NWBC ServerSide Setup

SAP AG

Enablement Kit forSAP NetWeaver Business Client V1.30

SAP NWBC 3.0 Technical Requirements &Server Side ConfigurationOverview

In this presentation we consolidate the activities on the ones to be performed on OS level and for each transaction At the end you find a short summary for a SAP GUI based end-user check as well as the front-end related configuration steps

SAP NetWeaver Business Client 3.0 Objective

SAP NetWeaver Business Client 3.0 Required Backend Release and Stack

SAP NetWeaver Business Client 3.0 High Level Backend Configuration Steps

SAP NetWeaver Business Client 3.0 Backend Configuration SAP Crypto Library (1/2)

SAP NetWeaver Business Client 3.0 Backend Configuration SAP Crypto Library (2/2)

SAP NetWeaver Business Client 3.0 Backend Configuration System Parameters (1/2)Depending on your architecture it might be reasonable to distribute the parameters to the default or instance profile (DEFAULT.PFL / _DVEBMGS_, e. g. EH3_DVEBMGS00_BPEHP). In general it is valid to include the parameters in the instance profile.You can either use transaction RZ10 for maintaining the profiles or editing them directly on OS level ensure always before edition in transaction RZ10 that you uploaded the current version from the OS level (menu: Utilities > Import profiles > Of active servers)

Attention After maintaining the system parameters you need to restart your system so that the parameters will be taken into account. For Windows servers the service SAP_ (e. g. SAPEH3_00) as well needs to be restarted before the SAP application server ABAP is started again.

SAP NetWeaver Business Client 3.0 Backend Configuration System Parameters (2/2)

SAP NetWeaver Business Client 3.0 Backend Configuration TX STRUSTSSO2 System PSE SNC SAPCryptolib SSL server Standard SSL client SSL Client (Standard) If you use server signed certificates you will receive some warnings when logging on via SAP NWBC 3.0 but functionality is not affected. These screenshots show examples of self-signed certificates maintained via right mouse clicks.

SAP NetWeaver Business Client 3.0 Backend Configuration TX SMICMMenu: Goto > Services or [Shift]+[F1] or If https is not active, activate the service via menu: Service > Activate To be able to activate https the SSL server Standard certificate needs to be created (see previous slide)

SAP NetWeaver Business Client 3.0 Backend Configuration TX SFW5

SAP NetWeaver Business Client 3.0 Backend Configuration Services, TX SICF 1/3

To make use of SAP NWBC you need to activate various services in TX SICF.Most important is the so-called cockpit, /sap/bc/nwbc linked to the external alias /nwbc.The other services are used to enable the framework (especially /sap/public), and to display the various transactions. Attention If you have already activated part of the node you can activate the entire tree by deactivating and reactivating the upper node. However, you have to update the service tree with the Refresh icon .


Update the specified services in the Internet Communication Frameworks (ICF), for general information see Note 517484.

SAP NetWeaver Business Client 3.0 Backend Configuration Roles (1/2)

The use of SAP NWBC is for SAP BAiO packages based on ABAP roles. So to be able to use SAP NWBC as a user interface, roles need to be assigned to the logon user.Within the SAP BAiO packages, the SAP_AIO_* roles delivered initially with SAP ERP 6.0 have been adapted to the delivered scenarios. For enhancement package 3 for SAP ERP 6.0 they start with SAP_BPR_*, for enhancement package 4 for SAP ERP 6.0 they start with SAP_NBPR_*.Please use either TX SU01 to assign roles to a specific user or PFCG to assign users to specific roles. Afterwards do not forget to perform the user comparison in TX PFCG for all newly assigned roles! Usually SAP_[AIO; NBPR]_EMPLOYEE_S + the relevant functional roles should be assigned to the user. Details can be found in the SAP BAiO Business Process Documentation (BPD).

SAP NetWeaver Business Client 3.0 Backend Configuration Roles (1/2)

SAP NetWeaver Business Client 3.0 Backend Configuration Cockpit (1)

When SAP NWBC 3.0 is connected to an ABAP system, central access point on ABAP side is the so-called cockpit. The call is established via an external alias /nwbc, so that the URL has always the same structure.This external alias is connected to service /sap/bc/nwbc. For example with standard scenario: http(s)://..:/nwbc forwards automatically to http(s)://..:/sap/bc/nwbc For further information please have a look at SAP Note 1368177.

SAP NetWeaver Business Client 3.0 Backend Configuration Cockpit (2)To ensure correct communication you need to verify that the error pages handling of logon errors of the cockpit is configured correctly.

