDIAHOST=<Rechnername> For the SAPDIAHOST parameter, enter the name of the host on which the instance is to be started. 2011 © 2011 SAP AG. All rights reserved. 65 Unit 2: Starting and Stopping ADM800 Special Characteristics of Starting and Stopping Under UNIX For SAP systems that are installed under UNIX, you run the scripts startsap and stopsap to initiate the start and stop processes. If multiple SAP instances are installed on one physical server, you add the instance name to the names of the scripts startsap and stopsap. The script startsap can be called with the following options: • • • • DB: starts the database system R3: starts the instances and associated processes for the instance J2EE: starts the instances and associated processes for the instance ALL: starts the database system and the instance (default setting, can be omitted) The script stopsap can be called with the following options: • • • • DB: stops the database system via the script stopdb; R3: stops the instances of the SAP system; J2EE: stops the instances of the SAP system; ALL: stops the database system and the instance (default setting, can be omitted) To start the SAP system, the script startsap calls the process sapstart with the start profile specified in the script in the variable START_FILES. Database and SAP instances can each be individually started and stopped with the options DB or R3, for example startsap R3 DVEBMGS00. Caution: The option J2EE can be used in the same way as the option R3. In the case of SAP NetWeaver AS ABAP + Java, both the ABAP stack and the Java stack are started and stopped. 66 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Tools for Starting and Stopping Exercise 1: Tools for Starting and Stopping Exercise Objectives After completing this exercise, you will be able to: • Start and stop an SAP NetWeaver AS Java under Microsoft Windows Business Example You are using an SAP NetWeaver Application Server with Java. There is a special tool for starting and stopping an SAP system under Microsoft Windows operating systems. This is the SAP Micrsoft Management Console. The operating system-independent SAP Management Console can be used on all operating systems. Task 1: Stopping an SAP NetWeaver AS Java Stop the SAP system using the SAP Microsoft Management Console or the SAP Management Console. 1. Use the Terminal Server Client to log on to the operating system of your training system. 2. Start the SAP Microsoft Management Console or the SAP Management Console and stop your system. Task 2: Starting an SAP NetWeaver AS Java Start the SAP system using the SAP Microsoft Management Console or the SAP Management Console. 1. Start the SAP system using the SAP Microsoft Management Console. Monitor the starting of the corresponding Java processes of your SAP system. 2. Check whether your SAP NetWeaver AS Java has been correctly started. To do so, call the relevant URL (http://<host>:<port>/msgserver; for example, http://twdf9999:8102/msgserver) with the HTTP port of the Java message server for your system and choose /msgserver/html/logon. If the HTTP port of the instance (for example, 50000) is displayed there, you can also call the start page of the Java instance. Task 3: (Optional) stopping from the Command Line Stop the SAP system using a command call. 1. Log on to the server with the user <sid>adm. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 67 Unit 2: Starting and Stopping ADM800 2. Check whether your SAP system is running at operating system level. 3. Use the sapcontrol command in the telnet connection to stop the entire SAP system. Task 4: (Optional) starting from the Command Line Start the SAP system using a command call. 68 1. Check whether your SAP system has stopped at operating system level. 2. Use the sapcontrol command in the telnet connection to start the entire SAP system. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Tools for Starting and Stopping Solution 1: Tools for Starting and Stopping Task 1: Stopping an SAP NetWeaver AS Java Stop the SAP system using the SAP Microsoft Management Console or the SAP Management Console. 1. Use the Terminal Server Client to log on to the operating system of your training system. a) 2. Start the Terminal Server Client, enter the physical host name under Server and then choose connect. Log on to the operating system as the <sid>adm user. Start the SAP Microsoft Management Console or the SAP Management Console and stop your system. a) Start the SAP Microsoft Management Console by double-clicking the corresponding icon. Or start the Internet Explorer and call the URL http://<Rechnername>.wdf.sap.corp:50013. b) Select the desired instance(s) and choose the Stop function in the context menu (right-click). Depending on whether you selected an individual instance or the SAP system, either an individual instance or the entire SAP system is stopped. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 69 Unit 2: Starting and Stopping ADM800 Task 2: Starting an SAP NetWeaver AS Java Start the SAP system using the SAP Microsoft Management Console or the SAP Management Console. 1. Start the SAP system using the SAP Microsoft Management Console. Monitor the starting of the corresponding Java processes of your SAP system. a) Start the SAP Microsoft Management Console by double-clicking the corresponding icon. b) In the SAP Microsoft Management Console tree, select the node for an instance. In the context menu (right-click), choose the Start function. Start the other instances in the same way. Hint: You should always start the Central Services instance first. c) You can monitor the processes using the Process Explorer at operating system level. You can see the following Java process types after your SAP system has been started: ICM and multiple JStart. 2. Check whether your SAP NetWeaver AS Java has been correctly started. To do so, call the relevant URL (http://<host>:<port>/msgserver; for example, http://twdf9999:8102/msgserver) with the HTTP port of the Java message server for your system and choose /msgserver/html/logon. If the HTTP port of the instance (for example, 50000) is displayed there, you can also call the start page of the Java instance. a) Start Microsoft Internet Explorer on your desktop, and enter the following URL: http://<hostname>:<port>/msgserver, for example http://twdf12345:8101/msgserver. Choose /msgserver/html/logon. If you can see the HTTP port there, then you can call the start page of your instance as follows: http://<hostname>:<port>, for example http://twdf12345:50000 The start page of your SAP NetWeaver AS Java should now appear. Task 3: (Optional) stopping from the Command Line Stop the SAP system using a command call. 1. Log on to the server with the user <sid>adm. a) Use the tool specified by the instructor to create a connection to your server. Log on with the user <sid>adm and the password assigned for your user. Continued on next page 70 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Tools for Starting and Stopping 2. Check whether your SAP system is running at operating system level. a) 3. You can do this, for example, by executing the Process Explorer program to display an overview of operating system processes. Use the sapcontrol command in the telnet connection to stop the entire SAP system. a) In the telnet console, enter the command sapcontrol -user <sid>adm <password> -nr <instance number> -function StopSystem ALL to stop your system. Replace the specifications in the angled brackets with the values for your system. For example, sapcontrol -user p7tadm password -nr 00 -function StopSystem ALL. Task 4: (Optional) starting from the Command Line Start the SAP system using a command call. 1. Check whether your SAP system has stopped at operating system level. a) 2. Use the sapcontrol command in the telnet connection to start the entire SAP system. a) 2011 You can do this, for example, by executing the Process Explorer program to display an overview of operating system processes. In the telnet console, enter the command sapcontrol -user <sid>adm <password> -nr <instance number> -function StartSystem ALL to start your system. Replace the specifications in the angled brackets with the values for your system. For example, sapcontrol -user p7tadm password -nr 00 -function StartSystem ALL. © 2011 SAP AG. All rights reserved. 71 Unit 2: Starting and Stopping ADM800 Lesson Summary You should now be able to: • Operate the tools to start and stop SAP NetWeaver AS ABAP + Java • Operate the tools to start and stop SAP NetWeaver AS Java Related Information SAP Help Portal: help.sap.com → SAP NetWeaver 72 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Java Startup and Control Framework Lesson: Java Startup and Control Framework Lesson Overview The Java Startup and Control Framework coordinates the proper starting and stopping of the Java stack. It consists of the JStart processes (as the instance controller and server process) and the ICM. In an SAP NetWeaver AS ABAP+Java system, the ICM does not belong to the Java Startup and Control Framework. The functions of the processes are described in this lesson. Lesson Objectives After completing this lesson, you will be able to: • • Use the term Startup and Control Framework Describe the individual steps during the start and stop processes of a Java instance Business Example Starting and stopping an SAP system is a basic task for administrators of SAP systems. Understanding the process flow of the start process is crucial to troubleshooting when start problems occur. Startup and Control Framework SAP provides a separate Startup and Control Framework for SAP NetWeaver Application Server Java. This framework is used to start, stop, and monitor the Java stack processes within the SAP system (not the Central Services however). It consists of the following processes: JStart - Instance Controller: • • • • • 2011 The Instance Controller starts, stops, and monitors the processes of a Java instance – primarily the server and ICM process. SAP Signal Handling is implemented with the Instance Controller to forward the start and stop commands to the processes of the Java stack. The Instance Controller restarts terminated processes, ends hanging processes, and sends a shutdown signal to the processes of the Java stack. The Instance Controller reads the description of the instance from profile files. The Instance Controller starts the server processes and the ICM, as well as the processes for the offline deployment and the bootstrap. The Instance Controller creates a shared memory segment for the internal administration data of all processes. © 2011 SAP AG. All rights reserved. 73 Unit 2: Starting and Stopping ADM800 JStart - Offline Deployment, Bootstrap, Server Process: • Other JStarts that act in the role for the offline deployment, the bootstrap or as a server process are started by the JStart (Instance Controller). The SAP JVM is loaded in the individual address space for this purpose. The parameterizing of the JVM is imported before the loading. Start Process of a Java Instance Figure 35: Starting with the Startup and Control Framework Start procedure in the Startup and Control Framework; several “run-levels” are run at this point: 74 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Java Startup and Control Framework (See also figure: Starting with the Startup and Control Framework) 1. 2. 3. 4. The Instance Controller is started: The Instance Controller connects to the Central Services instance. The Instance Controller reads the file instance.properties in the cluster directory. Run-level 1: The Instance Controller reads configuration files from the file system (different .properties files and for example the instance profile) and starts a jstart process that transfers the offline deployment (if an offline deployment is required, for example when importing particular Support Packages). The jstart process finishes after the offline deployment. jstart requires files from the Cluster/bootstrap directory to start. 5. Run-level 2: The Instance Controller reads configuration files from the file system (different .properties files and for example the instance profile) and starts a jstart process that carries out the bootstrap process. The bootstrap process synchronizes data from the database to the file system. For example, instance.properties is regenerated (it contains information about, among other things, the amount of server processes to be started) and the directories for the server processes server<X> are synchronized. The bootstrap process also synchronizes all required binaries for the Java nodes from the database to the file system. This is necessary, since the Class Loading is performed using the file system in the Java environment. The database always contains the current (deployed) binaries and properties and distributes these to every Java node when starting. The jstart process finishes after the bootstrap process. jstart requires files from the Cluster/bootstrap directory to start. 6. 7. The Instance Controller reads the file instance.properties in the cluster directory again. Run-level 3: The Instance Controller reads configuration files from the file system (different .properties files and for example the instance profile) and starts the ICM and for each server process a jstart process. The jstart processes require the binaries from the Cluster/bin directories to start. These jstart processes run with the JVM parameters (usually several gigabytes of memory). You will get to know the settings for this in a later unit. The server processes connect to the database. The Instance Controller monitors the Java instance processes during their runtime, restarts terminated processes, ends hanging processes, and sends the shutdown signal to the ICM or the server processes. 2011 © 2011 SAP AG. All rights reserved. 75 Unit 2: Starting and Stopping ADM800 The profile files are located on the operating system in the directory DIR_PROFILE (Microsoft Windows: <drive>:\usr\sap\<SID>\SYS\profile or UNIX: /usr/sap/<SID>/SYS/profile) and are generated at installation time. The following profile files exist: the default profile (Default.pfl) and the instance profile (<SID>_<instance>_<host>). Note: The Central Services profiles are imported when the Central Services are started. Figure 36: Profiles 76 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Java Startup and Control Framework Stop Process of a Java Instance Figure 37: Stopping with the Startup and Control Framework 1. 2. 3. The Signal Handler of the Instance Controller receives a stop signal from the sapstartsrv. The Instance Controller passes the signal on to all running server processes via named Pipe and waits until they are stopped. When the server processes of this instance are all stopped, the Instance Controller sends the stop signal to the ICM. In an SAP NetWeaver AS ABAP+Java system, the ICM does not belong to the Startup and Control Framwork; therefore, the ICM is not stopped by the Instance Controller at this point either. If a soft shutdown is triggerd, the server process enters the state Preparing to stop and stays in this state until all user sessions are ended. If there is no more user session, the server changes his state to Ready to stop and continues the stop process as usual. JSmon The JSmon tool can be used to monitor the Instance Controller. JSmon belongs to the kernel and is located in the kernel directory. 2011 © 2011 SAP AG. All rights reserved. 77 Unit 2: Starting and Stopping ADM800 JSmon can be started with the command JSmon pf=<SAP instance profile>. JSmon provides an administration interface for elements in the Java cluster that can be called from the operating system. Figure 38: JSmon In the Process menu option, processes can be started, stopped or their trace level can be changed. In the Instance menu option, an instance can be started or stopped. The Instance Controller is not stopped at this point; that is, the Instance menu option refers only to the processes of the Startup and Control Framework. In an SAP NetWeaver AS ABAP + Java system, this means that neither the ABAP dispatcher with its work processes nor the ICM is stopped; only the server processes are stopped. In the test menu option, parameters can be evaluated. Thus, test get rdisp/TRACE supplies the value of the set trace level. Caution: This evaluation refers to the parameters of the default and instance profiles for the start time of jsmon. Another useful command is repeat. You can use repeat process view to monitor the start process of an instance very effectively. The commands can also be shortened so long as they are distinct; r p v has the exact same effect as rep proc view for example. Choose "Return" to exit repeat mode. 78 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Java Startup and Control Framework Exercise 2: Java Startup and Control Framework Exercise Objectives After completing this exercise, you will be able to: • Identify the processes of the Startup and Control Framework at operating system level Business Example Starting and stopping an SAP system is a basic task for administrators of SAP systems. To understand parameter maintenance, it is important to understand how parameters are transferred to Java instances. Task 1: Startup and Control Framework The Startup and Control Framework consists of ICM (icman on OS level) and JStart processes. How many ICM and JStart processes exist on your host? 1. Log on to the operating system of your host and display the process overview. Task 2: JSmon Start the JSmon tool and display the Java processes of the PAS that are started. 2011 1. Log on to the operating system as for task 1. Navigate to the profile directory and open a command prompt there (cmd). Enter the command jsmon pf=<instance profile of the instance with the number 00>. 2. Display all the processes of your PAS with the command process view. © 2011 SAP AG. All rights reserved. 79 Unit 2: Starting and Stopping ADM800 Solution 2: Java Startup and Control Framework Task 1: Startup and Control Framework The Startup and Control Framework consists of ICM (icman on OS level) and JStart processes. How many ICM and JStart processes exist on your host? 1. Log on to the operating system of your host and display the process overview. a) Follow the instructions of your instructor to log on to the operating system. You can obtain an overview of the started processes in the Task Manager on your host. Open the Task Manager by right-clicking on the taskbar at the bottom of the screen and choosing Task Manager. Open the Processes tab page, and ensure that you are viewing all processes of the instances on your host. Search for the processes icman and JStart. You will find an ICM process for each Java instance (that is 1icman) and a JStart (that is 4, where 2 of them belonging to the DAA instance) for each server process and Instance Controller started. Task 2: JSmon Start the JSmon tool and display the Java processes of the PAS that are started. 1. 2. Log on to the operating system as for task 1. Navigate to the profile directory and open a command prompt there (cmd). Enter the command jsmon pf=<instance profile of the instance with the number 00>. a) Navigate to the directory d:\usr\sap\<SID>\SYS\profile and open a command prompt there using the context menu available by right-clicking. b) Enter the command jsmon pf=<instance profile of the instance with the number 00>. You can find the instance profile under: d:\usr\sap\<SID>\SYS\profile\<SID>_<instance>_<host>. Display all the processes of your PAS with the command process view. a) 80 There you see all the processes with their status. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Java Startup and Control Framework Lesson Summary You should now be able to: • Use the term Startup and Control Framework • Describe the individual steps during the start and stop processes of a Java instance 2011 © 2011 SAP AG. All rights reserved. 81 Unit 2: Starting and Stopping ADM800 Lesson: Logs of the Start and Stop Processes of SAP NetWeaver AS Java Lesson Overview The start process of an SAP system is a critical process. If problems occur during this phase, you should be familiar with the relevant log and trace files. This lesson focuses on the most important logs of an SAP NetWeaver AS Java. Lesson Objectives After completing this lesson, you will be able to: • • Find the storage locations of trace and log files of the Startup and Control Framework. Name the most important trace and log files of the Startup and Control Framework and review their content. Business Example The start process of an SAP system is a critical action. If problems occur during it, the administrator must be familiar with the most important logs that are written during the start process. The administrator uses these to perform an error analysis, identify the cause, and solve the problem as quickly as possible. These files are also used for error logging during operation. Log and Trace Files In the case of an error or unexpected behavior of the Startup and Control Framework, it is important to check the following trace and log files: • • • • • 82 dev_jstart dev_<node name>, such as dev_server0 jvm_<node name>.out, such as jvm_bootstrap.out std_server<X>.out, e.g. std_server0.out log_bootstrap<Nr.>.log, e.g. log_bootstrap.0.log © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logs of the Start and Stop Processes of SAP NetWeaver AS Java Figure 39: Log Files for Starting and Stopping The trace and log files are stored in the work directory of an instance. This directory is called /usr/sap/<SID>/<instance name>/work (UNIX) and analogously in the Microsoft Windows environment. dev_jstart is the trace file for the Instance Controller. dev_jstart is the most important trace file for problem messages when starting NetWeaver AS Java. Current messages are written at the end of the file. dev_<node name> is the trace file for the server processes, the ICM and so on. The trace file dev_<node name> is written for each process started and thus for each ICM and server process. jvm_<node name>.out is the output file for the Java Virtual Machine (JVM). Each node (except ICM) process represents a Java node such as a bootstrap or a server and therefore a JVM. The output of a JVM is forwarded to the file jvm_<node name>.out in the work directory of a Java instance. std_server<X>.out is the default output files for the started managers and services of the the corresponding nodes. For most of the log files listed above, you will also find log files in the work directory with the ending .<number>, with older versions of the files, which can also often be used for troubleshooting. In the start process of an instance, the files mentioned above are rewritten and the file names are changed from x.<no> to x.<no+1>. The number of the old versions complies with the parameter jstartup/keep_old_logfiles (default = 2). 2011 © 2011 SAP AG. All rights reserved. 83 Unit 2: Starting and Stopping ADM800 Beside the node names for ICM and Server there are also developer traces for data collections (datcol). In case of start problems, the data collector collects information about the problem and write these information in his developer traces. Figure 40: Evaluate log files with the SAP MMC The developer traces from the work directory can also be evaluated easily with the SAP MC or SAP MMC. See the above figure. The analysis displays the Error messages from the dev_<...> files (as well as other messages from the log and trace files that you will get to know in the Monitoring unit. Warnings or other lines from the dev_<...> files may also be displayed. 84 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logs of the Start and Stop Processes of SAP NetWeaver AS Java Exercise 3: Logs of the Start and Stop Processes of SAP NetWeaver AS Java Exercise Objectives After completing this exercise, you will be able to: • Name the most important logs for the start/stop processes of an SAP NetWeaver AS Java Business Example The start process of an SAP system is a critical action. If problems occur during it, the administrator must be familiar with the most important logs that are written during the start process. The administrator uses these to perform an error analysis, identify the cause, and solve the problem as quickly as possible. Task: Start Logs Check the most important logs that are written when starting an SAP NetWeaver AS Java. 2011 1. List the most important log files that are written when starting and stopping. 2. Open the most important log files (see task 1) and perform a time-based search for errors. © 2011 SAP AG. All rights reserved. 85 Unit 2: Starting and Stopping ADM800 Solution 3: Logs of the Start and Stop Processes of SAP NetWeaver AS Java Task: Start Logs Check the most important logs that are written when starting an SAP NetWeaver AS Java. 1. List the most important log files that are written when starting and stopping. a) The most important logs are: • • • • 2. 86 dev_jstart dev_<node name>, such as dev_icm std_<node name>.out, such as std_server0.out jvm_<node name>.out, such as jvm_bootstrap.out Open the most important log files (see task 1) and perform a time-based search for errors. a) Start the Terminal Server Client, enter the physical host name under Server and then choose connect. Log on to the operating system as the <sid>adm user. Open an Explorer window, and navigate to the following directory: D:\usr\sap\<SID>\<instance>\work. b) Open the relevant files and scroll to the end. Check the entries since the last start of the system. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logs of the Start and Stop Processes of SAP NetWeaver AS Java Lesson Summary You should now be able to: • Find the storage locations of trace and log files of the Startup and Control Framework. • Name the most important trace and log files of the Startup and Control Framework and review their content. 2011 © 2011 SAP AG. All rights reserved. 87 Unit Summary ADM800 Unit Summary You should now be able to: • Describe the sequence in which the components of an SAP system and started and stopped • Describe the general start process for an SAP NetWeaver AS Java • Describe the general start process for an SAP NetWeaver AS ABAP + Java • Operate the tools to start and stop SAP NetWeaver AS ABAP + Java • Operate the tools to start and stop SAP NetWeaver AS Java • Use the term Startup and Control Framework • Describe the individual steps during the start and stop processes of a Java instance • Find the storage locations of trace and log files of the Startup and Control Framework. • Name the most important trace and log files of the Startup and Control Framework and review their content. 88 © 2011 SAP AG. All rights reserved. 2011 ADM800 Test Your Knowledge Test Your Knowledge 1. When you start an SAP system without an ABAP stack, the database is started only after the Java instances. Determine whether this statement is true or false. □ □ 2. True False In the case of SAP NetWeaver AS Java, it is not possible to stop individual instances under a UNIX operating system. Determine whether this statement is true or false. □ □ 3. True False The most important trace and log files are stored in the work directory of each instance, that is, for example, under /usr/sap/<SID>/DVEBMGS00/work. Determine whether this statement is true or false. □ □ 2011 True False © 2011 SAP AG. All rights reserved. 89 Test Your Knowledge ADM800 Answers 1. When you start an SAP system without an ABAP stack, the database is started only after the Java instances. Answer: False The database is always started before the PAS or AAS, or must be available before these instances are started. The Central Services instance is started before the database if the database is not running. The Central Services instance can also be started after the database, for example if the database is already running. 2. In the case of SAP NetWeaver AS Java, it is not possible to stop individual instances under a UNIX operating system. Answer: False You can stop individual instances using the command stopsap R3 <instance name> or stopsap J2EE <instance name> or simply using the SAP MC. 3. The most important trace and log files are stored in the work directory of each instance, that is, for example, under /usr/sap/<SID>/DVEBMGS00/work. Answer: True All developer traces and all important start files are stored in the work directory of each instance. 90 © 2011 SAP AG. All rights reserved. 2011 Unit 3 Basic Configuration Unit Overview This unit presents the most important administration tools for AS Java. After a basic overview of the tools, some basic configuration activities are carried out using the Config Tool. We also take a look at memory management of SAP Java VM here. Further system configurations are then introduced. Unit Objectives After completing this unit, you will be able to: • • • • • • Name various configuration and administration tools for SAP NetWeaver AS Java Describe the primary usage areas of configuration and administration tools Maintain settings for the SAP NetWeaver AS Java with the Config Tool Display system properties in the SAP NetWeaver Administrator Get an overview of the Configuration Wizard Check and maintain properties of the Central Services Unit Contents Lesson: Overview of the Administration Tools ............................... 92 Exercise 4: Calling the Administration Tools ............................105 Lesson: Basic Configuration of AS Java with the Config Tool ............109 Exercise 5: Configuration with the Config Tool .........................125 Lesson: Configuring AS Java with SAP NetWeaver Administrator.......132 Exercise 6: Configuring AS Java with SAP NetWeaver Administrator ................................................................135 Lesson: Further Configuration Activities .....................................138 Exercise 7: Further Configuration Activities.............................145 2011 © 2011 SAP AG. All rights reserved. 91 Unit 3: Basic Configuration ADM800 Lesson: Overview of the Administration Tools Lesson Overview This lesson provides an overview of the different configuration and administration tools for SAP NetWeaver AS Java 7.3x. During the course of this lesson, you learn more about the most important of these tools and their primary usage areas. Lesson Objectives After completing this lesson, you will be able to: • • Name various configuration and administration tools for SAP NetWeaver AS Java Describe the primary usage areas of configuration and administration tools Business Example After an SAP NetWeaver system has been installed, you need to configure the cluster of the SAP NetWeaver AS Java. You do this using the various administration tools. This lesson provides an overview of these various administration tools. Usage Areas of the Tools This section provides you with an overview of the various tools and their usage areas. Some tools are particularly suitable for a usage area, or are the only tool that can be used for a usage area. Several tools are suitable for other usage areas on the other hand. This is explained in more detail in this section. The following tools are available for the administration and configuration of SAP NetWeaver AS Java: 92 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Administration Tools Figure 41: Tool Overview Config Tool You use the Config Tool to maintain the settings for SAP NetWeaver AS Java in the database. It is therefore necessary that the database is started, so that you can change the settings with the Config Tool. Figure 42: Config Tool: Overview 2011 © 2011 SAP AG. All rights reserved. 93 Unit 3: Basic Configuration ADM800 The Java VM Parameters (the settings of the Java Virtual Machine) of SAP NetWeaver AS Java can only be maintained with the Config Tool. You can use the Config Tool to configure managers and services of SAP NetWeaver AS Java as well as logs. The settings that you make with the Config Tool only take effect when the SAP NetWeaver AS Java is started; that is, you must restart the SAP NetWeaver AS Java after maintaining settings. The Config Tool is available in the file system of each application server. Authentication on the database is usually carried out via Secure Store. SAP NetWeaver Administrator The SAP NetWeaver Administrator (NWA) combines the most important administration, configuration and monitoring tools for Java systems in a browser-based user interface. Figure 43: SAP NetWeaver Administrator: Overview With the NWA, you log on to the http port of an SAP NetWeaver AS Java instance using the browser. Therefore, at least one application server of the system must be started. The SAP NetWeaver Administrator can be called using the following URL: http://<hostname>:<http-port>/nwa. SAP Management Console The SAP Management Console (SAP MC) is a Java applet that can be started via HTTP (standard port: 5<instance number>13) using the browser. Even when the system is stopped (and the database is stopped), you can use the SAP Management 94 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Administration Tools Console to monitor the system status and evaluate the log files for example. The process sapstartsrv must be running (since Release 7.0, this process is started on all operating system platforms when the host is started). Figure 44: SAP Management Console: Overview Several SAP systems can be included in the SAP MC in parallel. It can therefore be used centrally and remotely to monitor the system status. Along with the SAP MC as a Java applet, there is also the SAP Microsoft Management Console for Windows operating systems and a “Perspective” SAP Management Console in the SAP NetWeaver Developer Studio. Shell Console Administrator You can use telnet to log on to an SAP NetWeaver AS Java instance and then use the Shell Console Administrator. The SAP NetWeaver AS Java instance must therefore be started. Telnet is available on many operating systems and can therefore be used for administration without additional installation. However, in the standard delivery, the telnet access to the AS Java is only released for the localhost. A remote access can be set up by configuring the related ICM parameter. 2011 © 2011 SAP AG. All rights reserved. 95 Unit 3: Basic Configuration ADM800 Figure 45: Shell Console Administrator: Overview You can use the Shell Console Administrator to display basic information about an SAP NetWeaver AS Java system. The Shell Console Administrator is also suitable for starting and stopping services. If necessary, you can use the Shell Console Administrator to shut down the SAP NetWeaver AS Java instance by stopping the ICM and the server processes. You can use the Shell Console Administrator to configure the services and managers of all Java instances in the Cluster. It is significantly easier to make the changes to managers and services with the Config Tool. Therefore, only specialists should make changes to managers and services using the Shell Console Administrator. Calling the Administration and Configuration Tools This section describes the features when calling the different tools. Note: If you are using an SAP system on the iSeries platform, refer to SAP Note 1066038 - iSeries: Features for using tools in the J2EE environment. Config Tool The Config Tool is a tool for administering and configuring SAP NetWeaver AS Java. configtool.bat (under Windows) or configtool.sh (under UNIX) is called to start the Config Tool at operating system level of an application server for SAP NetWeaver AS Java. The start file is stored under the following path at operating system level: \usr\sap\<SID>\<instance directory>\j2ee\configtool. To access the configuration data of the SAP system, you have to log on to the database of the system using the Config Tool. To do so, you use the data stored in the Secure Store of the system (user and password) in the default setting. You must still 96 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Administration Tools confirm whether you want to use these default settings or whether you want to make other settings. You can then use the Config Tool to edit the parameters (see the figure “Config Tool: Call”). Figure 46: Config Tool: Call During the start process of the SAP NetWeaver AS Java instance, the parameters for the start and running operation are read from the database and copied to the file system. With the Config Tool, these parameters are maintained in the database. It is therefore necessary that the database is running so that the Config Tool can read the current parameters from the database. When the Config Tool is opened, you can see and change the default settings for logging on to the database by choosing No. The window contains the connection data for the database on the tab page Via SecureStore. This is stored during the installation process. Choose Connect to DB to log on to the database using the data stored in the Secure Store. The Config Tool then displays the configuration settings saved in the database. You can now view these settings and change them if required. 2011 © 2011 SAP AG. All rights reserved. 97 Unit 3: Basic Configuration ADM800 Figure 47: Config Tool: Logon with Secure Store To log on to a remote database using the Config Tool, you can also use the pushbutton Select Security Folder, as shown in the above figure, to store the path for the Secure Store of another system. To do so, you must be able to reach the Secure Store of the remote system using a network; that is, it must be accessible as a share or mount point for example. You can then connect to the “remote” database with this data. If you want to access this database repeatedly, you can save this new connection data as a file using Save Connection As before the logon and use it again later via Load Connection Settings. 98 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Administration Tools Figure 48: Config Tool: Logon with Direct Login You can also use the tab page Via Direct Login to log on to a remote database (see above figure). You must fill fields independently here. You can also save this connection data as a file to use it again later. Hint: If you choose the option Do not ask me again in the Connection Settings dialog, the default settings are always used. To display the dialog again, start the Config Tool and choose View → Startup Options and then select the option Show connection dialog. SAP NetWeaver Administrator To call the SAP NetWeaver Administrator (NWA), log on to the HTTP port of an SAP NetWeaver AS Java instance. The SAP NetWeaver AS Java instance must therefore be started. The NWA can be called using the following URL: http://<hostname>:<http-port>/nwa. The start page of the NWA is displayed after the logon. 2011 © 2011 SAP AG. All rights reserved. 99 Unit 3: Basic Configuration ADM800 Figure 49: SAP NetWeaver Administrator: Navigation 1/2 The NWA provides access to various functions. Which functions are available in the NWA depends on the installed product. The functions are sorted into work sets and these are then sorted into work centers. For example, the function Identity Management is located in the work set Security, which in turn is located in the work center Operation. A function can also be available in several work sets. Which work sets, work centers and functions you see depends on the profile that is selected. You can change the profile by choosing the Personalize menu. Using the search field you can find functions by their names or descriptions. After you select the function, the display changes in the NWA as shown in the figure below. 100 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Administration Tools Figure 50: SAP NetWeaver Administrator: Navigation 2/2 When in a function, you can choose Related Links to navigate to other related functions. History allows you to view the functions that you have called during this logon session in NWA. Home takes you back to the work center and work set overview. SAP Management Console To call the SAP Management Console, open a browser and enter the URL http://<host name>:5<instance number>13. Confirm any security warnings. You may have to choose Start to call the SAP MC. The SAP MC Java applet is now started. 2011 © 2011 SAP AG. All rights reserved. 101 Unit 3: Basic Configuration ADM800 Figure 51: SAP Management Console: Start The SAP MC connects to all instances of the system directly after the start. If an instance cannot be reached via HTTP (or HTTPS), then it cannot be displayed in the SAP MC either. You can add further instances of other systems using File → New by specifying an instance number and the host name (alternatively using Message Server also). You can save this type of system list locally in a file list using File → Save Landscape and you can call it again later using File → Load Landscape. The system list can also be read from a directory service via the LDAP protocol. The access data for the directory service must be stored under Tools → LDAP for this. For more settings, go to Tools → Settings. 102 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Administration Tools The SAP MC provides a range of other functions along with starting and stopping systems, instances and processes. • • • • • Evaluation of logs and traces Display of start profiles, profile parameters and environment variables Display of monitoring alerts Display of information about JVM memory management (Garbage Collector History, Heap Memory) Display of information about the Internet Communication Manager (ICM) Hint: You can use the file sapmc.jnlp to call the SAP MC independently of the browser. For example, it can be found in the global kernel directory \usr\sap\<SID>\SYS\exe\(n)uc\<architecture>\servicehttp\sapmc. Edit the file using the text editor so that the attribute codebase points to the file path, for example codebase="file:///D:/usr/sap/P7T/SYS/exe/uc/NTAMD64/servicehttp/sapmc". Note: The SAP MC is also available in the SAP NetWeaver Developer Studio (NWDS). After you start the NWDS, choose Window → Open Perspective → Other... → SAP Management Console. Shell Console Administrator You can perform some administration tasks for SAP NetWeaver AS Java with Shell Console Administrator. To do this, you must specify the host name (only localhost in the standard system) and the Telnet port of the SAP NetWeaver AS Java instance when you call the Shell Console Administrator. You are then prompted to log on to the SAP NetWeaver AS Java, as shown in the figure “Shell Console Administrator”. You use, for example, the same user to do this as for the NWA. Since you are logging on to the SAP NetWeaver AS Java instance, this must already be running. 2011 © 2011 SAP AG. All rights reserved. 103 Unit 3: Basic Configuration ADM800 Figure 52: Shell Console Administrator: Call After you logon via telnet, you are taken directly to a server node of the system. The command jump <server node-ID> takes you to another node. The command man currently lists available commands. man <command name> gives you an explanation of the specified command. 104 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Administration Tools Exercise 4: Calling the Administration Tools Exercise Objectives After completing this exercise, you will be able to: • call the administration tools of the AS Java Business Example You must first call the administration tools to be able to use them. Task 1: SAP NetWeaver Administrator Start the SAP NetWeaver Administrator. 1. Open a browser, call the URL of the SAP NetWeaver Administrator (NWA) and log on. Your instructor will give you the exact access data. Task 2: Config Tool Start the Config Tool 1. Start the Config Tool at operating system level of your SAP system. Display the standard access data for the database of your system and connect to this database. Task 3: Shell Console Administrator Start the Shell Console Administrator. 1. Connect to your SAP system via telnet and log on to the Shell Console Administrator. Keep in mind that you can use the telnet access only from the host of your SAP system. Task 4: OPTIONAL: SAP Management Console Start the SAP Management Console 1. 2011 Open a browser and call the URL of the SAP Management Console. © 2011 SAP AG. All rights reserved. 105 Unit 3: Basic Configuration ADM800 Solution 4: Calling the Administration Tools Task 1: SAP NetWeaver Administrator Start the SAP NetWeaver Administrator. 1. Open a browser, call the URL of the SAP NetWeaver Administrator (NWA) and log on. Your instructor will give you the exact access data. a) Open a browser and call the URL http://<host name>:<HTTP-Port>/nwa, for example http://twdf9999.wdf.sap.corp:50000/nwa. b) Log on to the NWA with your user ID and password. Task 2: Config Tool Start the Config Tool 1. Start the Config Tool at operating system level of your SAP system. Display the standard access data for the database of your system and connect to this database. a) Log on at operating system level of your SAP system. Your instructor will give you the exact access data. b) Call the Config Tool from an instance directory by double-clicking the file configtool.bat. You can find this file under D:\usr\sap\<SID>\<instance directory>\j2ee\configtool, for example D:\usr\sap\CEM\J00\j2ee\configtool. c) Choose No in the Connection Settings dialog to display the connection data. d) Now choose Connect to DB. Continued on next page 106 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Administration Tools Task 3: Shell Console Administrator Start the Shell Console Administrator. 1. Connect to your SAP system via telnet and log on to the Shell Console Administrator. Keep in mind that you can use the telnet access only from the host of your SAP system. a) Log on at operating system level of your SAP system. b) Start a command prompt (cmd). c) Enter the command telnet localhost <telnet-port>, for example telnet localhost 50008. d) Log on to the Shell Console Administrator with your user ID and password. Task 4: OPTIONAL: SAP Management Console Start the SAP Management Console 1. 2011 Open a browser and call the URL of the SAP Management Console. a) Open a browser and call the URL http://<host name>:5<instance number>13, for example http://twdf9999.wdf.sap.corp:500013. b) Confirm the security information. The SAP MC should now start automatically. © 2011 SAP AG. All rights reserved. 107 Unit 3: Basic Configuration ADM800 Lesson Summary You should now be able to: • Name various configuration and administration tools for SAP NetWeaver AS Java • Describe the primary usage areas of configuration and administration tools 108 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Lesson: Basic Configuration of AS Java with the Config Tool Lesson Overview In this lesson, you will familiarize yourself with the configuration of VM parameters and the maintenance of system settings with the Config Tool. Lesson Objectives After completing this lesson, you will be able to: • Maintain settings for the SAP NetWeaver AS Java with the Config Tool Business Example After the installation of an SAP NetWeaver Application Server, fundamental settings need to be made for the SAP NetWeaver AS Java. Knowledge about the available tools is required to do this. One of these tools is the Config Tool, which is explained in more detail in this lesson. Config Tool: Overview You can use the Config Tool to edit the secure store of the AS Java on the one hand and the system settings for the AS Java (cluster-data) on the other. The area on the left in the Config Tool shows the breakdown of the structure of the cluster-data into “template settings” and “instance-specific settings”. You can make settings for applications (applications), managers (managers), services (services) and the log configuration (log configuration) at template level and individually for each instance. The instances are displayed in the Config Tool with the instance number (leading zeros are omitted). See also the figure “Window Sections in the Config Tool”. The parameters of the selected elements are displayed and maintained in the window on the right of the Config Tool. Caution: You may only use the Config Tool to change parameters if the affected instances of an SAP NetWeaver AS Java are stopped. 2011 © 2011 SAP AG. All rights reserved. 109 Unit 3: Basic Configuration ADM800 Figure 53: Window Sections in the Config Tool In Release 7.10, the concept of Zero Administration was introduced in the AS Java. The aim is to simplify the technical configuration of the AS Java and to adjust it dynamically to changes in the system environment. Configuration templates are provided to implement the concept; they enable a simple adjustment of the AS Java configuration to the requirements of the installed product. In addition, dynamic configuration parameters that can be used to make changes, for example, to the hardware without reconfiguring the AS Java are introduced. For example, the heap memory of the VM can be configured as a fraction of the physical RAM available or the number of server processes as a multiple of the available CPU. The customer can continue to adjust the default settings that are delivered. However, the amount of effort required to make changes is less than in previous releases. Furthermore, the template concept also enables the default settings to be updated smoothly via Support Packages without overwriting customer settings. The following figure shows the infrastructure of the AS Java configuration. 110 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Figure 54: Configuration infrastructure The developer determines the potential configuration settings of an application or a manager, or services and their default values (Default level). Changes to these default settings that are valid throughout the system can be made at Custom Global level. The changes made there are retained if you switch from the template that is currently active to another template (and if these settings are not overwritten at template level). Caution: Customer changes at Custom Global level are allowed but only if expressly instructed by SAP (documentation, SAP notes, SAP Support). For example, this is the case for some special configuration settings of the User Management Engine (UME). SAP provides concrete default configuration settings for individual products with the templates (Template Default). The corresponding template is activated by the installation program (SAPinst) during the installation of the product. There are different templates for different products. For example, there is a large number of templates for SAP NetWeaver CE but not for SAP NetWeaver PI or SAP NetWeaver Portal. In the template, filter rules are used to decide which applications and services are already started when the system is started. At template level, customer changes can be made using the Config Tool (Template Custom). These changes override the settings of the previous levels. If no instance-specific customer changes are made (Instance Custom), the settings apply at template level throughout the system. 2011 © 2011 SAP AG. All rights reserved. 111 Unit 3: Basic Configuration ADM800 Certain system parameters can be used for the dynamic configuration that are evaluated dynamically at runtime; for example, the number of processors, the working memory of the host that is physically available or the instance number. These parameters can also be set when customer changes are made. You can display the parameters and their values in the Config Tool by selecting an instance in the Config Tool and then choosing the Instance Profile tab page. Some of these parameters can be set by setting profile parameters in the default profile or in the instance profile of the system. Caution: The term Instance Profile is used in two ways. On the one hand, you have the Instance Profile as a file on the operating system with the name <SID>_<instance name>_<host name>, for example P7T_J00_twdf9999. On the other hand, the term Instance Profile refers to the collection of the dynamic configuration parameters of the AS Java. Note: The dynamic parameters of the Instance Profile of the AS Java are named differently from the related profile parameters that are used in the profile files (default profile, instance profile) of the system. The settings that can be configured on the different levels can be divided into the following areas: • • • • • • Number of Server Processes Runtime Filters Shared Memory Configuration of the Managers Configuration of the Services VM Parameters • • – Memory Parameters – System Parameters – Additional Parameters Log Configuration Configuration of the Applications The runtime filters are used to determine which applications and services are started when the system is started. The log configuration settings can also be made online using the SAP NetWeaver Administrator (NWA). The configuration of the applications is usually carried out using a special UI of the application, in some cases online in the NWA. Some services, for example the User Management Engine, provide an individual UI for online configuration. 112 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Some of these settings options are described in more detail below, starting with the VM parameters. We will first take a look at the SAP JVM memory management to get a better understanding of these parameters. Brief Introduction to Memory Management of the SAP Java VM A number of terms for the memory management of an SAP Java Virtual Machine (SAP JVM) are explained in the following sections in a simplified form. The configuration of the VM parameters will then be discussed. Memory Allocation Terms The memory area of a Java Virtual Machine (JVM or VM) is mainly divided into three areas, which are called the young generation, the tenured generation, and the permanent generation. The differences between the “generations” are discussed in more detail later. We will first consider the commonalities, however. A “generation” reserves space in the address area of the host. On start-up, the Virtual Machine allocates operating system memory for each “generation”. This initially allocated memory area is called “initial” or initial size. This occupancy of this space is administered internally by the VM. Once the initial space has been used, the VM allocates further operating system memory space in stages up to a maximum amount. This maximum value is defined in “max size”. The VM automatically takes care of the allocation of memory space for Java applications. The memory space is implicitly assigned when an object is created. Even if a large amount of memory is required, this does not mean that the system is at risk. The VM determines which objects are no longer used and releases the memory areas which they currently occupy. This task is performed by the Special Java Agent names Garbage Collector (GC) which forms part of the VM. Its job is to prevent the occurrence of situations in which there is a danger of memory bottlenecks. The memory space that is available is called the available memory or allocated memory. Since this space is reserved by the operating system, it is also referred to as “reserved” space since the entire space up to the maximum size is “available”. The space that is not yet reserved is called virtual memory. However, this should not be confused with the “virtual memory” of the operating system. If less space is required, the memory is returned to the operating system, also in stages. See the figure “Terms in Memory Space Management” also. The reserved memory space (available memory) is potentially available to the VM. However, it does not have to be used in full. The memory space that is actually used by Java applications is referred to as used memory. 2011 © 2011 SAP AG. All rights reserved. 113 Unit 3: Basic Configuration ADM800 Figure 55: Terms in Memory Space Management Memory Allocation of the Java VM in a Simplified Form The three main memory areas of the VM, the “young, tenured”, and “permanent generations” differ from one another due to the data stored in them. The objects that have been newly created by the applications are stored in the young generation. Objects that have been required for a longer period of time by an application are automatically moved to the tenured generation. The newer objects are in the “young generation” and the older objects are in the “tenured generation”. Objects that are permanently required by the VM, such as classes and methods, are stored in the permanent generation. Objects that are no longer required by the applications are automatically removed from the “generations”. This process is known as garbage collection. As you already know from the subsection “Memory Allocation Terms”, the “generations” have an initial and a maximum size. For the “young generation”, you can define the “initial size” with the parameter -XX:NewSize, and the “max size” with the parameter -XX:MaxNewSize. You can define the corresponding values for the “permanent generation” (also abbreviated to the “perm generation”) with the parameters -XX:PermSize and -XX:MaxPermSize. You cannot directly define the initial and maximum sizes of the “tenured generation”. These are calculated from the parameters for the “young generation” and the parameters -Xmx and -Xms. The parameter -Xmx is called the “max heap size” and defines the total size of the “young” and “tenured generations”. The parameter -Xms is called the “start heap size” or “initial heap size” and defines the total initial size of the “young” and “tenured generations”. See also the figure “Memory Allocation of the Java VM (Simplified)”. 114 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Figure 56: Memory Allocation of the Java VM (Simplified) In addition to the memory area for the “generations”, the VM also reserves space for its processes and threads. After this brief introduction to the basic terms of the SAP JVM, we can now take a look at the configuration of the VM parameters. Configuration of the VM Parameters The settings for the Java VM (Virtual Machine) are maintained only with the Config Tool. You can maintain the VM parameters at template level or individually for each instance. The values then apply either to all server processes of the entire system (template level) or to all server processes of the respective instance. You must switch to Expert Mode of the Config Tool in order to maintain VM parameters at template level. Choose View and select the option Expert Mode. Note: You should only activate Expert Mode if it is absolutely necessary. As a result, the UI of the Config Tool becomes more confusing. The normal mode is sufficient for most activities. To maintain the VM parameters at template level, select the entry template <name of the template> from the area on the left. You can choose the tab page VM Parameters in the Config Tool window on the right after you activate Expert Mode. You must now decide which combination of VM and operating system 2011 © 2011 SAP AG. All rights reserved. 115 Unit 3: Basic Configuration ADM800 or processor architecture your changes are valid for; for example Vendor sap and Platform ntamd64. Then choose one of the tab pages Memory, System, or Additional, depending on which type of VM parameter you want to maintain. Note: You cannot create new parameters on the Memory tab page; you can only change or deactivate existing ones. You can enter parameters of the type -D.... on the System tab page. However, leave out the -D here. Figure 57: Maintaining the VM Parameters: Template Level If you want to add a new parameter that is not yet in the parameter list, choose New in the lower area of the window on the right. The new parameter is added in the area Custom Parameters. You must select a parameter if you want change it. Enter the new value for the parameter in the input field Custom value and choose Set. The changed value is in turn displayed in the list of the Custom Parameters. To return to the default value, select the custom parameter and choose Remove. You can also deactivate existing parameters. In this way, you can test the effects of the change on the system but retain the entry with the set value. To do this, select the parameter and choose Disable. If it is a template default value, the 116 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Config Tool enters the value (if requested) as a custom parameter, which is then deactivated (checkmark in column Enabled is missing). You can use Enable to reactivate a deactivated parameter. Hint: Any change with the Config Tool must be saved (File → Apply Changes and the system must be restarted for the changes to take effect. The settings at instance level override those at template level. Select an entry of the type instance - ID<instance ID> (host name) from the window of the Config Tool on the left. Then choose the tab page VM Parameter from the window on the right. The parameters are maintained in the same way as at template level. You are advised to deactivate Expert Mode when maintaining the VM parameters. This way you can ensure that you are maintaining the parameters for the VM that is currently being used. If you have changed settings but not yet saved them with Apply changes, you can reload the older settings with “Connect to DB”. If you have already saved the changes, the old settings cannot be restored. Figure 58: Maintaining the VM Parameters: Instance-specific The parameter in the Memory tab page does not have its technical name. The following names are used in the Config Tool. 2011 © 2011 SAP AG. All rights reserved. 117 Unit 3: Basic Configuration ADM800 Names of the VM Parameters of the type Memory Display name in the Config Tool Technical name initialHeapSize Xms maxHeapSize Xmx permSize XX:PermSize maxPermSize XX:MaxPermSize newSize XX:NewSize maxNewSize XX:MaxNewSize newRatio XX:NewRatio globalArea Xps Take a look in the developer trace of the server process (dev_server<number>) to check whether the changes that were made have taken effect in the respective server processes after the system is restarted. This file is located in the work directory of the instance. Search for the line F SAP JVM arguments: in this file. The set parameters are listed under this line. Configuration of Managers and Services The properties of managers and services can also be maintained at instance level or at template level. 118 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Figure 59: Parameter Maintenance of Managers and Services: Template Level Expand the tree structure under the entry template - <name of the template> in the left screen area until you are taken to the required manager or service. Select this entry to display the parameters. To change parameters, select a parameter, enter the required value in the input field Custom value and choose Set. You can use Restore to Default to delete the Custom value for the selected parameter and the template default value will be valid again. Save your changes. The changes will be active once the system is restarted if no instance-specific entries exist for the changed parameters. Caution: The Config Tool does not indicate, if you maintain values at template level, that instance-specific values already exist, which override the template values. 2011 © 2011 SAP AG. All rights reserved. 119 Unit 3: Basic Configuration ADM800 Figure 60: Parameter Maintenance of Managers and Services: Instance-specific For instance-specific maintenance, expand the tree structure below an entry of the type instance - ID<instance ID> (host name). Select the required manager or service entry to display the parameters. To change parameters, select a parameter, enter the required value in the input field Custom value and choose Set. You can use Restore to Template to delete the Custom value for the selected parameter and the template value will be valid again. Save your changes. When the instance in question is started, the changes for this instance will be active. Configuration of Runtime Filters In the Config Tool, you can use filter rules to determine which managers, services and applications are started or remain stopped during the system start. The template activated during the installation already provides a useful initial status that has low impact on resources, which can be adjusted customer-specifically. 120 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Figure 61: Maintaining the Runtime Filters Expert Mode must be activated under View → Expert Mode to maintain the runtime filter. Select the entry template - <name of the template> to set system-wide filters. To set instance-specific filters, select the corresponding entry of the type instance - ID<instanz ID> (host name). Then choose the Filters tab page. Choose the required Action and Component and enter the values for Vendor Mask and Component Name Mask. Then choose Add to add the new filter rule. The changes take effect after you save your changes and restart the system. Configuration of the Number of Server Processes The number of server processes can be calculated dynamically just like the VM parameters. The delivered template values can be overridden by the customer. 2011 © 2011 SAP AG. All rights reserved. 121 Unit 3: Basic Configuration ADM800 Figure 62: Number of Server Processes Depending on whether you set the number at template level or instance level, all instances have the same (or different) number of server processes. Fixed values may also be entered instead of the dynamic formula. The corresponding number of server processes starts after you save your changes and restart the system. The default value depends on the template, the template Usage_Type_All_in_One uses fixed values for the number of server processes and CE templates uses formulas. Caution: The system does not start if you enter a formula incorrectly or if a value is calculated or entered that is not a whole number. You should therefore check at instance level whether a whole number appears as a result after the input field. The system will not start if N/A or part of a formula is displayed. See SAP Note 1149321 for SAP NetWeaver CE 7.1x. Export of Configuration Data With regard to the customer changes made to the configuration data in the SAP NetWeaver AS Java, you have the option of saving this data by exporting it to a zip file. Changes can be exported from the database in this way and later reimported to restore earlier settings without having to also implement a database backup (without having to carry out a restore). You can export the configuration to a zip file using the menu path File → Backup Custom Data in the Config Tool. 122 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool You can reimport the data from the zip file into the database using the menu path File → Restore From Backup. Choose File → Reload Data from DB to display the data that was just imported in the Config Tool. The Offline Configuration Editor In addition to the “normal” Config Tool, there is also the Configuration Editor Mode, which you can call from the Config Tool using Tools → Configuration Editor. You can access maintenance at Custom Global level only using this Editor; for example, this may be necessary for specific parameters of the User Management Engine. Caution: You must only use the “Configuration Editor Mode” if SAP specifically instructs that you do so, since inappropriate use can destroy the SAP NetWeaver AS Java. 2011 © 2011 SAP AG. All rights reserved. 123 Unit 3: Basic Configuration 124 ADM800 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Exercise 5: Configuration with the Config Tool Exercise Objectives After completing this exercise, you will be able to: • Make changes to the VM parameters • Make changes to the parameters of managers and services • Create your own filter rules • Change the number of server processes Business Example You must configure the AS Java. Task 1: VM Parameters Make changes to the VM parameters of your system. 1. Stop your system. 2. Add the VM paramerter -Dcom.sun.management.jmxremote as a new parameter of the type System at template level. 3. Change the maxHeapSize for the Primary Applications Server (PAS) to the value 4096. 4. Start your system. Result The changed values are now used by the respective VM. You can check them, for example, by opening the file dev_server0 in the work directory of the PAS and searching for the entries -Xmx4096m and -Dcom.sun.management.jmxremote. Task 2: Thread Manager Change the properties of the Thread Manager. 1. Stop your system. 2. Change the parameter InitialThreadCount of the Thread Manager at template level to the value 20. 3. Change the parameter InitialThreadCount of the Thread Manager for an instance of your system to the value 10. 4. Start your system. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 125 Unit 3: Basic Configuration ADM800 Result You have maintained different values for the instances of your system for the parameter InitialThreadCount. Task 3: Filter Rules Define your own filter rule at template level. 1. Stop your system. 2. Define a filter rule that stops all applications with the Component Name Mask tc~sld~wd*. 3. Start your system. Result You have created a filter rule, which ensures that all applications beginning with tc~sld~wd* remain stopped when the system is started. Go to Operation → Systems → Start & Stop → Java Applications in the SAP NetWeaver Administrator (NWA) to check this. Task 4: Number of Server Processes Change the number of server processes. 1. Stop your system. 2. Optional: Set the number of server processes to 3 at template level. 3. Set the number of server processes for the Primary Application Server to 2. 4. Start your system. Result You have configured the number of server processes instance-specifically and for the whole system via the template custom settings. You can now check, for example using the SAP MC, whether the configured number can also be started. You can see, that the instance specific settings have a higher priority than the template custom settings. 126 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Solution 5: Configuration with the Config Tool Task 1: VM Parameters Make changes to the VM parameters of your system. 1. Stop your system. a) 2. 3. Use the SAP MC or another tool to stop your system. Add the VM paramerter -Dcom.sun.management.jmxremote as a new parameter of the type System at template level. a) Double-click the file configtool.bat in the directory \usr\sap\<SID>\<instance>\j2ee\configtool to start the Config Tool. Choose Yes to confirm the dialog box. b) Use View → Expert Mode to activate Expert Mode and select the entry template - ..... Choose the tab page VM Parameters. c) Choose the entry sap under Vendor and the entry GLOBAL under Platform, and then choose the tab page System. d) Choose New and enter the value com.sun.management.jmxremote in the field Name (without '-D'):. Leave the other fields empty and choose OK to confirm. e) Choose File → Apply Changes to save your changes. f) Deactivate Expert Mode under File → Expert Mode. Change the maxHeapSize for the Primary Applications Server (PAS) to the value 4096. a) Select the entry instance - ID.... of your Primary Application Server (PAS). If required the instructor can give you the correct instance ID. Note that the leading zeros are omitted. b) Choose the tab page VM Parameters and then the tab page Memory. c) Select the line maxHeapSize. d) Enter the value 4096 in the field Custom value and choose Set. e) Choose File → Apply Changes to save your changes. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 127 Unit 3: Basic Configuration 4. ADM800 Start your system. a) Use the SAP MC or another tool to start your system. Result The changed values are now used by the respective VM. You can check them, for example, by opening the file dev_server0 in the work directory of the PAS and searching for the entries -Xmx4096m and -Dcom.sun.management.jmxremote. Task 2: Thread Manager Change the properties of the Thread Manager. 1. Stop your system. a) 2. 3. 4. Use the SAP MC or another tool to stop your system. Change the parameter InitialThreadCount of the Thread Manager at template level to the value 20. a) Double-click the file configtool.bat in the directory \usr\sap\<SID>\<instance>\j2ee\configtool to start the Config Tool. Choose Yes to confirm the dialog box. b) Go to template - .... → managers → ThreadManager. c) Select the line InitialThreadCount. d) Enter the value 20 in the field Custom value and choose Set. e) Choose File → Apply Changes to save your changes. Change the parameter InitialThreadCount of the Thread Manager for an instance of your system to the value 10. a) Go to instance - ID.... → managers → ThreadManager. b) Select the line InitialThreadCount. c) Enter the value 10 in the field Custom value and choose Set. d) Choose File → Apply Changes to save your changes. Start your system. a) Use the SAP MC or another tool to start your system. Result You have maintained different values for the instances of your system for the parameter InitialThreadCount. Continued on next page 128 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Task 3: Filter Rules Define your own filter rule at template level. 1. Stop your system. a) 2. 3. Use the SAP MC or another tool to stop your system. Define a filter rule that stops all applications with the Component Name Mask tc~sld~wd*. a) Double-click the file configtool.bat in the directory \usr\sap\<SID>\<instance>\j2ee\configtool to start the Config Tool. Choose Yes to confirm the dialog box. b) Use View → Expert Mode to activate Expert Mode and select the entry template - ..... Select the tab page Filters. c) Choose the value stop under Action. Enter the value * in the field Vendor Mask. Enter the value tc~sld~wd* in the field Component Name Mask. Choose the value Application under Component. d) Choose Add. e) Choose File → Apply Changes to save your changes. f) Deactivate Expert Mode under File → Expert Mode. Start your system. a) Use the SAP MC or another tool to start your system. Result You have created a filter rule, which ensures that all applications beginning with tc~sld~wd* remain stopped when the system is started. Go to Operation → Systems → Start & Stop → Java Applications in the SAP NetWeaver Administrator (NWA) to check this. Task 4: Number of Server Processes Change the number of server processes. 1. Stop your system. a) 2. Use the SAP MC or another tool to stop your system. Optional: Continued on next page 2011 © 2011 SAP AG. All rights reserved. 129 Unit 3: Basic Configuration ADM800 Set the number of server processes to 3 at template level. 3. 4. a) Double-click the file configtool.bat in the directory \usr\sap\<SID>\<instance>\j2ee\configtool to start the Config Tool. Choose Yes to confirm the dialog box. b) Select the entry template - ..... Choose the Servers tab page. c) Enter the value3 in the field Custom Number of Server Processes. d) Choose Set. e) Choose File → Apply Changes to save your changes. Set the number of server processes for the Primary Application Server to 2. a) Select the entry instance - ID.... of your Primary Application Server (PAS). If required the instructor can give you the correct instance ID. Note that the leading zeros are omitted. b) Choose the Servers tab page. c) Enter the value 2 in the field Custom number of server nodes. d) Choose Set. e) Choose File → Apply Changes to save your changes. Start your system. a) Use the SAP MC or another tool to start your system. Result You have configured the number of server processes instance-specifically and for the whole system via the template custom settings. You can now check, for example using the SAP MC, whether the configured number can also be started. You can see, that the instance specific settings have a higher priority than the template custom settings. 130 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Basic Configuration of AS Java with the Config Tool Lesson Summary You should now be able to: • Maintain settings for the SAP NetWeaver AS Java with the Config Tool 2011 © 2011 SAP AG. All rights reserved. 