Archive for the ‘Monitoring’ Category:
Validating Passwords on Websites
I feel a bit ordinary writing a blog post about something as trivial as one line of javascript, so I decided to include a picture as well.
It shows a screen from the guided procedure for Solution Manager Configuration. The interesting part is what I have done wrong. I’m using the javascript referred to by this link ( Show Passwords ) to display the value(s) of all password fields on the current web page.
In this case, the Administrative User values are the same, but the Administrative Password fields are different. Since they are using the same User Source (the ABAP engine), one of the values (or both !!) must be incorrect.
Save the javascript by dragging the Show Passwords link to your bookmarks, or by saving the link to your bookmarks. This has been tested in IE6 thru IE8 and in Firefox.
SAP Spool issue – affects all Releases
SAP have detected a problem in the spool area which affects all customers in the world regardless of the SAP release and any support package level.
As soon as the retention time of a spool request exceeds 2009/12/31 a wrong date 2100/01/01 is entered during creation of the spool request. As a consequence these spool requests will not be deleted anymore from the spool reorg jobs. Using the default retention period this affects all spool requests on each SAP system in the world created since 2009/12/23.
OSS Note 1422843 already contains the correction instructions and the relevant kernel patches for 3.1 –> 46B (one patch) and 46c –> 7.xx (another patch). There’s nothing for anyone (unfortunate enough to be) running any of the original 2.x systems yet.
It is a little ironic – An old friend and I were discussing Y2K and all that in a general “what were you doing ten years ago ?” manner on New Years Eve. Should I tell her that SAP had a Y2K+10 ?
ECC6 SE16N vulnerability and logging – UPDATED
Please remove SE16N, or access to SE16N, from your production systems.
UPDATE
UPDATE – This topic was the subject of a blog by Kevin Wilson less than 2 weeks ago, at which time it was discussed extensively.https://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/16008
As long as DEBUG access is very tightly controlled, your system should be protected from the risk of this transaction….
I’ve known for a while that, in some releases of SAP, transaction SE16N can be used to change SAP tables, regardless of authorisations or security settings. It’s not something I’ve been keen to see widely disseminated, as there are major systemic risks in making changes this way. More dangerously, it provides a way to override authorisations by giving your userid (or your accomplice’s userid) the SAP_ALL role.
Essentially, you run transaction SE16N, then type &SAP_EDIT into the command field and press enter.
In the example below, I’ve changed the User Group to SUPER.
Personally, I’d recommend making the transaction unavailable (perhaps even removing it from TSTC ?) in your production system – Your firefighter userid can be given authorisation to allow the appropriate people to add it back in, if necessary.
The reason for mentioning it at all is that SAP Mental Notes and IT-Toolbox SAP on DB2 for z/OS have stated that changes using this method are permanently logged in the tables listed below:
SE16N_CD_KEY : Change Documents – Header
SE16N_CD_DATA : Change Documents – Data
This means, in theory, that you can can query these tables to audit the usage of SE16N to change data. Personally, my attitude is that it’s all well and good knowing Joe Bloggs has broken your system, but I would rather not have to deal with the broken system in the first place. However, there’s a bigger issue…..
When I tested this out on an ECC6 IDES system (DB2 on Windows 2003), the SE16N_CD* tables were not updated.
1 – The knowledge of this method of changing data, which is available on production systems to anyone with access to the SE16N transaction is being more widely disseminated.
2 – There appears to be at least one major platform / release that does not support audit of the method of changing data.
How to determine SAP Table Buffer Requirements
I had one of those ‘doh’ moments during a recent SAP performance performance tuning workshop. The instructor, Tim Bohlsen, pointed out a remarkably easy way to discover how large a table buffer that a running ABAP WAS system instance requires to reduce buffer swaps to zero.
This is important because the easiest way to reduce your database I/O in ANY application, SAP or not, is to reduce the need to go to disk. Keeping data in the Application buffer improves response time by reducing the time (both the CPU time and the I/O time) requiried by the DBMS to continually retrieve that data.
In the case of an ABAP engine, you use transaction ST02 to determine if there is any swapping going on in the first place. In the case shown below, both table buffers have some swapping – it is a relatively well tuned HR/PY system, so there isn’t much table buffer swapping despite the sytem being up for two months. Oh, and there isn’t much point in doing this on any other system except the one you wish to tune as it will be extremely difficult to replicate the load of the target system.
Select the images to open larger versions in another window or tab
In this case, we will look at the Generic Key Buffer, since it is the the worst of the two Table Buffers. Selecting the buffer in question, by double cliking on the line, results in a screen showing a little bit more detail. This has some usefull navigation features. As shown below, we are looking at the current status of the buffer, but we have the option to look at the history of the buffer. This can give us an idea of when the swaps occurred, which we can then track back to certain workloads. Moe importantly, we can look at the current status of the individual objects in the buffer.
