This action might not be possible to undo. Are you sure you want to continue?
TECHNICAL SUPPORT NETWORK
Global Service & Support August 2009
1. Advantage of Network Connections 2. Process Overview 3. Basic Connection 4. Incident Management 5. Remote Access 6. EarlyWatch Alert 7. Glossary
© SAP 2009 / Page 2
Advantage of Technical Network Connections
Technical communication between three parties – customer, partner, SAP – allows effective End-to-End-Support throughout the whole life cycle. SAP standards for best security requirements for data transfer are proven since decades. SAP offers its customers access to remote support and to a large number of support services delivered remotely in the customer system. Error analysis and services delivered remotely have one major advantage: they are available straight away. Customer, Channel Partner (VAR), and SAP are a perfect team in collaboration. To deliver Enterprise Support to customers a technical connection between three pillars of successful support is basic. For different ranges of use a network connection is necessary: 1. Incident management, Maintenance Optimizer – easy message processing and support for updates 2. Remote access – secured logon to customer system 3. EarlyWatch Alert – early identifying of issues
© SAP 2009 / Page 3
SAP End-to-End Support Network Customer Partner (VAR) SAP SAP Global Service Backbone Channel Partners are the link between SAP Business All-In-One customers and SAP. This proven collaboration between the three parties is founded on a technical collaboration. and transparent. automatically. At all time customers are expecting reliable support services. © SAP 2009 / Page 4 . Secure network connections allow and control processes quick.
EarlyWatch Alert 7. Advantage of Network Connections 2. Process Overview 3. Incident Management 5. Basic Connection 4.Agenda 1. Glossary © SAP 2009 / Page 5 . Remote Access 6.
Maintenance Optimizer (MOPZ). for EWA data) © SAP 2009 / Page 6 .g. EarlyWatch Alert (EWA) report 4 Customers can transfer data to partner‘s Solution Manager (e.Remote Connectivity and Access Process Overview Customer Data Transfer Partner (VAR) Data Exchange SAP SAP Global Service Backbone 4 Incident/EWA/MOPZ 1 3 Customer’s SAP Solution 2 Remote Access In order to completely use all offered options several network connections are necessary to provide End-to-End support: 1 Prerequisite: partners use RFC connection for data exchange between SAP Solution Manager and SAP 2 Partners have access to their customer‘s system landscape via remote access 3 Customers have access to partner‘s Service Desk for incident management.
In case SAP Solution Manager Enterprise Edition as a collaboration and support platform is also installed for End User usage.Agreement Basis To leverage SAP Support Network partner must ensure that the communications connections between Partner and SAP as well as between End Users and SAP. SAP recommends that partner uses the technologies for remote support specified on SAP Service Marketplace (http://service. © SAP 2009 / Page 7 . Partner must bear the connection costs resulting from remote support. This also covers the required communications connections to any third parties involved. are operable at all times and allow satisfactory response times.sap. partner will use this SAP Solution Manager Enterprise Edition to remotely access the Software within End Users’ SAP environment for Incident Remedy subject to prior consent from End Users. which are necessary for remote support to be provided efficiently.com/~form/sapnet?_SHORTKEY=01100035870000044806&_SCENARIO=01100035870000000202& and SAP Note 35010).
Advantage of Network Connections 2.Agenda 1. Incident Management 5. Basic Connection 4. Glossary © SAP 2009 / Page 8 . Remote Access 6. Process Overview 3. EarlyWatch Alert 7.
Hardware*) (.ISDN ) (leased line or dial-up) = Firewall = RFC to SAP DMZ * = Demilitarized Zone = additional VPN hardware (switch/gateway) © SAP 2009 / Page 9 .Basic Connection Overview VAR SAP SAP Global Service Backbone RFC SAProuter SAProuter INTRANET DMZ DMZ INTRANET VPN (with IPsec) (add.