131 Unit 3: Basic Configuration ADM800 Lesson: Configuring AS Java with SAP NetWeaver Administrator Lesson Overview This lesson provides an overview of the functions of the SAP NetWeaver Administrator. Lesson Objectives After completing this lesson, you will be able to: • Display system properties in the SAP NetWeaver Administrator Business Example Certain configuration activities are required after an AS Java-based system is installed. In addition, you must make adjustments during further operative business activities. A good knowledge of the tools and relationships is required to execute the activities. Configuration with the SAP NetWeaver Administrator The SAP NetWeaver Administrator (NWA) is the tool for the online configuration. Display of the System Configuration with the SAP NetWeaver Administrator You can use the NWA to check the settings made with the Config Tool for the VM parameters, services and managers. The NWA displays the value that is currently valid in the process. You can find these parameters in the NWA under Configuration → Infrastructure → Java System Properties or via the quick link /nwa/sys-config. 132 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Configuring AS Java with SAP NetWeaver Administrator Figure 63: System Properties in the SAP NetWeaver Administrator Choose the active template or the required instance and then the appropriate tab pages, for example Kernel, if you want to view the properties of the manager. Then select the required entry. In the list of the object properties, for example of a service, the column Modifiable shows whether the value can be changed online with the NWA. The pushbutton Show Details displays further detailed information about the selected property. The current value is also shown for example if the property is calculated using a formula. Further Configuration Settings with the SAP NetWeaver Administrator Since the SAP NetWeaver Administrator (NWA) in Release 7.1x replaces the Visual Administrator from earlier releases, a variety of configuration options are integrated in the NWA. Some of these options are discussed in other units of this course. Depending on the installed product, the NWA also provides further product-specific functions along with the basic functions. 2011 © 2011 SAP AG. All rights reserved. 133 Unit 3: Basic Configuration 134 ADM800 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Configuring AS Java with SAP NetWeaver Administrator Exercise 6: Configuring AS Java with SAP NetWeaver Administrator Exercise Objectives After completing this exercise, you will be able to: • Check configuration settings with the SAP NetWeaver Administrator Business Example You must make various settings after you install an AS Java-based system and when the system is running. Task: SAP NetWeaver Administrator Check the configuration settings using the SAP NetWeaver Administrator. 2011 1. Call the SAP NetWeaver Administrator (NWA) and log on. 2. Check the parameter InitialThreadCount of the Thread Manager in the Primary Application Server Instance (PAS). What value does this parameter have? 3. Check the value of the maxHeapSize for all instances. © 2011 SAP AG. All rights reserved. 135 Unit 3: Basic Configuration ADM800 Solution 6: Configuring AS Java with SAP NetWeaver Administrator Task: SAP NetWeaver Administrator Check the configuration settings using the SAP NetWeaver Administrator. 1. Call the SAP NetWeaver Administrator (NWA) and log on. a) 2. 3. 136 Open a browser and enter the URL for the NWA http://<host name:port>/nwa. Log on with your user and password. Check the parameter InitialThreadCount of the Thread Manager in the Primary Application Server Instance (PAS). What value does this parameter have? a) In the NWA, choose Configuration → Infrastructure → Java System Properties. b) Open the entry with the active template, for example ZATPL_AIO. Then select the ID of the PAS. c) Select the entry ThreadManager in the tab page Kernel. d) Search for the entry InitialThreadCount in the list of Properties. Which value is this parameter set to? Note that there are default and customer values. Check the value of the maxHeapSize for all instances. a) Switch to the tab page MemoryVM Parameters and find the entry maxHeapSize. Which value is this parameter set to? b) You can select the entry maxHeapSize and then choose Show Details. The field Formatted Value contains the technical name of the parameter and the calculated value. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Configuring AS Java with SAP NetWeaver Administrator Lesson Summary You should now be able to: • Display system properties in the SAP NetWeaver Administrator 2011 © 2011 SAP AG. All rights reserved. 137 Unit 3: Basic Configuration ADM800 Lesson: Further Configuration Activities Lesson Overview This lesson provides an overview of the properties of the Central Services and help to improve your knowledge of the AS Java. Lesson Objectives After completing this lesson, you will be able to: • • Get an overview of the Configuration Wizard Check and maintain properties of the Central Services Business Example Certain configuration activities are required after an AS Java-based system is installed. In addition, you must make adjustments during further operative business activities. A good knowledge of the tools and relationships is required to execute the activities. Configuration Wizard The Configuration Wizard is integrated in the NWA and provides different configuration tasks depending on the installed product and the Support Package level. The Configuration Wizard reduces in particular the effort required initially for the configuration for certain applications directly after the installation of the system. The installation guide or the documentation of the application usually refers to the tasks to be executed in the Configuration Wizard. You can find it in the NWA under Configuration → Scenarios → Configuration Wizard. 138 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Further Configuration Activities Figure 64: Configuration Wizard You first select one of the executed tasks. Choose Start to start the configuration task. Here the user is required to make entries in several steps depending on the task. The Configuration Wizard logs the execution of tasks. If you choose History of Executed Configuration Tasks under Show and then select a task, you can display these logs using View Log. You can execute tasks again that have already been executed using Re-execute. Caution: If you have already made settings in the system, they are overwritten by executing a corresponding task in the Configuration Wizard. You should therefore use the Configuration Wizard only for the initial configuration of an application or a function and not during running operation. Profile Files Some system properties of the AS Java are maintained using profile parameters in the profile files of the AS Java. These files are located in the directory \usr\sap\<SID>\sys\profile and should be saved before and after a change. There is no special tool for maintaining these files in the AS Java. You can use a simple text editor for this purpose. In this way, for example, some properties of the message server and of the enqueue server are maintained using profile parameters. 2011 © 2011 SAP AG. All rights reserved. 139 Unit 3: Basic Configuration ADM800 Properties of the Central Services The Central Services consist of the message server and the enqueue server. We will first consider the interaction with the message server. As shown in the “Message Server” figure, each node (ICM and servers) of each instance is connected to the message server. Figure 65: Message Server When the Central Services are started, the system reads the profile parameters for the message server. The internal communication port for the message server is defined using the parameter rdisp/msserv_internal. Usually, port 39<instance number> is chosen. The HTTP port of the message server is specified with the profile parameter ms/server_port_0. The instance number is also usually used for the last two digits in this case. The HTTP port is required by the SAP Web dispatcher, among other things. You can obtain the port numbers used to start the message server from the developer trace (dev_ms). The developer trace also contains the hardware key (which is required for requesting a license) and the host on which the message server is running. You can use the SAP NetWeaver Administrator (NWA) to display the parameters with which the message server is running. You can find the parameters in the NWA under Configuration → Infrastructure → Message Server (Quick Link: /nwa/msg-server). Select Message Server Parameters under Show. 140 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Further Configuration Activities Alternatively, you can use the Config Tool to display the current parameters. Select an entry instance - ID... and choose the tab page Instance Profile. There the corresponding parameters are called MSGSRV_PORT and MSGSRV_HOST. These parameters are used by the ClusterManager (properties ms.port and ms.port). Figure 66: Message Server: Changes In the figure “Message Server: Changes”, you can see which areas need to be adjusted if the port or the name of the host on which the message server is running changes. Ports are, of course, changed in the instance profile of the Central Services instance. In the example from the figure, internal communication port 3977 and HTTP port 8177 have been set, and the new host is called twdfxxxx. These changes must now be adjusted in the default profile of the system using the parameters j2ee/scs/host and j2ee/ms/port. Just in case, you should check whether these parameters are also set in the instance profiles. The values there would override the values from the default profile. After you have maintained all of the parameters, you can start all instances. Enqueue Server Now that you have seen the settings for the message server, we will consider the enqueue server. The “Enqueue Server” figure shows that each server process has a connection to the enqueue server. The figure shows the profile parameters that are relevant for the enqueue server in the instance profile of the Central Services instance. The port is usually set to 32<instance number> and the instance number is defined using the parameter enque/serverinst. The parameter enque/encni/port can be used to select the port for the enqueue server explicitly (including outside of the range 32<instance number>). The default values of the 2011 © 2011 SAP AG. All rights reserved. 141 Unit 3: Basic Configuration ADM800 parameters enque/table_size and enque/snapshot_pck_ids are minimum values and should be adjusted to the values shown in the figure. However, these are not maximum values, and it may be necessary to further increase the values. Figure 67: Enqueue Server You can obtain the port numbers used to start the enqueue server from the developer trace dev_enqlisten. You can use the SAP NetWeaver Administrator (NWA) to display the parameters that the LockingManager uses to connect to the enqueue server. You can find these parameters in the NWA under Configuration → Infrastructure → Java System Properties. Select the active template, choose the tab page Kernel and select the entry LockingManager. The relevant parameters are enqu.host and enqu.port. Choose Show Details to display the concrete values. Alternatively, you can use the Config Tool to display the current parameters. Select an entry instance - ID... and choose the tab page Instance Profile. There the corresponding parameters are called ENQSRV_PORT and ENQSRV_HOST. 142 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Further Configuration Activities Figure 68: Enqueue Server: Changes In the figure “Enqueue Server: Changes”, you can see which areas need to be adjusted if the port or host of the enqueue server changes. Ports are, of course, changed in the instance profile of the Central Services instance. In the example from the figure, port 3277 has been set, and the new host is called twdfxxxx. These changes must now be adjusted in the default profile of the system using the parameters j2ee/scs/host and j2ee/enq/port. Just in case, you should check whether these parameters are also set in the instance profiles. The values there would override the values from the default profile. After you have maintained all of the parameters, you can start all instances. 2011 © 2011 SAP AG. All rights reserved. 143 Unit 3: Basic Configuration 144 ADM800 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Further Configuration Activities Exercise 7: Further Configuration Activities Exercise Objectives After completing this exercise, you will be able to: • Use the Configuration Wizard • Configure the Central Services instance Business Example You must make various settings after you install an AS Java-based system and when the system is running. Task: Adjustments to the Central Services Adjust the parameters of the enqueue server. 1. Stop the system including the Central Services Instance. 2. Change the profile parameters of the enqueue server according to the table below. 3. 2011 Parameter Name New Value enque/table_size 65536 enque/snapshot_pck_ids 2000 Start your system. © 2011 SAP AG. All rights reserved. 145 Unit 3: Basic Configuration ADM800 Solution 7: Further Configuration Activities Task: Adjustments to the Central Services Adjust the parameters of the enqueue server. 1. Stop the system including the Central Services Instance. a) 2. Stop your system completely. Stop it using the SAP MC for example. Change the profile parameters of the enqueue server according to the table below. Parameter Name New Value enque/table_size 65536 enque/snapshot_pck_ids 2000 a) Log on at operating system level of your SAP system. b) Open the instance profile of the Central Services instance using a text editor, for example using notepad. Hint: The instance profile of the Central Services instance is located in the directory <drive>:\usr\sap\<SID>\sys\profile, for example D:\usr\sap\CEM\sys\profile. It is called <SID>_SCS<instance number>_<host name>, for example CEM_SCS02_twdf9999. c) Change the values of the existing parameters as specified in the above table. Caution: Only change the parameters that have been specified. d) 3. Start your system. a) 146 Save your changes. Start your system using the SAP MC for example. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Further Configuration Activities Lesson Summary You should now be able to: • Get an overview of the Configuration Wizard • Check and maintain properties of the Central Services 2011 © 2011 SAP AG. All rights reserved. 147 Unit Summary ADM800 Unit Summary You should now be able to: • Name various configuration and administration tools for SAP NetWeaver AS Java • Describe the primary usage areas of configuration and administration tools • Maintain settings for the SAP NetWeaver AS Java with the Config Tool • Display system properties in the SAP NetWeaver Administrator • Get an overview of the Configuration Wizard • Check and maintain properties of the Central Services 148 © 2011 SAP AG. All rights reserved. 2011 ADM800 Test Your Knowledge Test Your Knowledge 1. You can use the Config Tool to maintain Java VM parameters for an SAP NetWeaver AS Java instance. Determine whether this statement is true or false. □ □ 2011 True False © 2011 SAP AG. All rights reserved. 149 Test Your Knowledge ADM800 Answers 1. You can use the Config Tool to maintain Java VM parameters for an SAP NetWeaver AS Java instance. Answer: True You can maintain parameters such as Xms with the Config Tool. Xms is a Java VM parameter. 150 © 2011 SAP AG. All rights reserved. 2011 Unit 4 Secure Infrastructure Unit Overview A secure infrastructure is a prerequisite for different aspects of security in SAP systems, for example access control and data security. The first lesson should give an overview of different aspects of network security, whereas the second lesson concentrates on the theoretical background and concrete configuration activities with regard to the Secure Socket Layer (SSL). Unit Objectives After completing this unit, you will be able to: • • • • • • • explain why safeguarding the network communication is necessary describe which technical components can be protected via secure network protocols Classify concepts of the Web Service Security Describe different encryption processes Point out the relationship between authentication and digital signatures Explain the server authentication mechanism used within SSL Set up SSL with the SAP NetWeaver Administrator Unit Contents Lesson: Network Security......................................................152 Lesson: Setting Up SSL .......................................................160 Exercise 8: Setting up SSL................................................175 2011 © 2011 SAP AG. All rights reserved. 151 Unit 4: Secure Infrastructure ADM800 Lesson: Network Security Lesson Overview An SAP NetWeaver Composition Environment system is part of a complex system landscape. Business processes in this system landscape are distributed across several systems and access takes place using Intranet and Internet. Safeguarding the landscape against unauthorized accesses is essential. This lesson gives an overview of the types of communication used in an SAP system landscape and how they can be safeguarded. Lesson Objectives After completing this lesson, you will be able to: • • • explain why safeguarding the network communication is necessary describe which technical components can be protected via secure network protocols Classify concepts of the Web Service Security Business Example As part of the implementation of a service-oriented architecture using the SAP NetWeaver Composition Environment, the company ABC AG wants to introduce a new business process that requires access to sensitive data both internally and externally via the Internet. Reasons for Secure Communication Protecting the data exchange between SAP systems is essential. This communication contains users' access data (passwords for example) and sensitive business data. If unauthorized users have access to this data, this may have serious consequences for the company in question. Secure communication • • • • safeguards against unauthorized access to logon data safeguards against unauthorized access to sensitive data implements legal requirements or privacy policies of the company reduces the chances of compromising system and application security. Security of the Communication Layer Different technologies are available to safeguard communication depending on the communication protocol used. In the SAP environment, these are usually Secure Socket Layer (SSL) for Internet protocols (HTTP for example) and Secure Network Communication (SNC) for SAP protocols (RFC for example). 152 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Network Security Figure 69: Communication Protocols as of the AS Java 7.1x The figure shows the possible communication protocols of the AS Java as of Release 7.1x. A Web Application Client (a Web Browser for example) can access the Internet Communication Manager (ICM) of the AS Java via HTTP either directly or using an Application Gateway. The User Management Engine (UME) of the AS Java accesses user data using different protocols depending on the configured User Persistence Store. The RFC protocol is frequently used for communication with other SAP systems. HTTP communication is also possible here. Furthermore, the protocol P4 is used in some scenarios. 2011 © 2011 SAP AG. All rights reserved. 153 Unit 4: Secure Infrastructure ADM800 Figure 70: Communication Protocols from Web Container and EJB Container The protocols P4 and IIOP are used between the Web Container and EJB Container. In addition, P4 and IIOP are used to call objects in remote application servers. The following table provides an overview of the security of the different communication protocols. Security of Communication for AS Java 154 Protocol Security mechanism Note HTTP Secure Socket Layer (SSL) HTTP is the standard protocol for Web applications. SSL can be used for authentication, integrity and encryption. P4 Secure Socket Layer (SSL) P4 is the transfer protocol for the Java-specific communication Remote Method Invocation (RMI). P4 supports HTTP tunneling. © 2011 SAP AG. All rights reserved. 2011 ADM800 2011 Lesson: Network Security Protocol Security mechanism Note IIOP Secure Socket Layer (SSL) IIOP is an alternative transfer protocol for RM. IIOP can also be used for communication with CORBA application servers. LDAP Secure Socket Layer (SSL) If the User Management Engine of the AS Java has connected a directory service via the LDAP protocol as a Persistence Store, SSL can be used for communication security. RFC Secure Network Communication (SNC) The SNC interface can be used for the SAP-specific protocols RFC and DIAG. JDBC Driver-dependent JDBC is a communication protocol for the database connection. Communication can be secured depending on the driver that is used. Telnet Not available Communication via Telnet is not encrypted. Therefore, Telnet access to the AS Java has been restricted to host 127.0.0.1 (localhost). Session Not available Session is a communication protocol that is used only between ICM and server process. Since this communication is not used outside an instance, encryption is not required. © 2011 SAP AG. All rights reserved. 155 Unit 4: Secure Infrastructure ADM800 Due to the architecture changes in AS Java as of Release 7.1x, there are also some differences in the occupancy (and configuration) of the communication ports. The table below contains some important ports for AS Java. $$ stands for the instance number here. Important Standard TCP/IP Ports in AS Java Service Port Number Process HTTP 5$$00 ICM P4 5$$04 ICM IIOP 5$$07 ICM Telnet 5$$08 ICM HTTP 5$$13 sapstartsrv HTTP 81$$ MS You can find a complete list of the ports used by SAP applications on SAP Service Marketplace under Quick Link /security and under Security in Detail → Infrastructure Security → TCP/IP Ports Used by SAP Applications. Web Service Security The SAP NetWeaver Composition Environment plays the role of the development environment for composite applications in the implementation of the service-oriented architecture (SOA). The SAP NetWeaver CE system is also the runtime environment for such applications. The Web service technology is a technical foundation for SOA. The security requirements for Web services go beyond the encryption of the HTTP log via SSL. A Web service (WS) is a modular function that can be published, localized and called via a network. A Web service provides functions that are based on the technological communication layer. Any flow logic can be offered as a Web service, for example EJBs, Java classes or portal services. The Web Service Framework of the AS Java transfers the incoming XML/SOAP data and calls the Web service. The following figure gives a rough overview of the communication. 156 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Network Security Figure 71: Communication in the Web Service Scenario The Web service provider publishes the Web service in Universal Description, Discovery, and Integration (UDDI). The WSDL file (Web Service Description Language) of the Web service is stored in the UDDI for this purpose. A Web service user can now find the Web service in the UDDI and call it for the provider. The Simple Object Access Protocol (SOAP) is used for this communication. The SOAP request is transported via the HTTP protocol. The transfer can be safeguarded either via SSL or the standard WS security. Web services can communicate using any number of connections and intermediary stations. A connection-based security of communication, such as via SSL, is therefore insufficient or inadequate. Therefore, the OASIS standard Web Service Security (WSS) has been implemented for AS Java. The following table gives an overview of the security mechanisms for Web services. . Web Service Security Communication Method Protocol Execution SOAP via HTTP Transferred Data Security By Application data SSL Logon data or for messages XML Signature XML Encryption Publication and localization HTTP WSDL data SSL Logon data 2011 © 2011 SAP AG. All rights reserved. 157 Unit 4: Secure Infrastructure ADM800 Network Topology The network topology can also safeguard your system landscape. SAP recommends that you use separated network zones and demilitarized zones (DMZ), as shown in the following figure. Figure 72: Network Topology Systems with sensitive business data, such as SAP ECC or SAP CRM for example, should be protected from uncontrolled access by a firewall. Also in the case of Web applications, such as a portal for example, only a controlled access should be allowed by a firewall for users. In particular, with regard to Internet scenarios, we advise you to use so-called Application Gateways within a DMZ. In practice, an Application Gateway is implemented, for example, by a reverse proxy, a load balancer or similar products. 158 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Network Security Lesson Summary You should now be able to: • explain why safeguarding the network communication is necessary • describe which technical components can be protected via secure network protocols • Classify concepts of the Web Service Security Related Information • • • 2011 For more information about security aspects of SAP systems, we recommend that you attend course ADM960 - Security in SAP System Environments http://service.sap.com/securityguide. More information is also available on SAP Service Marketplace under Quick Link /security: http://service.sap.com/security. The SAP Library for SAP NetWeaver 7.3, including the section SAP NetWeaver Security Guide, is available under http://help.sap.com. © 2011 SAP AG. All rights reserved. 159 Unit 4: Secure Infrastructure ADM800 Lesson: Setting Up SSL Lesson Overview This lesson gives you a brief introduction to cryptography and its adoption in the communication between different communication partners. In the second part you will learn how to set up a secure http-communication (SSL). Lesson Objectives After completing this lesson, you will be able to: • • • • Describe different encryption processes Point out the relationship between authentication and digital signatures Explain the server authentication mechanism used within SSL Set up SSL with the SAP NetWeaver Administrator Business Example Your corporation wants to provide access to composite applications on the SAP NetWeaver CE system for its business partners. Since sensitive data is transferred between the SAP system and the client (a Web browser for example), a secure connection should be established. Introducing Cryptography Cryptography is the science of encrypting information. Why is this a very important topic in today's IT world? The standard protocol used for transporting http requests, TCP/IP, is a potentially insecure transport mechanism. Everyone connected to a specific network is able, with more or less effort and knowledge, to listen to the packages and its content transferred with the IP protocol in that network. This vulnerable protocol makes it necessary to encrypt the transferred data itself. For a better understanding we describe here a possible attack against the TCP/IP protocol and the data transferred with this protocol. 160 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Figure 73: Threat: Eavesdropping In the above example, Alice (1) initiates a communication with Bob and requests some data about customers from him. Bob gathers the requested data and responds to Alice's request (2). The entire exchange is eavesdropped by Mallory. He now knows about the information that was discussed (3). In the context of TCP/IP, Alice (stands for a Web browser), for example, requests some data via an http request that is transferred via the TCP/IP protocol. The server (here represented by Bob) responds and transfers some sensitive customer data from the server to the client via the TCP/IP protocol. Mallory, an attacker, is on the same network and therefore is able to eavesdrop on this TCP/IP communication. The solution for securing this communication is the encryption of the transferred data; this involves making the conversation impossible for the attacker to understand but making it understandable to the participants involved in the conversation only. 2011 © 2011 SAP AG. All rights reserved. 161 Unit 4: Secure Infrastructure ADM800 Figure 74: Protection: Encryption Encryption Methods Encryption itself is based on mathematical operations. A key therefore has to be exchanged between the communication partners in order to have a computable basis for encrypting and decrypting information. There are three different methods for exchanging these keys. Figure 75: Encryption Methods 162 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Symmetric Key Encryption is the classical cryptography method for encrypting and decrypting messages. In this case, both the sender and receiver of a message share a “secret” called a secret key. The sender uses this key to encrypt the message. The receiver also uses this key to decrypt the message. Figure 76: Symmetrical Encryption The shared secret is called a secret key. It consists of a value of a certain length, 256 bits for example. These encryption algorithms are in widespread use and are employed in most Web browsers and Web servers. Typical Symmetric Key Encryption Algorithms include: • • • • • • • Digital Encryption Standard (DES) Triple DES Advanced Encryption Standard (AES) International Data Encryption Algorithm (IDEA) RC4 RC5 Blowfish Asymmetric Key Encryption uses a different algorithm than Symmetric Key Encryption. Asymmetric Key Encryption uses a key pair that consists of a private and a public key. These keys belong to each other. A message that is encrypted with the public key can only be decrypted with the matching private key. The public key can be made public. The owner of the key pair “publishes” the public key and can distribute it as required. The private key must be kept secret. 2011 © 2011 SAP AG. All rights reserved. 163 Unit 4: Secure Infrastructure ADM800 Figure 77: Asymmetrical Encryption The person who is sending a confidential message uses the recipient‘s public key to encrypt the message. Only the recipient can then decrypt the message using his or her private key. Typical public key encryption algorithms are: • RSA (Rivest, Shamir, Adleman), Diffie-Hellman Disadvantages of Public Key Encryption: • • • It is slower than Symmetrical Key Encryption. Encryption is only possible in one direction with a single key pair. Alice can encrypt a message to send to Bob, but not vice versa. If Alice also has a key pair, then Bob can send her an encrypted message. However, there is an easier way. Hybrid Encryption Process is the combination of both above explained encryption processes. The Hybrid Encryption Process make use of the advantages of both process types. For the better understanding we describe this process in the following example. 164 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Figure 78: Hybrid Encryption Process: 1. 2. 3. 4. 5. 6. 7. The client (browser) contacts the SAP NetWeaver Application Server Java The Application Server responds and sends its Public Key Client-side a Secret Key is created and encrypted with the Public Key the server sent before The client sends back the encrypted Secret Key On the server the Secret Key is decrypted using the Private Key. Only the server can decrypt the received Secret Key cause its holding the Private Key which is necessary for the decrypting. The communication partners perform a "Handshake"; they shake hands. Further communication between the client and the server is encrypted using the Secret Key Authentication and Digital Signatures In the first part of this lesson we described a possible attack to the transport protocol and what can be done to secure this communication. But what happens if Mallory interferes with the communication and pretends to be Bob? He may even provide Alice a public key, saying that is Bob's key. The question here is now, how can we make sure that Alice is really communicating with Bob and therefore the public key she received is really Bob's public key? 2011 © 2011 SAP AG. All rights reserved. 165 Unit 4: Secure Infrastructure ADM800 Figure 79: Threat: Masquerading The problem is also covered by cryptography and is called Authentication. Authentication normally takes place using the user ID and password. But with cryptographic mechanisms it is possible to authenticate communication partners, in means of verifying that the communication partner is the one she or he pretends to be. Basis for the authentication of communication partners are Digital Certificates. Figure 80: Protection: Authentication 166 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Understanding Digital Certificates and Digital Signatures The digital certificate is the individual's "digital identity card" on the Internet. Compared to the "real world", digital certificates can be compared to a passport which contains information about owner, issuer, serial number, and validity period. The format of the certificate is specified by the X.509 standard for digital certificates. Figure 81: Digital Certificates (X.509) Beneath some general information the certificate contains also the public part of the key pair whereas the private key is not included in the certificate. This one must be kept on a safe place. The certificate is issued to a person or server by an authorized entity called a Certification Authority (CA). The CA ensures by digitally signing the certificate that the public key, which matches to a private key, belongs to a specific person or server. Thus, the CA ensures that the certificate cannot be "faked". The complete infrastructure that manages the issue and verification of certificates is called the Public Key Infrastructure (PKI). 2011 © 2011 SAP AG. All rights reserved. 167 Unit 4: Secure Infrastructure ADM800 Figure 82: Certification Authority Examples of well-known Certification Authorities: • • Verisign Inc. TC Trust Center SAP also runs a CA that issues digital certificates to customers. Follow the Quick Link /tcs (Trust Center Services) on the SAP Service Marketplace. Figure 83: Certificate Enrollment The certification of digital certificates is performed, for example, as follows: 1. 2. 3. 4. 168 A public and private key pair is generated on the server The public key is sent to the CA (it is called a Certificate Signing Request short CSR) The CA digitally signs the server's public key and sends it back to the requestor Import of the CSR response, the digitally signed certificate, into the server © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Different CA’s use different policies, on how to check the identity of a person or system, before issuing a digital certificate. SAP's process for applying for a digitally signed certificate is as follows: Figure 84: Certificate Order Process via SAP TCS 1. 2. 3. 4. 5. Create CSR and send it to SAP via the SAP Service Marketplace Enter some additional data You receive a contract. Check the details entered before, print it out and sign it Fax the signed contract back to SAP SAP checks your data and has TC TrustCenter issue a certificate The server is now sending the digitally signed certificate, which includes the public key, to the communication partner. This kind of authentication is called Server Authentication. But how can the communication partner ensure, that the digitally signed certificate is signed from a trusted CA? The communication partner has to have a trust relationship to the CA which issued the certificate. Technically this can be achieved by importing a digital certificate of the institution (CA) issued the certificate for the server. This is the so-called root certificate. The most common root certificates are pre-installed in most Web browsers. 2011 © 2011 SAP AG. All rights reserved. 169 Unit 4: Secure Infrastructure ADM800 Figure 85: Trust Relationship Securing HTTP communication using Secure Socket Layer (SSL) In the previous sections you learned the fundamentals of Cryptography, Authentication and Digital Certificates. These technologies are also the fundamental of securing the HTTP communication. Secure Socket Layer (SSL) is a transparent protocol enhancing other protocols having no security functionalities. SSL is not an HTTP-specific protocol but a protocol used between the TCP layer and application protocols like LDAP, SMTP, HTTP and so on. An HTTP application protocol that has been extended by SSL has the protocol identification HTTPS in the URL. SSL uses a Hybrid Encryption method and provides besides data encryption the following authentication mechanisms: • • • Server authentication Client authentication Mutual Authentication To use SSL for server authentication, the SAP NetWeaver AS Java possesses a private and public key pair. 170 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Figure 86: SSL: Server authentication 1. 2. 3. 4. 5. 6. 7. Alice contacts the SAP NetWeaver Application Server Java using a browser The Application Server responds and sends its Public Key with a digitally-signed message. The client-side server's identity is verified by checking the validity of the certificate. The certificate is only accepted if the client trusts the CA that issued that certificate to the SAP NetWeaver AS Java. This is done with the CA root certificate. The Secret Key is created and encrypted with the Public Key the server sent before The client sends back the encrypted Secret Key On the server the Secret Key is decrypted using the Private Key. Only the server can decrypt the received Secret Key cause its holding the Private Key which is necessary for the decrypting. The communication partners perform a handshake Further communication between the client and the server is encrypted using the Secret Key Setting up HTTP for SAP NetWeaver Since the basis of SSL and therefore HTTPS is cryptography, SAP NetWeaver Application Server Java has to be enabled in order to support this feature. Cryptographic software is needed to support the different mathematical algorithms. As of Release 7.1x, the SAP Cryptographic Library is used as cryptographic 2011 © 2011 SAP AG. All rights reserved. 171 Unit 4: Secure Infrastructure ADM800 software. Cryptographic software was subject to export and import restrictions. In AS Java systems 7.1x you have to download this software from SAP Service Marketplace, in AS Java systems 7.3 these software is already included. Read up on the conditions in your country. The SAP Cryptographic Library can be found on SAP Service Marketplace: http://service.sap.com/swdc Download → SAP Cryptographic Software Figure 87: Roadmap for Configuring SSL Using SSL with an Intermediary Server You can also use SSL for connections where an intermediary server is used. An intermediary server may be a Web proxy or the SAP Web Dispatcher. A typical scenario is to place the intermediary server in the DMZ and the AS Java in the intranet zone. The servers that are supported for use with AS Java are: • • • 172 SAP Web Dispatcher Microsoft Internet Information Server (IIS) with an IIS proxy module from SAP Other products (for example, the Apache Web Server) © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Figure 88: SSL with an Intermediary Server Depending on the intermediary server used, options exist to use either an end-to-end SSL connection or to terminate the connection on the intermediary server and establish a new connection to the backend system (terminated SSL). See the figure below. Outlook: Mutual Authentication Beside the server authentication mechanism and the data encryption described in the above sections, SSL can also be used for mutual authentication. In case of Mutual Authentication both, the user and the server acknowledge their authenticity by providing a digitally signed certificate to the other communication partner. The important fact is, Alice also authenticate herself to the server. Therefore you can use this authentication to integrate the SAP NetWeaver AS Java in a Single Sign-On environment. 2011 © 2011 SAP AG. All rights reserved. 173 Unit 4: Secure Infrastructure ADM800 Figure 89: Outlook: Mutual Authentication Server authentication is performed using the same process as described within the SSL scenario. Let‘s focus on the client part of this authentication. Alice obtains a certificate, as shown in the figure: • • • Alice creates a key pair and a certificate request Alice sends the request to a CA, such as the SAP CA Alice imports the certificate request response The Web server must also trust Alice‘s issuing CA by importing its CA root certificate into its trusted CA store. When communicating with the server, both parties are authenticated and the data communication is encrypted. 174 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Exercise 8: Setting up SSL Exercise Objectives After completing this exercise, you will be able to: • Setting up SSL for SAP NetWeaver 7.3 Business Example Your corporation wants to provide access to composite applications on the SAP NetWeaver 7.3 system for its business partners. Since sensitive data is transferred between the SAP system and the client (a Web browser for example), a secure connection should be established. Task 1: Check the SAP Cryptographic Library files Check the SAP Cryptographic Library files. 1. Log on at operating system level of your SAP system and check, that the files sapcrypto.dll and sapgenpse.exe exists in he following directories of your SAP system: all <drive>:\usr\sap\<SID>\<instance>\exe and <drive>:\usr\sap\<SID>\SYS\exe\uc\NTAMD64. 2. Check, that the file ticket exits in all of the following directories <drive>:\usr\sap\<SID>\<instance>\sec. Task 2: Maintain ICM Parameters Maintain the required ICM parameters. 1. Read up on the ports already used and the related parameters of the ICM. Use the Web interface of the ICM for this. 2. Maintain the ICM parameters to allow the protocols and ports specified in the table to be used. $$ stands for the instance number here. Make sure that you do not overwrite existing parameters when numbering the parameters. Parameter Protocol Port icm/server_port_4 HTTPS 5$$01 icm/server_port_5 P4SEC 5$$06 icm/server_port_6 IIOPSEC 5$$03 Hint: There is a help file on the training share from which you can insert the parameter values into the profile DEFAULT.PFL directly by copying. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 175 Unit 4: Secure Infrastructure ADM800 3. Restart the ICM. 4. Read up on the ports now used and the related parameters of the ICM. Task 3: Generate Key Pair, Have it Signed by the Certification Authority and Assign to all Instances Generate a key pair for SSL using the ICM and have it signed by the Certification Authority. 1. Create a new key pair for SSL using the ICM in the SAP NetWeaver Administrator. Use the keystore view service_ssl to do so. Remove the existing key pair. Use the following values for the certificate with <##> corresponding to your group number. Do not change the other values. Input Values for the new Key Pair Input Field Value Entry Name SSL<##> Key Length 2048 countryName for example DE or US organizationName SAP organizationalUnitName Education commanName <host name.domain> 2. Generate a certificate request for the key pair that you just created. 3. Send the certificate request to the Certification Authority and save the response to a file. You can use the test scenario of the SAP Trust Center Service for this course (http://service.sap.com/ssltest). 4. Import the certificate request response in the NWA. 5. Now import the certificate into the instance-specific views ICM_SSL_<instance-ID>. Remove the existing entries there also. 6. Export all views ICM_SSL_<instance-ID> to the PSE. Task 4: Test SSL Test the SSL communication. 1. Call the HTTPS-URL of your system. Continued on next page 176 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Task 5: Optional: Install SAP Server CA Root Certificate in Web Browser If you got an error during the test, you probably need to install the SAP Server CA root certificate in your web browser. 2011 1. Download the SAP Server CA root certificate from SAP Service Marketplace Trust Center Services and install it in your web browser. 2. Do the test like in task Test SSL described above. © 2011 SAP AG. All rights reserved. 177 Unit 4: Secure Infrastructure ADM800 Solution 8: Setting up SSL Task 1: Check the SAP Cryptographic Library files Check the SAP Cryptographic Library files. 1. Log on at operating system level of your SAP system and check, that the files sapcrypto.dll and sapgenpse.exe exists in he following directories of your SAP system: all <drive>:\usr\sap\<SID>\<instance>\exe and <drive>:\usr\sap\<SID>\SYS\exe\uc\NTAMD64. a) 2. Check, that the file ticket exits in all of the following directories <drive>:\usr\sap\<SID>\<instance>\sec. a) Task 2: Maintain ICM Parameters Maintain the required ICM parameters. 1. 2. Read up on the ports already used and the related parameters of the ICM. Use the Web interface of the ICM for this. a) Open a Web browser and call the Web interface of the ICM using the URL http://<host name>:<HTTP port>/sap/admin. Your instructor will give you the logon data. b) Go to Active Services on the left-hand side and note the active services and their ports. c) Go to Parameters on the left-hand side and note the parameters icm/server_port_<x> and their values there. Maintain the ICM parameters to allow the protocols and ports specified in the table to be used. $$ stands for the instance number here. Make sure that you do not overwrite existing parameters when numbering the parameters. Continued on next page 178 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Parameter Protocol Port icm/server_port_4 HTTPS 5$$01 icm/server_port_5 P4SEC 5$$06 icm/server_port_6 IIOPSEC 5$$03 Hint: There is a help file on the training share from which you can insert the parameter values into the profile DEFAULT.PFL directly by copying. a) At operating system level of your SAP system, use a text editor to open the file <drive>:\usr\sap\<SID>\SYS\profile\DEFAULT.PFL. b) Enter the following additional lines at the end of the file: icm/server_port_4 = PROT=HTTPS,PORT=5$$01,VCLIENT=1 icm/server_port_5 = PROT=P4SEC,PORT=5$$06,VCLIENT=1 icm/server_port_6 = PROT=IIOPSEC,PORT=5$$03,VCLIENT=1 c) 3. 4. Save the file. Restart the ICM. a) Choose Monitor on the left-hand side in the Web interface of the ICM (see step 1 of this task also). b) Choose running → Shutdown Internet Communication Manager and then choose Yes. c) The ICM should then automatically restart shortly afterwards. Read up on the ports now used and the related parameters of the ICM. a) Go to Active Services on the left-hand side in the Web interface of the ICM and note the active services and their ports. The protocols and ports that you have just maintained should be listed and active there. b) Go to Parameters on the left-hand side and note there the new parameters maintained by you icm/server_port_<x>. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 179 Unit 4: Secure Infrastructure ADM800 Task 3: Generate Key Pair, Have it Signed by the Certification Authority and Assign to all Instances Generate a key pair for SSL using the ICM and have it signed by the Certification Authority. 1. Create a new key pair for SSL using the ICM in the SAP NetWeaver Administrator. Use the keystore view service_ssl to do so. Remove the existing key pair. Use the following values for the certificate with <##> corresponding to your group number. Do not change the other values. Input Values for the new Key Pair 2. Input Field Value Entry Name SSL<##> Key Length 2048 countryName for example DE or US organizationName SAP organizationalUnitName Education commanName <host name.domain> a) Open the SAP NetWeaver Administrator (NWA) in the Web browser using the URL http://<host name>:<HTTP port>/nwa. Your instructor will give you the logon data. b) Navigate to Configuration → Security → Certificates and Keys. c) Select the keystore view service-ssl in the tab page Content. d) Select the entry ssl-credentials, choose Delete and confirm with OK. Also remove the entry ssl-credentials-cert. e) Now choose Create and maintain the fields in accordance with the above table. Then choose Next. Maintain the other fields in accordance with the table, choose Next twice and then Finish. Generate a certificate request for the key pair that you just created. a) Select the entry SSL<##> and choose Generate CSR Request. b) Now choose Download and then Open. c) Select the displayed text and copy it to the clipboard (Ctrl+C). d) Choose Close. Continued on next page 180 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL 3. 4. 5. 6. Send the certificate request to the Certification Authority and save the response to a file. You can use the test scenario of the SAP Trust Center Service for this course (http://service.sap.com/ssltest). a) Open a new Web browser window and call the URL http://service.sap.com/ssltest. b) Choose Test it Now!. c) Copy the text from the clipboard (see step 2 of this exercise) to the input screen. d) Choose PKCS#7 certificate chain and then Continue in the selection list. e) Copy the text to the clipboard (Ctrl+C). f) Open a text editor and insert the text that you just copied. Save the text as a file with the ending .cert, for example response00.cert. Import the certificate request response in the NWA. a) Go to the NWA where you generate the CSR Request and choose now Import CSR Response . b) Choose Browse. Select the file that was just saved, for example response00.cert, and choose Open. c) Choose Add followed by Import. Now import the certificate into the instance-specific views ICM_SSL_<instance-ID>. Remove the existing entries there also. a) Select the view ICM_SSL_<instance-ID>. b) Select the entry ssl-credentials, choose Delete and confirm with OK. Also remove the entry ssl-credentials-cert. c) Choose Copy Entry. d) Now select the view service_ssl in the selection list From View and the entry SSL<##> in the selection list From Entry. Then choose Import. e) Repeat the previous solution steps (a to d) for all other views ICM_SSL_<instance-ID>. Export all views ICM_SSL_<instance-ID> to the PSE. a) Select the view ICM_SSL_<instance-ID>. b) Now choose Export View To PSE. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 181 Unit 4: Secure Infrastructure ADM800 Task 4: Test SSL Test the SSL communication. 1. Call the HTTPS-URL of your system. a) Open a new Web browser window and call the URL https://<host name.domain>:<https port>. If the start page of the AS Java appears without an error message, then everything has been configured correctly and the root certificate of the Certification Authority is already installed in your Web browser. Task 5: Optional: Install SAP Server CA Root Certificate in Web Browser If you got an error during the test, you probably need to install the SAP Server CA root certificate in your web browser. 1. Download the SAP Server CA root certificate from SAP Service Marketplace Trust Center Services and install it in your web browser. a) Open a new Web browser window and call the URL http://service.sap.com/tcs. b) Go to Donwload Area → Root Certificates. Click on SAP Server CA Certificate and choose Save and Save again. Choose Open, Install Certificate and Next. c) Skip this step, If you are not working on the OS of the server twdfxxxx. Select Place all certifacates in the following store and choose Browse .... Select Show physical stores and expand Trusted Root Certification Authorities. Select here Local Computer. d) 2. Go ahead with Next, Finish, and OK. Do the test like in task Test SSL described above. a) Do the test like in task Test SSL described above. Result Congratulations! You have successfully configured SSL for all instances of your SAP NetWeaver system! 182 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Setting Up SSL Lesson Summary You should now be able to: • Describe different encryption processes • Point out the relationship between authentication and digital signatures • Explain the server authentication mechanism used within SSL • Set up SSL with the SAP NetWeaver Administrator 2011 © 2011 SAP AG. All rights reserved. 183 Unit Summary ADM800 Unit Summary You should now be able to: • explain why safeguarding the network communication is necessary • describe which technical components can be protected via secure network protocols • Classify concepts of the Web Service Security • Describe different encryption processes • Point out the relationship between authentication and digital signatures • Explain the server authentication mechanism used within SSL • Set up SSL with the SAP NetWeaver Administrator Related Information SAP Service Marketplace Quick Link /security 184 © 2011 SAP AG. All rights reserved. 2011 Unit 5 User and Authorization Administration Unit Overview The structure and configuration of the User Management Engine (UME) and the use of the associated administration tools are explained in this unit. The standard actions in the user administration environment, such as creating users and creating and assigning authorizations and roles are presented. The concluding lesson Logon Procedure of AS Java should complete your understanding of this topic. Unit Objectives After completing this unit, you will be able to: • • • • • • • • • • • • • • • • • 2011 List the various UME data sources Determine the current data source assignment Explain the term UME data partitioning Identify and modify configuration parameters List and use the tools for administering users and groups Explain the terms UME role and JEE security role List the authorization administration tools Assign actions and JEE security roles to a UME role Assign authorizations to users and groups List a number of “special” principles Change the password of the standard administration user Activate the emergency user list the supported logon procedures of the AS Java explain the functions of login modules change the standard logon procedure of the AS Java explain Kerberos logon (SPNego) set up X.509 logon © 2011 SAP AG. All rights reserved. 185 Unit 5: User and Authorization Administration ADM800 Unit Contents Lesson: Structure and Configuration of the User Management Engine (UME).............................................................................187 Exercise 9: User Management Engine ..................................207 Lesson: User and Group Administration ..................................... 211 Exercise 10: User and Group Administration ...........................219 Lesson: The Java Authorization Concept ...................................224 Exercise 11: Create and Assign UME Roles............................231 Lesson: Special Principles.....................................................235 Exercise 12: Default Principles and Emergency Users ...............241 Lesson: Logon Procedure of the AS Java ...................................246 Exercise 13: Configuration of X.509 Client Authentication............257 186 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Lesson: Structure and Configuration of the User Management Engine (UME) Lesson Overview This lesson explains fundamental information about the User Management Engine. Lesson Objectives After completing this lesson, you will be able to: • • • • List the various UME data sources Determine the current data source assignment Explain the term UME data partitioning Identify and modify configuration parameters Business Example In your company, AS ABAP and AS Java-based systems are used. You want to ensure consistent user master data within a heterogeneous system landscape. Basics AS Java provides an open architecture supported by service providers for the storage of user and group data. The AS Java is supplied with the following service providers which are also referred to as a “user store”: • • • DBMS provider: storage in the system database UDDI provider: storage via external service providers (Universal Description, Discovery and Integration) UME provider: Connection of the integrated User Management Engine The DBMS and UDDI providers implement standards and therefore ensure that AS Java is J2EE-compliant. When AS Java is installed, SAP's own User Management Engine (UME) is always set up as the user store and is the correct choice for most SAP customers. The UME is the only way to flexibly set up and operate user and authorization concepts. 2011 © 2011 SAP AG. All rights reserved. 187 Unit 5: User and Authorization Administration ADM800 Some of the important features of the UME are: • • • • • The UME has its own administration console for administering users. It allows the administrator to perform the routine tasks of user administration, such as creating users and groups, role assignment, and other actions. Security settings can be used to define password policies, such as minimum password length and the number of incorrect logon attempts before a user is locked. The UME provides different self-service scenarios that can be used by applications. For example, a user can change his or her data, or register as a new user. Newly-created users can be approved using a workflow. User data can be exchanged with other (AS Java or external) systems using an export/import mechanism. The UME logs important security events, such as a user's successful logons or incorrect logon attempts, and changes to user data, groups, and roles. Figure 90: User Store and Data Sources Architecture The UME supports a variety of data sources where user data can be stored: • • • System database Directory service (LDAP server) ABAP-based SAP system (as of SAP Web AS 6.20) The illustration below shows the architecture of the UME: 188 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Figure 91: Architecture of the UME: The UME is a Java application which runs on SAP NetWeaver AS Java and which covers the following functional areas: • • • UME Core Layer: Provides persistence managers between the application programming interface and the user management data sources - these control where user data such as users, user accounts, groups, roles and their assignments are read from or written to, with the result that applications which use the API do not have to know where the user management data is stored. UME API Layer: This layer provides programming interfaces (APIs) not just for UME developers but also for customers and partners. This means that you can access the UME functions with the Java programs which you develop yourself. UME services: The UME provides the following services to higher-level software layers: – • 2011 Log-on procedure and single sign-on (log-on to AS Java is taken over for other systems and vice versa) – Provisioning processes via user master data – Authorization Concept UME UI: The UME is responsible for the user interface which, in some log-on procedures, appears in the Web browser, as well as for the UME Administration Console. © 2011 SAP AG. All rights reserved. 189 Unit 5: User and Authorization Administration ADM800 The SAP NetWeaver usage types which are based on the AS Java (such as SAP NetWeaver Portal) are based on the UME and perform a number of specific functions on this basis (such as self-registration with approval workflow). Data Partitioning As described in the previous section, the UME persistence manager offers the option of storing user data in different data sources. The UME persistence manager also supports data partitioning. This means in practice that, for example, user data for different user types can be stored in different data sources. Figure 92: Data Partitioning 190 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) In practice, you often work with a combination of the data sources database + directory service or database + ABAP user management. When this is done, certain user attributes are to be stored in a different data source, for example, or users are separated by their categories (internal or self-registered users). • • • Attribute-based data partitioning: A user in the UME has certain attributes, some of which are classified as global attributes (user ID, telephone number, and so on) ) and others of which are application-specific. Global information would be particularly suited to being stored in a directory service, and application-specific information in the database. User-based data partitioning:With this type of partitioning, the data source in which users are stored is decided depending on the category of the user (self-registered or internal users). For example, users that register by self-service can be stored in the database, and internal users in the directory service. Type-based data partitioning:With type-based data partitioning, different object types can be distributed to different data sources. The types are, for example, users, groups, roles, user accounts. For example, users can be stored in the directory service, and roles in the database. SAP delivers preconfigured data source combinations (more information will be provided in the next section), which you should only change in special cases. For example, if you are using a directory service as a data source, you may need to perform attribute mapping. You usually use the delivered preconfigured data source combinations without additional changes: Configuring the Data Source(s) This section deals with the configuration of the data source(s) stored in the AS Java database in the form of configuration files (in XML format). In most cases, the installation option is retained or the data sources are configured immediately after AS Java installation. 2011 © 2011 SAP AG. All rights reserved. 191 Unit 5: User and Authorization Administration ADM800 Supported Data Sources and Modification Options Figure 93: Data Sources after Installation The data source that is set up during AS Java installation depends on the selected SAP NetWeaver usage type: • • AS Java (without ABAP): Data source - system database (configuration file dataSourceConfiguration_database_only.xml) AS ABAP + Java: Data source - ABAP system (configuration file dataSourceConfiguration_abap.xml) Modifying data sources after installation can result in inconsistencies. Restrictions therefore apply to the modification of UME data sources. The following figure explains the supported modification options. Hint: Please make sure that you observe SAP Note 718383. 192 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Figure 94: Supported Change Options The following changes are supported: • • • System database (dataSourceConfiguration_database_only.xml):You can switch to any required LDAP configuration file (dataSourceConfiguration_[ldap description]_db.xml) or an ABAP system (dataSourceConfiguration_abap.xml). In this case, you must make sure that the new data source does not contain any users and groups with the same unique attributes aqs the database (i.e. the new data source must not contain any users or groups with the same unique name or ID as the users or groups in the database). ABAP system (dataSourceConfiguration_abap.xml): No change is possible. Directory service (dataSourceConfiguration_[ldap description]_db.xml): If you have selected an LDAP directory as the user data source, you can modify the structure of the LDAP directory or switch to a different LDAP if this does not modify any unique user IDs. Below, we present a complex system landscape with AS ABAP, AS Java and non-SAP systems: 2011 © 2011 SAP AG. All rights reserved. 193 Unit 5: User and Authorization Administration ADM800 Figure 95: Example of a Heterogeneous System Landscape In this type of heterogeneous system landscape with SAP systems and non-SAP systems, it is useful to use a directory service as the primary storage location for user data. As you can see in the figure, the ABAP systems are administered with the central user administration (CUA). The CUA central system synchronizes user data with the directory service. In the case of the AS Java systems, the directory service is configured as the data source. Non-SAP systems also have access to user data through the directory service. 194 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Figure 96: SAP NetWeaver Identity Management In SAP NetWeaver Identity Management, SAP provides integrated, business process-driven IdenIdentity Management functions for a heterogeneous system landscape. SAP NetWeaver Identity Management uses a central identity store to consolidate and save data from various source systems (SAP HCM for example). This information is distributed to connected target systems. User accounts and role assignments for SAP and non-SAP applications are distributed. Role assignments can be automated using rule definitions. A very important function of SAP NetWeaver Identity Management is the option of making the authorization assignment workflow-controlled. The integration with HCM as one of the possible source systems for identity information is a key function for business process-driven Identity Management. For more information about SAP NetWeaver Identity Management, go to the SAP Developer Network (https://www.sdn.sap.com/irj/sdn/nw-identitymanagement). Tools for UME Configuration The next figure lists the tools with which you can display and change the UME configuration. Note: See also SAP Note 948654 - Only use Global Settings for UME Properties. 2011 © 2011 SAP AG. All rights reserved. 195 Unit 5: User and Authorization Administration 196 © 2011 SAP AG. All rights reserved. ADM800 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Figure 97: Tools for UME Configuration (Viewing/Modifying) • UME Administration Console: You can use the UME Administration Console running in the Web-Browser to modify selected settings without it being necessary to know the technical parameter names (path: http(s)://<host name>:<port> /useradmin → Configuration). Hint: For many settings a restart is not necessary and you are notified about the necessary of a restart after saving the properties. Hint: As of 7.20 there is an Expert Mode available in the configuration area, which gives you access to the maintenance of mostly all ume properties. • • Configuration Tool (Configuration Editor mode): Only in Configuration Editor mode are you able to access all the UME settings (path: cluster_config → system → custom_global → cfg → services → com.sap.security.core.ume.service → Propertysheet properties). SAP NetWeaver Administrator, Java Configuration Browser: You can use the SAP NetWeaver Administrator running in the Web browser to view all the UME parameters (incl. tooltip with descriptive text) Configuration Infrastructure → Java Configuration Browser and then <System> → cluster_config → system → custom_global → cfg → services → com.sap.security.core.ume.service → properties). Note: In the SAP NetWeaver Administrator under Configuration → Infrastructure → Java System Properties → Overview, you can also view the UME parameters. Select a template or an instance there. Then select the service User Management Engine on the tab page Services. The UME parameters are now selected. Do not change any values here, but instead use the global change options! • • 2011 SAP NetWeaver Administrator, Authentication: AS of SAP NetWeaver AS 7.11 some UME parameters regarding logon can be changed online in the SAP NetWeaver Administrator at Configuration → Security →Authentication and Single Sign-On → Properties. UME Configuration iView: If the usage type EP Core has been installed in your SAP NetWeaver system, you can use the portal interface to access an iView for UME configuration. This offers similar setting options to the UME Administration Console (portal path System Administration → System Configuration → UME Configuration). © 2011 SAP AG. All rights reserved. 197 Unit 5: User and Authorization Administration ADM800 Caution: Before you make any changes to the UME configuration, you should first back up the current configuration. You can do this using a function in the UME Administration Console (User Management Configuration → Support → Download Configuration ZIP File), which saves the current configuration data in a ZIP file This file allows you to record and trace the changes. However, they are not intended to be re-imported into an AS Java. Since many advanced settings can only be made in Configuration Editor mode, a description of the procedure is presented here: 1. 2. 3. 4. 5. 6. 7. Stop all the Java instances on you system Start the Configuration Tool Switch to Configuration Editor mode Switch to change mode. Navigate to cluster_config → system → custom_global → cfg → services → com.sap.security.core.ume.service → Propertysheet properties and double-click. Make the required changes (Apply Custom) Start your system's Java instances. By way of an example, the next figure shows how you can find out the currently active data source in Offline Configuration Editor mode. 198 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Figure 98: Displaying the Active Data Source Appendix: Attribute Mapping with Directory Services As described above, the UME has various preconfigured configuration files in which attribute mapping for directory services can be configured. You can use the Config Tool to view and change these and to configure the attribute mapping. User data that is sent to a directory service must be appropriately stored in the directory service. Mapping of the attributes is usually necessary to do this. Since different directory services also use different schemas for storing data, you must define which SAP data fields correspond to which directory attributes. If you use the Java API of the user administration component to access user data in your LDAP directory service, you must map the attribute names in the schema of the company's LDAP directory service to the attribute names that are used in the Java API of the user administration component. This need not always be a one-to-one mapping, but rather one field can be mapped to multiple attributes. The attributes assigned to the fields must also exist in the directory. If not, you need to extend the schema in the directory. A mapping for the logical attributes of the Java API of the user administration to physical attributes that are used for the InetOrgPerson schema in the X.500 standard is delivered in the preconfigured UME XML files. If you use this standard without modifications, you do not need to change the attribute mapping data. 2011 © 2011 SAP AG. All rights reserved. 199 Unit 5: User and Authorization Administration ADM800 Figure 99: Appendix: Attribute Mapping 1/2 As shown in the figure, the data field FULLNAME (full name) is made up from the attributes givenName and sn (surname - last name). In the case of the telephone number, for example, the field in the database is telephone, while in the LDAP-compatible directory service the field is called telephoneNumber. As described in the previous section, you can use the Config Tool to display the actively used data source and the preconfigured data source combinations as an XML file. The attribute mapping is maintained in the XML configuration file for the data source. You can use a download mechanism in the Config Tool to write the XML configuration files to operating system level, change them there, and then upload them back into the system. You can find the overview of the XML configuration files in the Config Tool: 200 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Figure 100: Appendix: XML Files You can configure the attribute mapping in the relevant XML configuration file. For detailed information about the entire structure of the XML configuration file, see the SAP online documentation. For the attribute mapping, you only need to change the tag <attributeMapping> as shown in the figure. Figure 101: Appendix: Attribute Mapping 2/2 2011 © 2011 SAP AG. All rights reserved. 201 Unit 5: User and Authorization Administration ADM800 UME Parameters After you have selected and precisely configured a data source, there are many other parameters with which you can influence the behavior of the UME. The following figure provides an overview of the relevant areas: Figure 102: Functions of the UME Parameters: The following list presents a number of important, selected parameters: Date source(s) • 202 ume.persistence.data_source_configuration Name of the UME configuration file (depending on the data source, other parameters may be relevant for connecting the data source) © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Security Policy ume.logon.security_policy.auto_unlock_time Number of minutes after which a user locked because of invalid login attempts is unlocked again (if the value is 0 then the user remains locked) • ume.logon.security_policy.lock_after_invalid_attempts Number of invalid login attempts after which a user is locked (automatically set to 0 in an AS ABAP+Java) • ume.logon.security_policy.password_special_char_required Determines the minimum number of special characters that the password must contain • ume.logon.security_policy.password_alpha_numeric_required Specifies the minimum number of numeric and alpahetical characters that the password must contain (if the number is 3 then the password must contain at least 3 numbers and 3 letters) • ume.logon.security_policy.password_expire_days Number of days before the password expires • ume.logon.security_policy.password_max_length or ume.logon.security_policy.password_min_length Maximum or minimum length of the password • ume.logon.security_policy.useridmaxlength or ume.logon.security_policy.useridminlength Maximum or minimum length of the user ID There are different security policy profiles, e.g. Default and Technical User. The properties for the profile Technical User is hard coded and can not be changed. The properties can be viewed in the useradmin → Configuration → Securtiy Policy by selecting the profile. Changes of the Default security profile properties affects the properties mentioned above and vice versa. You can create own security policy profiles where you can maintain property settings different to the Default security policy profile. These settings can only viewed and maintained in this “simple” mode and is not accessible via expert mode or the configuration editor mode of the config tool. In the UME Administration Console you can maintain user and assign them a security policy profiles, so you can have user with different values of the security policy properties. By default, the Default security policy profile is assigned. • 2011 © 2011 SAP AG. All rights reserved. 203 Unit 5: User and Authorization Administration ADM800 E-mail Notification The UME can be configured in such a way that in certain situations (e.g. after locking a user), e-mails are sent via an external SMTP server. For this to be possible, of course, valid e-mail addresses must be stored in the user master records. • • • • • • • ume.notification.mail_host Name of the SMTP server for e-mail notification ume.notification.create_performed or ume.notification.delete_performed An e-mail is sent to the user as soon as the user is created or deleted by the administrator ume.notification.create_approval or ume.notification.create_denied An e-mail is sent to the user as soon as the administrator approves or rejects the creation of a user account. ume.notification.lock_performed bzw. ume.notification.unlock_performed An e-mail is sent to the user when the administrator locks or unlocks the user ume.notification.pswd_reset_request An e-mail is sent from the user to the administrator when the password is to be reset ume.notification.unlock_request An e-mail is sent from the user to the administrator when the account is to be unlocked ume.notification.system_email The sender's e-mail address is sent with a dummy name (the address does not have to exist) Logging On and Off • • ume.logon.branding_image Path to the image displayed in the logon screen ume.logoff.redirect.url Address that is called following logoff (only for the SAP NetWeaver portal) SAP Logon Ticket • • • 204 login.ticket_lifetime Lifetime of the SAP Logon Ticket (Format <hours>:<minutes>) login.ticket_client Dummy “client” written to the SAP Logon Ticket (default 000, in the case of AS ABAP+Java must be set to a client (value) which is not used in the ABAP system) ume.logon.security.relax_domain.level Number of subdomains to be removed (a value of 2 means that the SAP Logon Tickets issued by a system on the host twdf1234.wdf.sap.corp are sent to servers in the domain sap.corp) © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Groups • • • • ume.supergroups.anonymous_group.displayname ID of the group of anonymous users (default Anonymous Users) ume.supergroups.authenticated_group.displayname ID of the group of logged on users (default Authenticated Users) ume.supergroups.everyone.displayname ID of the group of all users (default Everyone) ume.virtual_groups.names IDs of virtual groups (formed on the basis of certain user properties) Administration • • • • • 2011 ume.admin.addattrs Makes it possible to add customer-specific attributes to the user master record ume.admin.search_maxhits Maximum number of search hits displayed in the Administration Console (default 1000) ume.admin.search_maxhits_warninglevel Number of hits as of which a warning is issued in the Administration Console (default 200) ume.admin.wd.url.help URL to the online documentation (may, for example, point to the customer's local help system) ume.admin.wd.table.size.