B: SQL Server by SAP Labs, Inc

6\VWHP$GPLQLVWUDWLRQ0DGH(DV\ 0LFURVRIW 64/6HUYHU ® R/3 System Release 4.6A/B SAP Labs, Inc. Palo Alto, Cali...

Author: R/3 Simplification Group SAP Labs Inc.

25 downloads 1088 Views 17MB Size Report

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!

Report copyright / DMCA form

DOWNLOAD PDF

6\VWHP$GPLQLVWUDWLRQ0DGH(DV\ 0LFURVRIW 64/6HUYHU ®

R/3 System Release 4.6A/B

SAP Labs, Inc. Palo Alto, California

TM

&RS\ULJKW  2000 by SAP AG. All rights reserved. Neither this documentation nor any part of it may be copied or reproduced in any form or by any means or translated into another language, without the prior consent of SAP AG. SAP AG makes no warranties or representations with respect to the content hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. SAP AG assumes no responsibility for any errors that may appear in this document. The information contained in this document is subject to change without notice. SAP AG reserves the right to make any such changes without obligation to notify any person of such revision or changes. SAP AG makes no commitment to keep the information contained herein up to date.

7UDGHPDUNV SAP, the SAP logo, R/2, R/3, ABAP, and other SAP-related products mentioned herein are registered or unregistered trademarks of SAP AG. All other products mentioned in this document are registered or unregistered trademarks of their respective companies.

Simplification Group SAP Labs, Inc. 3475 Deer Creek Road Palo Alto, CA 94304 www.saplabs.com/simple [email protected]

Printed in the United States of America. ISBN 1-893570-43-6

This book uses EcoFLEX lay-flat binding. With this lay-flat feature—developed by and exclusively available at Johnson Printing Service (JPS)—you can open this book and keep it open without it snapping shut on you. You need not worry about breaking the spine. EcoFLEX makes books like this one easier to use.

&RQWHQWVDWD*ODQFH

,QWURGXFWLRQ

[[L

&KDSWHU

56\VWHP$GPLQLVWUDWLRQ%DVLFV ²

&KDSWHU

'LVDVWHU5HFRYHU\²

&KDSWHU

%DFNXSDQG5HFRYHU\ ²

&KDSWHU

6FKHGXOHG'DLO\7DVNV²

&KDSWHU

6FKHGXOHG:HHNO\7DVNV ²

&KDSWHU

6FKHGXOHG0RQWKO\7DVNV²

&KDSWHU

6FKHGXOHG4XDUWHUO\7DVNV ²

&KDSWHU

6FKHGXOHG$QQXDO7DVNV ²

&KDSWHU

0XOWL5ROH7DVNV²

&KDSWHU 56\VWHP$GPLQLVWUDWLRQ ² &KDSWHU 6HFXULW\$GPLQLVWUDWLRQ ² &KDSWHU 8VHU$GPLQLVWUDWLRQ ² &KDSWHU 'DWDEDVH$GPLQLVWUDWLRQ²0LFURVRIW64/6HUYHU² &KDSWHU 2XWSXW0DQDJHPHQW ² &KDSWHU 1HWZRUN266HUYHU$GPLQLVWUDWLRQ² &KDSWHU 2SHUDWLRQV ² &KDSWHU &KDQJH0DQDJHPHQW ² &KDSWHU 7URXEOHVKRRWLQJ ² &KDSWHU 3HUIRUPDQFH ² &KDSWHU 6$31HW³:HE)URQWHQG² &KDSWHU 6$31HW²5)URQWHQG ² &KDSWHU 5HPRWH6HUYLFHV ² &KDSWHU 6SHFLDO0DLQWHQDQFH ² $SSHQGL[$ 8VHIXO7UDQVDFWLRQV $² $SSHQGL[% 8VHIXO5HVRXUFHVDQG3URGXFWV %² $SSHQGL[& 8VHIXO6$31RWHV &² $SSHQGL[' 8SJUDGH'LVFXVVLRQ '² ,QGH[

