To be able to install EA Designer in HXE, you first need to copy the eadesigner.tgz file to your HXE server. SAP is not making the file available as a free available standalone download. You get the file with the HXE downloader.
First “problem” to solve is how to get the file on your HXE. In my case: a VM running on Proxmox.
If you have the eadesigner.tgz file on your laptop, and HXE server is in the same network as you are (e.g. WLAN), you can copy the file using scp. As an alternative, you can host the eadesigner.tgz file on an HTTP server and download it from there. For tomcat, copy the file eadesigner.tgz to the root directory and start tomcat.
Copy file to: webapps/ROOT
Start tomcat: ./bin/startup
SAP Web Dispatcher is an important component in a SAP landscape. While have been treated as optional for many years and found mainly in SAP Portal scenarios, with the increase adoption of Fiori, having a reverse proxy in the landscape is becoming pre-requisite. While it’s possible to choose from a wide range of alternatives of servers for a reverse proxy, SAP`s Web Dispatcher is normally always the best fit in a SAP landscape. A question that sometimes arises is how to install Web Dispatcher.
First you settle on what version of Web Dispatcher (WD) to install. SAP Note 908097 states that you should go for the latest version. “Version 7.49 is the recommended SAP Web Dispatcher version for all backend systems.”
The actual installation gives you two options:
The easy alternative is to simply un-sapcar the WD SAR file downloaded from Service Marketplace into a directory. To run WD, it`s then just to bootstrap it or run it with a given profile file. This installation method gives you a up and running WD in just one minute. The problem is that the files are all in one directory and not in the “official” directory structure of a normal SAP installation. But you get something like a portable WD installation: zip the directory and you can copy it to another server and can run WD from there.
The recommended alternative ensures that the WD is installed like a normal SAP product: all files follow the normal directory structure, etc. Installation is done using SWPM. Important when you are going to do some advanced configuration like PSE encryption, CryptoLib installation, etc. I`ll try to show how to install SAP Web Dispatcher the recommended way.
Download the needed software. It`s SWPM, Web Dispatcher, SAPCAR and HOSTAGENT.
SAP Web Dispatcher 7.49 PL 112
SAP Host Agent 7.21
After you have downloaded all software, you have four files, summing up to almost 900 MB.
In a Unix environment, your WD system won`t have a graphical user interface and access to the system is given by SSH. This kind of environment can perfectly be emulated using Docker. Note: the SAR files need to be copied over to the target host.
There are several Linux images available for Docker. Let`s use Debian for this.
After running the Docker image, you have the files on the Linux system up and running, the Web Dispatcher and sapinst files available. Web Dispatcher is not yet installed. This is done by using sapinst. To run the installation, you`ll have to connect to sapinst using a different computer (most cases: your laptop). Let`s call the Docker container the target, and your computer the client.
I use Kitematic and to log on to my docker container, I just click on the EXEC button.
Logon to Docker container:
The log on from shell, the command is something like this:
To work properly, sapinst must be started as root. You then connect to it and log on. The logon is done by default with the user id running sapinst. Problem is that with the Docker images you do not know the root password. Same for environments where root access is only provided to a few or via sudo. You need to enable sapinst to run as root, but allow a different user (like <sid>adm) to log on. You achieve this by providing a parameter to sapinst informing the OS user allowed to log on remotely. The process is then:
Run sapinst as root (or sudo)
Connect to it informing a OS user (wddadm)
The needed parameter can be retrieved by letting sapinst show all available parameters. More information available in SAP Note 1745524 and at SAPinst central note.
Run sapinst in Docker
Provide the <sid>adm user as a property to sapinst.
Start sapinstgui and connect to the target server on port 21212.
Inform the host name or IP address. In my case, it is 192.168.0.16. The port is the default sapinst port 21212.
Accept the fingerprint. You can check the fingerprint with the one printed by sapinst on the target server to be extra sure you are connecting to the right server.
