Configuring SNC settings for SAP connection

You can create SAP connections that use Secure Network Communication (SNC) from SAP Pack version 8.1 onwards. Such connection can be used in all SAP Pack stages both for designing and running jobs.

Before you begin

To use SNC connections, you must configure SNC in client or server tiers of IBM® InfoSphere® DataStage®. For more information, see Setting up SAP Secure Network Communications (SNC) and using it with Pack for SAP Applications.

About this task

Use SNC Settings tab in the Connection properties to specify the SNC settings for SAP connections to InfoSphere DataStage client and server tiers. These settings can be defined in Runtime and Client connection sections for server and client tiers respectively. SNC settings might be different for the runtime and client connections if server and client tiers are on two different machines and therefore SNC need to be configured separately for these tiers.

By default, Enable SNC for Runtime and Enable SNC for GUI will be deselected and then all the next sections will remain disabled. However, as per the need you can enable SNC settings for the SAP connections to be used in design time (client) or at run time.

SNC connection can be configured with or without X.509 Certificate. In case you choose to use SNC connection with X.509 certificate, you need not provide user credentials (SAP username and password) in Connections and Logon Details. However, if you choose to use SNC connection without x.509 certificate, SNC connection is established by using SNC with Single Sign On (SSO) feature and therefore you are required to provide only the SAP username in Connections and Logon Pages. It is also to be noted that user credentials that are defined in SAP connection is used for establishing SAP connections at both design and run time. Therefore, when you choose SNC connection without X.509 certificate, you must provide SAP username for SAP connection unless you provide it at the stage level.

Procedure

  1. Runtime Connection
    1. Enable SNC for runtime: You must check this button in case you want to use SAP SNC connection for run time. After you enable this option, SAP SNC connection is established during run time.
    2. Use Secured Port: From Pack version 8.2.0.4 onwards, you can select this button if you want to use secured Gateway for IDoc Extract, Delta Extract (with BW Extractor mode), and ABAP Extract Stages at run time. If you select this option, the port from the range 4800-4899 is used depending on the instance or the system number of the Gateway server that is defined in ABAP Extract Stage GUI/Data Transfer Method tab page.
  2. X.509
    1. Enable X.509: Enable this option to run the SNC with X509 certificate.
    2. X.509 Certificate Path:Specifies the path of X.509 certificate. You can use Browse next to Edit to choose the certificate path. You need to note that only certificate with file extension crt is supported. Providing valid certificate (*.crt) is mandatory if Enable X.509 is selected. Specifying SAP username and password in Connection and Logon page for X.509 connection is optional.
  3. SNC Parameters
    1. SNC Name: Specifies Client PSE or Certificate name, which is generated on the client side (server tier) regarding a partner server (SAP server). The default length is 256 characters. This field is optional.
    2. SNC Partner Name: Specifies Server PSE or Certificate name that is generated on the SAP Server. The default length is 256 characters.
    3. SNC QOP: Specifies the quality of protection for SNC connection. Following are the possible values of this field.
      1. 1 - Apply authentication only.
      2. 2 - Apply integrity protection (authentication).
      3. 3 - Apply privacy protection (integrity and authentication).
      4. 8 - Apply the default protection.
      5. 9 - Apply the maximum protection.

      The default value is 3.

    4. SNC Library Path: Specifies the path of the SNC library (sapcrypto.dll for Windows or libsapcrypto.so for Unix/Linux platforms). You can use Browse next to Edit to choose the library path. The location of the library can also be defined through the environment variable SNC_LIB. This field is optional if set at system level.
  4. Client Connection: You must select Enable SNC for GUI button in case you want to use SAP SNC connection when designing jobs. After you enable this option SAP SNC connection is established during design time. For more information, see Runtime Connection section for specific field description (X.509, SNC Parameters and Library Path).
  5. Use Runtime SNC settings: Enable this option to use the runtime SNC parameters to establish the client connection. This option is only applicable for Windows InfoSphere DataStage servers where client and server tiers are on the same machine.

    If this option is enabled, client connection SNC Parameters are disabled automatically and run time SNC parameters are used instead for the design time connection. In case you want to use different SNC parameters for client connection, you must deselect this option and define valid SNC parameters.