cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using saprouter to connect Solution Manager to SAP servers

Go to solution
Former Member

on ‎07-05-2016 12:04 AM

0 Kudos

In the case where a single production solution manager is used (with CHARM) to manage transports and monitoring of SAP servers in non-production environments, a lot of ports need to be opened on both the production and the non-production boundary firewalls.  The connectivity is 1-to-many.

Is it possible to use a saprouter in the non-production environment to act as a proxy for Solution Manager to connect to the individual SAP servers within that environment, without impacting the functionality (transports/monitoring/admin).  I am after any successful implementations or other comments you may have on this subject.  The purpose of the implementation would be to reduce the firewall rules from one-to-many to one-to-one and use saproutetab or other means to direct the traffic.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

TomCenens
Active Contributor
‎08-04-2016 7:52 AM
0 Kudos

Hi Ian

I guess this could/should work since you can configure RFC destinations to use a SAProuter connection string and you can connect diagnostics agents through SAProuter if wanted:

External diagnostic agent | SCN


Not sure if this is better than opening up firewalls though ... this also comes with additional configuration / maintenance whatever you like.

Best regards

Tom

Show replies
Show replies
Former Member
‎08-04-2016 9:53 PM
0 Kudos

Thank you for your reply Tom, much appreciated.  We have a non-functional test environment which is very isolated with a blanket policy of nothing in or out... for good reason. Of course this is impossible to maintain and an exemption process exists to connect to the management network.  However to avoid placing a SolMan instance inside that environment and using a fileshare to copy transports in (due to bastion approach etc), we are entertaining the solution you have confirmed may be possible.  I will post results.

Answers (0)

Ask a Question