Remote Access). Both options use three types of security measures to protect your systems and data from unauthorized access: State-of-the-art encryption Server authentication Access-control technology © SAP 2009 / Page 10 . ISDN and Frame Relay are getting less important in times of growing internet distribution. SAP recommends an VPN connection to SAP to use all offered options (incl. Synchronization of messages The network connection to SAP basically can be established with a leased line or with a dial-up connection. A VPN switch is required at the partner site and at second party site. but additional software has to be installed. For an internet connection two methods are possible: Secure Network Communication (SNC): SNC connections are established between two SAProuters. Virtual Private Network (VPN): VPN connection provides hardware-level encryption. Synchronization of necessary customer data 2. They require no additional hardware. More information on the technical requirements and the differences in Technical Specifications .Basic Connection Description To provide message processing for customers in standard scenario an Remote Function Call (RFC) connection between SAP Solution Manager and SAP is necessary for 1.
Process Overview 3. Incident Management 5. EarlyWatch Alert 7.Agenda 1. Advantage of Network Connections 2. Glossary © SAP 2009 / Page 11 . Remote Access 6. Basic Connection 4.
Incident Management Overview CUSTOMER VAR SAP HTTPS SAP Web Dispatcher SAP Global Service Backbone RFC SAProuter SAProuter INTRANET DMZ DMZ INTRANET DMZ DMZ INTRANET VPN (with IPsec) (add.ISDN ) (leased line or dial-up) = RFC to SAP = Incident (HTTPS access to Work Center at partner‘s Service Desk) DMZ * = Firewall = Demilitarized Zone = additional VPN hardware (switch/gateway) © SAP 2009 / Page 12 . Hardware*) (.
One of the support employees of the partner is processing a new customer message and sends back a solution proposal. Customer user create and process messages in a Work Center in partner’s Solution Manager instead of SAP Service Marketplace. Sometimes further expertise by an SAP specialist is necessary. © SAP 2009 / Page 13 . If this is not solving customer’s issue then the message is set back for processing by partner.Incident Management Description Incident Management with SAP Solution Manager Service Desk is an essential task for channel partners. If now the customer is satisfied the message is confirmed a partner and at SAP. To provide secure access of the customers to Work Centers in partner’s Solution Manager with HTTPS SAP is recommending the use of SAP Web Dispatcher. Therefore this message is forwarded to SAP and send back to partner who automatically or manually forwards the solution proposal to customer. Usually customers are having access to their partner’s Service Desk via Internet. Message process: Customer Partner (1 & 2 level support) SAP (3 level support) Message process: A customer creates a message in the web based Work Center of his channel partner.
htm Setup SAP Web Dispatcher: http://service.htm © SAP 2009 / Page 14 .sap.com/~sapidb/011000358700000248452008 Information SAP Web Dispatcher: http://help.com/~sapidb/011000358700000121752008 Configuring the SAP Web Dispatcher to Support SSL: http://help.sap.com/saphelp_erp60_sp/helpdata/en/42/5cfd3b0e59774ee10000000a114084/frameset.sap.Incident Management Links to Documentation Overview of Incident management: http://service.com/saphelp_nw70/helpdata/DE/39/09a63d7af20450e10000000a114084/frameset.sap.
Agenda 1. Glossary © SAP 2009 / Page 15 . Process Overview 3. Remote Access 6. EarlyWatch Alert 7. Advantage of Network Connections 2. Incident Management 5. Basic Connection 4.
