on 11-29-2008 1:30 PM
Dear All,
We need your input in the following issue:
Scenerio:
we have implemented ess 1.2 on ep7.0
here we have gone for "Enhanced Package 2" for TRAVEL for client requirements so Travel Services are ABAP WEBDYNPRO instead of Standard JAVA WEBDYNPRO and we have 2 transaction iviews on portal.
Now when an end user clicks on travel services, the request is forwaded to ABAP WAS. So, we need to maintain two entries in DNS: 1. Portal url, 2. ABAP WAS
Now the client doesnot want to maintain ABAP WAS entry in their dns. BUT if they do not maintain this than end users are not able to access ABAP related services...
Can you please suggest any possible solution for this issue.
Thanks & Regards,
JJ
Hi,
Sorry about that. Exactly what I said
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Joshi,
Install a Web Dispatcher which points to your ABAP system and open the Web dispatcher to Internet.Now the system object in your Portal should point to the Web Dispatcher
This is the SAP recommended way rather than opening the ABAP system directly to Internet
Use the link below to work on Web Dispatcher
http://help.sap.com/erp2005_ehp_03/helpdata/EN/42/5cfd3b0e59774ee10000000a114084/content.htm
Thanks & Regards,
Vijith
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Per SAP Note 1040325, it says "It is not possible if there is another component between the browser and the message server (for example, a portal)." In your case a firewall between the portal and WAS. So a direct connection between the client and the WAS system is required which is a security risk. The section below gives more detail on why this is the case/
The following is a excerpt from the Portal "Network and Communication Security" guide:-
Please note that the requirement for direct access between the client and the backend is well flagged in the documentation. For instance, please refer to the Portal Security Guide, specifically the section "Network and Communication Security" (http://help.sap.com/saphelp_nw04s/helpdata/en/b9/c892f1ffc34156883ddd24aec01253/frameset.htm):
'Neither the portal nor the AS Java provides a proxy function. [...] If you have set up a network architecture with one or more firewalls, and your portal integrates iViews that initiate client-backend communication, you must set up access for the client through the firewalls to the application server in the back end.'
So the only secure solution is to install a webdispatcher in your DMZ and forward the requests from the (5) Portal to the (6) webdispatcher as in the graphic below :-
........................................./-> (3) Webdisp -\....................../-> (5) Portal
(1) Client (IE) -> (2) Firewall |.........................|-> (4) Firewall |
.........................................\-> (6) Webdisp -/......................\-> (7) WAS
The original requests bound for the (5) Portal are relayed via the (3) webdisp1 as you can only have one webdisp connecting to one backend SAP system (Portal OR WAS).
Hope this helps.
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear JJ,
you could possibly configure an alias for the service :
- transaction SICF
- créate external alias
- /sap/bc/webdynpro
In this way the users will be directed to the alias when the link is called.
Or one could use NAT adresses (network adress resolution) - pls ask your
network group for this.
Or one could use a sap webdispatcher - this will act as a logon load balancing
system and will redirect the http requests to the different application servers.
In this way it is possibly enough to maintain the sap webdispatcher IP in the DNS,
and maintain the host files on all servers.
Hope this helps.
kind regards,
andreas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.