Validating Passwords on Websites

July 19th, 2010 View Comments Posted in BASIS, Debugging, Monitoring

I feel a bit ordinary writing a blog post about something as trivial as one line of javascript, so I decided to include a picture as well.

Those look like passwords... They ARE passwords....

It shows a screen from the guided procedure for Solution Manager Configuration.  The interesting part is what I have done wrong.  I’m using the javascript referred to by this link ( Show Passwords ) to display the value(s) of all password fields on the current web page.

In this case, the Administrative User values are the same, but the Administrative Password fields are different.  Since they are using the same User Source (the ABAP engine), one of the values (or both !!) must be incorrect.

Save the javascript by dragging the Show Passwords link to your bookmarks, or by saving the link to your bookmarks.  This has been tested in IE6 thru IE8 and in Firefox.


SAP’s SME Solutions – A Guide to the Product Portfolio

April 26th, 2010 View Comments Posted in BASIS, Career, Management, SAP-related sites

I recently came across an interesting article on SAP’s SME Solutions – A Guide to the Product Portfolio. It breaks down the four SAP products for SME products by size, functionality, industry coverage, deployment options and cost of ownership.

The most important point the post makes is that there exists a range of SMEs, and that a one-size software solution does not fit all. This leads to some further points worth noting.

The smaller the SME, the less likely they are to adopt complex technology. While there is movement to Linux and open source ERPs (because of the TCO perceptions), when they do get into technology, they tend to select Microsoft platforms (e.g. .Net, SQL Server).

Because of TCO concerns, the smaller SMEs were the first to adopt software as a service (SaaS), and that model continues to gain traction within the SME market. The implication is that any SME strategy must include a SaaS strategy.

SAP Product

Product Description

SAP Business Suite The “original” suite of applications for enterprise-class customers. Includes ERP, CRM, PLM, SCM and SRM. Built on the original (and evolving) ABAP/Java platform.
SAP Business All-in-One A partially “pre-configured” version of Business Suite, offering 80% configured solutions for larger SMEs in a wide range of industries.
SAP Business One >A completely different product designed for smaller SMEs. Acquired in 2002 (through TopManage), the product is developed in Microsoft .Net technologies.
SAP Business ByDesign A completely software as a service (SaaS) system developed by SAP and introduced in 2007. For SAP, it’s an entirely new approach to software design and deployment.

Given that its a blog post, the article does a good job of detailing the four SAP products that resulted from the new SME Strategy, albeit at a high-level view. While it won’t answer all your questions, it will give you a good starting point, especially about costs and appropriate products, for your conversation with SAP or your implementation partner,


SAP career paths for BASIS or Netweaver Technical consultants ?

February 6th, 2010 View Comments Posted in BASIS, Career, Management

Now, I may be biased, but I had to start off with this quote from Jon Reed

Before I get to the videos, I want to say that Basis is one of the most neglected areas in terms of SAP career content. Even on SDN, there are way more conversations and forums on development than Basis. This is too bad, as the Basis/NetWeaver Admin role is a vital one to most projects.

No one else is managing your career or your future. If you want more control and choice over where you work and what you do, I recommend you read Jon Reed’s latest career advice and career trends. Jon is an SAP Mentor and his name is probably familiar to you already through his SCN blogs and ASUG and Sapphire presentations. He’s got about 15 years experience in analyzing the SAP career market, and he has worked in SAP recruitment. This all adds up to someone who knows what the SAP job market is looking for, and what makes some candidates more marketable than others.

The white papers Jon created are

You can also access the white paper on Jon Reed’s website.

However, one thing you will notice is that these particular whitepapers emphasise the functional and developer career paths; there is not much reference to the BASIS or Netweaver Technical Consultant career path. Jon identified this himself in another post, this time on his web site, What is the SAP Career Path for Basis Administrators – NetWeaver Engineers?. He has taken a presentation on the career path for Basis-NetWeaver prosby SAP Mentor Tony de Thomasis of Australia Post (based in part on Jon’s earlier work referred to above) and taped four commentary tracks through Tony’s Prezi slides.

…. just resting on our laurels isn’t going to cut it in this economy – “stronger measures” are required. Part four gave me a chance to share my views on the content as a whole, and why it’s so important to find an SAP career path that combines skills marketability with a passionate, or even soulful, angle.

I used to say I was in BASIS (which is why this blog was called basissap.com). However, many people seem to see this as being restricted to R3 ABAP Administration, with perhaps some particular combination of OS and DBMS skills. Nowadays, regardless of the platform your SAP system(s) run on, BASIS Administrators / Netweaver Engineers need knowledge of their site’s OS / DBMS combination, good windows server administration skills (for managing your TREX, and possibly EP, systems), maxdb knowledge (for your SRM system), etc etc.

