You are on page 1of 12


SAP Gateway is a development framework, which is available as an SAP NetWeaver

Application Server ABAP (AS ABAP) add-on, which you can install on top of your existing
SAP Business Suite or application platform.

SAP Gateway offers development and generation tools to create OData services to a variety of
client development tools. Put simply, it establishes a connection between SAP Business Suite
data and target clients, platforms, and programming framework.

SAP Gateway provides the following functionality:

 Runtime environment for SAP solutions that integrates desktop programs with SAP
 Runtime features, including user interface, secure data access, database connectivity, and
network communications for managing applications running on top of the framework
 Infrastructure and tools for developing applications to run on the framework or to
enhance SAP solutions that integrate desktop programs with SAP systems
 Connection to multiple SAP systems regardless of their versions


The Gateway carries out RFC services within the SAP world, which are based on TCP/IP. These
services enable SAP Systems and external programs to communicate with one another.

RFC services can be used either in the ABAP program or for the external programs using the
interfaces. RFC can be used between processes of an instance or a system, or between systems.


Since the RFC protocol is based on the CPI-C protocol, each RFC connection is also a CPI-C
connection. Native CPI-C calls are not supported anymore, although they are still mentioned at
some positions and in some error codes.

The following figure shows three different SAP systems which use gateways to use RFC
Figure 1: RFC Communication Using the Gateway

Here you can see the differences between the installation types ABAP -only, Java-only, and

 For systems which contain AS ABAP (ABAP-only and dual-stack), each instance
contains a gateway that is started and monitored by the ABAP Dispatcher.

As long as the system is installed with ASCS instance (ABAP Central Services, made up
of the message server and standalone enqueue server), this does not contain a gateway.

 In a Java-only system (in the figure below on the right), one gateway is enough for the
whole system since the instances communicate with each other and not using the RFC.
The gateway is used for RFC/JCo connections to other systems.

Architecture of the SAP Gateway


Each instance of an SAP System has a gateway. The gateway enables communication between
work processes and external programs, as well as communication between work processes from
different instances or SAP Systems.

Gateway Processes

The SAP Gateway is made up of various processes:

 Gateway Read Process
 Gateway Monitor

Gateway Read Process

Gateway read (gwrd, gwrd.exe) is the main process in the gateway system.

It is started by the application server (dispatcher) and checked by it periodically.

The gateway reader receives and processes all CPI-C requests.


If the executable gwrd program is called without parameters or with the switch -help, the
program outputs a description of the possible command parameters, as well as all the patches.

The Gateway and the SNC Interface


Using the SAP interface SNC (S ecure N etwork C ommunication) guarantees secure

SNC supports third-party security systems (such as Kerberos, SECUDE, etc.). This ensures
reliable authentication of the partners and secure data transfer.

The Gateway can reject connections that are not based on SNC.

SAP provides a range of SNC parameters. For more information on configuration see:

 Configuring Support of SNC Components

 Parameterization of the Gateway, SNC parameters
 Documentation of parameters that begin with snc (transaction RZ11, AS ABAP only)

Configuring Support of SNC Components


The parameter snc/enablespecifies whether the gateway is to support SNC (see Gateway and
SNC Interface). If this parameter is deactivated ( snc/enable = 0, default value), no SNC
connections are accepted.

If this parameter is activated ( snc/enable = 1), only SNC connections are accepted.
The gateway checks whether connections to non-SNC programs are permitted. If the parameter
snc/permit_insecure_start = 1, connections to non-SNC programs are permitted.


The gateway specifies its own path name for the SNC library in the command line parameter. If
the program you want to start is running on the same host, the environment variable SNC_LIB
does not need to be set. If it isn't, the environment variable SNC_LIB does need to be set in the
relevant login shell or in the user environment. This variable specifies the respective shared
library of the security product that is being used.


Define the relevant parameters and environment variables.

The SNC parameters are described in Parameterization of the SAPGatewayunder SNC


Using SAProuter to Secure the Connection Between Two Gateways

Alternatively you can secure the channel between gateways of different SAP Systems by using
two SAProuters (gateway1 - SAProuter1 - SAProuter2 - gateway2), which encrypt and de-
encrypt the datastream by SNC. Then you do not need to configure the system for SNC.

Load Balancing for Registered Programs


The value of the parameter gw/reg_lb_level defines the type of load balancing for registered

The following values are permitted:

 0: No load balancing, the first free registered program is used.

