Thomas%20Ryan%20Product%20Manager

1
SAP Internet Transaction Server
Thomas Ryan Product Manager SAP Markets
2
Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign-On
5
ITS Platforms
6
More Information
7
3
What is an Internet Application?
SAP Application
Internet Application
Powerful, but complex (built to handle all
possible situations)
Simple!
Designed for the professional user
Designed to be used by everyone (large number of
users)
Requires a trained user
No user training required
Take advantage of Internet technology and
multimedia
4
SAP R/3 and the Web The Task
Browser
Intranet
Browser
Browser
Firewall
?
ITS
Internet
Browser
PC
PC
GUI
Browser
5
SAP R/3 and the Web The Solution
Browser
Intranet
Browser
Browser
Firewall
ITS
Internet
Browser
PC
PC
GUI
Browser
6
SAP Internet Transaction Server

• Extends the reach of SAP systems into the Web by
  mapping SAP screens to HTML, WML, or similar Web
  formats
• Drives transactions within the SAP system or
  calls function modules from SAP
• Application server sees a SAP GUI
• Separation of business logic and visual
  appearance
• Supported through release upgrades

7
How to Offer a Service on the Web?
ITS
Web Server
Browser
Inside SAP R/3 Business Logic
Outside SAP R/3 HTML Visualization
8
Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign-On
5
ITS Platforms
6
More Information
7
9
Components and Interfaces
DIAG
NSAPI
ISAPI
TCP/IP
ApacheModule
RFC
CGI
ITS
10
WGate and AGate

• WGate
• Encapsulates the various supported HTTP server
  interfaces such as
• CGI (Common Gateway Interface)
• NSAPI (Netscape Server Application Programming
  Interface)
• ISAPI (Internet Server Application Programming
  Interface)
• In a transparent manner
• Passes the requested data to the AGate component
• Receives the HTML pages from AGate in a secure way

• AGate
• Is the main component of ITS
• Is responsible for session management including
• Mapping of SAP R/3 screens or function modules to
  HTML
• Web session timeout handling
• SAP R/3 connection management
• Generation of HTML documents

11
Architecture ITS
Load Service File
Send Prepared Request
User Request
Call WGate
R/3 Input
SAP System
SAP R/3 Internet Application Component
WGate
R/3 Output
Browser
Web Server
BAPI
HTML Templates
HTML Page
HTML Page
SAP R/3 Data
Load HTML Template or Style
12
Installation Methods

• Single Host Installation
• WGate and AGate are installed on the same
  physical server
• Scope
• Intranet

• Dual Host Installation
• WGate and AGate are installed on different
  physical servers
• Scope
• Security (firewalls)
• High availability/Load balancing

13
Virtual ITS
Central ITS Server

• Virtual HTTP Servers enable several complete ITS
  instances to be installed on one physical server

ITS DEV
ITS CON
ITS
ITS PRD
14
Virtual ITS Instances
Central ITS Server
ITS QAS
ITS
ITS PRD
SAP R/3 Production PRD
15
Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign-On
5
ITS Platforms
6
More Information
7
16
Different Programming Models
IAC Internet Application Component
Non-SAP R/3- based dialog flow
R/3 based dialog flow
17
SAP R/3-Based Dialog Applications

• Business logic and dialog flow reside in SAP R/3
  (system)
• Presentation layer is strictly separated and
  resides on ITS
• Communication between ITS and application is
  carried out via data fields on SAP screens
• ITS places the data field content into the HTML
  template and creates a complete HTML page
• HTML page is sent to the Web browser (via Web
  server)
• HTML templates reside outside SAP but are
  included in SAP Source Control
• SAP_at_Web Studio supports development of
  HTMLtemplates

18
SAP Screens Correspond to HTML Pages
ITS provides the mapping
with HTMLtemplate
without HTMLtemplate
or
19
SAP Screens vs. HTML Template Usage

• SAP GUI for HTML maps SAP screens to HTML files
• Simple, SAP R/3 screen-based layoutLimited
  graphical layout mechanisms can be used via HTML
  styles technique (for example, font, font size,
  or background color)
• 11 mapping from SAP screen fields (for example,
  text or input fields) to SAP GUI for HTML fields
• No special techniques applicableFor example,
  dynamic help texts that open on mouse-click or
  mouse-over
• No development effort

• HTML templates allow a different look and feel
  for a Web application
• Flexible layoutTemplate and MIME usage allow
  arbitrary layout techniques
• Flexible field mapping Fields with default
  values can be hidden from the Web page
• Special functionality can be implementedPull-down
  help texts, for example
• Additional development effort HTML templates
  need to be designed and published, additional
  functions need to be implemented