<name> Specifies the number of rows for output in the Administration Console (for <name>, there are small, medium and large) © 2011 SAP AG. All rights reserved. 205 Unit 5: User and Authorization Administration 206 © 2011 SAP AG. All rights reserved. ADM800 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Exercise 9: User Management Engine Exercise Objectives After completing this exercise, you will be able to: • Save UME configuration data • Determine the current data source • Modify UME parameters Business Example Your company uses SAP NetWeaver Application Server ABAP+Java. Your UME data source consists of a combination of ABAB user management and a database. Task 1: Configuration Data Save and evaluate the current configuration data 1. If you have not already done so, log on to your SAP system at operating system level. 2. Log on to the UME administration console. 3. Save the current UME configuration in a file on your SAP server. 4. Using the ZIP file you have just saved, answer the following questions: – What data source is currently active? - After how many days does the user password expire? Result You have saved the current status of the UME configuration in a ZIP file and evaluated it. Task 2: Change Change a UME setting. 1. Use the UME Administration Console to change the threshold value for warnings in the case of extensive search results to 40. Hint: You may have to log off and log on to the system again for the changes to take effect. 2011 © 2011 SAP AG. All rights reserved. 207 Unit 5: User and Authorization Administration ADM800 Solution 9: User Management Engine Task 1: Configuration Data Save and evaluate the current configuration data 1. If you have not already done so, log on to your SAP system at operating system level. a) 2. 3. 4. See the task description. Log on to the UME administration console. a) Start a Web browser. b) Enter the URL http://<host name>.wdf.sap.corp:5<instance number>00/useradmin (for example: http://twdf1234.wdf.sap.corp:50000/useradmin). Save the current UME configuration in a file on your SAP server. a) Go to the view Configuration → Support. b) Choose the link Download Configuration Zip File. c) Choose Save and specify a path on your host. Using the ZIP file you have just saved, answer the following questions: – What data source is currently active? - After how many days does the user password expire? a) In the Windows Explorer, double-click to open the ZIP file which you saved previously. b) Double-click to open the file it contains: sapum-global.properties. c) You can use the following UME parameters to answer the questions which are asked: • • ume.persistence.data_source_configuration: Displays the current data source and should be set to dataSourceConfiguration_database_only.xml ume.logon.security_policy.password_expire_days: Displays the validity period of passwords in days. Result You have saved the current status of the UME configuration in a ZIP file and evaluated it. Continued on next page 208 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Structure and Configuration of the User Management Engine (UME) Task 2: Change Change a UME setting. 1. Use the UME Administration Console to change the threshold value for warnings in the case of extensive search results to 40. Hint: You may have to log off and log on to the system again for the changes to take effect. 2011 a) In the UME Administration Console, go to the view Configuration → User Admin UI. b) Switch to edit mode by choosing Change Configuration. c) Under Warning Threshold for Large Search Results, enter 40. d) Choose Save All Changes. © 2011 SAP AG. All rights reserved. 209 Unit 5: User and Authorization Administration ADM800 Lesson Summary You should now be able to: • List the various UME data sources • Determine the current data source assignment • Explain the term UME data partitioning • Identify and modify configuration parameters Related Information • • • 210 Online documentation for SAP NetWeaver 7.3x, path SAP NetWeaver Library: Function-Oriented View → Security → Identity Management → User Management of the Application Server Java → User Management Engine SAP Note 718383: Supported Data Sources and Modification Options SAP Note 948654 - Only use Global Settings for UME Properties © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: User and Group Administration Lesson: User and Group Administration Lesson Overview This lesson presents the tools for the administration of users and groups. Lesson Objectives After completing this lesson, you will be able to: • List and use the tools for administering users and groups Business Example You are using AS Java and use a Java application there. To log on to this application, you require a valid user. This must usually first be created. It is also possible to combine multiple users into groups, such as all buyers. Roles (authorizations) are then assigned to the users or groups. Different tools are used, depending on the active data source of the UME. The Link between Users, Groups and Roles In the UME environment, the term Principle designates the following, central “objects”: Principles in the UME Environment: Principle Meaning User General properties of a user (such as name, e-mail, telephone number etc.) User account Logon-related properties of a user (such as password, validity, lock indicator and so on) Group Set of user and/or groups Role Set of (Java) authorizations For historical reasons, users and user accounts are different principles which are typically associated. When the term user is employed below, then, more precisely, it is the associated principles user and user account that are intended. Note: Depending on the SAP NetWeaver usage type, the principles have an additional meaning (thus in a SAP NetWeaver portal there are portal roles that are also handled in the same way as a UME principle). The following figure shows how you can assign principles. 2011 © 2011 SAP AG. All rights reserved. 211 Unit 5: User and Authorization Administration ADM800 Figure 103: Assigning Principles Users are usually assigned to groups to which roles are then assigned. However, it is also possible to assign roles to users directly. The Principle group supports hierarchies of groups. A group may also possess higher and lower-level groups. Users actually possess the roles which • • • are directly assigned to them are assigned to the groups to which they belong are assigned to the higher-level groups of the groups to which they belong When performing a search in the UME Administration Console, you must always check the field Search Recursively if you want to see indirectly assigned principles. Special Features of the ABAP System Data Source If you use a client of an ABAP system (and consequently the configuration file dataSourceConfiguration_abap.xml) as the data source then UME behaves as follows: • • • 212 The ABAP users are visible in AS Java and can log onto AS Java with their ABAP passwords. The ABAP roles are depicted in AS Java as UME groups of the same name. In AS Java, the assignment of ABAP users to ABAP (composite) roles appears as the assignment of UME users to UME groups. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: User and Group Administration Figure 104: Special Features of the ABAP System Data Source The reason for this group administration concept is the shared authorization administration for applications that have both ABAP and Java components. Applications such as PI, for example, possess both ABAP and Java components. The ABAP authorizations are mapped with PFCG roles. The JEE authorizations are mapped with UME roles. A user should be assigned a PFCG role in the ABAP system and a UME role on the Java side for the user to have both ABAP and Java authorizations. To avoid this, the PFCG roles are visible as groups in the UME. The PFCG role (a group) can be assigned a UME role in the UME. If a user is assigned the PFCG role in the ABAP system, he or she automatically also receives the authorizations from the UME role. Assigning authorizations therefore becomes simpler. 2011 © 2011 SAP AG. All rights reserved. 213 Unit 5: User and Authorization Administration ADM800 The connection between the UME in an AS Java and user management in an AS ABAP is established via the Java Connector (JCo). To this end, a communication user existing in ABAP is stored as a UME parameter (this usually has SAPJSF in its name). This communication user's ABAP authorization determines whether it is possible to modify ABAP user master records using UME resources. • • The role SAP_BC_JSF_COMMUNICATION_RO gives the UME read access to the user data in the AS ABAP. The role SAP_BC_JSF_COMMUNICATION gives the UME write access to the user data in the AS ABAP. Hint: Even if the communication user gets write access to the user data in the AS ABAP, assigning users to PFCG roles in the UME is not possible. Note: If an ABAP system is used as the data source, then certain restrictions apply. These are listed in the online documentation. When configuring the “ABAP” data source, the ABAP user groups appear as Companies in the UME; this was introduced with Release 7.10. The assignment of the user group for authorization check in the user master record of the user in AS ABAP (transaction SU01) is represented in the UME as an assignment to the company. The delegated user administration can then be used immediately after the installation in the AS Java also. For more information about companies and the delegated user administration of the AS Java, go to the online documentation for SAP NetWeaver 7.3x, path SAP NetWeaver Library: Function-Oriented View → Security → Identity Management → User Management of the Application Server Java → Configuring User Management → Configuring Delegated User Administration Using Companies. Administration Tools The figures in this section explain the tools which you, as administrator, use to maintain users and groups. 214 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: User and Group Administration Figure 105: UME Administration Console The most important tool for a user administrator in an AS Java system is the UME Administration Console. This functions independently of the configured data source and is implemented as an application running in a Web browser (based on Web Dynpro Java). You start the user-friendly Administration Console... • • • via the URL http(s)://<hostname>.<domain>:<http(s) port>/useradmin via the SAP NetWeaver Administrator (URL .../nwa) via the path Configuration → Security→ Identity Management in a portal via the path User Administration → Identity-Management. Hint: The function scope available in the Administration Console depends on the current user's Java authorizations. For more information, see the lesson “The Java Authorization Concept”. 2011 © 2011 SAP AG. All rights reserved. 215 Unit 5: User and Authorization Administration ADM800 Figure 106: ABAP User Administration If you have used the UME configuration file dataSourceConfiguration_abap.xml to connect an ABAP system client, then the usual AS ABAP tools (such as transaction SU01) are available for user administration. User Types In the same way as AS ABAP, the UME distinguishes between different user types (also called Security Policy Profiles) which are listed in the following table: UME User Types/Security Policies 216 User Type/Security Policy Logon to AS Java Password Change Forced Mapped ABAP user types (with ABAP system as data source) Default possible yes Dialog Technical users possible no System Internal service user not possible – – Unknown depends on AS ABAP user type depends on AS ABAP user type Communication, Service and Reference “Self created” possible yes – © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: User and Group Administration You specify the user type when you create a user via the UME Administration Console (you may not create the type Unknown). In the case of existing users, subsequent changes to the user type are only possible with restrictions. Note: The last column in the table is only relevant if you are operating a UME with an ABAP system as the data source. Changes to the user type of an ABAP user are mapped to the corresponding UME user master record (and vice versa if the UME has write access to the ABAP system). Hint: You can define your own user types (also called Security Policy Profiles) in the UME configuration to provide you own set of password rules. For example you could create a user type with very strong password rules for your super users or emergency users. Log and Trace Files The following log and trace information is particularly relevant in the UME environment • • • • Security Log: File \usr\sap\<SID>\<instance_number>\j2ee\cluster\server<X>\log\system\security_<n>.log Security Audit Log: File \usr\sap\<SID>\<instance_number>\j2ee\cluster\server<X>\log\system\security_audit_<n>.log) Trace Files: File \usr\sap\<SID>\<instance_number>\j2ee\cluster\server<X>\log\defaultTrace_<n>.trc Directory Server Logs: If you use a directory server as data source, you can monitor the LDAP server accesses and connection pooling. The Security Audit Log allows you to trace changes to principles (e.g. modifications to users or created roles). The events that are logged depends on the set severity. The online documentation for SAP NetWeaver 7.3 describes the severity associated with each event (path SAP NetWeaver Library: Function-Oriented View → Security → Identity Management → User Management of the Application Server Java → Troubleshooting → Logging and Tracing 2011 © 2011 SAP AG. All rights reserved. 217 Unit 5: User and Authorization Administration 218 © 2011 SAP AG. All rights reserved. ADM800 2011 ADM800 Lesson: User and Group Administration Exercise 10: User and Group Administration Exercise Objectives After completing this exercise, you will be able to: • Administer users and group in the AS Java Business Example You are using AS Java and are responsible for user administration. New users should have access to selected applications. Task 1: User Maintenance Copy and modify a user using the UME Administration Console 1. Log on to the UME administration console with the your user. 2. Copy the template user TEMPLATE to a user JAVA-## (## corresponds to your group number). 3. What UME roles does your user JAVA-## have? Result You can manage users in the UME Administration Console. Task 2: Group Maintenance Create and modify UME groups using the UME Administration Console 1. Attempt to start the NWA as user JAVA-##. 2. Log on to the UME administration console with your course user. 3. Create a UME group GROUP-## and assign the user JAVA-## and the UME role NWA_READONLY to it. 4. Attempt to start the NWA as user JAVA-## again. Result You can use the UME Administration Console to manage groups. 2011 © 2011 SAP AG. All rights reserved. 219 Unit 5: User and Authorization Administration ADM800 Solution 10: User and Group Administration Task 1: User Maintenance Copy and modify a user using the UME Administration Console 1. Log on to the UME administration console with the your user. a) Start a Web browser. b) Enter the URL http://<hostname>.wdf.sap.corp:5<instance>00/useradmin (for example http://twdf1234.wdf.sap.corp:50000/useradmin). Note: Alternatively, you can call the UME Administration Console via the NWA. c) 2. 3. Log on with your user. Copy the template user TEMPLATE to a user JAVA-## (## corresponds to your group number). a) In the Identity Management area of the UME administration console, run a search for the user TEMPLATE. b) Select the hit and choose Copy to New User. c) In the General Information tab, enter the Login ID (set to JAVA-##), Password and Last Name (any). d) Do not change the other fields and Save the data. What UME roles does your user JAVA-## have? a) In the Administration Console, view the details for the user JAVA-## in display mode. b) Go to the Assigned Roles tab. Check Search Recursively and choose Go. You should see that the copied user has the same roles and (groups) as the copy template. Result You can manage users in the UME Administration Console. Continued on next page 220 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: User and Group Administration Task 2: Group Maintenance Create and modify UME groups using the UME Administration Console 1. Attempt to start the NWA as user JAVA-##. a) Close any Web browser windows. b) Enter the URL http://<host name>.wdf.sap.corp:5<instance>00/nwa (for example: http://twdf1234.wdf.sap.corp:50000/nwa). c) Enter the logon data for the user JAVA-## (and change the password). You will see a message informing you that you do not have the necessary authorizations. 2. Log on to the UME administration console with your course user. a) Enter the URL http://<host name>.wdf.sap.corp:5<instance>00/useradmin (for example: http://twdf1234.wdf.sap.corp:50000/useradmin). Note: Alternatively, you can call the UME Administration Console via the NWA. b) 3. Log on with your course user. Create a UME group GROUP-## and assign the user JAVA-## and the UME role NWA_READONLY to it. a) In the Identity Management area of the UME administration console, switch to the Groups view. b) Choose Create Group. c) In the General Information tab, enter GROUP-## under Unique Name. d) Go to the Assigned Users tab. Under Available Users search for the user JAVA-##. Select this entry and click Add. e) Go to the Assigned Roles tab. Under Available Roles, search for the role NWA_READONLY. Select this entry and click Add. f) Save the group. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 221 Unit 5: User and Authorization Administration 4. ADM800 Attempt to start the NWA as user JAVA-## again. a) Close any Web browser windows. b) Enter the URL http://<host name>.wdf.sap.corp:5<instance>00/nwa (for example: http://twdf1234.wdf.sap.corp:50000/nwa). c) Enter the logon data for the user JAVA-##. You can now work with the NWA (for viewing). Result You can use the UME Administration Console to manage groups. 222 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: User and Group Administration Lesson Summary You should now be able to: • List and use the tools for administering users and groups Related Information • 2011 Online documentation for SAP NetWeaver 7.3x, path SAP NetWeaver Library: Function-Oriented View → Security → Identity Management → User Management of the Application Server Java → User Management Engine © 2011 SAP AG. All rights reserved. 223 Unit 5: User and Authorization Administration ADM800 Lesson: The Java Authorization Concept Lesson Overview To access an application, authentication is usually required. Not all users perform the same actions. Authorizations control which functions are permitted for a user. These authorizations must be assigned to a user. Lesson Objectives After completing this lesson, you will be able to: • • • • Explain the terms UME role and JEE security role List the authorization administration tools Assign actions and JEE security roles to a UME role Assign authorizations to users and groups Business Example SAP systems perform authorization checks within the SAP NetWeaver platform with a role-based approach. This means that you assign authorizations to users or groups with this specific system on the basis of the tasks that are to be performed. Users and Authorizations in SAP NetWeaver AS Java You can use authorizations to control which users can access a Java application, and which actions are permitted for a user. Authorizations are combined as roles and then assigned to a user or a user group by an administrator. The UME administration console (also integrated in the SAP NetWeaver Administrator) is used to assign authorizations. Authorization checks are built into a Java application. Here you can differentiate by different objectives. 224 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: The Java Authorization Concept Figure 107: Authorization Concept in the AS Java Protecting access to an application is done using the check to see whether the appropriate JEE security role is assigned to the requesting user. If the user does not have the required security role, an error message is displayed, and access is denied. The user already has access to the application when protecting access to individual activities. When requesting a special activity, for example Delete, the system checks whether the required JEE security role or UME permission is assigned (by means of UME action and UME role). Furthermore, you have the option of managing the protection of access to object instances (to folders or documents for example) using the Access Control List (ACL). With all the types of authorization check specified, the developer needs to define the authorizations query in the application. The developer decides which type of authorization check is to be used. This means in practice that the application determines which of the following, JEE security roles, UME permissions or UME ACLs, is used. JEE security roles are part of the JEE standard. UME permissions are an SAP-specific concept. Basically, you can define the same authorization checks with JEE security roles and UME permissions. Certain programming techniques for SAP applications that enhance the JEE standard require the use of UME permissions however. Therefore, an administrator should be familiar with both concepts. 2011 © 2011 SAP AG. All rights reserved. 225 Unit 5: User and Authorization Administration ADM800 Appendix: Declarative and Programmatical Authorizations Authorizations can be defined as either declarative or programmatical: • • Declarative means that the Java container (Web container, EJB container for example) forces the access control, without the developer having to do the programming work. A security role is defined in the application (by annotation) or in the deployment descriptor of the application. With each call the container checks whether the user is assigned to the required security role. Programmatical means that the developer uses a method to check whether a caller of an EJB or a Web resource is assigned to a certain authorization (security role or UME permission). The authorization check is defined directly in the source code. The declarative approach is usually used for JEE security roles. UME permissions are always checked programmatically. UME roles In the UME, there is a role concept with which authorizations, users or groups are assigned. These authorizations relate to authorization checks that are defined in the coding of the SAP Java application. The authorization concept in the UME uses permissions, actions, and roles. Permissions are defined in the Java coding (programmatical authorizations). Permissions are used to provide an access control. Permissions cannot be assigned directly to a user. An action is a collection of permissions. The developer of an SAP Java application defines his/her own actions and specifies the authorizations in the XML file actions.xml. Actions are displayed in the UME administration console. You can use the UME administration console to combine these actions into roles. UME roles group actions of one or more applications. You can assign UME roles to users in the UME administration console. Many of SAP's Java applications work with UME roles. 226 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: The Java Authorization Concept Figure 108: Structure of UME Roles The figure shows the Purchase Order application as an example. This application consists of multiple objects, such as Create order, Approve order, into which a developer has built the corresponding authorization check directly in the coding. With UME roles, permissions (authorization objects) are defined directly in the coding and then bundled into actions by the developer. The administrator can then combine these actions into roles, and assign them to a user or a user group. Developers can define very detailed authorizations on the basis of this concept, but the complexity is hidden behind a small number of actions. Actions are predefined by the developer, delivered to customers together with the application, and are available as an XML file. This allows a simple, clear and cross-application authorization concept for large Java applications. JEE security roles JEE security roles are part of the JEE standard. A JEE security role (also security role) is an abstract logical definition that protects access to an application, a service, or another resource. The security role consists of only a name and a description. The security role relates only to the application for which it was defined. Security roles allow an access check for JEE applications. The authorizations are usually defined declaratively. A developer creates a security role for each application object requiring protection. The protected application, its protected modules, classes or methods can be used by a user only if the administrator has assigned the users or groups to the security role. 2011 © 2011 SAP AG. All rights reserved. 227 Unit 5: User and Authorization Administration ADM800 Figure 109: Structure of JEE Security Roles The figure shows the Purchase Order application as an example. For this application, a developer creates objects such as Create order, Approve order, and so on. If you are using JEE security roles, a security role must be created for each object. The security role is defined either in the deployment descriptor (XML file) or directly in the application coding. In addition to the security roles specified by the developer, the UME generates further security roles that are valid for the entire application. The advantage here is that these roles can be combined into one application-wide security role for several security roles with the same name. The administator has only to concern himself/herself with the assignment of these security roles. You see the following behavior in the JEE standard: If a security role of a module is assigned to a user and he/she accesses another module of this application that is protected with a security role of the same name, he/she is granted access. The UME concept of combining the security roles of an application therefore only makes life a little easier for the administrator; it is not a security restriction. These security roles dynamically generated by the UME appear in the UME administration console as actions of the type J2EE. As a user administrator, you can now create UME roles that contain security roles (as actions) and assign these to users and groups. Using the detour of the UME roles, authorizations can in turn be assigned across all applications. There are some special actions you can use for segregation of duties. These are Manage_Role_Assignments_SoD and Manage_Roles_SoD. A user with the activity Manage_Role_Assignments_SoD is able to assign roles to any user but himself. A user with the Manage_Roles_SoD activity is able to create roles. The user is able to maintain all roles (assign actions) exept roles which are assigned to 228 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: The Java Authorization Concept himself. Do not combine the following actions: Manage_Users, Manage_Groups, Manage_Roles, Manage_all_Companies, Manage_Role_Assignments_SoD and Manage_Roles_SoD. Creating and Assigning UME Roles You can use the UME administration console to maintain UME roles. You perform both the assignment of actions to UME roles and the assignment of roles to UME users or groups there. JEE security roles are also displayed as actions in the UME administration console. After logging on with an administrator user, select the appropriate role, display the assigned actions, and change the role, if necessary. Then assign the role to a user and/or a group. Figure 110: Maintaining UME Roles (UME Administration Console) It is particularly important for the administration of authorizations that the Java application UME itself provides with a large number of actions. These UME actions permit the precise definition of the rights which users have to principles (e.g. “display all users” or “maintain all groups”). The online documentation for SAP NetWeaver 7.3x descirbes the actions supplied by SAP for the UME itself (path SAP NetWeaver Library: Function-Oriented View → Security → Identity Management → User Management of the Application Server Java → Reference Documentation for User Management → Standard UME Actions). 2011 © 2011 SAP AG. All rights reserved. 229 Unit 5: User and Authorization Administration ADM800 ACL Maintenance As described at the start of this lesson, you have the option of managing the protection of access to object instances (to folders or documents for example) using an Access Control List (ACL). The developer uses the ACL-API of the UME here. However, since the UME does not provide a UI for ACL maintenance, the developer must develop an individual UI for ACL maintenance. Therefore, there are differences in the UI and also in the authorizations to be assigned in concrete ACL maintenance depending on the application. There are details about ACL maintenance in the security and administration guide of the corresponding applications. In particular, ACL maintenance is used in addition to UME administration in the SAP NetWeaver Portal. 230 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: The Java Authorization Concept Exercise 11: Create and Assign UME Roles Exercise Objectives After completing this exercise, you will be able to: • Create UME roles • Assign actions to UME roles • Assign UME roles to users and groups Business Example SAP systems perform authorization checks within the SAP NetWeaver platform with a role-based approach. This means that you assign authorizations to users in this specific system on the basis of the tasks to be performed. Task: Create and Assign a UME Role Create a UME role with different actions and assign them to users. 1. Can the user JAVA-## call the UME Administration Console and make changes? Hint: You have created this user in a previous exercise. 2. Can the user JAVA-## call the application OpenSQLMonitors? 3. Use your course user to create a UME role SimpleAdmin-##, which allows change access to all users and access to the application OpenSQLMonitors. Assign this role to the group GROUP-##. 4. Can the user JAVA-## now make changes in the UME Administration Console? 5. Can the user JAVA-## now access the application OpenSQLMonitors? Result You can administer UME roles and assign actions. 2011 © 2011 SAP AG. All rights reserved. 231 Unit 5: User and Authorization Administration ADM800 Solution 11: Create and Assign UME Roles Task: Create and Assign a UME Role Create a UME role with different actions and assign them to users. 1. Can the user JAVA-## call the UME Administration Console and make changes? Hint: You have created this user in a previous exercise. a) Close any Web browser windows. b) Enter the URL http://<host name>.wdf.sap.corp:5<instance>00/useradmin (for example: http://twdf1234.wdf.sap.corp:50000/useradmin). c) Enter the logon data for the user JAVA-##. The user JAVA-## can use the Administration Console but has only read access to the principles. Note: Thanks to the UME role NWA_READONLY that was previously assigned to the group GROUP-##, the user possesses the action Read_All of the type UME which permits read access. 2. Can the user JAVA-## call the application OpenSQLMonitors? a) Close any Web browser windows. b) Enter the URL http://<host name>.wdf.sap.corp:5<instance>00/OpenSQLMonitors (for example: http://twdf1234.wdf.sap.corp:50000/OpenSQLMonitors). c) Enter the logon data for the user JAVA-##. The system displays an error message due to insufficient authorizations. The user JAVA-00 has not assigned the required security role. Continued on next page 232 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: The Java Authorization Concept 3. 4. Use your course user to create a UME role SimpleAdmin-##, which allows change access to all users and access to the application OpenSQLMonitors. Assign this role to the group GROUP-##. a) Log on to the UME administration console with your course user. b) In the Identity Management area of the UME administration console, switch to the Role view. c) Choose Create Role. d) In the General Information tab, enter SimpleAdmin-## under Unique Name. e) Go to the Assigned Actions tab. Under Available Actions search for the action Manage_Users. Select this entry and click Add. f) Under Available Actions search for the action OpenSQLMonitorLogonRole. Select the entry of the type J2EE and choose Add. g) Go to the Assigned Groups tab. Under Available Groups search for the group GROUP-##. Select this entry and click Add. h) Save the new role. Can the user JAVA-## now make changes in the UME Administration Console? a) Log on at the UME Administration Console as user JAVA-## and test the possibilities. The user JAVA-## can use the Administration Console and administer all the users but is not authorized to modify roles and groups (and can therefore also not assign these principles to users). 5. Can the user JAVA-## now access the application OpenSQLMonitors? a) Log on to the application OpenSQLMonitors with the user JAVA-##? The call works this time. Result You can administer UME roles and assign actions. 2011 © 2011 SAP AG. All rights reserved. 233 Unit 5: User and Authorization Administration ADM800 Lesson Summary You should now be able to: • Explain the terms UME role and JEE security role • List the authorization administration tools • Assign actions and JEE security roles to a UME role • Assign authorizations to users and groups Related Information • 234 Online documentation for SAP NetWeaver 7.3, path SAP NetWeaver Library: Function-Oriented View → Security → Identity Management → User Management of the Application Server Java → Reference Documentation for User Management © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Special Principles Lesson: Special Principles Lesson Overview You require special users to administer an AS Java. You can log on to the administration tools initially with these users only. If you have forgotten or locked the password of your administration user, you can activate an emergency user that can still log on. Lesson Objectives After completing this lesson, you will be able to: • • • List a number of “special” principles Change the password of the standard administration user Activate the emergency user Business Example You are using Java applications that run on AS Java. The (only) administration user has been locked due to failed logon attempts and no further administrative activities can be performed. In this case, you need to activate the emergency user. Default Principles During AS Java installation, certain principles are created for special purposes while others are created subsequently by the administrator. In this section you will get to know some of these “default principles”. In some cases, the default IDs of these principles depend on the employed data source. Default Users The following table presents important default users: 2011 © 2011 SAP AG. All rights reserved. 235 Unit 5: User and Authorization Administration ADM800 Default Users Data Source ABAP System User Database LDAP Server Add-In (ABAP+Java) Administration user Administrator Administrator J2EE_ADMIN Guest user Guest Guest J2EE_GUEST J2EE_GST_<SID> Communication user to data source SAP<SID>DB Freely definable SAPJSF Remote J2EE_ADM_<SID> SAPJSF_<SID> The administration user has unrestricted access to AS Java and you should therefore assign this account to only very few people and assign a password that is very secure. If you use a client of an ABAP system as the data source, the listed user master records are located on this ABAP client (and can be viewed in SU01): In the case of a remote ABAP system, the SID of the AS Java system is incorporated in the user name. This allows you to distinguish between users if multiple AS Java systems are connected to a single ABAP client. Among other things, the guest user is used for anonymous access to AS Java, for example in order to construct the logon form in the Web browser. This user is normally locked. Do not delete this user. In addition to the users that are listed above, application-specific default users also exist in a pure AS Java system. You must therefore take care of further default users depending on the installed product. Default Groups The following table presents important default groups: Default Groups Group 236 Data Source Database LDAP Server ABAP System Administrators Administrators Administrators SAP_J2EE_ADMIN Guests Guests Guests SAP_J2EE_GUEST © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Special Principles Group Data Source Database LDAP Server ABAP System All Users Everyone Everyone Everyone Authenticated Users Authenticated Users Authenticated Users Authenticated Users Anonymous Users Anonymous Users Anonymous Users Anonymous Users All the users that you assign to the Administrator group are given extensive system authorizations (in respect of the administrator role assigned to this group (see next section)). Initially, the default administration user is entered here. Initially, the default guest user and the default guest role are assigned to the guest group. In addition, the UME possesses a built-in groups adapter which is responsible for the following three special groups: • • • Everyone: Every (!) user is always a member of this group. If you assign roles/actions to this group then every user (including those that you may create in the future) has the corresponding authorizations. Authenticated Users: You assign all the users who - in whatever way - have to log onto AS Java to this group. Anonymous Users: You assign all the users who are able to log on anonymously to this group (configured by means of the UME property ume.login.guest_user.uniqueids). The following therefore applies: Authenticated Users + Anonymous Users = Everyone. In addition to these default groups, there are also application-specific groups depending on the installed product. Default Roles The following table presents important default roles: Default Roles Role 2011 Meaning Administrator Provides extensive Java authorizations for administrators (via actions) Everyone Contains some basic end user authorizations. © 2011 SAP AG. All rights reserved. 237 Unit 5: User and Authorization Administration ADM800 Although by default no users are directly assigned to these two roles, the Administrator role is linked to the Administrators group. The role Everyone is assigned to the group Everyone; therefore, it is assigned to all users. Emergency User You need to activate an emergency user for the UME if the user management has been incorrectly configured and no one can log on to an application, or all administration users are locked. This emergency user is called SAP* and can log on to any application and to the configuration tools. The SAP* user has full administration authorizations and, for security reasons, does not have a default password. You set the password as part of emergency user activation. Hint: The emergency user is generally not important in systems in which the UME runs (successfully) with the ABAP data source as you can always create a user in ABAP and give it Java administration rights. Figure 111: Activating the Emergency User 238 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Special Principles Proceed as follows to make a correction with the SAP* user: 1. Activate the SAP* user a) b) c) d) e) Stop the Java cluster. In the Config Tool, open the Configuration Editor mode. Navigate to cluster_config → system → custom_global → cfg → services → com.sap.security.core.ume.service → Propertysheet properties.. Switch to change mode. Set ume.superadmin.activated to the value true. Set ume.superadmin.password to any password. 2. f) Start the Java cluster. Change the configuration a) Log on with the user SAP* and the password that you have just set Note: While the SAP* user is active, all other users are deactivated 3. b) Correct the problem; for example, unlock the administration user Deactivate the SAP* user a) b) c) d) e) f) 2011 Stop the Java cluster. In the Config Tool, open the Configuration Editor mode. Navigate to cluster_config → system → custom_global → cfg → services → com.sap.security.core.ume.service → Propertysheet properties.. Switch to change mode. Set ume.superadmin.activated to the value false. Start the Java cluster. © 2011 SAP AG. All rights reserved. 239 Unit 5: User and Authorization Administration 240 © 2011 SAP AG. All rights reserved. ADM800 2011 ADM800 Lesson: Special Principles Exercise 12: Default Principles and Emergency Users Exercise Objectives After completing this exercise, you will be able to: • Evaluate default principles • Activate the emergency user Business Example You are using a Java application that runs on AS Java. The (only) administration user has been locked due to failed logon attempts and no further administrative activities can be performed. In this case, you need to activate the emergency user. Task 1: Default Groups Evaluation of the groups assigned to a user. 1. Which UME groups are assigned to your current user? Which of these are default groups? Result You can evaluate the default groups which are assigned to a user. Task 2: Emergency User Activate (and deactivate) the UME emergency user. 1. Stop all application servers of your system. Note: You do not have to stop the Central Services instance. 2. Activate the UME emergency user. 3. Start all application servers of your system. 4. Try to log on to the UME administration console with your normal user for this course. 5. Try to log on to the UME administration console with the user SAP*. 6. Deactivate the UME emergency user. Result You can activate the UME emergency user. 2011 © 2011 SAP AG. All rights reserved. 241 Unit 5: User and Authorization Administration ADM800 Solution 12: Default Principles and Emergency Users Task 1: Default Groups Evaluation of the groups assigned to a user. 1. Which UME groups are assigned to your current user? Which of these are default groups? a) Enter the URL http://<host name>.wdf.sap.corp:5<instance number>00/useradmin (for example: http://twdf1234.wdf.sap.corp:50000/useradmin). b) Enter the logon data of the user. c) In the Identity Management area of the administration console, run a search for the user that you just used to log on. d) Select the hit. e) Go to the Assigned Groups tab. If you perform a search with the Search Recursively field selected, all the assigned groups will be listed. By using the search criterion Built-in Groups Adapter, you will see the default groups Everyone and Authenticated Users to which this user is assigned. Result You can evaluate the default groups which are assigned to a user. Continued on next page 242 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Special Principles Task 2: Emergency User Activate (and deactivate) the UME emergency user. 1. Stop all application servers of your system. Note: You do not have to stop the Central Services instance. 2. 3. a) Open a Web browser and call the SAP Management Console using the URL http://<host name>.wdf.sap.corp:5<instance number>13, for example http://twdf1234.wdf.sap.corp:50013. b) Confirm the security information and wait until the SAP MC opens. c) Select the entry for the whole system, right-click and choose Stop. d) In the selection box under Choose which components have to be affected by the operation., choose Dialog Instances and confirm with OK. e) Wait until all instances, except for the Central Services instance, have stopped. Activate the UME emergency user. a) Start the Config Tool at operating system level of your SAP system. b) Go to Switch to configuration editor mode. c) Navigate to cluster_config → system → custom_global → cfg → services → com.sap.security.core.ume.service → Propertysheet properties and switch in the edit mode. d) Set the parameter ume.superadmin.activated to the value true and the parameter ume.superadmin.password to any password. Start all application servers of your system. a) Open a Web browser and call the SAP Management Console using the URL http://<host name>.wdf.sap.corp:5<instance number>13, for example http://twdf1234.wdf.sap.corp:50013. b) Confirm the security information and wait until the SAP MC opens. c) Select the entry for the whole system, right-click and choose Start. d) In the selection box under Choose which components have to be affected by the operation., choose Dialog Instances and confirm with OK. e) Wait until all instances have started. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 243 Unit 5: User and Authorization Administration 4. Try to log on to the UME administration console with your normal user for this course. a) 5. The logon fails with the message “User SAP* is active”. Try to log on to the UME administration console with the user SAP*. a) 6. ADM800 The logon is successful. In the UME Administration Console, the user SAP* can call all the principles. Deactivate the UME emergency user. a) Stop all application servers of your system again. See step 1. b) Use the Configuration Editor Mode to reset the parameter ume.superadmin.activated to its shipped value false (Restore default button). See step 2. c) Start all application servers of your system. See step 3. Result You can activate the UME emergency user. 244 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Special Principles Lesson Summary You should now be able to: • List a number of “special” principles • Change the password of the standard administration user • Activate the emergency user Related Information • • 2011 Online documentation for SAP NetWeaver CE 7.1x, path SAP NetWeaver Composition Environment Library → Administrator’s Guide→ Administration of SAP NetWeaver CE→ Security and User Administration→ Identity Management for Application Server Java Online documentation for SAP NetWeaver CE 7.1x, path SAP NetWeaver Composition Environment Library → Administrator’s Guide → SAP NetWeaver CE Security Guide → Security Guides for CE Core Components→ SAP NetWeaver Application Server Java Security Guide → User Administration and Authentication © 2011 SAP AG. All rights reserved. 245 Unit 5: User and Authorization Administration ADM800 Lesson: Logon Procedure of the AS Java Lesson Overview The Standard Java Authentication and Authorization Service (JAAS) was implemented in the AS Java to support different logon procedures. This lesson explains the basics of the configuration of the AS Java logon procedures. Lesson Objectives After completing this lesson, you will be able to: • • • • • list the supported logon procedures of the AS Java explain the functions of login modules change the standard logon procedure of the AS Java explain Kerberos logon (SPNego) set up X.509 logon Business Example The company XYZ Petro uses a custom-built Composite Application as a central procurement process. The process requires accesses to various runtime systems. A uniform logon procedure should be used for all involved systems to simplify access to the process and the connected systems for the users without neglecting security aspects. Basics The Standard Java Authentication and Authorization Service (JAAS) was implemented in the AS Java to support different logon procedures. Depending on the requirement and scenario, this enables you to choose the appropriate logon procedure, or to develop your own logon mechanisms according to JAAS: 246 • • Anonymous logon User ID and password • • • • • – Basic authentication – Digest Access Authentication – Form-based Digital Certificates (X.509) Windows Logon (Kerberos) Logon Ticket Assertion Ticket SAML Assertions © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logon Procedure of the AS Java When logging on with your user ID and password, you distinguish between the HTTP standard methods Basic Authentication and Digest Access Authentication (see RCF2617 of the Internet Engineering Task Force (IETF): http://tools.ietf.org/html/rfc2617), as well as entering data in an HTML form. Logon Ticket and Assertion Ticket are SAP-specific procedures with Assertion Ticket used only for system-system communication (see below). The anonymous logon is expecially interesting for Internet scenarios with the SAP NetWeaver Portal. It enables system access without specifying logon data. SAML stands for Security Assertion Markup Language and is a standard of the Organization for the Advancement of Structured Information Standards (OASIS). SAML enables authentication in open system environments, such as in the Internet for example. Details about the standard can be found under http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security. The implementation of JAAS in SAP NetWeaver AS Java is based on so-called login modules. A login module is the concrete implementation of the flow logic of the authentication. Several login modules can be combined to make a login module stack (also called authentication stack). Configuration of the Logon Procedure The administrator can adjust the logon procedures for the delivered applications. For this purpose, maintain the policy configuration of the corresponding application in the SAP NetWeaver Administrator (http://host:Port/nwa) under Configuration → Security → Authentication and Single Sign-0n. Using the policy configuration, a login module or an authentication stack can be assigned to an application to determine the logon procedure for this application. 2011 © 2011 SAP AG. All rights reserved. 247 Unit 5: User and Authorization Administration ADM800 Figure 112: Policy Configuration in the SAP NetWeaver Administrator You can find the delivered authentication stacks in the policy configuration, for example ticket under the type Template. Since ticket is the standard logon procedure for all Web Dynpro applications and for most of the other applications in the AS Java as well, you can easily set up another procedure by changing ticket. If you do not want to change the delivered standard, you can also define your own authentication stacks. Custom-built login modules in accordance with the JAAS standard can also be implemented. To ensure that the SAP applications also use the stack you created, this must be assigned in the policy configuration of the application. Here however you have to differentiate between a simple Web application or a Web Dynpro Java application. In simple Web applications, the required login modules or the required authentication stack is assigned directly in the policy configuration of the concrete application. All applications that are programmed in Web Dynpro Java are configured using a single servlet (sap.com/tc~wd~dispwda*webdynpro_dispatcher). Therefore, you cannot set up different logon procedures for different Web Dynpro Java applications; you can only set up one uniform logon procedure for all. If no explicit policy configuration is stored for a Web application or for sap.com/tc~wd~dispwda*webdynpro_dispatcher, the authentication stack configured with the UME parameter ume.login.context is used. 248 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logon Procedure of the AS Java In summary, you have the following change options for the logon procedure: • • • Direct change of the ticket policy configuration. Change of the policy configuration sap.com/tc~wd~dispwda*webdynpro_dispatcher for all applications in the Web Dynpro Java collectively. Change of each individual policy configuration for simple Web applications. A policy configuration comprises login modules. There are many login modules available in AS Java, some of them are: • • • • • BasicPasswordLoginModule: This login module is used to perform user authentication with user name and password, e.g. in JSP forms. ClientCertificateLoginModule: This login module performs a certificate logon to J2EE Engine. CreateTicketLoginModule: This login module is used to create the logon tickets. EvaluateTicketLoginModule: This login module is used to verify the logon tickets issued by other servers SPNegoLoginModule: This login module is used for SSO with Kerberos authentication. It implements the Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) on SAP NetWeaver AS Java. . • Note: A list of login modules can be found in the online documentation for SAP NetWeaver 7.3 at: SAP NetWeaver Library: Function-Oriented View → Security → User Authentication and Single Sign-On → Authentication Imfrastructure → AS Java Authentication Infrastructure → Login Modules The ticket policy configuration is shown as an example here: Policy Configuration: ticket 2011 Login Module Flag EvaluateTicketLoginModule SUFFICIENT BasicPasswordLoginModule REQUISITE CreateTicketLoginModule OPTIONAL © 2011 SAP AG. All rights reserved. 249 Unit 5: User and Authorization Administration ADM800 In the above example the login modules are configured in such a way that: 1. 2. 3. AS Java checks to see if the user presents a valid logon ticket, if so the logon ticket is accepted and no further processing is done. If no logon ticket exists, AS Java authenticates the user using Basic Authentication. Only after the successful authentication, the user is issued a logon ticket. The following table explains the meaning of the possible Flags in detail. Login Module Flags Flag Required to Succeed Description OPTIONAL No Authentication proceeds down the list if the module has succeeded or has failed. REQUIRED Yes Authentication proceeds down the list of modules if the module has succeeded or has failed. REQUISITE Yes If successful, the authentication proceeds down the list, otherwise control returns to the application – that is, the authentication does not proceed. SUFFICIENT No If the authentication is successful, control returns to application; otherwise, the authentication proceeds. To give a better understanding the next table shows the effects of the different flags during a authentication process. Example of Login Module Flags Module Flag Module1 Pass/Fail Pass/Fail SUFFICIENT Pass Fail Fail Module 2 REQUISITE – Pass Fail Module 3 OPTIONAL – Pass – Pass Pass Fail Overall Authentication Pass/Fail Note: See the online documentation for more information about configuring logon tickets on SAP NetWeaver AS Java 250 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logon Procedure of the AS Java Logon Ticket In the standard delivery, the AS Java uses logon tickets in the logon procedure. The authentication stack ticket that is used first checks whether there is a valid logon ticket (EvaluateTicketLoginModule). If there is not a valid logon ticket, the user must enter his/her user ID and password (BasicPasswordLoginModule). A logon ticket is issued if the entries are correct (CreateTicketLoginModule). The logon ticket is sent from the browser in the standard system for each request, which goes to the same domain of the issuing system and can therefore be used to log on to other systems (Single Sign-On). Caution: If logon tickets are used as a logon procedure or for Single Sign-On, you should make sure that the logon ticket cannot be caught and/or forwarded. We therefore strongly recommend encryption here. Figure 113: Logon Ticket Technically, the logon ticket is a session cookie. This means that the cookie is not saved, rather it is only held in the working memory. It is deleted when the browser session finishes. The logon ticket contains the following data: 2011 © 2011 SAP AG. All rights reserved. 251 Unit 5: User and Authorization Administration ADM800 Figure 114: Contents of the Logon Ticket Prerequisite for Single Sign-On with the logon ticket is an identical user ID in the issuing and accepting system. The accepting system must be configured in such a way that the logon ticket of the issuing system is accepted. Using the digital signature, the issuing system can be uniquely identified and at the same time the integrity of the logon ticket can be verified. Assertion Ticket Assertion tickets are an extension of the logon tickets. The main differences are: • • • Assertion tickets are not stored temporarily like logon tickets Assertion tickets are only valid for 2 minutes Assertion tickets are issued directly for the respective target system. Older systems interpret the assertion ticket as a logon ticket. The configuration for Single Sign-On is therefore along the same lines as the configuration for logon tickets. The application area of the assertion tickets is first and foremost the system-system communication via RFC or HTTP. For example, in the AS Java, destinations can use the assertion ticket as a logon method. In the AS Java, you can use the login modules CreateAssertionTicketLoginModule and EvaluateAssertionTicketLoginModule as well as the policy configuration evaluate_assertion_ticket to issue and verify assertion tickets. An assertion ticket is issued when a connection to a remote system is established. 252 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logon Procedure of the AS Java Example: Kerberos Logon (SPNego) Another supported logon procedure, which is of particular relevance to Windows environments, is the Kerberos logon. A Kerberos ticket is evaluated by the AS Java using the SPNegoLoginModule during the logon. SPNego stands for Simple and Protected GSS-API Negotiation Mechanism. The GSS-API (Generic Security Services API) is a standard interface for security services. However, the GSS-API is troublesome in that different implementations are incompatible with one another. Therefore, a standard was developed with SPNego to find out which authentication mechanisms understand both communication partners and for these then to be used. In Microsoft Windows, the SPNego interface is used as Intergrated Windows Authentication. The actual authentication mechanism here is NTLM (NT LAN Manager) or Kerberos. The following figure clarifies the Kerberos logon process for the AS Java in combination with a Microsoft Active Directory Server (used as a Windows-Domain-Controller and Key Distribution Center (KDC)): Figure 115: Kerberos Logon We assume that the user has already logged on to the Windows domain successfully. The user was already identified by the Active Directory for this purpose. Prerequisite for the logon to the AS Java: There must be some sort of assignment of the users in the AS Java to the users in the Active Directory. The best way this works is if the UME of the AS Java uses the Active Directory as a data source via the LDAP interface. However, other scenarios are also supported. 2011 © 2011 SAP AG. All rights reserved. 253 Unit 5: User and Authorization Administration ADM800 If the user (Alice) now wants to call an application in the AS Java using the Web browser (step 1), the AS Java sends the HTTP error message 401 - Unauthorized and at the same time the value Negotiate in the HTTP header www-authenticate (step 2). In step 3, the browser requests a Kerberos ticket (for Alice) from the KDC to log on to the host used in step 1. The Web browser transfers the host name of the AS Java in the request. The KDC must now (in step 4) identify the service user ID (see below) for this AS Java using the transferred host name and issue a ticket that is encrypted with the secret key of the service user that is found when identification takes place. In step 5, the encrypted Kerberos ticket is then sent to the browser of the user (Alice). This passes the ticket in step 6 on to the AS Java. In step 7, the AS Java decrypts the ticket using the secret key (of the service user in the KDC, see below) and the user (Alice) is authenticated. From this process some required configuration settings for the Kerberos logon are derived: • Configuration of the KDC – – Setting up a service user to identify the AS Java. Registering a Service Principal Name (SPN) for the host name of the AS Java and assignment to the service user. The KDC can identify the service user at a later stage using the SPN. The secret key of the service user is used to encrypt the Kerberos ticket. • Exchanging the Secret Key The secret key of the service user must be provided in the AS Java (keytab file) so that the encrypted Kerberos can be decrypted and verified. This is done by the configuration wizard. • Configuration of the UME Since the users that have logged on to the Windows domain are now going to log on to the AS Java, the UME must know the Windows users either directly or an assignment of user IDs must be made between Windows users and UME users. You can do so, for example, by configuring the Active Directory as a data source for the UME. • Setting up the Policy Configuration The logon procedure must be set up in such a way that the SPNegoLoginModule is used. This is done by the configuration wizard. • Setting Java VM Parameters The Java VM must be configured with special parameters to enable the Kerberos logon. This is done by the configuration wizard. 254 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logon Procedure of the AS Java Some of the steps specified are carried out using the SPNego configuration wizard. See SAP Note 994791 for more information about this. Example: X.509 Client Authentication The following figure shows use cases for X.509 client authentication. Figure 116: X.509 Client Certificates Mutual authentication takes place using SSL. It can be used to access the following SAP systems: • • • Web Applications of SAP NetWeaver AS ABAP SAP GUI for Windows/Java (with partner product), SAP NetWeaver AS ABAP SAP NetWeaver AS Java It can also be used for access to non-SAP Systems that support SSL. It can be used for the Internet or intranet. Authentication takes place with every request. • 2011 Actually no user intervention is required for “Multiple-Log-On”. © 2011 SAP AG. All rights reserved. 255 Unit 5: User and Authorization Administration ADM800 In addition to using SSL for encrypting connections, you can use SSL and X.509 client certificates for authenticating client or user access requests to the AS Java. When using client certificates, authentication takes places transparently for the user with the underlying SSL security protocol. Therefore, you can use authentication with client certificates to integrate the AS Java in a Single Sign-On environment. The following steps describe how to configure X.509 Client Authentication for AS Java. SSL needs already to be configured. 1. Using the Key Storage management functions of the SAP NetWeaver Administrator (NWA), place the root certificates for each of the client certificates CAs as a CERTIFICATE entry in the ICM_SSL_<instance_ID> view. If the certificate already exists in another Key Storage view on the AS Java, you can copy the existing certificate entry to the corresponding view. Alternatively, if the certificate exists as a file in your file system, you can import it to the AS Java Key Storage. 2. Using the VCLIENT profile parameter of ICM for the AS Java, select whether the AS Java should: • 3. 4. Request (but not require) that the user presents a client certificate for authentication. • Require that client certificates are to be used for authentication. Configure the ClientCertLoginModule for establishing the AS Java user ID from the client certificate and filtering provided certificates. Adjust the login module stacks and configure the login modules for those applications that accept client certificates as the authentication mechanism. More information can be found in the online documentation for SAP NetWeaver 7.3x, pathSAP NetWeaver Library: Function-Oriented View → Security → User Authentication and Single Sign-On → Authentication for Web-Based Access→ X.509 Client Certificates. 256 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logon Procedure of the AS Java Exercise 13: Configuration of X.509 Client Authentication Exercise Objectives After completing this exercise, you will be able to: • set up X.509 Client Authentication Business Example You want to configure the use of client certificates (SAP Passport) for user authentication. Caution: Use the Web browser on the operation system of your SAP system to do this exercise. As it may not be possible on your front end. Note: SSL needs already to be configured successfully. Make sure the HTTPS port of the ICM is configured using the option VCLIENT=1. Task 1: Get an SAP Passport Get an SAP Passport from SAP Service Marketplace. Note: SAP Passport is used as an example here. You can use any CA to issue X.509 client certificates. 1. Get an SAP Passport for your SAP Service Marketplace S-User. If you do not have an S-User the instructor may be able to assist you. Result An SAP Passport X.509 client certificate is installed in your browser. Caution: Remove the certificate from the browser after this whole exercise. Task 2: X.509 Client Certificates for AS Java Configure your AS Java to allow authentication with SAP Passport X.509 client certificates. 1. Check if the SAPPassportCA certificate entry in the your AS Java is still valid. If not download the SAP Passport CA root certificate from SAP Service Marketplace and import it to your AS Java. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 257 Unit 5: User and Authorization Administration ADM800 2. Configure your AS Java to trust SSL requests with a certificate signed by the SAP Passport CA certificate. Update the PSE files. 3. Set the UME parameter ume.logon.allow_cert to true using the NWA. 4. Change the ticket policy configuration to include the client authentication. Use the table below for the exact order, the needed flags, and special options needed. Caution: Be very accurate in this step. Otherwise you may not be able to log on anymore to your AS Java. Login Module Flag Options EvaluateTicketLoginModule SUFFICIENT ume.configuration.active=true ClientCertLoginModule OPTIONAL Rule1.getUserFrom=wholeCert CreateTicketLoginModule SUFFICIENT ume.configuration.active=true BasicPasswordLoginModule REQUISITE CertPersisterLoginModule OPTIONAL CreateTicketLoginModule OPTIONAL ume.configuration.active=true Caution: Be careful: there is no “-” in any of the options! A possibly printed “-” would only be the indicator for a line break. 5. Test the connection for example using the UME Administration Console:https://twdfSSSS.wdf.sap.corp:5$$01/useradmin. The initial log on should fail, because no certificate is mapped yet. If you enter your user and password, your certificate is mapped to your user ID automatically. You can verify (and change) this in the user details of your user. The next log on works without any password. 258 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logon Procedure of the AS Java Solution 13: Configuration of X.509 Client Authentication Task 1: Get an SAP Passport Get an SAP Passport from SAP Service Marketplace. Note: SAP Passport is used as an example here. You can use any CA to issue X.509 client certificates. 1. Get an SAP Passport for your SAP Service Marketplace S-User. If you do not have an S-User the instructor may be able to assist you. a) Call the URL http://service.sap.com/tcs and log on with your S-User. b) Navigate to Single sign-on in the SAP Service Marketplace with your SAP Passport c) Choose Apply for an SAP Passport. d) Enter your S-User's password and choose Apply for an SAP Passport. e) Now you need to confirm all popups and questions that may occur with ok or yes. You also may need to allow the browser to execute some scripts to be successful. This depends on your browsers security settings. Result An SAP Passport X.509 client certificate is installed in your browser. Caution: Remove the certificate from the browser after this whole exercise. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 259 Unit 5: User and Authorization Administration ADM800 Task 2: X.509 Client Certificates for AS Java Configure your AS Java to allow authentication with SAP Passport X.509 client certificates. 1. 2. Check if the SAPPassportCA certificate entry in the your AS Java is still valid. If not download the SAP Passport CA root certificate from SAP Service Marketplace and import it to your AS Java. a) Open the NWA of your AS Java. b) Go to Configuration → Security → Certificates and Keys. c) Select the view TrustedCAs and select the entry SAPPassportCA. Check if the valid until date is still valid. d) If it is valid proceed with the next step 2. e) If not choose Rename, enter SAPPassportCA_old and choose Rename. f) Download the root certificate from http://service.sap.com/tcs → Download Area → Root Certificates → SAP Passport CA Certificate. Save it as a file named SAPPassportCA.cer g) In the TrustedCAs view choose Import Entry. Select the entry type X.509 certificate, browse to the file, select it and choose Import. Configure your AS Java to trust SSL requests with a certificate signed by the SAP Passport CA certificate. Update the PSE files. a) In the NWA go to Configuration → Security → Certificates and Keys. b) Select the entry ICM_SSL_<instance_ID>. c) If an expired entry for SAPPassportCA exists, than delete this entry. If an valid entry for SAPPassportCA exists, proceed with step 3. Choose Copy Entry, select From View: TrustedCAs and From Entry: SAPPassportCA and choose Import. d) Now choose Export View to PSE. e) Repeat this for all other ICM_SSL_<instance_ID> entries. Continued on next page 260 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logon Procedure of the AS Java 3. 4. Set the UME parameter ume.logon.allow_cert to true using the NWA. a) In the NWA go to Configuration → Security → Authentication and Single Sign-On and choose the Properties tab. b) Choose Modify. c) Select the check box for option Enable showing certificate logon URL link on the logon page (ume.logon.allow_cert). d) Choose Save and confirm the popup with Yes. Change the ticket policy configuration to include the client authentication. Use the table below for the exact order, the needed flags, and special options needed. Caution: Be very accurate in this step. Otherwise you may not be able to log on anymore to your AS Java. Login Module Flag Options EvaluateTicketLoginModule SUFFICIENT ume.configuration.active=true ClientCertLoginModule OPTIONAL Rule1.getUserFrom=wholeCert CreateTicketLoginModule SUFFICIENT ume.configuration.active=true BasicPasswordLoginModule REQUISITE CertPersisterLoginModule OPTIONAL CreateTicketLoginModule OPTIONAL ume.configuration.active=true Continued on next page 2011 © 2011 SAP AG. All rights reserved. 261 Unit 5: User and Authorization Administration ADM800 Caution: Be careful: there is no “-” in any of the options! A possibly printed “-” would only be the indicator for a line break. 5. a) In the NWA go to Configuration → Security → Authentication and Single Sign-On → Authentication and choose the Components tab. b) Select the entry ticket and choose Edit. c) Edit the list of the logon modules in a way, that the result is exactly like given in the table above. d) To add a logon module choose Add, select the Logon Module Name, for example ClientCertLoginModule and choose Add. e) Use Move Up or Move Down to sort the login modules like given in the table above. f) Choose the correct Flag from the drop down. g) To edit the options of a login module, select the login module and choose for example Add to enter a new option like given in the table above. h) Finally Save the policy configuration. Test the connection for example using the UME Administration Console:https://twdfSSSS.wdf.sap.corp:5$$01/useradmin. The initial log on should fail, because no certificate is mapped yet. If you enter your user and password, your certificate is mapped to your user ID automatically. You can verify (and change) this in the user details of your user. The next log on works without any password. a) Open a browser and enter the URL https://twdfSSSS.wdf.sap.corp:5$$01/useradmin. The initial log on should fail, because no certificate is mapped yet. Enter your user and password. b) Enter your user into the search field and choose Go. c) Select your user and choose the tab Certificates. Your certificate should be already visible here. d) The next log on should work without any password. Result You successfully configured X.509 client authentication. Caution: Remove you SAP Passport from you Web browser now. 262 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Logon Procedure of the AS Java Lesson Summary You should now be able to: • list the supported logon procedures of the AS Java • explain the functions of login modules • change the standard logon procedure of the AS Java • explain Kerberos logon (SPNego) • set up X.509 logon Related Information For more information about the configuration of the Kerberos logon, go to the SAP Library for SAP NetWeaver 7.3 underAdministrator’s Guide → Configuration of SAP NetWeaver CE → Initial System Configuration → Configuring Security → Configuring Authentication and Single Sign-On → Integration in Single Sign-On (SSO) Environments → Single Sign-On for Web-Based Access → Using Kerberos Authentication.. For detailed information about Kerberos, go to http://web.mit.edu/kerberos/. For a good overview of Kerberos under Windows, go to http://www.microsoft.com/msj/0899/kerberos/kerberos.aspx. For information about SPNego, go to http://msdn.microsoft.com/en-us/library/ms995329.aspx. SAP Note 994791: SPNego Wizard 2011 © 2011 SAP AG. All rights reserved. 263 Unit Summary ADM800 Unit Summary You should now be able to: • List the various UME data sources • Determine the current data source assignment • Explain the term UME data partitioning • Identify and modify configuration parameters • List and use the tools for administering users and groups • Explain the terms UME role and JEE security role • List the authorization administration tools • Assign actions and JEE security roles to a UME role • Assign authorizations to users and groups • List a number of “special” principles • Change the password of the standard administration user • Activate the emergency user • list the supported logon procedures of the AS Java • explain the functions of login modules • change the standard logon procedure of the AS Java • explain Kerberos logon (SPNego) • set up X.509 logon 264 © 2011 SAP AG. All rights reserved. 2011 ADM800 Test Your Knowledge Test Your Knowledge 1. Which of the following data sources are supported by the UME: Choose the correct answer(s). □ □ □ □ A B C D Database File system ABAP user management Directory service 2. What is the purpose of the data partitioning of the UME? 3. You can lock users with the UME administration console. Determine whether this statement is true or false. □ □ 4. True False You can assign permissions directly to users in the UME administration console. Determine whether this statement is true or false. □ □ 5. True False The term JEE security role is another name for a UME role. Determine whether this statement is true or false. □ □ 6. True False If the emergency user (SAP*) is activated, the administration user (Administrator, J2EE_ADMIN or J2EE_ADMIN_<SID>) can also log onto AS Java. Determine whether this statement is true or false. □ □ 2011 True False © 2011 SAP AG. All rights reserved. 265 Test Your Knowledge ADM800 Answers 1. Which of the following data sources are supported by the UME: Answer: A, C, D These three types of data source are available for the UME. 2. What is the purpose of the data partitioning of the UME? Answer: The data partitioning allows a distribution of the users or user attributes to different data sources. 3. You can lock users with the UME administration console. Answer: True The UME administration console allows you to administer users. 4. You can assign permissions directly to users in the UME administration console. Answer: False Permissions are combined into actions, and the administrator then combines these into roles. UME roles can be assigned to a user. 5. The term JEE security role is another name for a UME role. Answer: False A JEE security role is part of the JEE standard and is mostly used for a declarative authorization check. A UME role is an (SAP) extension to the JEE standard and is used for a programmable authorization check. 