Archive for the ‘BASIS’ Category:
Install SAP on Amazon Web Services #1 – The Environment
UPDATE: I have tidied this up a bit, to make some things clearer and to include the name of an AWS Public Image that can be used as the source for the subsequent step.
In this post, I describe how I setup a windows environment to install SAP ABAP and Java stacks, using the Amazon Simple Storage Service (S3) to store persistent data. I needed to:
* install and modify an appropriate Windows 2003 Server environment,
* save this environment for future use
In a subsequent post, I will describe the installation of an IDES system running NW7 and DB2. The three major challenges were
* setting up persistent storage of the NW and DB2 installation,
* suitable for using standard SAP and AWS functionality to support sustained (i.e. 24×7) operation of the SAP system
* and allowing you to stop and start the SAP system and / or server without losss of persistent data.
The result is a fast and cheap way of running up multiple systems, with the following features:
* You are only charged running costs for those systems that are running
* Low running costs (at the time of writing, $US 50 cents an hour)
* Low storage costs ($US 15 cents / GB / month for your 50TB)
* No more waiting for hardware – you can start implementation right now
* Systems (i.e. extra application servers) can be implemented, but not running
What did I know I would need ?
After reading the NW 70 SR3 installation Guide for Windows / DB2, I knew the following:
* I needed a 64 bit Windows Server with authentication services,
* I needed a reasonable amount of RAM, plus a decent swap space,
* I needed JAVA 1.4.
After reading the AWS EC2 documentation, I also knew that it was not practical to keep any volatile datasets (i.e. DB2 itself, DB2 logs, SAP process logs, etc) as part of the server, and that I would need to use the Amazon EBS servcie for persistent storage.
Signing up for Amazon EC2 and S3
An excellent account of how to setup a Windows Server image, and the principles behind this, can be found at Dave Winer’s EC2 for Poets. It also gives a good overview of how to sign up for both EC2 and S3 and the issues around persistent data.
Creating the base Amazon Machine Image (AMI)
Logon to the AWS Management Console and select the Amazon EC2 tab.
Select the Launch Instance button…
.. then find and select the Basic 64-bit Microsoft Windows Server 2003 with Authentication Services image.
Once the server shows up as running, logon using the techniques described in Dave Winer’s EC2 for Poets. One of the first things I did was to create a sapinstall user. This allows me to logon (via RDP) as user sapinstall / password without having to muck around with the keypairs.
Changes to standard AWS Windows 2003 64-bit Image
There were five issues that needed to be dealt with.
First I had to disable the Windows Attachment Manager (for non-windows people, this is a security setting that Windows uses to stop you writing dangerous file types to your disk) before Internet Explorer would let me save files. See the Microsoft Knowledge Base Article 883260 for a rundown on how it works. The quickest way to disable it is to uninstall the Internet Explorer Enhanced Security Configuration. To do this, click Add or remove programs in Control Panel, click Add/Remove Windows Components, and then click to clear the Internet Explorer Enhanced Security Configuration check box.
2) Both SAP and DB/2 (my target DBMS) require that the host name of the server its installed and running on remains the same. However, the default action every time you restart an AWS image is to have the host name set to IP-xxxxxx where xxxxxx represents the internal (to Amazon) host name the server is running on.
While you can perform arcane scripting to fix the host name, Amazon provide a tool, bundled within every AWS windows instance, that will ensure the hostname remains set to what ever you set in the System –> properties screen. The tool is C:\Program Files (x86)\Amazon\Ec2ConfigSetup\Ec2ConfigServiceSettings.exe
3) I wanted to make sure I had enough swap spacxe to run my SAP system. The base instance we are using gives us 15GB of memory, but, especially if we want to install multiple JAVA engines, this may not be enough. I allocated another 1500MB on each of two of the ephemeral disks.
4) My initial installation is going to be an NetWeaver 7 ECC6 system. This means we need to download and install java 1.4 from Sun’s Sekrit Squirrell place for old releases. Don’t forget to setup the Environment variables (JAVA_HOME and PATH) correctly.
5) The last change was to incorporate a Dynamic DNS Update tool. This is used to pass the IP address of the server we are “running on” to a service that will then set a fixed Domain name to specify the same DNS name to users and tools whenever I ran my instance. I use dyndns org. You can register a limited number of domain names for free, and they provide a tool (DynDNS Updater) that allows you to register your IP address against one or more of your Domain names.
