SAP Router Definition
SAProuter is an SAP program which behaves as an intermediate station or proxy between SAP systems and external networks. It controls the access to our network and protects our SAP network against unauthorized access. It normally installed on the system with the firewall.
The use of saprouter means that a client will first connect to saprouter. SAProuter then connects to an additional SAProuter or to a SAP server.
Characteristics of SAPRouter:
1.Maintain our systems in the Market Place
2. SAP able to connect and we need to provide authentication
3. SAP Router provides the authorization and we need to provide the authentication.
The password will be visible [ ].
SAP router side will restrict the user.
Market place > connect to SAP
> R/3 Support
> Open connection
Take out the access from SCC4, SE38, SA38...
SAP Router is an executable which is used to restrict the access to the customer systems over the network. It works like a firewall/ proxy to permit and deny the access to the SAP systems.
It needs to be configured before implementation Part of SAP.
RMMAIN t-code only in SOLMAN
Implementation Road Map > Technical Infrastructure Planning > Order for Remote Connection to SAP
Project Preparation Phase
1. Create message to SAP along with your SAP Router [Hostname], IP Address and Customer Number (SAP Router need not be installed on Solution Manager /DEV/ QAS/ PRD.
It can be installed on any desktop, but it is advised to install on SOLMAN system to ensure that it is monitored periodically.
Cust Number: When we buy SAP we will be provided with the customer number.
.SAR - SAP Archive
.CAR - Compressed Archive
Kernel comes with .SAR only
[Global Host] - DB - Central Instance - Dialogue InstanceUsrsap
2. SAP responds with the distinguished name.
3. Create SAP Router directory and copy the executables from exeucNTi386 or download from the market place. (www.service.sap.com/swdc) copy only SAPCAR.exe, SAPROUTER.exe and NIPPING.exe
4. Download the Cryptography files from Market place related to OS and bit version (Download *.SAR files)
5. Uncar the files into SAPRouter directory
6. sapgenpse......... executable used to generate the personal security environment.
SAPROUTETAB is a file (without any extension) used to have ACL (Access Control List) S - Secure; P - Permit; D - Deny; K -SNC (Secure network connection)
7. Generate the certificate using distinguished "DN" name with executable SAPGENPSE.
8. Copy and Paste certificate from Begin to End the market place url/Saprouter-SNCADD
9. Request a certificate from the market place copy into srcert.
10. Import the certificate into router system using SAPGENPSE
11. Start the router using command saprouter -r -k "DN"
12. Goto SMP ---- Report Error --- Connect to SAP
Select the system - Maintain System Data -- Download service connector -- Maintain Router details ------- Start service connector -- Open connection by selecting the service---- Specify no of days and hours. Similarly, maintain all the other systems in the landscape. Inform SAP to connect to our systems.
13. On each backend system, we need to maintain the RFC details in OSS1 Transaction. It will update SAPOSS RFC Connection.
SAPOSS, SAP-OSS, SAPSNOTE are created on communicating with the Market Place.