SAP Router Definition
SAProuter is an SAP program which behaves as an intermediate station or proxy between SAP systems and external networks. It controls the access to our network and protects our SAP network against unauthorized access. It normally installed on the system with the firewall.
The use of saprouter means that a client will first connect to saprouter. SAProuter then connects to an additional SAProuter or to a SAP server.
Characteristics of SAPRouter:
1.Maintain our systems in the Market Place
2. SAP able to connect and we need to provide authentication
3. SAP Router provides the authorization and we need to provide the authentication.
The password will be visible [ ].
SAP router side will restrict the user.
Market place > connect to SAP
> R/3 Support
> Open connection
Take out the access from SCC4, SE38, SA38...
SAP Router is an executable which is used to restrict the access to the customer systems over the network. It works like a firewall/ proxy to permit and deny the access to the SAP systems.
It needs to be configured before implementation Part of SAP.
--------------
RMMAIN t-code only in SOLMAN
Implementation Road Map > Technical Infrastructure Planning > Order for Remote Connection to SAP
Project Preparation Phase
SAP Router
1. Create message to SAP along with your SAP Router [Hostname], IP Address and Customer Number (SAP Router need not be installed on Solution Manager /DEV/ QAS/ PRD.
It can be installed on any desktop, but it is advised to install on SOLMAN system to ensure that it is monitored periodically.
Cust Number: When we buy SAP we will be provided with the customer number.
.SAR - SAP Archive
.CAR - Compressed Archive
Kernel comes with .SAR only
[Global Host] - DB - Central Instance - Dialogue InstanceUsrsap
2. SAP responds with the distinguished name.
3. Create SAP Router directory and copy the executables from exeucNTi386 or download from the market place. (www.service.sap.com/swdc) copy only SAPCAR.exe, SAPROUTER.exe and NIPPING.exe
4. Download the Cryptography files from Market place related to OS and bit version (Download *.SAR files)
5. Uncar the files into SAPRouter directory
6. sapgenpse......... executable used to generate the personal security environment.
SAPROUTETAB is a file (without any extension) used to have ACL (Access Control List) S - Secure; P - Permit; D - Deny; K -SNC (Secure network connection)
7. Generate the certificate using distinguished "DN" name with executable SAPGENPSE.
8. Copy and Paste certificate from Begin to End the market place url/Saprouter-SNCADD
9. Request a certificate from the market place copy into srcert.
10. Import the certificate into router system using SAPGENPSE
11. Start the router using command saprouter -r -k "DN"
12. Goto SMP ---- Report Error --- Connect to SAP
Select the system - Maintain System Data -- Download service connector -- Maintain Router details ------- Start service connector -- Open connection by selecting the service---- Specify no of days and hours. Similarly, maintain all the other systems in the landscape. Inform SAP to connect to our systems.
13. On each backend system, we need to maintain the RFC details in OSS1 Transaction. It will update SAPOSS RFC Connection.
SAPOSS, SAP-OSS, SAPSNOTE are created on communicating with the Market Place.
SAP Router u have to configure it through SAP Service market place and apply for the license and it will let u to download the notes from SAP service market place and u can access the SAP GUI from home or any place with internet from ur laptop You should be able to see this SAPRouter in the Service Marketplace now.
1. logon to the SAP Service Marketplace with your S-user (internet explorer: www.service.sap.com)
2. Change to the alias SAPROUTER-SNCADD (www.service.sap.com/saprouter-sncadd)
3. There you should see -Software -Certificates First you have to download the crypto-Software from the SAP Service Marketplace.
Please check if it is possible for you to download the software. You can do that if you press the button 'Software'. You should get a note (Export Control Regulation). You are not allowed at the moment if you can't see a boutton 'I agree' in this screen. If you can't see the button 'I agree' then please follow the instructions on the page in the Service Marketplace ( Trust Center Service, not yet registered) and contact your local SAP contract administration and request the access to this page.They will initiate the further steps.