You are on page 1of 68

SAP NetWeaver

Gateway 2.0
Sybase Unwired
Platform 2.1
December 2011
English

Mobile Infrastructure
Technical Configuration
(M30)
Building Block Configuration Guide

SAP AG
Dietmar-Hopp-Allee 16
69190 Walldorf
Germany

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Copyright
2011 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the
exchoose permission of SAP AG. The information contained herein may be changed without prior
notice.
Some software products marketed by SAP AG and its distributors contain proprietary software
components of other software vendors.
Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft
Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z,
System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390,
OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+,
POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System
Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA,
AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks
of IBM Corporation.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks
of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks
or registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web
Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology
invented and implemented by Netscape.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, Clear Enterprise, SAP BusinessObjects
Explorer, and other SAP products and services mentioned herein as well as their respective logos are
trademarks or registered trademarks of SAP AG in Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions,
Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well
as their respective logos are trademarks or registered trademarks of SAP France in the United States
and in other countries.
All other product and service names mentioned are the trademarks of their respective companies. Data
contained in this document serves informational purposes only. National product specifications may
vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its
affiliated companies ("SAP Group") for informational purposes only, without representation or warranty
of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The
only warranties for SAP Group products and services are those that are set forth in the exchoose
warranty statements accompanying such products and services, if any. Nothing herein should be
construed as constituting an additional warranty.

SAP AG Page 2 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Icons
Icon

Meaning
Caution
Example
Note
Recommendation
Syntax
External Process
Business Process Alternative/Decision Choice

Typographic Conventions
Type Style

Description

Example text

Words or characters that appear on the screen. These include field


names, screen titles, pushbuttons as well as menu names, paths and
options.
Cross-references to other documentation.

Example text

Emphasized words or phrases in body text, titles of graphics and tables.

EXAMPLE TEXT

Names of elements in the system. These include report names,


program names, Transaction Codes, table names, and individual key
words of a programming language, when surrounded by body text, for
example, SELECT and INCLUDE.

Example text

Screen output. This includes file and directory names and their paths,
messages, source code, names of variables and parameters as well as
names of installation, upgrade and database tools.

EXAMPLE TEXT

Keys on the keyboard, for example, function keys (such as F2) or the
ENTER key.

Example text

Exact user entry. These are words or characters that you enter in the
system exactly as they appear in the documentation.

<Example text>

Variable user entry. Pointed brackets indicate that you replace these
words and characters with appropriate entries.

SAP AG Page 3 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Content
1

System preparation........................................................................................................ 6
1.1 Purpose
6
1.2 Prerequisites 6
1.2.1
Information Sources and Installation Files........................................................6
2 Installation and Configuration......................................................................................... 7
2.1 SAP Mobile Application Architecture 7
2.2 Scenario Overview 8
2.3 GateWay 2.0 Setup 9
2.4 Backend Setup 10
2.5 SAP Suite System and Gateway System Configuration Guide
10
2.5.1
ICF Services and Profile Parameters.............................................................10
2.5.2
User and Administrator Authorizations............................................................11
2.5.3
Create Gateway Related Roles and assign to user account in Gateway
System 12
2.5.4
Create Backend Roles for Gateway Component IW_BEP and assign to user
account in Backend System......................................................................................... 13
2.5.5
Connection Settings Gateway System: SAP Netweaver Gateway to Consumer
14
2.5.6
Connection Settings Gateway System: SAP NetWeaver Gateway to SAP
Systems 17
2.5.7
Connection Settings Backend System: SAP NetWeaver Gateway to SAP
Systems 20
2.5.8
Activating the SAP NetWeaver Gateway........................................................21
2.5.9
Connection Settings for OData Channel and BEP.........................................21
2.5.10 Configure the Data Model on the Backend Suite System...............................24
2.5.11 Activate the Gateway Service........................................................................25
2.6 Sybase Unwired Platform 2.1 Installation
26
2.6.1
Preparing for the Installation..........................................................................26
2.6.2
Entering License Information..........................................................................27
2.6.3
Selecting Installation Options.........................................................................27
2.7 Relay Server Setup 28
2.7.1
Installation and Configuration of the Relay Server.........................................28
2.7.2
Configuring the Relay Server with the Sybase Control Center.......................33
2.8 Application Enabling in SUP and User OnBoarding 34
2.8.1
Security Configuration....................................................................................34
2.8.2
Create the Application ID and Application Connection Template....................36
2.8.3
Register the Activation User for the Application using the Basic Security
Configuration................................................................................................................ 36
2.9 Afaria Setup
36
2.9.1
Scenario Overview......................................................................................... 36
2.9.2
Sybase Afaria Server 6.6 FP1 Installation......................................................38
2.9.3
OTA Installation & Configuration.....................................................................43
2.9.4
Relay Server Installation & Configuration.......................................................43
2.9.5
Configuration for Afaria Client Notification (Optional).....................................46
2.9.6
iOS Provisioning Server Installation & Configuration......................................47
2.9.7
Steps for Afaria Client and Mobile Apps Deployment over OTA.....................50
2.10 Device Provisioning 66

SAP AG Page 4 of 68

SAP Best Practices


2.10.1
2.10.2
2.10.3

Mobile Infrastructure Configuration (M30): Configuration Guide

Provisioning Mobile Application to Apple Mobile Devices...............................66


Connection Test with IOS Devices and Mobile Application.............................66
Provisioning Mobile Application to Blackberry Devices..................................67

SAP AG Page 5 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Mobile Infrastructure Configuration


1 System preparation
1.1 Purpose
This section provides condensed information on the technical installation of all the
components that are necessary for this version of SAP Mobile. For detailed installation
guides, see the documentation in the Help Portal. You find the path to the documentation for
each of the following components in the Information Sources and Installation Files section.

1.2 Prerequisites
1.2.1

Information Sources and Installation Files

Use
The following navigation paths show where to find documentation for each component,
which is necessary for SAP NetWeaver Gateway, Sybase Unwired Platform, and where to
find the corresponding installation file.
Server Setup
SAP Netweaver Gateway 2.0 SPS02
Documentation:
http://help.sap.com SAP Netweaver SAP Netweaver Gateway SAP Netweaver
Gateway 2.0 Library. Expand SAP NetWeaver Gateway Installation Guide.
Software download:
https://service.sap.com/swdc Installations and Upgrades Browse our Download
Catalog SAP NetWeaver and complementary products SAP NETWEAVER
GATEWAY SAP NETWEAVER GATEWAY 2.0 Installation and Upgrade
Downloads Download Object: 51040859
https://service.sap.com/swdc Support Packages and Patches Browse our
Download Catalog SAP NetWeaver and complementary products SAP
NETWEAVER GATEWAY SAP NETWEAVER GATEWAY 2.0
Sybase Unwired Platform 2.1
Documentation:
http://infocenter.sybase.com/help/index.jsp Sybase Unwired Platform 2.1
Software download:
https://service.sap.com/swdc Installations and Upgrades Browse our Download
Catalog Sybase Products SYBASE UNWIRED PLATFORM SYBASE
UNWIRED PLATFORM 2.1
Sybase Afaria 6.6 FP1
Documentation:
http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01205.0152/doc/html/Instal
lingAfaria.pdf
http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc0 1205.0152/doc/html/Afari
aReferencePlatform.pdf
http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc0 1205.0152/doc/html/Afari
aReferenceComponents.pdf
Software download:

SAP AG Page 6 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

https://service.sap.com/swdc Installations and Upgrades Browse our Download


Catalog Sybase Products AFARIA AFARIA 6.6
https://service.sap.com/swdc Support Packages and Patches Browse our
Download Catalog Sybase Products AFARIA AFARIA 6.6
System Requirements for various Afaria Components
http://www.sybase.com/products/mobileenterprise/afaria/system-requirements

2 Installation and Configuration


Use
This section outlines different points to consider when you install the system components
necessary for SAP Mobile.
We assume that you have an SAP BASIS backgroud.

2.1 SAP Mobile Application Architecture

Backend Suite System ERP


6.0 SPS15, NW 7.0 SPS18
Mobile Application add-on
Metadata class
Runtime class

SAP AG Page 7 of 68

Add-On to be installed: Gateway 2.0 component


IW_BEP, IW_SCS, Mobile Application add-on
Physical Suite Server SID: ERP
Example mobile application: SAP ERP Order Status
OrderStatus Metadata class:
CL_LWM_ORDERSTATUS_MD
OrderStatus Runtime class:
CL_LWM_ORDERSTATUS_RT
Dialog user for RFC connection: iconnect

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Odata channel
IW_BEP

GW_CORE Gateway Server


EE
NW702 SP08
ICF Web Service
Published

Add-On to be installed: Gateway 2.0 GW_CORE,


IW_FND, IW_CNT, IW_CBS
Physical NetWeaver Server SID: NGW
Dialog user for RFC connection: iconnect

SUP 2.1 Server


Mobile Application Provisioning
Activation User Registering

Physical SUP Server: vmw1234.cn.sap.com


Example mobile application ID:
com.sap.bsuite.erp.ops.orderstatus.release
Find it in SAP Order Status configuration guide M43.

Relay Server
Deploy at DMZ area
Public internet IP Address

Physical Relay Server: relay1234


Example deployment: Windows Server 2003, IIS 6.0

iPhone 4 ios 4.3.x


with cellular data network or
3G network connection

Test device: iPhone 4 (for example)


Make sure devices internet connection test is
successful
Make sure mobile application Order Status has been
installed and switch off WIFI.

For the backend business configuration of the mobile application Order Status,
see the M43 building block.

2.2 Scenario Overview


The target reader of this document is a BASIS consultant in your implementation project.
The target of this document is to help a BASIS consultant build up the mobile infrastructure
and test the connection with a mobile device.
The following step is an overview:
1. Gateway Server installation and backend Suite system side add-on installation.
2. Backend Suite system and Gateway system Configuration

Check that you have fulfilled the configuration prerequisites concerning ICF
services and profile parameters

Set up users and authorizations both in your SAP NetWeaver Gateway and
SAP Suite System

Specify configuration settings in your SAP NetWeaver Gateway to connect to


the consumer server

SAP AG Page 8 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Establish connections from the SAP NetWeaver Gateway to the SAP Suite
System

Activate SAP NetWeaver Gateway

Connection settings for OData Channel and BEP

Configure data model on the backend Suite System for the installed mobile
application

Register the Mobile Service in the SAP NetWeaver Gateway system

3. SUP Installation and Configuration

SUP Installation

Relay Server Installation and configuration in SUP Server

Application registration

User onboarding

Basic configuration settings

SSO configuration settings

4. Device Provisioning

Provide the application to the mobile devices (for example by iTunes for
iPhone)

Connection test with the mobile application Order Status

2.3 GateWay 2.0 Setup


The minimum version of NetWeaver for Gateway 2.0 installation is NetWeaver 7.02 SPS08,
The following SAP NetWeaver Gateway components have to be installed on your
SAP NetWeaver Gateway system:

Framework components:
o GW_CORE 200 SP02
o

IW_FND 250 SP02

WEBCUIF 701 is a prerequisite of IW_FND 250.