6. If the emergency user (SAP*) is activated, the administration user (Administrator, J2EE_ADMIN or J2EE_ADMIN_<SID>) can also log onto AS Java. Answer: False If the emergency user SAP* is activated then no other users can log onto AS Java. 266 © 2011 SAP AG. All rights reserved. 2011 Unit 6 Java Connector and Destinations Unit Overview This unit describes various communication options of AS Java with other systems. The focus is on the first lesson, which gives an overview of the communication options and takes a look at “Destinations” and the “JCo RFC Provider”. In the appendix, there is a brief overview of the Java Connector Architecture from the management view. Unit Objectives After completing this unit, you will be able to: • • • • • • List some communication paths Maintain connections of the destination service Maintain JCo RFC connections Locate the JCA Connection Factories of the SAP Java Resource Adapter. Maintain parameters of a JCA Connection Factory of the SAP Java Resource Adapter. Create a new JCA Connection Factory for the SAP Java Resource Adapter. Unit Contents Lesson: Connections to other Systems ......................................268 Exercise 14: Connections to other Systems ............................273 Lesson: Appendix: Connections to other Systems with the Java Connector Architecture ......................................................................282 Exercise 15: Optional: Connections to other Systems with the Java Connector Architecture ....................................................287 2011 © 2011 SAP AG. All rights reserved. 267 Unit 6: Java Connector and Destinations ADM800 Lesson: Connections to other Systems Lesson Overview Connections to other systems can be established in different places. In this lesson you will learn about the most important places where such connections can be maintained. Lesson Objectives After completing this lesson, you will be able to: • • • List some communication paths Maintain connections of the destination service Maintain JCo RFC connections Business Example You are using the SAP NetWeaver AS Java and you want to get to know the most important options for communication paths. Connection Options between AS Java and EIS There are different connection options that an AS Java can use for an Enterprise Information System (EIS). The type of connection option also depends, for example, on the EIS. As examples, we will mainly take a look at AS Java or AS ABAP systems as the EIS in this lesson. Figure 117: Connections between AS Java and EIS 268 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connections to other Systems An AS Java can open outbound connections directly from an application or the connection can be established by a service. One of these services is the destination service, which we will take a closer look at in this lesson. Direct connections of applications to an EIS are covered in the appendix of this unit; the type of connection depends on the corresponding adapter. Applications can use connections to an EIS via services. Likewise, services can use the connections of other services. Figure 118: Connection of Services between AS Java and EIS The destination service can administer both HTTP and RFC connections to an EIS. Connections to SAP systems with AS ABAP are mostly of the type RFC, whereas connections to an SAP system with AS Java are mostly of the type HTTP. In an SAP system with AS ABAP and Java (dualstack), the type of connection will depend on whether the connection is opened primarily for the AS Java or the AS ABAP. After the installation, some entries (for example, for the connection to the SLD) were already created in the destination service. You can create and maintain destinations in the NWA under Configuration → Infrastructure → Destinations. You define the communication type HTTP or RFC when you create a new destination. In a connection of the type HTTP, the connection to the EIS and the service that is to be addressed is determined via a URL. If the EIS is an AS ABAP that is to be addressed via HTTP, SID and language can be defined in the destination data or client of the target system. In the Logon Data, for example, 2011 © 2011 SAP AG. All rights reserved. 269 Unit 6: Java Connector and Destinations ADM800 different authentication mechanisms, such as “entering user and password”, “ X.509 certificate”, “assertion ticket”, “logon ticket” or “user mapping” can be set up. Hint: With regard to the security guidelines, you should check whether you can use user/password as an authentication method or better still another authentication method, “assertion ticket” for example. In connections of the type RFC, the target server (Target Host), instance number (System Number), SID and data with regard to the gateway are specified. RFC connections always require a gateway through which communication takes place. An AS ABAP system is usually involved in an RFC connection. Since each AS ABAP instance contains a gateway, this is used for RFC communication. As of AS Java 7.10, each AS Java Central Service instance contains a gateway, which can also be used for RFC communication. The data with regard to the gateway includes the Gateway Host on which the gateway runs (in most cases, it is identical to the target server specification if we are talking about an AS ABAP instance) and the Gateway Service that usually runs on port 33<instance_number> or can be specified as sapgw<instance_number> (for example, this is port 3310 or sapgw10 for instance number 10 of the target instance). You can also switch between different authentication mechanisms in the logon data. If the RFC trace is activated, trace files of the type jrfc<process ID of the server process>_<Nr>.trc as well as the developer traces (dev_jrfc.trc) are created at operating system level of the instance in the server directory. The JCo Provider service is responsible for incoming RFC connections. RFC communication takes place mostly with AS ABAP systems. Since RFC communication takes place via a gateway, the gateway of the AS ABAP instance is mostly used. Figure 119: Incoming RFC Connections 270 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connections to other Systems The AS ABAP is the initiator of RFC communication to the AS Java. The JCo RFC Provider in the AS Java receives the data; therefore, the connection between the JCo Provider and the gateway must already be established. You can maintain the connection to the gateway in the NWA of the AS Java under Configuration → Infrastructure → Jco RFC Provider. You must start the connection to the gateway so that the AS ABAP can use it for communication to the AS Java. The connection for the gateway is established under the Program ID (the name of the JCo RFC Provider). An RFC destination of connection type “T” (maintained in transaction SM59) must be created in the AS ABAP for communication; the Program ID (name) of the JCo RFC Provider is specified as a “Registered Server Program” for this. The name of the RFC destination in the AS ABAP may differ from the program ID; for reasons of clarity, however, the same name for the program ID and the RFC destination is usually chosen. The gateway data, used to run the communication, is specified in the server configuration for the JCo RFC Provider; the number of parallel connections that should be possible for the AS Java via this destination is also specified (field Server Count). If the option Local JCo Servers is selected, then only one server process is responsible in the system for the communication; this server process establishes the number of connections to the gateway configured in Server Count. If the option Local JCo Servers is deactivated, then each server process opens the number of connections to the gateway configured in Server Count. The data of the AS ABAP system that is to use this communication path is specified on the tab page Repository Configuration. If the checkbox Use RFC Destination is not selected, then the data for the AS ABAP system is maintained on this tab page. If the checkbox Use RFC Destination is selected, then a destination that was maintained with the destination service is entered and the connection data stored there is used. However, in this case also, the Program ID of the JCo RFC Provider is registered in the gateway. Of course, the data of the same gateway must be maintained in the AS ABAP for the RFC destination, as with the JCo RFC Provider or the destination service. 2011 © 2011 SAP AG. All rights reserved. 271 Unit 6: Java Connector and Destinations 272 © 2011 SAP AG. All rights reserved. ADM800 2011 ADM800 Lesson: Connections to other Systems Exercise 14: Connections to other Systems Exercise Objectives After completing this exercise, you will be able to: • Create and maintain a destination of the type RFC for AS ABAP systems • Create and maintain a destination of the type HTTP for AS ABAP or AS Java systems • Create and maintain JCo RFC Providers Business Example Your AS Java system requires data from another SAP system or has to transfer data to another SAP system. Your task is to configure the connections to other SAP systems. Your instructor will give you the required system data. Task 1: Edit Destination of the Type HTTP Edit the destination SLD_DataSupplier to enable the storage of connection data for the “SLD system” used in the course. Your instructor will give you the host name, user, password and port. Use Ping Destination to check the correct data of the destination. 1. Call the NWA and switch to destination maintenance. 2. Maintain the destination SLD_DataSupplier for the system on which the SLD of your course runs. Your instructor will give you the system data. Task 2: Create Destination of the type RFC without Load Balancing Create a destination of the type RFC without load balancing and without Local System Connection for the SAP Solution Manger system that is used in your course. Your instructor will give you the host name, SID, instance number, user, password and client. 1. Call the NWA and switch to destination maintenance. 2. Create a destination without load balancing and without Local System Connection with the name Group<##>_RZ20_SolMan (<##> stands for your group number) for client “000” of the Solution Manager system that is used in your course. Your instructor will give you the system data. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 273 Unit 6: Java Connector and Destinations ADM800 Task 3: Create and Start JCo RFC Providers Create a JCo RFC Provider with the name SAP.CCMS.J2EE.<SID><##> (<SID> stands for the system ID of your system, <##> stands for your group number) for the SAP Solution Manger system that is used in your course. To do so, use the destination “Group<##>_RZ20_SolMan” that you created in the task “Create Destination of the type RFC without Load Balancing”. 1. Call the NWA and switch to maintenance of the JCo RFC Provider. 2. Create a JCo RFC Provider with the name SAP.CCMS.J2EE.<SID><##> (<SID> stands for the system ID of your system, <##> stands for your group number) and start this. The connection should go to client “000” of the Solution Manager system that is used in your course. You have already maintained the connection data in the task Create Destination of the type RFC without Load Balancing in the destination “Group<##>_RZ20_SolMan”; therefore, use this destination. Task 4: Optional: Check your JCo RFC Provider Connection to the Gateway. Log on to the central instance of the Solution Manager system and check whether your JCo RFC Provider is registered with the gateway of the Solution Manager system. 1. Log on with your user in client 100 of the central instance (instance number 00) of the Solution Manager system and use transaction SMGW or the report RSGWREGP to check whether your JCo RFC Provider is registered with the gateway. Task 5: Optional: Create Destination of the type RFC with Load Balancing Create a destination of the type RFC with load balancing for the SAP Solution Manger system that is used in your course. Your instructor will give you the host name, SID, instance number, user, password and client. 274 1. Call the NWA and switch to destination maintenance. 2. Create a destination with the name Group<##>_to_SolMan (<##> stands for your group name) for client “000” of the Solution Manager system that is used in your course. Use RFC_GROUP as the logon group. Your instructor will give you the system data. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connections to other Systems Solution 14: Connections to other Systems Task 1: Edit Destination of the Type HTTP Edit the destination SLD_DataSupplier to enable the storage of connection data for the “SLD system” used in the course. Your instructor will give you the host name, user, password and port. Use Ping Destination to check the correct data of the destination. 1. Call the NWA and switch to destination maintenance. a) 2. Follow the menu path Configuration → Infrastructure → Destinations in the NWA. Maintain the destination SLD_DataSupplier for the system on which the SLD of your course runs. Your instructor will give you the system data. a) Select the destination mentioned above and choose Edit. b) Go to the field URL of the tab page Connection and Transport and replace the existing URL with the host name and port on which the SLD runs, for example http://twdf9999.wdf.sap.corp:52000. c) Check on the tab page Logon Data whether Basic (User ID and Password) is entered as Authentication and correct the setting for this value if necessary. d) Enter your user name and password in the SLD system under Basic Authentication. e) Save your entry. f) Check your entries using the push-button Ping Destination. You receive the message: “Successfully connected to HTTP destination SLD_DataSupplier ...”. In a later unit, you will see the data of your system in the SLD. Task 2: Create Destination of the type RFC without Load Balancing Create a destination of the type RFC without load balancing and without Local System Connection for the SAP Solution Manger system that is used in your course. Your instructor will give you the host name, SID, instance number, user, password and client. 1. Call the NWA and switch to destination maintenance. a) Follow the menu path Configuration → Infrastructure → Destinations in the NWA. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 275 Unit 6: Java Connector and Destinations 2. ADM800 Create a destination without load balancing and without Local System Connection with the name Group<##>_RZ20_SolMan (<##> stands for your group number) for client “000” of the Solution Manager system that is used in your course. Your instructor will give you the system data. a) Create a new destination by choosing Create .... b) In the step General Data, maintain the name Group<##>_RZ20_SolMan (<##> stands for your group number) for the field Destination Name for your destination. Use the input help to select the type RFC for the field Destination Type. Choose Next to go to the next step. c) In the step Connection and Transport Security Settings, select the selection field No for Load Balancing. The checkbox Local System Connection is not selected. Maintain the fields System ID and Target Host with the data that your instructor has given you. Enter the “Full Qualified Host Name”, for example “twdf0000.wdf.sap.corp”, for Target Host. Enter <I-Nr> in the field System Number with <I-Nr> the instance number of the instance that runs on the host specified under Target Host. Enter the same value in the field Gateway Host as entered in the field Target Host. Enter sapgw<I-Nr> in the field Gateway Service with <I-Nr> standing for the instance number that runs on the host specified under “Gateway Host”. Choose Next to go to the next step. d) In the step Logon Data, use the input help to select the value Technical User for the field Authentication. Enter EN in the field Language. Enter 000 in the field Client. Enter CSMREG in the field User Name with <##> standing for your group number. Enter the password in the field Password that your instructor gave you for the user mentioned above. Choose Finish to save and thus complete your entries. e) Check your entries using the push-button Ping Destination. You receive the message: “Successfully connected to System ... ”. Continued on next page 276 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connections to other Systems Task 3: Create and Start JCo RFC Providers Create a JCo RFC Provider with the name SAP.CCMS.J2EE.<SID><##> (<SID> stands for the system ID of your system, <##> stands for your group number) for the SAP Solution Manger system that is used in your course. To do so, use the destination “Group<##>_RZ20_SolMan” that you created in the task “Create Destination of the type RFC without Load Balancing”. 1. Call the NWA and switch to maintenance of the JCo RFC Provider. a) 2. Follow the menu path Configuration → Infrastructure → Jco RFC Provider in the NWA. Create a JCo RFC Provider with the name SAP.CCMS.J2EE.<SID><##> (<SID> stands for the system ID of your system, <##> stands for your group number) and start this. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 277 Unit 6: Java Connector and Destinations ADM800 The connection should go to client “000” of the Solution Manager system that is used in your course. You have already maintained the connection data in the task Create Destination of the type RFC without Load Balancing in the destination “Group<##>_RZ20_SolMan”; therefore, use this destination. a) Create a new JCo RFC Provider by choosing Create. b) In the step Server Configuration , maintain the name SAP.CCMS.J2EE.<SID><##> (<SID> stands for the system ID of your system, <##> stands for your group name) for the field Program ID for your JCo RFC Provider. In the field Gateway Host, enter the same value as entered in the task “Create Destination of the type RFC without Load Balancing”. In the field Gateway Service, enter the same value as entered in the task “Create Destination of the type RFC without Load Balancing”. Change the value for the field Server Count to 4. Choose Next to go to the next step. c) Select the checkbox for Use RFC Destination in the step Repository Configuration. In the field RFC Destination Name, enter the name of the destination from the task “Create Destination of the type RFC without Load Balancing” (Group<##>_RZ20_SolMan with <##> as your group number). Choose Next to go to the next step. d) In the step Security Settings, do not select the checkbox for Use SNC and choose Next to go to the next step. e) In the step Additional Options, select the checkbox for Local JCo Server and choose Next to go to the next step. f) Check your entries in the step Summary, and choose Finish to save and thus complete your entries. g) Start the JCo RFC Provider that you just created by selecting it and choosing Start. You receive the message “The JCo servers started successfully.” Continued on next page 278 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connections to other Systems Task 4: Optional: Check your JCo RFC Provider Connection to the Gateway. Log on to the central instance of the Solution Manager system and check whether your JCo RFC Provider is registered with the gateway of the Solution Manager system. 1. Log on with your user in client 100 of the central instance (instance number 00) of the Solution Manager system and use transaction SMGW or the report RSGWREGP to check whether your JCo RFC Provider is registered with the gateway. a) Check whether you are logged on to the instance whose gateway you have specified for the JCo RFC Provider with sapgw<I-Nr>. System → Status displays under Servername the instance name including the instance number in the form of <host name>_<SID>_<I-Nr>. You may have to scroll in the instance name. b) Call transaction SMGW and choose Goto → Logged on Clients. Sort by LU Name. You should now find your host under LU Name and under TP Name the program ID that you have specified for the JCo RFC Provider (for example, SAP.CCMS.J2EE.<SID><##>, <SID> stands for the system ID of your system, <##> stands for your group number). c) Alternatively, you can call transaction SA38 and start the program RSGWREGP there. You should now find your host under Server host name and under Program ID the program ID that you have specified for the JCo RFC Provider (for example, SAP.CCMS.J2EE.<SID><##>, <SID> stands for the system ID of your system, <##> stands for your group number). Task 5: Optional: Create Destination of the type RFC with Load Balancing Create a destination of the type RFC with load balancing for the SAP Solution Manger system that is used in your course. Your instructor will give you the host name, SID, instance number, user, password and client. 1. Call the NWA and switch to destination maintenance. a) Follow the menu path Configuration → Infrastructure → Destinations in the NWA. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 279 Unit 6: Java Connector and Destinations 2. ADM800 Create a destination with the name Group<##>_to_SolMan (<##> stands for your group name) for client “000” of the Solution Manager system that is used in your course. Use RFC_GROUP as the logon group. Your instructor will give you the system data. a) Create a new destination by choosing Create. b) In the step General Data, maintain the name Group<##>_to_SolMan (<##> stands for your group number) for the field Destination Name for your destination. Use the input help to select the type RFC for the field Destination Type. Choose Next to go to the next step. c) In the step Connection and Transport Security Settings, select the selection field Yes for Load Balancing. Maintain the fields System ID, Message Server and Message Server Service with the data that your instructor has given you. Enter the “Full Qualified Host Name”, for example “twdf0000.wdf.sap.corp”, for Message Server. Enter sapmsDEV in the field Message Server Service. Enter the same value in the field Gateway Host as entered in the field Message Server. Enter RFC_GROUP in the field Logon Group. Enter sapgw<I-Nr> in the field Gateway Service with <I-Nr> standing for the instance number that runs on the host specified under “Gateway Host”. Choose Next to go to the next step. d) In the step “Logon Data”, use the input help to select the value Technical User for the field Authentication. Enter EN in the field Language. Enter 000 in the field Client. Enter <CourseID>-## in the field User Name with <##> standing for your group number. Enter the password in the field Password that your instructor gave you for the user mentioned above. Choose Finish to save and thus complete your entries. e) 280 Check your entries using the push-button Ping Destination. You receive the message: “Successfully connected to System ...”. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connections to other Systems Lesson Summary You should now be able to: • List some communication paths • Maintain connections of the destination service • Maintain JCo RFC connections 2011 © 2011 SAP AG. All rights reserved. 281 Unit 6: Java Connector and Destinations ADM800 Lesson: Appendix: Connections to other Systems with the Java Connector Architecture Lesson Overview In this lesson, you will find out about where you can maintain connection data of the Java Connector Architecture (JCA) for other systems using the SAP Java Resource Adapter. Lesson Objectives After completing this lesson, you will be able to: • • • Locate the JCA Connection Factories of the SAP Java Resource Adapter. Maintain parameters of a JCA Connection Factory of the SAP Java Resource Adapter. Create a new JCA Connection Factory for the SAP Java Resource Adapter. Business Example You are using the SAP NetWeaver AS Java and you want to get to know communication paths of applications for Enterprise Information Systems. Connections to AS ABAP Systems using the SAP Java Resource Adapter In the previous lesson, you got to know the destination and the JCO RFC Provider as communication paths to an EIS. Furthermore, you already know that applications can establish direct communication paths to an EIS. The Java Connector Architecture (JCA) provides programming interfaces, which allow developers to use the communication with EIS via adapters. 282 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Appendix: Connections to other Systems with the Java Connector Architecture Figure 120: Resource Adapter A Java EE application server with integrated Java Connector Architecture (JCA) provides a communication path between applications and Enterprise Information Systems (EIS). To address an EIS via the Connector Architecture, a resource adapter that supports the Connector Architecture is required for the EIS. The figure “Resource Adapter” shows that only one resource adapter is required for each EIS type for a Java EE application server to communicate with the EIS. The resource adapter can be used in each AS Java because the Java Connector Architecture is integrated into the AS Java. In this lesson, we will take a look at the SAP Java Resource Adapter, which can be used to establish connections to AS ABAP systems, as an example of such a connection option. This lesson is not aimed at developers rather at administrators who want get an idea of where developers maintain communication paths for an EIS, in particular for AS ABAP systems. The “JCA Connection Factory” plays a decisive role here as you will find out. 2011 © 2011 SAP AG. All rights reserved. 283 Unit 6: Java Connector and Destinations ADM800 Figure 121: SAP Java Resource Adapter SAP Java Resource Adapter 1.5 is an adapter that is used for communication with AS ABAP systems. The connection data is maintained in the related JCA Connection Factories. The following section describes how you go from the resource adapters to the JCA Connection Factories. You can find the resource adapter in the NWA using the menu path Configuration Management → Infrastructure → Application Resources. If you restrict to Resource Adapters under Show, you find SAPJavaResourceAdapter15 there. You can find the relevant resource of the Java Connector Architecture (JCA) on the tab page Dependent JCA Resource from which you can display the data for the JCA Resource using the push-button JCA Resource Details. You can find all the “JCA Connection Factories” for the JCA Resource on the tab page Dependent JCA Connection Factory, for example, the eis/SAPJRAFactory that is delivered as a template. Each JCA Connection Factory contains the connection data for AS ABAP systems. This data is maintained on the tab page Configuration Properties. Information about the target server, system number, client and so on is included in the connection data. You also have the option of storing destinations as connection data here. For this you create a new property DestinationName if it is not already contained in the JCA Connection Factory and store the destination there. Hint: You can use a destination as of 7.10 SPS6. If, despite maintaining a destination, you are forced to enter a password, remove the property Password in this JCA Connection Factory. In the JCA Resource, you can create further JCA Connection Factories using Copy and Add New JCA Connection Factory; here you can maintain more connection data. For this maintain a JNDI Name (JNDI stands for Java Naming and Directory Interface) on the tab page Namespace. When creating such a JCA Connection Factory, a “JCA Managed Connection Factory” is automatically created for 284 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Appendix: Connections to other Systems with the Java Connector Architecture the JCA Connection Factory through which the actual communication runs. However, we are interested only in the JCA Connection Factories when it comes to maintaining connection data. 2011 © 2011 SAP AG. All rights reserved. 285 Unit 6: Java Connector and Destinations 286 © 2011 SAP AG. All rights reserved. ADM800 2011 ADM800 Lesson: Appendix: Connections to other Systems with the Java Connector Architecture Exercise 15: Optional: Connections to other Systems with the Java Connector Architecture Exercise Objectives After completing this exercise, you will be able to: • Determine the JCA Connection Factories in the application resources • Create and maintain JCA Connection Factories for SAPJavaResourceAdapter15 Business Example Your developers program applications that have to exchange data with an AS ABAP, for example. The Java Connector Architecture is used for programming and you want to maintain a JCA Connection Factory with the connection data for the AS ABAP for the SAPJavaResourceAdapter or provide the developer with the required information. Your instructor will give you the required system data. Task 1: Determine JCA Connection Factories Determine which JCA Connection Factories exist for SAPJavaResourceAdapter15 in your system and which connection data is maintained there. 1. Call the NWA on your system and switch to the maintenance of application resources. 2. Restrict the list to the Resource Adapters. 3. Display the related JCA Resource for SAPJavaResourceAdapter15 and switch to the detail view of this resource. 4. Display the related JCA Connection Factories for the JCA Resource SAPJavaResourceAdapter15. 5. Now determine the connection data of the JCA Connection Factory “eis/SAPJRAFactory”. Task 2: Create a JCA Connection In your system, create a JCA Connection Factory for SAPJavaResourceAdapter15 with the name <CourseID>-<##>_Nr01 (<##> stands for your group number) from the copy template eis/SAPJRAFactory. There maintain the connection data for client 100 of the Solution Manager system that is used in your course. 1. Call the NWA on your system and switch to the maintenance of application resources. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 287 Unit 6: Java Connector and Destinations ADM800 2. Restrict the list to the all JCA Resources. 3. Create a further JCA Connection Factory for the JCA Resource SAPJavaResourceAdapter15 with the name <course name><##>_Nr01 (<##> stands for your group number) as a copy of the JCA Connection Factory eis/SAPJRAFactory. 4. Maintain the connection data of the JCA Connection Factory <course name>-<##>_Nr01. Task 3: Create JCA Connection with Destination In your system, create a JCA Connection Factory for SAPJavaResourceAdapter15 with the name <CourseID>-<##>_Nr02 (<##> stands for your group number) from the copy template eis/SAPJRAFactory. Enter the destination Group<##>_to_SolMan or Group<##>_RZ20_SolMan (<##> stands for your group number) for the connection data. 288 1. Call the NWA on your system and switch to the maintenance of application resources. 2. Restrict the list to the all JCA Resources. 3. Create a further JCA Connection Factory for the JCA Resource SAPJavaResourceAdapter15 with the name <CourseID>-<##>_Nr02 (<##> stands for your group number). 4. Maintain the destination Group<##>_to_SolMan or Group<##>_RZ20_SolMan (<##> stands for your group number) for the connection data of the JCA Connection Factory <course name>-<##>_Nr02. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Appendix: Connections to other Systems with the Java Connector Architecture Solution 15: Optional: Connections to other Systems with the Java Connector Architecture Task 1: Determine JCA Connection Factories Determine which JCA Connection Factories exist for SAPJavaResourceAdapter15 in your system and which connection data is maintained there. 1. Call the NWA on your system and switch to the maintenance of application resources. a) 2. Restrict the list to the Resource Adapters. a) 3. 4. Follow the menu path Configuration → Infrastructure → Application Resources in the NWA. Select Resource Adapters in the field Show. Display the related JCA Resource for SAPJavaResourceAdapter15 and switch to the detail view of this resource. a) Select the resource adapter SAPJavaResourceAdapter15 and switch to the JCA Resource Details on the tab page Related JCA Resource. b) A further navigation field JCA Resource now appears directly below Resource Details; the name of the JCA Resource (in this case also SAPJavaResourceAdapter15) is displayed above this field. You can now switch between both using the navigation fields Resource Adapter and JCA Resource. c) Make sure that you are in the JCA Resource display and select the tab page Related JCA Connection Factories. Display the related JCA Connection Factories for the JCA Resource SAPJavaResourceAdapter15. a) Make sure that you are in the JCA Resource display and select the tab page Related JCA Connection Factories. For the moment, you should see only the JCA Connection Factory eis/SAPJRAFactory. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 289 Unit 6: Java Connector and Destinations 5. ADM800 Now determine the connection data of the JCA Connection Factory “eis/SAPJRAFactory”. a) Choose JCA Connection Factory Details. A further navigation field JCA Connection Factory now appears directly to the right of the navigation field JCA Resource; the name of the JCA Connection Factory (in this case eis/SAPJRAFactory) is displayed above this field. b) Now select the tab page Configuration Properties. There you can find, for example, the names of the properties SAPClient, UserName, Password and so on. No value has been maintained in the field Value for all these fields; that is, communication data has not yet been maintained. Task 2: Create a JCA Connection In your system, create a JCA Connection Factory for SAPJavaResourceAdapter15 with the name <CourseID>-<##>_Nr01 (<##> stands for your group number) from the copy template eis/SAPJRAFactory. There maintain the connection data for client 100 of the Solution Manager system that is used in your course. 1. Call the NWA on your system and switch to the maintenance of application resources. a) 2. Follow the menu path Configuration → Infrastructure → Application Resources in the NWA. Restrict the list to the all JCA Resources. a) Select JCA Resources in the field Show. Continued on next page 290 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Appendix: Connections to other Systems with the Java Connector Architecture 3. Create a further JCA Connection Factory for the JCA Resource SAPJavaResourceAdapter15 with the name <course name><##>_Nr01 (<##> stands for your group number) as a copy of the JCA Connection Factory eis/SAPJRAFactory. a) Select the JCA Resource “SAPJavaResourceAdapter15” and switch to the tab page Related JCA Connection Factories. b) Select eis/SAPJRAFactory as a copy template. c) Use Copy and Add New JCA Connection Factory to create a new JCA Conneciton Factory for the selected JCA Resource SAPJavaResourceAdapter15. d) Enter the name <CourseID>-<##>_Nr01 (<##> stands for your group number) in the field JNDI Name and confirm your entry by pressing the Return button. Finaly you Save your entry. The system is telling you that “New JCA Connection Factory ... has been added successfully”. e) 4. Select the JCA Resource Details again, and you can see, your new JCA Resource Maintain the connection data of the JCA Connection Factory <course name>-<##>_Nr01. a) Select the resource “<course name>-<##>_Nr01” from Related JCA Connection Factories and use JCA Connection Factory Details to switch to the resource details of the JCA Connection Factory. b) Now select the tab page Configuration Properties. There you can find, for example, the names of the properties SAPClient, UserName, Password, ServerName and the PortNumber (the instance number is meant here) for the Solution Manager system that is used in your course. c) Save your entry. The system issues the message “The resource has been saved successfully”. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 291 Unit 6: Java Connector and Destinations ADM800 Task 3: Create JCA Connection with Destination In your system, create a JCA Connection Factory for SAPJavaResourceAdapter15 with the name <CourseID>-<##>_Nr02 (<##> stands for your group number) from the copy template eis/SAPJRAFactory. Enter the destination Group<##>_to_SolMan or Group<##>_RZ20_SolMan (<##> stands for your group number) for the connection data. 1. Call the NWA on your system and switch to the maintenance of application resources. a) 2. Restrict the list to the all JCA Resources. a) 3. Follow the menu path Configuration → Infrastructure → Application Resources in the NWA. Select JCA Resources in the field Show. Create a further JCA Connection Factory for the JCA Resource SAPJavaResourceAdapter15 with the name <CourseID>-<##>_Nr02 (<##> stands for your group number). a) Select the JCA Resource “SAPJavaResourceAdapter15” and switch to the tab page Related JCA Connection Factories. b) Select eis/SAPJRAFactory before you copy it using Copy and Add New JCA Connection Factory. c) Enter the name <CourseID>-<##>_Nr02 (<##> stands for your group number) in the field JNDI Name and Save your entry. The system issues a dialog box telling you that “New JCA Connection Factory ... has been added successfully”. Close this. 4. 292 Maintain the destination Group<##>_to_SolMan or Group<##>_RZ20_SolMan (<##> stands for your group number) for the connection data of the JCA Connection Factory <course name>-<##>_Nr02. a) Select the resource “<course name>-<##>_Nr02” from Related JCA Connection Factories and use JCA Connection Factory Details to switch to the resource details of the JCA Connection Factory. b) Now select the tab page Configuration Properties. Use Add New Property to add a new property with the name DestinationName here. c) Enter the destination Group<##>_to_SolMan or Group<##>_RZ20_SolMan (<##> stands for your group number) from the previous lesson as the value for the property DestinationName. d) Save your entry. The system issues the message “The resource has been saved successfully”. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Appendix: Connections to other Systems with the Java Connector Architecture Lesson Summary You should now be able to: • Locate the JCA Connection Factories of the SAP Java Resource Adapter. • Maintain parameters of a JCA Connection Factory of the SAP Java Resource Adapter. • Create a new JCA Connection Factory for the SAP Java Resource Adapter. 2011 © 2011 SAP AG. All rights reserved. 293 Unit Summary ADM800 Unit Summary You should now be able to: • List some communication paths • Maintain connections of the destination service • Maintain JCo RFC connections • Locate the JCA Connection Factories of the SAP Java Resource Adapter. • Maintain parameters of a JCA Connection Factory of the SAP Java Resource Adapter. • Create a new JCA Connection Factory for the SAP Java Resource Adapter. 294 © 2011 SAP AG. All rights reserved. 2011 Unit 7 Change Management and Software Logistics Unit Overview As with the ABAP stack, SAP delivers a complete infrastructure for developing and transporting Java applications for AS Java. This SAP NetWeaver Development Infrastructure (NWDI) consists of a local development environment (IDE) and central server-side services that provide development teams with a consistent central development environment and support software development during the entire lifecycle of a product. This unit first provides a general introduction to the process of Java developments. Then, SAP NWDI and its elements are introduced. One additional lesson discusses the steps required to configure the central infrastructure for the development within SAP NetWeaver Portal 7.3. After this configuration has been performed, a small, existing Java application is modified as an example using SAP NetWeaver Developer Studio (the IDE delivered by SAP) in another lesson. This application is finally transported to the quality assurance and to the production system. Depending on the release of both SAP NetWeaver Development Infrastructure and the runtime systems, there are different transport scenarios available. This unit explains the use of Change Management Services (CM Services) together with the activity-based SDA transport scenario. CM Services are shipped with enhancement package 1 for SAP NetWeaver 7.0. They are the successor of the Change Management Service (CMS). Note: As SAP recommends to use SAP NetWeaver Development Infrastructure not on the SAP NetWeaver Portal 7.3 system but on a separate system (based on enhancement package 2 for SAP NetWeaver 7.0) an SAP NWDI system based on enhancement package 2 for SAP NetWeaver 7.0 is used in this unit. This SAP NWDI can also be used for managing a development within SAP NetWeaver Portal 7.3 systems. Unit Objectives After completing this unit, you will be able to: • 2011 List the elements of a Java EE application © 2011 SAP AG. All rights reserved. 295 Unit 7: Change Management and Software Logistics • • • • • • • • • • • ADM800 Outline the steps required to develop an executable Java EE application Name differences between ABAP-based development and Java-based development Name the building blocks of SAP NetWeaver Development Infrastructure and explain their meaning Explain the idea of SAP's component model for the development of Java based SAP applications Outline the use of Change Management Services and the enhanced Change and Transport System for the use with SAP NetWeaver Development Infrastructure List the necessary steps to define a system landscape for SAP NWDI based development in the ABAP Transport Management System Connect SAP NetWeaver Developer Studio to the central components of SAP NetWeaver Development Infrastructure List the individual steps that are required from the start of developing / changing Java objects to releasing these changes in the central development system Outline the structure of the Design Time Repository (DTR) Import changes into the quality assurance system List the individual transport steps for activity-based SDA transports Unit Contents Lesson: Overview of the Standard Java EE Development Process .....297 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) ...........................................................................309 Exercise 16: Checking the Settings on System Landscape Directory .....................................................................331 Lesson: Preparing for the Development of Java Applications ............336 Exercise 17: Preparing for the Development of Java Applications ..355 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio .............................................................................366 Exercise 18: Developing Java Objects in SAP NetWeaver Developer Studio ........................................................................373 Lesson: Transporting Java Developments ..................................386 Exercise 19: Transporting Java Developments ........................401 296 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Standard Java EE Development Process Lesson: Overview of the Standard Java EE Development Process Lesson Overview This lesson provides you with an overview of the development process in the Java environment. Special features in the context of SAP NetWeaver Development Infrastructure (NWDI) of the AS Java are not covered. In addition to the structure of a Java EE application, the development process in general is presented, and central terms, such as deployment or JSP are introduced. Lesson Objectives After completing this lesson, you will be able to: • • • List the elements of a Java EE application Outline the steps required to develop an executable Java EE application Name differences between ABAP-based development and Java-based development Business Example Your company uses SAP systems which are based on the SAP NetWeaver technology platform. You also have your own programs, developed on the basis of the Java standard Java EE. As the person responsible for software logistics in your company, you now want to obtain an overview of the structure of Java EE programs and the standard development process for them. The Java Programming Language Java is an object-oriented programming language, similar to C++ or C#. However, Java is not fully object-oriented: the basic data types (int, boolean etc.) are not objects. Java makes it possible to write classes which can be executed in a variety of runtime environments. In this way, it is possible, for example, to run applets in Web browsers which support Java. Java possesses an extensive class library. This provides programmers with a uniform, operating system-independent interface (Application programming interface, API). With the help of Remote Method Invocation (RMI) it is also possible to call up objects on other computers. Source codes written in Java are first of all translated by the Java compiler javac into an intermediary code that is independent of architecture. This is known as bytecode. A .class file is created from every source file (.java file). This bytecode cannot yet be executed alone, but is either interpreted and executed by a so-called virtual machine or (using HotSpot technology, available as of Java Runtime 2011 © 2011 SAP AG. All rights reserved. 297 Unit 7: Change Management and Software Logistics ADM800 Environment 1.3) is compiled and executed as native processor code at runtime. This virtual machine must have been developed for every supported platform, if necessary, separately. The Java runtime environment consists of three main components: • • • Class Loaders for loading all the classes required for the execution of the program. The Class Loaders control the reliable provision of class information to the Java Virtual Machine. Bytecode Verifier to check whether the loaded classes are compatible with specification of the virtual machine. This ensures that the Java Virtual Machine is not able to execute any invalid bytecode. The Java Virtual Machine itself. Figure 122: From the development to the execution of a Java application Programs Required for Creating and Executing a Java Application If a Java program is to be executed, a runtime environment (Java Runtime Environment, JRE) is required. The JRE consists of the Java Virtual Machine, the standard Java interfaces (classes that provide the standard services such as Remote Method Invocation (RMI)), and other components that are required to execute Java applications and Applets. The Java Virtual Machine is responsible for the independence of the Java EE platform from the hardware and the operating system. 298 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Standard Java EE Development Process The J2SE Software Development Kit (J2SE SDK) contains a number of tools in addition to the content of the JRE with which Java applications can be developed. These tools include the Java Compiler and the Java Debugger. You would usually use an integrated development environment (IDE), which supports the development of J2EE applications, to develop your own programs. This builds on the J2SE SDK. Hint: Java EE stands for Java Platform, Enterprise Edition. This is a set of rules that must be fulfilled by applications if they wish to be regarded as “Java EE compliant” and if they are to be executed on a Java EE Server (which must also comply with these rules). The name of the Java platform for business applications has been simplified. The platform used to be called “Java 2 Platform, Enterprise Edition” (J2EE) and special versions had numbers with “decimal places”, for example, J2EE 1.3. The “2” has been removed from the name along with the “decimal places”. The Java EE version used in SAP NetWeaver 7.3 is Java EE (Java Platform, Enterprise Edition) 6. If a developer wants to write his or her own program and test it (locally), he or she generally requires a development environment and a runtime environment. Note: Example: The SAP development environment for Java EE 6 applications (SAP NetWeaver Developer Studio for SAP NetWeaver 7.3) is based on the Eclipse IDE, which in turn uses a Java 6 Runtime environment. The figure below illustrates the relationship between the runtime environment, the Java SE Development Kit, and the development environment. Figure 123: Components of the Java SE Development Kit (JDK) 2011 © 2011 SAP AG. All rights reserved. 299 Unit 7: Change Management and Software Logistics ADM800 Structure of a Java EE Application Java EE (Java Platform, Enterprise Edition) is a standard that allows the development and execution of distributed, multi-level Java applications using modular components. The Java EE architecture consists of 3 layers (tiers): Presentation layer, middle layer and backend layer. The backend tier can be a file system, a (standalone) database, or an Enterprise Resource Planning system. Various clients, such as Web browsers or Java applications, can be used at the presentation tier. The middle tier contains the Java EE server, which plays the central role in the context of this three-tier model. Application logic and server presentation logic are separate on the Java EE server. The Java EE server accepts requests from the presentation tier, executes the business logic of the applications, and, if necessary, exchanges data with the backend tier when doing so. Figure 124: Programming Model of Java EE Applications 300 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Standard Java EE Development Process Java EE applications consist of components. A Java EE component is a complete, functional software entity, which is combined with the associated classes and files to form a Java EE application (assembly), and which can communicate with other components. The Java EE specification differentiates between the following Java EE components: • • • Applets (presentation components that run on the client) Servlets and Java Server Pages (presentation or Java EE Web components that run on the server) Enterprise Java Beans (business logic components that run on the server) The communication between the Java EE server and the front end is essentially based on Web standards such as HTTP, HTML, or XML. The Java EE server can use Java Server Pages (JSP) and Java Servlets to generate HTML pages or XML data. Servlets are Java classes that process requests and can dynamically generate responses in the form of HTML pages. Java Server Pages are text-based documents that describe how an HTTP request is to be processed to generate an HTTP response. A JSP consists of templates, together with commands, scripting elements, and possibly tags. This allows the developer to include Java code in an HTML page, which is converted to a servlet by the Web Container. JSPs and servlets run in a container for Java EE Web components (Web Container), which is part of the Java EE server. Applets can be embedded within the HTML pages that are sent to the browser. An applet is a small Java application that is executed on the Java Virtual Machine of the client (that is, in the Web browser). The business logic is executed using Enterprise Java Beans (EJB). EJBs run on the business logic tier of the Java EE server. Among other things, they receive data from the database tier and forward it, if appropriate, to the presentation tier. The Java EE architecture allows you to develop reusable components. The infrastructure required to execute these components is provided by the Java EE server. This infrastructure contains containers. Containers in object-oriented programming are objects that provide a runtime environment for other objects. They represent the interface between a Java component and the Java EE function that supports this component. Hint: Before a Java component can be executed, it must be assembled into a Java EE application (Assembly) and deployed in the relevant container (Deployment). Development Steps for Creating a Java EE Application The figure below illustrates the steps required for the development and the process of a Java EE application: 2011 © 2011 SAP AG. All rights reserved. 301 Unit 7: Change Management and Software Logistics ADM800 Figure 125: Steps when creating a Java EE application In accordance with the architecture of Java EE applications, the application logic (Enterprise Java Beans) and presentation logic (JSPs and servlets) are also separated during application development. During the implementation of application logic, the application developer creates his or her own Enterprise Java Beans. The developer also uses classes that are contained in the standard Java library and possibly also other Java classes provided by other developers. All classes are included (“imported”) as .class files. This is done, for example, by inserting the following lines in the source code: import java.applet.Applet; import java.awt.*; The configuration of the application itself is performed by the integrated development environment (IDE) in the context of an XML file, the deployment descriptor. The structure and the runtime behavior of an application (such as security settings or transactional behavior) are described by this deployment descriptor. This information is evaluated by the EJB Container and the Web Container at runtime. When the development is complete, the developer uses a standard Java program to combine Enterprise Java Beans, used Java classes and the deployment descriptor into a Java Archive (.jar file). This “creation” of a JAR file is also known as the build . 302 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Standard Java EE Development Process In the same way, Java Server Pages or servlets and HTML pages are created during the implementation of the presentation logic. It is also possible to include other Java classes here. The IDE also generates a deployment descriptor. The developer uses a standard Java program to combine these files into a Web archive (.war file) during the build process. Note: All development objects which belong to an archive will be built together which means that a change of only one JSP for example will result in a rebuilt of the complete Web archive. After the developers have created various Java and Web archives, these archives, together with an additional deployment descriptor, can be combined into an Enterprise Archive (.ear file). An Enterprise Archive can consist of multiple Java Archives and Web Archives, and also contain other Enterprise Archives. This process step of the creation of an application is also called assembly, and is performed by the application assembler. Although in theory the application assembler does not need to know any of the details of the implementation of the individual components of the .ear file, the application developer also often performs the role of the application assembler. Finally, the (platform-independent) Enterprise Archive must be installed on a specific Java EE server in a specific operating system environment. This process is known as deployment, and is performed by a deployer. The deployer is usually an expert in the specific operating system environment. The system administrator often performs the role of the deployer. During the deployment process, the external dependencies that are listed in the deployment descriptor are resolved; that is, the application is assigned, for example, security settings or database resources for the specific environment. Differences between ABAP and Java Development Approaches There are two different approaches to software development. Either developers all log on to a central development system (central development) or development is performed locally, that is, it is decentralized. In the case of local development, every developer works in his or her own development environment which usually consists of development tools and a runtime environment for testing changes. 2011 © 2011 SAP AG. All rights reserved. 303 Unit 7: Change Management and Software Logistics ADM800 Figure 126: Comparison of the different development approaches Development in the ABAP environment is a classic example for central development whereas software development in the Java environment usually uses a local development environment. The difference between these two development approaches also impacts on the way software is developed and tested. The Java SE Development Kit (JDK) provides, in principle, all of the tools that are required to develop smaller Java applications (in addition to the runtime environment) that is programs such as the Java compiler or a debugger. For a more convenient development of applications, there are also various local development environments (Integrated Development Environments, IDE) based on the JDK. When developing Java applications in larger development teams, however, new challenges arise. The following illustration shows the typical development process in the Java environment and shows some of the difficulties that have to be dealt with. These difficulties often have to do with the fact that the development takes place locally in the runtime environment of the individual developer and this development environment does not correspond in every detail to the central runtime environment. 304 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Standard Java EE Development Process Figure 127: Typical problems in a team-oriented development in the Java environment Java applications can exist in various versions (just like ABAP applications). Before an application is newly created, or an existing application can be revised, the developer must ensure that he or she is using the correct versions of the required source files or of the libraries used. Furthermore, the use of different versions of the same objects within different development tasks typically requires a reconfiguration of the local development environment (which is time-consuming and susceptible to errors). After the correct version of all necessary sources have been found and have been checked out of a central directory, local development can begin. In the meantime, the developers from time to time carry out – based on their own, local runtime environment – local builds, in order to be able to test their applications in the local runtime environment. After the completion of this development, the changed and referenced sources are once again checked-in to a central storage location. Errors can occur here, if the local environment of the developer differs from the environment of the central runtime system. For example, referenced objects could have been changed by other developers in the meantime and then once again checked-in, in the changed form. The test in the central runtime system can also cause unforeseen errors due to the different runtime environments (of the developers). As a result, the customer-specific development must be adjusted to suit the changed framework conditions. In the ABAP environment, the problems described above do not arise or they occur at an earlier stage due to the central development environment (all developers work in a central runtime environment and each use the current version of the respective development object). The goal of SAP NetWeaver Development 2011 © 2011 SAP AG. All rights reserved. 305 Unit 7: Change Management and Software Logistics ADM800 Infrastructure – SAP NWDI for short below – is therefore to avoid the problems described above by transferring tried and tested concepts from the ABAP world into the Java world. Here, SAP builds on the known standards (Java EE or WebDAV and DeltaV as the repository standard for accessing and versioning any development objects). The local development environment is based on the open source development tool Eclipse. Due to the different development philosophies, it is relatively difficult to compare on both sides the development processes of ABAP (central development) and Java (local development). The following list summarizes the main differences between standard ABAP and standard Java EE development approaches (at least as far as turn out to be are relevant for SAP NetWeaver Development Infrastructure): • ABAP: • – Central development – Single development objects are activated Java: – – Local development Complete archives are built When developing repository objects in ABAP, the repository used is defined by logging on to a particular development system. This means that the developer has access to all used repository objects in their respective active version. Due to the central development in the ABAP Workbench, there is no possibility for developers to create their own, private runtime environment. This ensures that there are no inconsistencies between the development objects of different developers. When activating changes, the formal correctness of the sources is checked (syntax check). Only after this check has been successfully performed, the changes become visible to other people. A disadvantage of this is that the central runtime environment is also not private; that is, that errors in the implementation can potentially have consequences for other users of the development system even before the changes are released for transport. However, it is generally possible to identify and correct errors more quickly using this central development. 306 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Overview of the Standard Java EE Development Process Figure 128: Comparison of the Java and ABAP Development Processes The logon to the SAP development system in the Java EE environment is similar to the developer's logon to the correct SAP NWDI development configuration. A development configuration consists of a list of software components statuses that are required for designing, the build process of, and testing one or more software components in SAP NetWeaver Developer Studio. Logging on to the correct development configuration ensures that this developer has access to the correct versions of his or her own and other development objects. When checking out, the correct versions of the libraries and development objects are therefore copied to the local development environment. The majority of the development activities now take place on the local PC of the respective developer. After the completion of the central development with local tests in the runtime environment of the developers' PCs, the objects are checked-in centrally again. When they are then activated in the central environment, in addition to a test for formal correctness, the system checks whether there are consistent sources in the central environment, or whether some libraries that are referenced have changed in the meantime. After a successful central activation, the developers can finally test in a central environment before the changes are released for transport. 2011 © 2011 SAP AG. All rights reserved. 307 Unit 7: Change Management and Software Logistics ADM800 Lesson Summary You should now be able to: • List the elements of a Java EE application • Outline the steps required to develop an executable Java EE application • Name differences between ABAP-based development and Java-based development Related Information • • 308 For introductory information about Java technology in general, see the introductory page http://www.oracle.com/us/technologies/java/index.html. For an overview of Java development in the SAP environment, go to the SAP Developer Network (SDN) in the area SDN Communitiy → Home → Custom Development → Java (https://www.sdn.sap.com/irj/sdn/javaee5). © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Lesson Overview This lesson first lists some requirements to a development infrastructure in general. Then SAP NetWeaver Development Infrastructure (SAP NWDI) and its building blocks is introduced. After an excursion on SAP's component model for structuring Java-based applications, the architecture of SAP NWDI is explained. Finally the integration between SAP NWDI and the ABAP Change and Transport System (CTS) is highlighted. Lesson Objectives After completing this lesson, you will be able to: • • • Name the building blocks of SAP NetWeaver Development Infrastructure and explain their meaning Explain the idea of SAP's component model for the development of Java based SAP applications Outline the use of Change Management Services and the enhanced Change and Transport System for the use with SAP NetWeaver Development Infrastructure Business Example Your company uses SAP systems that are based on the technology platform SAP NetWeaver, and is planning to develop its own Java-based business applications. As a member of the system administration, you want to have an overview of the development infrastructure provided by SAP for this purpose. Building Blocks of SAP NetWeaver Development Infrastructure To develop and execute applications, regardless of the selected programming language, you require at least an editor, a compiler (or interpreter) and a runtime environment. Requirements for a Development Infrastructure Especially for developments in which different developers are participating, a source code storage and versioning system is also desirable. 2011 © 2011 SAP AG. All rights reserved. 309 Unit 7: Change Management and Software Logistics ADM800 In addition to this, you require a build support and a central storage of archives. Even more, a transport mechanism (which may consist only of a simple Copy & Paste process) is needed if the applications are to run on other computers at a later stage. This transport mechanism may consist of an export part (developer's task) and of an import part (system administrator's part). The general requirements for a development infrastructure (regardless of the programming language) are summarized in the following figure: Figure 129: General Requirements for a Development Infrastructure SAP's Solution: SAP NetWeaver Development Infrastructure With SAP NetWeaver Development Infrastructure, SAP ships a development infrastructure that fulfills the requirements stated above: 310 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Figure 130: Main Building Blocks of SAP NetWeaver Development Infrastructure The Design Time Repository (DTR) enables a versioning of the source code management and therefore the shared development of software in teams as well as the transport and replication of sources. The Component Build Service (CBS) is used for the central build of the source texts. The operation for the developers is integrated into SAP NetWeaver Developer Studio. For the build process, the CBS communicates automatically with the Design Time Repository. For further processing, the CBS communicates with the system logic of the Change Management Services. It provides the following core functions • • • Build on demand Central storage of build results and build tools Activation concept The Change Management Services (CM Services) are used for the central administration of the Java development landscape. The functions of the CM Services are closely interlinked with the DTR, the CBS and the System Landscape Directory (SLD). The Change and Transport System (CTS) is used for the transport of changes into subsequent systems. As of some SP Stack for SAP NetWeaver 7.0, the CTS is able to transport non-ABAP changes (such as Java applications) as well. Software development worldwide requires a conflict-free method for creating names for software objects. Without such a method, different software teams may use the same names by chance for software objects with different uses. If 2011 © 2011 SAP AG. All rights reserved. 311 Unit 7: Change Management and Software Logistics ADM800 the software objects are then combined in the same runtime environment, this could even deactivate applications because of a simple name conflict. In order to avoid name conflicts, the SAP System Landscape Directory (SLD) provides a name reserving service (Name Server), which makes it possible to reserve globally unique names. The following list summarizes the components of SAP NWDI and their characteristic properties: • Design Time Repository (DTR) • – Central source code administration and versioning Component Build Service (CBS) • – Build on demand – Central storage of build results and build tools – Activation concept Change and Transport System (CTS) – – • Central administration of the entire transport landscape Transports between the individual development levels (development system, quality assurance system, production system) Change Management Services (CM Services) – – • Managing development configurations Export Java development from SAP NetWeaver Developer Studio to CTS System Landscape Directory (SLD) – • Overview of systems, installed products and software versions (releases, support packages) Name Service – To avoid naming conflicts Hint: Starting with SAP NetWeaver 7.3, you can also use the CM Services in a Stand-alone mode without having a CTS system connected. This scenario is not discussed here however. For more information see a presentation for CM Services in SAP NetWeaver 7.3 which is availalble on SDN, quick link /cts (http://www.sdn.sap.com/irj/sdn/cts). SAP's Component Model The development of Java applications in SAP NetWeaver Developer Studio is based on a software component model. Using this, software projects can be structured systematically in clear and reusable units from the beginning. 312 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Components can use other components in a well-defined and controlled way, encapsulate subordinate components, and publish their functions using a set of open interfaces, the public parts. Using components means that software projects can be systematically structured into manageable and reusable units from the start. The figure below summarizes the elements of the component model of SAP NWDI: Figure 131: Elements of the Component Model A development component (Abbreviation: component or DC) is – simply put – a common container for a set of objects that are part of the software. A component has a well-defined external interface and an “internal life” that is not visible from outside. Components can use each other by referring to the public interfaces of other components. Due to these properties, components are the elementary reusable units of the model. A development object is an element of a component that provides part of its function and can be changed or developed in some way. This can be a Java class, a table definition, a JSP page, and so on. Development objects are essentially stored in a repository. Software components combine components (DCs) for delivery and deployment to larger units. A release is a large step in the development of a software component, which provides new functionality. A product consists of one or more software components that represent related business processes. 2011 © 2011 SAP AG. All rights reserved. 313 Unit 7: Change Management and Software Logistics ADM800 An SDA file (Software Deployment Archive) contains an entire development component. An SCA file (Software Component Archive) contains an entire software component. The Meaning of SAP System Landscape Directory (SLD) The SAP System Landscape Directory (SLD) simplifies the administration of the system landscape. The SLD is a server application based on AS Java with which a client application communicates entirely using Hypertext Transfer Protocol (HTTP). The SLD server contains component information and system landscape descriptions. It can also contain a name server, which allows name reservation based on the Common Information Model (CIM) standard. The component description provides information about all available SAP software modules. This includes version numbers, the current patch level, and dependencies on system landscape components. The system landscape description represents an exact model of an actual system landscape. The CIM standard is a general schema for describing the elements in a system landscape. The SLD is the central provider of information for the entire system landscape. The SLD is usually deployed after the installation of each AS Java. During the installation, a directory <sapmnt>/<SID>/SYS/global/sld is created at operating system level as a working directory for the SLD. However, before the SLD server can be used, it must be configured and activated. To activate the SLD server, you must log on to the SLD administration interface (http://<SLD-host>:<Port>/sld) with a user of the UME group SAP_SLD_ADMINISTRATOR or of the user group Administrators. A prerequisite for the activation of the SLD server is that the name of an object server is specified first. In connection with the development of components within SAP NWDI, a namespace that is reserved on SAP Service Marketplace should be specified as an object server (if available). 314 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Figure 132: System Landscape Directory (SLD) The SLD server implements the Common Interface Model (CIM). Before the SLD server can be used, you must import information about available SAP components. For this purpose, a zip file is already stored in the file system and imported into the SLD during the installation of the AS Java on which the SLD is used. Hint: You can always find the most current version of the files about available SAP components on the SAP Service Marketplace. See also SAP Note 669669. SAP systems that are based on AS ABAP can periodically transfer their data to the SLD server using transaction RZ70. However, we will not take a closer look at this transaction in this lesson. SAP systems that are based on AS Java can use an HTTP connection to transfer system information to the SLD server. The Visual Administrator is used for systems with SAP Web AS Java 6.40 or AS Java 7.0x with regard to configuring the data transfer. However, for SAP systems that are based on AS Java 7.1 and higher, SAP NetWeaver Administrator is used for the connection to the SLD. 2011 © 2011 SAP AG. All rights reserved. 315 Unit 7: Change Management and Software Logistics ADM800 Figure 133: Connecting SAP NetWeaver 7.1-based systems to the SLD In SAP NetWeaver Administrator, the connection to the SLD takes place at two locations: • • In the area Configuration → Security → Destinations, you must first set up the registration by creating a destination SLD_DataSupplier of the type HTTP where the connection data (URL and user defined) to the SLD is maintained. Furthermore, you must set up AS Java access to the SLD by creating a destination SLD_Client of the type HTTP. Here you can enter the same configuration settings as in the destination SLD_DataSupplier. In the area Configuration → Infrastructure → SLD Data Supplier Configuration, the data collection and data trasnsfer to the SLD can now be started. Creating a Product and a Software Component in the SLD Products and software components are created in the SAP System Landscape Directory (SLD), on the start page in the area Software Catalog. 316 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Figure 134: Creating a Product and a Software Component After you have manually create software components and their dependencies for the build time on the SLD, you can also create software components using the Configuration Wizard in SAP NetWeaver Administrator. The latter occurs using the wizard for Create an Application Skeleton: (in the area Configuration Management → Scenarios → Configuration Wizard). For this purpose, there are different track templates for the development in SAP NetWeaver 7.3 available. Hint: For more information, see SAP note 1457908 – Required SCs for Specific Type of Development in 7.3 Track. Namespace Reservation To avoid naming conflicts, SAP System Landscape Directory (SLD) provides a name reservation service (also known as the name server), which allows the reservation of globally unique names. The underlying principle is the namespace concept. A namespace is defined using a namespace prefix, which is the first part of a development object name. Reserving a namespace prefix is done on the Web administration interface of the SLD from the start page via the link Name Reservation. Hint: For more information about the namespace concept, see the SAP Service Marketplace under the Quick Link /namespaces. 2011 © 2011 SAP AG. All rights reserved. 