Sunteți pe pagina 1din 73

SAP NETWEAVER ADMINISTRATION 05/03/2016

Chapter 1 SAP Net Weaver Application Server Architecture

Architecture:

Technical Components
An SAP system consists of several application server instances, as well as one or more databases.

Central instance that contains the Message server and the Enqueue server. The SCS (System
Central Services) for the AS JAVA, the ASCS (ABAP System Central Services). It cannot
process any dialog requests.

Message Server

Only one message server can run in each SAP system.

It performs the following tasks in the SAP system:

Central communication channel between the individual application servers (instances)


of the system
Load distribution of logons using SAP GUI and RFC with logon groups
Information point for the Web Dispatcher and the application servers (each application
server of the system firsts logs on to the message server)
When an instance is started, the dispatcher process contacts the message server so that it
can announce the services it provides (DIA, BTC, SPO, UPD, and so on).
If the connection setup to the message server fails, an entry is made in the system log
(syslog).
To monitor the message server, you can use the message server monitor
(transaction SMMS)
SAP NETWEAVER ADMINISTRATION 05/03/2016

The Internet Communication Manager (ICM)

Sets up the connection to the Internet.


It can process both server and client Web requests.
It supports HTTP, HTTPS and SMTP protocols for the AS ABAP.
In AS Java the ICM supports the HTTP(S), P4, IIOP and Telnet protocols.
AS ABAP components:
The dispatcher
If all the processes are occupied, the requests are stored in the dispatcher queue.
This can be monitor by using a command line tool DPMON
(It listens on the port 32<sysnr>).

AS Java components:

The instance controller controls and monitors the life cycle of the AS Java instance.

Minimum AS Java Cluster:

A minimum AS Java cluster installation consists of a central services instance, one Java
instance with one server process, and a database.

***************

Chapter 2 Memory Management in AS ABAP


SAP NETWEAVER ADMINISTRATION 05/03/2016

In SAP the memory management system assigns memory to a work process.

Virtual memory is further divided into Shared memory and Local Memory.

Shared Memory represents memory space accessible by all work processes.

Local memory is a portion of memory that is dedicated to single work process.

R/3 Buffer

R/3Buffer is the part of Extended Memory of shared Memory.

It is accessible to all the work process of same application server.

R/3 Buffer contains frequently accessed contexts like programs, tables, fields, currencies, calendar, and
measurements are stored in R/3 buffers.

Following are the Parameters for the same: -


Abap/heap_area_dia:- Defines the limit for the amount of local memory allocated to dialog work
processes.
Abap/heap_area_nondia:- Defines the limit for the amount of local memory allocated to non-dialog
work processes.
Abap/heap_area_total:- Defines the limit for the total amount of heap memory allocated to all work
processes.

Extended Memory:

Extended Memory comes under Shared Memory.

Extended Memory contains User Context Data.

Heap / Private Memory:


SAP NETWEAVER ADMINISTRATION 05/03/2016

When your Extended Memory is full, Work Process start using Heap Memory i.e., Private Memory

It is Local area.

Work Process switching:

Roll Area:

Local SAP Roll area of work process:

The initial part of user context data is stored


Each SAP wp can only access its own roll are

Shared SAP Roll area (Roll Buffer in fig):

Accessible to all instance wp


Buffer to temporary keep user context data when user is assigned to new work process.

Roll in: copying user context from shared roll area to local roll area

Roll Out: copying user context from local roll area to shared roll area

Paging Memory

Paging Memory contains ABAP Objects Extracts and Exports.

Following are the parameter to configure paging memory.

Rdisp/PG_SHM:- Paging Buffer Size

Rdisp/PG_MAXFS:- Maximum Size of the SAP Paging File

Roll file and Page File:

When there is not sufficient buffer space, the roll area and the paging area must be stored in the respective
physical disk files (roll file and paging file).

Thus, the user data processed in work processes is stored in two areas:

The roll file and its associated buffer


The page file and its associated buffer

Memory Process:
SAP NETWEAVER ADMINISTRATION 05/03/2016

Normally, there are fewer work process. So there is an switching between work process.
In the course of their work in dialog work processes, users accumulate user context data" in local roll
area.
Work process 1 is occupied by another user. When user 1, who was formerly working in work process 1, is
therefore dispatched to work process 2, the user context data is copied into work process 2 by the
mechanism known as a "roll in". User 1 can thus continue from where he or she stopped in the earlier
work process.
At the time of work process switching
The mechanism known as a "roll in/roll out" ensures that when user 2 needs to use the work process
which has just been used by user 1, the user context data of user 1 is not be lost or overwritten.

Memory Allocation:

User submit the request


Dispatcher assigns the work process
WP requires memory to Roll In the user context.
WP gets memory from local memory which is defined in parameter ztta/roll_area.
It gets only a part of it which is defined in parameter ztta/roll_first.
If the allocated memory is not sufficient then it get allocated from extended memory.
If that is also not sufficient then it uses HEAP Memory.
If heap memory is consumed the WP is no longer available and goes in private mode.

**************

Chapter 3 SAP START / STOP


SAP NETWEAVER ADMINISTRATION 05/03/2016

Starting Sequence for sap system: Make sure that you adhere to the following sequence when starting the
instances:

ABAP system:
1. Database instance
2. Central instance
3. Dialog instances (if available)
Java system:
1. Database instance
2. SCS instance
3. Central instance
4. Dialog instances (if available)
Dual-stack (ABAP+Java) system:
1. Database instance
2. SCS instance
3. Central instance
4. Dialog instances (if available)
Starting SAP from command: If you want to start all SAP system instances running on the same host, execute the
following command:
startsap or startsap -t all
C:\usr\sap\I47\SYS\exe\run> startsap sapstart.exe name=I47 nr=01 sapdiahost=IDES47NUP
pf=C:\usr\sap\I47\SYS\profile\START_DVEBMGS01_IDES47NUP
Stopping Sequence for sap system: Stopping sequence is reverse of starting sequence.
Stopping SAP from command:
stopsap or stopsap -t all
C:\usr\sap\I47\SYS\exe\run> stopsap sapstop.exe name=I47 nr=<instance no> sapdiahost=<Hostname>
pf=C:\usr\sap\I47\SYS\profile\<START profile/Instance profile>

Chapter 4 SAP Profiles


All the profiles mentioned above are stored in the profile directory defined during installation of the SAP system.
This path can be set using DIR_PROFILE profile parameter in the start profile.
Ideally the path of profile directory would be
In Unix Systems : /usr/sap/<SID>/SYS/profile or /sapmnt/<SID>/profile
In Windows NT : \\<SAPGLOBALHOST>\sapmnt\<SID>\sys\profile
DEFAULT.PFL

It contains system-wide settings which include


Name of the SAP system
SAP NETWEAVER ADMINISTRATION 05/03/2016

The database system


Name of the Enqueue server
Each SAP R/3 instance to be started reads this profile first. The information specified in this profile is very
vital for the functioning of the SAP system.
Start Profile
In other words, the start profile determines how, where and under what name individual SAP R/3 services and
processes are to start.
The naming convention of START PROFILE will be as START_<instance><instance_number>_<host_name>
E.g.: START_DVEBMGS00_prdserv4
For the start profile default names are assigned during the installation of an instance based on the services that are
running on the instance. For example, DVEBMGS in the start profile above confirms that following services are
available for that instance.
D Dialog
V Update
E Enqueue
B Batch
M Message
G Gateway
S - Spool

Instance Profile:
Like start profile, Instance profile is specific to an instance.
It means if there are 5 application servers each will have one separate start profile with the settings
specific to an instance.
The runtime environment of the instance is configured in the instance profile.
The naming convention for the instance profile will be as below :
<SID>_<instance><instance_number>_<hostname>
E.g.: SQ1_DVEMBSG00_prdsapk1
During the installation of an SAP R/3 system, the profiles are created with standard values. Later it is
Basis administrators responsibility to tune the parameters.
The source code of the SAP Kernel already sets standard default values for most of the system
parameters. However, you must specify some specific details like computer name, system name and
distribution of resources in the profiles.
The SAP profiles are read during the startup of an instance. The values defined in the system profile
(i.e. DEFAULT.PFL) overwrite the standard settings in the source code. The values defined in the
instance profile overwrites the parameter values of DEFAULT.PFL for the instance.
In case of any changes to System Profile (DEFAULT.PFL or Default Profile), you must restart all the
instances of the SAP system as this is common for all instances.
However in case of any changes to instance profile, it is sufficient to take restart of only that
particular instance for the changes to take effect.
Sequence of SAP profiles that are read while starting SAP system:
1. First start profiles of various instances are read by the sapstart program
SAP NETWEAVER ADMINISTRATION 05/03/2016

2. Secondly Default profile is read


3. Finally, instance profiles of various instances are read.

Change SAP Parameter:


SAP parameter can be set using RZ10 transaction.
Go to RZ10, select the respective instance profile of the application server on which you would like
to change the parameter.
The parameter will take effect after restart of the application server

Chapter 5 Trouble shooting SAP start


Logs of Start/Stop

If there are problems during the start, these logs are stored in the home directory (DIR_HOME) of the relevant
instance.

You can set the granularity of the logged information to four levels using the profile parameter rdisp/TRACE. The
possible values for this parameter are

0: Errors only

1: Error messages and warnings (Default)

2: Error messages and a short trace

3: Error messages and a complete trace

A variety of causes can cause the SAP system not to start correctly. To analyze the problem, proceed as
follows.
Check the error messages and warnings in the Event Viewer.
Check that the service SAP<SID>_<Instance Number> (such as SAPDEV_00) was started.
To do this, go to the Services window (Start Programs Administrative Tools Services).
Check the status of the respective database system using the error log files
Check the start log in the MMC.
To do this, select the affected instance and
Choose All Tasks View Developer Traces in the context menu.
Check the error files stderr<n> that were created by SAP Service.
Check the trace files of the individual SAP work processes:
dev_ms : Developer trace for the message server
dev_rd : Developer trace for the gateway
dev_disp : Developer trace for the dispatcher
dev_w<m> (m is the work process number): Developer trace for the work process.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Database Logs

MS SQL

The MS SQL Server logs all significant events such as starting and stopping the database and error messages in
the file < Drive >...\MSSQL\LOG\ERRORLOG.
A new error log file is written at every start of the MS SQL server. Multiple versions of these error log files are
stored as ERRORLOG.1, ERRORLOG.2, and so on.
The oldest available version is stored as ERRORLOG.6. At every restart of the SQL server, the oldest file is
overwritten.
If a serious database problem occurs, you should backup the oldest file before the restart, so that this
information is not lost.

These error log files can be displayed in the Enterprise Manager.

Oracle

The Oracle database logs such as starting and stopping the database and error messages in the file
<Drive>:\oracle\<SID>\saptrace\background\ALRT.LOG.
Detailed information about errors is logged in the Oracle Trace File:
<Drive>:\oracle\<SID>\saptrace\usertrace\Ora<no>.trc.
If the system administrator administers the database with sapdba, this writes its own log files in the following
directories:
<Drive>:\oracle\<SID>\sapreorg
SAP NETWEAVER ADMINISTRATION 05/03/2016

<Drive>:\oracle\<SID>\sapcheck
<Drive>:\oracle\<SID>\sapbackup

Chapter 6 Operation Modes

During the day, a large number of dialog users, therefore, a large number of dialog work processes, while
during the night, however, small number of these dialog work processes are used, and the system can be used
to process more background jobs.

