You can create SAP connections that use Secure Network Communication (SNC) from SAP Pack
version 8.1 onwards. Such connection can be used in all SAP Pack stages both for designing and
running jobs.
About this task
Use SNC Settings tab in the Connection properties to specify the SNC
settings for SAP connections to InfoSphere
DataStage client
and server tiers. These settings can be defined in Runtime and Client connection sections for server
and client tiers respectively. SNC settings might be different for the runtime and client
connections if server and client tiers are on two different machines and therefore SNC need to be
configured separately for these tiers.
By default, Enable SNC for Runtime and Enable SNC for
GUI will be deselected and then all the next sections will remain disabled. However, as
per the need you can enable SNC settings for the SAP connections to be used in design time (client)
or at run time.
SNC connection can be configured with or without X.509 Certificate. In case you choose to use SNC
connection with X.509 certificate, you need not provide user credentials (SAP username and password)
in Connections and Logon Details. However, if you choose to use SNC connection
without x.509 certificate, SNC connection is established by using SNC with Single Sign On (SSO)
feature and therefore you are required to provide only the SAP username in Connections and
Logon Pages. It is also to be noted that user credentials that are defined in SAP
connection is used for establishing SAP connections at both design and run time. Therefore, when you
choose SNC connection without X.509 certificate, you must provide SAP username for SAP connection
unless you provide it at the stage level.
Procedure
-
Runtime Connection
-
Enable SNC for runtime: You must check this button in case you want to use SAP SNC
connection for run time. After you enable this option, SAP SNC connection is established during run
time.
- Use Secured Port: From Pack version 8.2.0.4 onwards, you can select this button
if you want to use secured Gateway for IDoc Extract, Delta Extract (with BW Extractor mode), and
ABAP Extract Stages at run time. If you select this option, the port from the range 4800-4899 is
used depending on the instance or the system number of the Gateway server that is defined in
ABAP Extract Stage GUI/Data Transfer Method tab page.
-
X.509
-
Enable X.509: Enable this option to run the SNC with X509 certificate.
-
X.509 Certificate Path:Specifies the path of X.509 certificate. You can use
Browse next to Edit to choose the certificate path.
You need to note that only certificate with file extension crt is supported.
Providing valid certificate (*.crt) is mandatory if Enable X.509 is selected.
Specifying SAP username and password in Connection and Logon page for X.509
connection is optional.
-
SNC Parameters
-
SNC Name: Specifies Client PSE or Certificate name, which is generated on the client
side (server tier) regarding a partner server (SAP server). The default length is 256 characters.
This field is optional.
-
SNC Partner Name: Specifies Server PSE or Certificate name that is generated on the SAP
Server. The default length is 256 characters.
-
SNC QOP: Specifies the quality of protection for SNC connection. Following are the
possible values of this field.
- 1 - Apply authentication only.
- 2 - Apply integrity protection (authentication).
- 3 - Apply privacy protection (integrity and authentication).
- 8 - Apply the default protection.
- 9 - Apply the maximum protection.
The default value is 3.
-
SNC Library Path: Specifies the path of the SNC library (sapcrypto.dll for Windows or
libsapcrypto.so for Unix/Linux platforms). You can use Browse next to
Edit to choose the library path. The location of the library can also be
defined through the environment variable SNC_LIB. This field is optional if set
at system level.
-
Client Connection: You must select Enable SNC for GUI button in
case you want to use SAP SNC connection when designing jobs. After you enable this option SAP SNC
connection is established during design time. For more information, see Runtime Connection section
for specific field description (X.509, SNC Parameters and Library Path).
-
Use Runtime SNC settings: Enable this option to use the runtime SNC parameters to
establish the client connection. This option is only applicable for Windows InfoSphere DataStage
servers where client and server tiers are on the same machine.
If this option is enabled, client connection SNC Parameters are disabled automatically and run
time SNC parameters are used instead for the design time connection. In case you want to use
different SNC parameters for client connection, you must deselect this option and define valid SNC
parameters.