cancel
Showing results for 
Search instead for 
Did you mean: 

Issue regarding access of ABAP related services from portal

Former Member
0 Kudos

Dear All,

We need your input in the following issue:

Scenerio:

we have implemented ess 1.2 on ep7.0

here we have gone for "Enhanced Package 2" for TRAVEL for client requirements so Travel Services are ABAP WEBDYNPRO instead of Standard JAVA WEBDYNPRO and we have 2 transaction iviews on portal.

Now when an end user clicks on travel services, the request is forwaded to ABAP WAS. So, we need to maintain two entries in DNS: 1. Portal url, 2. ABAP WAS

Now the client doesnot want to maintain ABAP WAS entry in their dns. BUT if they do not maintain this than end users are not able to access ABAP related services...

Can you please suggest any possible solution for this issue.

Thanks & Regards,

JJ

Accepted Solutions (0)

Answers (4)

Answers (4)

0 Kudos

Hi,

Sorry about that. Exactly what I said

Michael

Former Member
0 Kudos

Hi Joshi,

Install a Web Dispatcher which points to your ABAP system and open the Web dispatcher to Internet.Now the system object in your Portal should point to the Web Dispatcher

This is the SAP recommended way rather than opening the ABAP system directly to Internet

Use the link below to work on Web Dispatcher

http://help.sap.com/erp2005_ehp_03/helpdata/EN/42/5cfd3b0e59774ee10000000a114084/content.htm

Thanks & Regards,

Vijith

0 Kudos

Hi,

Per SAP Note 1040325, it says "It is not possible if there is another component between the browser and the message server (for example, a portal)." In your case a firewall between the portal and WAS. So a direct connection between the client and the WAS system is required which is a security risk. The section below gives more detail on why this is the case/

The following is a excerpt from the Portal "Network and Communication Security" guide:-

Please note that the requirement for direct access between the client and the backend is well flagged in the documentation. For instance, please refer to the Portal Security Guide, specifically the section "Network and Communication Security" (http://help.sap.com/saphelp_nw04s/helpdata/en/b9/c892f1ffc34156883ddd24aec01253/frameset.htm):

'Neither the portal nor the AS Java provides a proxy function. [...] If you have set up a network architecture with one or more firewalls, and your portal integrates iViews that initiate client-backend communication, you must set up access for the client through the firewalls to the application server in the back end.'

So the only secure solution is to install a webdispatcher in your DMZ and forward the requests from the (5) Portal to the (6) webdispatcher as in the graphic below :-

........................................./-> (3) Webdisp -\....................../-> (5) Portal

(1) Client (IE) -> (2) Firewall |.........................|-> (4) Firewall |

.........................................\-> (6) Webdisp -/......................\-> (7) WAS

The original requests bound for the (5) Portal are relayed via the (3) webdisp1 as you can only have one webdisp connecting to one backend SAP system (Portal OR WAS).

Hope this helps.

Michael

Former Member
0 Kudos

Dear JJ,

you could possibly configure an alias for the service :

- transaction SICF

- créate external alias

- /sap/bc/webdynpro

In this way the users will be directed to the alias when the link is called.

Or one could use NAT adresses (network adress resolution) - pls ask your

network group for this.

Or one could use a sap webdispatcher - this will act as a logon load balancing

system and will redirect the http requests to the different application servers.

In this way it is possibly enough to maintain the sap webdispatcher IP in the DNS,

and maintain the host files on all servers.

Hope this helps.

kind regards,

andreas