The type and number of work processes for each instance is defined in the profiles.

By defining operation modes, you can change not only the total number of work processes defined in the
profiles, but also the type and distribution of the individual work process types within this total number.

The switch between the work process types is performed dynamically during the runtime of the SAP system.

A reserved work process is not immediately terminated, but marked for switching. This means that certain
delays may occur. This type change is logged in the system log.

The time table (SM63) differentiates between normal operation and exception Operation. A general time
definition that applies almost all of the time is set using normal operation.
SAP NETWEAVER ADMINISTRATION 05/03/2016

In rare cases, in which a special distribution of the work processes for unusual system loads is required, they
are defined using exception Operation. (Apart from general day and night operation mode).

Rules for Work Process Distribution

Number of work processes

The total number of work processes cannot be changed because it is defined in the instance profile.

Dialog processes (2)

The number of dialog processes is calculated automatically from the total number of work processes
minus all the other work processes.

There must always be at least two dialog processes. The number of other work process types can only
be increased if there are more than two dialog processes.

Background processes (1)

The number of background processes can be changed as required.

The number of background processes can be set to 0 for each server, but there must be at least 1
background process available in the system.

Class A jobs

The number of work processes reserved for job class A is a subset of the number of background
processes.
You should only reserve work processes for job class A if it makes sense within your system
organization. Work processes reserved for class a jobs are no longer available for job classes B or
C.

Update processes (1)

The number of update and V2 update processes can be increased as required, but cannot be reduced to 0. If
no update process were available, the update queue could not be processed during an operation mode
switch.

If an instance is running without an update process, you cannot increase the number to 1 during an
operation mode switch.

Enqueue processes (1)

The number of Enqueue processes can only be changed within certain limitations. An instance is
defined as an Enqueue server in the instance profile. You can only change the number of Enqueue
processes as follows: 1 to n and n to 1

You can increase the number of Enqueue processes to more than 1. However, most of the time there
is no advantage in doing so. You should only increase the number of Enqueue processes to more than
1 after consulting EarlyWatch or your SAP consultant.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Spool processes
The number of spool processes cannot be changed.

Setting up Operation Mode

Steps to Configure Operation Modes

First, the operation modes are created as empty containers in transaction RZ04.
Next, all active instances of the system are recorded and the work processes defined in the
instance profile are assigned to the operation modes as default values
Assign work process to operation mo
Using transaction SM63 define the time table for switching.

Note: You cannot arbitrarily change the work process distribution.

The Control Panel (RZ03) allows you to monitor the instances and the operation modes and provides
functions to:

Check the status of all instances and of the operation modes


Start and stop the instances
Manually switch operation mode
Display an overview of the work processes
Switch to the Alert Monitor

You can switch the operation mode either for all instances (Control Switch

Operation mode All servers) or for a selected instance (Control Switch


Operation mode Selected servers).

You can first simulate the switch of operation modes (Control Switch operation
SAP NETWEAVER ADMINISTRATION 05/03/2016

Mode Simulation); that is, the system checks which instances can be switched.
You can display a detailed analysis of the status of the individual instances by choosing
Monitoring Status Details.

Chapter 7 User Administration


People log on to an operating system, a database, or an SAP system using a user/password combination.

Users and authorization data are client-dependent.

User group

Enter the name of the user group to which this user is to belong.

If you want to distribute the user maintenance tasks amongst several user administrators, you must assign the
user to a group. Only the administrator with authorization for that group may then change the master record.

A user master record which is not assigned to a group can be changed by any user administrator.

Types of SAP Users

Dialog 'A'

Normal dialog user is used by one person only for all types of logon.
During a dialog logon, the system checks for expired and initial passwords and provides an option to
change the password.
Multiple dialog logons are checked and logged if necessary.

System 'B'

Use the system user type for internal system processes (-> background processing) or system-related
processes (-> ALE, workflow, TMS, CUA).
Dialog logon (using SAP GUI) is not possible.
A user of this type is excluded from the general settings for password validity. Only user administrators
can change the password using transaction SU01 (Goto -> Change Password).
Multiple logons are permissible.

Communication 'C'

Use users of type Communication for dialog-free communication between systems (-> RFC or CPIC).
Dialog logon (using SAP GUI) is not possible.
The general settings for the validity period of a password apply to users of this type.
Users of this type can change their passwords (like dialog users). The dialogs for changing the password
must be provided by the caller (RFC/CPIC client).
You can use the RFC function module USR_USER_CHANGE_PASSWORD_RFC or the RFC API
function RfcOpenEx () to change the password.

Service 'S'

A user of the type Service is a dialog user that is available to an anonymous, larger group of users.
Generally, this type of user should only be assigned very restricted authorizations.
For example, service users are used for anonymous system access using an ITS service or a public Web
service.
Once an individual has been authenticated, a session that started anonymously using a service user can be
continued as a personal session using a dialog user (see SUSR_INTERNET_USERSWITCH)
During logon, the system does not check for expired and initial passwords.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Only the user administrator can change the password.


Multiple logon is allowed.

Reference 'L'

Like the service user, a reference user is a general user, not assigned to a particular person.
You cannot log on using a reference user.
The reference user is only used to assign additional authorization.
Reference users are implemented to equip Internet users with identical authorizations.
On the Roles tab, you can specify a reference user for additional rights for dialog users. Generally, the
application controls the allocation of reference users. You can allocate the name of the reference user
using variables. The variables should begin with "$". You assign variables to reference users in transaction
SU_REFUSERVARIABLE.
This assignment applies to all systems in a CUA landscape. If the assigned reference user does not exist in
one of the CUA child systems, the assignment is ignored.

Overview

Overview of the properties of users of the different user types:

Property \ Dialo Communicatio Syste Servic


User Type g n m e
Dialog X - - X
logon (SAP
GUI)

Multiple - X X X
logons
RFC logon X X X X

Backgroun X - X X
d job
execution
Password X X - -
change
Logon X X - -
ticket can
be
generated

To Create Users :
Transaction SU01
Create/Copy user
Assign roles from Role tab.
Assign Profile from profile tab
SAP NETWEAVER ADMINISTRATION 05/03/2016

Chapter 8 System Logon and Logon Groups


System Logon:

To be able to create a connection between the front end and an instance of an SAP system, the sapgui.exe
program requires various information in the form of start parameters

This parameter string is usually generated by the saplogon.exe program, using information about the system
selected for logon.

This information comes partly from the configuration files of SAP Logon, and partly from a direct request to
the message server of the selected system (see steps1 and 2 in the following figure).

SAP Logon then starts the SAP GUI with these Specifications. In this way, an instance with good
performance is selected for log on when log on uses logon groups.

SAP GUI sends the users logon data to the instance (step 3 in the figure)

After the dispatcher has determined a free work process to process the logon, it transfers the logon data to this
work process (step 4).

The work process, in turn, checks whether the received combination of user ID and Password is known to the
system using a request to the database (steps 5-8).

A positive response from the database prompts the work process to return the initial screen of the system to
the front end.

Logon Groups
SAP NETWEAVER ADMINISTRATION 05/03/2016

Logon groups (or work groups) are configured to dynamically distribute the load being processed by the
dialog work processes.
Logon group can be configured using t-code SMLG

In many cases, SAP systems will have 2 or more sap abap instances. In these cases, logon groups can be
configured to achieve dynamic distribution of dialog users on the ABAP instances.

Setting up logon groups helps in uniform distribution of the work load across the available instances.

While logging on using a logon group, the ABAP message server is contacted to identify the instance with
best performance statistics within the selected logon group.

A report runs in SAP every 5minutes which determines the load across each server and updates in the
memory area of the message server.

This information will be used by SAP GUI to determine the best instance to distribute the next user.

SPACE is the default logon group. By default, every instance of an SAP system (including central instance)
is assigned to the logon group SPACE. This performs uniform distribution of the dialog workload.

Other Criteria are as follow:


1. Logon groups according to SAP application / module:
Separate logon groups can be setup for applications/modules such as HR, FI/CO, SD, MM etc.
2. Logon groups according to language, country or company division:
If your SAP system is operating across multiple countries or languages, in that case it is good
idea to create logon groups specific to a country or language.
3. Logon groups for the SAP Web Dispatcher:
For direct ABAP web service requests, we can setup logon groups that the SAP Web Dispatcher
can use.
If logon groups are not configured for web dispatcher, the load is distributed to all ABAP
instances on which ICM is configured.
Also, based on URLs we can distribute certain group of requests to dedicated logon groups.
4. Logon groups for ALE/RFC:
Asynchronous RFCs are used to process in parallel. However if the parallel processes are not
limited properly, they can occupy all the available processes which impacts dialog users and can
bring down the application.
So, it is good idea to create separate logon groups for incoming RFC calls so that RFCs are kept
separate from work processes of online users and thus avoids impact to dialog users.

You can change the following properties:

1. IP address of the application server


Only enter a value in this field if the application server associated with the instance needs to be
addressed by the front end with a different IP address to the one used for application server-
internal communication.
This value applies only for the selected assignment.
2. Settings for external RFC call
You can use this indicator to determine whether logon using an external RFC connection is to be
permitted.
This value applies to the selected logon group.
3. Threshold values for dialog response time and number of users logged on
If you log on using a logon group, the logon is automatically performed using the instance of the
group that currently has the best dialog quality.
SAP NETWEAVER ADMINISTRATION 05/03/2016

This quality is a key figure that is calculated from the number of users logged on and the average
dialog response time.

You can set threshold values for the dialog response time and the number of users yourself. The
larger the actual values for response time and the number of users are in comparison to the
threshold values set, the lower the quality. These figures apply for the selected instance.

Steps to create Logon group

Transaction SMLG
Create Assignment (f8)
Give logon group name
Select the Application server
Change Attribute
Go to host where sap Gui is installed
Go to C:\\ Windows\system32\drivers\ec\service
Add sapms<message server sid> 36<instance no>/tcp
Create connection
Connection type : Group/server selection
Give message server host
Select Logon group name from the list.

Note: For load balancing Add sapms<message server Sid> 36<instance no>/tcp in target
system.

***********

Chapter 9 RFC Connection


RFC Fundamentals
SAP NETWEAVER ADMINISTRATION 05/03/2016

Remote Function Calls have been used as the technical interface with which SAP and non-SAP systems are
usually connected.

The RFC interface system allows function calls between two SAP systems or between an SAP system and an
external (non-SAP) system.

For an RFC call, the RFC interface

Converts all parameter data to the format required in the remote system
Calls the communication routines that are required to communicate with the remote system
Handles errors that occur during the communication

RFC is an SAP interface protocol that is based on the Common Programming Interface for Communication
(CPI-C)

To call a function module on a remote system, you must define the remote system as a destination in your
calling system. You also require access authorization for the remote system.

RFC connections can always be used across the entire system. This means that an RFC connection you have
defined in client 000 can also be used from client 100 (without any difference).

Types of RFC

Synchronous

Requires both the systems (client and server) to be available at the time of communication or data transfer.

It is the most common type and is required when result is required immediately after the execution of SRFC.