ISDN ) (leased line or dial-up) = Remote Access via SAP to customer system = RFC to SAP DMZ * = Firewall = Demilitarized Zone = additional VPN hardware (switch/gateway) © SAP 2009 / Page 16 . hardware) (.Remote Access Overview CUSTOMER VAR SAP SAP Global Service Backbone SAProuter SAProuter SAProuter SAProuter INTRANET DMZ DMZ INTRANET DMZ SNC (with SSL certificates) (add. hardware*) (.ISDN. Frame Relay) (leased line or dial-up) DMZ INTRANET VPN (with IPsec) (add. software) or VPN (with IPsec) (add.
com/internetconnection To use an ISDN SAProuter might not be very cost effective since you have to pay for the ISDN long distance calls.com//sap/support/notes/1124718 Description of Netviewer: (http://service.com/~form/sapnet?_SHORTKEY=01100035870000688675&_SCENARIO=01100035870000000202&). so it might be better to set up an IPSec VPN tunnel. For information about IPsec VPN connections please see http://service. The customer can leave logon data in Secure Area when creating a message. How to set-up Remote Connection for Partners: http://intranet. You can either use ISDN connected SAProuters.sap. In order to use the remote logon via SAP the S-users of the partner‘s support employees need to have a special authorization http://service. Currently two ways of remote access are provided: SAProuter-SAProuter-connection: direct logon at customer system Netviewer: especially for the needs of SAP adjusted tool for desktop sharing Access to this application at SAP side to is not supported via an SNC SAProuter connection.sap. So a message processor can start remote logon at customer in a customer message.sap.com/~form/sapnet?_SHORTKEY=01100035870000722611&_OBJECT=011000358700000547222009E Note on connection with customers: http://service. © SAP 2009 / Page 17 .Remote Access Description For the solution of a customer message a logon at the customer‘s system often is helpful. or if you want to use internet you would need to set up an IPSec VPN tunnel instead of (or in addition to) the SNC connection.com/~form/sapnet?_SHORTKEY=01100035870000722612&_OBJECT=011000358700000547222009E.sap. SAP Solution Manager of the partner will call an application in SAP Service Marketplace which guaranties secure logon at customer systems.sap.
htm How to configure the SAProuter: http://service.com/~form/sapnet?_SHORTKEY=01100035870000234692&_SCENARIO=01100035870000000202&_OBJECT=011000358700004675142006E © SAP 2009 / Page 18 .com/~form/sapnet?_SHORTKEY=01100035870000044248&_SCENARIO=01100035870000000202& Installing the sapcrypto library and starting the SAProuter: http://service.sap.sap.Incident Management Links to Documentation How to set up a Remote Network Connection to SAP: http://service.com/saphelp_nw70/helpdata/en/e6/56f466e99a11d1a5b00000e835363f/frameset.sap.com/~form/sapnet?_SHORTKEY=01100035870000044806&_SCENARIO=01100035870000000202& Differences VPN/SNC and Technical Specifications http://service.sap.com/~sapidb/011000358700004675142006 Secure Network Communications (SNC): http://help.sap.
Service Connection Types Links to Documentation Service Connection Type Description SAP Note SAP GUI based connection R/3 Support enables remote access to an SAP system via SAP GUI 812732 Connection types providing application sharing methods or access on OS-level (operating system) enables collaboration and application sharing access via Netviewer Netviewer 1124718 (for VARs) © SAP 2009 / Page 19 .
Glossary © SAP 2009 / Page 20 . Advantage of Network Connections 2. Basic Connection 4. Remote Access 6.Agenda 1. Process Overview 3. EarlyWatch Alert 7. Incident Management 5.
Frame Relay) (leased line or dial-up) DMZ INTRANET = Service Connection (back destination: EWA.very critical/error © SAP 2009 / Page 21 . software) or VPN (with IPsec) (add. …) = RFC to SAP DMZ = Firewall = Demilitarized Zone = Red alert .ISDN. hardware) (.EarlyWatch Alert Data Transfer Overview CUSTOMER VAR SAP SAP Global Service Backbone RFC RFC back SAProuter SAProuter SAProuter SAProuter INTRANET DMZ DMZ INTRANET DMZ SNC (with SSL certificates) (add.