Content components:
The content is provided in predefined groups. Customer, account, and leave
request grouped under CRM (Customer Relationship Management) are examples
of such content.
System integrators, other vendors, and other SAP development teams can also
provide similar content.
The sub components contained in this package are as follows:
o
o

IW_CNT 200 SP02


IW_CBS 200 SP02

SAP AG Page 9 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

These installation packages have a compressed format, so first unpack them into your local
file system. Next, import them using the installation tool. For detailed information on
unpacking the installation packages, see Loading Installation Packages from the Application
Server.
To install the SAP NetWeaver Gateway components, proceed as follows:
1. Log on to the SAP system in which you want to install the SAP NetWeaver
Gateway components and enter the transaction SAINT.
2. Import the installation packages. For detailed information on importing the
installation packages, see Installing and Upgrading Add-ons.
For more information on installing the SAP NetWeaver Gateway components, see the SAP
Note 1569624.

2.4 Backend Setup


If you intend to create SAP NetWeaver Gateway content with Workflow, the Backend Event
Publisher or Screen Scraping, you need to install the following additional components on
your backend system (SAP Business Suite system):

IW_BEP 200 SP02 (Backend Event Publisher)


IW_BEP is available with SAP NetWeaver 7.0 SPS18 and higher.

IW_SCS 200 (Screen Scraping)


IW_SCS is available with SAP NetWeaver 7.0 SPS14 and higher.

Instead of having a system landscape with your SAP NetWeaver Gateway system, which
includes the four software components mentioned above and the back-end system with the
two software components for the SAP Business Suite functionality, you can also have a
local installation with all six software components located in the same system if all
prerequisites are fulfilled.

2.5 SAP Suite System and Gateway System


Configuration Guide
2.5.1

ICF Services and Profile Parameters

Prerequisites
The Gateway 2.0 component GW_CORE, IW_FND must be installed in the NetWeaver
System NGW.

Procedure
This setting is for the gateway system, so enter NGW in the gateway system.
1. Select the required ICF service in the ICF tree in transaction
2. Activate the ICF service in one of the following ways:

Use the menu option Service/Host Activate.

Use the context menu and choose Activate Service.

SAP AG Page 10 of 68

SICF.

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

SICF path
/sap/public/opu
/sap/bc/srt/xip/sap
/sap/bc/webdynpro/sap/saml2
/sap/public/bc
/sap/public/mysssocnt

If the default_host node is inactive in transaction SICF, the HTTP requests


could result in an ABAP runtime error RAISE_EXCEPTION with the
following short text:
Exception condition "HOST_INACTIVE" triggered.
If a service is inactive in transaction SICF, an error text appears when you
try to access the service.
You can also activate services from the SAP Implementation Guide (IMG).
In transaction SPRO, choose Display SAP Reference IMG. The path in the
Implementation Guide for SAP NetWeaver is as follows:Application Server
Internet Communication Framework Activate HTTP Services or
Activate Services in Installation.
3. Call the CCMS profile maintenance tool by choosing CCMS Configuration
Profile maintenance. Alternatively, call Transaction RZ10.
4. Look up instance profile in Profile, select Extended maintenance under Edit profile,
choose Change.
5. Change the parameter icm/host_name_full to a fully qualified domain name, for
example server.domain.com.
6. Make sure that the value of the parameter login/aceept_sso2_ticket is 1 and the
value of the parameter login/create_sso2_ticket is 2.

2.5.2

User and Administrator Authorizations

In the following activities (2.5.2 2.5.4), you will create a user and assign several roles and
the connected authorizations to that user which is required for the system administration
and later on for the evaluation the created configuration.
In general for productive usage these role assignments should be differentiated to admin
user(s) who set up all the connections and keep the system alive by e.g. monitoring the
bgRFC queues, respectively to business users who use the Apps on their devices to
connect the backend system to read/use the business data.
For more information about building up a security concept according to your companies
needs, please refer to http://help.sap.com SAP Netweaver SAP Netweaver Gateway
Security Information Security Guide.

SAP AG Page 11 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

You need to create a role for an administrator user with permissions and privileges for
several tasks both in the NetWeaver System NGW and Backend Suite System including the
following:
1. Create a dialog user for the system connection, for example iconnect.
2. In the Gateway system, in transaction PFCG, open the Role Maintenance screen,
and make the following entries:
Field Name

Description

Role

User action and values

Comment

SAP_QAP_RFCACL_DEVELOPER

3. Choose Single Role.


4. On the Create Roles screen, choose Save (Ctrl+S).
5. On the Change Roles screen, choose Change authorization data on the
Authorizations tab page.
6. On the Choose Template screen, choose Do not select templates.
7. On the Change role: Authorizations screen, choose Manually.
8. On the Manual selection of authorizations screen, make the following entries:
Field Name

Description

Authorization object
9.
10.
11.
12.
13.
14.
15.
16.
17.

Comment

S_RFCACL

Choose Enter.
Choose the yellow triangle on the top node and accept the next screen with Enter.
Choose Generate (Shift+F5).
On the Generate profile screen, choose Generate.
On the Assign Profile Name for Generated Authorization Profile screen, choose
Execute (Enter).
On the Change role: Authorizations screen, choose Save (Ctrl+S).
Choose Back (F3) and go back to the Assign Profile Name for Generated
Authorization Profile screen.
On the Exit Authorization Maintenance screen, choose Continue (Enter).
On the Change Roles screen, choose the User tab page and enter the following
data for the first line items:

Field Name

Description

User ID
18.
19.
20.
21.

User action and


values

User action and


values

Comment

iconnect

Save the role (Ctrl + S).


On the Change Roles screen, choose User comparison.
On the Compare Role User Master Record screen, choose Complete comparison.
Repeat the step above in the Backend Suite System for a user with the same
name.

2.5.3

Create Gateway Related Roles and assign to user


account in Gateway System

1. In the Gateway system, in transaction PFCG, open the Role Maintenance screen,
and make the following entries:
Field Name

Description

SAP AG Page 12 of 68

User action and


values

Comment

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Role

GW_ADMIN

Role for Gateway


Administrator

Role

GW_USER

Role for Gateway User

2. Choose Single Role.


3. On the Create Roles screen, choose Save (Ctrl+S).
4. On the Change Roles screen, choose Change authorization data on the
Authorizations tab page.
5. On the Choose Template screen, choose Role template as table list below and
choose Adopt Reference.
Role Template

Description

/IWFND/RT_ADMIN

SAP NetWeaver Gateway Framework Administrator

/IWFND/RT_GW_USER

SAP NetWeaver Gateway User

6. Choose Generate (Shift+F5).


7. On the Generate profile screen, choose Generate.
8. On the Assign Profile Name for Generated Authorization Profile screen, choose
Execute (Enter).
9. On the Change role: Authorizations screen, choose Save (Ctrl+S).
10. On the Change Roles screen, choose the User tab page and enter the following
data for the first line items:
Field Name

Description

User ID

User action and


values

Comment

iconnect

11. Save the role (Ctrl + S).


12. On the Change Roles screen, choose User comparison.
13. On the Compare Role User Master Record screen, choose Complete comparison.

2.5.4

Create Backend Roles for Gateway Component


IW_BEP and assign to user account in Backend
System

1. In the Gateway system, in transaction PFCG, open the Role Maintenance screen,
and make the following entries:
User action and
values

Comment

Role

GW_ODATA_ADMIN

Odata Channel
Administrator

Role

GW_ODATA_USER

Odata Channel User

Role

GW_BEP_ADM

Backend Event
Publisher Administrator

Role

GW_BEP_USER

Backend Event
Publisher User

Role

GW_WF_ADM

SAP NetWeaver
Gateway Workflow
Administrator

Role

GW_WF_USER

SAP NetWeaver
Gateway Workflow User

Field Name

Description

SAP AG Page 13 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

2. Choose Single Role.


3. On the Create Roles screen, choose Save (Ctrl+S).
4. On the Change Roles screen, choose Change authorization data on the
Authorizations tab page.
5. On the Choose Template screen, choose Role template as table list below and
choose Adopt Reference.
Role Template

Description

/IWBEP/RT_MGW_ADM

OData Channel Administrator

/IWBEP/RT_MGW_USR

OData Channel User

/IWBEP/RT_BEP_ADM

Backend Event Publisher Administrator

/IWBEP/RT_BEP_USR

Backend Event Publisher User

/IWWRK/RT_WF_ADM

SAP NetWeaver Gateway Workflow Administrator

/IWWRK/RT_WF_GW_USR

SAP NetWeaver Gateway Workflow User

6. Choose Generate (Shift+F5).


7. On the Generate profile screen, choose Generate.
8. On the Assign Profile Name for Generated Authorization Profile screen, choose
Execute (Enter).
9. On the Change role: Authorizations screen, choose Save (Ctrl+S).
10. On the Change Roles screen, choose the User tab page and enter the following
data for the first line items:
Field Name

Description

User ID

User action and


values

Comment

iconnect

11. Save the role (Ctrl + S).


12. On the Change Roles screen, choose User comparison.
13. On the Compare Role User Master Record screen, choose Complete comparison.

2.5.5

Connection Settings Gateway System: SAP


Netweaver Gateway to Consumer

Use
When using Push flow and also Web services, you have to specify settings from your
SAP NetWeaver Gateway system to consumers.

2.5.5.1

Defining Settings for Idempotent Services

Procedure
1. In the NGW system, Access the activity using the following navigation options:
Transaction code

SPRO

SAP NetWeaver Gateway Configuration Connection


Settings SAP NetWeaver Gateway to Consumer Define
Settings for Idempotent Services
2. Enter the following default values:
SAP Reference
menu

IMG

SAP AG Page 14 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

For Period Hours in Document, the value is 6.

For Period Hours in Document ID, the value is 12.

3. Choose Schedule.
A message confirming that the job has been scheduled is displayed.
4. Choose Continue.

To check that you have successfully defined the idempotent services settings,
carry out the following steps:

2.5.5.2

In transaction SM37, enter SAP_BC_IDP_WS_SWITCH* as the Job


name and * as the User name.

Choose Execute. A list with all scheduled jobs


SAP_BC_IDP_WS_SWITCH_BD and SAP_BC_IDP_WS_SWITCH_BDID
is displayed.

Creating a bgRFC Destination for Outbound


Queues

Procedure
1. In the NGW system, access the activity using the following navigation options:
Transaction code
SAP Reference
menu

SPRO
IMG

SAP NetWeaver Gateway Configuration Connection


Settings SAP NetWeaver Gateway to Consumer Create
RFC Destination for Outbound Queues

2. Choose Create.
3. In RFC Destination, enter IWFND_BGRFC_DEST.
4. In Connection Type, enter 3.
5. In Description 1, enter RFC Destination for Outbound Queues.
6. Choose Enter and choose the Special Options tab page.
7. In the Select Transfer Protocol section, select the option Classic with bgRFC from
the list and save your settings.
8. Confirm the warning message.
9. Choose Connection test.
10. Information about the connection type is displayed.