With all these skill requirement, possibly including other duties as well (depending on the size of your environment), how do you avoid being jack of all trades and master of none ?

For your own sake, you pick two (maybe three) Core Skills in BASIS or Netweaver and become the local guru in those. This provides security of employment; in other words, you know enough about the SAP core to be valuable to both your current employer, and future employers.

Pick another couple of areas that interest you, but aren’t crucial to your organisation (at least, not yet). Jon refers to these as Edge Skills. They should be skills that are on the horizon, either within the SAP ecosystem, or your organisation. These are the skills that will make you employable in the future.

But what about all the other areas ? In one of my previous incarnations, I was an MVS Systems Programmer. The most important thing I learnt was how to use the manuals (they weren’t online when I started). A key part of this was my own notes – Knowing where to find the official answer or process isn’t always enough, you need to get it working, and sometimes you only perform the process once every couple of years or so, and it is difficult to remember exactly how it works from time to time.

Keeping records of what works and what doesn’t work, especially in relation to your own environment, gives you an edge on those who don’t, and of course, it is nice to know what the real process is (as opposed to what the books say !!).

A word of advice here; do not horde your documentation or knowledge –

  • its hard to get moved to the exciting new project if you’re irreplaceable, and
  • after all, you’re getting paid to support and help.

It also identifies you as someone who will help, who will answer questions about (or can find out) what really works.

Another way of finding out stuff is experimenting with your own system; an SAP preview system, or one of the New Community Developer Systems. These systems, well removed from the semi production status of the ‘real’ Development and Testing systems, provide scope for you to experiment and develop ideas into implementable services. This identifies you as someone who can bring real value to the SAP Environment, the IT organisation, and your employer in general.

Businesses are not run by IT departments....


Finding what tables and fields lie behind an SAP transaction

January 7th, 2010 View Comments Posted in BASIS, Configuration, Debugging

A standard BASIS problem is the generic “what is it doing and why ?” question. This could be in the context of debugging a program or process, or trying to work out what configuration changes are required to make something work. It generally occurs when the development or functional team have moved on, leaving someone who knows what to do but not why – usually a user (under pressure from their boss) who just wants to get the system doing what they’ve been told it should be doing….

However, your BASIS team (or person) has to be a jack of all trades, with not just a smattering of SAP functional knowledge, but also a working knowledge of Networking, Desktop PCs, the Operating System(s) and Databases(s) their SAP systems are running on and so on.

I’ve found that the best way of dealing with this need to know something about everything is not by trying to know everything, but by knowing how to find out everything. An example of this is comes from Jerome Mungapen’s SAPLOG, where he provides a useful reminder of some of the various ways of finding what tables and fields lie behind an SAP transaction:

Have you ever been frustrated trying to find which table and field a piece of data is stored in. You can see it on the screen, and the old faithful F1 – F9 results in some useless structure information. Or have you ever started looking at a piece of functionality you are unfamiliar with wanting to find the table structures behind it in SAP. Well this article shows my favorite five ways of digging under the hood to find out what’s going on.

Jerome lists five methods, but one of them assumes you have the time (and need) to get really in depth knowledge of a given area of SAP. I’ve listed the four methods I use (plus Jerome’s extra one) in the order I’ use them when closely examining or debugging a transaction I’m unfamiliar with.

Use a Different Field

If the technical information pop up shows a structure and not a real field, just try another field on the same area of the screen. It is surprising how often this works !!

Use Where Used on the Data Element

From the technical information pop up, select the data element then press Navigate to get to the Data Dictionary. Once there, press the Where Used button.

Trace Analysis

Transactions SE30 Runtime Analysis and ST05 SQL Trace can be over-kill for determining what fields and tables are being used, but can be used to see how (for example) configuration data controls how and / or when the fields and tables are updated. It’s also useful when dealing with Z or Y code, structures and tables.

SE80 Object Navigator

This is probably more useful for a functional person, and is not available on the older SAP releases anyway. However, if you know the program behind the transaction, you can use SE80 to find all the Data Dictionary objects (including tables and fields) associated with that program.

Environmental Analysis

For those requiring a wider understanding of how a given area works in the SAP system. Jerome’s explanation of Environmental Analysis says it all.


ECC6 SE16N vulnerability and logging – UPDATED

October 9th, 2009 View Comments Posted in BASIS, Monitoring, Security

Please remove SE16N, or access to SE16N, from your production systems.