Authenticate. You`ll need to provide the user id and password of the user running sapinst on the target host. In my case, the user is wddadm with password whatever. This is defined in the Dockerfile when the user is created.
sapinst output in Docker:
Logon on using wddadm / whatever
After a successful logon, sapinst will start. Current setup is not supported by SAP. For a production case this is a no-go, for my personal use case this is totally acceptable.
Sapinst shows the list of installable software options available. Web Dispatcher can be found at the end of the list.
Selecting SAP Web Dispatcher will start the installation.
Inform the path on the target server where the SAR files for SAP Web Dispatcher and SAP Host Agent can be found.
The files were copied into the container during the execution of the Dockerfile. All files are located at /home/wddadm.
If all packages are found, validated and added as considered valid for the installation.
Debian in Docker for sure won`t pass all the pre-requirements check build into SWMP. You`ll get a warning message, but SWMP won`t stop the installation. Select No. Seems that inside Docker, checking for the available free space is not working correctly.
Web Dispatcher configuration
Don’t worry, the system must not be accessible, yet exist. It’s just informing the bootstrap parameters. In my case, I am using a system that is not available, and it worked. Just be aware that in case the backend system changes, or isn’t even a ABAP system, like SMP3, you need to configure the Web Dispatcher profile manually.
The last step is to start Web Dispatcher. You can follow this on the console log of sapinst on the target server
If all worked, you get a confirmation message and the installation finishes.
SAPinst on the client host ends and so does it on the target host.
This gives you the time to validate the installation and check if all files are correctly installed.
A new user sapadm was created
Web Dispatcher is installed under /sapmnt and instance is found in folder /usr/sap
This is perfectly aligned with the default locations of a SAP instance, and way better than simply putting all files into the same folder when unzipping the SAR. Especially when you consider that you may have to open a CSS ticket to SAP in your production environment or have new consultants arriving that expect the files to be located at the default location.
SAP Host Agent
The host agent was started and is running.
Start and stop Web Dispatcher
Starting and stopping Web Dispatcher via stopsap and startsap is working
Admin web interface
The admin port of Web Dispatcher is listening by default on port 44300.
Check that Personas 3 add-on and SP01 and SP02 are already installed. SP03 is a support package, therefore SPAM is used to install it.
User: user with right permissions
Check that SPAM status is green and no queue is defined.
Upload SAR file: Support Package -> Load packages -> From Front End
Check the uploaded package. Select new support package under directory and then display.
The status needs to be yellow (not yet imported) and the perquisite set 01 all must be green and ok.
Select the package and click on Queue to define a new queue.
This SP03 is not protected with a password.
Select No. This brings you back to SPAM main screen. The status is now yellow and next action is given as import queue.
Import queue. Go to: Support Package -> Import queue.
You can now go get a coffee or follow the status messages in the status bar.
At the end of the import, a dialog is shown. It should be a nice “success!!” dialog, I got this:
What happened is that I applied a Personas 3 note that changed some standard objects. The dialog is SAP’s polite reminder to check if I want to keep these changes or discard them and let Personas 3 SP03 overwrite them. I want to not keep them and let Personas 3 use its own repository objects, so I selected continue. At the end you’ll see a short walkthrough what you should do (analyse the stuff, etc), although this isn’t possible in my demo system, as I do not have a SAP Note connection – something needed to run the validation.
Status is now: Confirm queue
You can and want, please send the data back to SAP.
SPAM finished updating Personas 3 to SP02 and the status is green -> all OK.
Check the installed Personas 3 version.
Personas 3 SP03 is installed.
When installing Personas, for sure you’ll apply some SAP Notes. When upgrading to a newer service pack, you’ll have to decide if you want to keep the adjustments done by the imported SAP Note or if you want to go back to the original version. As long as the service pack going to be installed contains the changes of the SAP Note, you can revert the changes. To do this:
You see a list of SAP Notes. To get a better understanding, try to run the comparison tool. Be aware that SNOTE must be configured to download notes from SAP for this to work.
Select the option to reset the object. In case SNOTE can download the note from SAP, this should work.