SAP AG Page 15 of 68

SAP Best Practices

2.5.5.3

Mobile Infrastructure Configuration (M30): Configuration Guide

Registering the bgRFC Destination for the


Outbound Queue

Procedure
1. In the NGW system, access the activity using the following navigation options:
Transaction code

SPRO

SAP NetWeaver Gateway Configuration Connection


Settings SAP NetWeaver Gateway to Consumer Register
RFC Destination for Outbound Queues
2. Choose the Define Inbound Dest. Tab page.
SAP Reference
menu

IMG

3. Choose Create.
4. In the Inb. Dest. Name field, enter IWFND_BGRFC_DEST.
5. Choose Enter and Save.
6. In the New Prefix field, enter IWFND_CNP, for example, and choose Create.
Repeat the step using IWCNT_WF, for example.
7. Save your settings.
8. On the Scheduler: Destination tab page, choose Create.
A message asking if you want an outbound or inbound destination is displayed.
9. Choose Inbound.
10. In the Destination field, enter IWFND_BGRFC_DEST and choose Save.
11. Save your settings.

2.5.5.4

Creating the bgRFC Supervisor Destination

Prerequisites
The bgRFC supervisor user you specify must have authorizations from the
authorization object S_RFC. These are defined in role
SAP_BC_BGRFC_SUPERVISOR.

Procedure
1. In the NGW system, access the activity using the following navigation options:
Transaction code

SPRO

SAP NetWeaver Gateway Configuration Connection


Settings SAP NetWeaver Gateway to Consumer Create
bgRFC Supervisor Destination
2. On the Define Supervisor Dest. Tab page, choose Create.
SAP Reference
menu

IMG

3. In the Destination Name field, enter BGRFC_SUPERVISOR.


4. In the User Name field, enter a user name, for example, BgRFC_user.

SAP AG Page 16 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

5. Select Create User and choose Enter.


6. Choose Save.
7. Select Generate Password and choose Save.
8. On the bgRFC Destination tab page, choose Save.

2.5.5.5

Checking bgRFC Configurations

Procedure
1. In the NGW system, access the activity using the following navigation options:
Transaction code
SAP Reference
menu

SPRO
IMG

SAP NetWeaver Gateway Configuration Connection


Settings SAP NetWeaver Gateway to Consumer Check
bgRFC Configurations

The check results are displayed.


2. For information on the various check result list items, mark the relevant message and
choose Technical Info.
3. Proceed according to the information provided in the messages and choose Continue
(Enter).

2.5.5.6

Creating an RFC Destination for the WSIL Service

Procedure
1. In the NGW system, access the activity using the following navigation options:
Transaction code

SAP NetWeaver Gateway Configuration Connection


Settings SAP NetWeaver Gateway to Consumer Create
RFC Destination for WSIL Service
On the Configuration of RFC Connections tab page, choose Create.
In the RFC Destination field, enter IWFND_WSIL_LOCAL_DEST.
In the Connection Type field, enter H.
In the Description 1 field, enter RFC Destination for WSIL Service.
Choose Enter.
On the Technical Settings tab page, enter the SAP NetWeaver Gateway host in the
Target Host field.
In the Service No. field, enter the HTTP port.
In the Path Prefix field, enter the path of the local WSIL service, for example,
/sap/bc/srt/wsil.
SAP Reference
menu

2.
3.
4.
5.
6.
7.
8.
9.

SPRO
IMG

The WSIL service lists the configuration of all web services exposed by the
system.
The /SAP/BC/SRT/WSIL service must have been activated in transaction SICF.
To obtain the WSIL URL, carry out the following steps:
1. Log on to the SAP system you specified as a provider, and enter
transaction SICF.

SAP AG Page 17 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

2. Enter WSIL for the Service Name and choose Execute.


The WSIL service is now displayed in the HTTP service tree.
3. Choose the WSIL entry to obtain its URL.
The path for the WSIL service is displayed: /default_host/sap/bc/srt/
The default value for the URL is: http://<host name:port>/sap/bc/srt/wsil
10. Save your settings.

2.5.6
2.5.6.1

Connection Settings Gateway System: SAP


NetWeaver Gateway to SAP Systems

Creating a Type 3 RFC Destination on SAP


NetWeaver Gateway Host to SAP System

Prerequisite
You have finished the configuration including the step User and Administrator Authorizations
in the SAP NetWeaver Gateway System.

Procedure
1. In the Gateway system NGW, access the activity using the following navigation options:
Transaction code
SAP Reference
menu

SPRO
IMG

SAP NetWeaver Gateway Configuration Connection


Settings SAP NetWeaver Gateway to SAP System
Manage RFC Destinations

2. Choose Create.
3. In the RFC Destination field, enter the RFC destination name in the following format:
<system id >CLNT<Client>, for example, <ERP>CLNT<302>.
4. In the Connection Type field, enter 3.
5. In the Description 1 field, enter an explanatory text, for example, RFC Destination to
SAP Server.
6. Save your settings.
7. On the Technical Settings and Load Balancing tab page, select the relevant option
according to your systems settings.
8. In the Target Host field, enter the (message) server name of the SAP system.
9. In the System Number field, enter the SAP Backend system number, for example, 00.
10. On the Logon & Security tab page, enter the SAP Backend client number, for example
302.
11. Activate Current User.
12. For Trust Relationship, choose Yes.
13. Save your settings.

SAP AG Page 18 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

To check that you have successfully created the type 3 connection, choose
Connection Test. The connection test should pass.
If the user ID with which you are logged on to SAP NetWeaver Gateway and
your user ID for the SAP system is the same, and this user ID has the object
S_RFCACL assigned to it on the SAP system, select Remote Logon. You
should not see any error messages in the status. If you have any problems,
check the SAP Note 128447 for troubleshooting tips.

2.5.6.2

Configuring the SAP NetWeaver Gateway Host to


Accept Assertion Tickets from SAP Business Suite
Systems

Prerequisites
In your SAP NetWeaver Gateway system NGW, the profile parameters are set as outlined
in ICF Services and Profile Parameters.

Procedure
1. In your SAP NetWeaver Gateway system NGW, go to transaction SSO2 to run the
SSO2 administration wizard.
2. Enter the Type 3 RFC destination created above (from your backend system) or the
Host Name and Instance Number for the backend system in the appropriate fields. For
example, <ERP>CLNT<302>.
3. Choose Execute.
4. Choose Activate (Enter Certificate in ACL and, if necessary, Certificate List) to configure
the SAP NetWeaver Gateway system.
If everything has been configured correctly the lights are green.

2.5.6.3

Creating the SAP System Alias for Applications

Procedure
1. In your SAP NetWeaver Gateway system NGW, access the activity using the following
navigation options:
Transaction code
SAP Reference
menu

SPRO
IMG

SAP NetWeaver Gateway Configuration Connection


Settings SAP NetWeaver Gateway to SAP System
Manage SAP System Aliases

2. Choose New Entries.


3. Enter the following details for the SAP system alias:
Field Name

Description

SAP System Alias

Name of the system alias, for example ERP

Description

Descriptive text for the system alias.

Local GW

The system that is responsible for processing (managing and


storing) the data of an inbound request is the local SAP NetWeaver
Gateway instance itself. This option is typically used for testing

SAP AG Page 19 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide


scenarios, for example when using the BOR Generator locally. If
you activate Local GW for a SAP System Alias called LOCAL, the
RFC Destination is usually NONE.

RFC Destination

Specify the RFC destination defined for your backend SAP Suite
system, for example <ERP>CLNT<302>

WS Provider
System

Name of the web service provider business system. Here, you only
need to enter a setting if you use content scenarios which are
configured via web services.

Software Version

This setting is specified by the content scenario you are using.


Typically, it is DEFAULT. Check the following to determine the value
to set for your GSDOs:
In transaction SPRO, open the SAP Reference IMG and navigate
to: SAP Reference IMG and navigate to: SAP NetWeaver
Gateway Generic Channel Development GSDO Types &
GSDO Contexts & GSI Implementations and choose Activity. Select
your GSDO type and choose GSI Implementation.

4. Save your settings.

2.5.6.4

Checking SAP System Aliases

Procedure
1. In your SAP NetWeaver Gateway system NGW, access the activity using the following
navigation options:
Transaction code
SAP Reference
menu

2.5.7

2.5.7.1

SPRO
IMG

SAP NetWeaver Gateway Configuration Connection


Settings SAP NetWeaver Gateway to SAP System Check
SAP System Aliases

Connection Settings Backend System: SAP


NetWeaver Gateway to SAP Systems

Defining Trust Between the SAP NetWeaver


Gateway Host and Your SAP Systems for Type 3
Connections

Prerequisites
You have finished the configuration including the step User and Administrator Authorizations
in the backend SAP Suite System.

Procedure
1. In the backend SAP business system ERP, open transaction SM59 and choose Create.
2. In the RFC Destination field, enter the RFC destination name in the following format:
<system id >CLNT<Client>, for example, <NGW>CLNT<100>.
3. In the Connection Type field, enter 3.

SAP AG Page 20 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

4. In the Description 1 field, enter an explanatory text, for example, RFC Destination to
SAP NetWeaver Gateway Server.
5. Save your settings.
6. On the Technical Settings and Load Balancing tab page, select the relevant option
according to your systems settings.
7. In the Target Host field, enter the (message) server name of the SAP NetWeaver
Gateway system.
8. In the System Number field, enter the SAP NetWeaver Gateway system number, for
example, 00.
9. On the Logon & Security tab page, enter the client number which is used in the
NetWeaver Gateway system NGW at Client, for example 100.
10. Check the Current User field.
11. Save your settings.
12. In transaction SMT1, choose Create.
The wizard for creating trusting relationships is displayed.
13. Proceed with the steps outlined in the wizard.
In the RFC Destination field, enter the RFC destination you created.
An RFC logon to the SAP NetWeaver Gateway host takes place and the necessary
information is exchanged between the systems.
14. Log on to the SAP NetWeaver Gateway host using your administrator user and
password.
The trusted entry for the SAP NetWeaver Gateway host is displayed.
15. Save your settings.

End users must have authorization object S_RFCACL assigned to them before
they can use a trusted connection.

2.5.7.2

Configuring the SAP System to Accept Assertion


Tickets from the SAP NetWeaver Gateway

Prerequisites
The profile parameters are set as outlined in ICF Services and Profile Parameters.

Procedure
1. In your backend SAP Suite system ERP, go to transaction SSO2 to run the SSO2
administration wizard.

SAP AG Page 21 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

2. Enter the Type 3 RFC destination created above (for your SAP NetWeaver Gateway
system) or the Host Name and Instance Number for the SAP NetWeaver Gateway
system in the appropriate fields, for example, <NGW>CLNT<100>.
3. Choose Execute.
On the Logon page, enter your password.
The SSO2 administration report for the designated SAP system is displayed.
4. Choose Activate (Enter Certificate in ACL and, if necessary, Certificate List) to configure
the SAP system.

2.5.8

Activating the SAP NetWeaver Gateway

Procedure
1. In your SAP NetWeaver Gateway system NGW, access the activity using the following
navigation options:
Transaction code

SPRO

SAP NetWeaver Gateway Configuration Activate or


Deactivate SAP NetWeaver Gateway
2. Choose Activate. A message is displayed informing you about the current status.
SAP Reference
menu

2.5.9
2.5.9.1

IMG

Connection Settings for OData Channel and BEP

Defining a Remote Function Call to SAP


NetWeaver Gateway

Procedure
1. In your SAP Backend Suite system, access the activity using the following navigation
options:
Transaction code
SAP Reference
menu

SPRO
IMG

SAP NetWeaver SAP NetWeaver Gateway Business Suite


Enablement Connection Settings to SAP NetWeaver
Gateway Create RFC Destination for Outbound Queues

2. Choose Create. The RFC Destination Window is displayed.


3. In RFC Destination specify a name for the RFC destination to be created. For example,
BEP_BGRFC_DEST.
4. In Connection Type, enter 3 for ABAP connections.
5. In Description 1, enter an explanatory text.
6. Choose Enter, and choose the Technical Settings tab page.
7. Enter the SAP NetWeaver Gateway host name in Target Host, and enter its
corresponding system number.
8. On the Logon & Security tab page, select Current User in the Logon section.
9. On the Logon & Security tab page, enter the gateway system client number in the
Client field, for example 100.