UPDATE

UPDATE – This topic was the subject of a blog by Kevin Wilson less than 2 weeks ago, at which time it was discussed extensively.

https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/16008

As long as DEBUG access is very tightly controlled, your system should be protected from the risk of this transaction….

I’ve known for a while that, in some releases of SAP, transaction SE16N can be used to change SAP tables, regardless of authorisations or security settings. It’s not something I’ve been keen to see widely disseminated, as there are major systemic risks in making changes this way. More dangerously, it provides a way to override authorisations by giving your userid (or your accomplice’s userid) the SAP_ALL role.

SE16N, before entering &SAP_EDIT in the command field

Essentially, you run transaction SE16N, then type &SAP_EDIT into the command field and press enter.

SE16N, AFTER entering &SAP_EDIT in the command field

In the example below, I’ve changed the User Group to SUPER.

SE16N, changing User Group to SUPER

Personally, I’d recommend making the transaction unavailable (perhaps even removing it from TSTC ?) in your production system – Your firefighter userid can be given authorisation to allow the appropriate people to add it back in, if necessary.

The reason for mentioning it at all is that SAP Mental Notes and IT-Toolbox SAP on DB2 for z/OS have stated that changes using this method are permanently logged in the tables listed below:
SE16N_CD_KEY : Change Documents – Header
SE16N_CD_DATA : Change Documents – Data

This means, in theory, that you can can query these tables to audit the usage of SE16N to change data. Personally, my attitude is that it’s all well and good knowing Joe Bloggs has broken your system, but I would rather not have to deal with the broken system in the first place. However, there’s a bigger issue…..

When I tested this out on an ECC6 IDES system (DB2 on Windows 2003), the SE16N_CD* tables were not updated.

SE16N, ECC6 IDES, does not appear to update the SE16N_CD* tables

1 – The knowledge of this method of changing data, which is available on production systems to anyone with access to the SE16N transaction is being more widely disseminated.
2 – There appears to be at least one major platform / release that does not support audit of the method of changing data.


Install SAP on Amazon Web Services #2 – the Installation

June 30th, 2009 View Comments Posted in BASIS, Installs, Windows

After my previous post, you either have your own Windows 64-bit AMI image, or access to the Public AMI I have created, called sap.nw70.win-64.db2. In this exercise, we will use this as the basis of a new, private, image that will:
* contain the appropriate installation data (including registery keys) for SAP NW7,
* be capable of online / offline backups, using SAP tools,
* provide a painless way of running 24×7.

Prerequisites

* EC2 and S3 Accounts with Amazon,
* access to a Solution Manager system (for the installation key),
* access to an OSS ID with download authorisation.

Architechture

Once we terminate an Amazon instance, we lose all changes to it. Saving our database and configuration changes by bundling the changed system into a new AMI will take a non trivial amount of time; Certainly enough to prevent it being run 24×7. Additionally we will lose lots of usefull ABAP and JAVA stack logs unless we bundle the running instance every time we shut it down.

Just as well there’s an alternative, called Elastic Block Storage. This allows you to create data volumes and mount them on your image. They are persistent, and more importantly, can be backed up by snapshots, from the AWS Management Console.

So that leads to an architechture (or rather, disk layout) as follows:

  • Drive C: AMI instance, boot disk
  • Drive D: AMI instance, ephemeral disk (data lost whenever instance shuts down)
  • Drive H: AMI instance, ephemeral disk (data lost whenever instance shuts down)
  • Drive W: Persistent Disk, for storing disk-to disk backups DBMS and / or logs
  • Drive X: Persistent Disk, for SAP and DB2 Intallation
  • Drive Y: Persistent Disk, for DB2 logs
  • Drive Z: Persistent Disk, for storing installation files

Creating EBS (Persistent) Volumes

To create EBS Volumes, go to the EBS Volumes section of the Amazon Management Console. The major issue with creating volumes is that you can only attach / mount an EBS volume on an instance that is running in the same Availability Zone. This does mean that all your volumes must be in the same Availability Zone, if they are to be attached to the same instance.

AWS Console - adding volumes

I’ve created four volumes, corresponding to the Drive Letteres I gave in the Architechture section above.
AWS Console - Attaching Volumes

  • Drive W: vol-a82bc7c1, for storing disk-to disk backups DBMS and / or logs
  • Drive X: vol-3f658956, for SAP and DB2 Intallation
  • Drive Y: vol-4451bc2d, for DB2 logs
  • Drive Z: vol-fc2bcb95, for storing installation files

Note that these are empty, unformatted, unmounted, unattached volumes (at the moment…).

Attaching EBS Volumes to our Instance

To attach the volumes to an instance, we need to have an instance running. Start up an instance of your image or of sap.nw70.win-64.db2.