Another part to consider when installing a new service pack is that the objects that are part of a transport request are locked. If so, SPAM will show the following dialog:
Click on the request number to see the locking requests.
First, release the tasks. (A check icon must be behind them)
After enabling OCB features, you should check if folders and files are correctly available in SMP3. In theory, the enablement worked, when OCB files are available in the features, plugins and webapp folder of SMP3.
ls /SAP/MobilePlatform3/Server/features/ | grep "com.sap.banking.omnichannel*"
While installing OCB, SMP3 had to be stopped. During the installation, the database was prepared and files that represent the OCB application were copied to SMP3. Those bundles are now available in SMP3 (OSGI bundles), but are not activated. To be able to use OCB, the features must be activated by SMP3 administration in the Admin web interface. First, start SMP3.
Add OCB p2 repository
Log on to the SMP3 admin interface and navigate to settings -> repositories
To be able to install SAP Omnichannel retail banking on SMP3 SP8, some adjustments must be done on the SMP3 server configuration.
Avoid memory leak
Add a new parameter in the props.ini file of SMP3 server.
Parameter to add: -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true
Looking at the installation guide from SAP, this configuration is somewhat against SAP’s own security recommendations, but is needed as OCB uses struts, and for those the validation must be done via DTD and not by XSD. Edit the file fixed-sys.properties located at /SAP/MobilePlatform3/Server/configuration/com.sap.mobile.server.launcher.
Comment out the last two properties.
Weak Diffie-Hellman ciphers
New browser don’t like anymore the SMP3 SP8 standard TLS ciphers, therefore these must be changed to be more aligned with latest security expectations.
For each TLS connector, substitute the ciphers by TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA.
Form the above connection parameters you can see that SMP3 is going to use the user gomobile with the password secret to connect itself to Oracle XE. This means that the user with the password and a schema must be created in the DB. SMP3 comes with a SQL script for Oracle that does exactly that. The script is located at /db_tools/db/oracle/smp3/sql. The file is 001_SMP3_drop_and_create_user.DDL The file contains the SQL statements to create the user with the right permissions:
CREATE ROLE SY365_OBJOWNER;
GRANT CREATE SEQUENCE TO SY365_OBJOWNER;
GRANT CREATE SESSION TO SY365_OBJOWNER;
GRANT CREATE SYNONYM to SY365_OBJOWNER;
GRANT CREATE TABLE TO SY365_OBJOWNER;
GRANT CREATE VIEW TO SY365_OBJOWNER;
GRANT CREATE PROCEDURE TO SY365_OBJOWNER;
GRANT CREATE SEQUENCE TO SY365_OBJOWNER;
GRANT CREATE TRIGGER TO SY365_OBJOWNER;
GRANT CREATE INDEXTYPE TO SY365_OBJOWNER;
DROP USER GOMOBILE CASCADE;
CREATE USER GOMOBILE
IDENTIFIED BY secret
DEFAULT TABLESPACE USERS
TEMPORARY TABLESPACE TEMP
-- 2 Roles for GOMOBILE
GRANT SY365_OBJOWNER TO GOMOBILE;
GRANT CREATE SESSION TO GOMOBILE;
GRANT CONNECT TO GOMOBILE;
ALTER USER GOMOBILE DEFAULT ROLE ALL;
-- 1 Tablespace Quota for GOMOBILE
ALTER USER GOMOBILE QUOTA UNLIMITED ON USERS;
You’ll have to add the command EXIT; at the end of the file
SQL*Plus: Release 188.8.131.52.0 Production on Wed Aug 24 21:37:08 2016
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Oracle Database 11g Express Edition Release 184.108.40.206.0 - 64bit Production
DROP USER GOMOBILE CASCADE
ERROR at line 1:
ORA-01918: user 'GOMOBILE' does not exist
The error regarding DROP user is normal, as the user gomobile hasn’t been created before, so there is no user to drop.
Install some additional packages via yum to ensure that the installation and execution of the database will work. The list may differ, depending on the actual version of CentOS you are using, but the internet gave me back the following packages and you should be on the safe side.