SAP AG Page 22 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

10. Choose Enter and choose the Special Options tab page.
11. Depending on the SAP NetWeaver version, proceed as follows:
o

For SAP NetWeaver 7.02, go to section Select Transfer Protocol and select 1
Classic with bgRFC from the list.

For SAP NetWeaver 7.0, go to section Select qRFC Version and select bgRFC
from the list in qRFC Version.

12. Choose Save and Yes to close the warning message that is displayed.
13. Choose Remote Connection to test the connection. Information about the connection
type is displayed.

2.5.9.2

Connection Settings to SAP NetWeaver Gateway

Procedure
1. In your backend SAP Backend Suite system, access the activity using the following
navigation options:
Transaction code
SAP Reference
menu

SPRO
IMG

SAP NetWeaver SAP NetWeaver Gateway Business Suite


Enablement Connection Settings to SAP NetWeaver
Gateway SAP NetWeaver Gateway Settings

2. Choose New Entries and enter the following:


o

Destination System
Specify the system name of the host of the SAP NetWeaver Gateway, for
example NGW.

Client
Specify the system client ID of the host of the SAP NetWeaver Gateway. The
client ID you specify should be in the specified system. For example 100.

System Alias
Enter a unique name for the host of the SAP NetWeaver Gateway, for example
NGW_100.

RFC Destination
Specify the name of the RFC destination to the host of the SAP NetWeaver
Gateway. For example BEP_BRFC_DEST.

3. Save your settings.

2.5.9.3

Configure the bgRFC Supervisor Destination

Prerequisites

SAP AG Page 23 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

You have created a system user of type B called BGRFCSUPER. Use transaction
SU01 to create the system user. This user is used for the bgRFC communication
using the destination you create. For example, BGRFC_SUPERVISOR.
You have assigned the role SAP_BC_BGRFC_SUPERVISOR to the user
BGRFCSUPER. Use transaction SU01 to assign the role to the user
BGRFCSUPER.
For SAP NetWeaver 7.0, you have created a bgRFC destination as an ABAP
connection using the RFC destination name BGRFC_SUPERVISOR without load
balancing, target host, SAP NetWeaver Gateway host and service.
o

Specify the user, language and password. This ensures that the scheduler
is activated on the same application server as the specified user.

Later, you configure the supervisor destination for the bgRFC to receive the
configuration settings for the bgRFC scheduler.

The bgRFC supervisor user you specify must have authorizations from the
authorization object S_RFC. These are defined in the role
SAP_BC_BGRFC_SUPERVISOR. The procedure you employ depends on the
version of SAP NetWeaver in your system.

Procedure
1. In your backend SAP Suite system ERP, access the activity using the following
navigation options:
Transaction code
SAP Reference
menu

SPRO
IMG

SAP NetWeaver SAP NetWeaver Gateway Business Suite


Enablement Connection Settings to SAP NetWeaver
Gateway Create bgRFC Supervisor Destination

2. Choose the Define Supervisor Dest tab page.


3. Depending on the version of SAP NetWeaver, do the following:
o

For SAP NetWeaver 7.02, choose Create. The Create bgRFC Destination for
Supervisor window is displayed.
1. Choose Create User. For example BGRFCSUPER.
2. Save your settings.

For SAP NetWeaver 7.0, make sure you have already created a separate
bgRFC destination for the supervisor using the name BGRFC_SUPERVISOR.
1. Enter the bgRFC supervisor destination name BGRFC_SUPERVISOR
in Destination under New Supervisor Destination.
2. Choose Enter. The supervisor destination and the user details are
displayed.

4. In the bgRFC Configuration window, choose Save.

SAP AG Page 24 of 68

SAP Best Practices

2.5.9.4

Mobile Infrastructure Configuration (M30): Configuration Guide

Monitoring bgRFC Queues

Procedure
1. In your backend SAP Suite system ERP, access the activity using the following
navigation options:
Transaction code
SAP Reference
menu

SPRO
IMG

SAP NetWeaver SAP NetWeaver Gateway Business Suite


Enablement Connection Settings to SAP NetWeaver
Gateway Monitor bgRFC Queues

2. Select the option for the Outbound scenario and the Queued unit type. Select other
parameters of the monitor as required.
3. Choose Execute to run the monitor. The status of the queues is displayed.
4. Monitor the Queue with the Event ID and instance number for the messages which
were not sent.

2.5.10 Configure the Data Model on the Backend Suite


System
2.5.10.1

Maintain the Object Model

Use
In this activity, you register the metadata class and define an application name for certain
mobile applications.

Prerequisites
You have installed the related add-on for the mobile application in the backend SAP Suite
system.

Procedure
1. In your SAP backend Suite system, access the activity using the following
navigation options:
Transaction code

SPRO

IMG menu

SAP NetWeaver SAP NetWeaver Gateway Business Suite


Enablement Backend OData Channel Maintain Object
Models

2. In the Maintain Object Model Window, input a unique name in Technical Model
Name, for example LWMSD_ORDERSTATUS_MODEL, and choose Create.
3. In the Create Object Model Window, input the metadata class name in table 2.1.
Refer to mobile application names in the first column.
4. Enter a descriptive text in the Description field.
5. Save your settings.
Table 2.1

SAP AG Page 25 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Mobile Application Name /


Technical Model Name

Meta Data Class Name

SAP Order Status


LWMSD_ORDERSTATUS_MODEL

CL_LWM_ORDERSTATUS_MD

2.5.10.2

Maintain the Service

Use
OData Channel implementations retrieve the data from an SAP Business Suite system, that
is, a backend system. For this, you first have to define a service in the backend system.
Object models and their groups have to be registered.

Prerequisite
You have finished the previous step Maintain Object Model within the mobile application
Order Status.

Procedure
1. In your backend SAP Suite system ERP, access the activity using the following
navigation options:
Transaction code

SPRO

IMG menu

SAP NetWeaver SAP NetWeaver Gateway Business Suite


Enablement Backend OData Channel Maintain Service

2. Enter an Internal Service Name which can include a namespace. For example
LWMSD_ORDERSTATUS_Service
3. Enter 0001 as Version.
4. Choose Create.
5. Enter the Data Provider Class which is the name of the class providing the runtime
data for this model group (that is, for the corresponding service). This class
implements interface /IWBEP/IF_MGW_CORE_SRV_RUNTIME. For the Order
Status, check the table 2.2.
6. Enter an explanatory text as Description.
7. Save your settings.
8. To assign the data object model to the service you have just created, choose
Assign Model.
9. Enter the Technical Object Model Name, for example
LWMSD_ORDERSTATUS_MODEL, and the corresponding Object Model Version
0001.
10. Choose Save.
Table 2.2
Internal Service Name

Data Provider Class

LWMSD_ORDERSTATUS_MODEL

CL_LWM_ORDERSTATUS_RT

11. In your backend SAP Suite system ERP, access the activity using the following
navigation options:
Transaction code

SPRO

IMG menu

SAP NetWeaver SAP NetWeaver Gateway Business Suite


Enablement Backend OData Channel Display Object
Models and their Groups

12. Check whether the internal service has been created successfully.

SAP AG Page 26 of 68

SAP Best Practices

2.5.11

Mobile Infrastructure Configuration (M30): Configuration Guide

Activate the Gateway Service

Use
OData Channel implementations retrieve the data from an SAP business system, that is, a
backend system.
Once a service has been defined in the backend system, the service must be registered or
activated in the SAP NetWeaver Gateway system. For this, you can use this activity.

Prerequisites
You have finished the steps Maintain Object Model and Maintain Service for the Order
Status.

Procedure
1. Access the activity using the following navigation options:
Transaction code

SPRO

IMG menu

SAP NetWeaver Gateway Administration OData


Channel Activate Services

2. Choose Activity.
3. Enter the System Alias and choose Execute (F8). On the screen, all GSDO groups
that have been created in the relevant backend system are listed.
4. Select the GSDO group you want to activate and choose Enable Service. The light
in front of the service switches to green.
5. Select the GSDO group you have just activated and choose Call Browser to test the
service at the web browser.
6. The web browser prompts the input of user and password. Input the user iconnect
and relevant password.

Result
In the web browser, an xml demonstrating the data service is displayed.

2.6 Sybase Unwired Platform 2.1 Installation


2.6.1

Preparing for the Installation

Prerequisites
The host on which you are installing the Sybase Unwired Platform 2.1 meets the system
requirements and is ready for the installation.

Procedure
1. Confirm that the installation target host meets the minimum system requirements for all
Unwired Platform components to be installed.
2. Verify that you have administrative privileges on the installation target host, for
example, vmw1234.cn.sap.com.
3. If the %JAVA_TOOL_OPTIONS% environment variable is set, remove it before
installing the Unwired Platform.

Right-click My Computer and select Properties.

Choose Advanced System Settings.

SAP AG Page 27 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

On the Advanced tab page, choose Environment Variables.

Select JAVA_TOOL_OPTIONS, then choose Delete.

Choose OK to exit all dialogs.

You can also delete (set to NULL) the environment variable through the
command window.

Set JAVA_TOOL_OPTIONS=

Note: As an alternative to deleting the environment variable, you can


unset it from a command prompt window before running the installer
from the command prompt window.
4. Shut down all Sybase software, Sybase processes, and associated third-party
processes running on the installation target host.

2.6.2

Entering License Information

Procedure
1. Start the Sybase Unwired Platform installer by browsing the location of the setup.exe,
and choose it.
2. On the Installer welcome page, choose Next.
3. Select your license model and choose Next.
Options

Description

Evaluation

Allows you to evaluate the Unwired Platform for 30 days. A


license file is not required.

Unserved (local) License

Standalone license managed locally by the host

Served (remote) License

Standalone license managed by a license server

4. Select the country of your choice on the end-user license agreement page.
5. Accept the terms of the license agreement and choose Next.
6. On the license details page, select Enterprise Deployment as the License Product
Edition.
7. Enter the value 0 for the Number of Client Licenses.
8. Enter the location of your license file.
If you selected the Unserved (local) license, enter the absolute path to the license file
on the installation target host.

You can obtain the license file from the installer folder. This is a temporary
license and is strictly for internal use.
If you run into an error, such as Failed to check out license, choose OK. Then
choose Back to confirm the license model (served or unserved), License
Product Edition, and License Type.

2.6.3

Selecting Installation Options

Use
In this tep, you specify the installation directory, installation type, Unwired Platform
components, and additional installation options.

SAP AG Page 28 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Procedure
1. Specify the installation location on the target host.
If you specify a non-default location, all directory names in the absolute path should
contain only:

ASCII alphanumeric characters

Underscore ( _ ) or hyphen ( - ) characters

No space characters and no other symbols are allowed in the path to the
installation location.
2. Choose Next.
3. On the installation type page, select SUP 2.1 Lite installation.
4. Choose Next.
If you do not have VC Runtime 2005 installed on your system, you need to install it
through the installation wizard.
5. (Optional) Select additional installation options:

Configure Unwired Platform communication ports to change default


ports.