AWS Console - Starting an Instance Volumes

Note that I am creating an x.large instance in the availability zone US-east-1b. I need the x.large instance to provide enough RAM and Swap Space for an IDES ECC6 system, and I’m starting it in the US-east-1b availability zone because thats where I located my volumes (no particular reason).
AWS Console - Starting an Instance Volumes

AWS Console - Starting an Instance Volumes

Once the instance is running, we can attach our volumes via the Attach Volume Button.
AWS Console - Attaching Volumes

The result is that our volumes are now “physically” attached to our instance. Again, these are empty unformatted unmounted volumes.
AWS Console - Attaching Volumes

Now we need to logon to this instance. If you are running an instance of sap.nw70.win-64.db2, you can logon as user sapinstall, password sap123. Use the Remote Desktop Connection, and specify the public dns name from your instance.

You assign a name to a volume when you are formatting it. You do this by running the Computer Management (if you’re running an instance of sap.nw70.win-64.db2, this should be on the Desktop of user sapinstall) and formatting and naming the volumes. Make the names distinctive, and related to their purpose, for example sw_repository.

Now use the C:\Program Files (x86)\Amazon\Ec2ConfigSetup\Ec2ConfigServiceSettings.exe program and the Drive Mapping tab to control which volume gets mounted to which drive letter. This is important, because we want to make sure that our sap_install, db2_logs, and backups volumes are always mounted on the same drives. Once the current image is bundled and registered, any instance launched from the new AMI will contain the setting we have configured in Ec2ConfigServiceSettings.exe.

ec2Config - Drive Letter Mapping

Note the relationship between the volumes and Drive letters in the image below compared to the description of each volume given in the Architecture description above.
ec2Config - Drive Letter Mapping

System Specific Configuration

Change the hostname (or in Windows terms, the Computer Name) to one of your choosing (Start –> Control Panel — System –> Computer Name –> Change). Run Ec2ConfigServiceSettings.exe. and make sure the Set Computer Name flag and the Sysprep flag on the Syprep tab are disabled – They should already be disabled, if you are using a copy of sap.nw70.win-64.db2.

Check the swap space (Start –> Control Panel — System –> Advanced –> Performance Settings — Advanced, Virtual memory). Again, this should already be correctly set if you are using a copy of sap.nw70.win-64.db2.

Edit the hosts file in C:\windows\system32\drivers\etc to include your Computer Name as a valid host name, for internal SAP and DBMS connectivity.

Image Configuration - Hosts

Do not forget to change the password of the sapinstall user. Otherwise, anyone who reads this will know the password.

Finally, bundle the instance using the AWS Management Console and register the resulting image under your own image name. The purpose here is to save the customisation you have done if you have a problem with the SAP installation. As part of the process of bundling, the instance is shut down and restarted.

AWS Console - Attaching Volumes

You do need to have an S3 Bucket (or directory) to store the Image in.
AWS Console - Attaching Volumes
However, you can store multiple images in the same bucket, by varying the Amzon S3 Key Name.
AWS Console - Attaching Volumes

For future reference, if you restart the instance yourself, using Start –> Shutdown and specifying Restart, you don’t loose any information or configuration from the C drive as you would if you terminated it from the AWS Management Console. This is because the later removes the underlying resources, while using Start –> Shutdown –> Restart doesn’t release the underlying resources.

Security and Firewalls

EC2 provides its own set of firewall rules called Security Groups. The defaults values are, essentially, just enough to get you access to the server itself.

AWS Console - Attaching Volumes

Since SAP communicates via TCP/IP, we need to make sure that our instance(s) can be accessed via the ports used by SAP for its various services. This means we need to add the ABAP and Java ports for both our instance and the diagnostic instance.
AWS Console - Attaching Volumes

Remember that the Windows Server underlying your new SAP system is on the Internet, and is accessible (by Design !!) from anywhere else on the internet, so only open the bare minimum of ports.


Installation

Download the appropriate files from http://service.sap.com/swdc (you’ll need an S number with download authorisation), extract / expand them and store the results on the Z drive. I stored the download files under Z:\NW70SR3 and expaneded them into their own folders on the Z drive.

