Configuring an AS Java-based SAP System

Objective

After completing this lesson, you will be able to describe the configuration of an AS Java-based SAP System

Configuration Wizard

When you have installed an AS Java-based SAP system, the configuration wizard establishes some technical settings. These settings are required for the technical processing of an SAP system or a technical scenario, for example, connectivity, service users, and usage-type initialization.

The technical settings should be made with the configuration wizard immediately after installing an AS Java-based SAP system. The configuration wizard is a part of the SAP NetWeaver Administrator (NWA). The SAP NetWeaver installation guide contains detailed information about the configuration tasks to choose while running the configuration wizard.

The configuration wizard makes the technical settings (technical configuration) using scenario-based templates, for example, for the AS Java-based SAP Process Integration (SAP PI) system, pure AS Java system, and so on. Automated configuration tasks allow you to centrally enter the same data only once, for example, connectivity, service users, and so on. The configuration wizard automatically distributes this data to the AS Java-based SAP system.

You cannot use the configuration wizard after an SAP system upgrade or after the installation of an additional usage type.

Caution

You can directly run the configuration wizard only once, after you have installed and patched the AS Java-based SAP system.

Configuration Wizard Initialization

Before you run the configuration wizard, apply the latest kernel patch and SAP Support Packages to your SAP system.

Configuration Wizard

Steps to Set Up the Configuration Wizard

  1. Call http://<server>:<port>/nwa in a browser and log on with a Java administrator user.
  2. Go to Configuration, then Scenarios. Start the Configuration Wizard.
  3. Choose a task from the list and choose the Start button.
  4. On the next screen, enter the required data and choose the Next button.
  5. Follow the screens in the configuration wizard. The configuration wizard makes the necessary settings and reports any configuration errors.

Note

For more information about the configuration wizard and its limitations, see SAP Note 923359 - Collective Note: Configuration Wizard - Template Installer.

Verification of the AS Java Configuration

Steps to Verify the AS Java-based System Configuration

  1. Create a second administrator user.
  2. Check and configure the necessary communication ports.
  3. Check the additional configuration settings for the following parameters:
    • Parameters depending on the size of the AS Java-based SAP system
    • Parameters depending on the expected workload
  4. Configure security settings.

To prevent locking the administrator (in case you change the administrator password and forget to update the entry secure storage), create a second administrator user after installing an AS Java based SAP system.

When you install an AS Java application server or create an additional server process, the AS Java assigns default values to the communication ports. If some of these communication ports are being used by another program, manually assign a different value to the corresponding port.

If necessary, change the assigned join port of a server process on which the server process listens for connections (for example, when the port assigned to the cluster element is already in use by another program).

Additional Configuration

The additional cluster configuration that you perform is divided into the following types of configurations:

  • Required configuration

    The required configuration includes the configuration of some additional parameters depending on the size of the AS Java-based SAP system, the expected workload, and so on.

    Although these settings are referred to as required configuration, it is recommended that you maintain the following settings only after careful consideration and testing:

    • Connections manipulation

      Connections manipulation configures the maximum number of user connections that the dispatcher can handle simultaneously and a time out for establishing these connections.

    • Service load time out

      Service load time out configures the maximum time for which the services on a cluster node should start.

  • Optional configuration

    The optional configuration is performed only if there are some problems within the AS Java-based SAP system operation. Otherwise, it is recommended that you do not reconfigure the default settings.

    The default settings are as follows:

    • Thread system configuration

      The thread system configuration optimizes the reallocation of SAP system resources. It is recommended to closely monitor and reconfigure the AS Java-based SAP thread system.

    • Startup and shutdown configuration

      Startup and shutdown configures the manner in which the cluster elements are started up and shut down.

    • Cluster communication configuration

      Cluster communication configures the Message Server, session, and lazy communication.

    • Services stop and event time out configuration

      Service stop and event time out specifies the waiting time of the Service Manager for each service.

The following components of the required and optional configurations facilitate the cluster configuration settings:

  • Connections Manipulator Manager

    The Connections Manipulator Manager represents the management of client connections in the cluster in AS Java-based SAP systems. The Connections Manipulator Manager has an indirect connection with all the services running on the dispatcher that receive or send data outside the cluster using a socket. You can configure the maximum number of user connections that a dispatcher is able to process at a certain moment, configure a time out for these connections, and configure the connections checks.

  • Service Manager

    The Service Manager changes the maximum time for which all services on a cluster node have to be started. If there are services that have not started after the time out elapses, the Service Manager assumes that all services are started and the SAP system continues with the other startup processes. The timed-out services continue their startup process in the background. A notification for each timed-out service is logged in the log files.

  • Thread system

    The AS Java thread system is responsible for handling SAP system and client threads. It comprises two managers – Thread Manager and Application Thread Manager.