Set Sybase Unwired Platform services to start automatically to start


services automatically when Windows starts.

6. Choose Next.
7. (Optional) If you selected Configure Unwired Platform communication ports, change the
port numbers as needed:

General ports:
Server administration
Data change notification

Synchronization ports:
Messaging
Replication

8. Choose Next.
9. Enter the supAdmin and supDomainAdmin password and choose Next.
10. On the summary information page, verify the installation components and choose
Install.
11. (Optional) Check the View Release Bulletin option.
12. Choose Finish.

2.7 Relay Server Setup


2.7.1

Installation and Configuration of the Relay Server

The following list gives you an overview of deploying the Relay Server to IIS on Windows:
1. Deploy the Relay Server components.
2. Deploy the web server extensions and State Manager.

Create an application pool.

Enable the Relay Server web extensions and deploy the Relay Server configuration
file.

SAP AG Page 29 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

3. Deploy Relay Server configuration updates as necessary.


The following list gives you an overview of deploying the Relay Server to Apache on Linux:
1. Deploy the Relay Server components.
2. Deploy the web extension files and State Manager.
3. Deploy Relay Server configuration updates as necessary.

2.7.1.1

System Requirements

Supported operating systems


Relay server 11.0.1 or higher version must be installed. Binaries and
documentation included on installation media.
Operating System with Service Pack

Hardware

RAM

Microsoft Windows Server 2003;


Standard or Enterprise Edition (32- or 64bit): SP2

1 or more CPUs, 2GHz or greater

2 GB

Microsoft Windows Server 2008;


Standard or Enterprise Edition (32- or 64bit)

1 or more CPUs, 2GHz or greater

2 GB

Microsoft Windows Server 2008 R2;


Standard or Enterprise Edition

1 or more CPUs, 2GHz or greater

2 GB

Red Hat Enterprise Linux 5


32-bit Kernel 2.6.18-8.el5
64-bit Kernel 2.6.18-92.1.1.el5

1 or more CPUs, 2GHz or greater

2 GB

Disk Space Requirements:


Component

Required Space

Relay server 11.0.1 or higher

10MB

Web Server Platform Requirements:


Web Server

Version

Microsoft Internet Information Services (IIS) on Microsoft


Windows

6.0, 7.0, 7.5

Apache HTTP Server on Linux

2.2.8, 2.2.15

2.7.1.2

Deploying the Relay Server on IIS 6.x Web


Servers
This document deals with deploying relay server to IIS 6.x.
1. To deploy the Relay Server components on IIS 7.x on Windows, see
http://infocenter.sybase.com/help/index.jsp?

SAP AG Page 30 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

topic=/com.sybase.infocenter.dc01205.0200/doc/html/aba1300903219452.
html.
2. To deploy the Relay Server components on Apache Web server, see
http://infocenter.sybase.com/help/index.jsp?
topic=/com.sybase.infocenter.dc01205.0200/doc/html/aba1300903216624.html.

2.7.1.3

Deploying the Web Server Extensions and State


Manager on the Relay Server

Procedure
1. After installing the Sybase Unwired Platform, log on to the system designated for the
Relay Server.
2. There are two versions of relayserver zip files in the SUP installation package
~\modules\relayserver:

for 32-bit operating systems, use relayserver.zip

for 64-bit operating systems, use relayserver_x64.zip

3. Unzip the correct zip file (depending on OS) under the web site home directory that you
use for the relay server, for example, relay1234.
Unzip the file into the folder C:\Inetpub\wwwroot.
The zip file contains the directory \ias_relay_server with two sub directories, \Client and
\Server, which contain the required executables and DLLs for the relay server.

2.7.1.4

Creating an Application Pool on the Relay Server

Procedure
1. Start the IIS Manager Console. On a command prompt, run
mmc %systemroot%\system32\inetsrv\iis.msc
2. Right-click the Application Pools, and create a new application pool, for example
RS_POOL.
3. Edit the properties for the application pool you created:

Choose the Recycling tab page, and turn off all the recycling options.

Choose the Performance tab page, and turn off Shutdown Worker Processes
After Being Idle.

2.7.1.5

Enabling the Relay Server Web Extensions on the


Relay Server

Procedure
1. On the IIS Manager Console, go to Web Sites Default Web Site ias_relay_server.
Check the correctness of the Port Information: On the IIS Manager Console, go
to Web Sites Default Web Site, right-click and choose Properties Web
Site tab page. Make sure the TCP port and IP address are correctly mentioned.
This TCP port is used for connecting to the relay server.
2. Right-click ias_relay_server, and select Properties.

SAP AG Page 31 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

3. Choose the Directory tab page, and proceed as follows:

Set Execute permissions to Scripts and Executables.

Choose Create under Application Settings. Select the Application pool you created
as the associated application pool.

4. Under Web Server Extensions in the IIS manager, allow both rs_server.dll and
rs_client.dll to be run as ISAPI.

Choose Add a new web service extension

Enter the Extension Name, for example: IIS_RELAY.

In Required files, choose Add

Add rs_server.dll and rs_client.dll. You find them under the web site home
directory that you use for the relay server, usually C:\Inetpub\wwwroot.

Select the Extension Name and choose Allow.

5. Configure IIS for Unwired Platform device clients to communicate with the relay server:

Run IIS admin scripts, which are located in \Inetpub\AdminScripts.

Run the following console commands:


cscript adsutil.vbs set w3svc/1/uploadreadaheadsize 0 iisreset

If you do not perform this configuration step, the following error message is displayed:
Could not connect to the Server. Session did not complete.

2.7.1.6

Configuring the Relay Server Configuration File


(rs.config) on the Relay Server

Procedure
1. Log on to your Sybase Control Center with user supAdmin.
2. Choose your Unwired Platform Cluster root node on the left pane, and select the
Relay Servers tab page on the right pane.
3. Choose New, in the Relay Server Configuration dialog box, input the value as in the
following table:
Field Name

Field Value

Host

Relay server host name, it should be a public internet domain name


or a public internet IP address of this relay server

Http port

default 80, if you do not change the port on your IIS/Apache server
configuration

Https port

default 443, if you do not change the port on your IIS/Apache server
configuration

URL suffix

/ias_relay_server/server/rs_server.dll

Description

Descriptive text

4. Choose Next.
5. Create the relay server farm:

Configure these properties:

Farm ID the server farm for which the relay server manages requests.
This property is case-sensitive. The configured value must match the value
defined for the RSOE or the connection fails.

SAP AG Page 32 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Type the type of request managed by the relay server: replication based
synchronization (RBS) or messaging based synchronization (MBS), in our
scenario, we must select messaging.

(Optional) Description describes the relay server farm usage.

Choose +.

Repeat the first and second step to add multiple server farms.

To delete a configured farm, select it in the list of configured farms, then choose
X.
6. Assign the farm to a server node for the type you created:

Select an existing farm name you want to assign a server node to:

Configure these properties:


o

Node ID the node string that identifies the backend replication or


messaging-based cluster. Combine one or more Unwired Servers to
create a single server node. This property is case-sensitive. The
configured value must match the value defined for the RSOE or the
connection fails, in our scenarios, enter vmw1234.
Token the security token used by the server node to authenticate the
backend server connection with the relay server. Each node requires a
unique token: specify a unique string to a maximum of 2048 characters,
for example, 91ae78ca50b90b02cef494c869c6.

Choose +.

Repeat the first and second steps to add multiple server nodes.

To delete a configured node, select it in the list of configured farms and choose
X.
7. Choose Next to review your settings or choose Finish to exit the wizard.
8. Choose Generate. Choose the Relay server configuration properties file, Whole
relay server, choose Next. Then choose Finish, and save the rs.config file on your
desktop.
On the Relay Server, deploy the relay server configuration file (rs.config) by creating the
configuration file and copying it to the ias_relay_server\server directory.
An example of rs.config is as follows:
#------------------------------------# Relay server with auto start option
#------------------------------------[options]
start = auto
verbosity = 1
#
# When start=auto and the relay server host is active, the default log
# file name is %temp%\ias_relay_server_host.log. When you shut down
# the relay-server host, the log file is renamed to YYMMDDNN.log.
#-------------------# Relay server peers
#-------------------[relay_server]
enable
= yes
host
= relay1234.com
http_port
= 80

SAP AG Page 33 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

https_port = 443
description = Relay Server #1 in RS farm
#--------------# Backend farms
#--------------[backend_farm]
enable
= yes
id
= saap1
#client_security
= off
#backend_security = on
description
= abcXP SUP Server Farm
#----------------# Backend servers
#----------------[backend_server]
enable = yes
farm
= saap
id
= vmw1234
#mac
= 00-13-ce-52-a1-5f
token = 91ae78ca50b90b02cef494c869c6

2.7.1.7

Configuring the Relay Server to Run as a Window


Service

SAP recommends that you set up the relay server as a Windows service to ensure
that it automatically starts when the host is started.

Procedure
1. In the command prompt, enter the following at the command line and substitute all
parameter values to match your configuration:
dbsvc -as -s auto -w SUPRelayServer
"C:\inetpub\wwwroot\ias_relay_server\server\rshost.exe" -q -qc -f
c:\inetpub\wwwroot\ias_relay_server\server\rs.config -o c:\Sybase\logs\rs.log
By default, the dbsvc utility can be found in the \ias_relay_server\Server
directory.
Ensure that the folder path specified with the -o option exists. Otherwise, the
command fails.
2. This command configures the relay server host process (rshost.exe) as a Windows
service. To start the rshost service, from the Windows Services control panel,
proceed as follows:
o

Locate the SQL Anywhere - SUPRelayServer service.

To start the service, right-click the service, and choose Start.

From the command prompt, the following options are available:


o

Change to C:\inetpubs\wwwroot\ias_relay_server\Server

To start the service, enter dbsvc.exe -u SUPRelayServer

To stop the service, enter dbsvc.exe -x SUPRelayServer

To uninstall the service, enter dbsvc.exe -d SUPRelayServer

SAP AG Page 34 of 68

SAP Best Practices


o

Mobile Infrastructure Configuration (M30): Configuration Guide

To update the rshost with the latest relay server configuration, enter
rshost.exe f rs.config u

When you delete a service, restart the machine before you recreate it.

2.7.2

Configuring the Relay Server with the Sybase


Control Center

Use
Use the Sybase Control Center to connect to a relay server.