 1: The program with the lowest counter is used. Every time a registered program is
assigned a request, the counter is increased by one.
 2: The program with the smallest load is used. How the load is determined is explained

The value of the parameter gw/reg_lb_ip determines the load value for an IP address, or for a
range of IP addresses. A host name can be entered in the place of an IP address. The gateway
then determines the IP address for the host name.
The value of a parameter is a list of IP addresses or host names. The corresponding load is output
with an equal sign after each IP address. The load is a weighting factor that specifies the strength
of a particular server. The higher the value, the weaker the server. The maximum value is 1.

a.b.c.d=val1 e.f.g.*=val2 linux1=val3


You can specify a range of IP addresses instead of a single IP address, for example:

gw/reg_lb_ip = 194.56.48.*=1 194.56.49.*=3

All servers from the 194.56.48 network are highly efficient, the servers from the 194.56.49
network are somewhat weaker, and all other servers are extremely weak and should only be used

For load balancing level 2 (gw/reg_lb_level=2), the registered program with the smallest load
is used. The load is calculated as follows.

When the registered program logs on to the gateway, the IP address is used to determine what the
load of the IP address is. The system searches the list in the order specified by the profile
parameter. This value is added to the load when this program receives a request. If the IP address
is not found, the system uses the value defined by gw/reg_lb_default. This ensures that a strong
server is assigned more requests than a weaker server. A server that registers itself with the
gateway receives as initial value the highest load of all servers with the same registration ID. If
no servers are registered with this ID, or if no requests have been assigned to these servers, the
value is 0.


Example of request assignment to the servers

The following values are defined in the profile:


gw/reg_lb_ip= Server1=2 Server2=3 Server3=4 Server4=4

This results in the following weighting values for the various servers:

Server1: Load 2

Server2: Load 3

Server3: Load 4

Server4: Load 4
Request Server with Least Load after Request
Load Assignment
Server 1 Server Server Server
2 3 4
All servers start 0 0 0
with 0
1. Request Server1: Load + 2 2 0 0
2. Request Server2: Load + 3 2 3 0
3. Request Server3: Load + 4 2 3 4
4. Request Server1: Load + 2 4 3 4
5. Request Server2: Load + 3 4 6 4
6. Request Server1: Load + 2 6 6 4
7. Request Server3: Load + 4 6 6 8
8. Request Server1: Load + 2 8 6 8 8 (*)

(*) If after request 7, another server logs on that responds to the same registration ID, the system
assigns it the highest value of the load value (value 8 in the above example). This server would
then participate normally in the load assignment process.


You can influence the weighting values of the IP addresses by dynamically changing its value. If
you want to change an entry in the list, enter the new value as the load.

For example, Server1=3

If you want to delete an entry from the list, enter the value 0 as the load.

z.B. Server2=0 deletes the entry

If you want to add an entry, enter the new IP address, or server name.

For example, LinuxLab=1

Memory Management of the SAP Gateway


Overflow Area

The gateway stores its data in the overflow area.

This area in the heap memory is retrieved by the gateway during initialization with malloc()
default 10 MByte). The size of the overflow area is specified by the profile parameter

The profile parameter gw/max_overflow_usage (specified as a percentage) specifies the usage

of the overflow area as of which the gateway slows down the sender. If this value is exceeded,
the sender is slowed down by SYNC calls. An SYNC ensures that control is returned to the
sender only when the data has been retrieved by the receiver. You must, however, make sure that
5 CPIC requests can still be saved in the gateway, since the sender only executes CMSEND
synchronously with every 5th request.

CPIC Requests

A specific number of requests can be temporarily stored per CPIC connection. The number of
requests is determined by the profile parameter gw/req_stack_size. The default is 30. When
the number of requests stored at one time exceeds the threshold value, the sender is slowed down
by SYNC calls.

The threshold value is calculated according to the following formula:

max(stack_size-6 , stack_size*0,9),

whereby i stack_size is the value gw/req_stack_size.


By default the threshold value is the maximum of 24 (=30-6) and 27 (=30*0,9), therefore 27. The
gateway starts to slow down the communication partner when 27 requests have accumulated.

Administration of the SAP Gateway

Starting and Stopping the Gateway

Under UNIX and Windows you start and stop the Gateway together with the SAP System. The
gateway is started by the dispatcher. No special entries are required in the sapstart script.

The gateway instance has its own SID (for example, G11) and instance number, and the executable
gwrd (.exe) is located in the corresponding directory (for example,

Standalone Gateway on UNIX

To start a Gateway installed separately on a UNIX machine, you specify a start profile: gwrd -
force pf=<profile> &

To cancel, you must send the INT signal to the gateway read process.

Use the following command to obtain the process ID (PID) of the gateway process: ps -ef |
grep gwrd.

To kill the process, send the relevant INT signal to the process: kill INT <pid>.

Standalone Gateway on Windows

You can start and stop the standalone gateway just the same on Windows. You just have to use
sapntkill instead of kill, or exit the process from the task manager. Usually you use the SAP
Service Manager to start an Gateway installed separately on Windows.

Configuring the Gateway.


As with all SAP programs, the Gateway can be controlled by parameters. For example, you can
use parameters to set the maximum number of CPI-C connections or the size of memory areas.