SRFC is a means of communication between systems where acknowledgements are required.

The resources of the Source System wait at the target system and ensure that they deliver the message/data
with ACKD.

The Data is consistent and reliable for communication.

The issue is if the target system is not available, the source system resources wait until target system is
available.

This may lead to the Processes of source system to go into Sleep/RFC/CPIC Mode at target systems and
hence blocks these resources.

Used for:

For communication between systems


For communication between SAP Web Application Server to SAP GUI

Asynchronous

It is communication between systems where acknowledgements are not required (it is similar to post card
delivery).

It doesn't require both the systems to be available at the time of execution and the result is not immediately
required to be sent back to calling system.

The Source System resource does not wait for the target system as they deliver the message/data without
waiting for any acknowledgement. It is not reliable for communication since data may be lost if the target
system is not available.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Used for

For communication between systems


For parallel processing

Transactional

Transactional RFC is an asynchronous communication method that executes the called function module in the
RFC server only once, even if the data is sent multiple times due to some network issue.

The remote system need not be available at the time when the RFC client program is executing a TRFC.

The TRFC component stores the called RFC function, together with the corresponding data, in the SAP
database under a unique transaction ID (TID).

If the system is not available, it will write the Data into ARFC Tables with a transaction ID (SM58) which is
picked by the scheduler RSARFCSE (which runs for every 60 seconds).

Used For-

Extension of Asynchronous RFC


For secure communication between systems

Queued

Queued RFC is an extension of t-RFC.

This method guarantees that all the requests are processed in the sequence in which they are received.

To guarantee that multiple LUWs (Logical Unit of Work/ Transaction) are processed in the order specified by
the application.

T-RFC can be serialized using queues (inbound and outbound queues). Hence the name queued RFC (q-RFC).

Used For-

For a defined processing sequence


Implementation of q-RFC is recommended if you want to guarantee that several transactions are processed
in a predefined order.

To create RFC destination use t-code sm59

Chapter 10 Authorization Concept


Security within SAP is achieved through the authorization concept

Three levels of security in SAP


SAP NETWEAVER ADMINISTRATION 05/03/2016
SAP NETWEAVER ADMINISTRATION 05/03/2016

User

Entity that has an authority to use an application, process or system.

Roles

Role is basically a job description which tells which job a user should perform.

Roles are like containers which contain authorization objects, profiles, transactions.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Types of Roles:

Single Role

Single Role contain unique characteristics and is created with the role administration tool and allows
the automatic generation of an authorization profile.

The role contains the authorization data (authorization objects and its corresponding values) and
transaction authorization data also.

User can be assigned roles through TCODE PFCG or SU01.

User can hold up to 312 roles.

For role creation, PFCG TCODE used.

Composite Role:

These are logical groupings of single roles.


Max 164 single roles can be attached to one composite role.

Master - Derived roles:

Derived role
These are created using the authorization data and characteristics of a master role with
different organizational-level restrictions.
Master roles:
These are the basis for derived roles.

Note: Imparting transactions from one role to another

You can use an existing role as a reference.


In this case, the system transfers the transactions in this role.
This process of deriving one role from another is only possible if you have not yet assigned any transactions to
the role.
The role then transfers the transactions from the imparting role, or the imparting role passes on its transactions
to the role dependent on it.

Profiles

Authorization profiles give users access to the SAP System. It basically give permissions to perform system
functions.

Can assign 300 authorization profiles to a user.

Profile created using TCODE SU02.

Types of Profiles

Single profile: contain authorizations. Each authorization is identified by the name of an


authorization object and the name of the authorization created for the object.

Composite profile: A composite profile assigns all of the simple or composite profiles it contains to
a user.

Generated authorization profile: Is generated in role administration from the role data.

Authorization
SAP NETWEAVER ADMINISTRATION 05/03/2016

Authorization is the process of giving someone permission to do something.

Authorization is an instance of authorization object.

In multi-user computer systems, a system administrator defines for the system which users are allowed access
to the system and what privileges to be used.

Authorization Object

Its a method of restricting users to access any particular application created in the system.

Authorization object is the collection of 1 to 10 authorization field.

The values in these fields will be used in authorization check.

Authorization Class

Authorization Class is a logical group of similar Authorization object.

Similar in sense of functional module they support

Custom authorization object should follow naming convection y or z

Authorization Field/values

Authorization fields represent the values to be tested during authorization checks.

Can enter up to 10 authorization fields in an object definition.

TCODES Used:

SU22 Maintain the authorization default values


SU24 objects and their related T-code assignment

For example

Authorization Object: S_TABU_DIS, with the Authorization field: ACTVT: 03 and BRGRU: SS: - It means
that for table belonging to authorization group (BRGRU) SS, the activity is 03 (i.e. display). So the user get
the access display certain tables belonging to authorization group SS.
Now suppose the user also needs access to change the certain tables and suppose those table belong to
authorization group AA.
Then will need another combination i.e. Activity:02 ; BRGRU:AA
Assuming both the authorization (display access to SS and change access to AA authorization group tables)
need to be given via same role.
In this case we have to use two instance of Authorization object S_TABU_DIS in the role with two different set
of values
ACTVT:03; BRGRU:AA and
ACTVT:02; BRGRU:SS

Assign Authorization to users

Manual authorization profile:

Transaction code SU02


Create Profile
type of profile (Composite/Single)
Select Authorization Object
Select Authorization
SAP NETWEAVER ADMINISTRATION 05/03/2016

Transaction Su01
Create /Edit User -> Profile tab
Assign Saved Profile to user.
Generated authorization profile

Transaction PFCG

Create Single Role


Authorization tab
Change Authorization data Manually
Select the Authorization Object
Assign Authorization Field.
Generate button (shift + f5)
Give the profile name and Execute/Enter.
Transaction Su01
Create /Edit User -> Role tab
Assign Role to user.

Transaction SUIM: Can find the user, role, profile related data with the change history data.

Different types of lock

Shared lock: S

Several users (transactions) can access locked data at the same time in display mode.
A request for another shared lock is accepted, even if it comes from another user.

Exclusive lock: E

An exclusive lock protects the locked object against all types of locks from other transactions.
Only the same lock owner can reset the lock (accumulate).
SAP NETWEAVER ADMINISTRATION 05/03/2016

Exclusive but not cumulative lock: X

Exclusive locks can be requested several times from the same transaction and are processed successively
In contrast, exclusive but not cumulative locks can be called only once from the same transaction.

Optimistic lock

Optimistic locks initially behave like shared locks and can be converted into exclusive locks.

Locks and SAP Update (SAP NetWeaver AS ABAP)

During the course of the transaction, the lock is passed to the SAP Update System.

Locks that have been passed to the update system are stored both in the lock table and in a backup file, so
that they are not lost if the Enqueue server fails.

The backup flag is then set in lock management.

Lock Owners

A lock can have one or two owners.

You use the _SCOPE parameter to specify this.

To determine in a program which user is currently holding a lock, use the ENQUEUE_ function
module. This function module puts the name of the owner into SY-MSGV1.

Database Locks:

The database system automatically sets database locks when it receives change statements (INSERT,
UPDATE, MODIFY, DELETE) from a program.
Database locks are physical locks on the database entries affected by these statements.
You can only set a lock for an existing database entry, since the lock mechanism uses a lock flag in the entry.
These flags are automatically deleted in each database commit.
This means that database locks can never be set for longer than a single database LUW; in other words, a
single dialog step in an R/3 application program.

SAP Locks:

To complement the SAP LUW concept, in which bundled database changes are made in a single database
LUW, the R/3 System also contains a lock mechanism, fully independent of database locks, that allows you
to set a lock that spans several dialog steps. These locks are known as SAP locks.
The SAP lock concept is based on lock objects.
Lock objects allow you to set an SAP lock for an entire application object. An application object consists of
one or more entries in a database table, or entries from more than one database table that are linked using
foreign key relationship
Before you can set an SAP lock in an ABAP program, you must first create a lock object in the ABAP
Dictionary.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Chapter 11 Change and Transport System

SAP System Landscape

SAP System Landscape Recommended by SAP


SAP NETWEAVER ADMINISTRATION 05/03/2016

Data in a sap system

Data in
an SAP system can be divide
di n to two categories

Client specific data, application data customizing and user master data which affects only one client.
Cross client data, Cross client customizing data, and all Repository objects.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Change and Transport System


SAP NETWEAVER ADMINISTRATION 05/03/2016

Sap provided a tools for creation, documentation and distribution of changes within a sap system landscape.

The Change and Transport System (CTS), comprising the following tool.

The Change and transport Organizer (CTO)


b. Provide function for organizing software development projects.
Transport Management System (TMS):
Organize, Monitor and Performs Transport for all sap system within sap system landscape.

In addition, TMS is used to configure and manage the setting up of SAP System and transport
route within sap system landscape.

System and client change option

System change option

The system change option defines whether or not Repository objects and Client-independent customizing
objects are globally modifiable.

If they are globally modifiable, you can specify whether or not each software component or namespace can be
modified.

To reach the system change option use transaction SE06 and choose System Change Option.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Client change option

Client change options that are found in the clients master table T000, can be maintained by using transaction
SCC4.

The two settings that must be maintained to implement controls on where changes are made and enforce the
changes being recorded to change requests are:

Changes and transports for client-specific objects


Cross-client object changes
Note for detail please read 12_2 pg. 22

Customizing Using Current Settings

In a customizing project and also during the maintenance of a system all the customizing changes should be
transported and tested in the quality assurance system.

But certain kinds of customizing changes, known as data-only customizing changes, need to be carried out in
a production client without being saved as transport requests.

Examples of such data include interest rates, health insurance premiums, pension schemes, tax schemes, and
currency exchange rates, which may require frequent adjustment in SAP systems.

These changes are done directly in the productive system.

To avoid having to use change requests for these changes, SAP has introduced the Current Settings function.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Current Settings may be used within a production client without impacting business flow-related Customizing
objects.

SAP-approved Current Settings for customizing objects are kept in the field CURSETTING in the table
OBJH. SAP recommends that no customer changes be made to the table.

When using Current Settings in a production environment:

Client role is set to: Production


Cross-client object changes are set to: No changes to Repository and cross-client Customizing objects.
Changes and transports for client-specific objects are set to: No changes allowed.

Chapter 12 Transport Management System


After you install the first SAP system but before you make changes, you need to configure the TMS so that it
will record, track and control customizing and development changes for the subsequent transports to other
systems in the SAP system landscape.

The subdirectories required in the common transport directory include (among others):

Bin: configuration files for tp (TP_<domain name>.PFL) and TMS (DOMAIN.CFG).


Buffer: transport buffer for the each system, indicating which transport requests are to be imported.
Data: exported data.
Cofiles: command or transport request information files that include information on the transport type, object
classes, required import steps, and post-processing exit codes.
Log: transport logs, trace files, and statistics.
Tmp: temporary data and log files.
Actlog: action logs for all tasks and requests.
Sapnames: information belonging to transport requests for each SAP user.
EPS: download directory for SAP Support Packages
SAP NETWEAVER ADMINISTRATION 05/03/2016

With TMS you are able to

Define an SAP system's role within a system landscape or transport domain


Configure the transport routes using either an editor or delivered standard configurations
Configure the transport tool program's (tp) parameter profile
Display the import queues of all systems in the transport domain
Define quality assurance / acceptance procedures in the QA system
Schedule the import of change requests in an import queue
Perform transports between systems without a common transport directory
Handle transport proposals of developers

The configuration of TMS can be broken down into three individual steps.

