SAP Web Dispatcher as reverse proxy for SMP3
As of SMP3 SP07 you can use SAP Web Dispatcher as a reverse proxy for SMP3. Depending on your landscape, this simplifies A LOT your architecture. And you can reuse your WD knowledge and gain support from SAP. Installing the WD is done as usual, with one caveat: you have to inform the commonlib which TLS to use:
ssl/ciphersuites = 896:HIGH
ssl/client_ciphersuites =896:HIGH
With this, WD can connect to SMP3 using TLS. While this may look strange, it actually is necessary as SMP3 uses some high TLS security.
To understand better what these two parameters do, take a look at the Commonlib + WD SAP Note: 510007
A complete sample profile from a WD running on Windows
SAPSYSTEMNAME = WDP
SAPSYSTEM = 00
DIR_INSTANCE = C:\<dir>\SAPWDSMP3
DIR_EXECUTABLE = $(DIR_INSTANCE)
DIR_PROFILE = $(DIR_INSTANCE)
DIR_HOME = $(DIR_INSTANCE)
Autostart = 1
Restart_Program_00 = local $(DIR_EXECUTABLE)/sapwebdisp$(FT_EXE) pf=$(DIR_PROFILE)/sapwebdisp.pfl
wdisp/ssl_auth=0
wdisp/system_0 = SID=SMP, SSL_ENCRYPT=0, EXTSRV=http://smp3.tobias.de:8080, SRCSRV=*:9080, SRCURL=/, STICKY=true
wdisp/system_1 = SID=SEC, SSL_ENCRYPT=1, EXTSRV=https://smp3.tobias.de:8081, SRCSRV=*:9081, SRCURL=/, STICKY=true
wdisp/system_1 = SID=SEC, SSL_ENCRYPT=1, EXTSRV=http://smp3.tobias.de:8082, SRCSRV=*:9082, SRCURL=/, STICKY=true
icm/server_port_0 = PROT=HTTP,PORT=9080
icm/server_port_1 = PROT=HTTPS,PORT=9081
icm/server_port_2 = PROT=HTTPS,PORT=9082,VCLIENT=2
ssl/ciphersuites = 896:HIGH
ssl/client_ciphersuites =896:HIGH
icm/max_conn = 2000
icm/max_sockets = ($(icm/max_conn) * 2)
icm/req_queue_len = 6000
icm/min_threads = 10
icm/max_threads = 500
mpi/total_size_MB = (min(0.06 * $(icm/max_conn) + 50, 2000))
mpi/max_pipes = ($(icm/max_conn))
wdisp/HTTP/max_pooled_con = ($(icm/max_conn))
wdisp/HTTPS/max_pooled_con = ($(icm/max_conn))
icm/server_port_3 = PROT=HTTPS,PORT=4300
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,PORT=4300,DOCROOT=./admin,AUTHFILE=icmauth.txt
0 Comments