Skip to Content
author's profile photo Former Member
Former Member

Connection open to SAP support

Hi ;

I want to give access of my servers to SAP for this i have opened the connection to our servers.

Now when SAP support persons try to connect they receive a message SNC connection failed.

In Marketplace from its showing the connection as open but why the SNC connection is getting failed.

Please help me in rectifying the problem.

Thanks and regards

Tushar Pathak

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jul 31, 2008 at 06:43 AM

    Hi Tushar,

    This will help you.

    Hi,

    SAProuter/SNC via Internet

    u2022 SNC secured SAProuter u2013 SAProuter connections are established between SAP and the customeru2019s SAProuter to provide data confidentiality and integrity services. These SNC connections complement the leased lines in the current SAPNet R/3 Frontend environment. State-of-the-art encryption, authentication, and access control technology will be employed. No additional hardware compared to a leased-line setup is required at either end of the connection.

    u2022 Customers are required to install a SAProuter with an official, static IP address (DHCP Addresses will not work) running SNC inbound and outbound connection to SAP at their end of the connection in a Demilitarized Zone. This SAProuter must be accessible from the Internet. All service connections between SAP and the customer must be made over the respective SAProuters.

    u2022 Certificates needed are available on the SAP Service Marketplace.

    Requirement:-

    Internet connection: recommended

    minimum bandwidth = 64 kbps

    SAProuter machine

    Official IP address (static) for the SAProuter host.

    SAProuter installation package

    SAP SNC libraries and executables.

    These may be downloaded from the SAP Service Marketplace.

    A Demilitarized Zone at the customer site with a minimal setup as described in the networking section at: http://service.sap.com/SYSTEMMANAGEMENT Choose: Security > Technical Track

    SAP Security Guide.

    More information on SNC connections is also available in the SAP Service Marketplace.

    Since the host running the SAProuter software is a full computer with operating system, the security at the operating system level must be hardened in order to minimise the risk of the machine being hacked from the Internet. One recommendation will be for example to run a C2 security level compliant operating system. SAP takes no liability if the security of the companyu2019s network is compromised.

    Other networking equipment (routers and hubs) needed to form the network at the customeru2019s premises

    Comparisions

    Property SAProuter / SNC via Internet

    Hardware requirements Firewall + SAProuter host in DMZ

    Software SAProuter starting from NI version 35

    SAPSECULIB can be obtained from the Service Marketplace

    Network addresses (besides address of Internet router, firewall, u2026) 1 official static IP address for SAProuter

    Configuration issues Careful setup of saprouttab necessary for security. Saprouttab influences security strongly as access is controlled via saprouttab and firewall.

    Encryption By software

    Encrypted data TCP packets

    Only the data stream between SAProuters is encrypted

    Encryption is handled on Application layer (OSI network layer 7)

    Minimum required free bandwidth 64 kbit/s but may work also with

    32 kbit/s

    Supported services on SAP side All except FTP (files download)

    Key management Digital certificates being requested via Service Marketplace Public Key Infrastructure (PKI)

    Key storage In file system

    Operating system SAProuter resides on a computer

    therefore it is necessary to harden the security at the operating system level (for example, C2 level OS) to minimize the risk of the machine being hacked from the Internet

    Additional expertise SAProuter knowledge usually available, SNC configuration requires additional knowledge

    Standards Based on SNC, SAP proprietary standard

    Contributing to costs u2022 Firewall hardware and software

    u2022 Firewall administration costs

    u2022 No additional license fee for security library based on SECUDE

    Regards

    Ashok

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jul 31, 2008 at 05:02 AM

    Hi,

    Have you installed your SNC Router?

    If so check your router start string, Try to download a note from

    SNOTE adn see if it works then check your router log or trace file what it says.

    Regards,

    Vamshi.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.