1. Configuring the transport domain defines which systems will be included in the domain.
2. Configuring the transport routes defines the system and client roles within the landscape(s).
3. Configuring the QA procedure defines who is responsible for approving the acceptance of changes and
the promotion of those changes to the delivery system(s).

Transaction STMS in client 000 will

Assign the SAP system as the transport domain controller


Create transport domain name DOMAIN_<SID>
Create transport group GROUP_<SID>
Create system user TMSADM in client 000
Create RFC destinations
TMSADM@<SID>.<domain name>
TMSSUP@<SID>.<domain name>
Set up file DOMAIN.CFG in directory bin of the transport directory

Adding additional systems to a domain

When systems are initially added to the TMS configuration, the communication user TMSADM is
configured with limited authorizations. This user is utilized when distributing and activating the TMS
configurations.
Since configuration of the TMS only occurs on the domain controller, the domain controller would
then have to approve the new system in the domain.
After you have included an SAP system from one of the transport groups in the transport domain, the
description of the transport domain is stored in the file DOMAIN.CFG in the bin subdirectory of the
common transport directory.
All other SAP systems connected to this transport directory read the file DOMAIN.CFG during STMS
initialization to identify the domain controller and transport group address.
If your SAP systems do not have a common transport directory, you can manually configure TMS with
the address of the domain controller. In this case choose w in domain when entering transaction STMS
for the first time.
In the next popup, enter the target host and the system number of the transport domain controller.
Changes to the transport domain configuration are made in the transport domain controller, and then
distributed to all SAP systems in the transport domain.
Each time you make a change to the domain controller, a dialog box is displayed asking whether to
distribute the change. You can distribute several changes at once.
SAP NETWEAVER ADMINISTRATION 05/03/2016

There are two types of RFC destinations created by the TMS:


i) TMSADM@<SID>.<domain name>
ii) TMSSUP@<SID>.<domain name>.
The user TMSADM is inserted as system user into the TMSADM@<SID>.<domain name>
destination but there is no RFC user inserted into the TMSSUP@<SID>.<do-main name> destination.
Therefore, if you try to execute a function that goes beyond the limited authorizations of the
TMSADM user, for example, scheduling an import, the system uses the TMSSUP destination. As a
result, the system prompts you for a user name and password on the target system that does have the
necessary authorizations.
Virtual systems: Extending a transport domain is not restricted to physically installed systems. Virtual
systems are often included as place holders for planned systems and are replaced by the planned
system after it is physically installed.
Backup Domain Controller: If the SAP System acting as the domain controller fails, no changes can
be made to the TMS configuration. SAP therefore recommends that you configure a backup domain
controller that can assume the function of the domain controller when required.
Transport Tools (R3trans and TP): These are the tools that are used by SAP at operating system
level to communicate with SAP, database and the files generated during the export process.
The transport control program (TP) is a utility for provided by SAP for managing transports and to
handle release upgrades. This utility is in turn called by other programs like CTS, TMS and Upgrade
control program (R3up)
R3trans is a transport program provided by SAP to handle transports between different SAP systems
and for the release upgrades. R3trans is usually not called directly and it is called mostly by Transport
control program(TP) and Upgrade control program(R3up)

Configuring tp:

The transport control program tp requires a transport profile that contains information about establishing the
database connection for all SAP Systems in the transport domain.

TMS generates and manages this transport profile as a part of the transport domain configuration. Do not
adjust the transport profile using a text editor at operating system level.

To display the tp parameters of an SAP System

Transaction STMS.
Overview Systems. (Mark one system )
SAP System Display. Choose the tab Transport Tool.
Goto tp parameters. This displays the parameters in TP_<domain name>.PFL and the default
value of all parameters used by the programs tp and R3trans.
If a parameter is not specified, a default value will be used.
Global parameters override defaults. Local parameters override global parameters.

Configuring Transport Routes:

Transport routes indicate the role of each system and the flow of change requests. Types of route are as
follow.

A consolidation route is an export / import route. Typically, the consolidation route proceeds from the
development system (where the transport request is exported from) to the quality assurance system (where the
transport requested is imported into) in a standard three-system landscape. Consolidation routes have names
in order to be addressed.
SAP NETWEAVER ADMINISTRATION 05/03/2016

A delivery route is an import route. In a standard three-system landscape, the delivery route is specified
between the quality assurance system and the production system because there is no additional export from
the quality assurance system but another import in the production system. Delivery routes have no names.

All repository objects are grouped into logical units called packages (formerly: development classes).

The definition of each package contains an assignment to a transport layer. The transport layer is the name of
a consolidation route. Objects, via the assignment to the package, inherit this transport layer assignment.

All SAP delivered objects are assigned according to their packages to the transport route SAP.

Customizing objects (and others) are not grouped into packages. They follow the standard transport route.
This standard transport route is typically named Z<SID of the development system>

Typical SAP System Landscape with Transport Route :

Changes in transport route configuration are not valid until distributed and activated.

To distribute and activate the changes from the TMS editor of the transport domain controller, choose the
Distribute and Activate icon and activate or follow
SAP NETWEAVER ADMINISTRATION 05/03/2016

Configuration Distribute and Activate.

For activation the RFC connections are used, that are created during the setup of the transport domain.

Configuring QA Approval Procedure:

When a transport request is released and exported from the development system (DEV), the consolidation
system's (QAS) import buffer is populated.

The import buffer is a list of transport requests waiting for import

Once the transport request is successfully imported into the consolidation system, the import buffer for all
delivery systems (PRD) is populated.

With the QA Approval Procedure, the buffer of the delivery systems is populated but the entries are flagged as
inactive.
In other words, the transport requests cannot be imported until the responsible person(s) flags the transport request
as approved, which results in activating the entries in the delivery systems' buffers.
In other words, the transport requests cannot be imported until the responsible person(s) flags the transport request
as approved, which results in activating the entries in the delivery systems' buffers.

Transport Target Groups:

It is not possible to create two transport routes with the same transport layer from one SAP system.

The solution for the problem stated above is to create a transport target group, which may lead to one or two
more SAP system(s).

When a transport request, which has a transport target group as target, is released, it will fill the import
queue(s) of all systems in this transport target group.

In the figure below, all released transport requests that contain objects pointing to the transport layer ZDEV
are ready for import into both the QAS system and the QA2 system.
SAP NETWEAVER ADMINISTRATION 05/03/2016

TMS offers the Extended Transport Control (also known as client-dependent transport control, CTC) whereby
the administrator can automate the process by:

o Client-specific transport target groups.


o Client-specific consolidation routes.
o Client-specific delivery routes.

Setting Up the Transport Management System (TMS)

Chapter 13 Customizing Project


Customizing

Customizing adapts the SAP software to meet a company's individual business requirements by setting up the
business transactions the company requires in the system. For example

Defining a sales organization


Defining distribution channels
Assigning distribution channels to the sales organization
Defining pricing conditions and tax determination rules
Assigning general ledger accounts
In the example the definition of a sales organization
SAP NETWEAVER ADMINISTRATION 05/03/2016

A project IMG is the implementation guide for a specific customizing project. It contains all the customizing
activities which have to be performed in that project

Tools for Managing Transport Requests

SAP provides the following implementation tools for Customizing:

Implementation Guide (IMG):

The Implementation Guide (IMG) is the main customizing tool.

It represents the central entry point for all project members for carrying out the customizing activities.

Transport Organizer (SE09):

The Transport Organizer is used to create, manage, release, and analyze transport requests that record
Customizing or Repository changes.

To access the Transport Organizer you can use the transaction code SE09.

If the Customizing is changed, these changes must be recorded. The Transport Organizer (transaction SE09
/SE10) records the customizing changes in transport requests.

It is an information source in the Transport Organizer that records all changes and modifications made to
Repository objects and customizing settings during a development project.

If the Customizing is finished, the transport request can be released to the transport system for transferring
the changes to other systems in the system landscape.
SAP NETWEAVER ADMINISTRATION 05/03/2016

SAP recommends the following use of the transport function:

The project manager or responsible person creates a transport request.


The project members are assigned to the transport request by creating a task inside the transport request for
each project member.
The project members are recording their objects to their own tasks.
Note: The transport requests created and assigned by the project leader contain smaller units called
tasks that have been allocated to the project team members. In these tasks, the changes made by
the team members are recorded.

With the CTS functionality in the IMG projects it is now possible to link the transport projects to the project
IMG in which the changes are done.

This is possible by activating the project function inside the IMG project.
The activation can be done inside the IMG project administration.
If you want to use the CTS functionality in the IMG projects you have to activate the functionality in the IMG
project first.
IMG projects are client-independent. As a result, the CTS function may be separately enabled in different
clients for the same IMG project

Activating the CTS Project Functions for an IMG Project

When you activate the CTS project functions for an IMG project, you change the way the system reacts as
follows:
You can assign change requests to the project. You can see this assignment in the request overview.
When you save any changes that you have made to Customizing settings in the project IMG, you are only
proposed the requests that are assigned to the IMG project.
SAP NETWEAVER ADMINISTRATION 05/03/2016

In the import overview of the Transport Management System you can sort requests according to their
assignment to projects, and import them.
For more information on CTS project functions, see Application help under BC - Basis Components ->
Change and Transport System -> Change and Transport System - Overview.

Customizing Procedure

During normal customizing work, the sequence of the steps is as follows:

1. The project leader first assigns a transport request to a project and assigns the subsidiary tasks to the
users involved.
2. These users perform customizing changes that are recorded in the transport request.
3. After Customizing is completed, users must release their tasks so that the transport request can then be
released from the source system for export to the operating system.

Types of Customizing:

Client-specific customizing
1. These are typically customizing tables where the client field is on the first position in the table key.
2. An example of this is the customizing table T005 with the country customizing. The entries in that
table only affect the client that is specified in the key field of the entry.
Client-independent customizing
1. These are typically customizing tables without a client field in the key.
2. An example of a client-independent customizing table is the table T000 in which all clients that exist in
a system are stored.
Repository objects
1. Repository objects are for example table definitions in the ABAP dictionary or programs and reports.
2. The transport request can now be imported into the subsequent systems

To determine the client dependency of IMG transactions in a project IMG, from the

IMG menu, choose View Additional information Technical Data -> Client Dependence.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Customizing Request versus Workbench Requests

Customizing Request: This is a transport request for copying and transporting settings from client-specific
tables. Client-independent Customizing or workbench objects cannot be recorded into this kind of transport
request.
Workbench Request: This is a transport request for transferring and transporting Repository objects and
changed system settings from client-independent tables.

SAP Software Change Registration (SSCR)

Any user in an SAP system who wishes to use the ABAP Workbench to create, modify, or delete Repository
objects, including customer objects, must be registered using the SAP SSCR process. Such users are often
referred to as development users or developers.

The access key is associated with the developer's logon ID and the SAP systems license number.