,²

System Administration Made Easy

iii

Contents at a Glance

iv

Release 4.6A/B

'HWDLOHG7DEOHRI&RQWHQWV

$FNQRZOHGJHPHQWV [L[ ,QWURGXFWLRQ

[[L

What Is This Guidebook About?........................................................................ xxii Who Should Read This Book?........................................................................... xxii Prerequisites.......................................................................................................... xxiii User ........................................................................................................................ xxiii System.................................................................................................................... xxiv

How to Use This Guidebook .............................................................................. xxv Organization ............................................................................................................xxv

What’s New .......................................................................................................... xxv Content ....................................................................................................................xxv

Conventions........................................................................................................... xxvi Special Icons...................................................................................................... xxvii &KDSWHU

56\VWHP$GPLQLVWUDWLRQ%DVLFV ² Overview............................................................................................................... 1–2 Roles of an R/3 System Administrator.............................................................. 1–2 Within R/3 .............................................................................................................. 1–2 External to R/3....................................................................................................... 1–3 Traits of an R/3 System Administrator.............................................................. 1–4 R/3 System Guidelines........................................................................................ 1–4 Protect the System ................................................................................................ 1–5 Do Not Be Afraid to Ask for Help........................................................................... 1–5 Network with Other Customers and Consultants.................................................. 1–6 Keep It Short and Simple (KISS)........................................................................... 1–7 Keep Proper Documentation................................................................................. 1–7 Use Checklists....................................................................................................... 1–8 Use the Appropriate Tool for the Job .................................................................... 1–9 Perform Preventive Maintenance.......................................................................... 1–9 Do Not Change What You Do Not Have To........................................................ 1–10 Do Not Make System Changes During Critical Periods...................................... 1–11 Do Not Allow Direct Database Access................................................................ 1–12 Keep all Non-SAP Activity Off the R/3 Servers................................................... 1–12 Minimize Single Points of Failure ........................................................................ 1–13 Corollaries to Murphy’s Law ............................................................................ 1–13 Special Definitions ............................................................................................ 1–14 Database server ................................................................................................... 1–14 Application server ................................................................................................. 1–14 Instance ................................................................................................................ 1–14 System.................................................................................................................. 1–14

&KDSWHU

'LVDVWHU5HFRYHU\²

System Administration Made Easy

v

Detailed Table of Contents

Overview............................................................................................................... 2–2 What Is a Disaster? ............................................................................................... 2–2 Why Plan for a Disaster? .................................................................................... 2–3 Planning for a Disaster ....................................................................................... 2–4 Creating a Plan...................................................................................................... 2–4 What Are the Business Requirements for Disaster Recovery? ............................ 2–4 Who will provide the requirements?.............................................................................. 2–4 What are the requirements?......................................................................................... 2–4

When Should a Disaster Recovery Procedure Begin? ......................................... 2–5 Expected Downtime or Recovery Time................................................................. 2–5 Expected Downtime................................................................................................ 2–5 Recovery Time........................................................................................................ 2–6

Recovery Group and Staffing Roles ..................................................................... 2–6 Types of Disaster Recovery .................................................................................. 2–7 Onsite ..................................................................................................................... 2–7 Offsite ..................................................................................................................... 2–7

Disaster Scenarios ................................................................................................ 2–8 Three Common Disaster Scenarios ...................................................................... 2–8 A Corrupt Database................................................................................................ 2–8 A Hardware Failure................................................................................................. 2–8 A Complete Loss or Destruction of the Server Facility........................................... 2–9

Recovery Script ................................................................................................... 2–10 Creating a Recovery Script ................................................................................. 2–10 Recovery Process ............................................................................................... 2–10 Major Steps........................................................................................................... 2–10

Crash Kit.............................................................................................................. 2–11 Business Continuation During Recovery ............................................................ 2–14 Offsite Disaster Recovery Sites .......................................................................... 2–15 Integration with your Company’s General Disaster Planning ............................. 2–15 When the R/3 System Returns............................................................................ 2–15 Test your Disaster Recovery Procedure......................................................... 2–15 Other Considerations........................................................................................ 2–16 Other Upstream or Downstream Applications..................................................... 2–16 Backup Sites........................................................................................................ 2–17 Minimizing the Chances for a Disaster ........................................................... 2–17 Minimize Human Error......................................................................................... 2–17 Minimize Single Points of Failure ........................................................................ 2–18 Cascade Failures ................................................................................................ 2–18 &KDSWHU

