In the following sections we assume that you run SAP Integration Framework 2.0 on a Microsoft operating system. 

Downloading and Installing the SAP Cryptographic Library

The SAP Cryptographic Library is the default security product delivered by SAP for performing encryption functions in SAP systems. You can use it to secure RFC connections between SAP S/4 HANA and SAP Integration Framework 2.0.

Prerequisites

You have the permission to download software from SAP Service Marketplace.

Procedure

1. Download the SAP Cryptographic Library for your operating system from SAP Service Marketplace (service.sap.com/swdc → Support Packages and Patches (S) → SAPCRYPTOLIB) and store the archive on the SAP Integration Framework 2.0 server.
   
2. Extract the content of the SAPCRYPTOLIB.SAR archive to an arbitrary and empty folder on the SAP Integration Framework 2.0 server.
   

NOTE

To extract the .SAP archive, you need the sapcar.exe program. 

If the program is not available on the server, download it from SAP Service Marketplace (service.sap.com/swdc → Support Packages and Patches (S) → SAPCAR).

After extracting the archive file, the folder contains the following:

1. Possibly some subfolders for operating system versions
   

To select the suitable subfolder for your operating system version, refer to WHICH.TXT. 

Each subfolder contains the following:

1. sapcrypto.dll
   
2. sapcrypto.lst
   
3. sapgenpse.exe
   

2.  The ticket file that contains the license.

  3.  Some more files with descriptions

3. On the SAP Integration Framework 2.0 server, create the secudir subfolder in the SAP Integration Framework 2.0 folder. 
   
4. Copy the following to the secudir folder:
   

1. sapcrypto.dll
   
2. sapcrypto.lst
   
3. sapgenpse.exe
   
4. ticket
   

Setting the SECUDIR System Variable in the Operating System

If the SECUDIR system environment variable does not already exist, create it for the configuration of the cryptography tool SAPGENPSE.

Procedure

1. In the Microsoft operating system, choose Start → Control Panel → System and Security → System → Advanced system settings, and choose the New… button.
   
2. In the Variable name field, enter SECUDIR.
   
3. In the Variable value field, enter the path to the secudir folder on the SAP Integration Framework 2.0 server, for example, C:\Program Files\SAP\SAP Business One integration\secudir.
   
4. Choose OK.
   

Copying the SAP S/4 HANA Server SNC PSE and Creating Credentials

We use the SCN PSE, created in SAP S/4 HANA, for the SAP Integration Framework 2.0 server. 

The SAP Integration Framework 2.0 server must have active credentials at runtime. To create active credentials, use the sapgenpse configuration tool with the seclogin command to open the server PSE.

Prerequisites

The SAP S/4 HANA administrator has provided you with the SNC PSE.

Procedure

1. Copy the <PSE_NAME>.PSE file to the secudir folder on the SAP Integration Framework 2.0 server.
   

<PSE_NAME>.PSE is the PSE file that you have received from the SAP S/4 HANA administrator.

2. To create credentials in the secudir folder, enter the following:
   

sapgenpse seclogin -p <PSE_NAME>.pse –O SYSTEM

The program displays that it has added credentials for the <PSE_NAME>.PSE. 

Result

In the secudir folder, you find the cred_V2 file.

Setting SNC Parameters in SLD

Enable SNC for the SAP S/4 HANA systems in SLD. 

Prerequisites

The SAP S/4 HANA administrator has provided you with the SNC settings in the SAP S/4 HANA system.

Procedure

1. To start SAP Integration Framework 2.0, choose Start → All Programs → Integration Framework for SAP Business One → Integration Framework.
   
2. To log on, in the Administrative User interface, enter the user name and password.
   
3. Choose SLD and select the system entry for the SAP S/4 HANA client.
   
4. Choose Edit and Display SNC.
   
5. In the RFCA and RFCP sections, add the following entries:
   

Parameter	Description
SNC_MODE	This parameter enables or disables the SNC model.  To enable SNC, enter 1. To disable SNC, enter 0. This is the default. Enter 1.
SNC_QOP	This parameter defines the quality of protection level. The following options are available: Authentication only Integrity protection Privacy protection (default) Use the value from snc/data_protection/use on the application server Use the value from snc/data_protection/max on the application server Use the same level as the SAP S/4 HANA administrator.
SNC_MYNAME	Enter the SNC name of the user sending messages using RFC.  Since we use the same PSE as SAP S/4 HANA, this parameter is identical with the value of SNC_PARTNERNAME.
SNC_PARTNERNAME	Enter the SNC name of your communication partner. Since we use the same PSE as SAP S/4 HANA, this parameter is identical with the value of SNC_MYNAME.
SNC_LIB	Enter the path and name of your local SNC library, for example, C:\Program Files\SAP\SAP Business One integration\secudir\sapcrypto.dll.

6. Save your settings and click the Test Connection button in the RFCA and RFCP section.
   

Next Step: Master Data Distribution in SAP S/4 HANA in Integration Hub