The developer is prompted for the access key during the initial attempt to create or change a Repository
object.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Chapter 14 SAP System Refresh and System Copy


System Copy

Build a new SAP system similar to Production data

A system copy can be either homogeneous or heterogeneous:

Homogenous System Copy

Both operating system and database system stay the same

Performed in most cases with database-specific procedure

Database-independent procedure could optionally also be used

Heterogeneous System Copy

One of the following is changed during the system copy:

Operating system (in this case, system copy is called OS migration)

Database system (in this case, system copy is called DB migration)

Operating system and database system (in this case, system copy is called OS/DB migration)

Has to be performed with database-independent procedure (with some exceptions for certain OS migrations,
where cross-platform backup-/restore is supported)

Steps followed for System Copy

Homogenous System copy (Database-specific system copy)

You must use the same Oracle release and patch level for your database in the source and target system.
The source and target systems must be binary-compatible.
Note that you can also perform a system copy from 32-bit systems to 64-bit systems and vice versa.

Process Flow on the Source System (Export)

When performing the export you create a MIGRATION EXPORT CD image, which contains the data of
the exported system, and which you use to install the target system.
Run SAPinst on Windows to Perform the Export
Generate the control file structure for the target database
If required, you create an offline backup of the source database

Process Flow on the Target System


SAP NETWEAVER ADMINISTRATION 05/03/2016

Install the target SAP system with SAPinst


Restore the database files on the target system.

UNIX: All directories must be owned by the user ora<target_dbsid>.To achieve this enter the
following command: chown ora<target_dbsid>: dba<directory>

After the backup / restore has finished, return to SAPinst and continue the installation of the target system.
Perform the follow-up activity

Heterogeneous System copy

For a heterogeneous system copy you need to get a migration key


Install JDK and check for version
Introduction
ABAP system

With the SAP installation tool SAPinst, you can export and import your database in a
Database-independent format. SAPinst uses the R3load tool.

R3load generates a database export of all SAP objects that are defined in the ABAP
Dictionary.

Java system

You can use the SAP installation tool SAPinst to export and import your Java database
content, file system, and all configuration in a database-independent format. SAPinst uses
the Jload tool.

Jload generates a database export of all SAP objects that are defined in the Java Dictionary
and archives the configuration and components in the file system.

ABAP + Java system

You can use the SAP installation tool SAPinst to export and import your Java database
content, file system, and all configuration in a database-independent format. SAPinst uses
both the R3load tool and the Jload tool.

R3load generates a database export of all SAP objects that are defined in the ABAP
Dictionary and archives the configuration and components in the file system.

Jload generates a database export of all SAP objects that are defined in the Java Dictionary
and archives the configuration and components in the file system.

Process flow on Source ABAP system, ABAP + Java system (Central System):

Generate the migration key on SAP Service Marketplace at service.sap.com/migration key.


Delete the QCM tables
Generate DDL statements.
SAP NETWEAVER ADMINISTRATION 05/03/2016

To migrate non-standard database objects, you need to generate DDL statements using the
ABAP report SMIGR_CREATE_DDL. You must perform this procedure before starting
SAPinst.

Run SAPinst on Windows to Perform the Export

Process flow on target System, central system, ABAP + Java

Transfer the Export Files to the Target Host

Copy all files and directories (recursively) that are located on the source host in the
migration export directory <EXPDIR> from the source host to the target host.

Install the target system

System Refresh

PRD System refresh is nothing but copying an SAP system to another.


Let us say the system from which copy is being done is called as source system and system in which data to
be copied as target system.

If the target SAP system already exists then this is known as system refresh.

Imagine you have a DEV and a PRD system and after 6 months the data in DEV is very old so you would
perform a client copy SCC8 from PRD to DEV using a profile that copies the application data from PRD to
DEV - it actually deletes the data and replaces it with data from production system

Types of system refresh

Using offline backup


Using online backup

Steps followed for System Refresh

Refresh Activity

Prerequisite

Export of user master and authorizations from all SAP clients on the target system (SCC8)

This step is required because once the source system data is replaced in the target system, the
user and authorization details of target system will be overwritten by source system user master. So,
in case we need to retain target system user master, we have to take backup of the same using SCC8
T-code.

T-code SCC8

Please take snapshots of


Client settings (SCC4)
Logon groups (SMLG)
Processing groups (RZ12)
AL11, SE03 and SM61
SAP NETWEAVER ADMINISTRATION 05/03/2016

Printer details (SPAD)


Operation modes (RZ03, RZ04 and SM63)
RFCs (SM59)
Partner profiles (WE20) and ports (WE21)
Logical systems (BD54)
Services that are active (SICF)

These screenshots are to be captured because after system refresh, we need to check and maintain
the same settings in target system

Using SE01 transaction, create transport request for backing up of AL11, SE03, SMLG,
RZ12(Processing Groups),SM59(RFCs), SM69, SPAD, SM61, RZ03

Refresh activity (Database restoration)

Stop the target SAP system


Perform the System copy (Restore the data from source system to target system)
T-code SCC7

Post-refresh Activity

Install SAP license


Prevent batch job from running by setting all jobs from released to scheduled (using SM37)
Delete old SAP profiles and import new profiles using RZ10 transaction

***********

Chapter 15 SPAM/SAINT

Support Package

A patch is a code-correction for a specific version of an SAP product.

Support Packages are a collection of one or more patches.

The following types of Support Packages are available

SPAM/SAINT Update
Component Support Package (CSP) is valid for one software component (SAP_BASIS, SAP_HR,
SAP_APPL, Add-On Software Component...) and contains quality improvements for Repository and
Dictionary objects in this software component only.
In addition to these improvements, Support Packages for the SAP_HR component also contain adjustments
due to legal changes.

Support Package Manager

The Support Package Manager lets you import SAP Support Packages into your system easily and
efficiently.

To start Support Package Manger use transaction SPAM

Support Package can only be installed in client 000


SAP NETWEAVER ADMINISTRATION 05/03/2016

ABAP support package are Non-cumulative therefore, ABAP Support Packages have to be installed in the
correct order, one after the other

Java support package are cumulative

Modules of SPAM

All activities executed by the import tool run in what are known as phases. These phases are in turn combined
into modules.

These modules have the following properties

They can be executed individually


You can start them as a background process
You can control the start time of the module

Module: Preparation Module

1. PROLOGUE
This phase checks whether you are authorized to import Support Packages.
2. CHECK_REQUIREMENTS
This phase checks various requirements for importing a Support Package, for example, whether
the transport control program tp can log on to your system.
3. DISASSEMBLE
This phase unpacks files from the appropriate EPS parcels and saves them to the transport
directory.
4. ADD_TO_BUFFER
This phase places the queue in the transport buffer of your system.
5. MODIFY_BUFFER
This phase prepares the transport buffer for correct processing of the following import phases
6. TEST_IMPORT
This phase performs a test import for the queue with the transport control program tp. The system
checks whether there are objects that are in open repairs and that are overwritten during the
import, or whether other conditions prevent the import of an object.
7. IMPORT_OBJECT_LIST
This phase imports the object lists for the Support Packages in the queue into the system.
8. OBJECTS_LOCKED_?
This phase checks whether there are objects that are overwritten by the import, and that are still
in unreleased requests.
9. ADDON_CONFLICTS_?
This phase checks whether there are conflicts between objects in the queue and any installed add-
ons.
10. SCHEDULE_RDDIMPDP
This phase schedules the transport daemon (program RDDIMPDP).

Module: Import 1

11. CREATE_VERS_BEFORE
This phase generates versions of the objects that are contained in the Support Packages in the
queue (if this option is set).
12. SPDD_SPAU_CHECK
In this phase, the system checks if a modification adjustment is necessary (transactions
SPDD/SPAU).
13. DDIC_IMPORT
SAP NETWEAVER ADMINISTRATION 05/03/2016

This phase imports all ABAP Dictionary objects in the queue.


14. AUTO_MOD_SPDD
This phase checks whether all modifications to ABAP Dictionary objects can be adjusted
automatically.
15. RUN_SPDD_?
In this phase, you are asked to adjust your modifications to the ABAP Dictionary objects by
calling transaction SPDD.
16. LOCK_EU (only for import mode downtime-minimized)
This phase locks the development environment.
17. INACTIVE_IMPORT (only for import mode downtime-minimized)
This phase imports program code and program texts in an inactive state.
18. DDIC_ACTIVATION
This phase activates the imported ABAP Dictionary objects.

Module: Import 2

19. IMPORT_PROPER
This phase imports all the Repository objects and table entries if they were not already imported
in the INACTIVE_IMPORT phase. This is preceded by actions such as table conversion and
activation of the name tabs.
20. PREPARE_XPRA
This phase prepares the execution of the XPRAs and after-import methods.
21. UNLOCK_EU (only for import mode downtime-minimized)
This phase unlocks the development environment.
22. AUTO_MOD_SPAU
This phase checks whether modifications can be adjusted automatically.
23. XPRA_EXECUTION
This phase executes the XPRAs and after-import methods.
24. ABAP_GENERATION
This phase generates the runtime objects for the imported Repository objects (ABAP source texts
and screens).

Module: Clean Up

25. RUN_SPAU_?
This phase prompts you to adjust your modifications to Repository objects by calling transaction
SPAU.
26. CLEAR_OLD_REPORTS (only for import mode downtime-minimized)
This phase deletes the obsolete versions of program code and program texts in the database.
27. EPILOGUE
This phase completes the import. Among other things, it checks whether the queue has been
processed completely.

Authorization for SPAM

To use all the Support Package Manager functions, you require the following authorizations:

S_TRANSPRT
S_CTS_ADMIN

Both authorizations are in the authorization profile S_A.SYSTEM

Logs in Trans directory


SAP NETWEAVER ADMINISTRATION 05/03/2016

SLOG- This file gives an overall view of all imports running in the SAP System.

ALOG: This file contains individual return codes for all the transport steps performed in the transport
directory.

Add-Ons

SAP Add-ons adds a specific feature to existing SAP System.

SAP offers a wide range of add-ons that you can use to enhance your standard SAP System.

SAP Add-on Installation Tool

SAP Add-On can be installed by a SAP Add-on Installation Tool (SAINT).

To start SAP Add-on Installation Tool use Transaction SAINT.

SAP also offers Preconfigured Systems (PCS), which are also installed with the Transaction SAINT (as of
SPAM/SAINT Update Version 11). A PCS reduces the amount of work needed to install and customize and
industry-specific solution.

Phases in SAINT

This list describes the phases in the order in which SAINT runs:

PROLOGUE
Initializes installation.
CHECK_REQUIREMENTS
Checks the Change and Transport System.
DISASSEMBLE_PATCH
Unpacks the packages.
ADD_PATCH_TO_BUFFER
Creates import buffer for the installation.
IMPORT_OBJECT_LIST
Imports object lists of packages into the database.
OBJECTS_LOCKED_?
Checks if objects to be imported are in open transport requests.
SCHEDULE_RDDIMPDP
Checks if the job RDDIMPDP is scheduled properly.
ADDON_CONFLICTS_?
This phase applies only to add-ons.
Checks for object conflicts with imported packages that exceed the import prerequisites.
If another add-on is already installed, SAINT checks if packages included as import prerequisites for
the add-on being installed conflict with the already installed add-on. It also checks if the new add-on
has direct object conflicts with the add-on already installed.
SPDD_SPAU_CHECK
This phase applies only to add-ons.
Checks if a SPDD/SPAU adjustment is necessary.
DDIC_IMPORT
This phase applies only to add-ons.
Imports the Data Dictionary objects.
AUTO_MOD_SPDD
This phase applies only to add-ons.
Checks if Dictionary objects can be automatically copied.
RUN_SPDD_?
SAP NETWEAVER ADMINISTRATION 05/03/2016

This phase applies only to add-ons.