Save your Amazon Machine Image (AMI)
Now you have an instance you can use to install and run SAP on. However, we need to make sure that all our changes are not lost. This utdown means you need to “bundle” your running system into a standalone Amazon Machine Image. Go to the Amazoin EC2 tab of the Amazon Management Console, select Instances, then select the instance you want bundled. Right click on More Actions and select Bundle Windows AMI.
This generates a popup screen. Fill out the appropriate details and clcik bundle. The Bundle Name refers to the S3 folder that will hold the AMI. This must already exist. The Key Name is appended to the name of manifest.xml filre that contains the S3 layout and location of your image.
Once you click bundle your request is confirmed.
.
You can follow the progresss of the bundling by examining the Bundle Tasks screen. There are three steps that bundling Windows instances needs to follow- The instance must shutdown, the Amazon bundling process must occur, and the resulting data must be stored.
Once the image has been bundled and stored, you must register the bundle as an Amazon machine Image.
An alternative to repeating all the work shown above is to grab a copy of the Public AMI I have created, called sap.nw70.win-64.db2. You will need to change the hostname (as descibed above), implement your own DynDNS org domain name and bundle and register the changed image.
Either way, you now have your own mildly customised image copy of a Windows 2003 Server, running on the Amazon Web Services cloud. This image is ready for installation of a non-trivial SAP system, such as the NW7 ECC6 IDES system.
In the next post, I will describe how I used the sap.nw70.win-64.db2 image to install the Windows DB2 IDES for ECC6 system.
How To Create a Customised SAP Menu
You can provide ABAP users with a modified version of the standard SAP main menu without affecting the original SAP area menu S000.
For example, say you have created a transaction code called ( z123 – My Own Report ) and you want to insert it under Administration. The specific user will be able to access My Own Report by clicking Administration -> My Own Report.
Steps :-
- Use Transaction SE43 – Area Menu
- Click the copy button. Copy from S000 to ZMGE
- After copying, click Change (area menu ZMGE)
- Double click on Administration and add in your transaction code in the AreaMenu.
- Remember to Activate the new menu !!!.
- Goto Transaction SU01 – Maintain users
- Type in the user name and click the Defaults button
- Type in the new area menu (ZMGE) in the Start Menu field and Save
- The user will be able to see the additional transaction on their next logon.
Reporting Tree Integration
Prior to release 4.6A, only transactions could be put in to Area Menus. From 4.6A onwards, you can also put all the types of reports which are in reporting trees, in Area Menus. The system automatically assigns a transaction code to call the report from the menu. Please note that if you have already put the report in another Area Menu, no new transaction code is generated; You must use the unique transaction code already assigned.
The old Reporting trees could only be displayed, not maintained. To modify the contents of reporting trees, you had to convert them with a migration transaction (RTTREE_MIGRATION). You could then modify the contents with the Area Menu maintenance transaction.
Advantages of the new Area Menus
The new data structure has the following advantages:
* Delinking by reference technique
You can construct a menu from submenus which are maintained separately in different systems.
* Less restrictions
The new area menus have no nesting level limit like CUA menus. The allowed length of menu texts has increased to 75 characters.
Copying SCM / APO Livecache data for SCM 4.0 or higher
OSS Notes: – these will require a valid OSS ID
Note 632357 – Backing up Livecache data for SCM 4.0 or higher
Note 541644 – Backing up the data from the Livecache for APO 3.X
Background:
One of the issues when copying SAP systems that have external data, whether it’s for regression testing or any other purpose, is making sure that the external data is consistent with the SAP data.
APO / SCM systems are one such example, where most data is stored in the SAP database (supported by an Oracle, DB2, SQL Server etc database), and some is stored in a
The SAP Livecache technology is an enhancement of the MaxDB database system that was developed to manage complex objects (e.g. in logistical solutions such as SAP SCM/APO). In these systems, large volumes of data must be permanently available and modifiable. One of the features is that in an optimally configured SAP Livecache database instance, all data which needs to be accessible is located in the main memory.
As of SAP SCM 4.0, the /SAPAPO/OM_LC_DOWNLOAD_UPLOAD program can be used to extract all transaction data (orders and stocks) from the APO applications (SNP, DP, PP/DS, CTM, ATP, TP/VS, and so on) in the Livecache and store it in the SAP database.