%DFNXSDQG5HFRYHU\ ² Overview............................................................................................................... 3–2 Restore ................................................................................................................. 3–2 Strategy ................................................................................................................. 3–2 Testing Recovery.................................................................................................... 3–3

Backup.................................................................................................................. 3–3 What to Backup and When ................................................................................... 3–3 Database ................................................................................................................ 3–3 Transaction Logs .................................................................................................... 3–5 Operating System Level Files................................................................................. 3–6

Backup Types........................................................................................................ 3–6 What Is Backed Up................................................................................................. 3–7 How the Backup Is Taken....................................................................................... 3–8

vi

Release 4.6A/B

Detailed Table of Contents

When the Backup Is Made ..................................................................................... 3–9

Backup Strategy Design........................................................................................ 3–9 Supplementary Backups....................................................................................... 3–10

General Procedures ............................................................................................ 3–10 Backup.................................................................................................................. 3–10 Transaction Log Backup....................................................................................... 3–10 Verifying Backups ................................................................................................. 3–10 Monitoring/Controlling........................................................................................... 3–11 Database Integrity ................................................................................................ 3–11 Roles and Responsibilities ................................................................................... 3–11

Design Recommendations .................................................................................. 3–12 A Strategy Checklist ............................................................................................. 3–12 Backup Procedures and Policies.......................................................................... 3–13

Tape Management ............................................................................................. 3–13 Tracking and Documenting ................................................................................. 3–13 Labeling ................................................................................................................ 3–13 Tracking ................................................................................................................ 3–15 Handling................................................................................................................ 3–16

Retention Requirements...................................................................................... 3–17 Recommendations................................................................................................ 3–18

Storage ................................................................................................................ 3–18 Offsite ................................................................................................................... 3–18 Onsite ................................................................................................................... 3–19

Performance....................................................................................................... 3–20 Backup................................................................................................................. 3–20 Backup Options ................................................................................................... 3–21 Back Up to Faster Devices ................................................................................... 3–21 Parallel Backup..................................................................................................... 3–22 Backing Up to Disks, Then to Tape ...................................................................... 3–22

Recovery ............................................................................................................. 3–23 Restore Options................................................................................................... 3–23 Useful SAP Notes .............................................................................................. 3–24 &KDSWHU

6FKHGXOHG'DLO\7DVNV² Overview............................................................................................................... 4–2 Critical Tasks ....................................................................................................... 4–3 The R/3 System.................................................................................................... 4–4 Database............................................................................................................... 4–6 Operating System................................................................................................ 4–6 Other ..................................................................................................................... 4–7 Notes..................................................................................................................... 4–7 The R/3 System.................................................................................................... 4–8 Critical Tasks ....................................................................................................... 4–9 Verify that R/3 Is Running ..................................................................................... 4–9 Verify that the Backups Ran Successfully ............................................................ 4–9 Users (Transaction AL08) ................................................................................... 4–10 OS Monitor (Transaction OS06).......................................................................... 4–11 Select Background Jobs/Graphical Job Monitor (Transaction SM37/RZ01)...... 4–11 CCMS Alert Monitor (Transaction RZ20) ............................................................ 4–11 Users (Transactions SM04) ................................................................................ 4–11 Lock Entry List (Transaction SM12).................................................................... 4–12

System Administration Made Easy

vii

vii

Detailed Table of Contents

Update Records (Transaction SM13) ................................................................. 4–12 System Log (Transaction SM21)......................................................................... 4–13 Batch Input (Transaction SM35) ......................................................................... 4–13 Work Processes (Transactions SM50 and SM51).............................................. 4–14 Spool (Transaction SP01) ................................................................................... 4–14 Tune Summary (Transaction ST02).................................................................... 4–14 Workload Analysis of <SID> (Transaction ST03) ............................................... 4–14 Database Performance Analysis (Transaction ST04)......................................... 4–15 ABAP Dump Analysis (Transaction ST22).......................................................... 4–15 &KDSWHU

