Title: Thomas%20Ryan%20Product%20Manager
1SAP Internet Transaction Server
Thomas Ryan Product Manager SAP Markets
2Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign-On
5
ITS Platforms
6
More Information
7
3What is an Internet Application?
SAP Application
Internet Application
Powerful, but complex (built to handle all
possible situations)
Simple!
Designed for the professional user
Designed to be used by everyone (large number of
users)
Requires a trained user
No user training required
Take advantage of Internet technology and
multimedia
4SAP R/3 and the Web The Task
Browser
Intranet
Browser
Browser
Firewall
?
ITS
Internet
Browser
PC
PC
GUI
Browser
5SAP R/3 and the Web The Solution
Browser
Intranet
Browser
Browser
Firewall
ITS
Internet
Browser
PC
PC
GUI
Browser
6SAP Internet Transaction Server
- Extends the reach of SAP systems into the Web by
mapping SAP screens to HTML, WML, or similar Web
formats - Drives transactions within the SAP system or
calls function modules from SAP - Application server sees a SAP GUI
- Separation of business logic and visual
appearance - Supported through release upgrades
7How to Offer a Service on the Web?
ITS
Web Server
Browser
Inside SAP R/3 Business Logic
Outside SAP R/3 HTML Visualization
8Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign-On
5
ITS Platforms
6
More Information
7
9Components and Interfaces
DIAG
NSAPI
ISAPI
TCP/IP
ApacheModule
RFC
CGI
ITS
10WGate and AGate
- WGate
- Encapsulates the various supported HTTP server
interfaces such as - CGI (Common Gateway Interface)
- NSAPI (Netscape Server Application Programming
Interface) - ISAPI (Internet Server Application Programming
Interface) - In a transparent manner
- Passes the requested data to the AGate component
- Receives the HTML pages from AGate in a secure way
- AGate
- Is the main component of ITS
- Is responsible for session management including
- Mapping of SAP R/3 screens or function modules to
HTML - Web session timeout handling
- SAP R/3 connection management
- Generation of HTML documents
11Architecture ITS
Load Service File
Send Prepared Request
User Request
Call WGate
R/3 Input
SAP System
SAP R/3 Internet Application Component
WGate
R/3 Output
Browser
Web Server
BAPI
HTML Templates
HTML Page
HTML Page
SAP R/3 Data
Load HTML Template or Style
12Installation Methods
- Single Host Installation
- WGate and AGate are installed on the same
physical server - Scope
- Intranet
- Dual Host Installation
- WGate and AGate are installed on different
physical servers - Scope
- Security (firewalls)
- High availability/Load balancing
13Virtual ITS
Central ITS Server
- Virtual HTTP Servers enable several complete ITS
instances to be installed on one physical server
ITS DEV
ITS CON
ITS
ITS PRD
14Virtual ITS Instances
Central ITS Server
ITS QAS
ITS
ITS PRD
SAP R/3 Production PRD
15Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign-On
5
ITS Platforms
6
More Information
7
16 Different Programming Models
IAC Internet Application Component
Non-SAP R/3- based dialog flow
R/3 based dialog flow
17SAP R/3-Based Dialog Applications
- Business logic and dialog flow reside in SAP R/3
(system) - Presentation layer is strictly separated and
resides on ITS - Communication between ITS and application is
carried out via data fields on SAP screens - ITS places the data field content into the HTML
template and creates a complete HTML page - HTML page is sent to the Web browser (via Web
server) - HTML templates reside outside SAP but are
included in SAP Source Control - SAP_at_Web Studio supports development of
HTMLtemplates
18SAP Screens Correspond to HTML Pages
ITS provides the mapping
with HTMLtemplate
without HTMLtemplate
or
19SAP Screens vs. HTML Template Usage
- SAP GUI for HTML maps SAP screens to HTML files
- Simple, SAP R/3 screen-based layoutLimited
graphical layout mechanisms can be used via HTML
styles technique (for example, font, font size,
or background color) - 11 mapping from SAP screen fields (for example,
text or input fields) to SAP GUI for HTML fields - No special techniques applicableFor example,
dynamic help texts that open on mouse-click or
mouse-over - No development effort
- HTML templates allow a different look and feel
