Skip to Content

Firewall Ports for HANA 2.0 Tenant

Dear experts

We have a HANA 2.0 with a Tenant Database.

The hosts of the HANA 2.0 Installation has an internal IP Address.

Adding the System DB and the Tenant DB to HANA Studio inside our local network is possible.

Now we configured the firewall to allow external access and published ports 3xx13 - 3xx15 and configured a rule that routes the incoming traffic to the HANA 2.0 System (Firewall Rule Public IP Port 3xx13 - 3xx15 -> HANA Internal IP Address Port 3xx13- 3xx15)

Adding the system DB to the HANA Studio using the public IP Address is possible but adding the Tenant HT1 will not work because the internal IP address is being queried.

Of course that the internal IP Adress is not accessible outside our network.

A workaround would be to use a VPN but I was wondering if it’s douable without VPN (only configuring the firewall for external access).

Any thoughts ?

Cheers

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Sep 28, 2017 at 08:43 AM

    Please check following guide about the ports range for HANA tenant database:

    https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.00/en-US/440f6efe693d4b82ade2d8b182eb1efb.html

    You can also determine the ports used by the tenant, by executing following script (execute from tenant database):

    SELECT SERVICE_NAME, PORT, SQL_PORT, (PORT + 2) HTTP_PORT FROM SYS.M_SERVICES WHERE
    ((SERVICE_NAME='indexserver' and COORDINATOR_TYPE= 'MASTER') or (SERVICE_NAME='xsengine'))
    Add comment
    10|10000 characters needed characters exceeded

  • Sep 30, 2017 at 04:00 AM

    This sounds a lot like the configuration issue that was faced by users of HANA Express Edition on Google Cloud.

    Check https://blogs.sap.com/2017/03/08/google-app-engine-meets-sap-hana-express-edition/comment-page-1/#comment-369411

    It boils down to setting a global.ini parameter for mapping 'localhost' to the desired IP address.

    ALTER SYSTEM ALTER CONFIGURATION (‘global.ini’, ‘SYSTEM’)
    SET (‘public_hostname_resolution’, ‘map_localhost’) = ‘xx.xx.xx.xx’ 
    WITH RECONFIGURE;
    Add comment
    10|10000 characters needed characters exceeded

    • Ok, can you check what is actually set in the instance right now?

      select * from "PUBLIC"."M_HOST_INFORMATION"
      where key like 'net%';
      
      select * from "PUBLIC"."M_INIFILE_CONTENTS" 
      where  
          file_name='global.ini'
      and section ='public_hostname_resolution';
      
  • Oct 09, 2017 at 09:18 AM

    I've attached 2 screenshots for better understanding (I had to mask the real info due to well known reasons)

    m-host-information.png

    Add comment
    10|10000 characters needed characters exceeded

    • Ok, at this point I think it would be easier to open a support issue - this back and forth via comments is not very efficient.

      Also, if the tenant crashes, typically there's information on that in the corresponding indexserver tracefile. Reviewing that would be my next step of analysis.