cancel
Showing results for 
Search instead for 
Did you mean: 

Regarding Disabling SAPMNT Folder Sharing Impact

Former Member
0 Kudos

Hello

We have finished a distribued install of SAP CE 7.1. SCS and PAS is on one App Server, DB on another App Server. For installation we have opened App Server file sharing port to allow DB to access SAPMNT Folder. Our security team feels, it should be closed now and only opened as on need basis. The folder will however be available to access by the Primary Applicaiton Server. Basically they will block the file sharing port

I would like to know the impact of this on the servers. As I tried, if you do the system still keeps running. So this beings an interesting questions.

- Why is this folder share required?

- What happens if we disable it for outside access?

- Does DB Server instance actually something back to this folder share?

Any pointers on the same will be helpful.

Regards,

ST

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi,

>> - Why is this folder share required?

These folders are hardcoded in the SAP application, as well as they are pointed in the profile parameters, such as TPPARAM or instance. They are required shares. If you drop these shares, it may cause unexpected results.

>> - What happens if we disable it for outside access?

You can close the file sharing port. There's no problem with it, but you should check all the SAP profile parameters which referring to these shares. For example, application server instance profiles may be read from from the database server under "/usr/sap/<SID>SYS/profile" folder. Consequently, be sure that these shares does not used in a profile.

- Does DB Server instance actually something back to this folder share?

Could you clarify the question? If you are talking about database itself, the answer is no. But if you are talking about SAP database instance, the share is using by SAP. Because SAP does not use physical drives, but use the logical definitions named saploc and sapmnt.

The conqlusion is, you can close file sharing port, if you are not using sharing in the SAP profile paramaters, but don't delete saploc and sapmnt shares.

Best regards,

Orkun Gedik

Edited by: Orkun Gedik on Aug 29, 2011 3:21 PM

Edited by: Orkun Gedik on Aug 29, 2011 3:23 PM

Former Member
0 Kudos

Hi Orkun,

Thanks for your quick response. Request you to please clarify subsequent questions

I understand that profile file created during SCS Installation is used by DB Instance while installation so that it can read the profile parameters. Also the communication between App Server and DB Server will happen on some port 15XX and not file share port.

So now the question is does DB needs the access to this SAPMNT folder share once the server is started? If can understand if I restart the server the connection might be required as the DB Instance might read the profile file again. Please correct if this understanding is wrong.

And If its required does the DB Instance uses this folder share to write any log back to the App Server Log files - defaulttrace, application.log etc?

Any further information will be helpful.

Regards,

ST

Former Member
0 Kudos

Hi,

>> I understand that profile file created during SCS Installation is used by DB Instance while installation so that it can read the profile parameters.

Generally, it is correct.

>> Also the communication between App Server and DB Server will happen on some port 15XX and not file share port.

Central service instance,central instance and dialog instance communicating each other by port 39<instance#> or 36<instance#>

>> So now the question is does DB needs the access to this SAPMNT folder share once the server is started? If can understand if I restart the server the connection might be required as the DB Instance might read the profile file again. Please correct if this understanding is wrong.

J2EE engine use "sapmnt" share at the bootstrap phase to read secure store lib directory. Additionally, at the very beginning of the startup of the J2EE instance, the jcontrol process reads "instance.properties" file by using "saploc" share.

In short these shares should be available by the database instance during the runtime.

>> And If its required does the DB Instance uses this folder share to write any log back to the App Server Log files - defaulttrace, application.log etc?

Trace files will not be generated, if the J2EE engine not started respectfully under "j2ee/cluster/server<x>/log" folder. As a n additional info, even if the shares dropped during the runtime, the system will continue to generate trace files.

I hope that everything is clear.

Best regards,

Orkun Gedik