Starts Transaction SPDD, if necessary.
IMPORT_PROPER
Activates and imports all remaining objects.
AUTO_MOD_SPAU
This phase applies only to add-ons.
Copies the automatically adjustable objects.
RUN_SPAU_?
This phase applies only to add-ons.
Starts Transaction SPAU, if necessary.
EPILOGUE
Registers the add-on

Authorizations required for SAINT

To use all the functions of the SAP Add-On Installation Tool (SAINT), you need the authorizations:

1. S_TRANSPRT
2. S_CTS_ADMIN

Both are in the authorization profile S_A.SYSTEM.

Only assign this authorization profile to the system administration.

***********

Chapter 16 Client copy and client refresh

Client Copy

We can generate a blank client with SCC4.But how to fill the data in the client?

Answer is the client copy.

Client copy means "transferring client specific data" within same instance (SID) or between different
instances (SID).

Client copy can be performed with three different methods -

1. Local client copy.


2. Remote client copy.
3. Client Import/Export.

Local client copy

This method is used to copy client within the same instance (SID).

It is done by T-code SCCL.

Remote Client Copy

This method is used to copy client between different instances (SID).

It is performed by T-code SCC9.

Client Import/Export
SAP NETWEAVER ADMINISTRATION 05/03/2016

This method is used to copy client between different instances (SID).

It is performed by T-code SCC8

Client Copy Pre-steps

Disconnect and lock business users (SU10)

Suspend all background jobs

a. T-code SE38
b. Fill program name with "BTCTRNS1"
c. execute

Rdisp/max_wprun_time

d. Parameter should be changed to 2000 second as a SAP recommendation.


e. Although you use parallel processes and schedule job in background, dialog processes will be used.

Client Copy Steps

Local client copy

Scenario

Source Instance & client: = DKM-000

Target Instance & client: = DKM-202

Create a logical system for Client

T-code BD54
New entries
Create the new entries for the required client. The standard logical system name format is
SIDCLNT<client number>

T-code SCCL.

Select your desired profile


Enter Source client.
Enter Description
The client copy logs are available in SCC3

Note: By default Client Copy is executed as a single process. We will distribute workload of single process to
parallel (multiple) processes which will reduce time in copying a client.

Select go to from menu bar.


Select Parallel Process.

Remote Client Copy

Scenario

Source Instance & client := BD1-101


Target Instance & client := DKM-202

Note: This method uses RFCs.

The network must have good performances in order for the client copy to be as fast as possible.
SAP NETWEAVER ADMINISTRATION 05/03/2016

An RFC must have been declared in sm59 to access the source client.

Using T-code SCC9

Log on to the target system (DKM)


T-code SCC4.
Create a new target client entry (202)
Log on to this new target client with user SAP* and default password "pass"
T-code SCC9.
1. Select your desired profile
2. Enter Source client.
3. Enter Description
4. Start the remote client copy tcode
5. Select the source client (select the right rfc destination) and the copy profile.
6. Schedule the client copy in background
7. The client copy logs are available in scc3.

Client Export / import

Note: The copy is performed in 2 step

The client export during which the source client is exported to files in /usr/sap/trans/data
and cofiles.
The client import during which data is imported in the target client.

Note: You must have enough space in the /usr/sap/Trans file system to perform the client export

Export

Log on to the target system


Create an entry for your new target client using scc4
Log on to the source system / source client.
T-code SCC8
Select the target system and export profile
Schedule the export in background
The transport request containing the client export are then shown
Depending on the chosen export profile there can be up to 3 transport requests created :
Request <S-SID>KO<number> will hold the cross client data,
Request <S-SID>KT<number> will hold the client dependent data,
Request <S-SID>KX<number> will also hold some client dependent data.

Import

Log on to the newly created target client using SAP* and password pass.
Start the STMS transaction
Display the target systems import queue,
Select the transport requests generated by the client export and import theses transport requests on
the target client.
The transport requests will be imported in the following sequence :
<S-SID>KO<number> (client independent),
<S-SID>KT<number> (client dependent),
<S-SID>KX<number> (client dependent).

Note: The system automatically detects these are client export transport requests and
automatically performs the import of the 3 requests.
SAP NETWEAVER ADMINISTRATION 05/03/2016

The import logs can be seen in STMS.

Post import phase

Once the import is done, start the scc7 T-code to perform the post client import actions
Schedule the post import job
The log will be available in scc3.

*************

Chapter 17 SAP Update Process

Database changes made using the SAP update system and passed to an update work process can run either
synchronously or asynchronously.

The mode is specified in the ABAP source code of SAP transactions and cannot be changed dynamically by
the user.

With synchronous updates, the program that outputs the statement COMMIT WORK AND WAIT waits until
the update work process outputs the status of the update. The program can then respond to errors separately.

Synchronous data processing is that in which the program calling the update task waits for the update work
process to finish the update before it continues processing.

In Asynchronous update the calling program does not wait for update work process to finish the update and
continues as normal.

An update is divided into different modules. Each module corresponds to an update function module

V1 modules describe critical or primary changes; these affect objects that have a controlling function in the
SAP system, for example, creation of orders and changes to material stock.

V2 modules describe less critical secondary changes. These are pure statistical updates, for example, such as
result calculations.

SAP Update Configuration and


Administration

Changing parameter for update

T-code SM13
Administration of update system/ T-code
SM14
Parameters tab

Activate and deactivate the update system

Check whether updating is active. One of the following messages is output at the bottom of the initial
screen of the update system:
i) Update is active
ii) Update is inactive
SAP NETWEAVER ADMINISTRATION 05/03/2016

Choose Administration
The graphical alert monitor (transaction RZ20) automatically issues warnings about all update problems.

Maintenance Optimizer
The Maintenance Optimizer leads you through the planning, download and implementation of support
package stacks, which contain a set of support packages for your systems.

You can also install enhancement packages, perform an upgrade, or include enhancement packages in an
upgrade, with the Maintenance Optimizer

The Maintenance Optimizer is connected to the SAP Support Portal of the SAP Global Support Backbone . It
supports you as follows:

It takes you directly to the area of the SAP Software Distribution Center for the product that you have
selected for maintenance, in the SAP Service Marketplace.
You must logon with your S-user.
It reads the download basket of your S-user
You can approve selected items in the download basket for download
You can download the maintenance files provided by the Maintenance Optimizer, with the Download
Manager.

You can get maintenance files in the following ways, with the Maintenance Optimizer:

Manual selection

The Maintenance Optimizer goes directly to the download area of the SAP Software Distribution Center for
the product that you want to maintain.

It approves items in the SAP Software Distribution Center download basket

Automatic calculation

The Maintenance Optimizer determines the files to maintain the selected product system landscape, or the
components to install an enhancement package.

It supports the automatic download of automatically-calculated files for product maintenance in your product
system.

It simplifies the automatic installation of the files calculated for product maintenance in your product system.

Chapter 18 SAP NetWeaver Single Sign-On

Authentication Concepts

Authentication is an element of information security that enables you to protect the confidentiality, integrity
and availability of the information flow, supported by the information systems in your business operations.

Authentication in SAP NetWeaver includes the process of establishing and verifying the identity of a person
or a system component as a prerequisite for allowing the person or system component access to a SAP
NetWeaver server system.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Authentication for SAP GUI Access

User ID and Password Authentication

Information about authentication with user ID and password.

Authentication with SAP shortcuts

Information about authentication aspects when using SAP shortcuts. SAP shortcuts store the
authentication information for SAP systems and enable you to access a specific AS ABAP transaction
directly from your desktop.

Client Certificate Logon for SAP GUI

Information about using client certificates for logon with the SAP GUI.

Kerberos for SAP GUI Authentication

Information about using Kerberos for authentication.

Windows NT LAN Manager (NTLM) Authentication with SAP GUI

Information about using Windows NTLM for authentication.

Authentication for SAP GUI Access

Basic Authentication (User ID and Password)

Logon Tickets

X.509 Client Certificates

SAML 1.x

SAML 2.0

Kerberos

Header Variables

Authentication for SAP GUI using SAP Single-on 2.0

X509

As an alternative to authenticating with a user ID and passwords, users can present X.509 client certificates
for accessing Web applications.

In this case, user authentication takes place using the Secure Sockets Layer (SSL) protocol and users do not
need to interactively enter a password for logon.

Secure Login X.509-Based Solution For SAP Net Weaver Single Sign-On 1.0

Components of Single sign on environment

Sap GUI
SAP NETWEAVER ADMINISTRATION 05/03/2016

Web GUI
Microsoft windows domain
Secure login Server
Secure Login Client
Secure login library (optional)
Windows Active directory

X509 Configuration Architecture

How SSO works


SAP NETWEAVER ADMINISTRATION 05/03/2016

Steps

Log in to windows (Client side ) user is authenticated at windows domain


After login user credential are send to Secure login server
Secure login server verify the user credentials
Secure login server in return provide X509 Certificate to secure login client
Start SAP GUI / Web GUI
Now you can login to AS ABAP server using SNC and user mapping technique
i. Prerequisite Check
1. Windows Active directory server
a. FQDN = ldap-apac.infor.com
b. Domain name = infor.com
2. Check SAP AS java
a. Make sure this server joins the domain infor.com
b. FQDN = usalvwsep73.infor.com
3. Check SAP AS ABAP
a. Make sure this server joins the domain infor.com
b. FQDN = USALVWSEC74UD.infor.com

4. Check Client Machine (Secure Login Client)


a. Make sure this server joins the domain infor.com
b. FQDN : <Client host name>
c.
5. Activate The HTTPS port in AS ABAP and AS JAVA
a. Parameter : icm/server_port_1 = PROT=HTTPS ,
PORT=50004,TIMEOUT=120,PROCTIMEOUT=12
b. T-code SMICM and activate the port
6. Activate the webgui service to access ABAP through HTTP/HTTPS using transaction
SICF
ii. Configuration steps
1. Install secure login server in sap as java
SAP NETWEAVER ADMINISTRATION 05/03/2016

a. Open SLAC (Secure login administration console)


b. Define public key infrastructure (PKI)
i. Create a root CA
ii. Create user ca
iii. Restart the secure login server

2. Create Technical user (including SPN) for Secure Login Server (SPNEGO) in
Microsoft Active Directory.
a. Username: SVCSL-java-ep1
b. Password : never expired, Infor@1234
c. Assign service principal name: http/usalvwsep73.infor.com (e.g)
d. Request CN for same user
3. Configure SPNEGO (keytab) at SAP AS java
a. Open net weaver administration
b. Authentication and Single sign on
i. Configure SPNego using above information

4. On the Client Machine Install Secure login Client


a. Login to SLAC and download the Client policy
b. Install the client policy in to client system
c. Install the secure login client

5. On AS ABAP Configure SNC and user mapping


a. Configure SNC parameter
i. snc/enable : 1/ 0
ii. snc/gssapi_lib : < location of crypto lib >
iii. snc/identity/as : <SNC Name>
iv. Put the same snc name in sap logon pad ABAP server system entry
properties snc configuration
b. Create a user in SAP ABAP
i. Configure the CN given in x509 certificate for that particular user.
ii. Login to the system without username and password.