In a customer system EWA gathers performance data using a data-collecting mechanism that runs as a background job. 1 3 2 For details. the necessary action is taken by VAR. Deliver Services Implement recommendations (for example Early Watch) Contact Customer Contact Customer and create Service Plan 5 4 © SAP 2009 / Page 22 . see SAP Note 1162164 (Channel Partner Support Advisory for SAP Enterprise Support). if Implement required. Depending on the criticality of the EWA report. Partner can send an HTML report automatically via email to end customer or provide the report in a separate Work Center. VAR contacts SAP Partner Support Advisory Center and subsequently open a message to SAP (SV-ES-SAC) with attached SAP Partner Customer SAP EarlyWatch Alert report within 24 hours. If the overall rating of the report is Red: Very critical/error.EarlyWatch Alert Description SAP EarlyWatch Alert (EWA) is necessary for SAP Enterprise Support. This data is sent from the customer’s system to partner’s central SAP Solution Manager for processing and evaluation. SAP Partner Support Advisory Center will analyze the situation based on the report and decide if a Send EWA Data Technical Quality Check (TQC) is If red rating Check red rated EWA Report Process EWA Data required. SAP Partner Support Collect Data automated forward to Advisory Center will inform partners SAP* Check EWA Report on the analysis result and. schedule service delivery of recommendati SAP ons relevant Technical Quality Check Solution Manager session jointly with partner and end customer.
com/saphelp_smehp1/helpdata/en/2f/de3316e1fc425080f83c718bec41de/content.com/~iron/fm/011000358700004587872005E/011000358700006436682006WRK2?TMP=1241458520143#bkm_show1_10_00qq Best Practice for Value Added Resellers (VARs) .sap.sap.htm © SAP 2009 / Page 23 .EWA Data Transfer Links to Documentation For setup EarlyWatch Alert see • • SAP Solution Manager IMG with Transaction SPRO Online learning maps in SAP Service Marketplace http://service.sap.Activating SAP EarlyWatch Alert in End Customer’s System • http://service.com/~form/sapnet?_SHORTKEY=01100035870000722612&_OBJECT=011000358700000567342009E • Online documentation http://help.
Incident Management 5. Basic Connection 4. Glossary © SAP 2009 / Page 24 . Remote Access 6. EarlyWatch Alert 7. Process Overview 3.Agenda 1. Advantage of Network Connections 2.
Channel Partners Remote Connections Summary CUSTOMER VAR SAP HTTPS SAP Web Dispatcher SAP Global Service Backbone RFC back RFC SAProuter SAProuter SAProuter SAProuter SAProuter INTRANET DMZ DMZ INTRANET DMZ SNC (with SSL certificates) (add.ISDN ) (leased line or dial-up) = Service Connection (back destination: EWA. hardware) (. …) = Remote Access via SAP to customer system = RFC to SAP = Incident (HTTPS access to Work Center at partner‘s Service Desk) © SAP 2009 / Page 25 = Firewall = WebDispatcher: application gateway / reverse proxy DMZ * = Demilitarized Zone = additional VPN hardware (switch/gateway) . Frame Relay) (leased line or dial-up) DMZ INTRANET VPN (with IPsec) (add.ISDN. hardware*) (. software) or VPN (with IPsec) (add.