This ensures, so long as no updates occur in either source database, until the database copy is complete, that the SAP and Livecache databases can be consistently copied to another system. Once the SAP database is reloaded in the target system, the /SAPAPO/OM_LC_DOWNLOAD_UPLOAD program is used to reload the Livecache data into the target Livecache database.
Process:
When you run the /SAPAPO/OM_LC_DOWNLOAD_UPLOAD program (via transaction SE38), you will see that the program is divided into four sections:
Section A: Preliminary tasks (prior to the download)
Section B: Download (storing the transaction data in the APO database)
Section C: Upload (copying the master data and transaction data from the APO database to the liveCache)
Section D: Postprocessing tasks (perform these sometime after the upload)
Each radio button takes you to the appropriate transaction to execute the required task. Perform them in order, from A.1 to B.7
Once you have reached step B7 perform your SAP database backup, and build your target system.
Once SAP is running on the target system, and before commencing the reload of the Livecache databse from the SAP database, you need to ensure that the target SAP system is pointing to the target Livecache system. Use transaction LC10 to connect the SAP and LiveCache databases correctly.
Note that there are multiple connections to modify, so make sure you do this for each connection.
Once this is completed, you can perform steps C.1 to 13
Issues:
1) You need to have release SCM / APO 4.0 or higher to use this program. If you use APO 3.X, see OSS Note 541644.
2) If you intend to upgrade (for example, SCM 4.0 to SCM 5.0) at the same time, then you must not use the /SAPAPO/OM_LC_DOWNLOAD_UPLOAD program. Instead, folow the upgrade guide and use the appropriate upgrade program.
3) If you’re using the Rapid Planning Matrix application, only the status matrix is extracted because all other data can be regenerated using requirements planning (the alternative, of saving all of the RPM data, would take much longer).
Maintaining Customisation in a Productive System
It’s a common problem, and most Functional SAP people know how to deal with it, but just in case…. My customer wanted to modify table V77RCF_USR_SGRP (User Support Group in E-Recruitment) in a production system. SAP does provide this functionality for a subset of customisation tables, but occassionally (especially in newer releases) some get left out. You may also have a custom development that requires this functionality on an extra table.
OSS Note 77430 – Customizing: Current settings
OSS Note 356483 – Customizing: Current settings in the test system
As of Release 4.6 you can maintain this setting from directly within the IMG. Position the cursor on the corresponding IMG activity and select the menu options “Edit -> Display IMG activity”. On the following screen, select the tab page “Maint.objects”. There you can see a list of the assigned Customizing objects. By double-clicking on the corresponding line, you navigate to the Customizing object and can directly set the flag ‘Current settings’ there.
As an alternative you can also call Transaction SOBJ., to directly access the Customizing object, to set the flag directly.
The SAP code behind this assumes that the Client Role ( transaction SCC4 ) of the client you are working in is set to Production. For other Non Modifiable systems (where Client Role is Test, Demo, etc), you need to deactivate the transport connection for that particular object (if possible) as well.
As of Basis Release 4.6, position the cursor on the corresponding IMG activity and choose Edit -> Display IMG activity. On the following screen, select Maint. (Before Basis Release 4.6, position the cursor on the corresponding IMG activity, and choose Goto -> Document attributes -> Display.)
On the following screen, choose Objects in the area Technical attributes. In both cases the system displays a list of the assigned Customizing objects. The types “V” (View) and “S” (Table (with text table)) stand for view maintenance transactions, while type “C” stands for a view cluster transaction.
For type “V” and “S” objects, the transport connection for the view or table can be deactivated as follows:
screen
For type “C” objects, you can deactivate the transport link by turning it off for all related views or tables. Follow the steps below:
navigation
Now the Customizing object is no longer part of the transport connection and so is excluded from the changeability check.
Note:
Perform these changes in you development / customisation system, and transport through to production.
The change is active in all clients of the system.
You can also change the Customizing object in a locked client (independent of the client role).
Once the above steps are done, it is no longer possible to manually transport entries of the view or table.
How do you persuade the Business that an Upgrade is necessary ?
Sales are tanking, money is tight, the company is cutting costs everywhere. And you want them to fund your SAP upgrade project ? Given that only about one-third of SAP customers have upgraded to ECC/ERP 6.0, and most of these have opted to do only technical upgrades in order to save time and money, you’re not alone.
The challenge you have is that there’s no business payback for doing a technical upgrade – the only thing you end up doing is staying on support. Going to the board with this as your major justification will get your submission (and maybe you !!) thrown out.