AWS Console - Attaching Volumes

Make sure you read the appropriate OSS notes. For the ECC6 IDES, the important ones are:
0799639 – General IDES related
0956921 – NW7 ECC6 SR3 IDES related
1244548 – NW7 ECC6 SR3 IDES related
and
1126127 – DB6: Deferred Table Creation and Row Compression

Otherwise, the install follows the standard process, as detailed in the appropriate installation guide (in my case, the NW7.0 SR3 ABAP+JAVA / Windows/ DB2). The two exceptions are:
* Specify that the SAP and DBMS Installations go on an EBS volume (i.e drive X)
* in my case, specify that the DB2 logs go on an EBS volume (i.e. drive Y)

The full IDES install took around 30 hours run time (think of it as $20 or so well spent) from when I started sapinst (that time did include checking and amending my previous implementation notes). The majority of the time is spent loading about 150GB data into the DB2 database. However, once sapinst had accepted the Solution Manager Key, you can disconnect RDP and leave the install running.


Saving your image

Once the installation is complete, you’ll want to back it up before you go any further. Using the SAP MMC, shut down SAP (or logon to Windows as the SAPService<sid> user and shut down SAP).

Use the AWS Management Console to bundle your running instance.

AWS Console - Bundling

Once it is bundled, register the bundle as an instance.
AWS Console - Monitor Bundling

You can share this with anyone with an EC2 account, by using Permissions to mark it Public, or you can share with individuals if you know their EC2 Account number. Note – Bundling a windows instance restarts the instance.

Basically, the image consists of whats on the C Drive, so backing up your EBS Volumes requires you to use the AWS Management Console to save snapshots of them. The EBS volumes are stored and charged for at the Amazon S3 rates. Just like EC2, however, you are only charged fo what you use. This means that if you define a 500GB volume, write a 1 GB file to it and create 4 snapshots of the volume, you will charged for 5GB of storage; 1GB data on the volume, plus 4 lots of 1GB of snapshot. backup.

When you’re finished with the instance, shut down SAP and don’t forget to terminate tthe instance via the AWS Management Console (otherwise you’ll be charged for it !!).

Running your SAPSystem

Start an instance of your image and attach the EBS volumes to the running instance. The work of of assigning drive letters, in the correct order, to each volume is controlled by our configuration work earlier in Attaching EBS Volumes to our Instance. One of the issues currently outstanding is that thess will actually get mounted on subsequent restarts of this instance (which we perform below).

Logon to the instance and update / verify the Swap Space sttings via Start –> Control Panel — System –> Advanced –> Performance Settings — Advanced, Virtual memory.

Configuration - Swap Space

Regardless of the previous paragraph, restart the image using Start –> Shutdown -> Restart. With all Drives correctly assigned, and sufficient Swap Space assigned the DB2 and SAP Services for SAP MMC will start. Go into SAP MMC and start your SAP instance. Once SAP is running, you can disconnect from the instance.

Accessing your SAP System

Assuming you have opened the correct ports in the Security Group specified for this instance, you can now put the appropriate values into your SAP GUI …..

AWS SAP - ABAP Engine align=

…..and access the ABAP Engine.
AWS SAP - ABAP Engine

Again assuming you have opened the correct ports in the Security Group specified for this instance, you can go into the SMICM transaction and enable a simple service, then access it via a browser or web service.

Whats next ?

You now have a running SAP system. However

  • No DBA processing, i.e. no DB13 jobs, no backing up of logfiles etc has
    been implemented, so once you’ve tested connectivity, stop the SAP and
    DBMS systems and take snapshots of your SAP & Database volume.
  • The SAP*, DDIC and IDADMIN passowrds are well known (or easily determined). Change them
  • No post implementation work (i.e. SGEN) has been done,

The purpose of the exercise is to demonstrate how quickly you can run up a demonstration, training or testing system. Depending on how many resources you want to pay for (CPUs and memory), this can be quicker or slower.

However, it has been my experience, based on several green fields implementations, individual system implementations and upgrades, and feedback from others, that building an appropriate server – whether physical or virtual – can take up to 2 weeks. Using the approach detailed here, services such as provided by the Amazon EC2 service reduce this to the 45 minutes it takes to configure and bundle a standard public instance.

One of the obvious issues is that it is well and good using predefined data, which you can download, in zipped form, from OSS (such as the IDES data I used in this example). What about copying ‘real’ data fron an existing SAP system, especially if we’re talking TerraBytes ?

I’ll discuss this, the bandwidth of a portable hard disk and more of the Amazon Web Services features that are particularly useful for SAP in my next post.


Install SAP on Amazon Web Services #1 – The Environment

June 21st, 2009 View Comments Posted in BASIS, Installs, Windows

UPDATE: I have tidied this up a bit, to make some things clearer and to include the name of an AWS Public Image that can be used as the source for the subsequent step.

