Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
BNW Consulting Pty Ltd Level 2 Riverside Quay 1 Southbank Boulevard Southbank 3006 Australia
PO Box 5158 Burnley 3121 Australia www.bnwconsulting.com [email protected]
Telephone +61 3 9982 4533 Fax +61 3 8677 9138 LinkedIn bnwconsulting Twitter bnw_consulting
PowerConnect 5.0/6.0 NW 7.00 to 7.53 Installation
KB 053
16/08/2019
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 2
Contents 1. Installation steps ............................................................................................................................. 3
2. Setting up HTTPS / SSL support in SAP ............................................................................................ 3
3. SAINT ............................................................................................................................................. 19
3.1. Install add-on ........................................................................................................................ 20
4. Activate BC Sets ............................................................................................................................ 28
5. Upload Roles ................................................................................................................................. 31
5.1. Add Transport to buffer ........................................................................................................ 31
5.2. Upload PowerConnect Roles ................................................................................................ 33
5.3. Generation Roles................................................................................................................... 35
5.4. Assign Roles ........................................................................................................................... 37
6. Activate PowerConnect................................................................................................................. 38
6.1. License definition .................................................................................................................. 38
6.2. Splunk system setup ............................................................................................................. 39
6.3. Start job dialog ...................................................................................................................... 42
6.4. Notification email setup ........................................................................................................ 42
7. Load HANA Scripts (optional) ........................................................................................................ 43
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 3
1. Installation steps Installation of PowerConnect for Splunk requires the following steps to be completed in
the order listed below.
1. If you wish to use HTTPS / SSL connection between SAP and Splunk please setup the SSL support in the ABAP engine using the steps listed here (link to Setting up HTTPS / SSL support).
2. Import the agent using TMS / SAINT 3. Activate BC Sets 4. Upload PowerConnect Roles 5. Start the PowerConnect for Splunk control panel in SAP using tcode /BNWVS/MAIN 6. Configure the connection between SAP and Splunk 7. Load HDB Scripts (HANA only)
2. Setting up HTTPS / SSL support in SAP By default, Splunk REST API listens on port 8089 and HEC on Port 8088 with SSL active.
SAP supports SSL however some basic setup is needed to provide SSL functionality to the native HTTP client built in to the ICM to support HTTPS. You can disable SSL support in Splunk and use HTTP without SSL to communicate between SAP and Splunk however it is not recommended for a production environment, especially where Splunk traffic traverses a shared network or in a public or private cloud hosted solution for SAP or Splunk.
If you wish to enable SSL support in SAP ABAP, please follow the steps below.
Please note that the instructions below are for setting up SSL to Splunk with a default configuration that includes a self-signed certificate that is included into Splunk during installation.
Important Note(s):
If your Splunk Enterprise Server has a custom SSL certificate installed, the process is the same, however names you see in the examples will differ from the screen shots below.
If you connect to a Splunk server via a proxy server then you will need to install any certificates that may sign HTTPS requests that flow through it into SAP.
If you are unsure about how to configure SSL, or you get SSL chain-verify or peer verify errors in SAP log a support call. You will need a valid license and support agreement to get email and phone support.
Ensure that System environment variable SECUDIR is set, this normally points to the /usr/sap/<SID>/<Instance>/sec directory.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 4
If further details are required for setting environment variables please refer to SAP OSS Note 1827566 - http://service.sap.com/sap/support/notes/1827566
Download the latest SAP Crypro library from SAP Marketplace and unpack into the instance executable directory http://support.sap.com/swdc → Support Packages and Patches → My Application Components → SAPCRYPTOLIB
In transaction RZ10 set the following profile parameters into the Default.pfl profile parameters. A restart of you SAP system is required after saving updated profile.
Profile Parameter Value Examples ssl/ssl_lib Path and file name of the SAP
Cryptographic Library UNIX: /usr/sap/<SID>/SYS/exe/run/libsapcrypto.so Windows NT: <DRIVE>:\usr\sap\<SID>\SYS\exe\run\sapcrypto.dll
sec/libsapsecu Path and file name of the SAP Cryptographic Library
UNIX: /usr/sap/<SID>/SYS/exe/run/libsapcrypto.so Windows NT: <DRIVE>:\usr\sap\<SID>\SYS\exe\run\sapcrypto.dll
ssf/ssfapi_lib Path and file name of the SAP Cryptographic Library
UNIX: /usr/sap/<SID>/SYS/exe/run/libsapcrypto.so Windows NT: <DRIVE>:\usr\sap\<SID>\SYS\exe\run\sapcrypto.dll
ssf/name SAPSECULIB SAPSECULIB icm/server_port_<xx> PROT=HTTPS, PORT=<port>,
TIMEOUT=<timeout_in_sec> PROT=HTTPS, PORT=1443, TIMEOUT=900
In transaction STRUSTSSO2 activate the following SSL nodes:
▪ SSL Server Standard ▪ SSL Client SSL Client (Anonymous) ▪ SSL Client SSL Client (Standard)
Activate by right clicking on each node and selecting "Create" - The default entry can be used unless specific security policies must be adhered too.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 5
Change Mode →
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 6
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 7
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 8
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 9
Next we need to ensure the ROOT CA (or server self-signed certificate is installed in the ABAP system). Start by connecting to the Splunk server on port 8089 using HTTPS this will show you the certificate in use.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 10
Open the certificate information
This certificate is signed by the SplunkCommonCA and we need to import this CommonCA certificate into SAP so it trusts the certificate being issued by the Splunk server.
To do this highlight the SplunkCommonCA certificate and click View Certificate
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 11
Not we are looking at the SplunkCommonCA certificate that is the issuer of the certificate being sent by Splunk. If we configure SAP to trust this certificate, then it will also trust the certificates it has issued which include the one being sent to SAP by the Splunk Server (SplunkServerDefaultCert).
