Skip to Content
0

Inbound and Outbound secured VPN connection from third party to SAP PI single stack system

Oct 21, 2016 at 09:15 AM

267

avatar image

Hi All,

We are using single stack sap pi system and right now we have interfaces both inbound and outbound connected to third party via SFTP server.

But now client wants to use Secured VPN connection between third party and SAP PI.

Third party has sent us the certificate, their IP address and URL.

My questions are:

1. What sender and receiver communication channel(Adapters) do we need to use here?

2. I understand that we need to install their certificate in our system. Do we need to share our certificate also?

3. How do I start with this development?

Thanks,

Richa.

10 |10000 characters needed characters left characters exceeded

Please can anybody give inputs on the above question.

0
* Please Login or Register to Answer, Follow or Comment.

7 Answers

Best Answer
Raghuraman S Oct 24, 2016 at 07:25 AM
0

Hello Richa,

At the serve level you should open connection from both the PI systems.

Certificates can be generated at any of the PI systems and can be used.

And yes Soap Receiver channel should be used to establish connection.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Raghuraman,

I will ask my Basis to open the ports and establish the connection between two PI systems at the server level and also to install the certificate.

As there are both inbound and outbound interfaces for this I should use both sender and receiver soap adapters right?

Is there anything else I need to know about this?

0
Raghuraman S Oct 21, 2016 at 11:48 AM
0

Hello Richa,

Will the certificate help you to establish connection to Third party .

If yes get the SFTP server details from client and you establish SFTP connection from SAP PI and place the files in the SFTP directory.

Also check what is the certificate format?

Adapter seleciton depends on how and where you want to send the data.

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Oct 21, 2016 at 12:23 PM
0

Hi Richa,

VPN tunneling is type of network used to communicate to the third party.

  • VPN tunneling use Point-to-Point Tunneling Protocol (PPTP) which sends the packets via private network.
  • Where as TCP/IP traffic over a public network such as Internet

So they are changing the network which they want to communicate between third party and PI server, so you still need to use the same SFTP adapters to communicate.

About certificates there is two ways to authenticate via SFTP

  • One is password based authentication which you no need to have certificates.
  • Certificate based authentication which you need certificates.

Check section 4 about certificates.

How To Configure SFTP Adapter in SAP PI

Regards,

Praveen.

Share
10 |10000 characters needed characters left characters exceeded
Manoj K Oct 21, 2016 at 12:12 PM
0

Richa,

I guess they have given you the private key make sure you convert that into .p12 or .p8 format before importing it into NWA as NWA supports only .p12 /.p8.

You need to use SFTP adapter only.

There is no need to share your certificate As SFTP authentication takes place by Private/Public key that is enough.

Br,

Manoj

Share
10 |10000 characters needed characters left characters exceeded
Richa Shrivastava Oct 24, 2016 at 07:14 AM
0

Thank you all for the above suggested things.

Today when I had a discussion with third party, they told they have another PI system in their landscape and now they want to communicate from their PI to our PI through webservice and that too a secured VPN connection.

Earlier we used to communicate through SFTP, but now they want webservices to communicate and gave us the URL link, IP address and the certificate. So, I think I need to install their certificate in my PI system and use the SOAP adapter. Am I correct?

Thanks,

Richa

Share
10 |10000 characters needed characters left characters exceeded
Richa Shrivastava Oct 24, 2016 at 09:53 AM
0

Hi Raghuraman,

I will ask my Basis to open the ports and establish the connection between two PI systems at the server level and also to install the certificate.

As there are both inbound and outbound interfaces for this I should use both sender and receiver soap adapters right?

Is there anything else I need to know about this?

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Oct 24, 2016 at 02:33 PM
0

Hi Richa,

Yes you can use SOAP adapter in both directions.

For soap sender communication you need to provide your public certificate to third party then they can install your certificate in their NWA to communicate to your system via soap adapter.

For soap receiver communication you need to get their public certificate and import into TrustedCAs key storage in NWA->Configuration->Certificates and Keys.

Regards,

Praveen.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Thank you Praveen for the suggestions.

0