Saprouter Download

Installing a saprouter on Linux is straight forward.

  1. Saprouter.exe Download
  2. Saprouter Download Linux
  3. Saprouter Download Path

Download the latest version of the SAProuter from SAP Service Marketplace. Read the README file in this package. Copy the executables saprouter.exe and niping.exe to the directory you have just created. If there is no SAProuter there, you can get a version (may be obsolete) from your directory: usr sap SYS exe run. STEP 11: Create SAProuter service on Windows with the command:(download ntscmgr from Sap note 618053) and run the command - ntscmgr install SAProuter -b C: saprouter saprouter.exe -p 'service -r -R C: saprouter saprouttab -W 60000 -K ^p:^' STEP 12: Edit the Windows Registry key as below: (regedit).

.. at least without using SNC.

SAP Routers can be used to

  • connect your production system to SAP Remote Services
  • route traffic of on premises SAP GUI users to a peered VNC
  • Allow on premises SAP GUI users to reach highy available SAP systems which use an overlay IP address.

The playbook for the installation is

  • Create files for services, the installation, a saprouting table file
  • Copy all files to a private S3 bucket
  • Create a policy which allows the instance to pull the files from the S3 bucket
  • Use an AWS CLI command to create an instance which will automatically install the saprouter

Create a configuration file with the name saprouttab. The simplest one which means: route all ABAP traffic in all directions is a file with the name /usr/sap/saprouter/saprouttab with the content:

This means: P(ermit) ALL SOURCE IP/HOSTNAMES to ALL DESTINATION IP/HOSTNAMES using a PORT-RANGE from 3200 – 3299

Create a policy which looks like the following:

Replace the following variables with you individual settings

  • bucket-name: the name of the bucket which stores all files to be downloaded
  • bucket-folder: The subfolder which contains your download information. It is an optional part

Add this policy to a new role.

Attach the role to the instance when you will create it.

SLES 12, 15 or Red Hat will need a service to restart the saprouter whenever needed. Create a file saprouter.service:

Start the service with the commands:

Create a file install.sh: 2000 ford focus zx3 owners manual parts.

The file will work if there are three unique files in the download bucket which are the onlyones with names like sapcar*, sapcrypto*.sar and saprouter*.sar. Capitalztion will not matt Update the bucket-name and the bucket-folder variables matching your individual needs.

Create a file withe the name uninstall.sh:

Upload the following files to the S3 bucket:

  • sapcar
  • Cryptolib installation file
  • saprouter installation file
  • saprouttab
  • install.sh
  • uninstall.sh
  • saprouter.service

There is no need to make this bucket public. The instance will have an IAM profile which entitles the instance to download the files needed.

Create a file prep.sh:

--//
Content-Type: text/cloud-config; charset='us-ascii'
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename='cloud-config.txt'

#cloud-config
cloud_final_modules:
- [scripts-user, always]

--//
Content-Type: text/x-shellscript; charset='us-ascii'
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename='userdata.txt'

#!/bin/bash
BUCKET='s3://bucket-name/bucket-folder'
# take a one scond nap before moving on..
sleep 1
aws s3 cp ${BUCKET}/install.sh /tmp/install.sh
chmod u+x /tmp/install.sh
/tmp/install.sh $BUCKET
--//

Saprouter.exe Download

Replace bucket-name and bucket-folder with the appropriate values.

This file will get executed when the instance will get created.

The following script will launch an instance with an automated saprouter installation. It assumes that

  • The local account has the AWS CLI (Command Line Interface) configured
  • The AMI-ID is one of a SLES12 or SLES 15 AMI available in the region (image-id parameter)
  • There is security group which has the appropriate ports open (security-group-ids parameter)
  • The file prep.sh is in the directory where the command gets launched
  • There is subnet with Internet access and access to the SAP systems (subnet-id parameter)
  • There is an IAM role which grants access to the appropriate S3 bucket (iam-instance-profile parameter)
  • aws-key an the AWS key which allows to login through ssh. It needs to exist upfront

The command is

This command will create an instance with

  • a public IP address
  • a running saprouter
  • a service being configured for the saprouter
  • SAP Cryptolib currently gets unpacked but not configured (stay tuned)

Installation as VPC internal saprouter as a proxy to relay traffic from on-premises users

Omit the parameter --associate-public-ip-address. This parameter creates a public IP address. You don't want this for an internal saprouter.

Use this template (saprouter.template). It works with SLES 12SP3. Replace the AMIs if you need a higher revision.

  1. Upload the template to an S3 bucket
  2. Upload the SAP installation media and the file saprouttab to a S3 bucket
  3. Execute the file in CloudFormation

Saprouter Download Linux

Warning: Please check the template upfront. It'll allocate resources in your AWS account. It has the potential to do damage.

