Friday, June 12, 2009

Route Connections

A route connection is a connection between two hosts via a network. The route is the sequence of intermediate stations used to set up the connection.

Structure

You can set up a connection between SAP systems with or without SAProuter.

Connections Without SAProuter

The following graphic shows a network connection from SAP to the customer without SAProuter:

This graphic is explained in the accompanying text.

We are assuming that both the SAP LAN (local area network) as well as the customer LAN are protected against unwanted access by firewalls.

If a connection is to be set up between an SAP workstation and a customer workstation, a "hole" needs to be made in the firewall. The more connections required to external hosts, the more holes (and therefore security gaps) the firewall contains.

If a connection is set up without SAProuter, the following information is required:

  1. IP address of the host

    or the logical name of the host on which the server process is running. The target host must therefore have a unique IP address.

  2. Port number or the logical name of the port used by the process.

    The server process must use an exclusive port number on its host. Also, this port number must be known to the client.

When the NI network interface is used, the host address and port number can be passed as logical names (for example, host saposs, service sapdp00) or address strings (for example, a host IP address in the form www.xxx.yyy.zzz, port sapdp00).

Connections with SAProuter

The following graphic shows a network connection with SAProuter:

This graphic is explained in the accompanying text.

SAProuter only allows a network to be accessed from fixed points. The number of access points (holes) is therefore reduced, since fewer direct lines are required for connections. Each "hole" is guarded by an SAProuter whose route permission table determines the routes that can be used and the necessary passwords for gaining access. The hole in the firewall is therefore monitored.

Without SAProuter, the IP addresses must be unique. This is not always possible, particularly in the case of a connection between two networks that do not normally have an external connection. The concatenation of SAProuter enables two points with identical IP addresses to be connected.

SAProuter cannot only be used to connect one host with a particular service, but also several hosts and services with each other. The route information is provided in the form of a route string. The passwords required for access are also specified in the route string.

Blog Archive