Now we have the statistics for individual tables (or parts thereof ) that are currently loaded into this Buffer. This data is usefull in and of itself, which I will touch on in a later post, but first, select the Next View button.
The value highlighted below is the total value for Size maximum [bytes]. This is the sum of the highwater mark for each table that has been loaded into the buffer so far. In other words, the amount of storage required to accept all data requests that should be buffered, without swapping, since the instance was started.
Now, you could put this value straight in to the appropriate profile parameter and restart your system, but there are a couple of caveats.
- If a table is marked to be buffered, but has not been read yet, it will not be included in the buffer or, therefore, the buffer size yet,
- You need to examine the detail of both the snapshot and the history to determine if the correct tables are buffered or if they are correctly buffered (the Invalidations total suggests that there is some work to do in this area), and, most importantly,
- This does not tell you if you have sufficient storage available to fulfill any increase in the buffer size without causing problems elsewhere
So, make sure your system has been through a pay run, or a month-end (or whatever the appropriate business cycle is) before you use this method to measure the requirement,
use sappfpar to validate the storage requirements of your new profile parameters, and
be aware that this is only the first step towards efficient use of all of the available resources.
This won’t fix all your performance problems. However, it is an important first step. Your database vendor may make the most efficient database engine there is, but calling any DBMS to get data will always be slower than getting that data from memory.
2 ways to Measure Exact Throughput of a TCP IP network
One of the sizing issues with an SAP system that doesn’t receive due consideration is the network capability; not just speed, but throughput. It’s always usefull to know what your Network is capable of, especially if you have lots of data to move (Support Packs / Support Stacks and so on). But how do we find out?
NetCPS (a single executable file) is rather simplistic, with no fancy features as the author (credits to Jarle Aase) says. It pumps 100MB of generated data (without accessing the HDD which could mess with the final result) and then displays the result in form of average speed stated in both KB/s and MB/s. You can also get source code if you’d like to do some further tinkering with it, or port it. Everything you need to know is on the webpage or available by using -help switch.
Another, more sophisticated, tool (without being too big) is Iperf (a single executable, with source available on the same page). Settings are changed by use of various switches.
For example, the image above shows the port used is changed to 1234, amount of sent data set to 200 MB, interval of reports set to 2 seconds for better accuracy and report format set to MBytes. The usual -help switch brings up further instructions for changing the many additional switches and settings available with this tool
Network tools for BASIS Administrators
Depending on how advanced the rest of your IT organisation is, you may need to be the jack of all trades. In fact, sometimes it feels as if anything that a Developer or End User doesn’t understand automatically becomes the property of the BASIS Administrator. Typicaly, these can include anything to do with the infrastructure between the users desktop and the SAP application.
An example I’ve been currently working on is a network issue where a user can access the Portal from one machine but not another. I used to use separate tools to do my network monitoring and debugging (yes, there are people responsible for this, but I have won a lot of good will by providing as much data as possible), but these days ….
Net Tools 2008 has been described as The Swiss army tool for network administrators everywhere. It is a very versatile tool, and
just like any tool it can be used for good or evil. What this means is that you may find the site blocked at work.
Available functions, usefull for both the desktop and Windows Servers, include
An FTP Client for quick file transfers,
Monitor system up status with Monitor Host IP,
Mass file renamer, to rename a whole bunch of log files,
Bandwidth Monitor.
Another tool that I’ve feard of is eToolz which is a collection of network and Internet tools that provides a graphical interface for several common commands. This includes ping, tracert, DNS lookups, http headers, default ports, etcetera. This seems more directedt to someone who who supports web sites, but after all thats what the Portal is …
SAP Windows : Monitoring Disk usage
This will be useful for any SAP system running on Windows, or for your own desktop or laptop.
DriveSpacio is a free Windows utility for examining hard drive usage. When you first boot the program you’ll get a list of each hard drive and partition on your system, along with, some details like the files system, cluster size, and a pie chart or bar graph showing used and free space.
But the fun really begins when you click on the Folders section. You can choose a folder, or an entire drive (just click C: or E: or what have you in the browse window), and DriveSpacio will plot your folders on a graph showing you which of your folders are eating the most space. It takes a few moments to scan folders with a lot of subfolders or files, but the result is a pretty effective tool for figuring out why you’re running out of space on your hard drive.
WinDirStat is another free utility which does pretty much the same thing. But if you prefer the bar graph/pie chart look to WinDirStat’s more abstract-looking visualization, DriveSpacio is worth a look. But there is at least one area where WinDirStat holds the edge: while you can delete files from the WinDirStat interface, DriveSpacio only shows you file and folder names. It doesn’t let you launch or delete files.
From Shell Extension City
