Enabling SNC for SAP Integration Framework 2.0 for SAP ECC Integration
In the following sections we assume that you run SAP Integration Framework 2.0 on a Microsoft operating system.
Downloading and Installing the SAP Cryptographic Library
The SAP Cryptographic Library is the default security product delivered by SAP for performing encryption functions in SAP systems. You can use it to secure RFC connections between SAP ECC and SAP Integration Framework 2.0.
Prerequisites
You have the permission to download software from SAP Service Marketplace.
Procedure
- Download the SAP Cryptographic Library for your operating system from SAP Service Marketplace (service.sap.com/swdc → Support Packages and Patches (S) → SAPCRYPTOLIB) and store the archive on the SAP Integration Framework 2.0 server.
- Extract the content of the SAPCRYPTOLIB.SAR archive to an arbitrary and empty folder on the SAP Integration Framework 2.0 server.
NOTE
To extract the .SAP archive, you need the sapcar.exe program.
If the program is not available on the server, download it from SAP Service Marketplace (service.sap.com/swdc → Support Packages and Patches (S) → SAPCAR).
After extracting the archive file, the folder contains the following:
- Possibly some subfolders for operating system versions
To select the suitable subfolder for your operating system version, refer to WHICH.TXT.
Each subfolder contains the following:
- sapcrypto.dll
- sapcrypto.lst
- sapgenpse.exe
2. The ticket file that contains the license.3. Some more files with descriptions
- On the SAP Integration Framework 2.0 server, create the secudir subfolder in the SAP Integration Framework 2.0 folder.
- Copy the following to the secudir folder:
- sapcrypto.dll
- sapcrypto.lst
- sapgenpse.exe
- ticket
Setting the SECUDIR System Variable in the Operating System
If the SECUDIR system environment variable does not already exist, create it for the configuration of the cryptography tool SAPGENPSE.
Procedure
- In the Microsoft operating system, choose Start → Control Panel → System and Security → System → Advanced system settings, and choose the New… button.
- In the Variable name field, enter SECUDIR.
- In the Variable value field, enter the path to the secudir folder on the SAP Integration Framework 2.0 server, for example, C:\Program Files\SAP\SAP Business One integration\secudir.
- Choose OK.
Copying the SAP ECC Server SNC PSE and Creating Credentials
We use the SCN PSE, created in SAP ECC, for the SAP Integration Framework 2.0 server.
The SAP Integration Framework 2.0 server must have active credentials at runtime. To create active credentials, use the sapgenpse configuration tool with the seclogin command to open the server PSE.
Prerequisites
The SAP ECC administrator has provided you with the SNC PSE.
Procedure
- Copy the <PSE_NAME>.PSE file to the secudir folder on the SAP Integration Framework 2.0 server.
<PSE_NAME>.PSE is the PSE file that you have received from the SAP ECC administrator.
- To create credentials in the secudir folder, enter the following:
sapgenpse seclogin -p <PSE_NAME>.pse –O SYSTEM
The program displays that it has added credentials for the <PSE_NAME>.PSE.
Result
In the secudir folder, you find the cred_V2 file.
Setting SNC Parameters in SLD
Enable SNC for the SAP ECC systems in SLD.
Prerequisites
The SAP ECC administrator has provided you with the SNC settings in the SAP ECC system.
Procedure
- To start SAP Integration Framework 2.0, choose Start → All Programs → Integration Framework for SAP Business One → Integration Framework.
- To log on, in the Administrative User interface, enter the user name and password.
- Choose SLD and select the system entry for the SAP ECC client.
- Choose Edit and Display SNC.
- In the RFCA and RFCP sections, add the following entries:
Parameter
Description
SNC_MODE
This parameter enables or disables the SNC model.
To enable SNC, enter 1.
To disable SNC, enter 0. This is the default.
Enter 1.
SNC_QOP
This parameter defines the quality of protection level.
The following options are available:
- Authentication only
- Integrity protection
- Privacy protection (default)
- Use the value from snc/data_protection/use on the application server
- Use the value from snc/data_protection/max on the application server
- Use the same level as the SAP ECC administrator.
SNC_MYNAME
Enter the SNC name of the user sending messages using RFC.
Since we use the same PSE as SAP ECC, this parameter is identical with the value of SNC_PARTNERNAME.
SNC_PARTNERNAME
Enter the SNC name of your communication partner.
Since we use the same PSE as SAP ECC, this parameter is identical with the value of SNC_MYNAME.
SNC_LIB
Enter the path and name of your local SNC library, for example, C:\Program Files\SAP\SAP Business One integration\secudir\sapcrypto.dll.
- Save your settings and click the Test Connection button in the RFCA and RFCP section.
Related Articles
Enabling SNC in SAP ECC for SAP ECC Integration
To use the SAP Cryptographic Library (SAPCRYPTOLIB) for SNC, the SAP ECC server must possess a public and private key pair that is stored in its SNC PSE. It must also be able to identify its communication partners using SNC. Use the procedure below ...Enabling Secure Network Communication for SAP ECC Integration
Secure Network Communication (SNC) is an application layer in SAP ECC that provides an interface to an external security product. To secure RFC connections between SAP ECC and SAP Integration Framework 2.0, use SNC with the SAP Cryptographic Library ...SAP ECC Integration with SAP Business One
The integration package for integration with SAP ECC provides you with sample integration content and is addressing partners to rapidly build up their demo and development system. The sample integration content must not be applied as-is into the ...Configuration in SAP Integration Framework 2.0 to connect SAP ECC
To enable communication between SAP Integration Framework 2.0 and SAP ECC, do the following in SAP Integration Framework 2.0: Create a system landscape entry for SAP ECC with RFCA parameters in the System Landscape Directory Maintain connectivity ...Configuration in SAP ECC to connect with SAP Integration Framework 2 0
In SAP ECC check whether there is a client and RFC destination available for the client you want to use for the connection to SAP Integration Framework 2.0. Create a logical system and an RFC destination for SAP Integration Framework 2.0 in SAP ECC. ...