6FKHGXOHG:HHNO\7DVNV ² The R/3 System.................................................................................................... 5–2 Database............................................................................................................... 5–3 Operating System................................................................................................ 5–3 Other ..................................................................................................................... 5–3 Notes..................................................................................................................... 5–4 Database Performance (Transaction DB02)......................................................... 5–4 CCMS Alert Monitor (Transaction RZ20) .............................................................. 5–4 Spool (Transaction SP01) ..................................................................................... 5–4 TemSe (Transaction SP12)................................................................................... 5–5 Transaction STMS (TMS System) ........................................................................ 5–5

&KDSWHU

6FKHGXOHG0RQWKO\7DVNV² The R/3 System.................................................................................................... 6–2 Database............................................................................................................... 6–2 Operating System................................................................................................ 6–3 Other ..................................................................................................................... 6–4 Notes..................................................................................................................... 6–5 Database Performance (Transaction DB02)......................................................... 6–5

&KDSWHU

6FKHGXOHG4XDUWHUO\7DVNV ² The R/3 System.................................................................................................... 7–2 Database............................................................................................................... 7–3 Operating System................................................................................................ 7–3 Other ..................................................................................................................... 7–4 Notes..................................................................................................................... 7–4 Edit System Profile Parameters (Transaction RZ10)............................................ 7–4 Select Background Jobs (Transaction SM37)....................................................... 7–5 User Maintenance (Transaction SU01)................................................................. 7–5

&KDSWHU

6FKHGXOHG$QQXDO7DVNV ² The R/3 System.................................................................................................... 8–2 Database............................................................................................................... 8–3 Operating System................................................................................................ 8–3 Other ..................................................................................................................... 8–4 Notes..................................................................................................................... 8–4 Transaction SA38/SE38 ........................................................................................ 8–4 Transaction SE03/SCC4 ....................................................................................... 8–4 Transaction SM01 ................................................................................................. 8–5

viii

Release 4.6A/B

Detailed Table of Contents

&KDSWHU

0XOWL5ROH7DVNV² Starting the R/3 System ...................................................................................... 9–2 Start R/3—NT ........................................................................................................ 9–3 Stopping the R/3 System.................................................................................... 9–5 Tasks to Be Completed Before Stopping the System........................................... 9–6 System Message (SM02) ....................................................................................... 9–6 Check that No Active Users Are on the System (AL08/SM04) .............................. 9–9 Check for Batch Jobs Running or Scheduled (SM37).......................................... 9–11 Check for Active Processes on All Systems (SM51)............................................ 9–15 Check for External Interfaces ............................................................................... 9–15

Stopping R/3........................................................................................................ 9–16 STOP R/3—NT ..................................................................................................... 9–16

&KDSWHU 56\VWHP$GPLQLVWUDWLRQ ² Overview............................................................................................................. 10–2 Major System Monitoring Tools....................................................................... 10–2 CCMS Central Alert Monitor (Transaction RZ20) ............................................... 10–2 Accessing the CCMS Alert Monitor (RZ20).......................................................... 10–4 Current View and Alert View................................................................................. 10–5 Switching Between the Current and Alert Views .................................................. 10–6 Finding an Alert .................................................................................................... 10–7 Configuring the Batch Job to Collect Historical Data (RZ21) ............................. 10–10 View the Alerts.................................................................................................... 10–12 Analyze the Alert ................................................................................................ 10–13 Acknowledge the Alert........................................................................................ 10–14 Provide System Configuration Information (Transaction RZ20)......................... 10–15 Maintaining The Alert Thresholds for RZ20........................................................ 10–17 Hiding SAP Standard Monitor Sets .................................................................... 10–19 Create a New Monitor Set .................................................................................. 10–23 Add a Monitor to the Monitor Set........................................................................ 10–24

System Administration Assistant (Transaction SSAA)...................................... 10–28 Specific Transaction Monitoring Overview .................................................. 10–32 Failed Updates (Transaction SM13) ................................................................. 10–32 Managing Update Terminates ............................................................................ 10–35 User Training ...................................................................................................... 10–37

System Log (Transaction SM21)....................................................................... 10–38 Locks (Transaction SM12) ................................................................................ 10–41 Active Users (Transactions SM04 and AL08)................................................... 10–43 Single-Instance System (Transaction SM04) ..................................................... 10–44 Multi-Instance System (Transaction AL08) ........................................................ 10–45