317 Unit 7: Change Management and Software Logistics ADM800 Figure 135: Reserving a Namespace Prefix Integration of the SAP NetWeaver Development Infrastructure into the ABAP Change and Transport System (enhanced CTS) Purpose In an SAP system, you can program in ABAP and in the J2EE/JEE standard, or use SAP-specific non-ABAP technology, such as Java Web Dynpro or developments for the SAP NetWeaver Portal. This is not a competition between technologies but different approaches to a solution for business needs. You choose from these options based on your preferences, knowledge that is already available in one of the technologies, or with respect to specific advantages of one technology in certain areas. Therefore, in any bigger landscape you will find many or even all of these objects. When you, for example, provide users with role-based access to a new function in the SAP ECC Server back-end system in an SAP NetWeaver Portal system, you have to synchronize the update between the Portal and the SAP ECC Server runtime, which may be connected to other systems using SAP NetWeaver Process Integration (PI). This is simplified when you use SAP NetWeaver Development Infrastructure (SAP NWDI for short) with its transport capabilities; the easiest way, however, is to manage such transports centrally in one system. 318 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Up to SP stack 12 for SAP NetWeaver 7.0, the following restrictions applied despite the available tools for ABAP and Java transports: • • • There was no automatic synchronization for mixed applications (such as PI). You therefore had to use different tools to transport parts of the same application. There was no central control of portal transports. (Furthermore, there were only rudimentary export / import tools that were neither integrated into SAP NWDI nor into the ABAP Change and Transport System (CTS)). There was no central control of all transports into productive systems. Figure 136: Classical Transport Scenario – Different Tools for ABAP and Java Transports With the enhancements of the SAP NetWeaver Change and Transport System (CTS for short, or enhanced CTS respectively, if specifically the enhanced capabilities are meant), available with SP Stack 12 of SAP NetWeaver 7.0 and further enhanced with SP Stack 14, the CTS has been enhanced to handle any type of object that can be transported into an SAP system landscape. 2011 © 2011 SAP AG. All rights reserved. 319 Unit 7: Change Management and Software Logistics ADM800 Figure 137: The Idea of Enhanced Change and Transport System – Using CTS Combined with SAP NWDI Therefore, an administrator of your ABAP system can now also manage the transports for the non-ABAP parts of your system landscape. By combining and synchronizing transports in a comprehensive approach, the enhanced Change and Transport System therefore solves transport issues. The following objects (alongside ABAP objects) can be transported with the enhanced CTS: • • • • • • • • • Enterprise Application Archives (EARs) Software Component Archives (SCAs) Software Develivery Archives (SDAs) DTR activities (DIPs) Enterprise Portal Archives (EPAs) and Enterprise Poral Applications (PAR) Knowledge Management objects (KM Content, KM Configurations) Integration Builder Objects (TPZs) System Landscape Directory Content Objects (Products, Software Components, Technical Systems, Business Systems) Modifications to repository metadata of SAP Master Data Management 7.1 Import Process (Overview) The import into subsequent systems is triggered from transaction STMS (Transport Management System) on the (ABAP)-Transport Domain Controller system. During the import, the transport control program tp is called. tp itself controls 320 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) the import of the ABAP related part of the transport request(s) as usual. For the Java part of the transport request(s) – if there is any – tp hands over the files to the deploy tool of the AS Java (for systems based on AS Java 7.0: the SDM, for systems based on AS Java 7.1 and higher: the deploy controller). For this, the CTS Deploy Web Service is used. The following list summarizes (on a high level) the tasks of the transport control program tp: • • controls the import of the ABAP part (if there is an) of the transport request hands over the Java part (if there is any) of the transport request to the deploy tool of the AS Java (SDM or Deploy Controller) – for the communication between the AS ABAP and the AS Java, the CTS Deploy Web Service is used Prerequisites The Transport Domain Controller system has to meet certain requirements to be able use the enhancements of the Change and Transport System for the integration of SAP NetWeaver Development Infrastructure. • • • • The Transport Domain Controller System is based on AS ABAP + Java 7.00 SP Stack 12 (recommended: SP Stack 14) or higher The CTS Deploy Web Service must be configured and run The ABAP Web Dynpro application for CTS must be activated (service CTS_BROWSER in transaction SICF) If necessary: Non-ABAP systems and transport routes between these systems must be configured in transaction STMS and tp parameters for these systems must be maintained correctly. Note: As a prerequisite for carrying out CTS transports of non-ABAP objects, we recommend that you configure the Transport Domain Controller on an AS ABAP + Java system (on which the CTS Deploy Web Service is also configured; the CTS Deploy Web Service originally belongs to the software component DI_CMS – however, as of enhancement package 1 for SAP NetWeaver 7.0, this Web Service belongs to a software component of the AS Java itself). In addition to the Transport Domain Controller System, the runtime systems (that means the systems that are included in the STMS system landscapes) must meet certain requirements. The configuration or the transport scenario is sometimes dependent on the release level and SP Stack level. The configuration with SP Stack 2011 © 2011 SAP AG. All rights reserved. 321 Unit 7: Change Management and Software Logistics ADM800 14 for SAP NetWeaver 7.0 has been simplified considerably for the integration of SAP NWDI into the enhanced CTS. There are the following requirements for the SAP NWDI system in this scenario. • • The connection to the development system of the TMS system landscape is defined – depending on the transport scenario either in the track definition or in the transport settings in transaction STMS on the transport domain controller system. In the Visual Administrator (area Server → Services → Destinations) on the SAP NWDI system, the Destination Service sap.com/com.sap.tc.di.CTSserver of the type RFC is maintained; it contains the connection data for the Transport Domain Controller System. Hint: For SAP NWDI systems on AS Java 7.11 and higher, this destination needs to be maintained in SAP NetWeaver Administrator, area Configuration → Security → Destinations. • The corrections mentioned in SAP Note 1003674 – Enhancement for non-ABAP systems in CTS have been implemented (if they are required). For more information about the configuration of the systems involved, go to the online documentation for the enhanced CTS. You can find this path in the “Related Information” area at the end of this lesson. Architecture of SAP NetWeaver Development Infrastructure SAP NetWeaver Developer Studio provides access to the SAP NetWeaver Development Infrastructure (NWDI). SAP NWDI is composed of a local development environment (IDE) on the PCs of the developers and server-side services that provide the development team with a consistent central development environment, and support software development throughout the entire life cycle of a product. 322 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Figure 138: Overview of SAP NetWeaver Development Infrastructure One important feature of SAP NetWeaver Development Infrastructure (NWDI) is the ability to develop and build software which belongs to different releases and Support Package Stacks. To do this, you need a single SAP NWDI system since the Component Build Service (CBS) creates the software in accordance with the release and Support Package Stack. Hint: The SAP NWDI system should have the highest possible Support Package version irrespectively of the Support Package version of the software that is to be developed. The version of SAP NetWeaver Developer Studio must correspond to the runtime system and to the developed software components. The development of Java applications in SAP NetWeaver Developer Studio is based on a software component model. Using this, software projects can be structured systematically in clear and reusable units from the beginning. Components can use other components in a well-defined and controlled way, encapsulate subordinate components, and publish their functions using a set of open interfaces, the Public Parts. On the side of the central infrastructure, there are, among other things, the services shown in the figure, the Design Time Repository, Component Build Service, and the name server as part of the System Landscape Directory. 2011 © 2011 SAP AG. All rights reserved. 323 Unit 7: Change Management and Software Logistics ADM800 Special Features for the Development for an SAP Release that Uses a Different Version of the SDK than the SAP NWDI System. If SAP NetWeaver Development Infrastructure (NWDI) is to support the development of Java applications for different AS Java releases, different versions of the Java Development Kit (JDK) may be required to build the applications. Applications for SAP Web AS Java 6.40 or AS Java 7.0x are based on JDK 1.4.2 for example; applications for SAP NetWeaver 7.3, on the other hand, are based on Version 1.6 of the JDK. Therefore, a JDK 1.6 must be provided for the Component Build Service (CBS) of the SAP NWDI system (itself based on AS Java 7.0x) responsible for the central build, along with the JDK 1.4.2 required for the installation, if it is used for SAP NetWeaver 7.3. This JDK must be also installed at operating system level of the SAP NWDI host. The Component Build Service (CBS) uses two service properties to find the JDK used for the build process. These two properties determine, in association with a build option specified in a concrete development configuration, which JDK is used to compile Java sources for a special development component (DC): • • 324 BUILD_TOOL_JDK_HOME defines the VM that executes the build environment; this property should point to the highest JDK version used by the CBS to ensure compatibility. JDK_HOME_PATH defines a list of variables and paths for directories in which the related JDK versions are stored (see the following figure). © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Figure 139: Configuration of the CBS for different JDK versions Hint: A special build option (option com.sap.jdk.home_path_key) can then be used for the individual systems in the transport landscape to control which JDK is used for building for archives in a concrete development configurations. SAP NetWeaver Developer Studio SAP NetWeaver Developer Studio is SAP's own environment for developing multi-level Java-based applications. The development environment is based on the open source product Eclipse, whose open plug-in architecture provides a suitable platform that can be enhanced with special functions. Eclipse offers all the necessary tools for the development of Java programs. For Java EE projects, additional functionality is required in the SAP environment, however (for example, integration with the application server), that is not provided by Eclipse. The architecture of SAP NetWeaver Developer Studio is illustrated in the figure below. 2011 © 2011 SAP AG. All rights reserved. 325 Unit 7: Change Management and Software Logistics ADM800 Figure 140: S tructure of SAP NetWeaver Developer Studio SAP NetWeaver Developer Studio provides a range of tools for all aspects of application development, a few of which are listed below as examples: • • • The Composite Application Framework (CAF) is a Java EE-based framework that follows the programming model of the Service Oriented Architecture (SOA) and enables the modeling of enterprise services. Java EE Tools are tools for creating Java EE applications, such as Enterprise Java Beans. The SAP Development and Modeling Infrastructure (MOIN) contains, among other things, a (Enterprise) Design-Time Repository that manages the content required for the modeling. The particularity advantage of these development tools lies in their seamless integration into SAP NetWeaver Development Infrastructure (NWDI). All development objects that are created can thus be stored and managed in a central repository, the Design Time Repository (DTR), can be built in an automated build process using the Component Build Service (CBS), and added to Change Management, and finally distributed via a defined software logistics process. System Landscape for Runtime Systems Since the ongoing developments of the software developers in the local development systems and the central development system must not affect productive system operation, the production environment and development 326 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) environment must be strictly separated from each other. There should also be a runtime environment that is as stable as possible (that is, not constantly changed by the importing of new developments) available to test the developments. SAP recommends a three-system landscape. The different systems represent the different development statuses (development, quality assurance, production) of the software components to be developed. Figure 141: TMS System Landscape for Activity-based SDA Transports The central development system (DEV) is used by the individual developers to test the local developments in a larger context, that is, their interaction with changes made by other developers. The quality assurance system (QAS) is used to consolidate a certain fixed status of a software component or for a final test (also in the sense of an integration test). Not until a test has been successful, is the development finally imported into the productive system (PRD). Hint: The term system is not necessarily identical with runtime system. The figure illustrates that a system may consist of a development configuration (located on SAP NWDI) and / or of a runtime system. Developers use SAP NetWeaver Developer Studio to initiate the transfer of local development work to the central development system. SAP NetWeaver Developer Studio uses CBS and CM Services to start the deployment to the central development system. The import into all the following systems is controlled exclusively via the Change and Transport System (CTS) and it is the administrator who starts the imports via transaction STMS. 2011 © 2011 SAP AG. All rights reserved. 327 Unit 7: Change Management and Software Logistics ADM800 In case of using activity-based SDA transports, you need to create a development configuration for the development system of the system landscape. This development configuration contains areas of the DTR (for source code versioning) and CBS (for archives). Note: A note on the TMS upload system: In order to be able to develop an application for AS Java you need to import some basic libraries (prerequisite Software Component Archives) into the CBS. To be able to do so, a transport request with these libraries needs to be created and imported all systems for which you created a development configuration (tp parameter DI_SYSTEM = TRUE). For this transport request (and future transport requests with newer libraries, for example, after SP updates of your AS Java) you need an upload system. This upload system does not require a server or an installation of an AS Java. It is just a “dummy” system that is needed to be able to create transport requests. Addendum: CM Services Starting with enhancement package 1 for SAP NetWeaver 7.0, SAP provides the first version of the Change Management Services (CM Services). The CM Services are the successor of CMS (Change Management Service) in SAP NetWeaver Development Infrastructure (NWDI). CMS is now in maintenance mode – there are no new features going to be developed. The “old” CMS provides the functionality to perform two different tasks. The first task is the system administration part where you setup a track in order to create a transport landscape for your runtime systems and the second task is the configuration of development configurations for your development cycle and the export of deployable units (SCA files – Software Component Archives). The integration with the enhanced Change and Transport System (CTS+) is possible during the assembly step where the SCA file is attached to a CTS+ transport request. But in that case a track configuration is still needed. With the introduction of CM Services, a clear separation of both tasks is provided. The first task is covered by CTS+, where you define your non-ABAP runtime systems and your transport route. The remaining second part – development configurations and export – is now handled by the new CM Services. Therefore a CMS track is no longer needed on the Java side. With the close integration of CM Services with the mechanism of CTS+ you can now manage your development configurations together with your transport landscape via the CTS system. 328 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) For the use of CM Services, you need to distinguish different SAP systems: • • • one system based on usage type AS Java on which SAP NetWeaver Development Infrastructure is running (SAP NWDI system) one system based on AS ABAP + Java on which the Change and Transport System is configured (CTS system) and multiple runtime systems (for example: development system, production system) – based either on AS Java or on AS ABAP + Java. Figure 142: Addendum: CM Services – Configuration Overview The figure above shows on which of these systems the components which are needed for the use of SAP NetWeaver Development Infrastructure together with CM Services should run: • • • 2011 A System Landscape Directory (SLD) is needed if you are developing your own Software Components in the SAP Component Model to store the products, software components and development configurations. SLD is part of each AS Java – you can decide which one to use. The CTS Deploy Web Service and CM Services are part of AS Java as well – from a principle point of view they can be used either on the CTS system or on the SAP NWDI system. For source transports It is recommended to configure them on the SAP NWDI system. For the transport of deployables it is recommended to use the CTS Deploy Web Service both on the SAP NWDI system and the CTS system however. CMS as part of usage type DI is not used / needed any more if you are working with the CM Services. © 2011 SAP AG. All rights reserved. 329 Unit 7: Change Management and Software Logistics ADM800 In addition, the figure above outlines, which connections between the CTS system and the SAP NetWeaver Development Infrastructure system (SAP NWDI system) will be needed: • RFC destination CTSCONFIG from the CTS system to the SAP NWDI system. This RFC destination is used in two different cases (realized with the help of two different logical ports) – – for the creation of development configurations from transaction STMS using the logical port CTSCONFIG. for calling the CTS Deploy Web Service on the SAP NWDI system. Hint: The CTS Deploy Web Service in the SAP NWDI system is used on one hand when starting tp on the CTS system using the logical port CTSDEPLOY_DI (in case of transporting sources). On the other hand it is used in case of deploying from SAP NetWeaver Developer Studio into the central development system of the TMS system landscape. • • JCo destination sap.com/com.sap.tc.di.CTSserver of type RFC for the connection from the SAP NWDI system back to the communication system as defined in transaction STMS on the CTS system RFC destination CTSDEPLOY (using the logical port CTSDEPLOY) is needed when calling the CTS Deploy Web Service on the CTS system. Hint: This is done on one hand in case of using CTS for other transports such as e.g. portal content or SLD content. In case of transporting deployables on the other hand, you can call the CTS Deploy Web Service on the CTS system as well for the import into the QAS and the PRD system. In this scenario the SAP NWDI system will not be needed for the import into follow-up systems. 330 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Exercise 16: Checking the Settings on System Landscape Directory Exercise Objectives After completing this exercise, you will be able to: • Check settings in the Software Catalog area of SAP System Landscape Directory Business Example In 2005, the company COMPANY (Internet Domain company.com) launched the first version of the software product MATHEMATICS which consists, among other things, of version 1.0 of the software component CALCULATOR and is based on SAP Web AS 6.40. When first developed, version 1.0 of the software component CALCULATOR was implemented in JSP technology. Since then, a new version of MATHEMATICS (Version 2013.1) has been implemented. This consists (among other things) of version 4.0 of the software component CALCULATOR and is based on AS Java 7.30. During the review of CALCULATOR, a change was made from JSP technology to Java Web Dynpro. However, during the test phase, a number of minor errors were detected in CALCULATOR 4.0 which are now to be eliminated in this unit. Task: Check the SLD Settings Check whether a product MATHEMATICS with the version 2013.1 and an associated software component CALCULATOR version 4.0 exist in the SAP System Landscape Directory (SLD) of the SAP NWDI system. If not, create these elements in the SLD. Check whether a namespace for the Development Component Name company.com/math/calc is defined in the SLD. If not, create one. 2011 1. Log on to the Web interface of the SLD and check in the area Home → Products whether the product MATHEMATICS exists in Version 2013.1 from the vendor company.com. 2. Check whether there is a software component CALCULATOR in version 4.0 for this product. Make sure that this software component possesses the dependent software components JAVA FRAMEWORK OFFLINE 7.30, DI BUILD TOOL 7.30, J2EE ENGINE FACADE 7.30, ENGINEAPI 7.30 and WEB DYNPRO RUNTIME 7.30 in the Build Time context. 3. Check in the area Home → Name Reservation to see whether a namespace prefix company.com/math/calc is defined for the Development Component Name. © 2011 SAP AG. All rights reserved. 331 Unit 7: Change Management and Software Logistics ADM800 Solution 16: Checking the Settings on System Landscape Directory Task: Check the SLD Settings Check whether a product MATHEMATICS with the version 2013.1 and an associated software component CALCULATOR version 4.0 exist in the SAP System Landscape Directory (SLD) of the SAP NWDI system. If not, create these elements in the SLD. Check whether a namespace for the Development Component Name company.com/math/calc is defined in the SLD. If not, create one. 1. Log on to the Web interface of the SLD and check in the area Home → Products whether the product MATHEMATICS exists in Version 2013.1 from the vendor company.com. a) In the browser, call the URL http://<NWDI-Host>:<NWDI-Port>/sld, where <NWDI-Host> and <NWDI-Port> are the host name and port of the SAP NetWeaver Development Infrastructure (NWDI) for your training course, which are given to you by your instructor. Log on with your course user <CourseID>-## to the NDI system (## corresponds to the group number assigned to you in the course). You are now on the System Landscape Directory (SLD). b) Choose Home → Products. In the selection list, choose the Software Type Products and, in the resulting list, select MATHE* in the Filter field and choose Go to see whether there is an entry MATHEMATICS of company.com in version MATHEMATICS, 2013.1 of company.com (in the resulting list, you may need to scroll down to find this entry). If this is not the case, choose the button New Product Version, enter the following values in the input fields and then choose Create: Name: MATHEMATICS Vendor: company.com Version: 2013.1 Continued on next page 332 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) 2. Check whether there is a software component CALCULATOR in version 4.0 for this product. Make sure that this software component possesses the dependent software components JAVA FRAMEWORK OFFLINE 7.30, DI BUILD TOOL 7.30, J2EE ENGINE FACADE 7.30, ENGINEAPI 7.30 and WEB DYNPRO RUNTIME 7.30 in the Build Time context. a) If you have not already done so, call the URL http://<NWDIHost>:<NWDI-Port>/sld in the browser, where <NWDI-Host> and <NWDI-Port> are the host name and port of the SAP NetWeaver Development Infrastructure system for your training course, which are provided by your instructor. If you have not done so already, log on with your course user <CourseID>-## (## corresponds to the group number assigned to you in the course). You are now on the System Landscape Directory (SLD). b) Choose Home → Software Components. In the list, check whether there is an entry CALCULATOR of company.com, version CALCULATOR, 4.0 of company.com. To do this, enter CALCULATOR in the Filter field and choose Go (again you may need to scroll down in the resulting list to find this entry). If this entry exists, select it and check on the tab page Dependencies in the lower half of the screen (in the context BuildTime) whether the software component versions from the task description have been entered as Prerequisite Software Component Versions. c) If the entry CALCULATOR of company.com in Version 4.0 does not exist, choose the button New Software Component Version, enter the following values in the input fields and then choose Create: Product: MATHEMATICS, 2013.1 of company.com (select from the selection list) Unit: MATHEMATICS 2013.1: BASIC FEATURES (if this does not exist yet, create it by choosing Create New Unit) Vendor: company.com Name: CALCULATOR Version: 4.0 Production State: started Now select the new software component version. In the lower half of the screen, go to the Dependencies tab (in the BuildTime context) and enter the software component versions JAVA FRAMEWORK OFFLINE 7.30, DI BUILD TOOL 7.30, J2EE ENGINE FACADE 7.30, ENGINEAPI 7.30 and WEB DYNPRO RUNTIME 7.30 as prerequisite software component versions. Use the button Define Prerequisite Software Component Versions to do this. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 333 Unit 7: Change Management and Software Logistics 3. ADM800 Check in the area Home → Name Reservation to see whether a namespace prefix company.com/math/calc is defined for the Development Component Name. a) In the System Landscape Directory (SLD), choose Home → Name Reservation. On the tab page Name Prefixes, select the entry Development Component Name in the selection list of the field Name Category and check whether the list that is displayed contains the entry company.com/math/calc. If this is not the case, choose New Name Prefix..., enter the following values in the input fields and then choose Create: Quantity: Single Name Category: Development Component Name Name Prefix: company.com/math/calc Purpose: Used by developer Owner: <Your user name; this is the default> Result You have checked that the software component version CALCULATOR 4.0 exists on SAP System Landscape Directory and that a namespace prefix has been reserved. 334 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to SAP NetWeaver Development Infrastructure (NWDI) Lesson Summary You should now be able to: • Name the building blocks of SAP NetWeaver Development Infrastructure and explain their meaning • Explain the idea of SAP's component model for the development of Java based SAP applications • Outline the use of Change Management Services and the enhanced Change and Transport System for the use with SAP NetWeaver Development Infrastructure Related Information You will find an overview of the SAP NetWeaver Development Infrastructure in the online documentation on SAP NetWeaver 7.3 in the area SAP NetWeaver → SAP NetWeaver Library: Function-Oriented View → Solution Life Cycle Management → Using the Development Infrastructure. For more information about the Eclipse project, see http://www.eclipse.org. For more information about the enhanced CTS, go to the documentation for SAP NetWeaver 7.3 , area SAP NetWeaver → SAP NetWeaver Library: Function-Oriented View → Solution Life Cycle Management → Software Logistics → Change and Transport System → Change and Transport System – Overview (BC-CTS) → Transporting Non-ABAP Objects in Change and Transport System and see SAP Note 1003674 – Enhancement for non-ABAP systems in CTS . 2011 © 2011 SAP AG. All rights reserved. 335 Unit 7: Change Management and Software Logistics ADM800 Lesson: Preparing for the Development of Java Applications Lesson Overview After the general setup, the individual elements of SAP NetWeaver Development Infrastructure (NWDI) have been configured. But there are still other steps that must be done before you can start developing Java applications. For example, the system landscape needs to be defined and SAP NetWeaver Developer Studio must be connected to SAP NWDI. This lesson addresses these steps that are still required before the start of the actual development. Lesson Objectives After completing this lesson, you will be able to: • • List the necessary steps to define a system landscape for SAP NWDI based development in the ABAP Transport Management System Connect SAP NetWeaver Developer Studio to the central components of SAP NetWeaver Development Infrastructure Business Example Your company has decided to develop its own Java-based business applications using SAP NetWeaver Development Infrastructure (NWDI). After you, as a member of the system administration, have configured the central components of SAP NWDI, it is now your task to define the system landscape before the developers can start developing. Introduction After a complete SAP NetWeaver Development Infrastructure (NWDI) – consisting of the Change Management Services (CM Services), Design Time Repository (DTR) and Component Build Service (CBS) – has been installed, after three SAP NetWeaver AS Java systems are available for the development, quality assurance and the productive use of the application, and after the administrator has been assigned to write authorization on the System Landscape Directory (SLD), there are still a few steps that must be done to be able to use the activity-based SDA transport scenario with SAP NWDI. These configuration steps can be divided into two areas: • • initial setup and enablement of CM Services configuration of the system landscape This section gives an overview on the initial setup steps. The next sections the focus on the configuration of the system landscape. 336 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications Roadmap The following configuration roadmap assumes that you start from zero – this means that neither the ABAP Change and Transport system (CTS) is configured for the transport of Java changes nor SAP NWDI or SLD are configured up to now. Hint: Concerning SAP NWDI, only the Design Time Repository (DTR) and the Component Build Service (CBS) are needed in case you use the development and transport options offered by CM Services. Therefore the configuration of the Change Management Service (CMS) is not part of this roadmap and this lesson. Figure 143: Configuring SAP NWDI for CM Services – Roadmap Steps 1 and 2 of the roadmap above are necessary for the use of SAP NWDI integration into the enhanced CTS (CTS+) independent from the use of CM Services. Step 4 is generally required to be able to use CTS+. There are wizards available in SAP NetWeaver Administrator (http://<Host>:<port>/nwa) area Deploy and Change → Configuration Wizard which allow to perform the initial configuration of the System Landscape Directory (CTC template NWA_01_This wizard will execute configuration for local SLD) and 2011 © 2011 SAP AG. All rights reserved. 337 Unit 7: Change Management and Software Logistics ADM800 to perform the initial configuration of SAP NetWeaver Development Infrastructure (CTC template Initial setup of functional unit Development Infrastructure (DI all-in-one)). Note: The configuration of SAP NetWeaver Development Infrastructure also includes the configuration of the Name Server on the System Landscape Directory. SAP recommends to use Single Sign-On (SSO) mechanisms (Logon Ticket, Assertion Ticket) options for the JCo destination between the SAP NWDI system and the CTS system. Therefore every SAP NWDI developer needs special permission on the CTS system as well. You therefore need to make sure that these users have assigned the correct role on the CTS system. Note: You have to create a user for every developer on the CTS system. The users are required on the CTS system e.g. to get a transport request when exporting. You can use the user IDs of your developers. Make sure that you use IDs which allow to be used in SSO mode. If the users already exist, continue with the profile that is required and assign it to all of the users. In transaction PFCG on the CTS system, copy role SAP_CTS_PLUS into your namespace (for example to role Z_CTS_PLUS). In addition you need to assign the actions and roles introduced by CM Services to the appropriate users: In the UME of your SAP NWDI System (http://<NWDI-Server>:<Host>/useradmin) • • map the SAP_DI_ADMINISTRATOR role to the NWDI.Administrators group. This role includes – among others – administrative authorizations for CM Services. map the SAP_DI_DEVELOPER role to the NWDI.Developers group. This role includes – among others – display and export authorization for CM Services. In order to use the Transport Organizer Web UI (for example for creating an upload transport request), you need to activate the service CTS_BROWSER and all other services that are necessary for ABAP Web Dynpro in transaction SICF. For details see SAP note 1088717 – Active services for Web Dynpro ABAP in transaction SICF. Hint: For more information, see the online documentation for SAP NetWeaver 7.3, area SAP NetWeaver → SAP NetWeaver Library: Function-Oriented View → Solution Life Cycle Management → Software Logistics → Change and Transport System → Change and Transport System – Overview → Transporting Non-ABAP Objects in Change and Transport System. 338 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications The RFC destination CTSCONFIG points from the CTS system to the system on which the CM services are running (that is the SAP NWDI system). This connection is used for the creation of development components (DTR workspaces, CBS buildspace) from transaction STMS of the CTS system. From technical point of view, this RFC destination is of type G – HTTP Connection to External Server. Note that this RFC destination is referenced by two different logical ports (in client 000 of the CTS system): • • logical port CTSCONFIG (proxy class CO_TDIDICONFIGURATION_SERVICE) for the creation of development configurations from transaction STMS logical port CTSDEPLOY_DI (proxy class CO_TFLDEPLOY_PROXY_VI_DOCUMENT) for calling the CTS Deploy Web Service on the SAP NWDI system. Hint: The CTS Deploy Web Service in the SAP NWDI system is used on one hand when starting tp on the CTS system using the logical port CTSDEPLOY_DI (in case of transporting sources). On the other hand it is used in case of deploying from SAP NetWeaver Developer Studio into the central development system of the TMS system landscape. The RFC destination CTSDEPLOY (using the logical port CTSDEPLOY) points from the AS ABAP of the CTS system to the AS Java of the CTS system. This destination is needed when calling the CTS Deploy Web Service on the CTS system. Hint: This is done on one hand in case of using CTS for other transports such as e.g. portal content or SLD content. In case of transporting deployables on the other hand, you can call the CTS Deploy Web Service on the CTS system as well for the import into the QAS and the PRD system. In this scenario the SAP NWDI system will not be needed for the import into follow-up systems. Before you can attach objects to transport requests directly in the application, you must first use RFC to connect your SAP application system (such as SAP NetWeaver Development Infrastructure) to the CTS system. This enables your application to communicate with the transport system. To create this RFC connection, proceed as follows: In SAP NetWeaver Administrator of your CM Services system (that is the SAP NWDI system: http://<NWDI-Host>:<port>/nwa), choose area System Management → Configuration → Destinations. Create a new destination of type RFC called (exactly!) sap.com/com.sap.tc.di.CTSserver by choosing New. 2011 © 2011 SAP AG. All rights reserved. 339 Unit 7: Change Management and Software Logistics ADM800 Finally you need to structure your development according to SAP's component model by defining a product that in turn consists of software component versions. This is done on SAP System Landscape Directory (SLD). Step 7 of the roadmap shown above is explained in more detail in the following sections of this lesson. The meaning of a system in the context of SAP NetWeaver Development Infrastructure The development configuration determines the developer's view of the development infrastructure. The development configuration defines the software components that are to be developed and determines the access to the objects in SAP NetWeaver Development Infrastructure. All developers that use the same development configuration work with the same, consistent objects. Two workspaces (one each for the “active” and “inactive” sources) are assigned to each development configuration in the Design Time Repository. A workspace contains the sources of a particular status of a software component. Workspaces are represented and addressed in the repository using URLs. Each development configuration is represented in the Component Build Service by exactly one buildspace. Among other things, the buildspace is responsible for the combining of changes and providing library archives for used components. The Transport Management System (TMS) transports software changes between systems. In the context of the transport of Java applications with the ABAP Transport Management System (TMS), a system can consist of a development configuration and a runtime system. A system can contain only a development configuration, only a runtime system, or both, depending on whether source code or deployable archives are to be transported. This is shown in the following figure. 340 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications Figure 144: System – Building Blocks A system corresponds to a development stage (development, test, production) in the system landscape. Defining a System Landscape for Activity-based SDA Transports A system landscape for the development of Java applications contains all development configurations and all runtime environments that are required to develop, test, and produce one or more software components. Deployment to the runtime environment takes place for SAP systems that are based on AS Java 7.0x or SAP Web AS Java 6.40 via the Software Deployment Managers (SDM). The SDM password must be defined on the CTS system landscape for this purpose. For SAP systems that are based on AS Java 7.1 or higher, deployment takes place from the Deploy Controller. In this case, the password of a user (who can start the deployment process on the SAP system) must be defined on the Transport Management System (TMS) Roadmap The following roadmap contains the main configuration steps for the Transport Management System (TMS) on the CTS system. 2011 © 2011 SAP AG. All rights reserved. 341 Unit 7: Change Management and Software Logistics ADM800 Figure 145: Configuration of TMS on the CTS System – Roadmap Some of the steps are discussed in more detail in the remaining part of this section. Creating systems in Transport Management System Before you can define a system landscape for the transport of activities with SAP NetWeaver Development Infrastructure, you need to define the single systems of this landscape. This is done in transaction STMS (Transport Management System) on the CTS system (usually this is the transport domain controller system) in area Overview → Systems. Depending on the transport scenario, you need to define • • systems without development configuration and systems with development configuration For the activity-based SDA transport scenario, the development system is a system with development configuration whereas the upload system, the quality assurance system and the production system are all systems without development configuration. 342 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications Figure 146: Configure a non-ABAP system in TMS 2011 © 2011 SAP AG. All rights reserved. 343 Unit 7: Change Management and Software Logistics ADM800 The creation of a non-ABAP System with development configuration is similar to the creation of a non-ABAP system without development configuration: On your CTS system, call transaction STMS. In the System Overview area, choose SAP System → Create → Non-ABAP-System and enter the required data (see the figure above). • System: Enter the SID of your runtime system or, for example, UPL (Upload System). Hint: If the SID is already used, you can also use any 3 letter name that has not yet been used in the transport domain. It is not required that the runtime systems are shown in CTS by their real SID – but it simplifies keeping an overview if you do so. • • • • Communication System: Choose the system where you have configured the logical port in transaction LPCONFIG and the RFC destination CTSCONFIG. Usually, this is your CTS system. Development Infrastructure: set the option Create Development Configuration only for systems with development configuration. This option is required for all systems where you would either like to develop or import sources based on SAP's AS Java. In the activity-based SDA transport scenario, this option needs to be selected only for the development system. Source System Settings: Activate the Transport Organizer Web UI to be able to create transport requests for this system. Choose this option for each and every system where you would like to do exports (usually, this should be done only for your development system and your upload system). Target System Settings: Specify your development runtime system by choosing the method SDM or DC (depending on the release of the runtime system) and enter host and instance number for this Java system. These settings do not need to be maintained for the upload system. Note: This configuration is different from what you might know when using CTS+, for example, for SAP NetWeaver Portal systems. When using the CM Services, the development system has to have both configurations: source and target system. The target system option for the development system is needed to be able to import the transport requests coming from the upload system. 344 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications When first saving a non-ABAP system with development configuration (Create Development Configuration is selected) additional data is required: • • • • On the System Landscape Directory screen, enter the URL of the SLD that you would like to use for SAP NWDI development (as specified when executing the template for the SAP NWDI configuration (Initial setup of functional unit Development Infrastructure (DI all-in-one)). Specify the user and password to be used by CM Services to communicate with the SLD. For example, enter NWDI_CMSADM as user and the password of this user (for example, the master password used during the execution of the template for the SAP NWDI configuration). Enter the user used by CM Services to communicate with DTR/CBS. This is also user NWDI_CMSADM with the appropriate password. After saving and distributing your changes, you finally need to set user and password for the deployment. In case of SDM deployment, you only have to enter a password, leave the entry for User to SDM. Note: For runtime systems with SDM (7.0x) use SDM as user. As of SAP NetWeaver AS Java 7.1 the Deploy Controller is used for deployments. In this case, enter a user with deploy permission and the appropriate password. After the changes have been saved and distributed, the Development Configuration UI appears (see the following figure). Figure 147: Development Configuration UI 2011 © 2011 SAP AG. All rights reserved. 345 Unit 7: Change Management and Software Logistics ADM800 With the Development Infrastructure – Configuration Service User Interface you can manage development configurations in your landscape. There are three tabs available: • System Landscape Directory tab: In the Copy to overwrite Local Settings and Software Component Definition area, you can copy the definition of a development configuration to the development configuration that is currently loaded. Note: You cannot modify some entries on the System Landscape Directory tab page data (SLD URL, user, password, and URL of CM Services) in the Configuration Service UI. You can modify the related values in TMS (transaction STMS). The SLD URL for example also is a global tp parameter (DI_SLD_URL), the user can be changed on the Transport Tool tab using Goto → Development Infrastructure → DI SLD User / Password. • Local Settings tab: Here you need to enter the Repository Location (DTR) URL for the storage and versioning of sources and the Build Tool Location (CBS) URL for building DCs (development components). Use the URLs of your SAP NWDI server. In the Transport Settings area, you can define the Export Mode and the granularity level of the export package that should be possible for your transport landscape. Hint: Before you can save these settings, you need to add at least one software component on the Software Component Definition tab as the DTR and CBS URL will be deleted in case that no software components are added for this configuration. • Software Component Definition tab: Here you can add software component versions (that you want to be developed in this development configuration). Choose Add SC in the Software Component section. All available software components are read from SLD and are provided in a list. Note that software components that are required for a certain software component are shown only if you have specified the DTR / CBS location on the Local Settings tab before. Hint: As of enhancement package 2 for SAP NetWeaver 7.0 you can specify Build Options here as well. As SAP NetWeaver Development Infrastructure supports the development of Java applications for different AS Java releases, different versions of the JDK may be required to build these applications. With the help of the Build Option com.sap.jdk.home_path_key you can specify which JDK is to be used for the build (the Value of this parameter needs to 346 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications match one entry in the JDK_HOME_PATH service properties for the Component Build Service (area Server → Services → Component Build Service in the Visual Administrator tool). tp parameter The transport control program tp is a tool for controlling transports between SAP systems. The behavior of tp can be controlled by tp parameters. To maintain tp parameters, use transaction STMS of the Transport Domain Controller system (System Overview area, Transport Tool tab for the system in question). Selected tp Parameters for Activity-based SDA Transport Scenario 2011 Quality Assurance System Production System Upload System Development System DI_SLD_URL not needed URL pointing to start page of AS Java on which SLD and Name Server are used URL pointing to start page of AS Java on which SLD and Name Server are used DEPLOY_ DATA_SHARE – \trans\data directory on CTS system \trans\data \trans\data directory on directory on CTS system CTS system DEPLOY_URL – URL pointing to the deploy tool of the development runtime system URL pointing to the deploy tool of the quality assurance runtime system URL pointing to the deploy tool of the production runtime system DEPLOY_ WEB_SERVICE – CTSDEPLOY_DI CTSDEPLOY CTSDEPLOY DI_SYSTEM – TRUE – – tp parameter © 2011 SAP AG. All rights reserved. URL pointing to start page of AS Java on which SLD and Name Server are used 347 Unit 7: Change Management and Software Logistics ADM800 Upload System Development System Quality Assurance System Production System NON_ABAP_ WBO_INBOX directory, in which SCA files for require SCs are located – – – NON_ABAP_ WBO_CLIENT client on CTS system on which STMS is called client on CTS system on which STMS is called – – WBO_GET_ REQ_STRATEGY SMART or SMART or TAGGED TAGGED – – WBO_REL_ REQ_STRATEGY AUTO or MANUAL – – tp parameter AUTO or MANUAL The following tp parameter are used for the activity-based SDA transport scenario: • • • • • 348 NON_ABAP_WBO_CLIENT specifies the client (on the CTS system) in which transport requests can be created and released. This parameter is needed to enable the Transport Organizer Web UI and to restrict this Web UI for non-ABAP systems to one client. The parameter WBO_GET_REQ_STRATEGY (values: SMART or TAGGED) defines the automatic creation of transport requests during the export process. The parameter WBO_REL_REQ_STRATEGY (values AUTO or MANUAL) defines the automatic release of transport requests. The parameter NON_ABAP_WBO_INBOX points to the directory in which the transport organizer looks for files that should be transported. The parameter DI_SYSTEM indicates whether or not it is a system with development configuration. You can choose how to send non-ABAP objects from transport requests to the target system. You can use a mount directory or a share directory – set the parameter DEPLOY_DATA_SHARE (this parameter points to the directory where tp stores the data and the CTS Deploy Web Service takes it for deployment to the runtime systems, the parameter will be generated automatically but you may need to adapt the value of this parameter manually). Or you can create an SAP Java Connector connection (JCo connection) – in this case set the parameter CTS_FILE_PROVIDER_URI. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications • • The value of the parameter DEPLOY_WEB_SERVICE must be changed to CTSDEPLOY_DI manually. This has been configured as the name for the logical port pointing to the RFC destination CTSCONFIG of type G before. This parameter is generated automatically but is set by default to the value CTSDEPLOY when creating a new non-ABAP system. If you want trigger the deployment in the target systems, you need to specify the parameter DEPLOY_URL. This parameter is generated automatically and should point to the URL of the deploy tool (for example: the Deploy Controller) of the target system. Note: You may need to change the DEPLOY_URL parameter to the correct deploy port if you are using runtime systems which are based on AS Java 7.1 or higher. For AS Java 7.1 and higher the DEPLOY_URL has to be http://<host>:5<instance number>04. System Landscape Transport routes are created using transaction STMS on the CTS system. The required transport routes depend on the transport settings that you did when creating the development configurations. Figure 148: TMS System Landscape for Activity-based SDA Transports The figure above shows the transport routes for the activity-based SDA transport scenario. Solid arrows indicate consolidation routes (including a transport layer), dashed arrows indicate delivery routes. 2011 © 2011 SAP AG. All rights reserved. 349 Unit 7: Change Management and Software Logistics ADM800 For details how to create transport routes, see the online documentation for SAP NetWeaver 7.3 , area SAP NetWeaver → SAP NetWeaver Library: Function-Oriented View → Solution Life Cycle Management → Software Logistics → Change and Transport System → Transport Management System (BC-CTS-TMS) → Configuring TMS → Configuring the Transport Routes. For the transport type Activity-based SDA Transport, you have to configure a consolidation route between the development system and the quality assurance system. This consolidation route is needed to export new developments from the development system and bring them to the target systems. The delivery route between the quality assurance system and the production system is required to be able to import all of the requests that were created in the development system into the production system as well. Upload Directory In order to be able to develop an application for AS Java you need to import some basic libraries (prerequisite software component archives) into DTR and CBS and maybe some SCAs containing sources that you would like to change. To be able to do so, a transport request with these libraries needs to be created and imported into the development system and all other systems of the transport route for which you have created a development configuration (all systems with tp parameter DI_SYSTEM = TRUE). As a prerequisite you need an upload directory as kind of “inbox” where the files can be taken from. You can create this folder on the client side as well as on the server side. If you choose to create the folder on the server side, see SAP note 1408532 – CTS+ Transport Organizer Upload of Large Files. Check-In and transport of required software components According to the definition of the software component version on SAP System Landscape Directory (SLD), among others the environment required for a central build (including the component DI BUILD TOOL) is defined as a prerequisite (dependent) software component. You must also check-in the version of all these dependent components (corresponding to the release and Support Package level of the runtime systems for which you want to develop). 350 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications You can download these software components from SAP Service Marketplace. To check them in, you must create a transport request for the upload system. Hint: You can find the required dependent SAP software components on SAP Service Marketplace under the Quick Link /patches. You can also trigger the download of these SC versions from here. You can use the following path to find the typical prerequisite software components: Support Package and Patches → A - Z Index → Support Packages and Patches → N → SAP NETWEAVER → SAP NETWEAVER <Release> → Entry by Component → Development Infrastructure → <SC in question> <Release>. The following figure shows how to create a transport request for the upload system to import the required sources and libraries into the development configurations of the system landscape: Figure 149: Creation of an Upload Transport Request On the CTS system (usually this is the transport domain controller system), call transaction STMS and choose the Transport Organizer Web UI button. On the following screen select your upload system, choose Copy and then Continue. A browser window opens. Choose Create Request, enter the required data, and choose Create. Make sure that the transport request is defined as Preselected Request. As a result, a transport request is created. Switch to the Object List tab page, choose Attach. Select the Application NWDI, and Client or Server depending on where your inbox is located. Browse for the required SCA 2011 © 2011 SAP AG. All rights reserved. 351 Unit 7: Change Management and Software Logistics ADM800 files and choose Ok. Repeat this step to attach all required SCAs to the request. Finally choose Release to release the transport request. On the Logs tab page you can see the target system information. Hint: Upload of big files from the client may fail. In this case, choose the option Server and upload the files from there (see SAP note 1408532 – CTS+ Transport Organizer Upload of Large Files). The import of transport requests into subsequent systems is done (as usual for ABAP transport requests) in transaction STMS of the CTS system (Import Overview area). During the import into the quality assurance system, the transport control program tp triggers the import dispatcher RDDIMPDP that in turn triggers the job RDDEPLOY. This job opens a connection to the CTS Deploy Proxy. This connection needs to be kept open during the complete deployment process. The CTS Deploy Proxy finally calls the import tool on the AS Java side (for example the Deploy Controller). As a result, the transport request is now listed in the import queue of the production system (according to the definition of the transport landscape in transaction STMS, area Transport Routes). After the import has finished, you may want to check the deployment log which can be accessed directly using the Logs button. Hint: If you cannot find the transport request in the import queue, feel free to look in the import history which can be accessed from the import queue with Goto → Import History. Configuring SAP NetWeaver Developer Studio Before the actual development of programs and applications can be started, the local development environment (that is, SAP NetWeaver Developer Studio) must also be configured for connection to the central infrastructure. Hint: The version of the SAP NetWeaver Developer Studio must match the version of the runtime systems for which it is developed. If, for example, the development is for SAP NetWeaver Portal 7.30 with SP Stack X and an SAP NWDI system on AS Java 7.02 with SP Stack Y is used for this, then SAP NetWeaver Developer Studio 7.30 SP Stack X needs to be used for the development. 352 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications For this purpose, in SAP NetWeaver Developer Studio (Studio), settings must be made for the connection to the SAP NWDI system and the local AS Java and for the proxy settings may have to be checked. You can find these settings using the menu path Window → Preferences. • • • • To have access to the development configurations in the SLD, define the URL of the SLD in the SAP NetWeaver Developer Studio. This is done for the SAP NetWeaver Developer Studio 7.11 in the area Development Infrastructure → System Landscape Directory. You must specify the location of the runtime environment for local testing. You do this in the area SAP AS Java. You must specify the host name and an instance number of the AS Java here (for example, of a local SAP NetWeaver Portal 7.3 system). You must also check the settings for the proxy. In this case, the addresses of the SAP NWDI servers (more precisely: the DTR server) must not be addressed via a proxy server. You make these settings in the area General → Network Connections. Depending on the release of SAP NetWeaver Developer Studio, you may also need to specify the connection to the CTS system. This is done in the area Destination Configurations → R/3 Configuration. Figure 150: Configuring SAP NetWeaver Developer Studio (Window → Preferences Menu) 2011 © 2011 SAP AG. All rights reserved. 353 Unit 7: Change Management and Software Logistics ADM800 Importing the Development Configuration Development configurations provide a development environment for one (or several) specific software component(s) in the current development status. Therefore, every development tasks begins with the selection of the development configuration. Hint: Logging on to a development configuration corresponds in the ABAP to logging on to a development system. The developer has access to the sources to be developed and the archives used with this logon. You can import the development configuration using a perspective provided for this purpose: the Development Infrastructure perspective. For this purpose, you have to log on to the central infrastructure (DTR, CBS, CM Services) from SAP NetWeaver Developer Studio. Hint: SAP NetWeaver Developer Studio is based on the Eclipse platform. It provides a range of tools for all aspects of application development. As is usual in Eclipse, the related tools are mainly combined into perspectives in accordance with task-specific requirements. After you have imported the development configuration, a tree structure for the development configuration and the software component appears in the Component Browser view of SAP NetWeaver Developer Studio. You can now create new development components by opening the software component's context menu. Alternatively, you can adapt existing development components. The changes to the sources of the software components are recorded in activities. Hint: An activity is a set of versions that have been created by a user and assigned to a workspace. It logs changes to the workspace resources that correspond to a single logical change. 354 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications Exercise 17: Preparing for the Development of Java Applications Exercise Objectives After completing this exercise, you will be able to: • Connect SAP NetWeaver Developer Studio with the central components of SAP NetWeaver Development Infrastructure Business Example In 2005, the company COMPANY (Internet Domain company.com) launched the first version of the software product MATHEMATICS which consists, among other things, of version 1.0 of the software component CALCULATOR and is based on SAP Web AS 6.40. When first developed, version 1.0 of the software component CALCULATOR was implemented in JSP technology. Since then, a new the version of MATHEMATICS (version 2013.1) has been implemented. This consists (among other things) of the software component CALCULATOR in version 4.0 and is based on AS Java 7.30. During the review of CALCULATOR, it was decided to change from JSP technology to Web Dynpro. However, during the test phase, a number of minor errors were detected in CALCULATOR 4.0 which are now to be eliminated in this unit. Task 1: Optional: Check the System Landscape Check the system landscape for the development. Find out whether or not runtime systems are assigned to the quality assurance system and to the production system. Which software component version is to be developed in this system landscape? 1. Log on to the CTS system that is used in your training class with the user provided by your instructor. Open the Transport Route editor in transaction STMS and check the system landscape for the development of Portal applications. Find out which system ID belongs to the development system, which system ID belongs to the quality assurance system and which system ID belongs to the production system. 2. Check the tp parameter for the quality assurance system and for the production system. Is there a runtime system assigned to the quality assurance system and to the production system? 3. Find out which software component version is to be developed in the system landscape to which the Portal development system belongs. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 355 Unit 7: Change Management and Software Logistics ADM800 Task 2: Create Transport Request On the CTS system, create a transport request for the Portal development system. Assign your user to this transport request. Specify the transport request to be the preselected request. 1. Log on to the CTS system that is used in your training class. Your instructor will provide you with details. Start the Transport Organizer Web UI for the SAP NetWeaver Portal development system. 2. Create a transport request for the SAP NetWeaver Portal development system. Make sure that this transport request will be the preselected request for your user. Result You have created a transport request that can be used by your user later, for example when you work in SAP NetWeaver Developer Studio. Continued on next page 356 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications Task 3: Configure SAP NetWeaver Developer Studio Figure 151: Structure of the Training Landscape Start the SAP NetWeaver Developer Studio that you have been assigned and configure it for connection to the central SAP NetWeaver Development Infrastructure. 1. Configure your SAP NetWeaver Developer Studio (Studio) so that you have access to the System Landscape Directory that is used in this training class. You must also specify the location of your SAP NetWeaver Portal system for local testing. Task 4: Import the Development Configuration into SAP NetWeaver Developer Studio Import the development configuration of the (central) Portal development system into your SAP NetWeaver Developer Studio. 1. 2011 In SAP NetWeaver Developer Studio, switch to the Development Infrastructure perspective and import the development configuration from the SLD that your instructor provides. © 2011 SAP AG. All rights reserved. 357 Unit 7: Change Management and Software Logistics ADM800 Solution 17: Preparing for the Development of Java Applications Task 1: Optional: Check the System Landscape Check the system landscape for the development. Find out whether or not runtime systems are assigned to the quality assurance system and to the production system. Which software component version is to be developed in this system landscape? 1. Log on to the CTS system that is used in your training class with the user provided by your instructor. Open the Transport Route editor in transaction STMS and check the system landscape for the development of Portal applications. Find out which system ID belongs to the development system, which system ID belongs to the quality assurance system and which system ID belongs to the production system. a) If you have not yet already done so, create an SAP Logon entry for the CTS system that is used in your training class. Your instructor will provide you with logon details. b) Log on to the CTS system that is used in your training class. Use the credentials which are provided by your instructor. c) Start transaction STMS (Transport Management System) and choose Overview → Transport Routes. You should find a system landscape for Portal development (for example systems POD, POQ and POP which play the role of the Portal development system, the Portal quality assurance system and the Portal production system). And you should find an upload system (for example UPL). d) You should find the following transport routes for this system landscape: • • • a consolidation route from the upload system to the Portal development system (indicated by a green arrow) a consolidation route from the Portal development system to the Portal quality assurance system (indicated by a green arrow) a delivery route from the Portal quality assurance system to the Portal production system (indicated by a black arrow) Continued on next page 358 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications 2. Check the tp parameter for the quality assurance system and for the production system. Is there a runtime system assigned to the quality assurance system and to the production system? a) If you have not yet already done, log on to the CTS system that is used in your training class. Use the credentials which are given to you by your instructor. b) Start transaction STMS (Transport Management System) and choose Overview → Systems. c) Double click on the line for the Portal quality assurance system (for example: the line for system POQ). Switch to the Transport Tool tab. d) Check whether or not a line for the tp parameter DEPLOY_URL exists. If it exists, there is a runtime system assigned to the Portal quality assurance system. In this case, the value of the parameter DEPLOY_URL should read http://<Host of the Portal quality assurance runtime system>:5<instance number of the Portal quality assurance system>04. Caution: Do not change any parameters here. e) Choose Back to go to the System Overview screen again. f) Double click on the line for the Portal production system (for example: the line for system POP). Switch to the Transport Tool tab. g) Check whether or not a line for the tp parameter DEPLOY_URL exists. If it exists, there is a runtime system assigned to the Portal production system. In this case, the value of the parameter DEPLOY_URL should read http://<Host of the Portal production runtime system>:5<instance number of the Portal production system>04. Caution: Do not change any parameters here. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 359 Unit 7: Change Management and Software Logistics 3. ADM800 Find out which software component version is to be developed in the system landscape to which the Portal development system belongs. a) If you have not yet already done, log on to the CTS system that is used in your training class. Use the credentials which are given to you by your instructor. b) Start transaction STMS (Transport Management System) and choose Overview → Systems. c) Double click on the line for the Portal development system (for example: the line for system POD). Switch to the Transport Tool tab. d) Click on the button Display/Change Development Configuration. You may be prompted to log on to the SAP NetWeaver Development Infrastructure (NWDI) system. In this case, enter your credentials on the SAP NWDI system. Your instructor will provide you with details. e) On the Development Infrastructure – Configuration Service screen, switch to the Local Settings tab. f) In the area Repository and Build Tool Location you find information on the Repository Location (DTR) and the Build Tool Location (CBS). In the lower right area you find information, which software component version is to be developed. Caution: Do not change any settings here. g) Finally close the browser window to leave the Development Infrastructure – Configuration Service screen. Continued on next page 360 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications Task 2: Create Transport Request On the CTS system, create a transport request for the Portal development system. Assign your user to this transport request. Specify the transport request to be the preselected request. 1. 2. Log on to the CTS system that is used in your training class. Your instructor will provide you with details. Start the Transport Organizer Web UI for the SAP NetWeaver Portal development system. a) If you have not yet already done, log on to the CTS system that is used in your training class. Use the credentials which are given to you by your instructor. b) Start transaction STMS (Transport Management System) and choose the Transport Organizer Web UI button. On the following screen select the Portal development system (for example system POD) from the value help and choose Continue. c) In case that you are asked for credentials, enter your credentials for the CTS system. Create a transport request for the SAP NetWeaver Portal development system. Make sure that this transport request will be the preselected request for your user. a) On the Transport Organizer Web UI choose Create Request. On the resulting screen Create a Transport Request, enter a meaningful description (for example Transport Request Group ## where ## represents you group number). Check that your user <Course-ID>-## is the Owner of this transport request. b) Make sure that the checkbox Preselected Request is selected and choose Create. c) Finally close the browser window of the Transport Organizer Web UI. Result You have created a transport request that can be used by your user later, for example when you work in SAP NetWeaver Developer Studio. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 361 Unit 7: Change Management and Software Logistics ADM800 Task 3: Configure SAP NetWeaver Developer Studio Figure 152: Structure of the Training Landscape Start the SAP NetWeaver Developer Studio that you have been assigned and configure it for connection to the central SAP NetWeaver Development Infrastructure. 1. Configure your SAP NetWeaver Developer Studio (Studio) so that you have access to the System Landscape Directory that is used in this training class. You must also specify the location of your SAP NetWeaver Portal system for local testing. a) On the training host that your instructor has assigned to you (twdfxxxx), choose the desktop icon for SAP NetWeaver Developer Studio to start SAP NetWeaver Developer Studio (Studio). You may have to choose OK to confirm the prompt for a workspace. In the Studio, choose the menu path Window → Preferences. b) In the section Development Infrastructure → System Landscape Directory, enter the URL of the SAP NWDI server assigned to you (SAP system with system ID NDI) in the format http://<NWDI-host, fully qualified>:<port>, and then choose Ping to check the connection. Continued on next page 362 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications c) In the section SAP AS Java, choose Add... and enter the data of the SAP NetWeaver Portal server assigned to you (server name and instance number of the central instance) in the relevant fields. An example of an entry here could be: Instance Hostname: twdfxxxx.wdf.sap.corp Instance Number: 00 Add to Domain: Default Use HTTPS: <do not select> Then choose OK → OK to confirm your settings. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 363 Unit 7: Change Management and Software Logistics ADM800 Task 4: Import the Development Configuration into SAP NetWeaver Developer Studio Import the development configuration of the (central) Portal development system into your SAP NetWeaver Developer Studio. 1. In SAP NetWeaver Developer Studio, switch to the Development Infrastructure perspective and import the development configuration from the SLD that your instructor provides. a) If you have not already done so, close the initial screen (Welcome). To import the development component, switch to the Development Infrastructure perspective in the SAP NetWeaver Developer Studio by choosing Window → Open Perspective → Development Infrastructure (or – if it does not exist – select this perspective using Other ...). Start the import of development configurations by choosing the button New/Import Development Configuration in the standard toolbar. Select Import from System Landscape Directory (SLD) on the following screen and choose Next>. You may have to log on to SAP NetWeaver Development Infrastructure as a developer on the following screen (with the user and password that your instructor provides). Hint: Always enter your user name (case-sensitive) using lower-case characters (for example, <course-ID>-##) here and later on. b) Then select the configuration with the name <the development configuration path created by your instructor> → <SID of the central development system> and choose Next > → Finish. You may have to log on to the development infrastructure again (you can also select the field Save password to avoid any logon prompts in the future). The development configuration settings are now read, and your development environment is set up. In the Component Browser view, you can now see a new entry with the name of the imported development configuration together with the software components that are to be developed and that are required. Result You have made all of the settings required as preparation for developing or modifying Java applications in SAP NetWeaver Developer Studio. 364 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparing for the Development of Java Applications Lesson Summary You should now be able to: • List the necessary steps to define a system landscape for SAP NWDI based development in the ABAP Transport Management System • Connect SAP NetWeaver Developer Studio to the central components of SAP NetWeaver Development Infrastructure Related Information For more information on the configuration of SAP NetWeaver Development Infrastructure, see the class ADM225 – SAP Software Logistics for Java. For more information on the configuration of the Transport Management System (TMS), see the class ADM325 – SAP Software Logistics. 2011 © 2011 SAP AG. All rights reserved. 