Procedure
1. Configure the Relay Server Outbound enabler. Choose the host cluster node,
localhost@localhost(running), expand the node and choose Servers vmw1234
( this is the example in our scenarios, the sup server host name ) Server
Configuration.
2. Choose the the Outbound Enabler tab page on the right pane an choose New.
3. In the Add Configuration dialog box, select Farm type as Messaging. Then, all of
the settings apply to the relay server configuration you have just created.
4. Choose Next and choose the proxy server you are using to browse the internet in
your intranet network. Choose Configure at the Proxy Server block. Choose New to
add a new proxy setting, for example Host proxy, Port 8080, and choose OK.
5. Choose the proxy setting you have just created in Proxy server. Choose Next.
6. Choose Finish.
7. Choose the line you have just created, check the checkbox at first column, and
choose Start.
8. Make sure the Status shows Running.
If SUP 2.1 and Relay servers are up, connected, you still cannot successfully
connect a device to SUP through the Relay Server. Then copy the file
dbleng11.dll (on Relay Server) from the ...\ias_relay_server\server\ folder to
the <Windows>\System32 folder.
You cannot maintain several profiles for one device ID in the Sybase Control
Center. Delete redundant entries and keep only one line item per device.
You can find log files for IIS on the Relay Server at:

<Windows>\system32\LogFiles\HTTPERR

<Windows>\system32\LogFiles\W3SVC1

2.8 Application Enabling in SUP and User


OnBoarding
2.8.1

Security Configuration

Use

SAP AG Page 35 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Post user enablement with automatic onboarding: the same security configuration is used
for the backend authentication with each request response.
SSO 2 cookie, username/password (LDAP) is passed as it is to backend by SUP as part of
the request headers. This information is stored by SUP client in secure vault.
With manual white-listing, the application needs to provide the basic username and
password for the backend for each request. The application user details are persisted in the
secure vault.
In our scenario, you need to configure two types of security configuration: Basic and SSO2.

Procedure
1. Open the Sybase Control Center (https:// vmw1234.cn.sap.com:8283/scc) in your web
browser and log on with supAdmin.
2. In the left navigation pane, expand the Security folder.
3. In the right administration pane, choose New.
4. Enter a name for the security configuration, for example Basic and choose OK.
5. In the left navigation pane, under Security, select the new security configuration.
6. In the right administration pane, choose the Settings tab page to set an authentication
cache timeout value.
The timeout determines how long authentication results should be cached before a user
is required to re-authenticate. For details, see Authentication Cache Timeouts in
System Administration. To configure this value, proceed as follows:

Set the cache timeout value in seconds. The default is 3600.

Choose Save.

7. Select the Authentication and the Authentication provider


com.sybase.security.core.NoSecLoginModule.
8. Select and set the property and value as follows:

Property

Value

Control Flag

required

Use User Name as Identity

true

9. Choose the General tab page and choose Apply to save the settings.
10. In the left navigation pane, expand the Security folder.
11. In the right administration pane, choose New.
12. Enter a name for the security configuration, for example SSO and choose OK.
13. In the left navigation pane, under Security, select the new security configuration.
14. In the right administration pane, choose the Settings tab page to set an authentication
cache timeout value.
The timeout determines how long authentication results should be cached before a user
is required to re-authenticate. For details, see Authentication Cache Timeouts in
System Administration. To configure this value, proceed as follows:

Set the cache timeout value in seconds. The default is 3600.

Choose Save.

15. Choose the Authentication tab page. Select the existing security provider type and
choose Delete.

SAP AG Page 36 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

16. Choose New, in the Add Provider dialog box, select the authentication provider
com.sybase.security.sap.SAPSSOTokenLoginModule.
17. Select and set the property and value as follows:

Property

Value

Control Flag

Optional

SAP Server URL

Find it in transaction SICF, expand default_host, go to sap bc


ping, right-click it and choose Test Service; you get the URL like
http://vmw3815.cn.sap.com:50009/sap/bc/ping?sap-client=100

18. Choose the General tab page, and choose Apply to save the settings.

2.8.2

Create the Application ID and Application


Connection Template

Procedure
1.
2.
3.
4.

5.
6.
7.

8.

Open the Sybase Control Center and log on as the user supAdmin.
Choose Applications on the left navigation pane named Unwired Platform Cluster.
Choose New on the Applications tab page to add a new application registration.
In the Application Creation dialog box, enter a unique Appllication ID, for Order
Status it is com.sap.bsuite.erp.ops.orderstatus, enter a name for the application in
the Display name.
Choose Basic or else in the Security configuration.
Choose Next.
In the Application Creation dialog box, select Proxy in the left panel, enter the
OData Service URL for the mobile application in the Application Endpoint, for
example,
http://vmw3815.cn.sap.com:50009/sap/opu/sdata/sap/LWMSD_ORDERSTATUS_
MODEL/. Choose Connection and set the value of the Farm ID as one of your sup
server farm IDs, for example, saap1.
Choose Finish to save the settings.

2.8.3

Register the Activation User for the Application


using the Basic Security Configuration

1. Open the Sybase Control Center and log on as the user supAdmin.
2. Choose Applications on the left navigation pane named Unwired Platform Cluster.
3. Choose Register a new application connection on the Application Connection tab
page.
4. In the Register Application Connection dialog box, enter a user name in the User
field, for example iactivate.
5. Select the application with the Basic Configuration you registered in the previous
step in the Template.
6. Optional: Check the Specify activation code and specify an activation code for the
device, for example 123. It must be three digital characters.
7. Choose OK to save the settings.
Once the device was being connected to the SUP successfully and the device
was being wiped afterwards for any reason the registration record on SUP needs

SAP AG Page 37 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

to be deleted and a new one needs to be created. Otherwise an error message


Error could not connect to Server shows up on the device.

2.9 Afaria Setup


This chapter is optional for the package, yet using Afaria for Mobile Device Management is
preferred in productive environment.

2.9.1

Scenario Overview

This section outlines different points to consider when you install the system components
necessary for Afaria.
We assume that you understand Networks and mobile platform management.

Figure 1: A typical Landscape for Afaria Components


The target reader of this document is Afaria consultant in your implementation project.
The target of this document is to help an Afaria consultant build up the mobile infrastructure
and deploy, manage and test mobile apps with an iPhone, Blackberry or Android devices.
The following step is an overview:
1. Afaria Installation and Configuration

Afaria Installation

Afaria Administrator Installation

Portal Package Installation

Relevant Fix Pack, Hot Fixes, patches

2. OTA Installation & Configuration

OTA Installation

Configuring FastCGI to HostPHP on IIS7

3. Relay Server Installation & Configuration

SAP AG Page 38 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Relay Server Installation

Afaria & Relay Server Configuration

4. Configuration for Afaria Client Notification (Optional)

SMS Gateway Configuration

5. iOS Provisioning Server Installation & Configuration

Obtaining iOS certificates

Installing iOS Provisioning Server (Basic)

Configuration of Certificate Authority (CA)

Adding iOS Certificates to Afaria

Configuring the Relay Server for iOS Connections

6. Device Provisioning

Configure Client Types and Groups

Create Default Profiles for iOS and Blackberry and Android Devices

Creating Afaria client for Blackberry Devices and android

Publish Blackberry and Android Afaria client via OTA and Send notification to
device (Optional)

Installing Afaria clients on iOS devices from iTunes

Configuring Afaria clients to connect to Afaria

Approving client on Afaria Server

2.9.2

Sybase Afaria Server 6.6 FP1 Installation

2.9.2.1

Preparing for the Installation

Prerequisites
The host on which you are installing the Sybase Afaria 6.6 FP1 meets the system
requirements given in link provided in section 1.2.1 and is ready for the installation.

Procedure
1. Confirm that the installation target host meets the minimum system requirements for all
Afaria components to be installed.
2. Verify that you have administrative privileges on the installation target host, for
example, vmw1234.cn.sap.com.
3. Creating User Accounts for Installing and Operating Afaria
a. On the planned server, create a local or domain Windows user account with the
following attributes:
Password Never Expires
Logon as Service
b. Add the user to the planned servers local administrators user group.
c. Record the account credentials to use when you install the Afaria server and the
Afaria Administrator programs.
d. (Active Directory environment) On the domain controller, update the user account
properties (AccountName > Properties > Account > Log On To) to ensure the Log
On To list of logon workstations is either unrestricted or includes the planned Afaria
Administrator server and all planned Afaria Administrator browser computers.
e. For each additional domain that you plan to authenticate users against for
operations, and using the same credentials and attributes as the first account,
create a local account on the domains domain controller.

SAP AG Page 39 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

4. Shut down all Sybase software, Sybase processes, and associated third-party
processes running on the installation target host.

2.9.2.2

Creating Afaria Database

Procedure
1. Create a database with the following attributes:

Datafiles Automatically Grow File, Unrestricted Filegrowth.

Transaction Log Minimum size 25 MB, Automatically Grow File, Unrestricted


Filegrowth.

2. Create a role called db_executor with the execute right.


3. For the user you plan to use for Afaria operations with the database, ensure the user
has the following attributes for your Afaria database:

Default schema dbo

Role db_ddladmin

Role db_datawriter

Role db_datareader

Role db_executor

Password does not contain the semicolon (;) character

4. For details, see your SQL Server documentation.

2.9.2.3

Starting Afaria Server Setup

Procedure
1. On the server of interest for a planned installation item, close all running programs.
2. Copy the entire Afaria product image to a local destination.
3. On the root directory of the image, locate the setup.exe file.
4. Open setup.exe to launch the setup program and open the Afaria Setup Menu.

2.9.2.4

Entering License Information

Procedure
1. Click View or Update License Key.
2. Type your license key into the key box. Choose Licensing Details to review your
licensing information.
3. The maximum number of concurrent sessions supported per server depends on your
licensing. The ability to run the maximum number of licensed concurrent sessions
depends upon the amount of memory, the speed, and number of the processors on
your server.
4. Choose Apply to save the license key and return to the setup menu with your licensed
options available.
5. For updating your license key, complete a reinstallation for the server.
6. The reinstallation updates the server as necessary to support the license change.

SAP AG Page 40 of 68

SAP Best Practices

2.9.2.5

Mobile Infrastructure Configuration (M30): Configuration Guide

Installing Afaria Server

Use
In this step, you specify the installation directory, installation type, Afaria components, and
additional installation options.

Procedure

On the setup menu, click Install.

Click Server. The program opens the End User License Agreement dialog box.

Click Yes or No to indicate your acceptance or rejection. The installation continues only
when you accept the agreement. Accepting the agreement opens the Welcome dialog.
Click Next.

Select your database type.

Select the SQL Server to use with Afaria.

Select either Windows Authentication to use a Windows administrator account with SQL
Server privileges or SQL Server Authentication to use the SQL Server account with its
associated password that you set up for Afaria. Click Next to continue.

On the SQL Server Database dialog, select the database you configured for Afaria.

If you are installing a replication server in a server farm environment, you must select
the database for the existing Afaria server.
If you are reinstalling the Afaria server as standalone, you must select a new database.

On the Confirm Server dialog, review the information to ensure it is consistent with your
intention, and click Next to continue.

On the Directory Selection dialog, accept the default location or click Browse to
navigate to a new location.

On the Service Account dialog, specify the account name and password to use to run
the Afaria service.
In the Server Selection dialog, accept the default name or enter a descriptive name for
the Afaria server.
Each replication server in a server farm must have a unique name. The server name
must not include the backslash (\) character.

If you are installing a replication server for a farm, go to step 16 directly.


In the Type of authentication dialog, select your authentication type.
NT domain authentication select NT domain-based and enter the domain you
plan to use for authentication. As the administrator, you must also be a member of
this domain.
Local authentication select NT domain-based and keep <none> as the
domain.

LDAP authentication select LDAP-based and click Configure LDAP.

SAP AG Page 41 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

If you are not using LDAP authentication, go to step 16 directly.