for a Web application - Flexible layoutTemplate and MIME usage allow
arbitrary layout techniques - Flexible field mapping Fields with default
values can be hidden from the Web page - Special functionality can be implementedPull-down
help texts, for example - Additional development effort HTML templates
need to be designed and published, additional
functions need to be implemented
20Mapping R/3 screens to Web pages
Screen 1000
Screen 3000
ITS
Web page 1000
21ITS Flow Logic
- Separation of
- Business logic,
- Presentation logic
- Dialog flow logic
- Modeling the dialog flow as a network of states
- Population of HTML templates with data
- Handling of user interface events
- Events can trigger state transitions
- States can trigger data-providing module
Bottom Line Allows you more flexibility with look
and feel of your Internet applications without
ever changing the business logic
22Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign-On
5
ITS Platforms
6
More Information
7
23ITS Benefits From SAP R/3 Scalability
- Efficient transaction management
- Multiple work processes
- Load balancing
- Database buffering
- Database tables (material master and sales text,
for examples) can be buffered on application
server to achieve fast access to data - SAP R/3 can handle thousands of dialog users
24ITS Performance and Scalability
- Lightweight multithreaded implementation
- Compilation and caching of HTML templates
- Separation of WGate and AGate
- Achievements
- Large number of concurrent users
- Efficient interface to SAP
- Four-tier architecture of Internet-enabled
SAPoffers maximum flexibility in terms of
scalability - ITS as a dedicated SAP solution, provides highly
optimized access to SAP application servers
25Workthread/Session Model
Dispatcher
R/3
Pool of Workthreads
Session Pool
AGate
26Web Server/ITS Scalability
- One WGate passes requests on to one AGate
- One AGate can be connected to several Web
servers/WGates
27ITS Scalability
- Several ITSs can be connected to the same SAP R/3
system
28ITS SAP R/3 Scalability
SAP System
Appl.Server
MessageServer
- One ITS can use several application servers of
one SAP R/3 system via - Load balancing
- Separate selection of a specific application
server
29WGate/AGate Loadbalancing (4.6D)
SAP System
AGate
AGate
WGate
Web Server
Browser
AGate
- WGate just passes requests on to AGate
- AGate does the actual work
- Session management
- HTML page generation
- Control caching
- CPU utilization of AGate is much higher than
WGate - Fault tolerance for AGate
30HTTP Routing (SAP R/3 4.6D)/High Availability
AGate
WGate
Web Server
AGate
WGate
HTTP Router
Browser
Web Server
AGate
31ITS Watchdog Service
- NT or Win2000 service, installed on WGate, has
following tasks - Monitors all ITS instances performingtests
periodically - Recognizes ITS instances and their
administration URLs and Web servers and
registers them within an LDAP directory(optional)
- Activates or deactivates all corresponding port
rulesdepending on test results (optional) - Initially implemented for Microsoft Network Load
Balancing(NLB/ WLBS) - Will also work with other load balancing
productsFirst customer shipment with ITS 4.6DC4
32How Does ITS Watchdog Work?
- ITS Watchdog Service on WGate host periodically
calls ITS service ITS_PING through URL
http//localhost/scripts/wgate/ITS_PING/! - ITS_PING service flow file calls RFC function
RFC_PING - AGate returns HTML page
- Watchdog scans this HTML page for specific
pattern(SAP R/3 Status OK)
RFC
WGate
Reply page
Web ServerITS Watchdog
33Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign/On
5
ITS Platforms
6
More Information
7
34Internet Security
- Access control
- Network and file access authorization
- Privacy
- Data encryption
- Authentication
- Clear identification of communication parties
- Integrity
- Secure data transfer without falsification
35ITS Infrastructure Security Measures
36ITS Infrastructure Security Measures
- Use different machines to separate AGate and
WGate - Protect your Web server and AGate Server (NT
security) - Protect the ITS configuration files (NT security)
- Use firewalls
- Use HTTPS
37Single Sign-On in the mySAP.com Workplace
Table USREXTID maps Certificate to SAP R/3 User
Client and server certificate ensures encrypted