365 Unit 7: Change Management and Software Logistics ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio Lesson Overview Java applications are usually developed in a decentralized way. In the SAP environment, SAP NetWeaver Developer Studio provides a separate local development environment for each developer. This lesson introduces the individual steps that are required to develop and modify Java applications. As an example, an existing Java Web Dynpro application is changed. The application is finally tested and the changes are released for transport to follow-on systems. Lesson Objectives After completing this lesson, you will be able to: • • List the individual steps that are required from the start of developing / changing Java objects to releasing these changes in the central development system Outline the structure of the Design Time Repository (DTR) Business Example Your company is using SAP NetWeaver Development Infrastructure. As a member of the development team for Java applications based on SAP NetWeaver Portal server, you want to implement your own Java application. You are therefore interested in the interaction between the local development environment and the central development infrastructure. Overview of the Development Process After SAP NetWeaver Development Infrastructure (NWDI) has been configured and the transport landscape has been defined, you can start the actual development of Java applications. The figure below provides an overview of the entire process of development using SAP NWDI. 366 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio Figure 153: SAP NWDI Based Development: Process Overview Development configurations make available a development environment for the software component in the current development status. Therefore, every development task begins with the selection of the development configuration. Hint: Logging on to a special development configuration corresponds in the AS ABAP to logging on to a special development system. This gives the developer access to the current sources and the archives used (to runtime objects in the AS ABAP for example). Development configurations are generated and stored in the System Landscape Directory (SLD). They are imported into SAP NetWeaver Developer Studio (Studio) (step 1a). The local files can then be synchronized with the sources in the Design Time Repository (DTR) (step 1b) and the archives in the Component Build Service (CBS) (step 1c) . In the next step, the source files are created or revised (step 2). From time to time, the sources can be built locally. To do this, the build process is triggered from SAP NetWeaver Developer Studio (step 3a). After the source files and the used archives have been loaded (step 3b), the build starts automatically (step 3c). The result is that the generated archives are written back to the local file system. The results of the local build are then tested in the local development environment (step 4). After a successful local test, the sources are updated in the DTR (step 5). 2011 © 2011 SAP AG. All rights reserved. 367 Unit 7: Change Management and Software Logistics ADM800 After the sources in the DTR have been updated, the central build can be triggered from SAP NetWeaver Developer Studio (step 6a). The sources and required archives are loaded into the CBS for this (step 6b), and the build starts automatically (step 6c). If the build was successful, the sources are automatically activated in the DTR (step 6d). The automatic deployment of the generated archives to the central development system then starts, using software logistics (step 6e). A test in the context of other developers' developments is then performed here. If this is also successful, the activities can be released in the context of a transport request (step 7). When the transport request is released, the changes recorded in the activities involved are placed in the import queue of the follow-up system in the Transport Management System (TMS) system landscape. This concludes the task of the developer. Changing a Java Web Dynpro Application Standard Java development objects are developed using the Java EE perspective of SAP NetWeaver Developer Studios (Studio). This perspective ensures consistent access to all development objects of Java EE projects. If Java Web Dynpro applications are to be developed or changed, this adaptation is performed in a separate perspective in the SAP NetWeaver Developer Studio, the Web Dynpro perspective. This perspective ensures consistent access to all development objects of projects for Java Web Dypro. Hint: The Web Dynpro perspective is (on request from SAP NetWeaver Developer Studio) automatically displayed when a Web Dynpro project has been created. In other cases, you can start the perspective by choosing (Window → Open Perspective → Web Dynpro). The Web Dynpro perspective delivers a logical view of the local project structure and provides a starting point for the relevant activities, such as creating or editing development objects. By default, double-clicking an object starts the associated editor. You can create new development objects for a project using wizards. Changing a Java Web Dynpro Java Web Dynpro applications are usually adapted in the SAP NetWeaver Developer Studio within the framework of Web Dynpro projects. You can do this using the context menu on the entry of the relevant development component (Web Dynpro perspective, tab page Web Dynpro Explorer). The Web Dynpro editor is started automatically to enable you to change the Web Dynpro. The editor possesses a number of different tabs. The tab page Layout (on a special view, for example) indicates how the coding may appear in a browser. You can select an object to edit its properties (tab page Properties), for example the notation. 368 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio Building the Application Locally and Testing Locally When you build locally, an EAR file is generated from the Enterprise Application project (or Web Dynpro project). When you do this, the created sources are compiled in the context of the versions of referenced objects that exist locally. At the same time, JAR, WAR or WDA files for the referenced projects are created. In the standard Java EE environment, project WAR files (WAR: Web Archive) are created for Web modules and project JAR files (JAR: Java Archive) are created for EJB modules. If SAP-proprietary Web Dynpro projects are used, then WDA files (Web Dynpro Archives) are generated. The EAR file may contain the JAR, WAR or WDA files and the deployment descriptors. You can also optionally build additional libraries into the EAR file. After the local build has been successfully completed, the application can be deployed into the local SAP NetWeaver Portal system on the developer's PC and tested locally (that is, in the context of the locally available sources and archives). Checking-in the changes The Design Time Repository (DTR) provides the versioning of source code in the context of SAP NetWeaver Development Infrastructure, and therefore allows the distributed development of software in teams and transport and replication of sources. At the start of the development, you must make the repository aware of the intended change and arrange a change list (activity) to record the changes. The files that are to be revised are then checked out of the DTR and changed locally (“offline”, as it were). After the changes have been made, the sources are then checked-in back to the DTR (in a new version). The changes to the components take effect when the activities are checked-in. Hint: Checking-in an activity to the DTR can be compared with releasing a task in the context of a transport request in the ABAP (not with the release of the transport request itself). If further changes to the objects are required after the check-in, a new activity must be created for this. Both activities can then be grouped together later on in the context of the same DI package and released in the same transport request. The DTR consists of two parts, the DTR client and the DTR server. The main activities of the individual developers, such as checking files in and out, and creating sources, are performed in SAP NetWeaver Developer Studio (which in this context plays the role of the DTR client). The DTR server manages the data versioning. All files are stored in the database of the AS Java on which the DTR is located. 2011 © 2011 SAP AG. All rights reserved. 369 Unit 7: Change Management and Software Logistics ADM800 The resources are accessed in the context of a workspace, and versions are administered in the context of activities. Put another way: the workspace refers to a set of resources, each in exactly one version. This also means that a resource can be referenced in multiple workspaces. Put simply, a workspace consists of a collection of pointers that point to file versions (see the following figure). If a versioned resource is changed or deleted, a new version is created for this resource. Each version of the resource created in a specific workspace receives a unique sequence number. The sequence number specifies the order in which the versions were created in this workspace. The DTR displays the relationships between the individual versions of a versioned resource graphically as a version graph. Figure 154: Structure of the Design Time Repository (DTR) Changed sources are always checked-in to the DTR in the inactive workspace. The active and inactive workspace each show a version of the files stored in the DTR. In the figure above, file 2 has already been changed a number of times. After the last change, version 3 was generated during check-in. However, the changes were last activated (in this workspace) with version 1, meaning that the active workspace shows this version. After check-in, the changes that have been made to a source are available for other developers. When copying used Development Components (DCs), on the other hand, the active version of the DC is always transferred to the local developer's PC, while the inactive versions of a developer's own DCs are checked out. 370 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio Activation, Deployment to the Central Development System and Testing Centrally After checking-in to the inactive workspace of the DTR, the next step is that the application is activated. During activation – which is triggered from SAP NetWeaver Developer Studio – a build request is first sent to the CBS. The CBS then attempts to build the selected sources centrally (that is in the context of the centrally available sources, interfaces, and used archives). The result of the activation is that there are now runtime objects available for the source files created. If the build is successful, the buildspace of the software component to be edited is filled with the generated archive files (EAR file, and so on). After a successful build, the active workspace in the DTR also shows the current version of the file. The integration of the changes into the active workspace is known as activation. This process ensures that the active workspace of the DTR only contains successfully built (that is, compiled) sources, and that the active workspace is always synchronized with the buildspace. Buildspaces always contain the appropriate versions of the involved software components for a development configuration. In this way, they make a consistent development context available to the development teams. Figure 155: Central Build and Activation: Interaction Between the Component Build Service (CBS) and the Design Time Repository (DTR) After successful activation, the application (if the development configuration is configured accordingly in the Development Infrastructure – Configuration Service UI, tab page Local Settings) is automatically deployed into the central development system of the TMS system landscape. You can then test it there in combination with the successfully activated applications of other developers. 2011 © 2011 SAP AG. All rights reserved. 371 Unit 7: Change Management and Software Logistics ADM800 Releasing the Changes for Test When the development is complete and after all developers involved have checked-in their sources, centrally activated, and centrally tested them, the changes made by the developers can be released for transport to the quality assurance system. This is the equivalent to releasing transport requests in the development system of the ABAP stack. After a successful release, the changes that have been made are available for import into the quality assurance system. 372 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio Exercise 18: Developing Java Objects in SAP NetWeaver Developer Studio Exercise Objectives After completing this exercise, you will be able to: • Adjust and test a simple Java Web Dynpro application using the SAP NetWeaver Developer Studio Business Example In 2005, the company COMPANY (Internet Domain company.com) launched the first version of the software product MATHEMATICS which consists, among other things, of version 1.0 of the software component CALCULATOR and is based on SAP Web AS 6.40. When first developed, version 1.0 of the software component CALCULATOR was implemented in JSP technology. Since then, a new version of MATHEMATICS (version 2013.1) has been implemented. This consists (among other things) of the software component CALCULATOR in version 4.0 and is based on AS Java 7.30. During the review of CALCULATOR, it was decided to change from JSP technology to Web Dynpro. However, during the test phase, a number of minor errors were detected in CALCULATOR 4.0 which are now to be eliminated in this exercise. The system administration has already created a system landscape in the Transport Management System (TMS) for this. Your task as a developer is to adjust the Web Dynpro application using SAP NetWeaver Developer Studio and to test this application both locally and centrally. Task 1: Preparation: Check the Used Development Components in SAP NetWeaver Developer Studio If you have not already done so, import the development configuration of the Portal development system into SAP NetWeaver Developer Studio and check whether the development component math/calc/group##/wd exists. ## is your group number. 1. If you have not already done so, open SAP NetWeaver Developer Studio on the training host assigned to you, switch to the Development Infrastructure perspective and import the development configuration from the System Landscape Directory that is specified by your instructor. 2. In the Component Browser view, check whether the following development component exists: math/calc/group##/wd. ## is your group number. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 373 Unit 7: Change Management and Software Logistics ADM800 Task 2: Changing a Java Web Dynpro DC Figure 156: Structure of the Training Landscape Change the Web Dynpro DC with the name math/calc/group##/wd so that the notation in the initial screen is correct. To do this, create a project for your Web Dynpro DC and then change the title from Wellcome to Welcome. ## is your group number. 1. Create a project for your Web Dynpro DC. If prompted, switch to the Web Dynpro perspective. 2. Navigate to the Web Dynpro DC that you want to modify via [<SID of the Portal development system> [<number>]] math/calc/group##/wd → Web Dynpro → Components → CalcComp## → Views → CalcView. Change the title from Wellcome to Welcome. To do this, you must check out objects and create a new activity in which all the changes to the Web Dynpro DC are stored. Result You have now changed an existing Web Dynpro application. Continued on next page 374 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio Task 3: Build the Application Locally Create a local build of the Web Dynpro Development Component (DC) that you have changed in the previous task. Optionally, you can also test the changed Web Dynpro DC locally (that is, on the SAP NetWeaver Portal system entered under Window → Preferences → SAP AS Java) after deploying the application locally. 1. Create a local build for your Web Dynpro Development Component (Web Dynpro DC). 2. Optional: Locally (that is, on the SAP NetWeaver Portal system specified under Window → Preferences → SAP AS Java) test the execution of the Web Dynpro DC that you have changed after deploying the application to this system. Result If you have completed the entire exercise successfully up to this point, a browser opens with the URL http://twdfxxxx:5$$00/webdynpro/resources/company.com/math~calc~group##~wd/CalcApp## ($$ denotes an instance number of your SAP system, ## denotes your group number) and you see the calculator program. Task 4: Check-in to the DTR and activation Check-in your open activities to the Design Time Repository (DTR) and activate your changes in SAP NetWeaver Development Infrastructure. 1. Switch to the Development Infrastructure perspective. In the Open Activities view, check-in your activity. 2. Check whether your activity has been activated automatically. If not, trigger the central activation. Task 5: Test Centrally and Release the Activity Test your application in context with the applications of the other course participants on the central development system of the system landscape. After a successful test, release a transport request that contains your activity. 2011 1. Test your application on the central development system. It may take some time after the import before the application can be called successfully. 2. Attach your activity to a transport request and release the transport request. © 2011 SAP AG. All rights reserved. 375 Unit 7: Change Management and Software Logistics ADM800 Solution 18: Developing Java Objects in SAP NetWeaver Developer Studio Task 1: Preparation: Check the Used Development Components in SAP NetWeaver Developer Studio If you have not already done so, import the development configuration of the Portal development system into SAP NetWeaver Developer Studio and check whether the development component math/calc/group##/wd exists. ## is your group number. 1. If you have not already done so, open SAP NetWeaver Developer Studio on the training host assigned to you, switch to the Development Infrastructure perspective and import the development configuration from the System Landscape Directory that is specified by your instructor. a) If you have not already done so, close the initial screen (Welcome) in SAP NetWeaver Developer Studio. To import the development component, switch to the Development Infrastructure perspective in the SAP NetWeaver Developer Studio by choosing Window → Open Perspective → Development Infrastructure (or – if it does not exist – select this perspective using Other ...). Start the import of development configurations by choosing the button New/Import Development Configuration in the standard toolbar. Select Import from System Landscape Directory (SLD) on the following screen and choose Next>. You may have to log on to the Development Infrastructure as a developer on the following screen (with the user and password that your instructor provides). Hint: Always enter your user name (case-sensitive) using lower-case characters (for example, <course-ID>-##) here and later on. b) Then select the configuration with the name <the development configuration path created by your instructor> → <SID of the Portal development system> and choose Next> → Finish. You may have to log on to the development infrastructure again (you can also select the field Save password to avoid any logon prompts in the future). The development configuration settings are now read, and your development environment is set up. In the Component Browser view, you can now see a new entry (tree structure) with the name of the imported development configuration together with the software components that are to be developed and that are required. Continued on next page 376 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio 2. In the Component Browser view, check whether the following development component exists: math/calc/group##/wd. ## is your group number. a) In the Development Infrastructure perspective, choose the Component Browser view and open the corresponding tree structure. Check whether the entry math/calc/group##/wd exists (in the tree structure of the software component CALCULATOR [company.com]). Continued on next page 2011 © 2011 SAP AG. All rights reserved. 377 Unit 7: Change Management and Software Logistics ADM800 Task 2: Changing a Java Web Dynpro DC Figure 157: Structure of the Training Landscape Change the Web Dynpro DC with the name math/calc/group##/wd so that the notation in the initial screen is correct. To do this, create a project for your Web Dynpro DC and then change the title from Wellcome to Welcome. ## is your group number. 1. Create a project for your Web Dynpro DC. If prompted, switch to the Web Dynpro perspective. a) If you have not already done so, switch to the Development Infrastructure perspective (Window → Open Perspective → Development Infrastructure) and choose the view Component Browser. Select your Web Dynpro DC math/calc/group##/wd (in the area <SID of the Portal development system>[number] → CALCULATOR [company.com]). ## is your group number. b) Right-click and choose Sync / Create Project → Create Project. Choose OK to confirm the next screen Create DC Projects (Sync Sources and Used DCs) without making further changes. This step may take some time. In the dialog box Confirm Perspective Switch, choose Yes to switch to the Web Dynpro perspective. Continued on next page 378 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio 2. Navigate to the Web Dynpro DC that you want to modify via [<SID of the Portal development system> [<number>]] math/calc/group##/wd → Web Dynpro → Components → CalcComp## → Views → CalcView. Change the Continued on next page 2011 © 2011 SAP AG. All rights reserved. 379 Unit 7: Change Management and Software Logistics ADM800 title from Wellcome to Welcome. To do this, you must check out objects and create a new activity in which all the changes to the Web Dynpro DC are stored. a) CEnter Web Dynpro Explorer view in the Web Dynpro perspective. Navigate to the Web Dynpro that you want to modify via [<SID of the Portal development system> [<number>]] math/calc/group##/wd → Web Dynpro → Components → CalcComp## → Views → CalcView. If you now double-click on CalcView, you will see the calculator's start page. Hint: If you are not yet in the Web Dynpro perspective, choose the path Window → Open Perspective → Other... → Web Dynpro → OK in the menu bar to switch to it. b) Select the title Wellcome. In the properties displayed at the bottom, right-hand area of the SAP NetWeaver Developer Studio (tab page Properties), you can now change the value of the text line so that the correct notation Welcome is displayed. When you press Enter after making the change, you are informed that it is first necessary to check objects out of the DTR. Choose Check Out in the dialog box Checkout Required. • • c) In case that you are asked for, choose New... to create a new activity. Choose Web Dynpro Group## as the activity name and enter Correction of title for Web Dynpro Group ## as the Description. ## is your group number. Confirm the creation of the activity with OK. Select the activity that you just have created on the following screen and choose OK again. In case that you are not asked to create an activity, switch to the Development Infrastructure perspective (by choosing Window → Open Perspective → Development Infrastructure). Enter the Open Activities – <SID> view (tab page) and expand the tree structure. Right-click on the activity default <DEFAULT> and choose Edit. On the Edit Activity Details screen, enter Web Dynpro Group## as Display Name and Correction of title for Web Dynpro Group ## as Description. Choose OK to confirm your entries. Finally save your changes. Result You have now changed an existing Web Dynpro application. Continued on next page 380 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio Task 3: Build the Application Locally Create a local build of the Web Dynpro Development Component (DC) that you have changed in the previous task. Optionally, you can also test the changed Web Dynpro DC locally (that is, on the SAP NetWeaver Portal system entered under Window → Preferences → SAP AS Java) after deploying the application locally. 1. Create a local build for your Web Dynpro Development Component (Web Dynpro DC). a) If you have not yet done so, choose Window → Open Perspective → Other... → Web Dynpro → OK to access the Web Dynpro perspective. Open the Web Dynpro Explorer tab. Select the project [<SID of the Portal development system> [<number>]] math/calc/group##/wd corresponding for the Web Dynpro DC that you are using. b) Right-click on this project and choose Development Component → Build.... In the following screen, select your development component and choose OK. You have now successfully created a local build for your application. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 381 Unit 7: Change Management and Software Logistics 2. ADM800 Optional: Locally (that is, on the SAP NetWeaver Portal system specified under Window → Preferences → SAP AS Java) test the execution of the Web Dynpro DC that you have changed after deploying the application to this system. a) If you have not yet done so, choose Window → Open Perspective → Other... → Web Dynpro to access the Web Dynpro perspective. Open the Web Dynpro Explorer tab. Select the project [<SID of the Portal development system> [<number>]] math/calc/group##/wd for the Web Dynpro DC that you are using. b) Right-click on this project and choose Development Component → Deploy ... in the context menu. On the following screen choose OK. If you are asked, enter the user ID and the password of your user on the local SAP NetWeaver Portal system in the next dialog box (Logon to SAP J2EE Engine). Activate the checkbox for the field Store user name. Choose OK to confirm the dialog box Deploy. The deployment may take some time. c) Then use the menu bar to choose Run → Run Configurations... in SAP NetWeaver Developer Studio. On the following screen, right-click on the entry SAP Application and choose New. Assign a descriptive Name to the start configuration. Use the Browse... button for the Module and Module Artifact fields to select your project [<SID of the Portal development system> [<number>]] math/calc/group##/wd and the Web Dynpro application /CalcApp. Then choose Run. Result If you have completed the entire exercise successfully up to this point, a browser opens with the URL http://twdfxxxx:5$$00/webdynpro/resources/company.com/math~calc~group##~wd/CalcApp## ($$ denotes an instance number of your SAP system, ## denotes your group number) and you see the calculator program. Task 4: Check-in to the DTR and activation Check-in your open activities to the Design Time Repository (DTR) and activate your changes in SAP NetWeaver Development Infrastructure. 1. Switch to the Development Infrastructure perspective. In the Open Activities view, check-in your activity. a) Switch to the Development Infrastructure perspective by choosing Window → Open Perspective → Development Infrastructure. Choose the view (tab page) Open Activates. Open the tree structure and select your activity in the tree structure. Using the right mouse button, choose Checkin. Confirm the following screen with OK. Continued on next page 382 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio 2. Check whether your activity has been activated automatically. If not, trigger the central activation. a) In the Development Infrastructure perspective of SAP NetWeaver Developer Studio, enter the Infrastructure Console view (tab page) in the lower area of that perspective. Scroll down the list and check whether after CHECKIN there is an entry ACTIVATE. • • b) If this is the case, write down the number of the Build Request ID. If this is not the case, switch to the Activation View – <SID> screen by choosing Window → Show View → Other... → CBS Activation → Activation View → OK. In this view, open the tree structure, right-click on the your activity and choose Activate. Write down the number of the Build Request ID. Switch to the Activation Request view by choosing Window → Show View → Other... → CBS Activation → Activation Requests → OK. Refresh this view periodically by choosing the appropriate button until your activation request has the status succeeded (green field with checkbox; you may need to increase the size of the corresponding window to see the relevant columns). When it is successfully activated, the application is then automatically deployed into the central development system. Task 5: Test Centrally and Release the Activity Test your application in context with the applications of the other course participants on the central development system of the system landscape. After a successful test, release a transport request that contains your activity. 1. Test your application on the central development system. It may take some time after the import before the application can be called successfully. a) Call the following URL in your browser: http://<Host of the central development system>:<port>/webdynpro/resource/company.com/math~calc~group##~wd/CalcApp##. Here the <host of the central development system> is the host name of the central development system as entered by your instructor in the TMS system landscape definition. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 383 Unit 7: Change Management and Software Logistics 2. ADM800 Attach your activity to a transport request and release the transport request. a) In SAP NetWeaver Developer Studio, open the Transport View by choosing Window → Show View → Other... → CMS → Transport View → OK . b) Expand the tree structure and select your activity in the Waiting area (in the directory of the active workspace you are using). Right-click and choose Release from the context menu. On the following screen, select your activity and confirm it with Release rebuilt deployable DCs. You now attach your activity to a transport request. c) Refresh the Transport View until the entry for your activity is no longer in the Waiting area, but is rather in the Released area. Hint: If necessary, adjust the user filter in the Transport View by choosing Menu → User Filter → All Users, and confirm the dialog box that is then displayed. Maybe also a log off from / log on to SAP NWDI helps in case that you cannot find your activity. Result You have successfully created a simple Java application and released it for transport to the quality assurance system. This completes the developer's task. 384 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Developing Java Objects in SAP NetWeaver Developer Studio Lesson Summary You should now be able to: • List the individual steps that are required from the start of developing / changing Java objects to releasing these changes in the central development system • Outline the structure of the Design Time Repository (DTR) Related Information For more detailed information about working with SAPNWDI from the developer's view, go to the online documentation for SAP NetWeaver 7.3 in the area SAP NetWeaver → SAP NetWeaver Library: Function-Oriented View → Solution Life Cycle Management → Using the Development and Production Infrastructure → Development Infrastructure → Concepts. You can find more information about the DTR and in particular about conflicts in the DTR in this area of the online documentation by navigating further to the area Components Development with the NWDI → Design Time Repository → Conflicts. 2011 © 2011 SAP AG. All rights reserved. 385 Unit 7: Change Management and Software Logistics ADM800 Lesson: Transporting Java Developments Lesson Overview After the individual developers have tested the applications that they have created for a specific system landscape in the central development system, the associated transport requests are released for transport and imported into follow-on systems. This lesson first discusses the transport process from the development system up to the production system. Then different transport types are presented. The lesson ends with some recommendations about when to use which transport type. Lesson Objectives After completing this lesson, you will be able to: • • Import changes into the quality assurance system List the individual transport steps for activity-based SDA transports Business Example Your company is using SAP NetWeaver Development Infrastructure. The changes that the individual developers in your company have made in the development system must be imported into follow-on systems and tested before they can be imported into the production system. As a member of the system administration team and the person responsible for software logistics in the SAP environment in your company, you want to obtain an overview of the process of transporting Java developments. Process Overview After activation and the developer's testing in the development system were successful, the developer releases the transport request in SAP NetWeaver Developer Studio and therefore transfers it to the Change and Transport System (CTS) . All the activities selected by the developer are packed in this transport request and placed in the import queue of the quality assurance system. The following roadmap contains the main steps to transport Java applications that are developed in SAP NetWeaver Developer Studio with the help of the enhanced Change and Transport System (CTS+ for short). 386 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments Figure 158: Transport Java Developments with CM Services – Roadmap First you need to create a transport request (in case of creating it with transaction SE09 of type “workbench request”). This transport request can be created manually either on the development (source) system in transaction SE09 (Transport Organizer) or it can be created in the Transport Organizer Web UI that runs on the AS ABAP part of the communication system. Or this transport request can be created automatically by the application (by setting the tp parameter WBO_GET_REQ_STRATEGY to SMART for the source system). The transport request that you create with the help of this Transport Organizer Web UI on the communication system will be named <SID>K9<number> where <number> is a running number and <SID> is the name of the development system according to your transport landscape. Hint: In case of the creation of a transport request with the help of transaction SE09 – suitable for systems based on AS ABAP + Java – you may delete the task(s) of this transport request as a task is not needed for non-ABAP transports (only the transport request itself is needed). Next the developers start their work in SAP NetWeaver Developer Studio. When they release their activity in SAP NetWeaver Developer Studio, they attach their changes to the transport request. After assigning activities to a transport request, you can release this transport request. The release of a transport request starts the export of the files to file system level (transport directory). After releasing the transport request, this 2011 © 2011 SAP AG. All rights reserved. 387 Unit 7: Change Management and Software Logistics ADM800 transport request is ready for import into a subsequent system (according to the definition of the transport landscape in transaction STMS on the transport domain controller system). The release of the transport request <SID>K9<number> can either be done manually in transaction SE09 on the development system (in case of a development system based on AS ABAP + Java 7.x) or using the Transport Organizer Web UI (in case of a development system based on AS Java only). Or it can be done automatically (by setting the tp parameter WBO_REL_REQ_STRATEGY for the source system to AUTO). The import of transport requests into subsequent systems finally is done in transaction STMS_QUEUES (which is a subset of transaction STMS) on the transport domain controller (TDC) system. The Import Process in Detail The most important tools used to perform imports using TMS are the import queues that reflect the system-specific import buffers at the operating system level. The import queues display the requests that are to be imported, in the correct order. The import queues of all systems are displayed in each system of the transport domain. You can perform imports to all the systems from any SAP system in the domain. To access the TMS import overview, use transaction STMS and choose Overview → Imports. The import overview shows the current status of the import queue of each SAP system of the transport domain. If you jump to an import queue of one system, you can see all transport requests that are to be imported. Hint: To improve performance, data is read from the transport directory only the first time you start the Import Overview area in transaction STMS. After that, the information shown is buffered in the database. The time stamp in the import overview indicates how recent the data is. To refresh the data, choose Edit → Refresh. On the Import Overview screen in transaction STMS (or directly in transaction STMS_QUEUES), double-click the system in which you want to import the transport request (this is the system which was assigned as Target (System) in the transport request before). Select the transport request in question and choose the Import Request button. After the import has finished, you may want to check the deployment log. 388 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments Figure 159: The Import Process for Activity Based SDA Transports in Detail During the import, the transport control program tp triggers the import dispatcher RDDIMPDP that in turn triggers the job RDDEPLOY on the CTS system. This job opens a connection to the CTS DeployProxy. This connection needs to be kept open during the complete deployment process. The CTS DeployProxy finally calls the import tool on the AS Java side (for example the Software Deployment Manager (SDM) or the Deploy Controller). During the import into a system with development configuration, first the system integrates the released changes into the inactive DTR workspace of the quality assurance system. Then CBS automatically builds the changed development components (DCs). After a successful build, the changes are also integrated into the active workspace of the DTR. Finally the changed DCs are deployed into the assigned runtime system. During the import into a system without development configuration, only the deployment step takes place. As a result, the transport request is now listed in the import queue of the follow-up system (according to the definition of the transport landscape in transaction STMS, area Transport Routes). The various transport tools write a log for each transport action into the transport subdirectory tmp. After completion of an import step, tp moves these logs from the tmp subfolder to the log subfolder of the transport directory. The log files are named <SID of the source system><action><6 digits>.<SID of the target system>, where the action is represented by a single character and the 6 digits are taken from the corresponding transport request. 2011 © 2011 SAP AG. All rights reserved. 389 Unit 7: Change Management and Software Logistics ADM800 For the deployment step, the action is represented by character T, so that for example the log PODT901234.POQ represents the deploy log of transport request PODK901234 into the POQ system. These import logs can be seen from the import queue of the system in question by choosing Goto → Import History and then selecting the transport request in question and choosing the Logs button. Figure 160: Accessing Transport Logs Transport Types (Scenarios) Before starting with executing transports, you should consider which transport types you require in your landscape and which ones are suitable for your situation. Depending on the release of both SAP NetWeaver Development Infrastructure and the runtime systems in your transport landscape, different transport types / transport scenarios are available. These transport types are discussed in this section in more detail. Hint: These scenario may be used either independent of each other or they can be combined. For example you may think about using the activity-based SDA transport type but combine it with the SCA transport which you perform from time to time. 390 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments Activity Transports The option to transport single activities is provided in SAP NetWeaver Developer Studio as of enhancement package 1 for SAP NetWeaver 7.0. To be able to use this option, the CTS system also needs to be on enhancement package 1 for SAP NetWeaver 7.0 or higher. The corresponding objects in the transport requests are DIP files (Development Infrastructure Packages). This allows you to perform delta transports on source code level. As a consequence, small corrections in the development stage lead to small transport files which in turn result in fast rebuilds and fast deployments (depending on the number of required re-builds). Figure 161: Activity Transport – Process Overview As you can see in the figure above, when using this transport type each system configured in the Transport Management System (TMS) – be it source or target – has to have a development configuration and a Java URL assigned. As a consequence, workspaces in DTR and buildspaces in CBS are created for each system. The name of the workspace folder in DTR is the same as the SID in TMS. For CBS, the name of the buildspace also is the SID. Whenever an import is started, a re-build is triggered for the DCs which contain the changed source files and for all dependent DCs. In case the rebuilt DCs are deployable, they will be deployed to the runtime system as SDA files. The sources are integrated into the active DTR workspace of the changed software component. Caution: If you use this option, you have to be aware that a re-build is done on each and every system – even on the productive one. 2011 © 2011 SAP AG. All rights reserved. 391 Unit 7: Change Management and Software Logistics ADM800 Note that for this transport type you have to configure two transport routes between the development system and the quality assurance system. The consolidation route is needed to export new developments from the development system and bring them to the quality assurance system. The delivery route is required to be able to transport all of the requests that where created for the upload system to the quality assurance system as well. Using source transports requires that all of the libraries are part of the quality assurance system and the production system, as well. To summarize, the activity transport in SAP NetWeaver Developer Studio via the enhanced Change and Transport System (CTS+) offers the following advantages: • • • • Only one tool is needed to configure the landscape and to perform transports. Both is done in the CTS system. The transport granularity is no longer an SCA. Single activities / sources can be transported. The file type used is *.DIP (Development Infrastructure Package). SDAs are deployed to the runtime systems. The build log becomes part of the step Deployment of the Transport log. The monitoring can therefore be done via several tools: CTS Import Logs, Transport Organizer Web UI, Diagnostics within SAP Solution Manager. The activity transport is a delta transport on source code level. Therefore small changes in the development system result in small transport files which again results in fast rebuilds and deployments. The disadvantages of the activity transport are: • • A rebuild is needed for every system and therefore also a corresponding CBS buildspace and DTR workspaces A development configuration is needed for each TMS system SCA Transports Instead of the activity transport type (with or without an SCA based transport from time to time), it is possible to configure your landscape for a pure deployable transport by the help of the CM Services. In this case, you transport an SCA – which means: a deployable – through your landscape. A development configuration is only required for the development (DEV) system. All other systems in your transport route are pure deploy targets where you would like to import your application. For these systems you only have to make sure that there is the Java Deploy URL (tp parameter DEPLOY_URL) configured for the deployment. The process for this is shown in the following figure: 392 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments Figure 162: SCA Transport – Basic Idea Concerning transport routes, you need to create a consolidation route from the upload system to the development system and from the development system to the quality assurance system. A delivery route is required from the quality assurance system to the production system. To export and attach the SCA to a transport request, a new UI is used - the DI Export Service Web UI. You can call this UI from the Development Infrastructure – Configuration Service UI. As a first step, you have to choose the system from where you would like to export an SCA – this is usually your source / development system. After that, you can choose one SCA from those that are to be developed in this system. The DI Export Service Web UI will guide you through the process of adding the SCA to a transport request. For this process, the same is valid as it was for the activity transport: a transport request can be taken automatically from the CTS system or you can create one by the help of the Transport Organizer Web UI. Also after having added the SCA to the transport request, the transport request can be released automatically or manually – this depends on the tp parameters that you have configured. Releasing the activities in SAP NetWeaver Developer Studio (NWDS) is not needed in this case. The activities that are listed as Waiting in SAP NWDS will be released automatically when you export the corresponding SCA. The advantages of an SCA transport via the DI Export Service Web UI are: • • • 2011 One tool is used to configure the landscape and to perform transports Pure deployment to target system – no rebuild needed Direct attachment of SCA without CMS administration step (CMS Web UI) © 2011 SAP AG. All rights reserved. 393 Unit 7: Change Management and Software Logistics ADM800 The disadvantages of transporting an SCA are: • • Transport granularity is SCA You have to know about the changed SCA that you would like to transport. Activity-based SDA Transports Transporting SDAs from within SAP NetWeaver Developer Studio (NWDS) is a new option offered with enhancement package 2 for SAP NetWeaver 7.0. Using this transport type, it is not the sources of the activities themselves that are automatically added to the transport request for activity-based SDA transports, but all runtime objects (SDAs) that were rebuilt because of the changed sources. Whenever you release an activity in SAP NetWeaver Developer Studio in this scenario, the system calculates for you the SDAs that have been rebuilt because of this change and attaches them to a transport request. Predecessor activities and build dependencies are taken into account to deploy a consistent state. This is not limited to one software component. If other software components are involved e.g. in predecessor activities, the respective SDAs are added to the transport request as well (in a separate DIP file). There is always one DIP used per SCA. All SDAs of the software component might be transported if this is required due to complex dependencies. Figure 163: Activity-based SDA transport – Process Overview The figure above shows the system landscape in case of the SDA transport based on activities. For this transport type, you only need a development configuration for the development system. No rebuilds are needed any more on the importing 394 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments systems. You can – again – transport deployables. The file attached to the transport request is still a DIP file (Development Infrastructure Package). The DIP file contains the affected, deployable SDAs and a reference to the released activities. The advantages of SDA transports based on activities are • • In contrast to activity transports, no rebuild takes place for imports. You only need the development configuration in the development system and the import time is reduced. The consistency of the target system is ensured by transporting all dependent runtime objects automatically. The disadvantage is that no sources exist in the follow-on systems. Change Management Service Starting with enhancement package 1 for SAP NetWeaver 7.0, SAP provides the first version of the CM Services (Change Management Services). The CM Services are the successor of CMS (Change Management Service) in SAP NetWeaver Development Infrastructure. CMS is now in maintenance mode – there are no new features going to be developed, but of course you may use CMS for the transport of Java applications as well. The “old” CMS provides the functionality to perform two different tasks. The first task is the system administration part where you setup a track in order to create a transport landscape for your runtime systems. This is done in CMS Landscape Configurator. A track can consist of up to four systems that represent the different development stages: development, consolidation, test and production. The second task is the configuration of development configurations for your development cycle and the export of deployable units (SCA files – Software Component Archives). The integration with the enhanced CTS (CTS+) is possible during the assembly step where the SCA file is attached to a CTS transport request. This is done in CMS Transport Studio. The following figure illustrates an example of the transport process within a track. Tracks form a configuration unit of the Change Management Service in which the development of software components is managed: They contain all development configurations and all runtime systems that are required to develop, test and produce one or more software component versions. 2011 © 2011 SAP AG. All rights reserved. 395 Unit 7: Change Management and Software Logistics ADM800 Figure 164: Change Management Service (CMS) – Transport Process The developer's task is more or less identical to the task when using CM Services: After checking-in the created or changes sources to the Design Time Repository (DTR), the developer can transfer the changes to the Component Build Service (CBS) (developer's step 1). The CBS attempts to rebuild all components that are directly and indirectly affected by the changes. If this is possible without errors, the changes are accepted and the results of all developers of the same development configuration are made available in the form of libraries or deployable archives. If the activation and the developer's testing in the development stage (system) were successful, the developer releases the change request in SAP NetWeaver Developer Studio and therefore transfers it to the Change Management Service (CMS) of SAP NWDI (developer's step 2). All the activities selected by the developer are packed in a change request and placed in the import queue of the consolidation stage. With the import (administrator's step 1) into the consolidation stage, the system integrates the released changes into the inactive DTR workspace of the consolidation stage and the CBS automatically compiles the changed components. The changes are also integrated into the active workspace of the DTR after a successful build. After a test of the application function (if a runtime system is assigned to the consolidation stage), the CMS creates a new version of the application (assembly) in the form of an SCA file from the consolidated status of the software changes and makes preparations for the import into the test system (administrator's step 2). 396 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments After the next import into the test system and the subsequent extensive function and integration testing, a quality manager can approve the software component for transport into the production system (approval, step 3). Recommendations and Restrictions Enhancement Package 1 for SAP NetWeaver 7.0 delivers the first version of the CM Services. Check whether the CM Services offer benefits for you and if yes, use them. If not, you can continue using Change Management Services (CMS). Please keep in mind that there is no new functionality planned for CMS. CMS is in maintenance mode. There are some restrictions for the usage of CM Services that you should take into consideration. Some of them are listed below. Hint: You should check the CM Services central SAP note 1361909 – CM Services in CTS+ for the latest recommendations and restrictions. CM Services an SAP NetWeaver Developer Studio on (at least) enhancement package 2 or SAP NetWeaver Composition Environment 7.2 for releasing the activity as a deployable (activity-based SDA transport) to CTS. If you develop Java Web Dynpro for a runtime system which is not yet on enhancement package 2 for SAP NetWeaver 7.0, you have to use one SAP NetWeaver Developer Studio on the release that fits to your runtime system for developing and another one which supports CM Services for releasing the activities. 2011 © 2011 SAP AG. All rights reserved. 397 Unit 7: Change Management and Software Logistics ADM800 In addition, CM Services do not support • • repair scenarios using track connections mixed scenarios where sources (activities) are transported only from the development system to the quality assurance system and after that, only complete SCA files are transported to the production system Note: A remark on build-options: If SAP NetWeaver Development Infrastructure (NWDI) is to support the development of Java applications for different AS Java releases, different versions of the Java Development Kit (JDK) may be required to build the applications. Applications for SAP Web AS Java 6.40 or AS Java 7.00 are based on JDK 1.4.2 for example; applications for SAP NetWeaver Portal 7.3, on the other hand, are based on Version 1.6 of the JDK. Therefore, a JDK 1.6 must be provided for the Component Build Service (CBS) of SAP NWDI (SAP NWDI itself is based on AS Java 7.0x). This JDK must be also installed at operating system level of the SAP NWDI host. The Component Build Service (CBS) uses two service properties to find the JDK used for the build process. These two properties determine, in association with a build option specified in a concrete development configuration, which JDK is used to compile Java sources for a special development component (DC): • • BUILD_TOOL_JDK_HOME defines the VM that executes the build environment; this property should point to the highest JDK version used by the CBS to ensure compatibility. JDK_HOME_PATH defines a list of variables and paths for directories in which the related JDK versions are stored. A special build option (option com.sap.jdk.home_path_key) can then be used for the individual systems of SAP NWDI to control which JDK is used for building for the concrete system. For the use of CM Services, SAP recommends to use your SAP Solution Manager system as central CTS system. The CM Services should run on the SAP NWDI system however. If you decide to transport sources (activity transport type) use the CTS Deploy Web Service on the SAP NWDI system (logical port CTSDEPLOY_DI). If you decide to transport deployables (SCA transport type, activity-based SDA transport type) however, use the CTS Deploy Web Service on the SAP NWDI system for the deployment into the development system (for which a development 398 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments configuration exists) and the CTS Deploy Web Service on the CTS system for the deployment into the quality assurance system and the production system (for which no development configurations exist). Hint: In this case, there is one system less that has to be up and running during deployments: the CTS Deploy Web Service on the SAP NWDI system (logical port CTSDEPLOY_DI) is only needed during the development phase and for importing the required archives and sources from your upload system into your development system. If you decide to use the activity transport type, use it in combination with the SCA transport for example if you did a lot of changes to very different DCs, you should transport the complete SCA instead of a lot of source files. Sources should only be changed in the development system. For the activity transport type it is technically possible to access (via the respective development configuration) and change the sources in your target systems. This is absolutely not recommended. Set DTR Access Control Lists (ACLs) accordingly for the DTR workspaces of all your target systems in your transport route. If you have already configured your SAP NWDI and you are using tracks for your development process, you can continue to do so. CM Services and CMS cannot be used together for example, in one transport route or track, but you could use CMS for one development project and the CM Services for another. Both of them could use the same DTR and CBS. Finally, it is not recommended to use the activity transport type if you are modifying ESS (Employee Self Services) or MSS (Manager Self Services) sources delivered by SAP. Note: For more information, see the online documentation for SAP NetWeaver 7.3, area SAP NetWeaver → SAP NetWeaver Library: Function-Oriented View → Solution Life Cycle Management → Using the Development and Production Infrastructure → Development Infrastructure (DI) → Organizing the Transports in the Landscape → Scenarios and Recommendations on Using CTS and NWDI . Summary The following figure shows the elements of the central development architecture again. 2011 © 2011 SAP AG. All rights reserved. 399 Unit 7: Change Management and Software Logistics ADM800 Figure 165: Summary: Components of the SAP NetWeaver Development Infrastructure Using SAP NetWeaver Development Infrastructure significantly reduces the possibilities for inconsistencies on the developers' PCs (caused, for example, due to the use of obsolete libraries or data structures). With the Central Build Service, there is also a build-on-demand service available. This allows error correction cycles to be reduced in comparison to centrally initiated and controlled builds. 400 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments Exercise 19: Transporting Java Developments Exercise Objectives After completing this exercise, you will be able to: • Import Java applications into the quality assurance system and test them there Business Example Your company, COMPANY (internet domain company.com), is using SAP NetWeaver Development Infrastructure to develop Java applications for SAP systems. The development of the software component CALCULATOR 4.0 for the product version MATHEMATICS 2013.1 is almost complete, and the developers involved have already tested their work in the development system and released the transport requests for import into the quality assurance system. Your task now, as the person responsible for transports, is to import these transport requests into the quality assurance system of the system landscape. Task 1: Check the Status of the Transport Request In a preceding exercise, you have released a transport request in SAP NetWeaver Developer Studio. Check with the help of the Transport Organizer Web UI whether or not the corresponding transport request has been released already. If not, release it. 1. Open the Transport Organizer Web UI on the CTS system. Check whether or not your transport request has been released. If not, release it. Task 2: Import into the Quality Assurance System Import the transport request assigned to you by your instructor into the quality assurance system for your system landscape and check the import logs after successful execution. 1. Check that the transport request which you have checked in the previous task, is now added to the import queue of the Portal quality assurance system. 2. Start the import of “your” transport request into the quality assurance system. 3. After the import has been executed successfully, check the deployment log for the import into the quality assurance system. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 401 Unit 7: Change Management and Software Logistics ADM800 Task 3: Optional: Test in the Quality Assurance System Test your application in the quality assurance system. 1. Test the application that you transported into the quality assurance system using the Web browser. Task 4: Optional: Import into the Production System Import the transport request assigned to you by your instructor into the production system for your system landscape and check the import logs after successful execution. 402 1. Check that “your” transport request is now added to the import queue of the Portal production system. 2. Start the import of “your” transport request into the production system. 3. After the import has been executed successfully, check the deployment log for the import into the production system. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments Solution 19: Transporting Java Developments Task 1: Check the Status of the Transport Request In a preceding exercise, you have released a transport request in SAP NetWeaver Developer Studio. Check with the help of the Transport Organizer Web UI whether or not the corresponding transport request has been released already. If not, release it. 1. Open the Transport Organizer Web UI on the CTS system. Check whether or not your transport request has been released. If not, release it. a) Log on to the CTS system that is used in your training class with the user provided by your instructor. Start transaction STMS. b) Click on the Transport Organizer Web UI button in the application toolbar. On the following screen select the SID of the Portal development system and choose Continue. The Transport Organizer Web UI starts. c) Select requests for the Portal development system for your Owner (<course-ID>-## where ## represents your group number) in Status Modifiable. • • d) If you can find your transport request, select the transport request. Switch to the Object List tab and verify that your changes from the previous exercise have been added to the transport request. In this case, choose Release. Then choose Refresh List. Your transport request should now disappear from the list. If you cannot find your transport request, select requests for the Portal development system for your Owner (<course-ID>-## where ## represents your group number) in Status Released. On the resulting list, you should find your transport request. Select the transport request. Switch to the Object List tab and verify that your changes from the previous exercise have been added to the transport request. Finally close the Transport Organizer Web UI. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 403 Unit 7: Change Management and Software Logistics ADM800 Task 2: Import into the Quality Assurance System Import the transport request assigned to you by your instructor into the quality assurance system for your system landscape and check the import logs after successful execution. 1. 2. 3. Check that the transport request which you have checked in the previous task, is now added to the import queue of the Portal quality assurance system. a) If you have not yet already done so, log on to the CTS system that is used in your training class with the user given to you by your instructor. Start transaction STMS. b) Choose Overview → Imports. On the resulting screen, double-click on the line for the Portal quality assurance system. If you cannot find your transport request here, choose Refresh. Start the import of “your” transport request into the quality assurance system. a) On the Import Queue screen, select the line with your transport request and choose Import Request. b) On the Import Transport Request popup, switch to the Options tab. Deselect the checkmark for the Leave Transport Requests in Queue for Later Import field and choose Continue. Confirm the following popup with Yes. The import starts. It may take some time. After the import has been executed successfully, check the deployment log for the import into the quality assurance system. a) After the import has been executed successfully, choose Goto → Import History. Select the line with “your” transport request. Click on the Logs button. b) On the resulting screen, click on the log icon for the Deployment step. Expand the deployment log with the Expand All button. c) Finally choose Back → Back → Back → Back to go back to the Import Overview screen. Continued on next page 404 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments Task 3: Optional: Test in the Quality Assurance System Test your application in the quality assurance system. 1. Test the application that you transported into the quality assurance system using the Web browser. a) Open a browser and call the URL http://twdfxxxx.wdf.sap.corp:5$$00/webdynpro/resources/company.com/math~calc~group##~wd/CalcApp##. Replace ## with your group number. twdfxxxx and $$ denote the host name or the instance number on the SAP system that is defined in the system landscape definition (in transaction STMS on the CTS system) as the quality assurance (runtime) system. Hint: In the context of a previous exercise, if you have already tested your application from the SAP NetWeaver Developer Studio on the central Portal development system and if this browser page is still open, alternatively, you can simply change the URL to the URL specified above on this browser page and then choose Enter. Task 4: Optional: Import into the Production System Import the transport request assigned to you by your instructor into the production system for your system landscape and check the import logs after successful execution. 1. Check that “your” transport request is now added to the import queue of the Portal production system. a) If you have not yet already done so, log on to the CTS system that is used in your training class with the user given to you by your instructor. Start transaction STMS. b) On the start screen of transaction STMS choose Overview → Imports. On the resulting screen, double-click on the line for the Portal production system. If you cannot find your transport request here, choose Refresh. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 405 Unit 7: Change Management and Software Logistics 2. 3. ADM800 Start the import of “your” transport request into the production system. a) On the Import Queue screen, select the line with your transport request and choose Import Request. b) On the Import Transport Request popup, switch to the Options tab. Deselect the checkmark for the Leave Transport Requests in Queue for Later Import field and choose Continue. Confirm the following popup with Yes. The import starts. It may take some time. After the import has been executed successfully, check the deployment log for the import into the production system. a) After the import has been executed successfully, choose Goto → Import History. Select the line with “your” transport request. Click on the Logs button. b) On the resulting screen, click on the log icon for the Deployment step. Expand the deployment log with the Expand All button. c) Finally choose Back → Back → Back → Back to go back to the Import Overview screen. Result You have successfully imported a transport request into the quality assurance system of your transport landscape and you may also have tested it there. In addition you may also have imported the transport request into the production system. 406 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Transporting Java Developments Lesson Summary You should now be able to: • Import changes into the quality assurance system • List the individual transport steps for activity-based SDA transports Related Information For more information about the enhanced CTS, go to the documentation for SAP NetWeaver 7.3, area SAP NetWeaver → SAP NetWeaver Library: Function-Oriented View → Solution Life Cycle Management → Software Logistics → Change and Transport System → Change and Transport System - Overview → Transporting Non-ABAP Objects in Change and Transport System and see SAP Note 1003674 – Enhancement for non-ABAP systems in CTS . For more information on CM Services, read the Guide How To Setup CM Services, which is available on SAP Developer Netweork, Quick Link /cts (http://www.sdn.sap.com/irj/sdn/cts). For more information on recommendations and restrictions of CM Services, see the online documentation for SAP NetWeaver 7.3, area SAP NetWeaver → SAP NetWeaver Library: Function-Oriented View → Solution Life Cycle Management → Using the Development and Production Infrastructure → Development Infrastructure (DI) → Organizing the Transports in the Landscape → Scenarios and Recommendations on Using CTS and NWDI . Information on Change Management Service (CMS) can be found in the online documentation for SAP NetWeaver 7.3, area SAP NetWeaver → SAP NetWeaver Library: Function-Oriented View → Solution Life Cycle Management → Using the Development and Production Infrastructure → Development Infrastructure → Concepts → Components Development with the NWDI → Central Landscape and Transport Management. 2011 © 2011 SAP AG. All rights reserved. 407 Unit Summary ADM800 Unit Summary You should now be able to: • List the elements of a Java EE application • Outline the steps required to develop an executable Java EE application • Name differences between ABAP-based development and Java-based development • Name the building blocks of SAP NetWeaver Development Infrastructure and explain their meaning • Explain the idea of SAP's component model for the development of Java based SAP applications • Outline the use of Change Management Services and the enhanced Change and Transport System for the use with SAP NetWeaver Development Infrastructure • List the necessary steps to define a system landscape for SAP NWDI based development in the ABAP Transport Management System • Connect SAP NetWeaver Developer Studio to the central components of SAP NetWeaver Development Infrastructure • List the individual steps that are required from the start of developing / changing Java objects to releasing these changes in the central development system • Outline the structure of the Design Time Repository (DTR) • Import changes into the quality assurance system • List the individual transport steps for activity-based SDA transports 408 © 2011 SAP AG. All rights reserved. 2011 ADM800 Test Your Knowledge Test Your Knowledge 1. Which of these statements about the programming model of a Java EE application are correct? Choose the correct answer(s). 2. □ A □ B □ C □ D Presentation logic and application logic are closely linked in Java EE applications. Presentation logic and application logic are strictly separated in Java EE applications. Java Server Pages (JSPs) and servlets are part of the presentation logic. Java Server Pages (JSPs) and servlets are part of the application logic. Which of the following services are elements of SAP NetWeaver Development Infrastructure (NWDI)? Choose the correct answer(s). □ □ □ □ □ 3. A B C D E Design Time Repository (DTR) Object Development Tool (ODT) Component Build Service (CBS) Name server Central Make Tool (CMT) Assume that you want to use activity-based SDA transports within SAP NetWeaver Development Infrastructure (NWDI). Where do you define the system landscape? Choose the correct answer(s). 2011 □ □ □ A B C □ D In the active workspace of the DTR (Design Time Repository) In SAP NetWeaver Developer Studio In transaction STMS (Transport Management System) on the CTS system In the track definition of CMS (Change Management Service) on the SAP NWDI system. © 2011 SAP AG. All rights reserved. 409 Test Your Knowledge 4. ADM800 Which statements about the Design Time Repository (DTR) and the Component Build Service (CBS) are correct? Choose the correct answer(s). 5. □ □ A B □ C □ D There are active and inactive workspaces in the DTR. Checking-in development components to the DTR means that they can be used by other developers. Activating development components in the CBS means that they can be used by other developers. If the central build fails, the elements of the active workspace are placed in the inactive workspace. Consider the transport type activity-based SDA transport. Which steps happen automatically during the import of a transport request into the quality assurance system? Choose the correct answer(s). 410 □ A □ B □ □ C D The integration of the development objects that are contained in the transport request into the inactive DTR workspace. The update of the SLD Software Catalog for the relevant software component versions. The deployment process into the assigned runtime system. The CBS build process for the development components that need to be (re-)built. © 2011 SAP AG. All rights reserved. 2011 ADM800 Test Your Knowledge Answers 1. Which of these statements about the programming model of a Java EE application are correct? Answer: B, C In Java EE applications – unlike classical ABAP applications – presentation logic and application logic are strictly separated. JSPs and servlets are part of the presentation logic, the application logic is represented by Enterprise Beans. 2. Which of the following services are elements of SAP NetWeaver Development Infrastructure (NWDI)? Answer: A, C, D Included in the SAP NetWeaver Development Infrastructure (NWDI) are the Design Time Repository for managing versioned source code, the Component Build Service for the central build based on the component model and the Name Service as a central check instance for unique names. Central Make Tool and Object Development Tool are imaginary names, Java EE applications are developed using the SAP NetWeaver Developer Studio, based on Eclipse. 3. Assume that you want to use activity-based SDA transports within SAP NetWeaver Development Infrastructure (NWDI). Where do you define the system landscape? Answer: C As a prerequisite for activity-based SDA transports, you need to configure CM Services. In case of CM Services, you connect the SAP NWDI system with the ABAP Change and Transport System (CTS). You therefore define the system landscape in transaction STMS. The track definition of CMS is used if you do not use CM Services. 2011 © 2011 SAP AG. All rights reserved. 411 Test Your Knowledge 4. ADM800 Which statements about the Design Time Repository (DTR) and the Component Build Service (CBS) are correct? Answer: A, C The central build in the Component Build Service (CBS) builds the archives of the development components (DCs), which become usable for other developers through activation. During the central build, unchanged files are fetched from the active workspace, and changed files from the inactive workspace. After a successful build, the archive files are automatically available in the active workspace. 5. Consider the transport type activity-based SDA transport. Which steps happen automatically during the import of a transport request into the quality assurance system? Answer: C During the import into a system without development configuration, only the deployment into the runtime system is executed. DTR import and CBS build do not take place. These two steps are only executed during import into a system with development configuration. 412 © 2011 SAP AG. All rights reserved. 2011 Unit 8 Monitoring Unit Overview You can monitor SAP NetWeaver AS Java either locally in SAP NetWeaver AS Java itself or centrally using a central monitoring system (SAP NetWeaver AS ABAP). This unit shows both the local and central monitoring possibilities. Unit Objectives After completing this unit, you will be able to: • • • • • • • • • • • Describe the monitoring infrastructure Display monitoring data in the SAP NetWeaver Administrator (NWA) Make threshold value settings in the NWA Monitor Java instances in the central monitoring system Explain which configuration steps are required to be able to maintain the threshold values for Java instances from the central monitoring system Describe how an availability check using the GRMG works technically Configure an availability check Use the Log Viewer Explain the difference between logging and tracing Execute log configuration list technical components required for different monitoring capabilities of SAP Solution Manager 7.1 Unit Contents Lesson: Monitoring SAP NetWeaver AS Java ..............................414 Exercise 20: Monitoring SAP NetWeaver AS Java ....................421 Lesson: Connecting to a Central Monitoring System ......................425 Exercise 21: Registering with a Central Monitoring System ..........437 Lesson: Availability Monitoring ................................................443 Exercise 22: Availability Monitoring ......................................451 Lesson: Log Viewer and Log Configuration .................................456 Exercise 23: Log Viewer and Log Configuration .......................471 Lesson: Introduction to Monitoring Using SAP Solution Manager........477 2011 © 2011 SAP AG. All rights reserved. 