Chapter 19 SAP BASIS Update Process

Database changes made using the SAP update system and passed to an update work process can run either
synchronously or asynchronously.
SAP NETWEAVER ADMINISTRATION 05/03/2016

The mode is specified in the ABAP source code of SAP transactions and cannot be changed dynamically by
the user.

With synchronous updates, the program that outputs the statement COMMIT WORK AND WAIT waits until
the update work process outputs the status of the update. The program can then respond to errors separately.

Synchronous data processing is that in which the program calling the update task waits for the update work
process to finish the update before it continues processing.

In Asynchronous update the calling program does not wait for update work process to finish the update and
continues as normal.

An update is divided into different modules. Each module corresponds to an update function module

V1 modules describe critical or primary changes; these affect objects that have a controlling function in the
SAP system, for example, creation of orders and changes to material stock.

V2 modules describe less critical secondary changes. These are pure statistical updates, for example, such as
result calculations.

SAP Update Configuration and


Administration

Changing parameter for update

T-code SM13
Administration of update system/ T-code
SM14
Parameters tab

Activate and deactivate the update system

Check whether updating is active. One of the following messages is output at the bottom of the initial
screen of the update system:
i) Update is active
ii) Update is inactive
Choose Administration
The graphical alert monitor (transaction RZ20) automatically issues warnings about all update problems.

Chapter 20 SAP File system


Directory Structure (UNIX)

Standard SAP Directories for an ABAP System (Unicode or Non-Unicode)


SAP NETWEAVER ADMINISTRATION 05/03/2016

Standard SAP Directories for a Dual-Stack (ABAP+Java) System

Standard SAP Directories for a Dual-Stack (ABAP+Java) System (ABAP non-Unicode)


SAP NETWEAVER ADMINISTRATION 05/03/2016

Standard SAP Directories for a Java System (Unicode)


SAP NETWEAVER ADMINISTRATION 05/03/2016

System Directories of an SAP System based on SAP NetWeaver 7.1 and higher:

Directory Description

/<sapmnt>/<SAPSID> Software and data for one SAP system

This directory and its subdirectories need to be physically shared using Network File
System (NFS) and mounted for all hosts belonging to the same SAP system. It contains
the following subdirectories:

o exe

This directory contains executable kernel programs. In an SAP system with distributed
instances, this directory must be shared for all hosts with the same operating system.

Note

Dual-stack (ABAP+Java) system only:

exe contains a folder uc and a folder nuc, each with a platform-specific sub folder:

o /<sapmnt>/<SAPSID>/exe/uc/<platform> is used in Unicode systems.

Executable kernel programs are replicated from this directory to the exe directories of
each Unicode system instance.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Directory Description

o /<sapmnt>/<SAPSID>/exe/nuc/<platform> is used in non-Unicode


systems (see below).

Executable kernel programs are replicated from this directory to the exe directories of
each non-Unicode system instance (see below).

o global

This directory contains log files. In an SAP system with distributed instances, this
directory must be shared for all hosts with the same operating system.

o profile

This directory contains the start and operations profiles of all instances. In an SAP
system with distributed instances, this directory must be shared for all hosts with the
same operating system.

/usr/sap/<SAPSID> Instance-specific data, symbolic links to the data for one system

This directory contains files for the operation of a local instance.

o There is a subdirectory for each instance. Each instance directory has the name
of the related instance.

o The instance names (instance IDs) of anABAP system are as follows:

o Primary application server instance:


DVEBMGS<Instance_Number>

o Additional application server instance: D<Instance_Number>.

o Central services instance for ABAP


(ASCS):ASCS<Instance_Number>

o Enqueue replication server instance


(ERS): ERS<Instance_Number>

The Enqueue replication server instance is only mandatory in a high-availability


system.

o Example

o For an SAP ABAP system with SAP system ID C11, the instances
might look as follows:

o Primary application server instance:DVEBMGS00

o Additional application server instance:D01

o Central services instance for ABAP (ASCS): ASCS02

o Enqueue replication server instance (ERS): ERS03


SAP NETWEAVER ADMINISTRATION 05/03/2016

Directory Description

o The instance names (instance IDs) of an ABAP+Java (dual-stack)


system are as follows:

o Primary application server instance:


DVEBMGS<Instance_Number>

o Additional application server instance: D<Instance_Number>.

o Central services instance for ABAP


(ASCS):ASCS<Instance_Number>

o Central services instance for Java


(SCS):SCS<Instance_Number>

o Enqueue replication server instances (one for the ASCS and


one for the SCS): ERS<Instance_Number>

The Enqueue replication server instances are only mandatory in a high-availability


system.

o Example

o For an SAP ABAP+Java system with SAP system ID C11, the


instances might look as follows:

o Primary application server instance:DVEBMGS00 (the Java EE


Engine is installed in/usr/sap/C11/DVEBMGS00/j2ee)

o Additional application server instance:D01 (the Java EE Engine is


installed in/usr/sap/C11/D01/j2ee)

o Central services instance for ABAP (ASCS): ASCS02

o Enqueue replication server instance (ERS) for the ASCS: ERS03

o Central services instance for Java (SCS): SCS04

o Enqueue replication server instance (ERS) for the SCS: ERS05

o On a primary application server instance with SAP system ID C11 and


instance name DVEBMGS00, the Java EE Engine is installed
in/usr/sap/C11/DVEBMGS00/j2ee.

o The instance names (instance IDs) of a Java system are as follows:

o Application server instance: J<Instance_Number>

o Central services instance for Java


(SCS):SCS<Instance_Number>

o Enqueue replication server instance: ERS<Instance_Number>

The Enqueue replication server instance is only mandatory in a high-availability


SAP NETWEAVER ADMINISTRATION 05/03/2016

Directory Description

system.

o Example

o For an SAP Java system with SAP system ID C11, the instances might
look as follows:

o (Primary) application server instance:J00 (the Java EE Engine is


installed in/usr/sap/C11/J00/j2ee)

o (Additional) application server instance:J01 (the Java EE Engine is


installed in/usr/sap/C11/J01/j2ee)

o Central services instance for Java (SCS): SCS02

o Enqueue replication server instance (ERS) for the SCS: ERS03

o The directory /usr/sap/<SAPSID>/SYS contains soft links to appropriate


directories in/<sapmnt>/<SAPSID>/ for storing data used by several instances.

SYS is logically shared and available on each host of the SAP system. Its
subdirectories contain symbolic links to the corresponding subdirectories
of /<sapmnt>/<SAPSID> on the SAP global host, as shown in the figures above.

Whenever a local instance is started, the sapcpe program checks the executables
against those in the logically shared directories and, if necessary, replicates them
to the local instance.

For more information about sapcpe, see The sapcpe Program documentation.

Executables located in/usr/sap/<SAPSID>/SYS/exe/run are replicated by sapcpe to


the exe subdirectory of the instance directories.

/usr/sap/trans Global transport directory for all SAP systems

The global transport directory is used by the Change and Transport System (CTS). The
CTS helps you to organize development projects in the ABAP Workbench and in
Customizing, and then transport the changes between the SAP systems in your system
landscape. For more information, see the Change and Transport Systemdocumentation.

SAP Kernel Files (Executable files)

R3check this is a tool that can check Cluster-Tables for errors.

R3ldctl The tool for exporting all table structures to the file system during an OS/DB-
Migration.
SAP NETWEAVER ADMINISTRATION 05/03/2016

R3load The table import & export tool of SAP during Installation, Upgrade and Migration.

R3szchk The tool for determine the sizes of the different tables in the target database during the import
in an OS/DB-Migration.

R3ta Split large tables for export and import

R3trans This is the tool, which does the real work for tp, tp controls the import and export of
changes and R3trans does those using scripts, which were generated from tp.

** Latest version of tp and R3trans Available in the SAP Service Marketplace, Released in 24th jan 2015.

SAPCAR SAP Compression and Archiving program

SAPEXEDB_159-20000976.SAR Compressed file containing DB Dependent executables

SAPEXE_159-20000978.SAR Compressed file containing the Database Independent executables

Cfw GUI Control Framework for Abap Objects

Cleanipc Cleans Inter-Process Communications Memory

Db2jcllib.o Rsdb/db2jcl_library parameter

Db2radm Used to configure DB2Connect

Dbadaslib.o Part of lib_dbsl database dependent SQL handler

Dbdb2pwd Create an encrypted DB2 Password File

Dbdb2slib.o Part of lib_dbsl database dependent SQL handler DB2

Dbsdbslib.o Part of lib_dbsl database dependent SQL handler

Dev_sapstart Log file for starting sap

Dipgntab Activation and adjustment of the nametabs with the ABAP Dictionary.

Disp+work Dispatcher & Workprocess The complete Kernel Here the complete ABAP is processed

Dpj2ee Dispatcher for Java

Dpmon Used to get the process overview of an instance in text mode.

Dsrlib.o Distributed Statistics Records

Dw_gui.o Dependent module for Disp+work


SAP NETWEAVER ADMINISTRATION 05/03/2016

Dw_mdm.o Dependent module for Disp+work

Dw_stl.o Dependent module for Disp+work

Dw_xml.o Dependent module for Disp+work

Dw_xtc.o Dependent module for Disp+work

Eg2mon Monitor program for Extended Global Memory Segments (only for support)

Em2mon Monitor program for Extended Memory management (only for support)

Emmon Test program for Extended Memory

Enqt Check and Monitor the Enqueue Lock Table

Enrepserver SAP Enqueue Replication Server

Enserver SAP Enqueue Server

Ensmon Enqueue Server Programs to monitor the Enqueue server and the Enqueue replication servers.

Es2mon Programs to monitor the Enqueue server and the Enqueue replication servers.

Esmon Program to monitor the Enqueue server and the Enqueue replication servers.

Estst Test program for the Extended Memory Segments (only for support)

Evtd This program is able to trigger events within the SAP system. The tp tool uses this feature. It can be
used as trigger for self-written interfaces as well.

Exe_db2.lst The *.lst files are text files used by sapcpe to determine which files to compare/copy on instance
startup.

Gateway.lst The *.lst files are text files used by sapcpe to determine which files to compare/copy on instance
startup.

Gw.properties Gateway processes

Gwmon Program gwmon (at operating system level) or SAP transaction SMGW monitors the SAP
Gateway.

Gwrd Program gwmon (at operating system level) or SAP transaction SMGW monitors the SAP
Gateway.

Icm.properties Tool to monitor and manage the Internet Communication Manager (ICM) from the SAP
System (transaction SMICM).

Icmadmin.SAR Tool to monitor and manage the Internet Communication Manager (ICM) from the SAP
System (transaction SMICM).
SAP NETWEAVER ADMINISTRATION 05/03/2016

Icman Tool to monitor and manage the Internet Communication Manager (ICM) from the SAP System
(transaction SMICM).