SAP NetWeaver Business Client 3.0 Backend Configuration System Logon

You can define how the logon screen for SAP NWBC should look like and which parameters should be set for the logon process. To do so doubleclick on the respective service node for your cockpit in transaction SICF, choose -> Error Pages -> Logon Errors and then the button Configuration (see previous slide). You can decide wether you want to use the global settings (usually only user and password) or if you want to set further parameters for the logon process. You can find a detailed description for the configuration in http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/3a0638902131c3e10000000a42189d/content.htm.

SAP NetWeaver Business Client 3.0 Backend Config. Table NWBC_CFG (1)

Use transaction SE16 or SE16n to create a new client specific table entry in table NWBC_CFG (refer to chapter 4.6 in general SAP NWBC 3.0 documentation):

IDX: Any three characters Cockpit: * Name: BUSINESS_LINE Lang: Display: Value: BAiO Cockpit Path:

SAP NetWeaver Business Client 3.0 Backend Config. Table NWBC_CFG (2)

Also via table NWBC_CFG you can define a branding image in the lower part of the left navigation panel with a clickable URL behind the image.Therefore make the following entries in table NWBC_CFG via transaction SE16:

Branding image: IDX = any ID, consisting of three charactersCOCKPIT= * (means relevant for all Cockpits)NAME= BRANDING_IMAGEVALUE= URLThe URL must be a link to a picture (JPG or PNG) and it must be ensured that the image can be loaded without authorization having been required.

Branding URL: IDX= any ID, consisting of three charactersCOCKPIT= * (means relevant for all Cockpits)NAME= BRANDING_URLVALUE= URLThe URL can be the corporate portal page of the company which is then loaded.

For the configuration of table NWBC_CFG and the available parameters see also the general documentation for SAP NWBC 3.0, chapter 4.6 Configuration via Table NWBC_CFG.

Some of the settings to be made require deeper knowledge in SAP basis system administration, such as system profile parameters and configuration of SSO.Therefore it is recommended that the user just check for the correctness of the settings and the system administrator takes care of the correct configuration of these areas.System parameters: They can easily be checked using TX RSPFPAR uploading the following selection from the clipboard:icm/host_name_fullicm/server_port_*login/*_sso2_ticketsec/libsapsecussf/*ssl/*Check for Trust Manager for Single Sign-On with Logon Ticket configuration TX STRUSTSSO2 The following nodes need to be created: System PSE, SNC SAP Cryptolib, SSL Server Standard, SSL client SSL Client (Standard)ICM Monitor Service Display TX SMICM, Goto - Services: http and https enabledSwitch Framework TX SFW5: Enterprise Business Funktion /KYK/GEN_AIO_SIMPLIFICATION enabledInternet Communication Framework TX SICF: Check that required services are activatedIf services cannot be activated or are not found in the system run transaction SIAC_PUBLISH_ALL_INT to publish them at onceRoles TX SM30_SSM_CUST + PFCG / SU01: Enable additional details for view SSM_CUST and assign required roles to your userAdditional cockpit configuration TX SICF: For correct SAP NWBC 3.0 connection to the backend you need to verify that the error pages handling of logon errors of the cockpit is configured correctly:Radio button System Logon selected andConfigured for Service Specific Settings displaying at least System Messages using protocol Logon via HTTPS

SAP NetWeaver Business Client 3.0 End-user Tests

SAP NetWeaver Business Client 3.0 Additional Information Sources1400383 SAP BAiO: NWBC & EhP4 for SAP ERP 6.0 (ABAP) Configuration (Basis for the information in this presentation)1368177AP NWBC 3.0 Released for SAP BAiO Packages and SAP SRM 7.0 (Release Information for NWBC 3.0 for SAP BAiO partners and customers)517484 Inactive services in the Internet Communication1165371 SAP Best Practices Role Files for All-in-One EhP3 (Best Practices Roles for EhP4 solutions will be delivered with the corresponding Add-On)-> If you are using an SAP Best Practices solution check the latest version of the corresponding note to obtain updates and corrections.http://help.sap.com > SAP NetWeaver > SAP NetWeaver 7.0 > SAP NetWeaver 7.0 Library (including Enhancement Package 1) or > SAP NetWeaver 7.0 Library > SAP NetWeaver Library > SAP NetWeaver by Key Capability > Security > Network and Transport Layer Security > Using the SAP Cryptographic Library for SNC > Configuring the Use of the SAP Cryptographic Library for SNC > Configuring SNC for Using the SAPCRYPTOLIB on the AS ABAP http://help.sap.com/saphelp_nw70ehp1/helpdata/en/7c/3f443c8c06702ee10000000a11405a/frameset.htm

2010 SAP AG. All rights reserved.No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation.Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.Oracle is a registered trademark of Oracle Corporation.UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc.JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, Clear Enterprise, SAP BusinessObjects Explorer, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP France in the United States and in other countries. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG.This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice.SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence.The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.

*

Documents

NWBC ServerSide Setup