413 Unit 8: Monitoring ADM800 Lesson: Monitoring SAP NetWeaver AS Java Lesson Overview SAP NetWeaver AS Java provides an infrastructure that makes monitoring data available. This monitoring data can be displayed in the SAP NetWeaver Administrator. You can also set threshold values for this data there. Threshold values determine the colors with which data is displayed in the monitor. Lesson Objectives After completing this lesson, you will be able to: • • • Describe the monitoring infrastructure Display monitoring data in the SAP NetWeaver Administrator (NWA) Make threshold value settings in the NWA Business Example You are using an SAP NetWeaver AS Java. Monitoring is important for safeguarding a stable system environment. It allows for some error situations to be identified in advance. SAP NetWeaver AS Java provides an infrastructure that makes monitoring data available. This monitoring data can be displayed in the NWA. Monitoring Infrastructure The monitoring in SAP NetWeaver AS Java is based on the standard Java Management Extension (JMX). JMX provides a new flexible administration infrastructure that is used for the monitors. The JMX infrastructure allows different resources to register as suppliers for monitoring data. Through the JMX API, data is made available for resources of all server components (services, interfaces, libraries, and managers), and applications using MBeans. The data of the JMX monitors is stored in the monitoring segment. Since JMX is a standard, this ensures that external tools can also access the monitoring data. The external tools connect through the JMX API and can display all current values in the JMX monitors. They can also create, delete, and change groups, as well as installing and uninstalling monitor nodes. The JMX infrastructure is provided by the JMX Adapter service. 414 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Monitoring SAP NetWeaver AS Java Figure 166: Monitoring Infrastructure During the start of the sapstartsrv the monitoring segment is created. The data collector of the AS Java stores the current status and open alerts of the monitoring objects in the monitoring segment. Completed alerts are removed from the monitoring segment. 2011 © 2011 SAP AG. All rights reserved. 415 Unit 8: Monitoring ADM800 The data in the monitoring infrastructure is grouped in several areas like Kernel, Services, Performance and Applications. • Kernel Status information for the managers registered for monitoring is displayed under the Kernel entry. • Performance The Performance area displays available data about performance measurements of the SAP NetWeaver AS Java, e.g. communication to external systems. • Services Status information for the services registered for monitoring is displayed under the Services entry. • Applications This branch contains information about the status of applications that are running on the SAP NetWeaver AS Java and for which monitoring functions are implemented in the coding. This is a configurable type of monitor, since you can specify which information is displayed in the monitor for your own applications. An application developer usually creates his or her own monitors and objects under the Applications branch. The other monitor branches, such as Kernel, System, and so on are reserved for data that is directly and automatically collected by the system. The monitor Table Buffer is always displayed in the Applications area along with other items. There are various tools for the operating with the monitoring data. 416 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Monitoring SAP NetWeaver AS Java Figure 167: Monitoring - Tools RZ20 The RZ20 in a CEN (central monitoring system with) is a powerfull tool to monitor multiple SAP systems and their operating systems. You can set up additional notifications in case of alerts and auto-reaction methods there. Beyond that, you are able to view the current status and open alerts of monitoring attributes. You can maintain thresholds and complete open alerts. The RZ20 gets her information out of the monitoring segment of the AS Java, this means, that e.g. performance issues of the AS Java doesn't affect the monitoring and alerting in the CEN system. SAP MC and SAP MMC With the SAP MC and SAP MMC you are able to view the current status and open alerts of monitoring attributes. The SAP MC and SAP MMC communicates directly with the sapstartsrv and gets the information out of the monitoring segment of the AS Java, this means, that e.g. performance issues of the AS Java doesn't affect the monitoring and alerting. System Overview The system overview is available in two versions. One version is available in the NWA and the other is avalable via sapstartsrv (this is called the offline system overview). The system overview gives you an graphical overview of the current status of some monitoring attributes and their values. The system overview in the NWA provides a navigation to expert functions in the NWA for the displayed attributes. 2011 © 2011 SAP AG. All rights reserved. 417 Unit 8: Monitoring ADM800 Monitoring Browser The monitoring browser is available in the NWA. The monitoring browser shows the current status of the monitoring attributes and you can maintain thresholds and activate/deactivate monitoring attributes. Monitoring with the SAP MC Figure 168: Monitoring with the SAP MC The monitoring area in the SAP MC or SAP MMC is divided in two parts. One area is for the current status and in the other the open alerts are displayed. Each area is structured in several parts, for example Java Instance, Server or Application where you can drill down. If you select Kernel from one server process, you get displayed all monitoring attributes in the right window pane. Time indicates the time, where the value was reportet from the AS Java. You can see all available alerts of the monitoring attribute by selecting the monitoring attribute and choose All Alerts from the context menu. This option is available in the current status area and open alert area. In the right pane press the left mouse button on the Alert Name headline for choosing the different sort criteria. Every click alternates between sorting “by alert”, “order of the monitoring structure” or “by reverse alert”. 418 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Monitoring SAP NetWeaver AS Java Monitoring with the Monitoring Browser The current status values for the monitoring attributes are displayed with alert colors in accordance with the “traffic light system”. in the SAP NetWeaver Administrator (abbreviation: NWA), the data is displayed in the Monitoring Browser. You are taken to the Monitor Browser with Availability and Performance → Resource Monitoring → History Reports. Here you can select the Monitor Browser tab. Figure 169: Monitoring with the Monitoring Browser In the Monitor Browser you have two views, one for the Active/Used monitoring attributes and one for the Inactive/Not used monitoring attributes. In the Monitor Browser you can activate/deactivate monitor attributes (there is no other tool for activation or deactivation of monitoring attributes). In the lower part of the Monitor Browser you can see the periode of the data collection. In the NWA, the Monitor Browser displays all the running nodes in the system with the current value of the selected monitoring attribute. A threshold value determines when which alert (color in the monitor) is to be triggered. For a working monitoring that is individually adjusted to your system, you should adjust the threshold values. In the Monitor Configuration area it is possible to maintain the thresholds. In the monitor itself, the statuses are identified with different colors. A color changes when a value exceeds or falls below a threshold value. Errors are highlighted in red and passed on to the highest level of the monitor. You can find the alert that has occurred by expanding the monitor. The following colors can be displayed in the monitor: 2011 © 2011 SAP AG. All rights reserved. 419 Unit 8: Monitoring ADM800 Monitoring with the System Overview Figure 170: Monitoring with the System Overview The system overview is available in two versions. You can access the System Overview in the NWA in the workcenter Availability and Performance in the work set System Overview. You can access the offline System Overview via url http://twdfxxxx:50013/ctsv/SystemOverview.html . Both versions show the current values of the displayed monitoring attributes. In the System Overview of the NWA you can navigate to other funcitons by choosing the left mouse button on the monitoring attribute. This is not possible in the offline System Overview. As shown in the figure above, on the selected attribute is a link (Help) available for the online documentation and links for View History (History Reports), Configure Thresholds (Monitoring Browser) and the Manage User Sessions (Session Management) available. The options can vary for every monitoring attribute. 420 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Monitoring SAP NetWeaver AS Java Exercise 20: Monitoring SAP NetWeaver AS Java Exercise Objectives After completing this exercise, you will be able to: • Monitor the SAP NetWeaver AS Java using the SAP NetWeaver Administrator • Monitor the SAP NetWeaver AS Java using the Visual Administrator • Make threshold value settings for individual objects in the monitor Business Example For successful monitoring using the Monitoring service in SAP NetWeaver AS Java, you must set the threshold values appropriately. Task: Making Settings with the NWA Check whether an alert has occurred in the Usage Rate in the memory service of the server processes. You may have to activate the data collection for the Usage Rate. Change the threshold value in the memory service of a server process so that a red alert is displayed in the Usage Rate area when 90% of memory is used (yellow: 75%). Display the historical values for the Usage Rate. 1. Log on to the SAP NetWeaver Administrator, open the Monitoring Browser, and check whether an alert has occurred in the memory service. 2. Check whether the data collection is activated for the Usage Rate monitor and activate it if necessary. 3. Set the alerting for the area Usage Rate so that a red alert is displayed for 90% (yellow: 75). 4. 2011 Display the historical data for the Usage Rate. © 2011 SAP AG. All rights reserved. 421 Unit 8: Monitoring ADM800 Solution 20: Monitoring SAP NetWeaver AS Java Task: Making Settings with the NWA Check whether an alert has occurred in the Usage Rate in the memory service of the server processes. You may have to activate the data collection for the Usage Rate. Change the threshold value in the memory service of a server process so that a red alert is displayed in the Usage Rate area when 90% of memory is used (yellow: 75%). Display the historical values for the Usage Rate. 1. 2. Log on to the SAP NetWeaver Administrator, open the Monitoring Browser, and check whether an alert has occurred in the memory service. a) Log on to your system's SAP NetWeaver Administrator, for example http://twdfSSSS.wdf.sap.corp:<http_port>/nwa. Log on with a user and password (your instructor will provide the user and password information). Switch to the monitor browser: Availability and Performance Management → Resource Monitoring → Java System Reports. Now select Monitor Browser as the Report. b) Select the appropriate server process and open Services → Memory Info there. Here you can see the various monitors. You can use the colors (red, yellow, green, gray) to identify whether an alert has occurred. Navigate to the Usage Rate monitor and select the monitor's current values. If you see No value has been reported yet then this indicates that data collection is not active. Move on to the next step. Skip the next step if the data collection is already active. Check whether the data collection is activated for the Usage Rate monitor and activate it if necessary. a) Select Usage Rate if you have not already done so. b) Select the tab page Configuration. Check whether the checkbox next to Enabled is selected. If it is not select the Edit Configuration Group button. Now check the box and save your configuration. Click on the Refresh button above the monitoring tree. Continued on next page 422 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Monitoring SAP NetWeaver AS Java 3. Set the alerting for the area Usage Rate so that a red alert is displayed for 90% (yellow: 75). a) Go back to the tab page Configuration. b) If you have not yet done so select the Edit Configuration Group button. Enter the following values, for example, and save your configuration: • • • • 4. 2011 Green to yellow: 75 Yellow to red: 90 Red to yellow: 85 Yellow to green: 70 Display the historical data for the Usage Rate. a) Switch to the History. b) Select a appropriate period for the display. In the field History per, you can select from hours, quarter hours and minutes. © 2011 SAP AG. All rights reserved. 423 Unit 8: Monitoring ADM800 Lesson Summary You should now be able to: • Describe the monitoring infrastructure • Display monitoring data in the SAP NetWeaver Administrator (NWA) • Make threshold value settings in the NWA 424 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connecting to a Central Monitoring System Lesson: Connecting to a Central Monitoring System Lesson Overview You can monitor the SAP NetWeaver AS Java directly with the SAP NetWeaver Administrator (NWA) or using a central monitoring system. The configuration steps are presented here. Lesson Objectives After completing this lesson, you will be able to: • • Monitor Java instances in the central monitoring system Explain which configuration steps are required to be able to maintain the threshold values for Java instances from the central monitoring system Business Example You use a number of SAP systems in your company. You monitor these SAP systems using a central monitoring system. You have now also installed an SAP system with which you are going to use Java functions. You are therefore using an SAP NetWeaver AS Java, which you want to monitor in the central monitoring system, like your other SAP systems. You can display the most important system data in a central monitoring system, for example an SAP Solution Manager. Transferring Monitoring Data to a Central Monitoring System On the SAP NetWeaver AS Java, there is a monitoring infrastructure that collects various data, which is displayed in the monitoring browser of the SAP NetWeaver Administrators (NWA). You can display this data in a central SAP monitoring system by connecting the AS Java to the central monitoring system (called CEN here). 2011 © 2011 SAP AG. All rights reserved. 425 Unit 8: Monitoring ADM800 Figure 171: Connecting to a Central Monitoring System If the SAP NetWeaver AS Java starts, JMX monitors are created. They deliver data for runtime monitoring. To deliver the data to the CEN the SAP NetWeaver management agents are used. The SAP NetWeaver management agents are used to administer and monitor SAP NetWeaver components. They are automatically installed and started during the installation of any SAP NetWeaver components as of release SAP EHP2 for SAP NetWeaver 7.0 (in short 7.02) or SAP NetWeaver 7.1. There are two types of agents, depending on the associated component: the host agent and the instance agent. One host agent runs for each monitored host (including hosts on which one or more instance agent is running). An instance agent runs for each monitored instance. 426 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connecting to a Central Monitoring System Figure 172: Monitoring Data Transfer from AS Java to CEN The SAP NetWeaver management agent sapstartsrv contains the functionality for different central monitoring functions. The functions of the CCMS agents (SAPCCMSR, SAPCCM4X) are integrated into sapstartsrv as a static library for this purpose; the CCMS agents therefore are no longer needed as standalone executables as of SAP NetWeaver 7.02. The monitoring functions are started in a separate thread within sapstartsrv. This thread connects to the monitoring segment in the shared memory of the monitored instance. Applications can access the monitoring functions of sapstartsrv through a Web service interface. This interface replaces the RFC server part of the CCMS agent. An application (usually an ABAP or dual-stack system) can register as a central monitoring system (CEN). The registration is performed using a protected Web service. During the registration, the caller sends sapstartsrv information about the CEN and the logon data for the CSMREG user. 2011 © 2011 SAP AG. All rights reserved. 427 Unit 8: Monitoring ADM800 An SAP NetWeaver management agent communicates with CEN in the following way: • • As a Web service, it provides access to the data in the monitoring segment. This access is, for example, used in transaction RZ20. As an RFC client, it independently sends alerts and values for the monitoring attributes to the CEN (push technology). This data is then stored in a cache there to allow the system to display it more quickly or triggers central auto-reaction methods there. This improves performance, since CEN then no longer needs to periodically query the agents. Hint: In addition to system monitoring, the SAP Solution Manager provides further functions. Registering AS Java to a CEN The following steps are required to install the SAPCCMSR agent: 1. Create the CSMREG user in the central monitoring system (transaction RZ21 in CEN) a) 2. 3. If the monitored system is an AS ABAP+Java create an CSMREG user in the monitored system also. Register the AS Java to the central monitoring system (transaction RZ21 in CEN) Create JCo Destination for the customizing destination Creating the CSMREG User The CSMREG user is used for communication between the agents and the central monitoring system. This user is a communication user with very specific authorizations. 428 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connecting to a Central Monitoring System Figure 173: Creating the CMSREG User (RZ21) The CSMREG user is created with transaction RZ21. There go to Technical Infrastructure → Configure Central System → Create CSMREG User Register AS Java to the Central Monitoring System The technical infrastructure used when registering an AS Java depends slightly on the installation of the monitored system. The next figures show the difference between a monitored AS ABAP+Java (dual-stack) and an AS Java (single-stack). 2011 © 2011 SAP AG. All rights reserved. 429 Unit 8: Monitoring ADM800 Figure 174: Registering AS Java to CEN As shown in the figure above the instance agent (sapstartsrv) can be called by the CEN via Web Service to get the monitoring data. In addition sapstartsrv send alerts via RFC connection to the CEN (using user CSMREG in client 000). The operation system data is provided via shared memory by the host agent. For maintaining threshold values from the CEN in the AS Java an RFC customizing destination is used. 430 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connecting to a Central Monitoring System Figure 175: RZ21: Registering AS Java In transaction RZ21 of the CEN system go to Technical infrastructure → Configure Central System → Create remote monitoring entry. From the Component Type to Be Monitored drop down select Java. Enter the System ID, host name of the Message Server, and HTTP Port of the Message Server of the monitored system. Now choose the Test push-button. Enter the Password of the CSMREG user in your CEN and the Password of the <sid>adm operating system user for the monitored system. Finally choose Save. Now all instance agents of the monitored system are registered, HTTP destinations to the agents are generated, and the customizing destination to the AS Java is created. 2011 © 2011 SAP AG. All rights reserved. 431 Unit 8: Monitoring ADM800 Figure 176: Registering AS ABAP+Java 7.1x to CEN In addition to the connections used for a single-stack AS Java 7.1x for an AS ABAP+Java two RFC connections are used. The CEN uses destination <SID>_RZ20_COLLECT to read monitoring data for the monitored system and complete alerts; the connection uses the CSMREG user in client 000. With destination <SID>_RZ20_ANALYZE an administrator can execute an analysis method in the monitored system. The destination is created without a user, meaning that you need to authenticate yourself to the monitored system. When maintaining thresholds for the AS Java, the CEN uses the RFC destination to connect to the remote AS ABAP and from there the local RFC customizing destination is used to access the AS Java. 432 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connecting to a Central Monitoring System Figure 177: RZ21: Registering AS ABAP+Java In transaction RZ21 of the CEN system go to Technical infrastructure → Configure Central System → Create remote monitoring entry. From the Component Type to Be Monitored drop down select DualStack. Enter the System ID, host name of the Message Server, a Logon Group, and the Password of the CSMREG user of the monitored system. Now choose the Continue (Enter) push-button. The names of the RFC connections are generated. Now Test the <SID>_RZ20_COLLECT destination, if a successful logon is possible. Enter the Password of the CSMREG user in your CEN and the Password of the <sid>adm operating system user for the monitored system. Finally choose Save. Now all instance agents of the monitored system are registered, HTTP destinations to the agents are generated, RFC destinations to the monitored system are created, and the customizing destination is created in the ABAP stack of the monitored system. If you want to use the “old” technology with the sapccmsr agent, have a look in SAP Note 1547201. 2011 © 2011 SAP AG. All rights reserved. 433 Unit 8: Monitoring ADM800 Displaying the Monitoring Data in the Central Monitoring System You can display the J2EE monitoring data in the central monitoring system using the Alert Monitor. To do this, you must open the Alert Monitor (transaction RZ20) and select the monitor set SAP J2EE Monitor Templates. The status data is stored in the following monitors: • • The Engines monitor displays status data for the kernel, services, performance, and the system. The Applications monitor displays application data. In the SAP NetWeaver AS Java status monitors, you can see at a glance where warnings (yellow) and errors (red) have occurred. If you open the tree at the corresponding places, you learn more about the cause. Figure 178: Display in Transaction RZ20 If the service memory is highlighted in yellow, this means that the minimum threshold value of the memory service has been exceeded triggering a yellow alert. If you open the tree at this point, you can see which monitor this concerns. Some operating system data is displayed under Performance, the complete operating system data is displayed in the Opertating System monitor in the monitor set SAP J2EE Monitor Templates. The Applications monitor displays monitoring data for J2EE applications that have implemented a monitoring function. The operating system information is collected by the host agent. 434 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connecting to a Central Monitoring System Figure 179: Operating System Information in Transaction RZ20 Customizing Destination The agent allows you to transfer the alerts that have occurred to the central monitoring system. The system should only display an alert if a value exceeds or falls below a specific threshold value, which is entered individually for a system. A threshold value defines the value/status at which an alert with a certain classification (red, yellow, green) is displayed. Figure 180: Connecting AS Java to the Central Monitoring System (threshold value maintenance) 2011 © 2011 SAP AG. All rights reserved. 435 Unit 8: Monitoring ADM800 You can perform the configuration of the threshold values not only in the SAP NetWeaver Administrator, but also in the central monitoring system. For this a JCo RFC destination in the AS Java pointing to the Gateway of the AS ABAP is used. This is usually called SAP.CCMS.J2EE.<SID> (<SID> of the AS Java). In transaction SM59 of the AS ABAP CEN system an RFC destination of the type T was created during registration of the monitored system. This RFC connection is also usually called SAP.CCMS.J2EE.<SID>. The name of the Registered Server Program in this destination must be identical to the name of the JCo RFC destination (Program ID). In transaction RZ21 in Agents for Remote Systems under Topology you should find the name of the RFC destination in the field J2EE Customizing Destination. Hint: You can maintain the field J2EE Customizing Destination only in change mode and you may be able to view it only in change mode too. It is the last field. Therefore, you may have to scroll to the right to view the J2EE Customizing Destination. You can change the threshold values in the Alert Monitor. Call transaction RZ20, and expand the SAP J2EE Monitor Templates monitor set. Start the Engines monitor. Expand the tree structure completely, and select, for example, a server node in the central instance in the tree. Now choose the Properties button and switch to change mode. You can now maintain its threshold values. 436 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connecting to a Central Monitoring System Exercise 21: Registering with a Central Monitoring System Exercise Objectives After completing this exercise, you will be able to: • register your AS Java 7.1x with the central monitoring system Business Example You can monitor the monitoring data of the AS Java using the Monitoring Browser in the NWA or using a central monitoring system. To be able to display the data in the monitoring system, you need to register the system. Task 1: Optional: Create CSMREG user Caution: This task can only be done once per central monitoring system (CEN). If this course setup only provides one CEN, the CSMREG user was already created by the instructor. In this case please skip this whole task and the instructor provides you with the password of user CSMREG. 1. Log on to the Solution Manager system in client 000 with your course user and create the CSMREG user with transaction RZ21. Task 2: Register the AS Java Register your AS Java system to the central monitoring system. 1. Log on to the Solution Manager system in client 000 with your course user and register your AS Java with transaction RZ21. Task 3: View Monitoring Data View the monitoring data of your AS Java in the central monitoring system. 1. Check whether the monitoring data is displayed in the Alert Monitor (transaction RZ20). Continued on next page 2011 © 2011 SAP AG. All rights reserved. 437 Unit 8: Monitoring ADM800 Task 4: Create Customizing Destination Create the JCo RFC destination in your AS Java so that you can use the customizing destination to execute threshold value maintenance for the AS Java monitors in transaction RZ20 of the central monitoring system. 1. Check on your AS Java system whether a JCo RFC destination with the name (Program ID) SAP.CCMS.J2EE.<SID><##> (<SID> stands for the system ID of your system, <##> stands for your group number) has been created and started. Task 5: Maintain Threshold Values Maintain threshold values for your AS Java using the Alert Monitor in the central monitoring system. 1. 438 In transaction RZ20, change the threshold value in the memory service of a server process so that a red alert is displayed in the Usage Rate area when 95% of memory is used (yellow: 80%). © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connecting to a Central Monitoring System Solution 21: Registering with a Central Monitoring System Task 1: Optional: Create CSMREG user Caution: This task can only be done once per central monitoring system (CEN). If this course setup only provides one CEN, the CSMREG user was already created by the instructor. In this case please skip this whole task and the instructor provides you with the password of user CSMREG. 1. Log on to the Solution Manager system in client 000 with your course user and create the CSMREG user with transaction RZ21. a) Log on to the Solution Manager system in client 000 and call transaction RZ21. b) Go to Technical infrastructure → Configure Central System → Create CSMREG User. c) Enter a password twice and choose Continue (Enter). Task 2: Register the AS Java Register your AS Java system to the central monitoring system. 1. Log on to the Solution Manager system in client 000 with your course user and register your AS Java with transaction RZ21. a) Log on to the Solution Manager system in client 000 and call transaction RZ21. b) Choose Technical infrastructure → Configure Central System → Create remote monitoring entry. c) From the Component Type to Be Monitored drop down select Java d) Enter your SID as the System ID, for example P7T. Enter the full qualified host name of the Message Server, for example twdfSSSS.wdf.sap.corp. Enter the HTTP Port of the Message Server, for example 8101. e) Choose the Test push-button. f) Enter the Password of the CSMREG user in your CEN and the Password of the <sid>adm operating system user for the monitored system. g) Choose Save and wait a few seconds until the registration completes. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 439 Unit 8: Monitoring ADM800 Task 3: View Monitoring Data View the monitoring data of your AS Java in the central monitoring system. 1. Check whether the monitoring data is displayed in the Alert Monitor (transaction RZ20). a) Call transaction RZ20 in the Solution Manager system. b) Open the SAP J2EE Monitor Templates monitor set and choose the Engines monitor. Open the monitor by double-clicking it. You should now see data for your system. Note: It can take a few minutes before the data becomes visible. Task 4: Create Customizing Destination Create the JCo RFC destination in your AS Java so that you can use the customizing destination to execute threshold value maintenance for the AS Java monitors in transaction RZ20 of the central monitoring system. 1. Check on your AS Java system whether a JCo RFC destination with the name (Program ID) SAP.CCMS.J2EE.<SID><##> (<SID> stands for the system ID of your system, <##> stands for your group number) has been created and started. a) Call the NWA and switch to the JCo RFC Provider Configuration Management → Infrastructure → JCo RFC Provider. b) Start your JCo RFC Provider if it is stopped. If you still do not have a JCo RFC Provider, create it as described in the unit “Java Connector and Destinations”. Continued on next page 440 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Connecting to a Central Monitoring System Task 5: Maintain Threshold Values Maintain threshold values for your AS Java using the Alert Monitor in the central monitoring system. 1. In transaction RZ20, change the threshold value in the memory service of a server process so that a red alert is displayed in the Usage Rate area when 95% of memory is used (yellow: 80%). a) Call transaction RZ20 in the Solution Manager system. b) Open the SAP J2EE Monitor Templates monitor set and choose the Engines monitor. Open the monitor by double-clicking it. You should now see data for your system. c) Open an instance and the following nodes in the monitoring tree for your system: Services → Memory Info. d) Select Usage Rate and choose Properties to switch to threshold value maintenance. e) Switch to change mode, enter the following values, for example, and then save your configuration: • • • • f) 2011 Green to yellow: 80 Yellow to red: 95 Red to yellow: 90 Yellow to green: 75 Save your settings. © 2011 SAP AG. All rights reserved. 441 Unit 8: Monitoring ADM800 Lesson Summary You should now be able to: • Monitor Java instances in the central monitoring system • Explain which configuration steps are required to be able to maintain the threshold values for Java instances from the central monitoring system 442 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Availability Monitoring Lesson: Availability Monitoring Lesson Overview SAP provides availability monitoring using the Generic Request and Message Generator (GRMG). You can use it to monitor both technical components of SAP NetWeaver AS Java and entire Java applications. You can use this availability monitoring with only a few configuration steps. Lesson Objectives After completing this lesson, you will be able to: • • Describe how an availability check using the GRMG works technically Configure an availability check Business Example You are using SAP NetWeaver AS Java and want to be notified as quickly as possible if a Java application or technical component of an SAP Web AS Java is not running. In this case, it is useful to configure an availability check using the GRMG. Fundamentals of Availability Monitoring SAP provides the tools for monitoring the SAP NetWeaver AS Java and Java applications. This availability monitoring is based on the Generic Request and Message Generator (GRMG). You can use the GRMG to monitor the availability of technical components and the availability of entire business processes. 2011 © 2011 SAP AG. All rights reserved. 443 Unit 8: Monitoring ADM800 Figure 181: Availability Monitoring The GRMG consists of two parts, both of which are required for a functioning GRMG environment: • GRMG infrastructure The GRMG infrastructure is part of the monitoring architecture of the Computing Center Management System (CCMS) of an SAP NetWeaver AS ABAP. Its task is to send a request (the GRMG request) to the GRMG application, to receive its response (the GRMG response), and to display this response in the CCMS Alert Monitor. • GRMG application The GRMG application performs the actual availability monitoring. From a technical point of view, it is a Java Server Page (JSP), a servlet, or a Business Server Page in an SAP NetWeaver Application Server with a defined interface that is called by the GRMG infrastructure. The GRMG request and GRMG response are messages in a special XML format. The concept of availability monitoring of monitored components can be described as an agent concept. This means that the GRMG application can run separately from the components and applications that it is monitoring. This detour means that if errors occur, you can differentiate between cases in which the components monitored in the scenario are not available (component errors) and those in which the scenario itself is not working correctly (for example, due to communication errors or an agent that is not running) (scenario errors). 444 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Availability Monitoring The following different scenarios exist for setting up GRMG monitoring: • Technical Customizing for monitoring a GRMG application You have a complete Java application with a built-in GRMG application (from SAP or programmed yourself) and want to activate the availability monitoring for Java/HTTP-compatible components or Java applications. Note: This process is suitable for consultants and customers who want to activate GRMG monitoring for an application that is already instrumented for monitoring with the GRMG. • Instrument the application for GRMG monitoring You have a Java component or applications for which you want to create GRMG monitoring. You need to store all of the information (host name, application, and so on) required for an automatic GRMG request in a GRMG Customizing file. Create the messages that are to be returned in the GRMG response and create a monitor definition in the CCMS Alert Monitor. Note: This process is primarily suitable for application developers working for customers or partners who want to equip their own components for GRMG monitoring. For more information about this, see the following sections. 2011 © 2011 SAP AG. All rights reserved. 445 Unit 8: Monitoring ADM800 Availability Monitoring of SAP NetWeaver AS Java and of Java Applications Figure 182: Availability Monitoring with the GRMG You can use a central monitoring system to monitor the availability selected components of an SAP solution with the GRMG. The GRMG is suitable both for technical monitoring and for application monitoring. GRMG availability monitoring uses functions of the CCMS monitoring infrastructure (SAP NetWeaver AS ABAP) to store the heartbeat information. The communication is performed using HTTP POST. Note: Heartbeat - A signal is sent by the software at regular intervals to communicate the availability (running/not running). GRMG monitoring is performed as follows: 1. 2. 3. 446 An XML message is sent from the GRMG infrastructure to the target system. The GRMG application on the target system performs all of the tests for the availability monitoring of the component to be monitored or the business process step. The results of these tests are collected in the GRMG application and combined as the GRMG response. The GRMG response is sent back to the GRMG infrastructure and is displayed in the Alert Monitor of the SAP NetWeaver AS ABAP as heartbeat information. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Availability Monitoring Setting Up Availability Monitoring Technically: 1. 2. 3. 4. Load the Application Server Java GRMG Monitoring Template from the SDN. Edit the tags scenstarturl and scendesc. Use transaction GRMG (central monitoring system) to upload the monitoring templates to the central monitoring system. Start the GRMG scenarios for availability monitoring Templates for availability monitoring are stored in the SDN http://www.sdn.sap.com/irj/sdn/operations. You can find these in the Knowledge Center in the area Monitoring → Enhancing your Monitoring Possibilities → GRMG Customizing Files. You can download the Application Server Java GRMG Monitoring Template here. If you unpack the .zip file, you get the file J2EE_630_Customizing.xml, which you can edit, for example, using an XML Editor. Under scenarios → scenario, you find the scenstarturl in which you maintain the host name and the HTTP port of the AS Java that is to be monitored. To display the SID or LongSid of the monitored system in transaction RZ20, enter the SID or LongSid and the host name under scenarios → scenario → scentexts → scentext → scendesc. Figure 183: Setting Up Availability Monitoring 2011 © 2011 SAP AG. All rights reserved. 447 Unit 8: Monitoring ADM800 You can use the Alert Monitor (transaction RZ20) to display availability data. In transaction RZ20, choose the SAP J2EE Monitor Templates monitor set. Start the Heartbeat monitor there. Figure 184: Availability (GRMG): Display in RZ20 If a scenario is running correctly, the components monitored by the scenario are displayed. For each monitored component, you can see the availability as a percentage, by default, averaged over the last 15 minutes, and the status with status messages that are returned by the GRMG application. To display the messages in the Alert Monitor, choose the Details button. If an error occurred in the scenario, the scenario would become red and the subtrees for the monitored components would appear colored white. 448 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Availability Monitoring Instrumenting Availability Monitoring for Java Applications The following process provides an overview of the steps required to instrument an application for availability monitoring with the GRMG. The following steps are a Roadmap for Developers: • • • Design your GRMG scenario (which applications, components, processes, and so on). Create the messages that are to be returned in the GRMG response. Create a template for the GRMG Customizing file. The GRMG Customizing file contains all information required about the scenario, the monitored components, and the parameters that are sent with the GRMG request for the components. • Implement the GRMG application. The GRMG application receives the GRMG request with all transferred parameters from the GRMG infrastructure, executes the availability checks, and returns the result to the GRMG infrastructure as the GRMG response. 2011 © 2011 SAP AG. All rights reserved. 449 Unit 8: Monitoring ADM800 Figure 185: Creating a GRMG Application Hint: Scenarios with different software components (especially if there are no active data suppliers available for these components) and Web-based business scenarios are typical examples of applications that you can usefully monitor with the GRMG. 450 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Availability Monitoring Exercise 22: Availability Monitoring Exercise Objectives After completing this exercise, you will be able to: • Configure availability monitoring with GRMG Business Example You are using SAP NW AS Java and want to be notified if a Java application or technical Java component is not running. In this case, it is useful to configure an availability check using GRMG. Task: Availability Monitoring On the central monitoring system that is used in your course, set up availability monitoring for the PAS instance of your AS Java. 1. Maintain the data for your AS Java that is to be monitored in the file J2EE_630_Customizing.xml of the Application Server Java GRMG Monitoring Template. For editing purposes, provide the file J2EE_630_Customizing.xml on a host where you have write authorization and where an XML Editor and an SAP GUI are available. The host on which your AS Java is running would be suitable, for example. 2. Start the manual upload of the GRMG customizing file for your central and dialog instance. Then check whether the scenarios that you have just loaded are visible in transaction GRMG. Start your scenarios only. Caution: Start the SAP GUI for Windows on the operating system of the host on which you edited the file J2EE_630_Customizing.xml. 3. 2011 Start your scenario in transaction GRMG and then check in the Alert Monitor (transaction RZ20), whether values are delivered. © 2011 SAP AG. All rights reserved. 451 Unit 8: Monitoring ADM800 Solution 22: Availability Monitoring Task: Availability Monitoring On the central monitoring system that is used in your course, set up availability monitoring for the PAS instance of your AS Java. 1. Maintain the data for your AS Java that is to be monitored in the file J2EE_630_Customizing.xml of the Application Server Java GRMG Monitoring Template. Continued on next page 452 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Availability Monitoring For editing purposes, provide the file J2EE_630_Customizing.xml on a host where you have write authorization and where an XML Editor and an SAP GUI are available. The host on which your AS Java is running would be suitable, for example. a) Log on to the operating system of the host on which your AS Java is running. b) Create a directory with the name temp if it does not exist already. c) In the temp directory, create a directory of the form <SID><##>_<instance number> (## stands for your group number) for the central instance and for the dialog instance of your AS Java. d) Copy the file J2EE_630_Customizing.xml from the directory GRMG, which is located on the training share in the course directory, to each of the directories created above. e) Switch to the directory that you created <SID><##>_<instance number> for the central instance. f) Use the XML-Notepad Editor to edit the file J2EE_630_Customizing.xml. g) Now choose scenarios → scenario in the structure and maintain the name of the host and port on which your AS Java is running for the values from scenstarturl. Replace [host] with the host name, for example, twdfSSSS.wdf.sap.corp) and [port] with the HTTP port of the central instance, for example 50000. Save your entry. h) For scenversion enter your group number added by 1 with three digits, for example if your group number is 23, enter 024 as scenversion i) Now choose scenarios → scenario → scentexts → scentext in the structure and enter values for the LongSid in the form <SID><##>_<instance number> (## stands for your group number, for group 33, for example, P7T33_00 for instance 00) of your AS Java system in the scendesc field. Replace [SysID] and [host] with your own values. Save your entry. j) 2. Start the manual upload of the GRMG customizing file for your central and dialog instance. Then check whether the scenarios that you have just loaded are visible in transaction GRMG. Start your scenarios only. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 453 Unit 8: Monitoring ADM800 Caution: Start the SAP GUI for Windows on the operating system of the host on which you edited the file J2EE_630_Customizing.xml. 3. 454 a) Log on to the operating system of your training system and start the SAP GUI there. Log on to the Solution Manager system of your course. Your instructor will give you the required data. b) Call transaction GRMG and use Upload/Download → Upload scenario to upload the file J2EE_630_Customizing.xml for your central instance and dialog instance from the directories that you created (<SID><##>_<instance number>). Start your scenario in transaction GRMG and then check in the Alert Monitor (transaction RZ20), whether values are delivered. a) In transaction GRMG, select your scenario and use Start to start it. b) Now open transaction RZ20 and navigate to SAP J2EE Monitor Templates → Heartbeat → J2EE Engine. There you see the availability information of your instance. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Availability Monitoring Lesson Summary You should now be able to: • Describe how an availability check using the GRMG works technically • Configure an availability check 2011 © 2011 SAP AG. All rights reserved. 455 Unit 8: Monitoring ADM800 Lesson: Log Viewer and Log Configuration Lesson Overview Logging and tracing are important functions in the context of error analysis. You can configure the level of detail in which information is written to log files. You can access all log files with the Log Viewer. Lesson Objectives After completing this lesson, you will be able to: • • • Use the Log Viewer Explain the difference between logging and tracing Execute log configuration Business Example You are working with SAP NetWeaver AS Java and want to know more about the options for configuring and evaluating log files. Since a great deal of log information is created in the SAP NetWeaver AS Java environment, it is important to be familiar with a tool that displays the log files. Log and Trace Files All Java nodes write log and trace information to files in the file system. These files are formatted in a special way. This formatting makes it possible to use filters to hide or display specific entries when viewing the files in a Log Viewer. The files which possess this formatting are known as “ListLog”s. The entries in the ListLogs also contain a Severity field which indicates the weighting of the entry. Some of the ListLogs are listed in the figure “ListLogs in the File System”. For each Java server process, there is a separate directory named “log” in the file system under which the files for the node are stored. A basic distinction is made between log and trace files. Log files are sometimes also referred to as logging files. The trace files comprise only files with the name default.<xx>.trc where the <xx> stands for the node number and <x> for a sequential number. The trace files which are discussed here should not be confused with other “trace” files such as the developer traces. The log files include the other files displayed in the figure. 456 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration Figure 186: ListLogs in the File System Log files are displayed in the Log Viewer. There are two types of log files: logging and trace files. The following distinction is made between logging and tracing. Logging means: • • • Recording normal and exceptional events Runtime information of a system or an application is written to log files Active during normal operation Tracing means: • • • Recording the process flow of an application Use during development and for error detection in the production environment All traces are stored in the default.<xx>.trc files The Log Viewer To ensure stable operation, the log and trace files should be regularly checked for error messages. 2011 © 2011 SAP AG. All rights reserved. 457 Unit 8: Monitoring ADM800 SAP provides a mechanism for the automatic analysis of log and trace files. You can evaluate and monitor the log files in two ways: • Central monitoring with SAP NetWeaver AS ABAP If you are using an SAP NetWeaver AS ABAP that is acting as a central monitoring system, you can also use the standard monitoring methods of the ABAP environment. You can use the CCMS to search the log files every minute for predefined search patterns. If the agent finds a pattern, it reports an alert in the central monitoring system. The administrator can be notified from there on the basis of the alert. • Monitoring with the infrastructure of SAP NetWeaver AS Java (Log Viewer) Note: This lesson focuses on monitoring with SAP NetWeaver AS Java and the related infrastructure. The logging/tracing infrastructure is described in more detail in the following sections. The Log Viewer is always used to display log and trace files, irrespective of whether they are created by the kernel, services, libraries, or applications. The log files for all server nodes can be combined. The Log Viewer can search log files for entries that have a specific weighting (severity). You can use the Log Viewer in the following variants: • As Log Viewer in the SAP NetWeaver Administrator – • Log and trace files for the runtime environment and the running applications are automatically registered – Predefined views are supplied – You can create and save user-defined views As Log Viewer in the SAP MC – • Log and trace files for the runtime environment and the running applications are automatically registered – Log and trace files can also be displayed when the system is stopped. Command Line Log Viewer – – – Displays only local log files Can be activated during the deployment of applications Converts binary data to a readable format Note: This lesson focuses on the Log Viewer in the NWA and in the SAP MC. The Log Viewer in the SAP NetWeaver Administrator The Log Viewer runs as a service in SAP NetWeaver AS Java. As soon as the SAP Logging API is aware of a new log, the log is automatically included and you can display it in the Log Viewer. 458 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration Figure 187: Log Viewer in the NWA: Predefined Views The log and trace files are automatically registered when SAP NetWeaver AS Java is started so that they can be displayed using the above-mentioned. Log Viewer variants. In the NWA, you can call the Log Viewer via the following path Troubleshooting → Logs and Traces→ Log Viewer. Multiple predefined views are available (figure: Log Viewer in the NWA: Predefined Views) and you can also save your own user-defined views. The predefined views do not usually display all the log and trace entries. Instead these are restricted by filters in the views themselves. • SAP Logs Shows log entries but no trace entries • Developer Traces Shows defaulttrace entries but no log entries. • Expert Shows all log and trace entries without restriction • Security Shows the security log • Unstructured Log Files Shows file contents which are not of type “ListLog” 2011 © 2011 SAP AG. All rights reserved. 459 Unit 8: Monitoring ADM800 You can use the Show Advanced Filter button to activate further restrictions to the selected view by means of filters and save this as a user-defined (Custom) view. For more information, see the figure “Log Viewer im NWA: Filters”. Figure 188: Log Viewer in the NWA: Filter Use the Show Advanced Filter to show the Filter by Content area. You can create multiple filter with the <Select Filter> button. If you filter by Log Source you can restrict the view to different instances or individual nodes. The filter Log file named enables you to filter for special data sources like defaulttrace, security_audit and so on. Other filter of interest here may be, for example, Message, Date and Time, User, Category, Location. The filtered view which has been fine-tuned in this way can then be stored as a custom view. If you want to delete a filter, select the filter and use the trash can for deletion. If you identify an entry for which you want to see the associated messages (possibly from other files or related log and trace information) then it is often useful to filter for the Related Logs. You can use View → Customize Layout to display further log attributes as columns. In the Details column, you can activate or deactivate the details of an entry. The Expert View You can use Log Format to choose between ListLog and TextFormat. If you choose the ListLog restriction, then both trace and log data is available for display. This log and trace data is stored in different files as already discussed at the start of 460 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration the lesson (see also figure: “ListLogs in the File System”). You can use the Log file named to select a file whose data is to be displayed. If, as in the predefined views, you want to display the combined data from all the ListLogs then you should select Merge Logs if Possible. If you use Log File named then you can specify name patterns of the files from which data is to be included or excluded. Thus, “Log Format equals ListLog” together with “Log file named as DefaultTrace*” and “Merge Logs if Possible” yields the same result as the predefined Developer Trace view. If you want to see the data as in the SAP Logs view, you should instead simply choose “Log file named different from DefaultTrace*”. Files in text format cannot be combined using Merge Logs if Possible. If you choose TextFormat, then you can, for example, also display files such as the dev_server# file. Hint: If you only select Merge Logs if Possible and do not specify any further restrictions then you can use “Display Log File” to select a combination of all the log and trace files or the individual text format files. Log Viewer in the SAP MC The Log Viewer in the NWA can only be used if the AS Java is running. With the Log Viewer in the SAP MC, you have the option of displaying and filtering the logs if the AS Java system is not started. Figure 189: Log Viewer in the SAP MC: Analyse Log Files 2011 © 2011 SAP AG. All rights reserved. 461 Unit 8: Monitoring ADM800 You can right-click and use the menu entry Analyse Log Files to display the logs in the SAP MC system-wide or per instance. This displays the ListLogs and the developer traces from the work directory. You can restrict to a defined period of time or to severities. The severities “All”, “Warning” and “Error” are provided for this. If the severity “Error” is selected, this means that severities of the type “Error” are displayed (“Fatal” for fatal severities, for example). The displayed data can be filtered for the different fields. Note that a distinction is made between uppercase and lowercase in the search. If you only want to search for part of a text, you may have to enter “*” as a wild-card character at the start or end of the filter. You can filter using “<” (less than), “>” (greater than) and “!” for “not equal to” for numeric values. Click the field name to sort the fields. Choose Ctrl for multiple filtering. “Regular Expressions” can also be used as filters; they are introduced with “regex:”. You can restrict to the ListLogs using the expression regex:(.*log)|(.*trc) as a filter for “File Name” and the developer traces are hidden. Use the following URL for more information about the “Regular Expressions”:http://download.oracle.com/javase/1.5.0/docs/api/java/util/regex/Pattern.html You can select and display individual logs in the instance node under Log Files. Snapshots Information is written from the SAP MC to a “.zip” file using snapshots. This file contains selected information about the system status including parts of developer traces and ListLogs. A snapshot can be sent to SAP for error analysis, for example, or can be included in an SAP MC or SAP MMC for later error analysis. Figure 190: Log Viewer in the SAP MC: Snapshot You can include the snapshot in an SAP MC using the menu File → Load snapshot. 462 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration In a snapshot, information about the instances or the system can be displayed as it existed at the time of the snapshot. The developer traces and ListLogs included in the snapshot can be displayed and evaluated using Log Files. Filters can be set to the columns in the snapshot under Analyse Log Files. The evaluation settings (Severity, Time, Entries) can no longer be changed in the snapshot. Snapshots can be generated at system and instance level. This can be done by right-clicking and selecting Create snaphot. Logging and Tracing There are two types of log files: files for logging, and files for tracing. Logging means: • • • • • Recording normal and exceptional events Runtime information of a system or an application is written to log files Active during normal operation Logs are structured into categories, which are logical areas/topics. Predefined categories are: – System (Server, Network, Database, Security) – Application – Performance Each category points to one or more log destinations (storage locations in the file system) Tracing means: • • • • Recording the process flow of an application Use during development and for error detection in the production environment All traces are stored in the log destination defaultTrace_x.trc Traces are structured into locations. Note: Locations represent defined coding areas such as classes or software packages. The traces and logs are displayed in the logging/tracing infrastructure. The logging/tracing infrastructure for SAP NetWeaver AS Java consists of: • • • 2011 consisting of: SAP Logging API, Log Manager, Log Controller is configured via: Log Configurator service is displayed in: Log Viewer © 2011 SAP AG. All rights reserved. 463 Unit 8: Monitoring ADM800 SAP Logging API, Log Manager The SAP Logging Infrastructure consists of the SAP Logging API and the Log Manager. The Log Manager is responsible for writing the log and trace files. The Log Manager writes the log information of the system or an application to a log file in accordance with the severity. The Log Manager is a central manager in the structure of a JEE server. This manager is the first manager that is started. The storage location for all logs and traces is configured here. All log and trace files of an instance are written to the directory J2EE-Root/cluster/Server<Nr>/log (for example, /usr/sap/<SID>/<Instanz>/j2ee/cluster/server0/log). The entries of the log and trace files have different severities (Severity). This means, for example, that the system writes only errors, only errors and warnings or all information in debug mode to a log or trace file. Configuration of Logs and Traces in the Log Configurator Service In the NWA, you can carry out the logging/tracing configurations for components of the SAP NetWeaver AS Java and deployed applications under Troubleshooting → Logs and Traces → Log Configuration. You can carry out the following actions in the Config Tool under Log Configuration: • • • Change severity (in the Config Tool and NWA) Add, change, and delete log destinations (storage location) (Config Tool) Add, change, and delete log formatters (Config Tool) Hint: You usually only need to change the severities. All other settings are intended for experts. You can configure log destinations for categories (log files) and locations (trace files). A log destination allows you to determine where (size and number) the log/trace files are stored. Log formatters are formatters for files in different formats such as XML, trace, and list format. Changing Severities Severities can be set for the individual categories and locations. These severities control which messages are logged to the ListLogs. Only messages that have the same severity or higher are logged. If, for example, the severity “ERROR” is set 464 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration for a location, all messages with the severity ERROR, WARNING or NONE are logged. To analyze problems, the severities can be adjusted to a lower severity for the category or location in question in order to find more detailed information in the ListLogs. The following severities exist: • • • • • • • • ALL (Low) DEBUG PATH INFO WARNING ERROR FATAL NONE (High) The default for locations is usually ERROR and the default for categories is usually INFO. With the SAP NetWeaver Administrator, you can change the settings for the categories (logs) and locations (traces) severities in the same way as with the Config Tool. There is a separate view for both the categories and the locations and the severities can be adapted in these views. In the NWA, you are taken to the log configuration via Troubleshooting→ Logs and Traces → Log Configuration. Here you can select whether you want to set severities for categories or locations. Use the filter option to locate the required locations or categories quickly. 2011 © 2011 SAP AG. All rights reserved. 465 Unit 8: Monitoring ADM800 Figure 191: Severities in the NWA In the lower log configuration area, you can switch between the System Configuration and Per Instance Configuration tabs (figure: “Severities in the NWA”). In the System Configuration, you see the storage location defined under Log Destination and the name of the file to which the entries are written. You can use the Per Instance Configuration view to set other severities for individual instances. If different severities were set for instances, then “n/a” is displayed as severity in the upper frame. Severities can also be copied to subordinate nodes. If you want to reset a category or location to the value shipped by SAP then you can do this using the Reset Category or Reset Location button respectively. 466 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration Figure 192: Severities in the Config Tool The severities can also be adjusted in the Config Tool. You can do so in the template settings or instance-specifically. You can find the severities for the categories in the template in the Config Tool, for example, via cluster-data → template → log configuration → categories. The storage locations (log destinations) are specified for the categories as with the log configuration in the NWA. There is only one log destination for the location, namely “default_trace”. You can also adjust the severities in Log Destinations. They specify the minimum severity that a message must have to be allowed into the destination. The severities for the locations and categories control which messages are issued from the applications and system components and, at destination level, there is another mechanism that controls which messages are allowed into the destination. The severity “ALL” is usually set for the destination delivered by SAP. The figure “Logging API Logic” illustrates this fact. 2011 © 2011 SAP AG. All rights reserved. 467 Unit 8: Monitoring ADM800 Figure 193: Logging API Logic Adjusting Log Destinations In the Config Tool, you can find the destinations under log configuration. You can create new destinations or change existing destinations there. You make settings for the storage locations are made in the Pattern. You can also maintain the log formats (field Formatter) and filter settings here. Note: If you are creating a new log destination, you should define the file type. There are two file types, FileLog, and ConsoleLog. In the case of FileLog type, it is also necessary to make the following specifications: Pattern, Maximum File Size and Number of files. You usually only need to adjust log destinations if, for example, you are working with the UNIX operating system and want to view log files on the console. In this case, you need to change the log format to ConsoleLog. Log formatters are directly connected to LogDestinations. Adjusting Log Formatters In the Config Tool, you can see the Formatters under log configuration; you can change existing log formatters there. You need to maintain the fields Pattern and Type. SAP delivers the Types ListFormatter, TraceFormatter, and XMLFormatter. ListFormatter means that the log entry can be processed by an application 468 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration such as the Log Viewer. XMLFormatter outputs an element in the XML style. TraceFormatter is a formatter that can be read by users. Only with TraceFormatter can you maintain the second field Pattern. Hint: It is not usually necessary to maintain log formatters, since SAP delivers the appropriate log formatters. log archiving The Log Manager provides the Log Archiving option. Log files are automatically archives at specific intervals. You activate this function via the Config Tool (managers → Log Manager). Change the parameter ArchiveOldLogFiles to the value ON. By default, the archives are stored on the SAP NetWeaver AS in the directory J2EE-root-directory/cluster/<server>/log/archive(for example, /usr/sap/<SID>/<instance>/j2ee/cluster/server0/log/archive). The parameter ArchivesDirectory defines the storage location of the archives. The archives themselves are not automatically deleted. You need to do this manually. 2011 © 2011 SAP AG. All rights reserved. 469 Unit 8: Monitoring 470 ADM800 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration Exercise 23: Log Viewer and Log Configuration Exercise Objectives After completing this exercise, you will be able to: • View log files in the Log Viewer • Change the severity in the Log Configuration Business Example You are working with SAP NetWeaver AS Java and want to know more about the options for configuring and evaluating log files. Since a great deal of log information is created in the SAP NetWeaver AS Java environment, it is important to be familiar with a tool that automatically displays the log files for stable operation. Task 1: Custom Views in the NWA Log Viewer Create your own view in the NWA Log Viewer. 1. Log on to your system's NWA and switch to the Log Viewer. 2. Select the Expert view and create your own filter which provides you with information about the SLD. Save these settings as a custom view. 3. Add the columns Data Source, User, System, and Instance to this view. Task 2: Troubleshooting with the Log Viewer in the NWA Use the Log Viewer to search for messages with the severity Error in the NWA. 1. Create a new view. To do this, use the view created in the previous task as a template and name it, for example, my Expert Error. 2. Create a filter which supplies all the entries in which Error occurs in the Severity column. 3. Determine from which Location the message originates. 4. Determine from which node the message was reported. Task 3: OPTIONAL: UME Security Audit Log Evaluate the Security Audit Log 1. Evaluate the entries in the Security Audit Log (using a tool of your choice). Continued on next page 2011 © 2011 SAP AG. All rights reserved. 471 Unit 8: Monitoring ADM800 Task 4: Log Configuration in the NWA You found an error message in the previous task. Set the severity to Warning for the location from which the problem was reported. 472 1. In the NWA, go to Log Configuration 2. Choose the appropriate view (Tracing Locations). 3. Use the filter to find the location. 4. Change the Severity from Error to Warning and save your input. 5. Check whether additional information is written to the log and trace files. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration Solution 23: Log Viewer and Log Configuration Task 1: Custom Views in the NWA Log Viewer Create your own view in the NWA Log Viewer. 1. 2. 3. Log on to your system's NWA and switch to the Log Viewer. a) In the browser, start the URL http://<rechner>:<port>/nwa . b) Navigate to Troubleshooting→ Logs and Traces → Log Viewer. Select the Expert view and create your own filter which provides you with information about the SLD. Save these settings as a custom view. a) In the Log Viewer choose View → Open Expert View. b) Open the Filter view with Show Advanded Filter. c) Select Merge Logs if Possible and confirm the filter with Apply Filters. d) Set the Filter Log Format. If equals ListLog has not yet been selected, make sure that it is entered. Confirm the filter with Apply Filters. e) Select the Message filter and filter by contains SLD. Choose Apply Filters. You can find information about, for example, when data was last sent to the SLD (LastSendInfo) or an error occured. f) Save this view under a descriptive name, for example, myExpert SLD by choosing View → Save View As .... Add the columns Data Source, User, System, and Instance to this view. a) Choose View → Customize Layout. b) Select the above-mentioned columns in addition to those that are already selected and choose OK. c) Save your view. Task 2: Troubleshooting with the Log Viewer in the NWA Use the Log Viewer to search for messages with the severity Error in the NWA. 1. Create a new view. To do this, use the view created in the previous task as a template and name it, for example, my Expert Error. a) In the NWA, switch to your view from the previous task. b) Create a new view by choosing the button Save View As ... Continued on next page 2011 © 2011 SAP AG. All rights reserved. 473 Unit 8: Monitoring 2. 3. ADM800 Create a filter which supplies all the entries in which Error occurs in the Severity column. a) Create a new filter for the search of the severity Error and delete the entry for Message. b) Choose the “Apply Filter” button to apply the modified filter. You will definitely find messages with the severity Error. c) Save your settings. Determine from which Location the message originates. a) 4. You can find information about the location in the column Location or in the Details. Determine from which node the message was reported. a) In the Detail, there are entries that you can use to determine from which instance and which node the message was written. Task 3: OPTIONAL: UME Security Audit Log Evaluate the Security Audit Log 1. Evaluate the entries in the Security Audit Log (using a tool of your choice). a) Start (with your course user) a tool for evaluating logs (for example, the NWA). b) Open the file \usr\sap\<SID>\<instance_number>\j2ee\cluster\server<X>\log\system\security_audit_##_#.log for all the server processes in your Java cluster. The displayed entries allow you to identify who performed what operation and when. Task 4: Log Configuration in the NWA You found an error message in the previous task. Set the severity to Warning for the location from which the problem was reported. 1. In the NWA, go to Log Configuration a) 2. Switch to Troubleshooting → Logs and Traces → Log Configuration Choose the appropriate view (Tracing Locations). a) In the previous task “Troubleshooting with the Log Viewer in the NWA”, we saw that we are dealing with trace information and we therefore choose Tracing Locations Continued on next page 474 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Log Viewer and Log Configuration 3. Use the filter to find the location. a) Use Open Filter to open the filter. b) Enter the complete location from task 2 in the search field and choose Apply Filter. Here you find the set severity for the location. 4. Change the Severity from Error to Warning and save your input. a) 5. Check whether additional information is written to the log and trace files. a) 2011 You may have to scroll down a little in the top window. The location should already be visible. In the top window, click on Severity and select Warning. Choose Save Configuration to save the new severity level. Proceed as you did with task 2. © 2011 SAP AG. All rights reserved. 475 Unit 8: Monitoring ADM800 Lesson Summary You should now be able to: • Use the Log Viewer • Explain the difference between logging and tracing • Execute log configuration 476 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to Monitoring Using SAP Solution Manager Lesson: Introduction to Monitoring Using SAP Solution Manager Lesson Overview This lesson will introduce the technological prerequisites for some monitoring/analysis options offered by SAP Solution Manager, based on the software release SAP Solution Manager 7.1 as available since Q4 of 2011. Lesson Objectives After completing this lesson, you will be able to: • list technical components required for different monitoring capabilities of SAP Solution Manager 7.1 Business Example You are interested in an short overview of the technical prerequisites of some monitoring/analysis functions offered by SAP Solution Manager 7.1. Monitoring and Analysis Functions of SAP Solution Manager 7.1 and CCMS - what's the Connection? In the recent years, SAP Solution Manager experienced quite some evolution. With SAP Solution Manager 7.1, the monitoring and analysis functions have been significantly expanded and have been based upon a new technical infrastructure. However, some fundamental questions around monitoring never change: 1. 2. 3. What data is collected? Where is the collected data stored (initially)? How is this data collected? How is the data transferred to the tool of analysis? Are special transfer options available? What tool is being used for data display and/or data analysis? If you have already worked with monitoring functions offered by the Computing Center Management System (CCMS), then you already know the answers to the fundamental questions given above. What data is collected? Where is the collected data stored (initially)? How is this data collected? Data is collected via differently implemented “data collectors”, only data for which data collectors exist, can be collected. The data is initially stored in monitoring segments, attached to each instance. 2011 © 2011 SAP AG. All rights reserved. 477 Unit 8: Monitoring ADM800 How is the data transferred to the tool of analysis? Are special transfer options available? Data is transferred to the central monitoring system (CEN) via RFC connections. Those RFC connections might point to instances of SAP systems based on AS ABAP or they may point to the so called “CCMS agents”, in systems based on SAP NetWeaver 7.1 and higher being replaced by “SAPSTARTSRV”. What tool is being used for data display and/or data analysis? Data collected by the CCMS can be displayed via transaction RZ20. For SAP Solution Manager 7.1 you need to be aware that the scope of metrics that can be monitored/analysed is not restricted to the metrics collected and stored by CCMS. SAP Solution Manager (7.1) can display additional data that doesn't origin in CCMS, this means... ... there are additional ways of collecting and storing data ... there are additional modes of data transfer between “place of origin” and SAP Solution Manager ... there are additional tools for displaying/analysing the collected information Note: Please be aware of the fact that because SAP Solution Manager uses largely its own infrastructure for data collection, storage and display, there are virtually no negative effects between using the advanced monitoring capabilities of SAP Solution Manager and the traditional monitoring functions of CCMS in parallel. Because you would like to avoid duplicate efforts, it is very unlikely that you will be using such a setup. However, you should know that, technically, there is no negative impact known. SAP Solution Manager is capable of collecting data from monitoring segments managed by CCMS and to transfer the data to its own data storage facilties. This data will be displayed using the graphical functions offered by SAP Solution Manager (instead of using RZ20) and can be analysed by the functions offered by SAP Solution Manager. A lot of addtional monitoring and analysis functions are available in SAP Solution Manager. 