cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connect to SAP from AWS

Go to solution
Former Member

on ‎06-17-2013 2:46 PM

0 Kudos

Folks,

I followed the excellent guide (http://scn.sap.com/docs/DOC-30502) on how to setup SUP on the AWS. Everything is running well inside the AWS but I am now trying to get the SUP that is running on AWS to connect to my SAP development system.

I have a public IP address (that will use NAT to resolve to the application server within our firewall), but my networking team won't allow us to open up the firewall without being able to specify what port, or range of ports, the AWS will try to connect to SAP through.


I have searched online and tried many different thing but with no luck. Would you be able to tell me:

a) What port AWS will try to use to connect to an SAP instance specified in the SUP


b) Is my landscape correct as I seem to be the only person trying to connect to SAP this way from a hosted SUP server on AWS.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-18-2013 5:55 PM
0 Kudos

Guys,

We made SUP connect to the SAP behind the firewall successfully. You need to connect to gateway ports TCP 3300.

Refer to this document: http://help.sap.com/saphelp_46c/helpdata/en/6d/2a41373c1ede6fe10000009b38f936/content.htm

Though the document is old but the fundamentals are still valid.

Show replies
Show replies
Former Member
‎06-21-2013 2:06 PM
0 Kudos

Vikalp\Midhun,

Sincere thanks for getting back to me, just wanted to let you know that I am currently in the process of asking our network team to open up our corporate firewall for the AWS elastic IP address and the port 3300. This is proving to be a slow process but once completed I'll let you know the results.

Regards,

Colm

Former Member
‎06-21-2013 7:07 PM
0 Kudos

Hi Vikalp\Midhun,

So it turns out I needed to open up port 33XX on my corporate firewall, where XX is the instance number of my SAP System. My network team created a public IP for me 000.XX.YYY.ZZZ and allowed traffic through port 33XX from my AWS Elastic Instance.

I can now telnet onto 000.XX.YYY.ZZZ port 33XX from my AWS server. However, I'm still getting the error below. I'm now not sure if this is network related or SAP config required on the RFC destination.

At least I have made progress, I will continue exploring myself and let you know.

ERROR:

Could not connect to EDV.
Error creating SAP Connection Factory connection to EDV. (Error: Connect from SAP gateway to RFC server failed
Connection parameters: TYPE=A DEST=000.XX.YYY.ZZZ|XX|null|null|915a2e99afb0135f1727196d83693e04f25a5b4b ASHOST=000.XX.YYY.ZZZ SYSNR=XX PCS=1 CODEPAGE=1100

LOCATION    SAP-Gateway on host dbciEDV.ict.corpad.com / sapgwXX
ERROR       timeout during allocate
TIME        Fri Jun 21 17:49:33 2013
RELEASE     720
COMPONENT   SAP-Gateway
VERSION     2
RC          242
MODULE      gwr3cpic.c
LINE        2025
DETAIL      no connect of TP sapdpXX from host 000.XX.YYY.ZZZ after 20 sec
COUNTER     3
)
Connect from SAP gateway to RFC server failed
Connection parameters: TYPE=A DEST=000.XX.YYY.ZZZ|XX|null|null|915a2e99afb0135f1727196d83693e04f25a5b4b ASHOST=000.XX.YYY.ZZZ SYSNR=XX PCS=1 CODEPAGE=1100

LOCATION    SAP-Gateway on host dbciEDV.ict.corpad.com / sapgwXX
ERROR       timeout during allocate
TIME        Fri Jun 21 17:49:33 2013
RELEASE     720
COMPONENT   SAP-Gateway
VERSION     2
RC          242
MODULE      gwr3cpic.c
LINE        2025
DETAIL      no connect of TP sapdpXX from host 000.XX.YYY.ZZZ after 20 sec
COUNTER     3

Former Member
‎06-26-2013 5:43 PM
0 Kudos

Guys,

Success! We managed to connect to our E5D server by doing the following:

1) Network team created a public IP that is accessible only by the IP of my AWS server through ports 32XX, 33XX and 36XX (where XX is the SAP instance number).

2) They then created a NAT that resolved traffic coming from my AWS server into that public IP to my SAP Application server. This NAT has to be able to send traffic in both directions.

