cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Possibility way to communicate between PI and WebService

Go to solution
Former Member

on ‎01-20-2017 3:01 AM

0 Kudos

Dear All,

Below is my clients requirement.

At present PI, ECC and Siebel (Webservice) are in same network.

Now they are migrating the Siebel system alone to new landscape and their system lie in different network LIA (Limited internet access).

LIA team has requested not to connect PI directly to the webservice, instead use any router in between PI and Webservice due to security reasons.

And Siebel team wants data only through webservice and not to their application or DB directly.
Is there any way to use router/other possibility(Method) for connecting PI and Webservice other than calling SOAP method?

Kindly let me know your valuable feedback to proceed further.

ThankYou

Regards,

Vinoth

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member186851
Active Contributor
‎01-20-2017 3:56 AM
0 Kudos

Hello Vinoth,

It depends on Webservice,If they can pull from any FTP folder .You can write the XML as file and they can pick it up.

Show replies
Show replies
Former Member
‎01-20-2017 4:15 AM
0 Kudos

Hi Raghuraman,

I have already suggested this method.. but siebel team need datas only through weservice.

Regards,

Vinoth

former_member186851
Active Contributor
‎01-20-2017 4:21 AM
0 Kudos

Hello Vinoth,

yes it will be a webservice all from Siebel system if they can pull the data instead of push.

Otherwise they have to enable to connection to hit the WS.

And are the okay with Rest protocol?

Former Member
‎01-24-2017 2:40 AM
0 Kudos

Hi Raghuraman,

Thanks for your reply.

Siebel team wants the data to be pushed from PI and they are not fine with Rest protocol.

Regards,

Vinoth

former_member186851
Active Contributor
‎01-24-2017 3:31 AM

Then the connection has to be opened,even if you make a HTTP call the connection has to be opened to hit the Webservice.

Or in some cases reverse proxy might help

https://help.sap.com/saphelp_nw73/helpdata/en/09/184dff9cf845658091dd141844d0aa/content.htm

Former Member
‎01-24-2017 4:48 AM
0 Kudos

Hi Raghuraman

I checked the link above.. this may suit our requirement..

Could you please share any links or doc related to reverse proxy. I couldnt find how this will be connected between PI and webservice.

Thank you.

former_member186851
Active Contributor
‎01-24-2017 8:02 AM

check if the below link helps

https://wiki.scn.sap.com/wiki/display/ABAPConn/Using+Reverse+Proxies

Former Member
‎01-24-2017 9:22 AM
0 Kudos

Thanks for your help Raghu..

I will study this method and propose this to client.

Regards,

Vinoth

Answers (1)

Answers (1)

iaki_vila
Active Contributor
‎01-24-2017 8:57 AM
0 Kudos

Hi all,

I have not worked with reverse proxies but it seems to be interesting, good idea Raghu.

Another way to do your requirement is to use a SAP web dispatcher to increase the security between PI and the new system outside your DMZ:

https://help.sap.com/saphelp_nw73ehp1/helpdata/en/48/99ac3a7f020e27e10000000a421937/content.htm

The web dispatcher would be transparent for the PI development and you only need to use the URL offer by the SAP web dispatcher and this one would act like a router.

Regards.

Show replies
Show replies
former_member186851
Active Contributor
‎01-24-2017 10:12 AM
0 Kudos

Hello Inaki,

Web dispatcher also acts like a layer right inbetween PI and WS right?

iaki_vila
Active Contributor
‎01-24-2017 10:47 AM

Hi Raghu,

Yes, that is the idea, the SAP WD is the only point to connect to the internet, in this way you can increase you security. All the PI connections with internet could go via SAP WD, another solution could be to install an Apache or similar.

The only disadvantage, in my opinion, is that you have one more layer or system that could fail.

On the other way ,i will read you recommendation about reverse proxy, i didn´t know this feature. Always, i can learn something in this forum. 🙂

Regard.

Former Member
‎01-25-2017 9:19 AM
0 Kudos

Hi Inaki,

Thanks for your reply.. I have checked this SAP Web Dispatcher. This can be done in PI 7.11?

Below mentioned options are not available in Web Dispatcher, But its available in Reverse Proxy.

  • Authentication and single-sign-on (SSO)
  • Authorization of resource access per user

Siebel system may compromise for web attacks, Since PI is connected to the WebService (FIrst Tire Architecture) in internet then whole system in intranet will be in trouble.

Still we can go with Web Dispatcher even it does not have "Sophisticated application firewall features against web-based attacks"?

Thank you.

Regards,

Vinoth

iaki_vila
Active Contributor
‎01-25-2017 12:32 PM
0 Kudos

Hi Vinoth,

Check first this blog https://blogs.sap.com/2015/03/09/webdispatcher-faq/

Sophisticated application firewall features against web-based attacks

I recommend to you to read carefully:

https://help.sap.com/saphelp_nw70/helpdata/en/dd/06abeb76ef40868425940a5f6741f4/content.htm

https://help.sap.com/saphelp_nw74/helpdata/en/a1/5342ea0a4a4394adda45b522b3c13d/content.htm

The note https://launchpad.support.sap.com/#/notes/870127/E


You can avoid Dos attack, interception of the password, etc. I don't know the level of sophistication is the minimum that you need.

Authentication and single-sign-on (SSO)

AFAIK it is allowed

https://wiki.scn.sap.com/wiki/display/SI/Configuring+the+SAP+Web+Dispatcher+to+trust+the+backend+sys...

Authorization of resource access per user

You can avoid the access to resources of the endsytems and determinated paths. Per user?, i am not sure of this, however if you only have access via web dispatcher to the PI, you can use PI ACLs to restrict the access to you sender soap channels to the users that you want.

Regards.

Ask a Question