The installation of a Gateway for TCP/IP connections within an instance of an SAP system is

The Gateway reads the parameters from the SAP profile file (profile directory) like every other


You can specify four different types of parameter value. Evaluation corresponds to the following
hierarchy of priorities:

 Priority 1: Command line arguments.

These are only available for certain parameters, for example instance number.

 Priority 2: instance profile

Each instance has a specific profile. The instance profile is used to set the parameter
values of an instance process.
The file name of an instance profile follows the convention

<SAP-System><Instanz>, for example, CUAG45.

 Priority 3: Default profile in the SAP system.

The values in the default profile DEFAULT.PFL apply to the entire SAP system. All the
instances in an SAP system access the default profile. However, if the parameter has
already been set in the command line or in an instance profile, a parameter setting in the
default profile will not take effect.

 Priority 4: Default values

There are pre-set values (defaults) for most parameters. Unless you specify a preferred
value, each of these parameters accepts the default system value. Default values can only
be pre-set by SAP.

Changes to parameter values only take effect when you restart the processes concerned.

Parameterization of the Gateway


The gateway is installed within an instance by the dispatcher and reads its parameters from the
profile file located in the profile directory in the SAP directory tree. In standalone operation the
gateway is started from the command line or using the administration tools (SAP Management

You can change the following parameters in the gateway.

Some parameters can be changed (dynamically) in production operation (in transaction RZ11 or
in the gateway monitor (transactiob SMGW Goto Parameter Change ).


The following are configuration parameters:

 gw/startup
 gw/start_in_homedir
 gw/accept_remote_trace_level
 gw/rem_start
 gw/start_threshold
 gw/remsh
 gw/ssh
 gw/stat
 gw/monitor
 gw/logging
 gw/prxy_info

More parameters for load balancing,Network,Timeouts, Resource management and security.

Trace and Log Files

Table 1: Important Log and Trace Files for SAP Gateway
Components Content File
IWFND and IWBEP Application Logs Saved on ABAP DB
IWFND and IWBEP System Logs Saved on ABAP DB

Trace files can be activated via transaction SM21.

Logs are automatically written by SAP Gateway components according to the log levels set in
the system. Customers can monitor log files via:

 transaction SLG1

For SAP Gateway hub systems use object /IWFND/. For SAP Business Suite backend
systems use object /IWBEP/.

Transaction SLG1 is available in all supported SAP systems.

 transaction /IW<XXX>/VIEW_LOG

We recommend using this transaction in SAP Gateway systems (/IWFND/VIEW_LOG)

as well as SAP Business Suite backend systems with the add-on IW_BEP

Monitoring and Error Handling in the SAP

Depending on the type of the instance in which the gateway is running, you have various tools
available to monitor and administrate the gateway.
 Gateway monitor in SAP GUI (transaction SMGW, in AS ABAP only)
 Gateway monitor at operating system level (program gwmon ( .exe)
 SAP Management Console (runs in the Web browser)
 SAP MMC (Windows)

GWMON: SAP Gateway Administration

The gateway monitor (gwmon, gwmon.exe) is used to analyze and administer the SAP
Gateway. You can start the monitor as required. When you start it, you initially get a list of
active CPI-C connections. You can call up all the other monitor functions via a menu.

• UNIX: gwmon
• Windows: gwmon.exe

1. Call gwmon in <SID>adm mode.

call gwmon with following parameters:

pf=<profile> : Specify Name of parameter file or

nr=<nr> : System number
[-V] : Print release
[-refresh n] : Refresh after n seconds
[-gwhost host] : Hostname of remote gateway
[-gwserv service] : Service of remote gateway
[-expert] : enable expert functions
[-sna] : enable sna functions
[-noheader] : Suppress headers
[-cmdfile file] : Execute commands from cmdfile if filename '-' read
from stdin

To start the gateway monitor, call the corresponding executable file, specifying a profile file:

• Under UNIX: gwmon pf=<profile>

• Under Windows: gwmon.exe pf=<profile>

All of the lists are updated after 5 seconds. You can refresh them sooner by pressing Enter. It is
standard to use 50 lines per screen. The number of lines can be changed (for example, under
UNIX you can set the shell variable LINES).

2. Launch gwmon, gateway monitor using selected profile.

->usr\sap\<SID>\SYS\profile>gwmon pf=<PROFILE-NAME>
Gateway monitor, connected to <server-host> / sapgw00
Connection table (Used: 0, Connected: 0)




q - quit
m - menue

3. Choose ‘m‘, menu for full menu list.

Gateway monitor, connected to <server-host> / sapgw00
Main menue

1 : display connection table

2 : display work process table
3 : display client table
4 : display remote gw table
5 : connection attributes
6 : statistics
7 : gateway parameters and attributes
8 : gateway release info
9 : security information
10 : expert functions
+ : increase gateway trace
- : decrease gateway trace
q - quit