Icmbnd Program to bind ports with numbers from 0 to 1023

Icmon Internet Communication Manager (ICM) used for HTTP(S), SMTP based communication
used to monitor and manage the Internet Communication Manager (ICM) from the SAP System (transaction
SMICM).

Instance.lst List of database-independent executables. These executables are valid for all database systems used
by the SAP system.

Instancedb.lst List of database-dependent executables. These executables can only be used with a particular
database system.

Ipclimits Reports IPC memory available to SAP at the OS level

J2eeinst.lst The *.lst files are text files used by sapcpe to determine which files to compare/copy on instance
startup.

Jcmon Program to monitor and manage Java processes

Jcontrol Program to control Java processes

Jenqulib.jar Java Enqueue Library

Jlaunch Program starts the Java processes

Jlogunzip.jar Java Classes used to unzip archives (used from the sapstartsrv)

jperflib.jar J2EE client Jar file

Jstartup.jar Java Startup Frame Work jar file

Jstartupapi.jar J2EE Engine Monitoring API

Jstartupimpl.jar J2EE Monitoring

Ldap_rfc LDAP Connector

Ldappasswd Store LDAP directory user and password

Ldapreg LDAP Registration Service

Lgtst Program to test the message server

Libicudata30.a ICU Common Library Part of the RFC SDK and are used for RFC connections.

Libicui18n30.a ICU Common Library Part of the RFC SDK and are used for RFC connections.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Libicuuc30.a ICU Common Library Part of the RFC SDK and are used for RFC connections.

Libjenqulib.o Part of the RFC SDK and are used for RFC connections.

Libjmon.so JMON Shared Library Part of the RFC SDK and are used for RFC connections.

Libjperflib.so Part of the RFC SDK and are used for RFC connections.

Libregex.o Part of the RFC SDK and are used for RFC connections.

Librfcum.o Dynamic Load Library Part of the RFC SDK and are used for RFC connections.

Libsapcsa.o CSA Shared Library Part of the RFC SDK and are used for RFC connections.

Libsapsecu.o SECU Shared Library SAP seculib library used for default encryption. Its
referenced in the j2ee startup logs in the work directory.

Libsapu16.so Part of the RFC SDK and are used for RFC connections.

Libsapu16_mt.so Part of the RFC SDK and are used for RFC connections.

Mdxsvr MDX Parser for RFC

Memlimits The program memlimits lets you determine how much swap space is currently
available in the host system.

Msclients Shows running instances registered in the Message Server

Msg_server Main Message Server executable

Msmon Message Server Monitor Utility

Msprot Monitor Message Server at the OS level

Niping Program to test the SAP network layer and the SAProuter

Rfcexec The tool to start other programs from within SAP (ABAP) on the OS level via the gateway
on any other (or the same) server.

Rfcexec.sec The tool to start other programs from within SAP (ABAP) on the OS level via the gateway
on any other (or the same) server.

Rfcping Ping the RFC layer

Rscparulib.o Dynamic shared library with code page converter

Rscpf2f Check installed locales for given list of languages.(Created for installation tools. Possibly unused.)

Rscpf3f Find possible system code pages for given list of languages. (Created for installation tools. Possibly
unused)
SAP NETWEAVER ADMINISTRATION 05/03/2016

Rscpf_ars Test program for code page conversion, language handling and locales in combination with
rscparulib.o. (Only for support)

Rscpf_db Test program for code page conversion, language handling and locales. This program will
connect to database and also attached to shared memory of an instance if possible. (Only for support)

Rslgcoll Central System Logging Collector

Rslglscs Show the Syslog specific parts of the shared memory segment SCSA. (Mainly for support)

Rslgsend Central System Logging Sender

Rslgview View SAP Log at the OS level

Rstrcscs Program creates a common memory segment for the SCSA, locates the trace switches block
within it and initializes the trace switches block.

Rstrfile R/3 system trace file tool

Rstrlscs The command rstrcscs r removes that common memory segment again.

Rstrsscs The command rstrsscs allows change to the switch settings in the trace switches block
within the SCSA.

Rsyn.bin For each kernel version of the R/3 System, there exists an appropriate file rsyn.bin which
contains the ABAP/4 syntax description. It describes what to do when compiling an ABAP statement

Sapccm4x CCMS Agent for Abap

Sapccmsr CCMS Agent for Java

Sapcontrol sapcontrol is used to stop/start/monitor the sap instances (for example, from the
sapmc).

Sapcpe This checks that the local executables are up to date each time an SAP instance that
uses local executables is started.

Sapcpeft Parameter file used by sapcpe

Sapcpp46.o Virus Scan Adapter files (Note 964305)

Sapdbmrfc RFC for SAPDB connections

Sapevt This program is able to trigger events within the SAP system. The tp tool uses this feature. It
can be used as trigger for self-written interfaces as well.

Sapexec Call SAP Function Modules

Sapftp FTP Client, that can be used from within the SAP system (from ABAP) to communicate with
other FTP servers.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Saphttp HTTP Client, that can be used from within the SAP system (from ABAP) to communicate with
other HTTP servers e.g. for interfaces.

Sapiconv Program for the conversion of text files

Sapkprotp Relocate a Content Server Repository

Saplicense The Tool for the installation of a new SAP License. This is needed when the license expires
e.g. because of a hardware change.

Sapmanifest.mf Text file that contains the kernel patch level and is read by the JSPM (Java Support
Package Manager).

Sapmanifestdb.mf Text file that contains the database kernel patch level and is read by the JSPM (Java
Support Package Manager).

Sapmscsa SCSA Administration

Saposcol The SAP Interface to the Operating System for Performance Data. The Operating System
Collector collects CPU Usage, Disk Performance, and Paging etc.

Sapparar Reads the SAP Profile

Sappfpar This tool can be used for checking the profiles after changes and before restarting the SAP
system.

Saproot.sh Script to set Root permissions necessary for some kernel programs

Saprouter The program for the Router Connection from customers to SAP and vice versa.

Sapsecin Generation of the PSE (Personal Security Environment)

Sapstart Starts SAP processes

Sapstartsrv Starts SAP processes

Sapuxuserchk The program xuser is a tool from maxdb which stores the logon information to the DB.
This utility program called by sapcontrol which is a program that uses the web service APIs of the ABAP and Java
startup framework to control an instance from the command line.

Sapwebdisp The SAP Web dispatcher is used for load balancing for a setting up an SAP Internet
scenario. It is the only application that needs to be located in the DMZ. Everything behind this can (and should) be
located in your intranet. So, only one port on one IP address needs to be opened to internet and the SAP Web
dispatcher can handle the traffic with the different SAP instances.

Sapxpg Program that starts programs on an external host. The tool for starting OS commands from
within SAP Systems.

Scs.lst The *.lst files are text files used by sapcpe to determine which files to compare/copy on
instance startup.
SAP NETWEAVER ADMINISTRATION 05/03/2016

Scsclient.lst The *.lst files are text files used by sapcpe to determine which files to compare/copy on
instance startup.

Semd A Test Tool used to verify semaphore operations.

Servicehttp the port number where the server should listen for HTTP requests.

Shmd Related to Shared Memory

Showipc Checks shared memory segments

Sldreg SLD registration program

Sldreglib.o SLD registration program

Ssfrfc Secure Store and Forward (SSF)

Startdb Program to start the database

Startj2eedb Program to start the database (Java)

Startrfc The tool is a very easy SAP command line interface to start all of the implemented function
modules of SAP systems.

Startsap Program to start SAP

Stopdb Program to stop the database

Stopj2eedb Program to stop the database (Java)

Stopsap Program to stop SAP

Tp the Transport Tool. This program coordinates the complete import and export of program and
table changes made within the SAP system in order to transport them through the complete System Landscape.

Vscan_rfc Virus Scan Adapter files (Note 964305)

Wdispadmin.SAR Web Dispatcher Administration Interface archive program

Wdispmon Web Dispatcher Monitor program

Webdispinst.lst Web Dispatcher Administration Interface list

Xml63d.o Virus Scan Adapter files (Note 964305)

Expires e.g. because of a hardware change.


Sapmanifest.mf Text file that contains the kernel patch level and is read by the JSPM (Java Support
Package Manager).
SAP NETWEAVER ADMINISTRATION 05/03/2016

Sapmanifestdb.mf Text file that contains the database kernel patch level and is read by the JSPM (Java
Support Package Manager).
Sapmscsa SCSA Administration

Saposcol The SAP Interface to the Operating System for Performance Data. The Operating
System Collector collects CPU Usage, Disk Performance, and Paging etc.

Sapparar Reads the SAP Profile

Sappfpar This tool can be used for checking the profiles after changes and before restarting the SAP
system.

Saproot.sh Script to set Root permissions necessary for some kernel programs
Saprouter The program for the Router Connection from customers to SAP and vice versa.
Sapsecin Generation of the PSE (Personal Security Environment)
Sapstart Starts SAP processes
Sapstartsrv Starts SAP processes

Sapuxuserchk The program xuser is a tool from maxdb which stores the logon information to the DB.
This utility program called by sapcontrol which is a program that uses the web service APIs of the ABAP and Java
startup framework to control an instance from the command line.

Sapwebdisp The SAP Web dispatcher is used for load balancing for a setting up an SAP Internet
scenario. It is the only application that needs to be located in the DMZ. Everything behind this can (and should) be
located in your intranet. So, only one port on one IP address needs to be opened to internet and the SAP Web
dispatcher can handle the traffic with the different SAP instances.

Sapxpg Program that starts programs on an external host. The tool for starting OS commands from
within SAP Systems.

Scs.lst The *.lst files are text files used by sapcpe to determine which files to compare/copy on
instance startup.

Scsclient.lst The *.lst files are text files used by sapcpe to determine which files to compare/copy on
instance startup.

Semd A Test Tool used to verify semaphore operations.


Servicehttp The port number where the server should listen for HTTP requests.
Shmd Related to Shared Memory
Showipc Checks shared memory segments
Sldreg SLD registration program
Sldreglib.o SLD registration program
Ssfrfc Secure Store and Forward (SSF)
Startdb Program to start the database
Startj2eedb Program to start the database (Java)
SAP NETWEAVER ADMINISTRATION 05/03/2016

Startrfc The tool is a very easy SAP command line interface to start all of the implemented function
modules of SAP systems.

Startsap Program to start SAP


Stopdb Program to stop the database
Stopj2eedb Program to stop the database (Java)
Stopsap Program to stop SAP

Tp the Transport Tool. This program coordinates the complete import and export of
program and table changes made within the SAP system in order to transport them through the complete
System Landscape.

Vscan_rfc Virus Scan Adapter files (Note 964305)


Wdispadmin.SAR Web Dispatcher Administration Interface archive program
Wdispmon Web Dispatcher Monitor program
Webdispinst.lst Web Dispatcher Administration Interface list
Xml63d.o Virus Scan Adapter files (Note 964305)

Executables in Directory <drive>:\usr\sap\<SAPSID>\SYS\exe\run

brarchive.exe

brbackup.exe

brconnect.exe

brrecover.exe

brrestore.exe

brspace.exe

brtools.exe

mkszip.exe

uncompress.exe

cpio.exe

mt.exe

dd.exe
SAP NETWEAVER ADMINISTRATION 05/03/2016

Chapter 21 SAP BASIS Monitoring

Chapter 22 SAP BASIS Transaction code