20
Mapping R/3 screens to Web pages
Screen 1000
Screen 3000
ITS
Web page 1000
21
ITS Flow Logic

• Separation of
• Business logic,
• Presentation logic
• Dialog flow logic
• Modeling the dialog flow as a network of states
• Population of HTML templates with data
• Handling of user interface events
• Events can trigger state transitions
• States can trigger data-providing module

Bottom Line Allows you more flexibility with look
and feel of your Internet applications without
ever changing the business logic
22
Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign-On
5
ITS Platforms
6
More Information
7
23
ITS Benefits From SAP R/3 Scalability

• Efficient transaction management
• Multiple work processes
• Load balancing
• Database buffering
• Database tables (material master and sales text,
  for examples) can be buffered on application
  server to achieve fast access to data
• SAP R/3 can handle thousands of dialog users

24
ITS Performance and Scalability

• Lightweight multithreaded implementation
• Compilation and caching of HTML templates
• Separation of WGate and AGate
• Achievements
• Large number of concurrent users
• Efficient interface to SAP
• Four-tier architecture of Internet-enabled
  SAPoffers maximum flexibility in terms of
  scalability
• ITS as a dedicated SAP solution, provides highly
  optimized access to SAP application servers

25
Workthread/Session Model
Dispatcher
R/3
Pool of Workthreads
Session Pool
AGate
26
Web Server/ITS Scalability

• One WGate passes requests on to one AGate
• One AGate can be connected to several Web
  servers/WGates

27
ITS Scalability

• Several ITSs can be connected to the same SAP R/3
  system

28
ITS SAP R/3 Scalability
SAP System
Appl.Server
MessageServer

• One ITS can use several application servers of
  one SAP R/3 system via
• Load balancing
• Separate selection of a specific application
  server

29
WGate/AGate Loadbalancing (4.6D)
SAP System
AGate
AGate
WGate
Web Server
Browser
AGate

• WGate just passes requests on to AGate
• AGate does the actual work
• Session management
• HTML page generation
• Control caching
• CPU utilization of AGate is much higher than
  WGate
• Fault tolerance for AGate

30
HTTP Routing (SAP R/3 4.6D)/High Availability
AGate
WGate
Web Server
AGate
WGate
HTTP Router
Browser
Web Server
AGate
31
ITS Watchdog Service

• NT or Win2000 service, installed on WGate, has
  following tasks
• Monitors all ITS instances performingtests
  periodically
• Recognizes ITS instances and their
  administration URLs and Web servers and
  registers them within an LDAP directory(optional)
  
• Activates or deactivates all corresponding port
  rulesdepending on test results (optional)
• Initially implemented for Microsoft Network Load
  Balancing(NLB/ WLBS)
• Will also work with other load balancing
  productsFirst customer shipment with ITS 4.6DC4

32
How Does ITS Watchdog Work?

• ITS Watchdog Service on WGate host periodically
  calls ITS service ITS_PING through URL
  http//localhost/scripts/wgate/ITS_PING/!
• ITS_PING service flow file calls RFC function
  RFC_PING
• AGate returns HTML page
• Watchdog scans this HTML page for specific
  pattern(SAP R/3 Status OK)

RFC
WGate
Reply page
Web ServerITS Watchdog
33
Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security and Single Sign/On
5
ITS Platforms
6
More Information
7
34
Internet Security

• Access control
• Network and file access authorization
• Privacy
• Data encryption
• Authentication
• Clear identification of communication parties
• Integrity
• Secure data transfer without falsification

35
ITS Infrastructure Security Measures
36
ITS Infrastructure Security Measures

• Use different machines to separate AGate and
  WGate
• Protect your Web server and AGate Server (NT
  security)
• Protect the ITS configuration files (NT security)
• Use firewalls
• Use HTTPS

37
Single Sign-On in the mySAP.com Workplace
Table USREXTID maps Certificate to SAP R/3 User
Client and server certificate ensures encrypted
channel using Secure Sockets Layer (SSL)
Protocol Initial authentication against Web
Server using X.509 user certificate Mapping
from certificate to user is done by the workplace
server Further transactions fired from menu use
same steps again
38
Single Sign-On in the mySAP Workplace
Role-based menu
39
Using an X.509 User Certificate

• Mechanism protection
• Secure key generation and distribution
  (registration)
• Secure storage for private key
• Uses the SSL protocol