In the LDAP Server Login Information dialog, enter login information.
Server Address. Enter your LDAP server address as either a fully qualified
domain name such as afaria.mycompany.com or as an IP address.
Port Number. Afaria automatically defaults to the LDAP standard port 389. If
you enter another port number, you must enter a number greater than 1024.

Server Type. Select your LDAP Server type.

Use SSL. Select to enable SSL communication with your LDAP server.

SSL Port Number. Define the LDAP server port for SSL communications.

Anonymous Login. Select the Anonymous Login check box to allow the Afaria
server to communicate with the LDAP server without using a dedicated LDAP user
account for the server. If you select Anonymous Login, you should configure your
LDAP server to allow a search of the directory structure for users, user groups, and
organizational units and all of their attributes.
User DN. If you did not select Anonymous Login, enter the User DN
(Distinguished Name) for the LDAP account the Afaria server uses to communicate
with the LDAP server.
If you dont know the user name for the account, click Search User. You must have
an LDAP proxy user configured for an anonymous login to be able to search for
users. You can enter a name using a wildcard character to search for the correct
User DN. For example, you can enter *mith or *mit* to search for Smith.
Select the correct User DN and click OK to return to the LDAP Login Information
dialog box.
LDAP Class Name for Users. Select the LDAP Class Name for Users from the
list or enter one in the area provided. The user-related Class Names you have
created on your LDAP server appear here.
User Name Attribute. Select or enter the user name attribute you use in your
LDAP environment. Any name attributes you have configured for your LDAP server
appears here. When client users connect to the server, they enter their user ID as
the user name youve specified.
In the LDAP Container Settings dialog, select membership.
Select Support OU membership to assign channels to users based on the
organizational unit (OU) to which they belong.
Select Support OU and group membership if you want to assign channels to
users based on both the OU and groups to which they belong.
On the Ready to Start Installation dialog, click Install.
The Setup Complete dialog box opens when the installation is complete.

If you receive a message that a file is in use, choose one of the following options:

Abort. Quits the installation. If you are reinstalling Afaria and you click Abort
to quit the installation, you may find that some of the files were updated and
some were not. Run the install program again. If this does not work,
uninstall the Afaria Server program and run a fresh installation.

SAP AG Page 42 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Retry. Close the application using the file specified or close the file in your
Windows Task Manager, then select Retry. Setup tries to install the file
again. If this does not work, select Ignore.

Ignore. Continues the process but requires you to restart the computer in
order to complete the installation.

You may be prompted to restart your computer when the file copying process is
completed.
After restart, the installation program continues from the point at which it was
interrupted.
Select whether you want to start the service at this time.
To allow connections immediately, start the service. To continue with configuring the
server, do not start the service.
Click Finish.

2.9.2.6

Installing Afaria Administrator

Procedure
1. Start the setup program.
2. On the setup menu, click Install.
3. Click Administrator, and click Next to continue.
4. On the Select Virtual Directory dialog, define the virtual directory for Afaria in IIS. If you
created a directory, select it from the list. If you have not created a directory, type the
name for the directory to create it.
5. The directory appears in IIS under Default Web Site.

If you create your own virtual directory in IIS before you install Afaria, you must verify
that it is properly configured after you install Afaria Administrator. For more information,
see Verifying Afaria Administrator IIS Settings on page 38 of Afaria Installation Guide.
6. On the Select Physical Directory dialog, enter the physical location to install Afaria
Administrator files.

If you are installing Afaria Administrator on the same machine as the Afaria server, you
must install Afaria Administrator in a different directory.
7. On the Specify Credentials dialog, specify the account name and password you used
for the Afaria server install.
8. On the Domain Selection dialog, enter the domain name for the domain from which you
select users to administer the Afaria server. To limit selection to only local users, keep
<none> as the domain.
9. On the Ready To Start Installation dialog, click Install to begin the installation.
10. The Setup Complete dialog box opens at completion.

If during the installation you receive a message that a file is in use, you have the
following options:

Abort. Quits the installation.

SAP AG Page 43 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Retry. Close the application using the file specified or close the file in your
Windows Task Manager, then select Retry. Setup tries to install the file
again. If this does not work, select Ignore.
Ignore. Continues the process but requires you to restart the computer to
complete the installation.

You may be prompted to restart your computer when the file copying process is
completed.
The installation program continues from the point at which it was interrupted.
11. On the Setup Complete dialog, click Finish to close the installation program.

An Afaria Administrator shortcut appears on the desktop.

2.9.3

OTA Installation & Configuration

2.9.3.1

Setting Up the OTA Deployment Center on IIS

Procedure

From the IIS Web server, locate the setup program on the Afaria product image:
<Afaria Installation Folder>\OTADeploymentCenter\setup.exe

Launch the setup program and follow the wizard to completion.

2.9.3.2

Configuring FastCGI to Host PHP on IIS7

Procedure

Follow steps given at following Microsoft link:


http://technet.microsoft.com/en-us/library/dd239230(WS.10).aspx

2.9.4

Relay Server Installation & Configuration

2.9.4.1

Registering the IIS User Account with ASP.NET

Procedure

Navigate to the relay server command path:


C:\Windows\Microsoft.Net\Framework\<Version>
If you are operating your IIS Server with more than one version of ASP.Net, choose the
version that you are using to run your Web site.

Execute the ASP.NET registration command on the relay server with the grant access
option:
Command: aspnet_regiis.exe -ga IUSR_<MachineName>
The command is an example of the registration command with the grant access option
that is valid for ASP.Net 2.0.5. The command for your version of ASP.Net may differ.
Refer to your Microsoft IIS Server and ASP.NET product documentation for more
information about the IIS user and group and using the registration command.

SAP AG Page 44 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

2.9.4.2 Copying Relay Server Files


Procedure
1. Locate the files on the Afaria product image:
Copy folder: <product image>\relay_server\ias_relay_server
2. Copy folder ias_relay_server from the product image to the IIS Servers home
directory (e.g. C:\Inetpub\wwwroot). Ensure that you copy the folder, rather than just the
files in the folder.

2.9.4.3 Creating IIS Application Pools


Procedure

Creating a Server Application Pool with a user-defined Pool ID.

Assign the pool the following properties:

Recycling > Recycle worker processes (minutes) Disabled

Performance > Idle timeout Disabled

Performance > Request queue limit Disabled

Performance > Web garden A minimum of twice the number of servers making
requests

Health > Enable pinging Disabled

Health > Enable rapid-fail protection Disabled

Select Web Sites in the IIS Managers left pane and navigate to Default Web Site >
ias_relay_server > Server > right-click Properties > Directory.

Create an application directory with the following attributes:

Execute permissions Scripts and executables

Application pool Use the Pool ID that you created for the application pool

Creating a Client Application Pool with a user-defined Pool ID

Assign the pool the following properties:

Recycling > Recycle worker processes (minutes) Disabled

Performance > Idle timeout Disabled

Performance > Request queue limit Disabled

Performance > Web garden At least twice the number of servers making
requests, but no less than 5. You may want to increase the value if client
connections are frequently dropped or if clients experience bad throughput during
sessions.

Health > Enable pinging Disabled

Health > Enable rapid-fail protection Disabled

Select Web Sites in the IIS Managers left pane and navigate to Default Web Site >
ias_relay_server > Client > right-click Properties > Directory.

Create an application directory with the following attributes:

SAP AG Page 45 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Execute permissions Scripts and executables

Application pool Use the Pool ID that you created for the application pool

2.9.4.4 Adding Web Service Extensions to IIS


Procedure

In the IIS Managers left pane, select Web Service Extensions.

Add the Afaria Server Web service as a valid extension with the following attributes:

Extension name User-defined name for the server extension

Required files ias_relay_server\server\rs_server.dll

Set extension status to Allowed Enabled

Add the Afaria Client Web service as a valid extension with the following attributes:

Extension name User-defined name for the client extension

Required files ias_relay_server\client\rs_client.dll

Set extension status to Allowed Enabled.

2.9.4.5 Updating the Relay Servers IIS Configuration


Procedure
1.

Run the relay servers IIS adsutil.vbs script to define the IIS Server client request buffer
handling for the application pool.

2.

Locate the adsutil.vbs script. Script location example: C:\Inetpub\AdminScripts

3.

Run the script to set the UploadReadAheadSize property.

4.

Script command: cscript adsutil.vbs set w3svc/1/uploadreadaheadsize 0


5.

The command returns the current value of the uploadreadaheadsize variable.

2.9.4.6 Editing the Relay Server Configuration


Procedure
1. Locate the sample configuration file.
Location: <wwwroot location>\ias_relay_server\server\rs.config
2. Modify above file to sample file given below:
#------------------------------------# Relay server with auto start option
#------------------------------------[options]
start = auto
verbosity = 1
# Note: When auto start is used, the default log file is
#
%temp%\ias_relay_server.log while rshost is active and
it will
#
be renamed using YYMMDDNN.olg filename format upon
shutdown.

SAP AG Page 46 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

#-------------------# Relay server peers


#-------------------[relay_server]
enable
= yes
host
= 10.136.148.202
http_port
= 80
https_port
= 443
description
= Relay Server installed
#--------------# Backend farms -- Afaria
#--------------[backend_farm]
enable
= yes
id
= afaria
client_security = off
backend_security= off
description
= Afaria Farm
#----------------# Backend servers -- Afaria
#----------------[backend_server]
enable
= yes
farm
= afaria
id
= MobileRDSAfaria
#mac
= 01-23-45-67-89-ab
token
= 4321
3. Restart relay server to utilize above changes using following command or restarting IIS
service (If relay server service was configured earlier)
rshost.exe -u -qc -f rs.config

2.9.5

Configuration for Afaria Client Notification


(Optional)

2.9.5.1

Setting up SMS Gateway

Procedure
1. Start the setup program.
2. On the setup menu, click Additional Installations and Resources > Access SMS
Gateway Resources.
3. On the Afaria third-party component dependency reference page, find version
information and download instructions for obtaining the Cygwin components.
SMS gateway operations use only some of the components of the Cygwin product.
Therefore, the installation steps describe a manual process for installing only the
component that the SMS gateway requires, rather than using Cygwins installation program.
4. Use a decompression utility to decompress the BZ2 download packages from within the
<download folder> folder. For each installation package file with file extension BZ2,
the decompression yields one extracted file with file extension tar.
5. Extract the decompressed packages into the same download folder. The file extraction
creates the following folders:

SAP AG Page 47 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

<download folder>\usr folder contains additional, nested folders.


<download folder>\etc folder contents are not used for SMS gateway operations.
6. Modify the Afaria Server environment to include the required libraries and tools by either
1) including <download folder>\usr\bin in the default system path or by 2) copying the
following <download folder>\usr\bin files into the Afaria folder
<AfariaInstallation>\bin\SMSGateway:
cygcrypto-0.9.8.dll
cygiconv-2.dll
cygssl-0.9.8.dll
cygwin1.dll
cygxml2-2.dll
cygz.dll
The default value for <AfariaInstallation> is C:\Program Files\Afaria.
7. Using Afaria Administrator, configure the SMS gateway interface to define connectivity
between the Afaria Server that is hosting the SMS gateway and the Afaria SMS
gateway.
See Afaria Reference Manual | Platform > Server Configuration > Server Configuration
Properties > SMS Gateway > SMS Gateway Interface.
8. Using Afaria Administrator, define at least one SMSC Server Configuration entity.
See Afaria Reference Manual | Platform > Server Configuration > Server Configuration
Properties > SMS Gateway > SMS Server Configuration.