channel using Secure Sockets Layer (SSL)
Protocol Initial authentication against Web
Server using X.509 user certificate Mapping
from certificate to user is done by the workplace
server Further transactions fired from menu use
same steps again
38Single Sign-On in the mySAP Workplace
Role-based menu
39Using an X.509 User Certificate
- Mechanism protection
- Secure key generation and distribution
(registration) - Secure storage for private key
- Uses the SSL protocol
- Usage conditions
- Enable HTTPS for all Web servers
- Provide certificates for all users
- Import User Certificate into browser (or connect
via Smartcard) - Provide mapping to SAP Userid (use central user
maintenance)
40Security Consulting Services Info
SAPNet http//service.sap.com/security http/
/service.sap.com/SecurityConsulting
41Agenda
Introduction
1
Architecture
2
SAP GUI for HTML
3
Scalability
4
Security Single Sign On
5
ITS Platforms
6
More Information
7
42ITS 4.6D Server Platforms
- WGate
- Microsoft NT 4.0 Server
- Microsoft Web Server (ISAPI)
- Netscape Web Server (NSAPI)
- Apache HTTP Server (Apache Module)
- any CGI Web Server (CGI)
- Microsoft Windows 2000 Server
- Microsoft Web Server (ISAPI)
- Linux / Intel
- Apache HTTP Server (Apache Module)
- AGate
- Microsoft NT 4.0 Server
- Microsoft Windows 2000 Server
- SAP_at_Web Studio
- Microsoft NT 4.0 Workstation
- Microsoft Windows 2000 Workstation
43ITS 4.6D Client Platforms
- In general, IE 4.01 or higher is required
- Some applications based on ITS might have a
different client platform support - SAP GUI for HTML requires IE 4.01as a minimum
- Some applications require a higher version of IE
- mySAP Workplace
- Others do support Netscape
- support of pre-4.6C applications (IACs, such as
ESS, Online Store) is application-dependent - All applications will run on MS Internet Explorer
5.0x or higher on Windows platforms - There are known issues with IE 5.5 which are
solved with IE 5.5 SR1. - Recommendation Use IE 5.5 SR1 or above
44ITS 6.10 Server Platforms
- WGate
- Microsoft NT 4.0 Server
- Microsoft Web Server (ISAPI)
- Netscape Web Server (NSAPI)
- Apache HTTP Server (Apache Module)
- any CGI Web Server (CGI)
- Microsoft Windows 2000 Server
- Microsoft Web Server (ISAPI)
- Linux / Intel
- Apache HTTP Server (Apache Module)
- AGate
- Microsoft NT 4.0 Server
- Microsoft Windows 2000 Server
- SAP_at_Web Studio
- Microsoft NT 4.0 Workstation
- Microsoft Windows 2000 Workstation
XP (32 and 64 bit) currently under evaluation
45ITS 6.10 Client Platforms
- In general, IE 4.01 or higher is required
- Some applications based on ITS might have a
different client platform support - SAP GUI for HTML requires IE 4.01as a minimum
- Some applications require a higher version of IE
- mySAP Workplace
- Others do support Netscape
- support of pre-4.6C applications (IACs, such as
ESS, Online Store) is application-dependent - All applications will run on MS Internet Explorer
5.0x or higher on Windows platforms - There are known issues with IE 5.5 which are
solved with IE 5.5 SR1. - IE 6.0 (with Windows XP) under evaluation
- Netscape 6.x (on Windows and Linux platforms)
under evaluation
46Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security Single Sign On
5
ITS Platforms
6
More Information
7
47Recent Efforts for 4.6D (Compilation 4)
- Solution Frontend Printing
- Focus QA / Provide software which is
- Stable, highly available (performance, stability)
- Highly scalable (ITS cluster, Watchdog)
- Focus Enrich administration and monitoring
features - Administer ITS clusters
- Add new trace files, make existing trace files
better readable - Focus Improve patch production and application
48Classroom training ITS Curriculum
ITS100
BC400
and
ITS050
ITS110
SAP50
ITS070
ITS150
- ITS050 (3 Days) SAP Internet Transaction Server
Basics - ITS070 (2 Days) ITS Administration
- ITS100 (2 Days) Developing EasyWebTransactions
- ITS110 (2 Days) Developing Web Scenarios and
Mini-Apps using ITS Flow Logic - ITS150 (2 Days) Corporate Identity Design
49More Information
- World Wide Web
- http//www.sapmarkets.com/its
- http//service.sap.com/sap-its
- SAP Online Help
- Basis ? Frontend Services ? Internet
Transaction Server (BC-FES-ITS) - ? SAP GUI for HTML (BC-FES-WGU)