• Usage conditions
• Enable HTTPS for all Web servers
• Provide certificates for all users
• Import User Certificate into browser (or connect
  via Smartcard)
• Provide mapping to SAP Userid (use central user
  maintenance)

40
Security Consulting Services Info
SAPNet http//service.sap.com/security http/
/service.sap.com/SecurityConsulting
41
Agenda
Introduction
1
Architecture
2
SAP GUI for HTML
3
Scalability
4
Security Single Sign On
5
ITS Platforms
6
More Information
7
42
ITS 4.6D Server Platforms

• WGate
• Microsoft NT 4.0 Server
• Microsoft Web Server (ISAPI)
• Netscape Web Server (NSAPI)
• Apache HTTP Server (Apache Module)
• any CGI Web Server (CGI)
• Microsoft Windows 2000 Server
• Microsoft Web Server (ISAPI)
• Linux / Intel
• Apache HTTP Server (Apache Module)

• AGate
• Microsoft NT 4.0 Server
• Microsoft Windows 2000 Server
• SAP_at_Web Studio
• Microsoft NT 4.0 Workstation
• Microsoft Windows 2000 Workstation

43
ITS 4.6D Client Platforms

• In general, IE 4.01 or higher is required
• Some applications based on ITS might have a
  different client platform support
• SAP GUI for HTML requires IE 4.01as a minimum
• Some applications require a higher version of IE
• mySAP Workplace
• Others do support Netscape
• support of pre-4.6C applications (IACs, such as
  ESS, Online Store) is application-dependent
• All applications will run on MS Internet Explorer
  5.0x or higher on Windows platforms
• There are known issues with IE 5.5 which are
  solved with IE 5.5 SR1.
• Recommendation Use IE 5.5 SR1 or above

44
ITS 6.10 Server Platforms

• WGate
• Microsoft NT 4.0 Server
• Microsoft Web Server (ISAPI)
• Netscape Web Server (NSAPI)
• Apache HTTP Server (Apache Module)
• any CGI Web Server (CGI)
• Microsoft Windows 2000 Server
• Microsoft Web Server (ISAPI)
• Linux / Intel
• Apache HTTP Server (Apache Module)

• AGate
• Microsoft NT 4.0 Server
• Microsoft Windows 2000 Server
• SAP_at_Web Studio
• Microsoft NT 4.0 Workstation
• Microsoft Windows 2000 Workstation

XP (32 and 64 bit) currently under evaluation
45
ITS 6.10 Client Platforms

• In general, IE 4.01 or higher is required
• Some applications based on ITS might have a
  different client platform support
• SAP GUI for HTML requires IE 4.01as a minimum
• Some applications require a higher version of IE
• mySAP Workplace
• Others do support Netscape
• support of pre-4.6C applications (IACs, such as
  ESS, Online Store) is application-dependent
• All applications will run on MS Internet Explorer
  5.0x or higher on Windows platforms
• There are known issues with IE 5.5 which are
  solved with IE 5.5 SR1.
• IE 6.0 (with Windows XP) under evaluation
• Netscape 6.x (on Windows and Linux platforms)
  under evaluation

46
Agenda
Introduction
1
Architecture
2
ITS Programming Models
3
Scalability
4
Security Single Sign On
5
ITS Platforms
6
More Information
7
47
Recent Efforts for 4.6D (Compilation 4)

• Solution Frontend Printing
• Focus QA / Provide software which is
• Stable, highly available (performance, stability)
• Highly scalable (ITS cluster, Watchdog)
• Focus Enrich administration and monitoring
  features
• Administer ITS clusters
• Add new trace files, make existing trace files
  better readable
• Focus Improve patch production and application

48
Classroom training ITS Curriculum
ITS100
BC400
and
ITS050
ITS110
SAP50
ITS070
ITS150

• ITS050 (3 Days) SAP Internet Transaction Server
  Basics
• ITS070 (2 Days) ITS Administration
• ITS100 (2 Days) Developing EasyWebTransactions
• ITS110 (2 Days) Developing Web Scenarios and
  Mini-Apps using ITS Flow Logic
• ITS150 (2 Days) Corporate Identity Design

49
More Information

• World Wide Web
• http//www.sapmarkets.com/its
• http//service.sap.com/sap-its
• SAP Online Help
• Basis ? Frontend Services ? Internet
  Transaction Server (BC-FES-ITS)
• ? SAP GUI for HTML (BC-FES-WGU)