Consult the SAP documentation to configure SNC or more detailed routing entries.

Skip to end of metadataGo to start of metadata

How To install SAProuter via SNC

The first thing we need to do, is to send a customer message to SAP Support (component XX-SER-NET-OSS-NEW) and tell them to register the hostname and IP of our new Saprouter.

(In our case it is system name (hostname) = ' **'and Public Ip =*******)
We have to register it with the official IP address (no internal IPs allowed), but it's allowed to use NAT in the firewall/router.
Ports to be allowed in firewall/router (for Secured connection).
• 32nn: R3 Support Connection
• 23: Telnet
• 1503: Netmeeting
• 5601: PC-Anywhere
• 3389: Windows Terminal Server (WTS)
After we've received a confirmation from SAP that our Saprouter has been registered, we are ready to configure the Saprouter.
2.1 Go to www.service.sap.com/downloads and down latest SAP Crypto Library
2.2 copy sapcar.exe from exe/run directory of SAP Server
2.3 uncar the dlls and sapgenpse.exe from this using sapcar -xvf xxxxxxxx.car

Saprouter Download Path

If our Saprouter directory is C:saprouter, these are the steps to follow.

STEP 1: Copy the unpacked files into C:saprouter

STEP 2: Set 2 environment variables: SECUDIR and SNC_LIB according to the
guide we've downloaded.

Saprouter Download

SECUDIR=C:Saprouter
SNC_LIB=C:Saproutersapcrypto.dll

STEP 3: To generate a certificate request, run the command -
sapgenpse get_pse -v -r C:usrsapsaproutercertreq -p C:saprouterlocal.pse '<Distinguished Name>'

[In our case Distinguished Name =CN=***, OU=*****, OU=SAProuter, O=SAP, C=DE available at system data maintaince and also at www.service.sap.com /saprouter-sncadd
In this step certreq and local.pse files are created at C:saprouter folder

Note: We will be asked for a PIN code. Just pick our own 4 numbers, but we'll have to use the same PIN every time we are asked to enter one. This number is important because, the same number should be provided in future when our Saprouter secure certificate validity expires, so remember the PIN code. (In our case it is PIN:****)]

STEP 4: Then we have to follow the guide and request the certificate from
http://service.sap.com/saprouter-sncadd-> SAProuter Certificate

You may apply for a SAProuter certificate from the SAP Trust Center Service of SAP service marketplace http://service.sap.com/saprouter-sncadd
> SAP Trust Center Service in Detail > SAProuter Certificates

SAProuter Certificate 'Apply Now'

STEP 5: Copy the contents of the certreq file and paste the contents in the place provided there.

STEP 6: Then, clicked the 'Continue' button.

STEP 7: This will generate a certificate details: then copy the contents and create a file srcert (without any extension) in C:Saprouter and copy the certificate details and paste it in this file.

STEP 8: Run the command -
sapgenpse import_own_cert -c C:saproutersrcert -p C:saprouterlocal.pse

(This will create files dev_rout etc. In C:saprouter folder then create a file saprouttab (Without any extension and copy the following contents the file.

STEP 9: To generate credentials for the user that's running the SAProuter
service, run command:

sapgenpse seclogin -p C:saprouterlocal.pse -O administrator

(this will create the file 'cred_v2' in C:saprouter folder )

STEP 10: Check the configuration by running command:

sapgenpse get_my_name -v -n Issuer
(This should always give the answer 'CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE')
sapgenpse get_my_name(to find the validity of license)
STEP 11: Create SAProuter service on Windows with the command :(download ntscmgr from Sap note 618053) and run the command -

ntscmgr install SAProuter -b C:saproutersaprouter.exe -p
'service -r -R C:saproutersaprouttab -W 60000 -K ^p:<Distinguished Name>^'

STEP 12: Edit the Windows Registry key as below: (regedit)

MyComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSAProuterImagePath --> Change both the (^) to (')

RECOMMENDED TO RESTART

STEP 13: Start the SAProuter service (there maintain logon user details as administrator and password.)

STEP 14: Enter the below parameters in OSS1 -> Menu - Technical Settings

a). Click on Change -

Saprouter at Customer Site:

Name:
IP Address:
Instance no:

Saprouter at SAP:

Name:
IP Address:
Instance no:

Save the settings.

Now you can log on to SAPNet by clicking on Logon to SAPNet.

Use your OSS ID and password.

Controls:
Start router : saprouter -r
Stop router : saprouter -s
Soft shutdown: saprouter -p
Router info : saprouter -l (-L)
new routtab : saprouter -n
toggle trace : saprouter -t
cancel route : saprouter -c id
dump buffers : saprouter -d
flush ' : saprouter -f