Scribd
Upload
85 views2 pages

SAProuter Installation Guide for Windows

This document provides step-by-step instructions for installing SAProuter, which acts as an intermediary proxy between SAP systems and external networks to control access and enhance security. The key steps are to register the SAProuter with SAP support, download required files like the SAP Crypto Library, generate certificates, create user credentials, install the SAProuter service, and configure registry keys and parameters. Proper installation of SAProuter allows routing of traffic between SAP and other systems while controlling connections and logging access for security.

Uploaded by

Rashed Ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
85 views2 pages

SAProuter Installation Guide for Windows

This document provides step-by-step instructions for installing SAProuter, which acts as an intermediary proxy between SAP systems and external networks to control access and enhance security. The key steps are to register the SAProuter with SAP support, download required files like the SAP Crypto Library, generate certificates, create user credentials, install the SAProuter service, and configure registry keys and parameters. Proper installation of SAProuter allows routing of traffic between SAP and other systems while controlling connections and logging access for security.

Uploaded by

Rashed Ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Step By Step Guide To Install SAProuter

SAProuter as all the technical heads know is used to connect different IP Networks or you can
say it acts as an intermediary proxy in a network connection between SAP systems or SAP
systems and external networks. It is a very advantageous enhancement to a pre-existing firewall
system because it control access to the user’s network.

In more general terms it works like any router to direct traffic and is particularly utilized to route
traffic of any sort between SAP and the local systems of the customers. SAProuter can be
utilized to do the following:

 To control and log the connection to a customer’s SAP system.


 To enhance network security with the help of a password (which protects the customer’s
connection and data from unwanted/unauthorized external access), permitting access from one
specific SAProuter, permitting only one encrypted connection from a known partner (using the
SNC layer).
 To setup an indirect connection in case when the program used in the connection is unable to
communicate with each other because of network configuration. The reasons are generally
restrictions arising from the firewall systems or address conflicts when using non-registered
configuration.
 Enhancing the stability and performance by lowering down the workload on SAP system within
a LAN when communicating with a WAN.

Some Key Points:

 SAProutertraffic communicates by default on TCP port 3299. This is generally a configurable


option.
 SAProuter executable /binary must be running for SAProutertow work. There is no start on call
options.
 SAProuter is required to get service from SAP.

SAP Router Installation step by step

You first need to convey a message to SAP support and ask to register your hostname and IP of
your new SAProuter. The thing to remember here is that you have to register your SAProuter
with an official IP address because no internal IPs are allowed. Once you have received the
confirmation from SAP regarding your SAProuter request you now can begin configuring your
SAProuter.
If you have SAProuter directory C:usrsapsaprouter, these are the steps to follow.
Note: You will be prompted for a PIN code so decide your own 4 digit pin and you have to use
the same PIN every time you are asked to do so.

1. You have to set 2 environment variables: SECUDIR and SNC_LIB according to the
guide you have downloaded.

2. Download the SAP Crypto Library. Now unpack the and unpack i SAP Crypto Library into
C:usrsapsaprouter

3. Now to create a certificate request, run the command:


sapgenpse get_pse -v -r C:usrsapsaproutercertreq -p
C:[Link] “”

4. Afterwards you have stick to the guide and request the certificate from
[Link] -> Download Area -> SAProuter Certificate

5. Generate a file C:usrsapsaproutersrcert and copy the requested certificate into this file. Now
run the command: sapgenpse import_own_cert -c C:usrsapsaproutersrcert -p
C:[Link]

6. To create credentials for the user who is running the SAProuter service, run command:
sapgenpse seclogin -p C:[Link] -O
(this will create the file “cred_v2″)

7. Check the configuration by running command: sapgenpse get_my_name -v -n Issuer


(This must always provide the answer “CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE”)

8. Generate SAProuter service on Windows with the command:


ntscmgr install SAProuter -b C:[Link] -p“service -r -R
C:usrsapsaproutersaprouttab -W 60000 -K^p:^”

9. Now edit the Windows Registry key as follows:


MyComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSAProuterImage
Path –> Change both ^ to “

10. Start the SAProuter service

11. Now fill in the required parameters in OSS1 -> Technical Settings

Note: SAProuter requires [Link], a Microsoft C runtime library file in order to run or else it
would show an error popup saying “The program can’t start because [Link] is missing from
your computer. Try reinstalling the program to fix this problem”. If you do not have the file, you
can download from here and place it at the same location as SAProuter.

Common questions

Powered by AI

To install and configure SAProuter on a Windows system, first, confirm the registration of hostname and IP with SAP. Next, configure SAProuter by setting two environment variables, SECUDIR and SNC_LIB. Download and unpack SAP Crypto Library to C:\usr\sap\saprouter. Run commands to create a certificate request, import the certificate, and create credentials for the SAProuter service. Generate the SAProuter service using the command `ntscmgr` and adjust the Windows Registry key. Finally, start the SAProuter service and fill in the necessary parameters in OSS1 .

SAProuter requires the Microsoft C runtime library file `msvcr71.dll` to run on Windows. If this file is missing, the system will display an error popup stating “The program can’t start because msvcr71.dll is missing from your computer. Try reinstalling the program to fix this problem” .

SAProuter provides the capability to setup an indirect connection when network configuration challenges, such as firewall restrictions or address conflicts, prevent direct communication between programs. This ensures that connections can be established even under restrictive network conditions, facilitating seamless communication .

The certificate is crucial for ensuring secure communication as it authenticates the SAProuter in the network. It is implemented by creating a certificate request using specific commands and importing it into a designated file `C:\usr\sap\saprouter\srcert`. This certificate is then utilized within the SAProuter setup to secure connections .

SAProuter helps enhance network performance by reducing the workload on the SAP system within a LAN when communicating with a WAN. This is achieved by routing traffic efficiently and controlling unnecessary data flow across different parts of the network, thus maintaining network stability and performance .

Using only registered IP addresses for SAProuter registration ensures that the connections are trusted and secure, as unregistered IPs could lead to unauthorized access. This requirement enhances security by ensuring that all interactions are from known and verified locations, reducing the risk of potential cyber threats or breaches .

The command used to verify SAProuter configuration is `sapgenpse get_my_name -v -n Issuer`. This command should return the information "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE" to confirm the configuration is correct and the certificate is properly set up .

SAProuter's default use of TCP port 3299 requires network configurations to ensure this port is open and not blocked by firewalls. This adjustment is crucial for maintaining a secure connection path and allowing SAProuter to function correctly without hindrance, thereby affecting network security protocols positively by specifically known and necessary adjustments .

SAProuter serves as an intermediary proxy in a network connection between SAP systems or SAP systems and external networks. It primarily enhances network security by controlling and logging connections to the customer’s SAP system and applying password protection to connections. Moreover, it permits access only from a specific SAProuter, allowing just one encrypted connection from a known partner by using the SNC layer .

Creating user credentials for SAProuter involves running the command `sapgenpse seclogin -p C:\usr\sap\saprouter\local.pse -O` which creates a file "cred_v2". This process is important as it authenticates the user running the SAProuter service, ensuring that only authorized users can operate the service, thereby enhancing security and maintaining secure access controls .

You might also like