Lab test scenario
we want to set up a test scenario in our lab to get familiar with PI 7.0. We want to send messages between 2 SAP systems separated by two PI servers to simulate a wan connection with firewalls etc. I'm sure somebody has done this before, but i'm not able to find any infos about this topic. Can you guys help out?Thanks a lot!
Ravi Raman replied
Yes lots of questions...so had to paste ur q`s here...
yes if properly configured PI server is secure enough.
1) what firewalls are you using..i used a combo of linux with ipchains and Aix with secureway firewall to do the dmz..yes i had to publish the servers in the secureway firewall. The linux one we used one box on each end as a protocol/port firewall.
This is what i did as the documentation for this is quite limited...lots of general links..no specifics..!!!
The set up i had done ..was a combination of Sap R/3 talking through XI to IBM WebSphere, users could input data into webSphere after passing through ldap, WebSPhere Security and Tivoli WebSeal, the certificate..key was generated using Tivoli PKI..and this then we had in one scenario for each adapter..and had a set of tests where at diffrent times different machines would be in the dmz...finally we settled with the webSphere server being in the extranet and the rest in the intranet...why do you need to setup 2 PI servers to talk to each other using idoc`s..its preferable to go with soap for that. We did tunnel the http traffic into the Lan(P.S: Check the ports for http..its not 8080 or 8000 as expected ..;).
Hope this helps..let me know if you need more info....
I'm looking for information how to set up the two PI servers that they communicate via HTTP/S and internally via IDOCs. Especially the part when we have to publish the PI servers in the DMZ is interesting. How is this done generally? Do I have to set up the servers in the DMZ or is it ok when the servers are behind the Firewall and I would just tunnel the HTTP traffic into the LAN. Have you any experience with the security topics when we are not in the DMZ? IS a PI server secure enough to be out there? You see, a lot of questions...