    All the threads in which AS Java-based SAP system operations are executed, such as core, services, and so on, use system threads supplied by the Thread Manager. The Application Thread Manager supplies the threads in which the code of the client application is executed.

  • Cluster Manager

    The Cluster Manager configures the cluster in a way so that it works in full parallelism or it sets the cluster’s startup or shutdown in a serial manner. For configuration purposes, use the properties provided by the AS Java Cluster Manager. By default, the cluster elements startup and shutdown in full parallelism mode, that is, simultaneously without waiting for each other.

    Cluster Manager also configures the following communication:

    • Message Server communication

      The Message Server communication is established through the Message Server that is used as a dispatcher when sending messages. The advantage of this communication is that it provides a fail-over function that avoids the loss of information. The Cluster Manager provides the properties needed to configure the default settings of the Message Server communication.

    • Session communication

      The session communication is used to exchange information between the dispatcher and a server in one cluster group. The Cluster Manager provides properties to modify the default settings of the session communication.

    • Lazy communication

      The lazy communication mechanism is used automatically by the Cluster Manager to quickly exchange large amounts of information between two server processes without using the Message Server as an intermediary. The lazy communication is enabled only for a predefined list of services by default. You can enable a mechanism by which lazy communication is activated when a previously defined amount of objects is transferred between two parties for a defined time interval.

      Hint

      It is recommended not to modify the default Message Server communication, the default session communication, and the default lazy communication settings unless it is officially advised to do so by SAP support.
  • Stop time out

    The stop time out service in the Service Manager is responsible for the maximum time that the Service Manager waits for each service to stop when the cluster node is shutting down. If this time out has elapsed and the service has not managed to stop, the Service Manager continues with the cluster node shutdown. A notification for each timed-out service is logged in the log files.

  • Event time out

    The event time out in the Service Manager specifies the time that the Service Manager waits for the event to be processed before undertaking another action. If you want to stop a service, a beforeServiceStopped event is executed first. Then, the Service Manager waits for all components to process the event. That is, the components are notified that the service will be stopped and they should undertake the appropriate actions, such as unregistration and so on. The service is stopped after the specified time out.

    The default value of the event time out is 20 sec. If after 20 sec, there are still components that have not processed the event, the system does not wait for them and the services are stopped. It is recommended to modify this value only if you have problems in stopping the service, else do not reconfigure the default time out.

Security Configuration

While configuring security, you may need to configure some additional aspects of the server’s security environment. Providing security for the applications that run on the AS Java-based SAP system is an important aspect in the overall architecture of the AS Java-based SAP system. You need to be able to identify the users that access the server and protect access to individual resources. Confidentiality is also important when dealing with sensitive information.

Observe the following settings to increase security for your AS Java-based SAP system:

  • Security Provider Service

    The Security Provider Service is the primary service required for maintaining security environment of the server.

    You can use this service for the following:

    • Choose cryptographic providers.
    • Select the data source.
    • Maintain users and groups.
    • Assign security roles.
    • Restrict access to resources.
    • Set up your login modules to use.
    • Maintain protection domains.
    • Monitor user sessions.
  • User Storage Service

    The Security Provider Service uses the User Storage Service to determine and access the chosen data source, either the Database Management System (DBMS) user store or the User Management Engine (UME). No administration tasks are directly associated with this service; however, you can change the properties that apply.

  • Key Storage Service

    The Key Storage Service is used to maintain the server’s personal security information where cryptography is supported, for example, when using the Secure Socket Layer (SSL) protocol. You can create server’s key pairs, generate the corresponding certificate signing requests, and maintain the list of trusted Certification Authorities (CAs) associated with the key pair.

  • SSL Provider Service

    The SSL Provider Service is used to select the key pair that the server is to use for SSL. If you are using client certificates for user authentication, you also maintain the list of CAs who you trust as issuers of client certificates.

  • Certificate Revocation Check Service

    Certificate Revocation Lists (CRLs) are used with the AS Java-based system to make sure that a given certificate has not been revoked by the issuing CA.

  • Security Assertion Markup Language (SAML) Authentication Service

    The SAML Authentication Service handles the user authentication for applications that use the SAML. It requests and processes the SAML user assertions from the corresponding SAML source site.

  • Secure Storage Service

    The Secure Storage Service maintains the secure storage area of the AS Java-based system. The secure storage area is a storage area on the server that applications or services can use to store security-critical information, such as passwords. Data stored in this area is encrypted and can only be accessed and decrypted by the corresponding application.

  • Destination Service

    Applications or services establish connections to other services. When using such connections, you need to specify the address of the remote service and confirm the user authentication information to use for the connection. Many applications use the Destination Service for this purpose.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn