Basis Notes Java

SAP NetWeaver 7.1

Sr.no

Topic

1

SAP NetWeaver Application Server Architecture

2

Memory Management in AS ABAP

3

SAP START / STOP

4 5

SAP Profiles Trouble shooting SAP System

6

Operation Modes

7 8

SAP ABAP User Administration

9

System Logon and Logon Groups

10

RFC Connection

1|Page

Authorization Concept

Pg.no

SAP NetWeaver 7.1

1) SAP NetWeaver Application Server Architecture a) SAP ABAP + JAVA: i) AS ABAP: The AS ABAP provides the complete technology and infrastructure to run ABAP applications. ii) AS Java: The Application Server Java provides a Java™ 2 Enterprise Edition (Java EE) 1.6 compliant environment for developing and running Java EE programs. iii) Web Server or Web Client: (1) SAP NetWeaver AS can act both as a Web server and as a Web client. (2) In its Web server role SAP NetWeaver AS can act both as a Web server and as a Web client. (3) In its Web server role, it can accept HTTP requests from any Web client (for example, a browser), process the requests, and send a response back to the client. (4) If you use SAP NetWeaver Application Server as a client, you can create HTTP requests in an application program, and send these requests to a Web server. 2|Page

SAP NetWeaver 7.1

(5) The client then receives the responses and proceeds on the basis of the responses. (6) In both cases statefull (state retained in the user context) and stateless requests can be processed.

3|Page

SAP NetWeaver 7.1

b) Architecture :

c) Technical Components : i) An SAP system consists of several application server instances, as well as one or more databases. ii) In addition to multiple dialog instances users choose to execute, there is a central instance that contains the message server and the enqueue server. The SCS (System Central Services) for the AS JAVA, the ASCS (ABAP System Central Services ). It cannot process any dialog requests.

iii) Message Server: Only one message server can run in each SAP system. It performs the following tasks in the SAP system: (1) Central communication channel between the individual application servers (instances) of the system (2) Load distribution of logons using SAP GUI and RFC with logon groups (3) Information point for the Web Dispatcher and the application servers (each application server of the system firsts logs on to the message server)

4|Page

SAP NetWeaver 7.1

(4) When an instance is started, the dispatcher process contacts the message server so that it can announce the services it provides (DIA, BTC, SPO, UPD, and so on). (5) If the connection setup to the message server fails, an entry is made in the system log (syslog). (6) To monitor the message server, you can use the message server monitor (transaction SMMS) iv) Enqueue Server: used for lock administration. (1) The applications can lock objects and release locks again. The Enqueue Service processes these requests and manages the lock table with the existing locks. Server. (Read types of lock) v) A dialog instance with AS ABAP and AS Java consists of the following components: (1) The Internet Communication Manager (ICM) sets up the connection to the Internet. It can process both server and client Web requests. It supports HTTP, HTTPS and SMTP protocols for the AS ABAP. (2) In AS Java the ICM supports the HTTP(S), P4, IIOP and Telnet  protocols. vi) AS ABAP components : (1) The dispatcher  distributes the requests to the work processes. If all the processes are occupied, the requests are stored in the dispatcher queue.

(2) The work processes execute ABAP or Java programs. (3) The SAP Gateway provides the RFC interface between the SAP instances (within an SAP system and beyond system boundaries).

vii) (1) (2)

AS Java components : The Server Processes execute Java requests. The instance controller  controls and monitors the life cycle of the AS Java instance.

Minimum AS Java Cluster: A minimum AS Java cluster installation viii) consists of a central services instance, one Java instance with one server process, and a database. *****************************************************************************************************

5|Page

SAP NetWeaver 7.1

1) SAP NETWEAVER Administration a) Operation Management : i) Identity Management (1) Administration of Users, Groups, and Roles (2) Managing Users, Groups, and Roles (3) Assigning Principals to Roles or Groups (4) Locking or Unlocking Users (5) Password Management (6) Approving or Rejecting Users (7) Moving a User to Another Company  Concepts : (i) Default Groups 1. The following default groups are determined dynamically at runtime. They are not defined in the user data source. 2. Everyone: This group is the sum of the groups Anonymous Users and Authenticated Users. 3. Anonymous Users: This group contains all named anonymous users that are listed in the user management engine (UME) property ume.login.guest_user.uniqueids. 4. Authenticated Users: This group contains all nonanonymous users, that is, users who must authenticate themselves to access an application. (ii)User Profile: The user profile is the set of user data that administrators (and sometimes business users) can display and modify. It includes attributes such as name, e-mail address, and language. (iii) Self-Registration: Self-registration means that new users can register themselves at logon (iv) Users types: User Type

Description

Default Users

Used for regular generic users. Users of this type have the following characteristics:

6|Page

SAP NetWeaver 7.1

● Can log on to the AS Java by providing authentication credentials interactively or with SSO. ● Normal password rules apply, for example the user’s password can expire or the password must be changed after initial logon. ● Created by administrators, during self-registration, or read from external UME data sources. The administrator and guest users are created automatically during installation. ● UME maps (A) Dialog users from the AS ABAP data source to this type. Well known users of this type include: administrator, guest. Technical Users

Used for system to system communication. Users of this type have the following chara cteristics: ● Can be used to log on to the AS Java. ● Password does not expire. ● Some created automatically, some by user admin. ● UME maps (B) System users from the AS ABAP data source to this type. Well known users of this type include: SAPJSF. Although SAPJSF is a technical user, you cannot log on to the AS Java with it for security reasons. For more information, see SAP NetWeaver AS ABAP User Management as Data Source.

Internal Service Users

Used to perform internal operations. ● Cannot be used to log on. ● Usually do not have passwords. ● Normally created automatically. ● Users exist only in the Java database, does not map to other data sources. ● Type cannot be changed. Well known standard users of this type include: config_fwk_service, ume_service

Unknown Users

This type cannot be created from the UME and exists only as mapped from an AS ABAP data source. ● UME maps to this type AS ABAP users of type (C) Communication, (S) Service, and (L) Reference. ● Unknown users of this type have the same characteristics as Default users. ○ Can be used to log on.

7|Page

SAP NetWeaver 7.1

○ Normal password rules apply.

(8) AS Java Standard Users: Type of User

User Description

Administrator user

Administrator This user has unlimited administrative permissions over the AS Java. We recommend that you use strong password and auditing policies for this user.

Guest user

Guest This user is also used for anonymous access to the AS Java. By default, this user is locked.

Technical user

DB user is specified during installation. Example: SAPDB The AS Java also uses this user for DB connectivity when you configure the UME with the DB.

In addition to the above standard users, a default AS Java installation can also contain the following technical user:

User

Description

ADSuser Used for communication between the AS Java and the Adobe Document Services (ADS). This user is created in the AS Java or in the AS ABAP depending on the user store installation settings. For more information, see the Adobe Config Guide in the ADS Documentation and SAP Interactive Forms  by Adobe Security Guide in the SAP NetWeaver Security Guide. (9) Standard User Groups

8|Page



Name



Description



You can determine the name during



Contains all the users that have unrestricted administrative privileges on the AS Java.

SAP NetWeaver 7.1

installation. The default name offered is: Administrators



Users in this group have permissions to manage all other users (including other users with administrative privileges) as well as other security settings. No other users can perform user maintenance and security administration tasks.

You can determine the name during installation. The default name offered is: Guests



Contains authenticated users with limited authorizations. Such users have limited system access or have registered asCompany users in UME and are pending approval. Initially contains only the standard guest user (Default name: Guest).



Authenticated Users



Contains all non-anonymous users, that is, users that have to authenticate themselves on the AS Java. This group is a built-in group, whose members are determined at runtime.



Anonymous Users



Contains the guest user that are listed in theume.login.guest_user.uniqueids property in the UME properties. This group is a  built-in group, whose members are determined at runtime.



Everyone (or all)



Contains all the users and groups on the server. This group is a built-in group, whose members are determined at runtime.