In this post, I describe how I setup a windows environment to install SAP ABAP and Java stacks, using the Amazon Simple Storage Service (S3) to store persistent data.  I needed to:
* install and modify an appropriate Windows 2003 Server environment,
* save this environment for future use

In a subsequent post, I will describe the installation of an IDES system running NW7 and DB2.  The three major challenges were
* setting up persistent storage of the NW and DB2 installation,
* suitable for using standard SAP and AWS functionality to support sustained (i.e. 24×7) operation of the SAP system
* and allowing you to stop and start the SAP system and / or server without losss of persistent data.

The result is a fast and cheap way of running up multiple systems, with the following features:

* You are only charged running costs for those systems that are running
* Low running costs (at the time of writing, $US 50 cents an hour)
* Low storage costs ($US 15 cents / GB / month for your 50TB)
* No more waiting for hardware – you can start implementation right now
* Systems (i.e. extra application servers) can be implemented, but not running

 

What did I know I would need ?

After reading the NW 70 SR3 installation Guide for Windows / DB2, I knew the following:
* I needed a 64 bit Windows Server with authentication services,
* I needed a reasonable amount of RAM, plus a decent swap space,
* I needed JAVA 1.4.

After reading the AWS EC2 documentation, I also knew that it was not practical to keep any volatile datasets (i.e. DB2 itself, DB2 logs, SAP process logs, etc) as part of the server, and that I would need to use the Amazon EBS servcie for persistent storage.

 

Signing up for Amazon EC2 and S3

An excellent account of how to setup a Windows Server image, and the principles behind this, can be found at Dave Winer’s EC2 for Poets. It also gives a good overview of how to sign up for both EC2 and S3 and the issues around persistent data.

 

Creating the base Amazon Machine Image (AMI)

Logon to the AWS Management Console and select the Amazon EC2 tab.

Subset of Amazon EC2 Console
Select the Launch Instance button…

Amazon EC2 Start Instance Wizard

.. then find and select the Basic 64-bit Microsoft Windows Server 2003 with Authentication Services image.

 Once the server shows up as running, logon using the techniques described in Dave Winer’s EC2 for Poets.  One of the first things I did was to create a sapinstall user.  This allows me to logon (via RDP) as user sapinstall / password without having to muck around with the keypairs. 

 

Changes to standard AWS Windows 2003 64-bit Image

There were five issues that needed to be dealt with.

First I had to disable the Windows Attachment Manager (for non-windows people, this is a security setting that Windows uses to stop you writing dangerous file types to your disk) before Internet Explorer would let me save files.  See the Microsoft Knowledge Base Article 883260 for a rundown on how it works.  The quickest way to disable it is to uninstall the Internet Explorer Enhanced Security Configuration. To do this, click Add or remove programs in Control Panel, click Add/Remove Windows Components, and then click to clear the Internet Explorer Enhanced Security Configuration check box.

2) Both SAP and DB/2 (my target DBMS) require that the host name of the server its installed and running on remains the same.  However, the default action every time you restart an AWS image is to have the host name set to IP-xxxxxx where xxxxxx represents the internal (to Amazon) host name the server is running on.

While you can perform arcane scripting to fix the host name, Amazon provide a tool, bundled within every AWS windows instance, that will ensure the hostname remains set to what ever you set in the System –&gt; properties screen.   The tool is C:\Program Files (x86)\Amazon\Ec2ConfigSetup\Ec2ConfigServiceSettings.exe

 Ec2ConfigServiceSettings.exe

3) I wanted to make sure I had enough swap spacxe to run my SAP system.  The base instance we are using gives us 15GB of memory, but, especially if we want to install multiple JAVA engines, this may not be enough.  I allocated another 1500MB on each of two of the ephemeral disks.

4) My initial installation is going to be an NetWeaver 7 ECC6 system. This means we need to download and install java 1.4 from Sun’s Sekrit Squirrell place for old releases.  Don’t forget to setup the Environment variables (JAVA_HOME and PATH) correctly. 

5) The last change was to incorporate a Dynamic DNS Update tool.  This is used to pass the IP address of the server we are “running on” to a service that will then set a fixed Domain name to specify the same DNS name to users and tools whenever I ran my instance.  I use dyndns org.  You can register a limited number of domain names for free, and they provide a tool (DynDNS Updater) that allows you to register your IP address against one or more of your Domain names.

 

Save your Amazon Machine Image (AMI)

Now you have an instance you can use to install and run SAP on.  However, we need to make sure that all our changes are not lost.  This utdown means you need to “bundle” your running system into a standalone Amazon Machine Image.  Go to the Amazoin EC2 tab of the Amazon Management Console, select Instances, then select the instance you want bundled.  Right click on More Actions and select Bundle Windows AMI.
Initial Step of Bundling

This generates a popup screen.  Fill out the appropriate details and clcik bundle. The Bundle Name refers to the S3 folder that will hold the AMI.  This must already exist.  The Key Name is appended to the name of manifest.xml filre that contains the S3 layout and location of your image.
Enter Bundle Parameters

 Once you click bundle your request is confirmed.