Business Process Monitoring and Job Scheduling Management (optional) .READ RFC connection (for Monitoring) .sap. to ensure the integration of Service Desk and Change Request Management ( When a function module establishes an RFC call using the destination BACK. to check for changes to locked Customizing objects in the Customizing Distribution function Change Management.Implementation.Solution Monitoring.) -http://help. user-specific logon data for the trusted system is checked.Solution Monitoring/Administration (optional) . to send SDCCN data .com/saphelp_nw70/helpdata/EN/6c/ef1865f0494d0083300f87174177d9/content.Service Desk. see the online documentation of the Solution Manager System Landscape (Transaction SMSY -> Help -> Application Help -> System Landscape Management).LOGIN RFC connection For detailed information about creating RFCs with the Solution Manager System Landscape. The system does not set up a new connection for the BACK destination.Service Desk .) or . AS ABAP can log on to another AS ABAP without a password.RFC Types You need RFCs to navigate between systems.Change Request Management (optional) You can create the following RFC connections: . using transaction SMT1. This kind of trusting relationship between AS ABAPs has the following advantages: Single sign-on. the return connection is automatically protected with SNC if the original connection was SNC-protected. © SAP 2009 / Page 26 .timeout mechanisms for logon data prevent misuse . no passwords are transferred across the network . to use the functions in the following scenarios: .htm -TRUSTED RFC connection (A calling system can be defined in the called system as a 'trusted system'. it uses the original connection for the return connection.Implementation (optional) .BACK RFC connection (can only be used in programs called from remote sources) The BACK RFC connection (SM_<SID>CLNT<Client>_BACK) from a satellite system to the Solution Manager system is required for the following scenarios: . to send Service Desk messages .
Connection Types Additional Details – Internet connections Internet connections Secure network communication (SNC) via SAProuter software to deliver software encryption Virtual private networks (VPN). © SAP 2009 / Page 27 .State-of-the-art encryption . A VPN provides hard data encryption at hardware level. They require no additional hardware. The technology of SNC makes the connection over the internet secure. which provide hardware-level encryption Both options use three types of security measures to protect your systems and data from unauthorized access: . HTTP connections can be secured by using SSL (HTTPS) and RFC connections can be secured by using SNC. You can download this software directly from SAP Service Marketplace. using stateof-the-art encryption. No additional hardware is required at either end of the connection. but additional software has to be installed. SNC (Secure network communication) connections are established between two SAProuter. For the VPN approach a VPN switch (VPN gateway) is required at both connected sites (partner / customer / SAP) in front of a SAProuter.Server authentication -Access-control technology VPN (Virtual Private Network) is a network that uses tunneling technique to transmit encrypted data from point to point over the public internet.
but higher transmission rates are possible. Higher CIRs are more expensive. Please contact your consulting partner or SAP directly for more information. enabling the network to work with significantly less administrative information. Also note that ISDN connection is not possible everywhere. ISDN ISDN (Integrated Services Digital Network) will most likely replace the current analog telephone lines. With long distances and/or long connection times you should consider using Frame Relay or a network provider as an alternative. An ISDN connection is set up by switching a B channel connection. The CIR is the minimum transfer speed that is always guaranteed by the network provider. as the connection via routers is safer and more flexible. Make sure that the routers used are suitable for Frame Relay.31). In ISDN. This data speed is sufficient for connecting to the SAP Service Network.25 data packets in addition to the control information on the D channel (9600 baud) and to transfer these to X.25 networks (X. connection. To connect to the SAP Service Network you need a basis. it is also possible to transport X. © SAP 2009 / Page 28 . and are therefore not recommended. Please ask your local phone company or PTT. provided the network load is not too high.Connection Types Additional Details – More Connections Phone Connections Frame Relay Frame Relay networks are currently offered primarily in North America. This functionality must be explicitly supported by both the connection side and the hardware and represents a normal X. They are also packet switching networks. Please note that connection fees for ISDN connections are dependent on time and distance. Customers therefore need to find out if their systems support these if they want to establish an ISDN connection to SAP. This connection contains two B channels and one D channel. We recommend using routers for the connection to a Frame Relay network. or S0. The PPP protocol and CHAP authentication procedure are used by SAP for data transfer on the B channel. Recommended CIR (Committed Information Rate) of 4 or 8 kbits/second. SAP recommends the following parameters for a Frame Relay connection: Port speed of 56 or 64 kbits/second . communication takes place in different channels.25 connection to SAP. Communication companies offer ISDN with different configurations. but have higher protocol levels that handle data security. In theory.
/ Page 29 .The End © SAP 2009 / Page 29 AG 2009. All rights reserved.