(10)



Important Task  :  Creating a Technical User :  Procedure (i) Start identity management. (ii)In the Search view, choose User

9|Page

SAP NetWeaver 7.1

(iii) Choose Create User. (iv) Set Security Policy to Technical User. (v) Choose Save. 

Property

Activating the Emergency User: (i) Activate the SAP* user: (ii)Start the config tool for editing user management engine (UME) properties as described in Editing UME Properties. Value

ume.superadmin.activated true

Comment

This activates the SAP* user.

ume.superadmin.password Enter any password of your choice. This defines the password for the SAP* user.

(iii) Restart the AS Java. (iv) The SAP* user is now activated. While it is activated, all other users are deactivated. You can only log on with the SAP* user. (v) Fix your configuration as required, logging on with the user ID SAP*and the password you specified. (vi) When you have fixed your configuration, deactivate the SAP* user again. (vii) Start the config tool for editing UME properties. (viii) Set the property ume.superadmin.activated to false. (ix) Restart the AS Java. ii) Java Archiving Cockpit (1) You can call the Java Archiving Cockpit in the NWA in the following manners:  Choose Operations Management → Data and Databases then Java Archiving Cockpit  /nwa/archcockpit (2) Purpose: The Java Archiving Cockpit is the central user interface (UI) for the administration of archiving sessions created by an application running in an Application System Java (AS Java).

10 | P a g e

SAP NetWeaver 7.1

(3) The Java Archiving Cockpit offers functions for manually starting, or scheduling, the write and delete phases, and for configuring the  properties of archiving sets. (4) It also contains an archiving monitor for checking the progress and state of archiving sessions. iii) JAVA Scheduler (1) To start SAP NetWeaver Scheduler for Java, in the SAP NetWeaver Administrator, choose Operation Management → Jobs → Java Scheduler. (2) This UI provides the user interface to the SAP NetWeaver Scheduler for Java. (3) You can schedule and keep track of the automated execution of tasks running in the background. (4) You can access this function with the quick link: /nwa/scheduler  (5) Viewing Jobs  You can view a portion of 500 jobs carried out by the defined job tasks.  For each job, you also see the following information: (i)

11 | P a g e

SAP NetWeaver 7.1

12 | P a g e



The Info tab contains the following general information



The Parameters tab contains the following information

SAP NetWeaver 7.1



The Log tab contains the logs which the job produced during execution. You can view the log message, its severity, and time stamp. b) Start & Stop i) Allows you to start, stop, and restart the available Java instances, services that are not core, and the deployed AS Java applications. ii) You can access this function with the quick link: /nwa/start-stop. (1) Starting and Stopping Java Instances (2) Starting and Stopping AS Java Services (3) Starting and Stopping Java Applications c) XML DAS Administration i) Functions for administering the XML Data Archiving Service (XML DAS). ii) You can define and test the archive stores, synchronize the home paths  between application systems and XML DAS, and assign home paths to archive stores. iii) You can access this function with the quick link: /nwa/xmldas 2) Configuration Management a) Authentication i) You can access this function with the quick link: /nwa/auth. ii) Allows you to choose the required authentication mechanism for your applications

13 | P a g e

SAP NetWeaver 7.1

b) Destinations i) You can use the destination service to specify the remote service’s address and the user authentication information for remote connections. ii) You can access this function with the quick link: /nwa/destinations. iii) Applications or services can establish connections to other services. iv) When using such connections, you need to specify the remote service’s address and the user authentication information to use for the connection (1) RFC Connection Procedure  Configuration Management → Security Management. Choose Destinations  To create a new destination, choose Create  Enter the following information in the corresponding fields: (i) Hosting system: (ii)Destination Name: (iii) Destination Type: RFC c) JCo RFC Destinations i) The RFC is an SAP interface protocol ii) The RFCs enable you to call and execute predefined functions in a remote system, or in the same system. iii) In the AS Java the RFC functions are implemented by the RFC Engine service, which is presented in the SAP NetWeaver Administrator under the name JCo RFC Destinations. iv) This service is used for processing ABAP to Java requests. v) This is done by registering the AS Java as an RFC destination.

14 | P a g e