Skip to Content
0

Possibility way to communicate between PI and WebService

Jan 20, 2017 at 03:01 AM

157

avatar image

Dear All,

Below is my clients requirement.

At present PI, ECC and Siebel (Webservice) are in same network.

Now they are migrating the Siebel system alone to new landscape and their system lie in different network LIA (Limited internet access).

LIA team has requested not to connect PI directly to the webservice, instead use any router in between PI and Webservice due to security reasons.

And Siebel team wants data only through webservice and not to their application or DB directly.
Is there any way to use router/other possibility(Method) for connecting PI and Webservice other than calling SOAP method?

Kindly let me know your valuable feedback to proceed further.

ThankYou

Regards,

Vinoth

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Raghuraman S Jan 20, 2017 at 03:56 AM
0

Hello Vinoth,

It depends on Webservice,If they can pull from any FTP folder .You can write the XML as file and they can pick it up.

Show 7 Share
10 |10000 characters needed characters left characters exceeded

Hi Raghuraman,

I have already suggested this method.. but siebel team need datas only through weservice.

Regards,

Vinoth

0

Hello Vinoth,

yes it will be a webservice all from Siebel system if they can pull the data instead of push.

Otherwise they have to enable to connection to hit the WS.

And are the okay with Rest protocol?

0

Hi Raghuraman,

Thanks for your reply.

Siebel team wants the data to be pushed from PI and they are not fine with Rest protocol.

Regards,

Vinoth

0

Then the connection has to be opened,even if you make a HTTP call the connection has to be opened to hit the Webservice.

Or in some cases reverse proxy might help

https://help.sap.com/saphelp_nw73/helpdata/en/09/184dff9cf845658091dd141844d0aa/content.htm

1

Hi Raghuraman

I checked the link above.. this may suit our requirement..

Could you please share any links or doc related to reverse proxy. I couldnt find how this will be connected between PI and webservice.

Thank you.

0
1
Show more comments
Iñaki Vila Jan 24, 2017 at 08:57 AM
0

Hi all,

I have not worked with reverse proxies but it seems to be interesting, good idea Raghu.

Another way to do your requirement is to use a SAP web dispatcher to increase the security between PI and the new system outside your DMZ:

https://help.sap.com/saphelp_nw73ehp1/helpdata/en/48/99ac3a7f020e27e10000000a421937/content.htm

The web dispatcher would be transparent for the PI development and you only need to use the URL offer by the SAP web dispatcher and this one would act like a router.

Regards.

Show 4 Share
10 |10000 characters needed characters left characters exceeded

Hello Inaki,

Web dispatcher also acts like a layer right inbetween PI and WS right?

0

Hi Raghu,

Yes, that is the idea, the SAP WD is the only point to connect to the internet, in this way you can increase you security. All the PI connections with internet could go via SAP WD, another solution could be to install an Apache or similar.

The only disadvantage, in my opinion, is that you have one more layer or system that could fail.

On the other way ,i will read you recommendation about reverse proxy, i didn´t know this feature. Always, i can learn something in this forum. :)

Regard.

2

Hi Inaki,

Thanks for your reply.. I have checked this SAP Web Dispatcher. This can be done in PI 7.11?

Below mentioned options are not available in Web Dispatcher, But its available in Reverse Proxy.

  • Authentication and single-sign-on (SSO)
  • Authorization of resource access per user

Siebel system may compromise for web attacks, Since PI is connected to the WebService (FIrst Tire Architecture) in internet then whole system in intranet will be in trouble.

Still we can go with Web Dispatcher even it does not have "Sophisticated application firewall features against web-based attacks"?

Thank you.

Regards,

Vinoth

0

Hi Vinoth,

Check first this blog https://blogs.sap.com/2015/03/09/webdispatcher-faq/

Sophisticated application firewall features against web-based attacks

I recommend to you to read carefully:

https://help.sap.com/saphelp_nw70/helpdata/en/dd/06abeb76ef40868425940a5f6741f4/content.htm

https://help.sap.com/saphelp_nw74/helpdata/en/a1/5342ea0a4a4394adda45b522b3c13d/content.htm

The note https://launchpad.support.sap.com/#/notes/870127/E


You can avoid Dos attack, interception of the password, etc. I don't know the level of sophistication is the minimum that you need.

Authentication and single-sign-on (SSO)

AFAIK it is allowed

https://wiki.scn.sap.com/wiki/display/SI/Configuring+the+SAP+Web+Dispatcher+to+trust+the+backend+system+SSL+certificate

Authorization of resource access per user

You can avoid the access to resources of the endsytems and determinated paths. Per user?, i am not sure of this, however if you only have access via web dispatcher to the PI, you can use PI ACLs to restrict the access to you sender soap channels to the users that you want.

Regards.

0