478 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to Monitoring Using SAP Solution Manager Technical Prerequisites for selected Monitoring and Analysis Capabilities of SAP Solution Manager This section will list some Monitoring and Analysis capabilities of SAP Solution Manager and their technical prerequisites. Some of the following information is valid since many years, some information only applies to SAP Solution Manager 7.1. Caution: The content of this section is VERY high-level and of an introductionary character. For further insight, it is required to extensively study the recommended courses, listed below. Caution: Virtually all functions introduced in this lesson require that your SAP Solution Manager system has been set up “fundamentally” using transaction SOLMAN_SETUP. Therefore, this requirement is only given once, in this place. Note: Please be aware, this lesson focuses on an introduction to some technology-related topics. License- or maintenance contract-related topics won't be covered here. E.g. some of the functions described might require that your company makes use of SAP Enterprise Support. Technical Requirements for using Metrics Monitoring SAP Solution Manager 7.1 offers the monitoring of many different attributes of SAP and non-SAP systems within your system landscape. These attributes will be labelled as “metrics” in the following. For being able to monitor many different metrics and for making full use of the monitoring capabilities of SAP Solution Manager 7.1, it is necessary to configure SAP Solution Manager and the remote system accordingly. Remote systems are also named “managed systems” or “satellite systems”. SAP Solution Manager is sometimes labelled as “managing system”. 2011 © 2011 SAP AG. All rights reserved. 479 Unit 8: Monitoring ADM800 Figure 194: Technical Requirements for using Metrics Monitoring • • • • • • Find more documentation at https://service.sap.com/diagnostics. Please read SAP Note 1478974: Diagnostics in SAP Solution Manager 7.1 Please read SAP Note 1483508: Solution Manager 7.1: Root Cause Analysis pre-requisites for requirements on SAP Solution Manager and Managed Systems. Please read SAP Note 1612514: Solution Manager 7.1 SP Stack 3: recommended corrections Open the document named Managed System Configuration with 7.1 under the header 7.1 (NEW) at https://wiki.sdn.sap.com/wiki/display/SMSETUP/Home. Have a look into the document named End-to-End Root Cause Analysis Systems Landscape Setup Guide that can be found in the Media Library at https://service.sap.com/diagnostics. Technical Requirements for Monitoring AS Java Using Wily Introscope SAP Solution Manager can collect, display and analyze many metrics collected from AS Java. Fundamentally, you need to implement the following software components: 480 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to Monitoring Using SAP Solution Manager Solution Manager Diagnostic Agent (SMD Agent or Diagnostics Agent) The Solution Manager Diagnostics Agent (SMD Agent or Diagnostics Agent) is the remote component of the End-To-End Root Cause Analysis. It allows to perform a connection between SAP Solution Manager and the managed system and to gather information from the remote system. It needs to be installed once per virtual host (for each “host name” a separate SMD Agent is required). One agent per host supports several managed systems running on the same named host. SAP Host Agent SAP Host Agent is component responsible for the monitoring of the host/operating system. It is installed once per physical host (to be monitored). Wily Introscope Bytecode Agent The Wily Introscope Bytecode Agent (sometimes named (Wily Introscope) Java Agent) is the component of Introscope that collects performance data from your applications running on Java Virtual Machines (JVMs), and sends it to the Introscope Enterprise Manager. It can be deployed to the remote AS Java from within SAP Solution Manager with the help of Solution Manager Diagnostics Agent. Figure 195: Technical Requirements for Monitoring AS Java Using Wily Introscope For more information, please refer to the following: 2011 © 2011 SAP AG. All rights reserved. 481 Unit 8: Monitoring ADM800 On Solution Manager Diagnostic Agent • • • Please read SAP Note 1365123: Installation of Diagnostics Agents and the attached document, named AgentInstallationStrategy.pdf. Please read SAP Note 1448655: Inst. 7.30 - Diagnostics Agent installation and the attached document, named 730_Diag_Agent_Setup_Guide.pdf. Please read SAP Note 1631978 : SAP Solution Manager Diagnostics Agent error : "Metric Limit exceeded: 1000. On Wily Introscope • • • • Please read SAP Note 797147: Wily Introscope Installation for SAP Customers Please read SAP Note 1273028: Introscope 8 Release Notes Please read SAP Note 1280961: SAP Extended Diagnostics by CA Wily Please read SAP Note 1579474: Management Modules for Introscope delivered by SAP On SAP Host Agent • • Please read SAP Note 1031096: Installing Package SAPHOSTAGENT and the document attached to this note, named Installation_SAPHOSTAGENT.pdf. Please read SAP Note 1473974: Using the SAP Host Agent Auto Upgrade Feature and the attached document, named SAPHostAgent-AutoUpgrade.pdf. Technical Requirements for using Early Watch Alert and related Services For being able to make use of Early Watch Alert and some other services offered by SAP, the involved SAP systems need to fulfill some requirements. 482 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to Monitoring Using SAP Solution Manager Figure 196: Technical Requirements for using Early Watch Alert and related Services Technical Requirements for Early Watch Alert and other Services On the System to be Analysed • • • • Software Component ST-PI needs to be available (already included into many SAP products) Software Component ST-A/PI needs to be available (usually needs to be applied) SAP Note 91488: SAP Support Services - Central preparatory note needs to be followed SAP Note 69455: Servicetools for Applications ST-A/PI (ST14, RTCCTOOL, ST12) needs to be followed On the SAP Solution Manager • • • 2011 Software Components ST-PI and ST-SER need to be available (already included in SAP Solution Manager) Software Component ST-A/PI needs to be available (already included in SAP Solution Manager 7.1) SAP Note 1257308: FAQ: Using EarlyWatch Alert needs to be followed © 2011 SAP AG. All rights reserved. 483 Unit 8: Monitoring ADM800 Technical Requirements for using End-User Experience Monitoring SAP End User Experience Monitoring (EEM) collects information on the “real” and “subjective” system behavior as experienced by human end users. SAP EEM provides information on availability and performance of real applications as experienced by end users in the same location. For example, while working on the same SAP system, the creation of an customer order might take considerably longer from one location of your company (e.g. Sidney), whereas the same activity takes almost no time from another location (e.g. Tokyo). EEM captures this subjective system behavior. This collected information can help tremendously in root cause analysis of performance problems. For example, you can easily see if an unwanted system behavior can be observed globally or only from one location. Technically, SAP EEM relies on EEM robots to execute predefined scripts for “simulating” realistic end user activities. Please note, that this “simulated” work is actually carried out in the back end system. So, no “dummy-activities” take place, but REAL system interaction. EEM robots can carry out scripts describing activities via HTTP or in SAP GUI. You can create your own scripts via a script recorder. For implementing SAP End User Experience Monitoring (EEM) you need to install EEM robots - which are in fact Solution Manager Diagnostics Agents (SMD agents) - at the locations to be monitored. Usually, it suffices to install an EEM robot on an individual machine per location. SAP Solution Manager serves as the back end for SAP EEM. It is recommended to install standalone SMD-agents (>=7.20) that are running on SAP JVM. For this, please follow the instructions in SAP Note 1368413: Inst. 7.20/7.12 Diagnostics Agent installation. Attached to this note, you can find a guide that describes how to download the Standalone Diagnostics Agent 7.20 DVD. 484 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to Monitoring Using SAP Solution Manager Figure 197: Technical Components required for SAP End User Experience Monitoring You can find more information on SAP EEM at the following location on SDN http://wiki.sdn.sap.com/wiki/display/EEM/Home. Technical Requirements for using BMC AppSight for SAP Client Diagnostics BMC AppSight for SAP Client Diagnostics helps in diagnosing front end related problems. This software records activitiy on the front end according to a Recording Profile (which is provided in a file of type *.RPR) in a so-called AppSight Log file (of type *.ASL). The recording activities are conducted by a software installed on the front end to be analysed, this software is called “Black Box” and is part of the BMC AppSight for SAP Client Diagnostics software package. Because personal data can be recorded, you need to consider SAP Note 1034760: Privacy Concerns when recording a problem using BMC AppSight. The following SAP Notes and other information sources will be also of interest for you, if you intend to use BMC AppSight for SAP Client Diagnostics: SAP Note 1034901: Installation of "BMC AppSight for SAP Client Diagnostics" 2011 © 2011 SAP AG. All rights reserved. 485 Unit 8: Monitoring ADM800 SAP Note 1034902 : FAQ: BMC AppSight for SAP Client Diagnostics SAP Note 1038811: BMC AppSight Recording Profile Templates for SAP Client Apps SAP Note 1034760: Privacy Concerns when recording a problem using BMC AppSight SAP SDN Link: http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/17742 A blog titled Quick start to BMC AppSight for SAP Client Diagnostics 486 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Introduction to Monitoring Using SAP Solution Manager Lesson Summary You should now be able to: • list technical components required for different monitoring capabilities of SAP Solution Manager 7.1 Related Information • SAP Courses: SM100 - SAP Solution Manager Configuration for Operations E2E100 - E2E Root Cause Analysis E2E120 - Technical Monitoring in SAP Solution Manager 7.1 ADM106 - SAP System Monitoring Using CCMS I ADM107 - SAP System Monitoring Using CCMS II 2011 © 2011 SAP AG. All rights reserved. 487 Unit Summary ADM800 Unit Summary You should now be able to: • Describe the monitoring infrastructure • Display monitoring data in the SAP NetWeaver Administrator (NWA) • Make threshold value settings in the NWA • Monitor Java instances in the central monitoring system • Explain which configuration steps are required to be able to maintain the threshold values for Java instances from the central monitoring system • Describe how an availability check using the GRMG works technically • Configure an availability check • Use the Log Viewer • Explain the difference between logging and tracing • Execute log configuration • list technical components required for different monitoring capabilities of SAP Solution Manager 7.1 488 © 2011 SAP AG. All rights reserved. 2011 ADM800 Test Your Knowledge Test Your Knowledge 1. Which actions are possible using the Monitor Browser in the NWA? Choose the correct answer(s). □ □ □ □ 2. A B C D Changes to threshold values Delete history values Cross-system monitoring Display monitoring data for Java instances Trace information is only important for the administrator. Determine whether this statement is true or false. □ □ 2011 True False © 2011 SAP AG. All rights reserved. 489 Test Your Knowledge ADM800 Answers 1. Which actions are possible using the Monitor Browser in the NWA? Answer: A, D The tasks of the Monitor Browser are to change threshold values, and display collected monitoring data. 2. Trace information is only important for the administrator. Answer: False Trace information is often used to identify problems during development, and provides developers with detailed information about an error that has occurred. 490 © 2011 SAP AG. All rights reserved. 2011 Unit 9 Software Maintenance Unit Overview For every type of software, there are corrections that must be installed. This unit provides an overview of the update of AS Java-based SAP systems. The tools for incorporating the corrections are introduced. The support and maintenance of an SAP system includes the execution of backups on a regular basis. This unit explains which components should be taken into account when backing up. Unit Objectives After completing this unit, you will be able to: • • • • • Explain the concept of maintenance certificates Describe a maintenance transaction Call the Java Support Package Manager (JSPM). Import Support Packages and Support Package Stacks for SAP NetWeaver AS Java 7.1x-based systems. Explain which regular backups are required for the SAP NetWeaver AS Java. Unit Contents Lesson: Preparation for Software Maintenance ............................492 Exercise 24: Execute a Maintenance Transaction .....................503 Lesson: Importing Corrections ................................................509 Exercise 25: Importing Corrections ......................................521 Lesson: Backing Up AS Java .................................................530 2011 © 2011 SAP AG. All rights reserved. 491 Unit 9: Software Maintenance ADM800 Lesson: Preparation for Software Maintenance Lesson Overview This lesson discusses the use of the SAP Solution Manager - Maintenance Optimizer (MOpz) to request Support Packages within a maintenance transaction. Lesson Objectives After completing this lesson, you will be able to: • • Explain the concept of maintenance certificates Describe a maintenance transaction Business Example You want to import Support Packages into your SAP system. You want to request these with the help of your Solution Manager Maintenance Certificates A maintenance certificate enables the SAP software logistics tools (for example, SPAM, SAINT, and JSPM) to identify the system to be maintained and to determine the extent of maintenance required. It is also used to ensure that only customers with a valid maintenance contract can perform the relevant maintenance transactions. Hint: As of January 2009, the software logistics tools can only maintain a system if a valid maintenance certificate is available. As of SPAM/SAINT Version 7.00/0034, a valid maintenance certificate is a prerequisite for importing Support Packages. Hint: All SAP products based on SAP NetWeaver AS ABAP 7.0 and higher require a maintenance certificate. Maintenance certificates are valid for a period of three months, after which time they must be renewed. To keep costs to a minimum, a SAP Solution Manager system can be used to automate the process of generating maintenance certificates. For this purpose, a SAP Solution Manager system must have release 7.0 and Support Package Stack level 16 or higher (recommended: 18). Hint: The SAP Solution Manager system requires a connection to SAP Service Marketplace and to the SAP system to be patched. 492 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparation for Software Maintenance If these connections are not possible (for example, for security reasons), the maintenance certificates can also be requested manually from SAP Service Marketplace. When performing a release upgrade or importing SAP enhancement packages, Support Packages are incorporated into the update process. A maintenance certificate is not required here. You can use transaction SLICENSE to check whether your system has a valid maintenance certificate. Choose New Licenses (to switch to the Digitally-Signed License Keys view). You can now check the following: • • • Software Product: Maintenance in the Sware Prod column Valid From: Date on which the maintenance certificate was requested Valid To: Date on which the maintenance certificate was requested + approximately three months Hint: See also SAP Note 1280664 - Distribution of maintenance certificates: Troubleshooting 2011 © 2011 SAP AG. All rights reserved. 493 Unit 9: Software Maintenance ADM800 Figure 198: Maintenance Certificate 1. 2. 3. 4. 494 The SAP Solution Manager system requests a maintenance certificate for all managed systems, where the maintenance certificate is expiring. The maintenance certificates are generated in the SAP Global Support Backbone. The SAP Solution Manager system contains the maintenance certificates the next time a connection is established (every 24 hours). The managed systems receive the maintenance certificates from the SAP Solution Manager system. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparation for Software Maintenance The following is a more detailed description of the process: 1. 2. 3. If automatic distribution is active for maintenance certificates, SAP Solution Manager passes the system numbers of all satellite systems to the SAP Global Support Backbone. The SAP Global Support Backbone automatically checks each system for a valid maintenance contract. If there is no valid maintenance contract, the process in the SAP Global Support Backbone automatically ends, and the customer's SAP Solution Manager system is informed. If there is a valid maintenance contract, the SAP Global Support Backbone automatically checks whether there is a maintenance certificate, and returns it to SAP Solution Manager. 4. 5. 6. 7. 8. If there is no maintenance certificate, the SAP Global Support Backbone automatically generates one for this system. The next time it runs (every 24 hours), SAP Solution Manager can get this maintenance certificate from the SAP Global Support Backbone. The maintenance certificates are automatically given to SAP Solution Manager, where they are saved and made available. The Maintenance Package task, which runs daily in the satellite systems (in the Service Data Control Center, transaction SDCCN), uses an RFC connection to request the relevant maintenance certificate from SAP Solution Manager. If a maintenance certificate is successfully retrieved, it is automatically saved locally in SAP License Management (transaction SLICENSE). If the tools SPAM or SAINT are used to import Support Packages, an automatic check is performed to check whether there is a valid maintenance certificate for the system. SAP Note 1280664 - Distribution of maintenance certificates: Troubleshooting provides detailed information about troubleshooting. Maintenance Transaction All SAP systems that are part of the customer's system landscape are registered in SAP Solution Manager. The Maintenance Optimizer (MOpz), as part of SAP Solution Manager, can then work with this information. To import Support Packages, among other things, SAP recommends that you create a maintenance transaction with the Maintenance Optimizer. On the one hand, this maintenance transaction is used to calculate a consistent combination 2011 © 2011 SAP AG. All rights reserved. 495 Unit 9: Software Maintenance ADM800 of Support Packages for a systems in the system landscape. On the other hand, the Support Packages to be imported must be approved before they can be downloaded. The approval is performed as part of the maintenance transaction. Hint: All Support Packages for systems based on SAP NetWeaver 7.0 (and higher) require the Maintenance Optimizer for approval. Figure 199: Maintenance Transaction 496 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparation for Software Maintenance The following steps are necessary to perform a maintenance transaction and using it to select Support Packages: 1. 2. 3. 4. 5. 6. 7. 8. In the SAP Solution Manager system, the basic configuration needs to have been performed with transaction SOLMAN_SETUP. The SAP systems to be maintained need to have been registered in SAP Solution Manager with transaction SMSY. As part of this registration process, the systems are assigned to a logical component. The logical component needs to be assigned to a solution in the SAP Solution Manager Administration work center. In the Change Management work center you can create a maintenance transaction using the Maintenance Optimizer (MOpz) by choosing Common Tasks → New Maintenance Transaction. The required Support Packages can be selected within this maintenance transaction. The selected Support Packages can be placed in the download basket. They are then approved within the maintenance transaction so the Download Manager can be used to download them from the SAP Service Marketplace. (Alternatively, the Software Lifecycle Manager functions (SLM) can be used for the download.) The downloaded Support Packages can now be imported using the Support Package Manager (transaction SPAM in the AS ABAP based system to be maintained). In AS Java based systems Support Packages are imported with the tool JSPM. Hint: With SAP Solution Manager 7.1 transaction codes SOLUTION_MANAGER, DSWP, and DSMOP will be deactivated. Transaction SOLMAN_WORKCENTER replaces the transaction SOLUTION_MANAGER. For more information see SAP Note 1480419. A maintenance transaction consists of five major steps that need to be performed. Start the transaction SOLMAN_WORKCENTER to open SAP Solution Manager: Work Centers 2011 © 2011 SAP AG. All rights reserved. 497 Unit 9: Software Maintenance ADM800 Figure 200: Starting the Maintenance Optimizer and entering the Basic Data Select the tab (1) Change Management. In Overview select (2) Maintenance Optimizer to start a new maintenance transaction. As a shortcut you could select (3) New Maintenance Transaction in the Common Tasks. The screen New Maintenance Optimizer transaction will open. Here you need to select the (4) Solution and (5) Product Version. In the box Product System you need to select the systems that you want to patch in this maintenance transaction. When you have entered the correct basic data you can press (6) Continue. 498 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparation for Software Maintenance Figure 201: Selecting the files and target patch level The figure above shows how to choose (1) the automatic or manual file selection and (2) Continue to the update options. Depending on your start release the system will present you (3) with the possible update option. Press (4) Continue to the Select Target screen. In this screen you can select the target support package stack that you want to implement. Choose (6) Continue to the screens Confirm Major Target, Select Add-on Products and Select OS/DB-Dependent Files. 2011 © 2011 SAP AG. All rights reserved. 499 Unit 9: Software Maintenance ADM800 Figure 202: Confirm target and select add-on and OSDB files 1/2 The choices above depend on the product that you are applying the patches to. In the example shown in the figure above we only select the correct OS/DB files. No add-on was selected. 500 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparation for Software Maintenance Figure 203: Confirm target and select add-on and OSDB files 2/2 In the steps shown above you can choose to include a SPAM Update (step 2.5). In step 2.6 you can change the selected Stack-Dependant Files. Changing the selection here is not recommended. The step 2.7 will put the files into your Download Basket. 2011 © 2011 SAP AG. All rights reserved. 501 Unit 9: Software Maintenance ADM800 Figure 204: Download, implement and complete the maintenance transaction In download the selected files using the Download Manager in step 3. When this is done continue to step 4 and maintain the status of the implementation of the support package stack. This step can only continue when all the systems in this Maintenance Transaction have the status Completed. In step 5 you can close the Maintenance Transaction by choosing Complete Transaction. After completion no changes are possible. 502 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparation for Software Maintenance Exercise 24: Execute a Maintenance Transaction Exercise Objectives After completing this exercise, you will be able to: • Create and execute a maintenance transaction for Support Packages in the SAP Solution Manager system. Business Example You want to update the SAP systems in your company to the latest Support Package level. You want to use a maintenance transaction in the SAP Solution Manager system to determine the Support Packages. Caution: The DEV groups log on to the partner QAS system and define a maintenance transaction for their own DEV system. The QAS groups log on to the partner DEV system and define a maintenance transaction for their own QAS system. The partner system is assumed to be the Solution Manager system, the own system is assumed to be the system to be updated. Caution: The maintenance transaction exercise requires certain system configurations to be made. The systems for this course are prepared accordingly. However, you may still need to create a solution and assign logical components. The first task is used for this. Task 1: Create a Solution Create a solution your partner SAP Solution Manager system that has a logical component assigned to it with your own system included. 1. Create a solution and assign your logical component to it. Use the SAP Solution Manager Administration work center. Task 2: Execute a Maintenance Transaction Use your partner SAP Solution Manager system to execute a maintenance transaction for your own system for importing a Support Package Stack into your system. 1. Create a maintenance transaction for importing a Support Package Stack. 2. Select the Support Package Stack you require for your maintenance transaction. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 503 Unit 9: Software Maintenance 3. 504 ADM800 Complete the maintenance transaction. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparation for Software Maintenance Solution 24: Execute a Maintenance Transaction Task 1: Create a Solution Create a solution your partner SAP Solution Manager system that has a logical component assigned to it with your own system included. 1. Create a solution and assign your logical component to it. Use the SAP Solution Manager Administration work center. a) Log on to your SAP Solution Manager system. b) Call the SAP Solution Manager Administration work center using the SOLMAN_WORKCENTER transaction, for example. c) Choose Solutions and select the New button. d) Enter user and password and log on. You are now in the screen to create a new Solution. e) In the field Solution, enter the name of your solution, for example Solution ## and choose a language. f) Switch to the System Group tab. g) Choose Development System as the Leading Role of the Solution and then Save Solution. h) Press the F4 key in the first cell of column Logical Components to add the correct logical component. i) In the popup expand SAP SOLUTION MANAGER → Solution Manager ABAP Stack and select SAP Solution Manager. Confirm this selection. j) Save your changes. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 505 Unit 9: Software Maintenance ADM800 Task 2: Execute a Maintenance Transaction Use your partner SAP Solution Manager system to execute a maintenance transaction for your own system for importing a Support Package Stack into your system. 1. Create a maintenance transaction for importing a Support Package Stack. a) Log on to your partner SAP Solution Manager system. b) Call the Change Management work center using the SOLMAN_WORKCENTER transaction, for example. c) Choose Common Tasks → New Maintenance Transaction. d) Choose a Priority and enter a Description. Choose the Solution you created in the previous task. e) Choose SAP SOLUTION MANAGER 7.1 as the Product Version and select the row with your own SAP system. f) Choose Continue. Continued on next page 506 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Preparation for Software Maintenance 2. 3. 2011 Select the Support Package Stack you require for your maintenance transaction. a) Select Calculate Files Automatically - Recommended and choose Continue. b) Maintenance is already selected in your maintenance transaction. Choose Continue. c) Accept the Target stack currently proposed, for example, 03 (09/2011) and choose Continue. (This may take several minutes.) d) Check the technical system and choose Continue. e) Do not select any Add-on and choose Continue. f) You now see a selection of operation system- and database-dependent files. For the operating system Windows Server on x64 64bit, select the #Database independent and MaxDB files. Choose Continue. g) You now see a selection of stack-independent files. Leave the selection unchanged and choose Continue. h) You now see the files that belong to your stack. Leave the selection unchanged and choose Continue. i) As the download tool choose Download Basket. The files will be added to the download basket. Choose Continue. j) The files are automatically confirmed in your S-user's download basket. You could now start the Download Manager by choosing Download Files from Download Basket. In the context of this course this step is not necessary, because the relevant files are already downloaded to your server. k) Choose Continue. The Status of Implementation is New. You may want to set it to In Process. l) At this point, you would use the Download Manager to download the files and, for example, use transaction SPAM to import the Support Packages into your own AS ABAP based system. For an AS Java based system, the tool JSPM is used. However, this is not part of this exercise. Imagine that you have already successfully imported all of the files contained in your maintenance transaction. Complete the maintenance transaction. a) Set the Status of Implementation to Completed and Save. b) Choose Complete Transaction and Continue. © 2011 SAP AG. All rights reserved. 507 Unit 9: Software Maintenance ADM800 Lesson Summary You should now be able to: • Explain the concept of maintenance certificates • Describe a maintenance transaction 508 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections Lesson: Importing Corrections Lesson Overview This lesson presents the updating of an AS Java 7.1x-based SAP system, for example SAP NetWeaver CE 7.1x or SAP NetWeaver PI 7.1x, by installing a current Support Package Stack. Lesson Objectives After completing this lesson, you will be able to: • • Call the Java Support Package Manager (JSPM). Import Support Packages and Support Package Stacks for SAP NetWeaver AS Java 7.1x-based systems. Business Example Quality control of the petrochemistry company XYZ AG has detected an error in an important business process. This error can be traced back to an incorrect delivery of an SAP software component. You must import the latest Support Package Stack to eliminate this error. Support Packages Support Packages are corrections that SAP supplies to customers. The component model used by SAP in the context of Java development is used both in delivery (installation) and in the context of maintenance (import of Support Packages). 2011 © 2011 SAP AG. All rights reserved. 509 Unit 9: Software Maintenance ADM800 Figure 205: Component Model in Delivery and Maintenance Software maintenance is organized into three tiers: • • A product consists of one or more software components that represent related business scenarios. Products are installed or undergo an upgrade to a new release. A release is a full delivery of software components that provides new functions (and possibly user interfaces) or improvements. Software components contain a set of development components. Support Packages are delivered in the context of software maintenance. A Support Package (SP) is (unlike ABAP) a full delivery of one (or more) software component(s) and contains a number of patches. If sources are delivered with Support Packages, the SPs must be transported using the NWDI's Change Management Service (CMS). The usual file format of an SP is the SCA format. SAP does not advise you to import Support Packages individually for each software component; rather you are advised to import them as uniformly as possible for an entire system or even entire applications (comprising several systems). Therefore, SAP releases the individual Support Packages together as a Support Package Stack for the respective product. • Patches are full deliveries of a development component that allow a quick error correction, before the complete SP is available. The usual file format is the SDA format. If patches include sources, they must also be imported using the resources of the CMS. Introduction: Java Support Package Manager As of SAP NetWeaver 7.0, the Java Support Package Manager (JSPM) is used to import Support Packages for SAP NetWeaver Application Server Java (AS Java) and all the Java-based software components running on it. There are two 510 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections additional tools, CEUPDATE and the Update Management Service, for SAP NetWeaver CE 7.1x only. Both serve as user interfaces to facilitate the import of a Support Package Stack. • Updating: – • • Kernel, Internet Graphic Server (IGS), SAP JVM and other native AS Java operating system binaries – JSPM itself – All Java software component installed in the system – Modified software components (integration with NWDI) Deployment of SAP and third-party software components Deployment, update and upgrade of Business Packages in the SAP Business Suite JSPM can import either individual Support Packages or a complete Support Package Stack SAP recommends that you always implement the complete Support Package Stack in a Java system. This is the only way to ensure the consistency of the system and the application. Java Support Package files (SCAs) contain all the software objects and the associated software components (Full Patch). As a result, it is sufficient to update the Java system with the required Support Package Stack. It is not necessary to import all the Support Package Stacks from the start Support Package Stack level through to the target Support Package Stack level one after the other. JSPM provides a simple, intuitive graphical user interface (GUI). JSPM only displays those components for which an update is possible. You can also see the current Support Package level in JSPM. JSPM simplifies the Support Package management process for Java applications by recognizing and taking account of dependencies and reducing manual activities. JSPM works together with the SAP NetWeaver Development Infrastructure (NWDI), thus making it possible to identify modified components. In NWDI development (DEV) and consolidation systems (CONS), JSPM detects modified software components and transports them for deployment to the NWDI system. In NWDI test (TEST) and production systems (PROD), JSPM detects and deploys modified software components. The AS Java must be started for JSPM to start. Hint: The user <sid>adm should start JSPM. You start JSPM using an instance file system script from the directory /usr/sap/<SID>/<instance>/j2ee/JSPM. The script is called go.bat (Windows) or go (Unix). You now have to enter the user ID and password of an administration user of the AS Java, for example Administrator or j2ee_admin. 2011 © 2011 SAP AG. All rights reserved. 511 Unit 9: Software Maintenance ADM800 JSPM writes all its log files to the directory /usr/sap/<SID>/<instance>/j2ee/JSPM/log. Hint: Before you use the Java Support Package Manager, read SAP Note 1147119. If you use SAP systems on iSeries then you can find additional information in SAP Note 1066038. JSPM: Preparatory Steps for SP Stack You should note the following steps before using JSPM: 1. 2. Before the update: Check the entire functional capability of the system Download the Support Package Stack (for all installed Usage Types) and the corresponding Support Package Stack definition file (SPSTab.xml). You should do this with the Maintenance Optimizer in SAP Solution Manager. 3. Storage location of the files (Support Packages and Support Package definition file): JSPM Inbox (Default: /usr/sap/trans/EPS/in) The storage location of the JSPM Inbox is defined via the parameter DIR_EPS_ROOT. 4. Check the free space in the file system for the directory /usr/sap/<SID>/<instance>/j2ee/JSPM/temp. Temporarily available disk space: approximately 3 times the size of the Support Package files If JSPM is to recognize the Support Package Stack correctly, both the Support Package files and the corresponding Support Package Stack definition file (SPSTab.xml) must be downloaded and available in the JSPM Inbox. 512 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections JSPM: Importing an SP Stack You perform the following steps to import SP Stacks using JSPM. 1. Log on as user <sid>adm to the instance host. Close all SAP MMC and services consoles under Windows. 2. Start JSPM and log on with an administration user of the AS Java. Start JSPM from /usr/sap/<SID>/<instance>/j2ee/JSPM using the script go or go.bat. 3. Update JSPM itself (you do not have to perform this step separately since JSMP is also contained in the SP Stack). The JSPM update can be imported at runtime. 4. 5. a) Select the Start Deployment tab. b) Select the option Java Support Package Manager (JSPM). Call and log on to JSPM again. In the Start Deployment tab, select the option Support and Enhancement Package Stack followed by Next. In this step, JSPM performs a number of status checks and displays the result for each individual software component in the following screen. The following status can be reported:. • • OK: SP can be imported. WARNING: The software contains customer modifications in a system monitored by NWDI Deployment can be performed. WARNING may also mean: the software components contain lower versions of development components than are available in the system. REVISE: Indicates inconsistencies with the corresponding software component. A deployment cannot be performed until all the problems have been eliminated. Select Next if the SP Stack has the appropriate status. This starts the updating of the software component and the status of the JSPM changes to SCHEDULED. • 6. JSPM starts and stops the AS Java several times during this procedure. 2011 © 2011 SAP AG. All rights reserved. 513 Unit 9: Software Maintenance ADM800 Figure 206: Import Support Package Stacks There are different ways to import Support Package Stacks. A significant difference is whether or not patches are applied. In particular, you apply patches if patches have already been applied on the current system. If the patch that has already been applied is of a younger date than the delivery date of the Support Package for the software components, the correction of the patch may not be contained in the Support Package for the software components. If you decide to apply patches, you can do this in one or two steps. The option to apply patches with the Support Package of the SPS in one step has been available as of 7.0 SPS 14. Before you decide on this option, read SAP Note 1080821 carefully. You start JSPM from the file system and log on with an administration user of the AS Java. 514 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections Figure 207: Starting JSPM The step Specify Queue displays the (highest) Support Package Stack level available in the JSPM Inbox. Then, in the Check Queue step, JSPM checks the deployment queue and every software component in the stack is assigned a status. 2011 © 2011 SAP AG. All rights reserved. 515 Unit 9: Software Maintenance ADM800 Figure 208: Support Package Stack: Specify Queue, Check Queue In the Deploy Queue step, JSPM starts the deployment of the software components in the selected stack. When this is done, the status is set to SCHEDULED. The Completed step displays the status of the software components after deployment. 516 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections Figure 209: Support Package Stack: Deploy Queue, Completed After import, the Support Packages can have the following status: • • • • DEPLOYED DEPLOYED WITH WARNING: The Support Packages have been deployed but might possibly not function correctly with other deployed components. ERROR: An error occurred during deployment and must be eliminated before continuing with the import of the Support Package. NOT DEPLOYED: For certain reasons, JSPM has not attempted to deploy the software components. Eliminate the problems and restart the import. If the Support Package Stack contains a Kernel Update, JSPM starts with the Kernel Update. JSPM updates the kernel binaries in the global kernel directory. When the instances are restarted, the kernel is then copied locally to all instances via sapcpe. In general, corrections can be imported individually or in the stack. SAP urgently recommends you to use Support Package Stacks in order to ensure the consistency of the system and the applications. JSPM: Importing Individual Support Packages If you want to update only individual software components and not all the components of the SP Stack, choose the option Single Support Packages and Patches (advanced use). 2011 © 2011 SAP AG. All rights reserved. 517 Unit 9: Software Maintenance ADM800 Caution: Before starting the import of Support Packages at a given level, you must make sure that the JSPM has at least the same level. Figure 210: Single Support Package: Select Package Type, Specify Queue In the next step, you specify the queue by choosing the required SP level or skip (do not import) for each software component. In the case of modified software components and systems monitored by NWDI, there is also the setting <SP level>, Modified by NWDI. JSPM now checks the validity of the deployment queue and outputs the status OK, WARNING or REVISE accordingly. 518 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections Figure 211: Single Support Package: Check Queue In the fourth step, deployment is started and the status of all the components changes to SCHEDULED or IN PROGRESS. In the last step, the final status is displayed (DEPLOYED, DEPLOYED WITH WARNINGS, NOT DEPLOYED, ERROR) 2011 © 2011 SAP AG. All rights reserved. 519 Unit 9: Software Maintenance ADM800 Figure 212: Single Support Package: Deploy Queue, Completed 520 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections Exercise 25: Importing Corrections Exercise Objectives After completing this exercise, you will be able to: • Implement corrections for SAP NetWeaver AS Java Business Example SAP NetWeaver Application Server Java is used as the runtime environment for applications that conform to the J2EE standard. You can use Support Packages to correct errors and implement new functions for SAP NetWeaver AS Java. Task 1: Preparations for applying Support Package Stacks Provide the required Support Packages, the corresponding file stack.xml, and the patches for the Support Package Stack in the directory EPS/in. Prepare to import the Support Package Stack from the training share. 1. For the software component JSPM, determine which Support Package number belongs to the Support Package Stack to be imported. 2. Copy the Support Packages of the Support Package Stack and the file stack.xml from the directory Stack Definition to the directory EPS/in. 3. Copy the patches for the Support Packages of the Support Package Stack from the directory Patches to the directory EPS/in. Task 2: Applying a JSPM Update Apply the patch that you copied in the previous task in your system. 1. Use JSPM to check the current JSPM level. To do this, start JSPM. 2. Carry out the JSPM update. 3. Use JSPM to check the current JSPM level. To do this, start JSPM. Result You have successfully applyed a JSPM Update for SAP NetWeaver AS Java. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 521 Unit 9: Software Maintenance ADM800 Task 3: Optional: Applying a Support Package Stack You can either carry out this task or the task of “applying a Support Package Stack with patches”. Use JSPM to apply a Support Package Stack. Caution: Close the SAP MMC and the Services if they are started on the host of your SAP system. 1. Appy the Support Package Stack. Task 4: Optional: Applying Patches You can carry out this task only if you have successfully completed the task of “applying a Support Package Stack”. Use the JSPM to apply the patches for your Support Package Stack. You made these patches available in the first task in the directory EPS/in. Caution: Stop the complete dialog instance (ABAP+Java) of your SAP system. Close the SAP MMC and the Services if they are started on the host of your SAP system. 1. Use the JSPM to apply the patches for your Support Package Stack. Task 5: Optional: Applying a Support Package Stack with Patches You can either carry out this task or the task of “applying a Support Package Stack”. Hint: Before you apply patches with the Support Package Stack option, read SAP Note 1080821. Use the JSPM to apply a Support Package Stack with the relevant patches. Caution: Stop your dialog instance and close the SAP MMC and the Services if they are started on the host of your SAP system. 522 1. Set the parameter /jspm/includePatchesInStack in the file jspm_config.txt to the value true. You can find the file jspm_config.txt in the directory param. 2. Apply the Support Package Stack with patches in one step. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections Solution 25: Importing Corrections Task 1: Preparations for applying Support Package Stacks Provide the required Support Packages, the corresponding file stack.xml, and the patches for the Support Package Stack in the directory EPS/in. Prepare to import the Support Package Stack from the training share. 1. For the software component JSPM, determine which Support Package number belongs to the Support Package Stack to be imported. a) Search for the file JSPM<NumberX>_0-... in the subdirectory Support Packages, which you can find on the training share. <NumberX> is the number of the Support Package of the software component JSPM searched for. b) You can find the JSPM patches in the directory Patches (which you can find on the training share). c) The files have the following form: JSPM<NumberX>P_<NumberY>.... <NumberX> specifies the number of the Support Package and <NumberY> specifies the number of the patch. Copy the file where <NumberX> corresponds to the number from the previous exercise step. If there are several of these files, copy the one that has the highest <NumberY>. 2. Copy the Support Packages of the Support Package Stack and the file stack.xml from the directory Stack Definition to the directory EPS/in. a) 3. You can copy the complete contents of the directory Support Package to EPS/in. If the system issues a prompt asking you whether you want to overwrite a file, confirm this by choosing Yes, to all. Copy the patches for the Support Packages of the Support Package Stack from the directory Patches to the directory EPS/in. a) You can copy the complete contents of the directory Patches to EPS/in. If the system issues a prompt asking you whether you want to overwrite one of more files, confirm this by choosing Yes to All. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 523 Unit 9: Software Maintenance ADM800 Task 2: Applying a JSPM Update Apply the patch that you copied in the previous task in your system. 1. 2. Use JSPM to check the current JSPM level. To do this, start JSPM. a) Log on as user <sid>adm to your PAS instance's host. b) Start JSPM (/usr/sap/<SID>/<PAS>/j2ee/JSPM/ go.bat) and log on with the course user. c) In the menu, choose Help → About. You can find the version of the JSPM, for example, 7.30.<X>.<Y>.0, where <X> specifies the Support Package and <Y> specifies the patch. Carry out the JSPM update. a) If you have not yet already done so, start the JSPM (see 1.) b) In the step Select Package Type, choose the option Java Support Package Manager (JSPM) followed by Next. c) In the step Specify Queue, check whether the correct Support Package and patch was selected. If this is not the case, choose the correct Support Package and patch (see task 1). Confirm with Next. d) In the step Check Queue, start the import of the JSPM update. e) In the step Deploy Queue, the component is assigned the status SCHEDULED and is then displayed with the achieved status DEPLOYED after deployment. End the JSPM by choosing Exit. 3. Use JSPM to check the current JSPM level. To do this, start JSPM. a) Start JSPM (/usr/sap/<SID>/<PAS>/j2ee/JSPM/ go.bat) and log on with the course user. b) In the menu, choose Help → About. Here, you can find the version of the JSPM, for example, 7.30.<X>.<Y>.0, where <X> specifies the Support Package and <Y> specifies the patch. Result You have successfully applyed a JSPM Update for SAP NetWeaver AS Java. Continued on next page 524 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections Task 3: Optional: Applying a Support Package Stack You can either carry out this task or the task of “applying a Support Package Stack with patches”. Use JSPM to apply a Support Package Stack. Caution: Close the SAP MMC and the Services if they are started on the host of your SAP system. 1. Appy the Support Package Stack. a) Log on as user <sid>adm to your central instance's host. Start JSPM (/usr/sap/<SID>/<PAS>/j2ee/JSPM/ go.bat) and log on with the course user. In the step Select Package Type, choose the option Support and Enhancement Package Stack and confirm by choosing Next. The stack that is available according to d:\usr\sap\trans\EPS\in\SPStab.xml and which may be possible to apply is now displayed. b) In the Specify Queue step, choose the highest available Support Package Stack level. Hint: The selected SP Stack level must be higher than that of the stack that is already imported! Choose Show Details to see which Support Package levels of the individual components. Now confirm with Next. c) In the step Check Queue, the status OK or WARNING should be displayed for all components. Choose Start to start the deployment. d) In the step Deploy Queue, the components are assigned the status SCHEDULED or IN PROGRESS, and, after the deployment, they are displayed with the status DEPLOYED or DEPLOYED WITH WARNING. e) In the Completed step, select Exit. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 525 Unit 9: Software Maintenance ADM800 Task 4: Optional: Applying Patches You can carry out this task only if you have successfully completed the task of “applying a Support Package Stack”. Use the JSPM to apply the patches for your Support Package Stack. You made these patches available in the first task in the directory EPS/in. Caution: Stop the complete dialog instance (ABAP+Java) of your SAP system. Close the SAP MMC and the Services if they are started on the host of your SAP system. 1. Use the JSPM to apply the patches for your Support Package Stack. a) Start JSPM (/usr/sap/<SID>/<PAS>/j2ee/JSPM/ go.bat) and log on with the course user. In the step Select Package Type, choose the option Single Support Packages (advanced use) followed by Next. b) In the step Specify Queue, check the proposed Support Package and patch level. These have the format: 7.30.<X>.<Y>, where <X> specifies the Support Package level and <Y> specifies the patch level. If, for a software component, the Support Package level is different from the current Support Package level, choose a patch that corresponds to the current Support Package level or deactivate the deployment of this patch by choosing skip. You do not need to concern yourself here with software components for which no patches or Support Packages were found. Now confirm with Next. c) In the step Check Queue, the status OK or WARNING should be displayed for all components. Choose Start to start the import. d) In the step Deploy Queue, the components are assigned the status SCHEDULED or IN PROGRESS, and, after the deployment, they are displayed with the achieved status DEPLOYED or DEPLOYED WITH WARNING. e) In the Completed step, select Exit. Continued on next page 526 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections Task 5: Optional: Applying a Support Package Stack with Patches You can either carry out this task or the task of “applying a Support Package Stack”. Hint: Before you apply patches with the Support Package Stack option, read SAP Note 1080821. Use the JSPM to apply a Support Package Stack with the relevant patches. Caution: Stop your dialog instance and close the SAP MMC and the Services if they are started on the host of your SAP system. 1. Set the parameter /jspm/includePatchesInStack in the file jspm_config.txt to the value true. You can find the file jspm_config.txt in the directory param. a) Log on as user <sid>adm to your central instance's host. In the file /usr/sap/<SID>/<PAS>/j2ee/JSPM/ param/jspm_config.txt, search for the parameter /jspm/includePatchesInStack and replace the value false with true. Save your entry. Continued on next page 2011 © 2011 SAP AG. All rights reserved. 527 Unit 9: Software Maintenance 2. ADM800 Apply the Support Package Stack with patches in one step. a) Start JSPM (/usr/sap/<SID>/<PAS>/j2ee/JSPM/ go.bat) and log on with the course user. In the step Select Package Type, choose the option Support and Enhancement Package Stack and confirm by choosing Next. The stack that is available according to d:\usr\sap\trans\EPS\in\stack.xml and which it may be possible to import is now displayed. b) In the Specify Queue step, choose the highest available Support Package Stack level. Hint: The selected SP Stack level must be higher than that of the stack that is already applyed! Choose Show Details to see the Support Package levels of the individual components. Now confirm with Next. c) In the step Specify Queue Patches, check the proposed Support Package and patch level. These have the format: 7.30.<X>.<Y>, where <X> specifies the Support Package level and <Y> specifies the patch level. If, for a software component, the Support Package level is different from the current Support Package level, choose a patch that corresponds to the current Support Package level or deactivate the deployment of this patch by choosing 7.30.<X>.0. Now confirm with Next. 528 d) In the step Check Queue, the status OK or WARNING should be displayed for all components. Choose Start to start the deployment. e) In the step Deploy Queue, the components are assigned the status SCHEDULED or IN PROGRESS, and, after the deployment, they are displayed with the achieved status DEPLOYED or DEPLOYED WITH WARNING. f) In the Completed step, select Exit. © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Importing Corrections Lesson Summary You should now be able to: • Call the Java Support Package Manager (JSPM). • Import Support Packages and Support Package Stacks for SAP NetWeaver AS Java 7.1x-based systems. Related Information • • • 2011 SAP NetWeaver Support Package Stack Guide SAP Service Marketplace: Quick Link /sp-stacks © 2011 SAP AG. All rights reserved. 529 Unit 9: Software Maintenance ADM800 Lesson: Backing Up AS Java Lesson Overview You should back up a system with production data at regular intervals, so that no data loss occurs in the case of a severe system error, and you can recreate the system using restore/recovery mechanisms. This also applies to the SAP NetWeaver AS Java. In addition to backing up the database, it is also important to back up the proprietary SAP directories. Lesson Objectives After completing this lesson, you will be able to: • Explain which regular backups are required for the SAP NetWeaver AS Java. Business Example Your company runs several different SAP systems. To ensure that your system can be restored after serious errors – such as the unintentional deletion of tables – it is important to have a backup of the database and other directories. This also applies for an SAP system with Usage Type AS Java. Overview: Backing up the SAP NetWeaver AS Java Backing up SAP NetWeaver AS Java and the associated database protects you against data loss and is required to restore the SAP NetWeaver AS Java after a system error. Prerequisite for Backup Note the following prerequisite so that you can perform a backup: The backup tools for your database and the backup solution for your system must be installed and available. Hint: If you have not yet decided which backup strategy meets your system requirements, read the documentation for your database. First Backup After Installation and Upgrade After installation and after each upgrade/update of the SAP NetWeaver AS Java, you should perform the following: • • 530 A first file system backup of the AS Java (default path /usr/sap/<SID>/) A first file system backup of the home directory of the database (Microsoft Windows default path SAPDB\MaxDB: <drive>:\sapdb, Oracle: <drive>:\orant © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Backing Up AS Java Backup Routine Figure 213: Backing up the SAP NetWeaver AS Java A complete backup of all changes to the AS Java since the installation consists of: • • • Backing Up the Databases Backing up the file system: Global directory \usr\sap\<SID> Backing up the configuration (export using the Config Tool) Backing up the Database: We recommend that you include both the backing up of the database and the database change logs into your daily routine. • Online backup: If it is possible with your application, back up the database once a day with online backup. You should, of course, back up the log files that accumulate during production operation several times a day. Once a week, you should also perform an offline backup. • Offline backup: If your installed application can only be consistently backed up in offline mode, we recommend that you schedule an offline backup as often as possible (at least once at the weekend). You should, of course, back up the log files that accumulate during production operation several times a day. 2011 © 2011 SAP AG. All rights reserved. 531 Unit 9: Software Maintenance ADM800 Backing Up the Installed Applications Note the guidelines for each SAP application running on your SAP NetWeaver AS Java and perform any additional backup operations described there. 532 © 2011 SAP AG. All rights reserved. 2011 ADM800 Lesson: Backing Up AS Java Lesson Summary You should now be able to: • Explain which regular backups are required for the SAP NetWeaver AS Java. 2011 © 2011 SAP AG. All rights reserved. 533 Unit Summary ADM800 Unit Summary You should now be able to: • Explain the concept of maintenance certificates • Describe a maintenance transaction • Call the Java Support Package Manager (JSPM). • Import Support Packages and Support Package Stacks for SAP NetWeaver AS Java 7.1x-based systems. • Explain which regular backups are required for the SAP NetWeaver AS Java. 534 © 2011 SAP AG. All rights reserved. 2011 ADM800 Test Your Knowledge Test Your Knowledge 1. What can be done with a maintenance transaction? Choose the correct answer(s). □ □ □ □ □ 2. A B C D E Import Support Packages. Calculate Support Package Stacks for your SAP systems. Approve objects in your download basket. Import SAP Notes. Import SAP enhancement packages To be able to restore the SAP NetWeaver AS Java if a system error occurs, it is sufficient to backup the directory /usr/sap. Determine whether this statement is true or false. □ □ 2011 True False © 2011 SAP AG. All rights reserved. 535 Test Your Knowledge ADM800 Answers 1. What can be done with a maintenance transaction? Answer: B, C A maintenance transaction can not import SAP Notes, Support Packages and SAP enhancement packages. SAP Notes are imported via the Note Assistant, Support Packages for AS ABAP based systems via transaction SPAM, Support Packages for AS Java based systems via tool JSPM, SAP enhancement packages via the tool SAPehpi. 2. To be able to restore the SAP NetWeaver AS Java if a system error occurs, it is sufficient to backup the directory /usr/sap. Answer: False You must back up the database as well as the proprietary SAP directories. 536 © 2011 SAP AG. All rights reserved. 2011 ADM800 Course Summary Course Summary You should now be able to: • • • • • • • • • • • • • • • • 2011 Explain the architecture of SAP NetWeaver AS Java Start and stop SAP NetWeaver AS Java Carry out basic configurations for SAP NetWeaver AS Java Classify network security concepts Set up SSL encryption for SAP NetWeaver AS Java Explain the architecture of the User Management Engine Configure the User Management Engine Carry out user and authorization maintenance Understand and change the standard logon procedure of SAP NetWeaver AS Java Maintain destinations and the JCo RFC Provider Understand the architecture and the tasks of the SAP NetWeaver Development Infrastructure Explain the process flow of the development process using the SAP NetWeaver Development Infrastructure Specify the options for monitoring SAP NetWeaver AS Java Connect SAP NetWeaver AS Java to a central Monitoring system Display Monitoring and logging data using the SAP NetWeaver Administrator Implement corrections for SAP NetWeaver AS Java © 2011 SAP AG. All rights reserved. 537 Course Summary 538 ADM800 © 2011 SAP AG. All rights reserved. 2011 Glossary Activation Integration of changes from the incative workspace into the active workspace (after a successful build). Assembly Step for creating a software component version in CMS Transport Studio. This step takes the most up-to-date software status in the DTR workspace of the consolidation stage, if appropriate, takes the required archive from the CBS and creates a uniquely defined status of the developed software component from this. Buildspace Separate area within a CBS that implements exactly one development configuration. Component Build Service (CBS) Part of SAP NetWeaver Development Infrastructure and is used for the central build of the source texts. Cookie A cookie is a message that is sent to the Web browser (for example from a Web server). The Web browser saves this message either in the file system (persistent cookie) or it is stored in a temporary memory area and deleted when the browser is closed (session cookie). For each request to the issuing server, the Web browser sends the cookie to this server again. Deployment Transfer of archives to the runtime environment of the target system. Design Time Repository (DTR) Central memory for all kinds of source files. The memory is presented logically as a hierarchical file and folder structure. Physically, the contents are stored in a database and are accessible via the open logs WebDAV and DeltaV. Development Component Container for development objects in the Java environment. It represents a software module that the application developer can use both for structuring the application to be developed and to reuse an application. Development Object Element of a component that provides part of its function and can be changed or developed in some way. This can be a Java class, a table definition, a JSP page, and so on. Development objects are essentially stored in a repository. 2011 © 2011 SAP AG. All rights reserved. 539 Glossary ADM800 DIP file Development Infrastructure Package – file that contains changes sources and / or runtime objects based on one ore more activities. EAR file Enterprise Archive File type that contains a Web-based application for enterprises. An EAR file is, from a technical point of view, an archive of the MIME type "application/zip" and can be unpacked using any packing program. It always contains a file that describes all of the components in the archive. Other special applications are required to be able to correctly use an application contained in the archive. EIS Enterprise Information System Enterprise (Java) Beans Components for distributed and transaction-oriented business applications in Java. Typically, they contain a processing logic for business data. GRMG Generic Request and Message Generator: Central infrastructure for availability monitoring of Java-based components and applications Java Virtual Machine Interpreter for the controlled execution of Java bytecode on the respective hardware platform. JMX Java Management Extension JSP Java Server Pages, abbreviated to JSP, are used simplify the dynamic generation of the HTML and XML output of a Web server. This technology allows the embedding of Java code and special JSP actions in static content. The advantage of this technology is that the logic can be implemented independent of the design. maintenance certificate A maintenance certificate enables the SAP software logistics tools (for example, SPAM, SAINT, and JSPM) to identify the system to be maintained and to determine the extent of maintenance required. It is also used to ensure that only customers with a valid maintenance contract can perform the relevant maintenance transactions. maintenance transaction To import Support Packages, among other things, SAP recommends that you create a maintenance transaction with the Maintenance Optimizer. This maintenance transaction is used to calculate a consistent combination of Support Packages for a specific system or a combination of systems in the landscape and to approve this combination for download. Name Server Part of SAP System Landscape Directory (SLD). The Name Server enables the reservation of globally unique names for Java development objects. 540 © 2011 SAP AG. All rights reserved. 2011 ADM800 Glossary patch To be able to correct smaller problems in the SAP system, individual corrections, known as single patches are available as SAP Notes. Perspective SAP NetWeaver Developer Studio provides a range of tools for all aspects of application development. As is usual in Eclipse, the related tools are mainly combined into perspectives in accordance with task-specific requirements. Principle The umbrella term used for the “objects” user, account, group and role in the UME environment. Product Overlapping selection of software components. A software component can be contained in multiple products. Proxy Server Host that temporarily stores the Internet pages that are frequently requested by users. If a user calls a Web site, the proxy server checks whether the data already exists locally on it. If this is the case, the user simply receives a copy, which is transferred more quickly than the original. If the data does not yet exist, the proxy server connects the user to the desired address. Release Certain statuses of a software component can be classified as a release for delivery, deployment, and maintenance. A release is a large step in the development of a software component, which provides new functionality. SAP NetWeaver Developer Studio SAP's own development environment for the development of Java-based multi-level business applications. The development environment is based on the open source product Eclipse. SAP NetWeaver Development Infrastructure (NWDI) SAP NetWeaver Development Infrastructure (NWDI) extends the concept of an integrated development environment (IDE, SAP NetWeaver Developer Studio) with server-side services that provide development teams with a consistent central development environment and support software development during the entire lifecycle of a product. Secure Network Communication (SNC) SNC is an interface that allows secure communication between SAP systems. SNC provides the functions authentication, encryption and integrity. An external security product that uses the SNC interface of the SAP system is required for the implementation. The SNC interface is an implementation of the Generic Security Services Application Programming Interface (GSS API). The SAP Cryptographic Library is available as an external security product for many standard scenarios and SAP server components. 2011 © 2011 SAP AG. All rights reserved. 541 Glossary ADM800 Secure Sockets Layer (SSL) SSL is a protocol developed by Netscape that is used to safeguard Internet communication. SSL uses Public Private Key technology to safeguard the communication between client and server. The SSL protocol contains encryption of the communication, server authentication, client authentication and mutual authentication (server and client authentication). SOAP Simple Object Access Protocol (SOAP) describes a protocol by which Web Services can be called in distributed system landscapes. SOAP uses HTTP as a transport protocol. An SOAP message has a header with the additional information and a body with the actual message. Software Component Delivery and installation unit that combines development components into larger units. Startup and Control Framework The Framework is used to start, stop, and monitor Java instances. The Startup and Control Framework is the infrastructure that SAP provides for starting and stopping the Java stack. Support Package Collection of corrections for software errors in the SAP system. Support Packages are summarized in periodic intervals and made available by SAP. Support Package Stack Collection of Support Packages. SAP does not advise you to import Support Packages individually; instead, you should always import the entire Support Package Stack of a product. System In the context of the transport of Java applications with the ABAP Transport Management System (TMS), a system can consist of a development configuration and a runtime system. A system can contain only a development configuration, only a runtime system, or both, depending on whether source code or deployable archives are to be transported. tp Program for controlling transports between SAP Systems and for upgrading SAP Releases. As a control program, tp uses some special programs that are required to perform complete transports. Transport Request Transport object that bundles the source code files from the activities of SAP NetWeaver Developer Studio and transports them through the system landscape. UDDI Universal Description, Discovery, and Integration (UDDI) is a directory service for dynamic Web services. A directory of Web services is provided via an SOAP interface. You can find more information about UDDI under: http://uddi.xml.org. 542 © 2011 SAP AG. All rights reserved. 2011 ADM800 Glossary UME User Management Engine: A Java-based user administration component with central user administration, a single sign-on (SSO), and secure access to distributed applications. User Store Service provider in AS Java which saves user administration data such as user and group data. Web Service A Web service is a stand-alone, modulized, executable entity that can be published, localized and called within a network that uses open standards. For a caller or sender a Web service represents a blackbox that requires an entry and returns a result. Web services offer important integration for each asynchronous or synchronous communication technology within a company or between several companies. Workspace Logical storage area that contains multiple versioned source files, but only one version of each source file. These versions usually form a complete status of a software component. WS Security Web Service Security (WSS) is an OASIS standard that describes mechanisms to provide message integrity and confidentiality for SOAP communication. WS Security uses existing standards such as XML Signature and XML Encryption. See also http://www.oasis-open.org/committees/wss WSDL WSDL is a meta language that is used to describe the function of a Web service. Functions, parameters and return codes in particular are described in a machine-readable form. WSDL is standardized by the World Wide Web Consortium (W3C); see the following URL: http://www.w3.org/2002/ws/desc/ 2011 © 2011 SAP AG. All rights reserved. 543 Glossary 544 ADM800 © 2011 SAP AG. All rights reserved. 2011 Index A ABAP Dispatcher, 17 ABAP Work Processes, 17 Action, 226 Activation, 371 Activity Transport, 391 Additional Application Server Instance, 23 applet, 301 Assembly, 303, 539 Assertion Ticket, 252 attribute mapping, 199 Authentication Stack, 247 B Build, 302, 350, 367 build option, 346 buildspace, 391 Buildspace, 371 bytecode, 4, 297 C Categories, 463 Central Services, 24, 50 configuration, 140 Change and Transport System, 386 Change and Transport System (CTS), 311 Change Management Service, 396 change request, 396 Client-Based Load Balancing, 35 ClusterManager, 141 CM Services, 311, 328 Company (UME), 214 Component Build Service, 311, 326, 367, 396 Config Tool, 93 2011 Configuration of filters, 120 of managers and services, 118 of the Central Services, 140 of the message server, 140 of the Number of Server Processes, 121 of the VM Parameters, 115 Configuration Wizard, 138 Containers, 301 CSMCONF, 428 CSMREG, 428 D Data Partitioning, 190 Delegated user administration, 214 DeltaV, 306 Deployment, 303, 368 deployment descriptor, 302 Design Time Repository, 311, 326, 367, 369 Destination Service, 269 Development Component, 313, 354, 370 development configuration, 340 Development Configuration, 307, 354, 367 development object, 313 DI Export Web UI, 393 DI package, 369 DIP file, 391 E Eclipse, 306 © 2011 SAP AG. All rights reserved. 545 Index ADM800 EIS (Enterprise Information Systems), 268 Enqueue Server, 25 enqueue service, 25 Enterprise Archive, 303 Enterprise Information Systems, 268 Enterprise Java Bean, 302 Enterprise Java Beans, 10, 301 JEE security role, 224 JEE security roles, 227 JMX, 414 JSmon, 78 JSPM, 510 JVM, 8 F ICM, 24 IDE, 322 Instance Profile, 112 Internet Communication Manager, 17 location, 463 LockingManager, 142 log archiving, 469 Log Configurator service, 464 log destination, 464, 468 log formatter, 464, 468 Log Manager, 464 Log Viewer, 458 Log Viewer in the SAP NetWeaver Administrator, 458 Logging, 463 Login Module, 247 Login Module Stack, 247 Logon Ticket, 251 J M Filter configuration, 120 G Garbage Collector, 113 GRMG, 443 GSS-API, 253 I J2SE SDK, 299 JAAS, 246 Java Applet, 3 Java application, 3 Java Archive, 302 Java Beans, 9 Java Cluster, 23 Java Development Kit (JDK), 5 Java instance, 22 Java program, 3 Java Runtime Environment (JRE), 2, 298 Java Server Page, 301 Java Server Pages, 11 Java Support Package Manager, 510 Java Virtual Machine, 3 Java VM, 8 JCo RFC Provider, 270 546 © 2011 SAP AG. All rights reserved. K Kerberos, 253 L maintenance certificate, 492 Maintenance Optimizer, 497 maintenance transaction, 495 Manager configuration, 118 Managers, 29 MaxNewSize, 114 MaxPermSize, 114 Memory Allocation JVM, 113 Memory Management JVM, 113 Message server configuration, 140 Message Server, 24 Message Service, 24 N name server, 312, 317 NewSize, 114 2011 ADM800 Index NWA, 94, 132 NWDI, 306 P PAS, 23 patch, 510 permanent generation, 114 Permissions, 226 PermSize, 114 perspective, 368 Policy Configuration, 247 Primary Application Server Instance, 23 Principle, 211 Product, 313, 510 Profile Files, 139 Profile parameter enque/encni/port, 141 enque/serverinst, 141 enque/snapshot_pck_ids, 141 enque/table_size, 141 j2ee/enq/port, 143 j2ee/ms/port, 141 j2ee/scs/host, 141, 143 ms/http_port, 40 ms/server_port_0, 140 rdisp/mshost, 40 rdisp/msserv_internal, 140 public parts, 313 R Release, 313, 510 RMI, 297 Role JEE security role, 224 UME role, 224 Runtime filters configuration, 120 S SAML, 247 SAP JVM, 8 SAP Logging API, 464 SAP Management Console, 101 2011 SAP NetWeaver Administrator, 94, 132, 317 SAP NetWeaver Application Server, 15 SAP NetWeaver Application Server ABAP, 20 SAP NetWeaver Application Server ABAP and Java System, 20 SAP NetWeaver Application Server Java System, 20 SAP NetWeaver Developer Studio, 322, 325, 353, 367, 369, 387 SAP NetWeaver Development Infrastructure, 305, 322, 366 SAP System Landscape Directory, 312, 316 SAP Web Dispatcher, 39 SAP*, 238 SCA Transport, 392 SDA Transport, 394 Server process, 24 Server Processes Configuration of the Number, 121 Server-Based Load Balancing, 34 Services, 30 configuration, 118 Servlets, 301 severity, 464 Shell Console Administrator, 95, 103 Single Support Packages, 517 SNC, 152 Software component, 510 Software Component, 313 SP Stack, 512 SPNego, 253 SSL, 152 Startup and Control Framework, 51, 73 Stateful Requests, 37 © 2011 SAP AG. All rights reserved. 547 Index ADM800 stateless requests, 37 Support Package, 510 Support Package Stack, 510, 512 System, 340 System Landscape, 341 System Landscape Directory, 314 UME emergency user, 238 UME role, 224 UME roles, 226 User administration delegated, 214 User Store, 187 User Type (UME), 216 T VM, 8 VM Parameter Configuration, 115 VM Parameters, 94 Telnet (access to AS Java), 95 Telnet (Shell Console Administrator), 103 Template (Configuration), 110 tenured generation, 114 threshold value, 435 tp parameter, 348 Tracing, 463 track, 395 Transaction RZ20, 434 RZ21, 428 Transport Management System, 342 Transport Organizer Web UI, 387 transport request, 386 W Web Archive, 303 Web Dynpro, 368 Web Service Security, 156 WebDAV, 306 workspace, 391 Workspace, 370–371 WS Security, 157 X Xms, 114 Xmx, 114 Y young generation, 114 U UME, 187 UME administration console, 229 548 V © 2011 SAP AG. All rights reserved. Z Zero Administration, 110 2011 Feedback SAP AG has made every effort in the preparation of this course to ensure the accuracy and completeness of the materials. If you have any corrections or suggestions for improvement, please record them in the appropriate place in the course evaluation. 2011 © 2011 SAP AG. All rights reserved. 549

ADM800 EN Col81 FV Part A4

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib