on 09-30-2014 1:15 PM
Hi All,
We have a Production System in a clustered enviornemnt. Central Instance with a Primary Database and a Secondary Database. There are two Application Servers.
So overall 5 IP Address for 5 servers. There is a requirement from an external system to fetch the files stored in the production system and store to their system. The network team have identified that there will be a requirement of an external ip address to establish the connectivity of the production system.
So will I have to share all the five IP Addresses or just sharing the IP Address of the Central Instance will be enough considering the landscape.
With the requirement of establishing channel b/w your SAP Landscape & External party to exchange IDOCS with the EDI System, you can setup a FTP server (With Public IP) and run scripts to copy the files from SAP Directories to FTP Server and let the outside partner copy from FTP Server.
Why would you want outside party to let have access to your SAP CI Directories and expose over the public IP address directly, you should consider the security vulnerabilities if you really want to go down that road with Web Dispatcher or perhaps implementing a reverse proxy.
-Akshay
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Akshay,
Thanks for your comments. In continuation to your early post I would like to know that being a Basis Consultant should I have to setup this FTP server in AIX or it should be done by the OS Team ?
And regarding the external IP which the network team has asked for should have to be provided by our side. If so then how ?
Thanks and Regards
Anurag
Anurag,
OS guys to setup the FTP stuff.
You don't have to provide any IP. SAP Systems IP is not public, just get the FTP server with Public IP and let the outside world connect to FTP using this Public IP and you can connect from SAP to this FTP machine using the Network IP. Hope you get the point now.
Regards,
Akshay
Hello Akshay,
Thanks for your suggestions.
This is the final architecture plan which is being discussed and is going to be implemented.
1. A web server will be installed inside the Demilitarized Zone.
2. Shared Directory will be created for Dev, Quality and Production respectively with read write and delete access.
3. This folders will be connected to our ECC Appliction Servers and we will pick up the files which will be sent by the EDI Subsystem to that Shared Folders
4.File Transfer Protocol will be SFTP and Port is 22.
Regards
Anurag
Hi Anurag,
Sorry not enough information here
There is a requirement from an external system to fetch the files stored in the production system
How is the external system connecting to SAP?... WDSL (SOAP), IDOC's, etc...???
This drastically changes the requirements for the connection
The network team have identified that there will be a requirement of an external ip address to establish the connectivity of the production system
You seem to have an HA system here, so why would you make the connection slave of the CI?
Also, I see no security considerations here?
Regards, Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Juan,
Many thanks for your response
Here is the implementation plan.
We have our ECC system which needs to be connected with EDI subsystem through SFTP (agreed after meeting). The EDI subsystem will be be recieving the XML File from Trading Partner System. Now the EDI subsystem will sent this xml file to our ECC System which will be posted as IDOC files. This is the Inbound flow.
Now the Outbound IDOC File will get generated to a separate directory in our ECC system and the EDI subsystem will be picking up those data and will deliver it to the trading partners. This the outbound flow
Sorry Juan,
You seem to have an HA system here, so why would you make the connection slave of the CI?
Also, I see no security considerations here?
Can you kindly elaborate ?
Hi Das
Thanks for your info
I am not sure I am not sure about AIX HA environment, but I can explain in Windows cluster environment and also all Cluster functions are almost same.
In SAP HA environment three services resource are there in cluster 1. Message server, 2.Database, & 3.ENQ (Based on OS ENQ will differ)
For all the external request should pointing to message server so that whenever message server failover happen all the end-user, RFC (any external system connections) SAP communications will be forward to second node for that reason we have to provide the virtual name or IP address of virtual of the Message server not of the physical nodes.
In SAP HA environment which node holding those three resources acting as CI
Kindly refer the below SAP on Cluster
Regards
Sriram
Hi Das
You have to share the CI virtual name or IP address
Regards
Sriram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.