on 02-02-2015 10:03 AM
Dear All,
I have a scenario (without ESR) where I need to process the Payment file(text file) to bank. However, as PI system is in DMZ, and customer's infrastructure team is not willing to open the SFTP port(22) from PI to inside their local network where ECC has been placed. consequently I am not able to connect the ECC system from PI using SFTP adapter, because they are feeling security issue here, as if port is open from PI to ECC it can make a way to hack the other systems in their local network.
Please advise how we are dealing with such kind of scenario.
Thanks,
Farhan
Hi Farhan,
You can send the file to ECC via attachment in ABAP proxy, obviously you should have the connection via ABAP proxy open.
I normally see the PI in the MZ and external webserver like tomcat in the DMZ to allow/deny the connections, may be the PI wouldn't be in the DMZ.
Regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Iñaki Vila,
Thanks a lot for the quick response. I have other way(by ABAP program or ABAP proxy) to process the file from ECC to PI AL11 and vice versa. However, I am looking for the permanent solution for this problem as you have suggested to place back the PI MZ or local network.
Could you please elaborate on this that how we can use "tomcat in the DMZ to allow/deny the connections" ?
Thanks,
Farhan
Hi Frahan
First of all SAP has its own webserver, check this link SAP Web Dispatcher - SAP Library, i don't know if you will need an extra license.
I'm not a basis guy and unfortunely i can help you in this aspect, you have URLs to research about this http://tomcat.apache.org/tomcat-5.5-doc/config/http.html, but i think you would need to talk with your infrastructure team.
On the other hand if you have system directory accessible via ECC (MZ) and PI (DMZ) is not a good solution. You can think if to send the file via SOAP attachment and to have ESR development or to have a system directory only accessible via SFTP from the MZ and the DMZ.
Regards.
Hi Farhan
If the FTP port on ECC (DMZ --> ECC) can't be opened, can the port on PI (ECC --> DMZ) be opened? In that case you will have to place the file on PI system's filesystem and write FTP program on ECC system to go fetch the file.
The other option requires changing the system architecture. You migrate the PI system from DMZ to LAN. Inbound communication from outside the corporate FW first goes to Web Dispatcher in DMZ. The web dispatcher relays those calls to PI system in LAN.
regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.