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 12
Next click Copy to file to export this certificate
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 13
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 14
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 15
Now we need to import this certificate into SAP. Start tcode STRUSTSSO2.
Highlight the hostname under node "SSL client SSL Client (Standard).
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 16
Click on the import button in the certificate section
Now enter the file path of the SplunkCommonCertificate saved in the previous step
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 17
Now the SplunkCommonCA certificate appears in the Certificate section, click on the Add to Certificate List button to add it to the Certificate List.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 18
Click Save in the toolbar to save this change
Repeat this change for the following 2 nodes
SSL server Standard SSL client SSL Client (Anonymous)
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 19
3. SAINT
Ensure Installation and Support Packages are unpacked into \usr\sap\trans\EPS\in directory
Client 000 → Transaction SAINT
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 20
3.1. Install add-on
From the main screen in transaction SAINT select “Start”
Highlight the PowerConnect Add-on
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 21
Select “Continue”
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 22
Please select the highest Target Support Package available for the BNWVS add-on if there was any uploaded into SAINT.
Select “Continue”
You will then see a list all packages being installed.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 23
Select “Continue”
Select “No” for Modification Adjustment transport
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 24
Select the “Start Options” button
Change to start in background
Change option to “Start in background immediately”
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 25
Select the “tick” to continue
Select the “tick” to start installation
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 26
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 27
Once installation is complete select “Finish”
The “BNWVS” add-on will now appear in installed add-on list
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 28
4. Activate BC Sets
BCSET contains the client-dependant data, thus should be activated in the production client.
Login into the pro Go to transaction SCPR20
In the BC Sets Field enter “\BNWVS\BCSET_500”
BC Set → Activate
Create a transport for the BC Set activation – This transport will be imported into subsequent systems rather than running this transaction again.
Important note! If the transport was not requested, please check the SCC4 settings for the current client.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 29
The follow line will appear at the bottom of screen on complete.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 30
To confirm successful activation, view the logs by going to Goto → Activation Logs
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 31
5. Upload Roles
5.1. Add Transport to buffer Ensure transport files are loaded into the usr\sap\trans\cofiles and \usr\sap\trans\data directories.
Transaction STMS
From the buffer of the system select Extras → Other Requests → Add
Select transport “N71K900223”
Select the “tick” and then “yes” to add to buffer
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 32
Select transport with the mouse and then from menu select Request → Import
Important! The transport should be imported into the production client.
Ensure the “Ignore Invalid Component Version” flag is selected (if needed).
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 33
5.2. Upload PowerConnect Roles
Transaction PFCG
From menu Role → Upload
Navigate to the directory where you have saved the roles and select one.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 34
Confirm the import.
Carry out the same procedure for the other role.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 35
5.3. Generation Roles
From menu select Utilities → Mass generation
In the role field enter “Z_BNWVS*”
Select Program → Execute
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 36
Edit → Select All
Roles → Generate profile
Select “online”
Leave transaction
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 37
5.4. Assign Roles
Assign role Z_BNWVS_ADMIN_CHANGE to user who will administer PowerConnect and Z_BNWVS_BATCHUSER to user that will run the PowerConnect batch jobs.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 38
6. Activate PowerConnect
Transaction /n/bnwvs/main
6.1. License definition Following popup will be given after the first run:
Press Yes to define the license key.
Copy the key and paste it using the button on the toolbar (or put it directly in the text field):
Please ensure the status is OK/Green. Save the config and confirm changes.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 39
6.2. Splunk system setup
Following options are available:
Target system – Single Splunk/OMS system, it will receive all collected metrics. Target group – Can contain few Splunk/OMS systems, all metrics will be load balanced
across all of them.
Choose necessary option and press Next.
Define the Splunk system name (free text) to be able to identify the Splunk system among others.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 40
Press Create to proceed.
Enter Splunk/OMS system details according to the chosen option (Splunk HEC, Splunk REST, OMS):
Optional: connection test can be performed if needed to check the Splunk system availability and ensure the index is created. Check button should be pressed in this case.
Important: please ensure that HTTP scheme (http or https) and port are defined in the Host field.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 41
Press Confirm button to save the config.
Press Next to proceed.
On this screen the upload target should be created and added into the distribution scheme.
Set Active flag to activate the Splunk target.
Optional: If the Target group is created beforehand, it is also possible to assign this particular target system to chosen Target Group to be able to load balance metrics (i.e. in case of Splunk several indexers). Add to the Group option should be set in this case:
Press Next to move to the next step.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 42
The Splunk system setup has been completed. Please Confirm the setup or press New Target to create another target system/group.
6.3. Start job dialog Once the Splunk/OMS systems have been setup, following dialog will be given to start collection/uploading jobs:
It is possible to select job class or define the system to run these jobs. This step can be skipped, so jobs are started manually from the Control Panel.
6.4. Notification email setup Please define the Notification Email on the next screen:
This email will be stored in the config and used to send a reminder about license expiration.
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 43
Once all these steps are completed, PowerConnect Control Panel will be shown on the screen.
7. Load HANA Scripts (optional)
If your SAP systems run on HANA you will need to upload the scripts to run extended queries.
Administrator → Setup Metric → HDB Queries
Select Upload file button
Navigate to where HDB_SCRIPTS.xml or HDB_SCRIPTS.zip file has been saved and select
KB 053 - PowerConnect 5.0 NW 7.01 to 7.50 Installation Page 44
Once uploaded, select scripts you want to run and then press “Save” from the top menu
Important note! Please note that some scripts are not valid out of the box and should be adjusted based on your system setup (i.e. the predefined scheme is not valid). It is recommended to activate necessary scripts one by one to avoid potential errors.