Bundling Confirmation.

You can follow the progresss of the bundling by examining the Bundle Tasks screen.  There are three steps that bundling Windows instances needs to follow- The instance must shutdown, the Amazon bundling process must occur, and the resulting data must be stored.

Bundling Completed, now registering

Once the image has been bundled and stored, you must register the bundle as an Amazon machine Image.

Registration Confirmation

 

An alternative to repeating all the work shown above is to grab a copy of the Public AMI I have created, called sap.nw70.win-64.db2.  You will need to change the hostname (as descibed above), implement your own DynDNS org domain name  and bundle and register the changed image.

Either way, you now have your own mildly customised image copy of a Windows 2003 Server, running on the  Amazon Web Services cloud.  This image is ready for installation of a non-trivial SAP system, such as the NW7 ECC6 IDES system.  

In the next post, I will describe how I used the sap.nw70.win-64.db2 image to install the Windows DB2 IDES for ECC6 system.


How To Create a Customised SAP Menu

May 21st, 2009 View Comments Posted in BASIS, Configuration

You can provide ABAP users with a modified version of the standard SAP main menu without affecting the original SAP area menu S000.

For example, say you have created a transaction code called ( z123 – My Own Report ) and you want to insert it under Administration.  The specific user will be able to access My Own Report by clicking Administration -> My Own Report.

Steps :-

  • Use Transaction SE43 – Area Menu
  • Click the copy button.  Copy from S000 to ZMGE
  • After copying, click Change (area menu ZMGE)
  • Double click on Administration and add in your transaction code in the AreaMenu.
  • Remember to Activate the new menu !!!.
  • Goto Transaction SU01 – Maintain users
  • Type in the user name and click the Defaults button
  • Type in the new area menu (ZMGE) in the Start Menu field and Save
  • The user will be able to see the additional transaction on their next logon.

Reporting Tree Integration

Prior to release 4.6A, only transactions could be put in to Area Menus. From 4.6A onwards, you can also put all the types of reports which are in reporting trees, in Area Menus. The system automatically assigns a transaction code to call the report from the menu. Please note that if you have already put the report in another Area Menu, no new transaction code is generated; You must use the unique transaction code already assigned.

The old Reporting trees could only be displayed, not maintained. To modify the contents of reporting trees, you had to convert them with a migration transaction (RTTREE_MIGRATION). You could then modify the contents with the Area Menu maintenance transaction.

Advantages of the new Area Menus

The new data structure has the following advantages:

* Delinking by reference technique
You can construct a menu from submenus which are maintained separately in different systems.
* Less restrictions
The new area menus have no nesting level limit like CUA menus. The allowed length of menu texts has increased to 75 characters.


Copying SCM / APO Livecache data for SCM 4.0 or higher

March 23rd, 2009 View Comments Posted in BASIS, Configuration

OSS Notes: – these will require a valid OSS ID
Note 632357 – Backing up Livecache data for SCM 4.0 or higher
Note 541644 – Backing up the data from the Livecache for APO 3.X

Background:
One of the issues when copying SAP systems that have external data, whether it’s for regression testing or any other purpose, is making sure that the external data is consistent with the SAP data.

APO / SCM systems are one such example, where most data is stored in the SAP database (supported by an Oracle, DB2, SQL Server etc database), and some is stored in a Livecache database, suppoorted a MAxDB database.

The SAP Livecache technology is an enhancement of the MaxDB database system that was developed to manage complex objects (e.g. in logistical solutions such as SAP SCM/APO). In these systems, large volumes of data must be permanently available and modifiable. One of the features is that in an optimally configured SAP Livecache database instance, all data which needs to be accessible is located in the main memory.

As of SAP SCM 4.0, the /SAPAPO/OM_LC_DOWNLOAD_UPLOAD program can be used to extract all transaction data (orders and stocks) from the APO applications (SNP, DP, PP/DS, CTM, ATP, TP/VS, and so on) in the Livecache and store it in the SAP database.

This ensures, so long as no updates occur in either source database, until the database copy is complete, that the SAP and Livecache databases can be consistently copied to another system. Once the SAP database is reloaded in the target system, the /SAPAPO/OM_LC_DOWNLOAD_UPLOAD program is used to reload the Livecache data into the target Livecache database.