This means you need to be creative in seeking out the payback. Not even the pure techos like to use staying on support as the main justification for an upgrade. So you need other business drivers for SAP upgrades, including the benefits of new business and technical functionality and creating a foundation for other business initiatives.
However, there are some support-driven reasons to upgrade that could pay off. One of the drivers is mitigating the risk of receiving slower maintenance responses from SAP.
Also, with a technical upgrade, you can leverage your existing existing resources to enable the upgrade, such as using the opportunity to replace hardware. For instance, switching to Windows operating system from Unix may substantially lower costs, or alternatively, changing application servers to energy (i.e. cost) saving Linux blade-type servers.
Using tools like those provided by HCL, Intellicorp or Panaya can give insight into how the current, live production system and older systems are being used. This will also identify how end users are using the system, by looking at how the standard and customized parts of the system are being used. This raises the possibility of removing some of those customized areas, and containing costs by focusing testing and support on the modules and components being used.
But the biggest driver for an upgrade is another factor (and perhaps one more reason to complete the SAP technical ERP upgrade): not having to do any more of them.
Being on the NetWeaver platform and ERP 6.0 will allow companies to adopt SAP enhancement packages . These are a mature (first released in 2006) method of applying new functionality to individula modules, and, eventually, updates to the core platform. SAP has said many times this means the end of the traditional upgrade.
Support Package Manager – Reset Queue
Occassionally, when loading Support Packages or SPAM/SAINT Updates, the Support Package Manager (transaction SPAM) can get a bit ‘confused’. A colleaugue had this problem recently, where she was attempting to update the SPAM tool on a 4.6C system. The result was that the Support Package Manager was reporting Queue_Not_Empty .
Some times the cause is simply forgetting to confirm / finish the last SPAM/SAINT update. Once you’ve eliminated this, you need to start checking what the TMS mechanism thinks has happened. To check what is in the TMS buffers, logon to the Operating System, change directories to /usr/sap/trans/bin and execute the following: Basically you need to reset the SPAM Queue to match the TMS buffers. To remove entries from the internal SPAM Queue, uUse the function module (transaction SE37) OCS_RESET_QUEUE. Execute it with parameters IV_TOOL=SPAM, IV_FORCE=X. To remove entries from the TMS buffer, execute the following command (change directory to /usr/sap/trans/bin first), where SAPKXXXXX is the 'offending' Support package or SPAM/SAINT Update: Before restarting the Support Package import, ensure that you've removed all files from \usr\sap\trans\tmp and make sure there is no other TP process or R3trans process running in the system at Operating system level. Usefull Links:
tp SHOWBUFFER
tp delfrombuffer SAPKXXXXX
Errors During Support Package Manager Phases
SAP Patch Manager (SPAM) PDF
Critical security flaw in SAP GUI
An ActiveX vulnerability detected in the SAP GUI may possibly be exploited by an attacker to gain access to critical files and sensitive data. According to an advisory issued by the United States Computer Emergency Readiness Team (US-CERT), the vulnerability can be exploited remotely by an unauthenticated hacker. The flaw is in the ActiveX control, MDrmSap, which could crash Internet Explorer when handling malicious code, US-CERT said. The advisory also states that the vulnerable ActiveX control can be disabled in Internet Explorer by setting the appropriate kill bit, or by disabling ActiveX in the Internet Zone,
The Danish vulnerability clearinghouse Secunia gave the flaw a highly critical rating. To exploit the flaw, an attacker must trick a user into viewing a malicious website or email message, Secunia said.
SAP issued an update correcting the flaw. If you don’t have an OSS ID, you can view a PDF copy of the note – However, the one on the SAP site is guaranteed to be up to date, whereas the one here may not be.
How to determine SAP Table Buffer Requirements
I had one of those ‘doh’ moments during a recent SAP performance performance tuning workshop. The instructor, Tim Bohlsen, pointed out a remarkably easy way to discover how large a table buffer that a running ABAP WAS system instance requires to reduce buffer swaps to zero.
This is important because the easiest way to reduce your database I/O in ANY application, SAP or not, is to reduce the need to go to disk. Keeping data in the Application buffer improves response time by reducing the time (both the CPU time and the I/O time) requiried by the DBMS to continually retrieve that data.
