cancel
Showing results for 
Search instead for 
Did you mean: 

SAP System Connectvity with External IP

former_member185327
Active Participant
0 Kudos

Hi All,

We have a Production System in a clustered enviornemnt. Central Instance with a Primary Database and a Secondary Database. There are two Application Servers.

So overall 5 IP Address for 5 servers. There is a requirement from an external system to fetch the files stored in the production system and store to their system. The network team have identified that there will be a requirement of an external ip address to establish the connectivity of the production system.

So will I have to share all the five IP Addresses or just sharing the IP Address of the Central Instance will be enough considering the landscape.

Accepted Solutions (0)

Answers (3)

Answers (3)

Akshay_G
Contributor
0 Kudos

With the requirement of establishing channel b/w your SAP Landscape & External party to exchange IDOCS with the EDI System, you can setup a FTP server (With Public IP) and run scripts to copy the files from SAP Directories to FTP Server and let the outside partner copy from FTP Server.

Why would you want outside party to let have access to your SAP CI Directories and expose over the public IP address directly, you should consider the security vulnerabilities if you really want to go down that road with Web Dispatcher or perhaps implementing a reverse proxy.

-Akshay

former_member185327
Active Participant
0 Kudos

Hi Akshay

The network team advised for a sftp rule external coming in could require a external ip for each SAP Server. And they also wanted to knew that is the solution to use just one SAP Server.

This is the exact feedback I got from the Network Team.

Thanks and Regards

Anurag

former_member185327
Active Participant
0 Kudos

Hi Akshay,

Thanks for your comments. In continuation to your early post I would like to know that being a Basis Consultant should I have to setup this FTP server in AIX or it should be done by the OS Team ?

And regarding the external IP which  the network team has asked for should have to be provided by our side. If so then how ?

Thanks and Regards

Anurag

Akshay_G
Contributor
0 Kudos

Anurag,

OS guys to setup the FTP stuff.

You don't have to provide any IP. SAP Systems IP is not public, just get the FTP server with Public IP and let the outside world connect to FTP using this Public IP and you can connect from SAP to this FTP machine using the Network IP. Hope you get the point now.

Regards,

Akshay

former_member185327
Active Participant
0 Kudos

Hello Akshay,

Thanks for your suggestions.

This is the final architecture plan which is being discussed and is going to be implemented.

1. A web server will be installed inside the Demilitarized Zone.

2. Shared Directory will be created for Dev, Quality and Production respectively with read write and delete access.

3. This folders will be connected to our ECC Appliction Servers and we will pick up the files which will be sent by the EDI Subsystem to that Shared Folders

4.File Transfer Protocol will be SFTP and Port is 22.

Regards

Anurag

Akshay_G
Contributor
0 Kudos

Cool.

Akshay

JPReyes
Active Contributor
0 Kudos

Hi Anurag,

Sorry not enough information here


There is a requirement from an external system to fetch the files stored in the production system

How is the external system connecting to SAP?...  WDSL (SOAP),  IDOC's, etc...??? 

This drastically changes the requirements for the connection


The network team have identified that there will be a requirement of an external ip address to establish the connectivity of the production system

You seem to have an HA system here, so why would you make the connection slave of the CI?

Also, I see no security considerations here?

Regards, Juan

former_member185327
Active Participant
0 Kudos

Hi Juan,

Many thanks for your response

Here is the implementation plan.

We have our ECC system which needs to be connected with EDI subsystem through SFTP (agreed after meeting). The EDI subsystem will be be recieving the XML File from Trading Partner System. Now the EDI subsystem will sent this xml file to our ECC System which will be posted as IDOC files. This is the Inbound flow.

Now the Outbound IDOC File will get generated to a separate directory in our ECC system and the EDI subsystem will be picking up those data and will deliver it to the trading partners. This the outbound flow

Sorry Juan,

You seem to have an HA system here, so why would you make the connection slave of the CI?

Also, I see no security considerations here?

Can you kindly elaborate ?

Sriram2009
Active Contributor
0 Kudos

Hi Das

Is this ECC system configured in Windows Failover cluster or any other OS?

BR

SS

former_member185327
Active Participant
0 Kudos

Our ECC OS System is IBM  AIX 6.1.

Only Solution Manager is of Windows 2008 R2

Sriram2009
Active Contributor
0 Kudos

Hi Das

Thanks for your info

I am not sure I am not sure about AIX HA environment, but I can explain in Windows cluster environment and also all Cluster functions are almost same.

In SAP HA environment three services resource are there in cluster 1. Message server, 2.Database, & 3.ENQ (Based on OS ENQ will differ)

For all the external request should pointing to message server so that whenever message server failover happen all the end-user, RFC (any external system connections) SAP communications will be forward to second node for that reason we have to provide the virtual name or IP address of virtual of the Message server not of the physical nodes.

In SAP HA environment which node holding those three resources acting as CI

Kindly refer the below SAP on Cluster

Regards

Sriram

former_member185327
Active Participant
0 Kudos

Hi Sriram,

Thanks for the article. I am just waiting for the result from the network team as earlier I have already shared only the IP address of the Central Instance.

I will update this discussion once I get a response from the network team.

Regards

Anurag

Sriram2009
Active Contributor
0 Kudos

Hi Das

You have to share the CI virtual name or IP address

Regards

Sriram

former_member185327
Active Participant
0 Kudos

Thank You very much Sriram,

I have replied with the same viewpoint that you have shared. Waiting for their feedback.

Thanks and Regards

Anurag