Process:
When you run the /SAPAPO/OM_LC_DOWNLOAD_UPLOAD program (via transaction SE38), you will see that the program is divided into four sections:
Section A: Preliminary tasks (prior to the download)
Section B: Download (storing the transaction data in the APO database)

top half of /SAPAPO/OM_LC_DOWNLOAD_UPLOAD screen - sections A and B




Section C: Upload (copying the master data and transaction data from the APO database to the liveCache)
Section D: Postprocessing tasks (perform these sometime after the upload)
Bottom half of /SAPAPO/OM_LC_DOWNLOAD_UPLOAD screen - Sections C and D




Each radio button takes you to the appropriate transaction to execute the required task. Perform them in order, from A.1 to B.7
Once you have reached step B7 perform your SAP database backup, and build your target system.



Once SAP is running on the target system, and before commencing the reload of the Livecache databse from the SAP database, you need to ensure that the target SAP system is pointing to the target Livecache system. Use transaction LC10 to connect the SAP and LiveCache databases correctly.
Transaction LC10

Note that there are multiple connections to modify, so make sure you do this for each connection.

Transaction LC10 Livecache Integration



Once this is completed, you can perform steps C.1 to 13



Issues:
1) You need to have release SCM / APO 4.0 or higher to use this program. If you use APO 3.X, see OSS Note 541644.
2) If you intend to upgrade (for example, SCM 4.0 to SCM 5.0) at the same time, then you must not use the /SAPAPO/OM_LC_DOWNLOAD_UPLOAD program. Instead, folow the upgrade guide and use the appropriate upgrade program.
3) If you’re using the Rapid Planning Matrix application, only the status matrix is extracted because all other data can be regenerated using requirements planning (the alternative, of saving all of the RPM data, would take much longer).

Maintaining Customisation in a Productive System

January 28th, 2009 View Comments Posted in BASIS, Configuration, OSS

It’s a common problem, and most Functional SAP people know how to deal with it, but just in case…. My customer wanted to modify table V77RCF_USR_SGRP (User Support Group in E-Recruitment) in a production system. SAP does provide this functionality for a subset of customisation tables, but occassionally (especially in newer releases) some get left out. You may also have a custom development that requires this functionality on an extra table.

OSS Note 77430 – Customizing: Current settings
OSS Note 356483 – Customizing: Current settings in the test system

As of Release 4.6 you can maintain this setting from directly within the IMG. Position the cursor on the corresponding IMG activity and select the menu options “Edit -> Display IMG activity”. On the following screen, select the tab page “Maint.objects”. There you can see a list of the assigned Customizing objects. By double-clicking on the corresponding line, you navigate to the Customizing object and can directly set the flag ‘Current settings’ there.

As an alternative you can also call Transaction SOBJ., to directly access the Customizing object, to set the flag directly.

The SAP code behind this assumes that the Client Role ( transaction SCC4 ) of the client you are working in is set to Production. For other Non Modifiable systems (where Client Role is Test, Demo, etc), you need to deactivate the transport connection for that particular object (if possible) as well.

As of Basis Release 4.6, position the cursor on the corresponding IMG activity and choose Edit -> Display IMG activity. On the following screen, select Maint. (Before Basis Release 4.6, position the cursor on the corresponding IMG activity, and choose Goto -> Document attributes -> Display.)

On the following screen, choose Objects in the area Technical attributes. In both cases the system displays a list of the assigned Customizing objects. The types “V” (View) and “S” (Table (with text table)) stand for view maintenance transactions, while type “C” stands for a view cluster transaction.

For type “V” and “S” objects, the transport connection for the view or table can be deactivated as follows:

  • Call transaction SE54
  • Enter the Customizing object (view or table)
  • Select “Generated objects”
  • Choose “Create/change”
  • Select “no, or user, recording routine” in the bottom part of the
    screen
  • Save the change
  • For type “C” objects, you can deactivate the transport link by turning it off for all related views or tables. Follow the steps below:

  • Call transaction SOBJ
  • elect “Display”
  • Select “Position”
  • In the field “Object”, enter the Customizing object (View cluster) and the value “C” into the type field.
  • Select the Customizing object and select “Piece list” in the
    navigation
  • All views or tables contained in the view cluster are displayed.
  • Deactivate the transport link for these views or tables as described above.
  • Now the Customizing object is no longer part of the transport connection and so is excluded from the changeability check.

    Note:
    Perform these changes in you development / customisation system, and transport through to production.
    The change is active in all clients of the system.
    You can also change the Customizing object in a locked client (independent of the client role).
    Once the above steps are done, it is no longer possible to manually transport entries of the view or table.