2.9.6

iOS Provisioning Server Installation &


Configuration

2.9.6.1

Prerequisite

Register with Apple to use Apple Notification Service (APNS)


Afaria 6.6 FP1 uses the Apple Push Notification Service to manage policies on iOS 4.x
devices.
In order to test this functionality in Afaria 6.6 FP1 with iOS 4.x devices, first follow the steps
below in order to register your company with Apple to use the Apple Push Notification
Service.
1. Request enterprise developer account with Apple
a. Request an enterprise developer account with Apple.
Note: There is a charge from Apple for creating developer and enterprise
developer accounts.
b. Link to enterprise developer account:
http://developer.apple.com/programs/iphone/enterprise/index.html
c.

Create Apple ID if needed

d. Complete request form and submit


e. The request approval process can take several days and may involve
follow-up with your employer.
2. Complete developer account

SAP AG Page 48 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

1. Receive email indicating that your request is ready for completion.


2. Click on link in email to complete process
Find complete details for the process in attached document:

APNS for Afaria

2.9.6.2

Installing iOS Provisioning Server (Basic)

Procedure
1. Start the setup program.
2. On the setup menu, click Additional Installations and Resources > iOS Installations
> iOS Provisioning Server.
3. On the Specify Credentials page, specify the account name and password used to run
the Afaria service on the Afaria server.
4. The provisioning server uses these credentials to contact the Afaria server for database
credentials.
5. On the Specify Virtual Directory Names page, define these settings:

Unauthorized virtual directory name user-defined name, populated with a default


value. This is the first directory on the provisioning server to which clients connect.

Authorized virtual directory name user-defined name, populated with a default


value. This is the directory on the provisioning server that clients connect to after
they are authenticated to complete the payload provisioning process.

6. On the Specify Server Address page, define the address for the Afaria server. The
Afaria iOS provisioning server uses this address to reach the Afaria server.
7. On the Specify Certificates for Signing page, unselect Sign Messages to disable the
feature; it is not part of the basic iOS basic implementation.
8. Follow the setup wizard to completion.

The iOS provisioning server installation is now complete. The installation process also
populates the iOS Server configuration page with corresponding values.
(Upgrade) If you installed the iOS provisioning server on a server other than the Afaria
Administrator server, some files and services from the original iOS provisioning server
are
now abandoned on the Afaria Administrator server. On the Afaria Administrator server,
disable unwanted services from running by opening the Microsoft Component Services
utility, and then stopping and disabling service AfariaIPhoneServer.

2.9.6.3

Configuring the Certificate Authority

Procedure
SAP AG Page 49 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

1. On the CA server, add the Active Directory Certificate Services role with these
attributes:

Role services

Certification Authority

Certificate Authority Web Enrollment, including the related Web Server


IIS role services

Network Device Enrollment Service

Setup type Enterprise

CA type Root CA

Private key create a new private key

Cryptography

Cryptographic key provider RSA Microsoft Software Key Storage


Provider

Key character length 2048

Hash algorithm SHA1

CA name common name and suffix are user-defined; record the common
name for subsequent Afaria server property configuration

Validity period user-defined

Certificate database user-defined

2. Add the Web Server IIS role with at least the default role services.
3. Add the Network Device Enrollment Service with these attributes:

User account specify a user account that is also a member of the domain and
the local IIS_IUSRS group

Registration Authority (RA) information user-defined; do not use any special


characters

Cryptography

Signature key cryptography service provider (CSP) Microsoft Strong


Cryptographic Provider

Key character length 2048

Encryption key CSP Microsoft Strong Cryptographic Provider

Key character length 2048

4. (Windows Server 2008) After adding the required roles, disable per-certificate
password prompts for connecting devices by updating the CA's SCEP password
registry key:

Key

HKLM\Software\Microsoft\Cryptography\MSCEP\EnforcePassword\EnforcePas
sword

Type DWORD

Value change from 1 to 0

5. Verify that the CA has the Microsoft SCEP configured with password prompting
disabled.

SAP AG Page 50 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Verify this requirement by using a Web browser or the CA servers IIS Manager to open
the SCEP enrollment page. If using IIS Manager, the path is Default Web Site >
CertSrv > mscep > right-click Browse. Successful verification displays a certificate
thumbprint. Failed verification displays a temporary password.

2.9.6.4

Installing the Afaria SCEP Plug-In Module on the


CA

Procedure
1. On the CA server, start the setup program.
2. On the setup menu, click Additional Installations and Resources > iOS
Installations > Install Afaria SCEP Plug-In Module.
3. On the setup program, enter database type and credentials.
4. On the setup program, choose an installation path and install the Afaria SCEP
policy module.
5. On the CA, open Active Directory Certificate Services (ADCS). On your CA node,
select
the
Properties
and
the
Policy
Module
tab,
then
select
XSSCEPPolicyModule.dll.
6. Restart ADCS.
7. (Optional, recommended) Power off, and then on, the CA server.

Due to a known issue reported for the Microsoft CA restart ADCS operations, Sybase
recommends turning the power off, and then on, to correctly enable the Afaria SCEP
module.
After startup, the CA issues certificates only to the devices that are defined in the Afaria
database.

2.9.6.5

Configuring the Relay Server for iOS Connections

Procedure
1. On the Afaria Administrator server, use the Afaria Administrator application Server
Configuration > Properties > iOS Server page to configure the Afaria servers settings for
using the relay server.
See Afaria Reference Manual | Platform > Server Configuration > Properties > iOS Server >
Provisioning Server, Certificate Authority, and Relay Server for complete instructions.
2. For each component server, copy an instance of the relay server outbound enabler

(RSOE)
to launch for relay server operations.
See Afaria Reference Manual | Platform > Server Configuration > Properties > iOS Server >
Configuring the Relay Server for iOS Components for complete instructions..

SAP AG Page 51 of 68

SAP Best Practices

2.9.7
2.9.7.1

Mobile Infrastructure Configuration (M30): Configuration Guide

Steps for Afaria Client and Mobile Apps


Deployment over OTA
Creating Blackberry/Android Afaria Client

1. Goto Afaria Server Machine


2. Right Click on Start->Program Files->Afaria->Afaria Create Client
Install.
3. Choose Run as Administrator
4. Choose YES for User Account Control dialog box if it appears.
5. Select Client Type as below and click next.

Figure 2: Blackberry Client Creation

SAP AG Page 52 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Figure 3: Android Client Creation

6. Deployment Packaging Choose options as shown and click next

Figure 4: Blackberry Client Creation

SAP AG Page 53 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

Figure 5: Android Client Creation

SAP AG Page 54 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

7. Select Tenant Choose options as shown and click next

8. Define install package location Choose options as shown and click


next

SAP AG Page 55 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

9. Define client configuration Choose options as per your afaria server


and click next

SAP AG Page 56 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

10.Define client groups Choose options as shown and click next.


Choose Blackberry and Android for respective clients.

SAP AG Page 57 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

11.Confirm Selections and client next.

12.Complete click close.

SAP AG Page 58 of 68

SAP Best Practices

2.9.7.2

Mobile Infrastructure Configuration (M30): Configuration Guide

Publish Blackberry Afaria Client to OTA Publisher

1. Goto Afaria Server Machine


2. Right Click on Start->Program Files->Afaria->Afaria OTA Publisher.

3. Client New Icon located below File menu to create new package,

below screen with display.

SAP AG Page 59 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

4. Select Blackberry Package to deploy from folder. Click Open.

SAP AG Page 60 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

5. New Package with Blackberry selected Set OS as blackberry and

click Save and Publish.

SAP AG Page 61 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

6. Publish Package and click Close.

SAP AG Page 62 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

7. OTA Publisher with Package will be shown as below.

2.9.7.3

Publish Android Afaria Client to OTA Publisher

1. Go to Afaria Server Machine


2. Right Click on Start->Program Files->Afaria->Afaria OTA
Publisher.

SAP AG Page 63 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

3. Client New Icon located below File menu to create new


package, below screen with display.

SAP AG Page 64 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

4. Select Android Client created earlier and Set OS as Android


and click Save and Publish.

5. Publish Package and click Close.

SAP AG Page 65 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

6. OTA Publisher with Package will be shown as below.

2.9.7.4

Installing Application Packages

Follow previous Step and select the Application installer (.COD, .APK
files).

SAP AG Page 66 of 68

SAP Best Practices

2.9.7.5

Mobile Infrastructure Configuration (M30): Configuration Guide

Installing Afaria Client and packages on Device

Open browser on your mobile device and open link


http://host:port/OTA/Afaria/OTA/?id=<ID> to install the Afaria Client or
Application on device. <ID> uniquely identified the required package to
be deployed on devices.

2.10 Device Provisioning


2.10.1 Provisioning Mobile Application to Apple Mobile
Devices
Provisioning Method

Purpose

Provision application profile and application to


the device. You can place the application
image on the network and send users
information about how to obtain it and install it
using iTunes.

Enterprise installations

Obtain SAP Order Status from the App Store

Evaluation/Demo

OTA provisioning using Afaria 6.6

Obtain
the
installation
and
configuration
document
in
the
installation package of Afaria 6.6, the
path is \Documents\English\Product
manuals\Installing Afaria.pdf

1. Start the App Store Application on your device


2. Search for <App Name>, for example SAP Order Status.
3. Download and install the app to the Home Screen
See also http://manuals.info.apple.com/en_US/iphone_user_guide.pdf (Page 178, chapter
23 App Store).

2.10.2 Connection Test with IOS Devices and Mobile


Application
Prerequisite
If you want to test the application with backend data retrieved, please first make sure
you have already finished document M43, SAP Order Status configuration guide.

Procedure
1. Open SAP Order Status on your iPhone.
2. A welcome dialog box appears and prompts you to select it on demo mode or
settings. Choose Settings.
3. On the Settings screen, choose Advanced Settings.
4. Choose Basic Authentication, enter relay servers IP or domain name in the Server,
enter 443 at Port, enter the server farm you registered for this apps, for example,
saap1, and choose Back.

SAP AG Page 67 of 68

SAP Best Practices

Mobile Infrastructure Configuration (M30): Configuration Guide

5. Choooe Login Now, on the Login screen, make the following entries:
Field

Value

User

SAP NW Named User, in this scenarios iconnect

Password

SAP NW Named Users password

Mobile User

Activation user defined in step 2.7.3 Registering the activation


User for the Application With the Basic Configuration, user
name iactivate

Act.Code

123

6. Choose Login.
7. Open the Sybase Control Center in your web browser, choose Applications on the
left pane. Choose the Application Connections tab page, check the application
connection line for Order Status. The value in the column Status should be Online.

2.10.3 Provisioning Mobile Application to Blackberry


Devices
Installation via Desktop Manager: http://us.blackberry.com/apps-software/desktop/ and
http://docs.blackberry.com/en/smartphone_users/deliverables/29196/BlackBerry_Deskt
op_Software-User_Guide--1674986-0530104832-001-6.1-US.pdf (Page 9)
Installation via BlackBerry Enterprise Server (BES): http://us.blackberry.com/appssoftware/business/server/full/ and http://us.blackberry.com/appssoftware/business/server/full/features.jsp#tab_tab_manage

SAP AG Page 68 of 68