3) My Security team had to create a System user with SAP_ALL. I then use these user credentials that in the connection properties in SUP Workspace

4) My Basis team had to add the public IP that the network team provided me, to the host file of the SAP server

With all of that done I was able to successfully connect to my
SAP Development box from within the SUP Workspace hosted on AWS.

Looking at it now, we probably will need to use the SAP Router going forward, but for now, this is a good temporary solution to show the possibilities of SUP to the key business users.

Many Thanks for all your help,

Colm

midhun_vp
Active Contributor
‎06-26-2013 8:39 PM
0 Kudos

Good to hear that.

Answers (1)

Answers (1)

midhun_vp
Active Contributor
‎06-18-2013 10:22 AM
0 Kudos

The default port to be opened in SUP server in order to connect from your development desktop to start the development is 2000.

For mobile communication the default ports are 5001 and 2480.

- Midhun VP

Show replies
Show replies
Former Member
‎06-18-2013 11:59 AM
0 Kudos

Hi Midhun,

Thanks for getting back to me, does that imply that I need to open up all those ports on my corporate firewall to allow me to connect to the SAP server which I do by:

Logging on to AWS instance in RDP>Sybase Unwired WorkSpace 2.2>Bottom Left Hand Pane>Right Click on SAP Servers>New>Fill in my Application Server and Login Information>And then try to ping the server.

midhun_vp
Active Contributor
‎06-18-2013 1:59 PM
0 Kudos

If your requirement is to connect to SAP server from your SUP workspace means it depends on your SAP instance. I don't think that you need to open any port for it since you are accessing it from AWS.

The ports 2000, 5001 and 2480 are to be opened in the SUP server. Usually development of the mobile apps will not be performed in SUP server itself. I don't understand why you are using the SUP workspace present in SUP server itself.

Practically you need to install the SUP SDK in a desktop to do the development of mobile apps.

- Midhun VP

Former Member
‎06-18-2013 3:38 PM
0 Kudos

Midhun,

If your requirement is to connect to SAP server from your SUP workspace means it depends on your SAP instance. I don't think that you need to open any port for it since you are accessing it from AWS.

But I followed the steps on this guide http://scn.sap.com/docs/DOC-30502 and in that case the AWS is in the cloud, but my SAP server is behind a firewall.

The ports 2000, 5001 and 2480 are to be opened in the SUP server. Usually development of the mobile apps will not be performed in SUP server itself. I don't understand why you are using the SUP workspace present in SUP server itself.

Again, I have followed the steps on the above link which effectively sets up the development environment. The SUP server is sitting on the AWS machine, as is the SUP SDK. That is fine, I have been able to develop an app and deploy it to my cell phone which was connecting to the AWS on the cloud over the cellular network. So I am pretty confident that my setup of the SUP is fine. The issue is, if I want to consume SAP data, I need access to the SAP application server, which I can't get to because the SUP Server sitting on the AWS machine is outside of the corporate firewall. I need to open up the corporate firewall but the network team won't help me unless I can tell them what ports I am connecting through.

Practically you need to install the SUP SDK in a desktop to do the development of mobile apps.

You are right, when I install the SUP SDK on my local machine (I have tried this), I can connect to the SAP server no problem, I could also connect to my SUP server if I opened up the port, I don't believe this would be an issue either but I haven't asked my networking team to do this because, If I did create a mobile app on my machine, and deployed it to a phone, if that phone was not running on the corporate network, it wouldn't be able to access the data on the SAP server because, the SUP server which sits on the AWS would still have to connect to the SAP server to get the data, which it can't do because it's outside of the firewall.

So therefore I would need to install the SUP server inside my corporate firewall and the only devices that would be able to use it would be devices inside the firewall. Which is not the requirement.

midhun_vp
Active Contributor
‎06-19-2013 3:41 AM
0 Kudos

First, You need to install your SUP server inside your internal firewall. Given below is the architecture.

Second, " if that phone was not running on the corporate network, it wouldn't be able to access the data on the SAP server " The phone which is in public network can access the SAP data via SUP if the IP you are providing in the application is public IP of the SUP server. From your application you will be connecting to SUP server to communicate to SAP server. "So therefore I would need to install the SUP server inside my corporate firewall and the only devices that would be able to use it would be devices inside the firewall. Which is not the requirement." This is a wrong statement. I is possible to get the SAP data in the device when the device is even in the public network using the Public IP of the SUP server.

- Midhun VP

Ask a Question