In the case of an ABAP engine, you use transaction ST02 to determine if there is any swapping going on in the first place. In the case shown below, both table buffers have some swapping – it is a relatively well tuned HR/PY system, so there isn’t much table buffer swapping despite the sytem being up for two months. Oh, and there isn’t much point in doing this on any other system except the one you wish to tune as it will be extremely difficult to replicate the load of the target system.
Select the images to open larger versions in another window or tab
In this case, we will look at the Generic Key Buffer, since it is the the worst of the two Table Buffers. Selecting the buffer in question, by double cliking on the line, results in a screen showing a little bit more detail. This has some usefull navigation features. As shown below, we are looking at the current status of the buffer, but we have the option to look at the history of the buffer. This can give us an idea of when the swaps occurred, which we can then track back to certain workloads. Moe importantly, we can look at the current status of the individual objects in the buffer.
Now we have the statistics for individual tables (or parts thereof ) that are currently loaded into this Buffer. This data is usefull in and of itself, which I will touch on in a later post, but first, select the Next View button.
The value highlighted below is the total value for Size maximum [bytes]. This is the sum of the highwater mark for each table that has been loaded into the buffer so far. In other words, the amount of storage required to accept all data requests that should be buffered, without swapping, since the instance was started.
Now, you could put this value straight in to the appropriate profile parameter and restart your system, but there are a couple of caveats.
- If a table is marked to be buffered, but has not been read yet, it will not be included in the buffer or, therefore, the buffer size yet,
- You need to examine the detail of both the snapshot and the history to determine if the correct tables are buffered or if they are correctly buffered (the Invalidations total suggests that there is some work to do in this area), and, most importantly,
- This does not tell you if you have sufficient storage available to fulfill any increase in the buffer size without causing problems elsewhere
So, make sure your system has been through a pay run, or a month-end (or whatever the appropriate business cycle is) before you use this method to measure the requirement,
use sappfpar to validate the storage requirements of your new profile parameters, and
be aware that this is only the first step towards efficient use of all of the available resources.
This won’t fix all your performance problems. However, it is an important first step. Your database vendor may make the most efficient database engine there is, but calling any DBMS to get data will always be slower than getting that data from memory.
2 ways to Measure Exact Throughput of a TCP IP network
One of the sizing issues with an SAP system that doesn’t receive due consideration is the network capability; not just speed, but throughput. It’s always usefull to know what your Network is capable of, especially if you have lots of data to move (Support Packs / Support Stacks and so on). But how do we find out?
NetCPS (a single executable file) is rather simplistic, with no fancy features as the author (credits to Jarle Aase) says. It pumps 100MB of generated data (without accessing the HDD which could mess with the final result) and then displays the result in form of average speed stated in both KB/s and MB/s. You can also get source code if you’d like to do some further tinkering with it, or port it. Everything you need to know is on the webpage or available by using -help switch.
Another, more sophisticated, tool (without being too big) is Iperf (a single executable, with source available on the same page). Settings are changed by use of various switches.
For example, the image above shows the port used is changed to 1234, amount of sent data set to 200 MB, interval of reports set to 2 seconds for better accuracy and report format set to MBytes. The usual -help switch brings up further instructions for changing the many additional switches and settings available with this tool
Network tools for BASIS Administrators
Depending on how advanced the rest of your IT organisation is, you may need to be the jack of all trades. In fact, sometimes it feels as if anything that a Developer or End User doesn’t understand automatically becomes the property of the BASIS Administrator. Typicaly, these can include anything to do with the infrastructure between the users desktop and the SAP application.
An example I’ve been currently working on is a network issue where a user can access the Portal from one machine but not another. I used to use separate tools to do my network monitoring and debugging (yes, there are people responsible for this, but I have won a lot of good will by providing as much data as possible), but these days ….
Net Tools 2008 has been described as The Swiss army tool for network administrators everywhere. It is a very versatile tool, and
just like any tool it can be used for good or evil. What this means is that you may find the site blocked at work.
Available functions, usefull for both the desktop and Windows Servers, include
An FTP Client for quick file transfers,
Monitor system up status with Monitor Host IP,
Mass file renamer, to rename a whole bunch of log files,
Bandwidth Monitor.
Another tool that I’ve feard of is eToolz which is a collection of network and Internet tools that provides a graphical interface for several common commands. This includes ping, tracert, DNS lookups, http headers, default ports, etcetera. This seems more directedt to someone who who supports web sites, but after all thats what the Portal is …
