SAP Router Installation

On this posting, I’ll try to explain about how to install and configure SAProuter and also how to set your SAProuter to match with Secure Network Communication (SNC) just SAP want to if they have to support you.

The first thing you need to do, is to send a customer message to SAP Support(component XX-SER-NET-OSS-NEW) and tell them to register the hostname and IP of your new SAProuter.

You have to register it with a official IP address (no internal IPs allowed), but it’s allowed to use NAT in the firewall/router.

After you’ve received a confirmation from SAP that your SAProuter has been registered, you are ready to configure your SAProuter.

If your SAProuter directory is C:\usr\sap\saprouter, below the steps you can follow.

Note: You will be asked for a PIN code. Just pick your own 4 numbers, but
you’ll have to use the same PIN every time you’re asked to enter one.

1. Set 2 environment variables: SECUDIR and SNC_LIB according to the
guide you’ve downloaded.

2. Download the SAP Crypto Library and unpack it into C:\usr\sap\saprouter

3. To generate a certificate request, run the command:
sapgenpse get_pse -v -r C:\usr\sap\saprouter\certreq -p C:\usr\sap\saprouter\local.pse “”

4. Then you have to follow the guide and request the certificate from
http://service.sap.com/tcs -> Download Area -> SAProuter Certificate

5. Create a file C:\usr\sap\saprouter\srcert and copy the requested
certificate into this file. The run the command:
sapgenpse import_own_cert -c C:\usr\sap\saprouter\srcert -p C:\usr\sap\saprouter\local.pse

6. To generate credentials for the user that’s running the SAProuter service, run command:
sapgenpse seclogin -p C:\usr\sap\saprouter\local.pse -O
(this will create the file “cred_v2″)

7. Check the configuration by running command:
sapgenpse get_my_name -v -n Issuer
(This should always give the answer “CN=SAProuter CA, OU=SAProuter,
O=SAP, C=DE”)

8. Create SAProuter service on Windows with the command:
ntscmgr install SAProuter -b C:\usr\sap\saprouter\saprouter.exe -p
“service -r -R C:\usr\sap\saprouter\saprouttab -W 60000 -K
^p:^”

9. Edit the Windows Registry key as follows:
MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAProute
r\ImagePath –> Change both ^ to “

10. Start the SAProuter service

11. Enter the required parameters in OSS1 -> Technical Settings

———————————————————————————

Installation on UNIX
———————————————-

1. Create the subdirectory saprouter in the directory /usr/sap/.

2. Get the latest version of the SAProuter from the SAP Service Marketplace (service.sap.com/patches). Choose Support Packages and Patches ® Entry by Application Group ® Additional Components ® SAPROUTER. The SAProuter is in packet saprouter*.SAR; the program niping is also in this packet. Copy programs saprouter and niping to the newly created directory /usr/sap/saprouter.

If you cannot copy the programs from SAP Service Marketplace, you can copy a version (may be obsolete) from your directory /usr/sap//SYS/exe/run.

3. (Optional) If you want to start the SAProuter on the same computer used for an SAP instance, insert the following line into file /usr/sap//SYS/exe/run/startsap:

#

# Start saprouter

#

SRDIR=/usr/sap/saprouter

if [ -f $SRDIR/saprouter ] ; then

echo “\nStarting saprouter Daemon “ | tee -a $LOGFILE

echo “—————————-“ | tee -a $LOGFILE

$SRDIR/saprouter -r -R $SRDIR/saprouttab \

| tee -a $LOGFILE &

fi

Insert the lines before the commands to start the SAP instance.

Normally the SAProuter runs on a different computer. If this is so, this step is omitted and you start the SAProuter as described in Starting the SAProuter.

4. Maintain the route permission table in directory /usr/sap/saprouter. If you want to keep it in another directory or under a name other than saprouttab, you must specify this with the SAProuter option -R (see Option R ).

This should help in SAP Router configuration and installation. Step forward, guys.