Work Processes (Transactions SM50 and SM51)............................................ 10–46 For a System with Application Servers............................................................... 10–46 For a System Without Application Servers......................................................... 10–47

ABAP Dump Analysis (Transaction ST22)........................................................ 10–48 Simple Selection ................................................................................................. 10–49 Free Selection..................................................................................................... 10–49

System Message (SM02)................................................................................. 10–51 Creating a Message .......................................................................................... 10–52 Editing a Message............................................................................................. 10–54 ABAP Editor (SE38) .......................................................................................... 10–55 For Information About a Program or Report....................................................... 10–56

System Administration Made Easy

ix

ix

Detailed Table of Contents

&KDSWHU 6HFXULW\$GPLQLVWUDWLRQ ² Overview............................................................................................................. 11–2 What is Security? ................................................................................................ 11–2 Keeping Unauthorized People out of the System................................................. 11–2 Keeping People out of Places Where They Should Not Be ................................. 11–2 Safeguarding the Data from Damage or Loss...................................................... 11–3 Complying with Legal, Regulatory, and Other Requirements .............................. 11–3

Audits.................................................................................................................. 11–4 Financial Audit..................................................................................................... 11–4 Security Audit ...................................................................................................... 11–5 Audit Considerations ........................................................................................... 11–5 Security Layers.................................................................................................. 11–6 Access Security ................................................................................................... 11–7 Physical Security .................................................................................................. 11–7 Network Security .................................................................................................. 11–8 Application Security .............................................................................................. 11–9

Operational Security............................................................................................ 11–9 Data Security ..................................................................................................... 11–10 Application or R/3 Security ................................................................................ 11–11 Controlling Access to R/3 ................................................................................... 11–11 Prevent Multiple User Logins.............................................................................. 11–11

Preventing Changes in the Production System ................................................ 11–11 Setting the Production System to “Not Modifiable” (Transactions SE03, SCC4)11–13 Client-Independent Changes (Transaction SE03).............................................. 11–14 Client-Independent and Client-Dependent Changes (SCC4) ............................ 11–15

Verifying that Dangerous Transactions Are Locked ......................................... 11–17 To List Locked Transactions............................................................................... 11–24

Operational Security ....................................................................................... 11–25 Segregation of Duties........................................................................................ 11–25 Restricting Access to SAP* or DDIC ................................................................. 11–26 Change Management........................................................................................ 11–27 Sharing of User IDs ............................................................................................ 11–27

Password Issues and Tasks ............................................................................. 11–28 Setting Password Standards Using Transaction RZ10 ...................................... 11–29 Eliminating Some Easy Passwords .................................................................... 11–29 Maintaining a Table of Prohibited Passwords .................................................... 11–30 Recording System Passwords............................................................................ 11–31 Operating System Level ..................................................................................... 11–35 NT ....................................................................................................................... 11–35 UNIX ................................................................................................................... 11–36 Databases........................................................................................................... 11–36 DB2..................................................................................................................... 11–36 Informix ............................................................................................................... 11–36 Microsoft SQL Server ......................................................................................... 11–36 Oracle/UNIX........................................................................................................ 11–36 Oracle/NT ........................................................................................................... 11–37

Audit Tools....................................................................................................... 11–37 Audit Information System (Transaction SECR) ................................................ 11–37 Complete Audit ................................................................................................... 11–38 User Defined Audit ............................................................................................. 11–42

Security Audit Log (SM20) ................................................................................ 11–44 Running the Audit Log ........................................................................................ 11–46

Setting Security Audit Log Parameters (SM19) ................................................ 11–47

x

Release 4.6A/B

Detailed Table of Contents

Define Filter Group 1 .......................................................................................... 11–49 Define Filter Group 2 .......................................................................................... 11–50

User Security Audit Jobs ................................................................................... 11–54 Audit Tasks ...................................................................................................... 11–57 Review that all Named Users are Valid ............................................................ 11–57 Reviewing Profiles for Accuracy and Permission Creep................................... 11–58 &KDSWHU 8VHU$GPLQLVWUDWLRQ ² Overview............................................................................................................. 12–2 User Groups ........................................................................................................ 12–2 Profile Generator ................................................................................................. 12–2 Recommended Policies and Procedures ....................................................... 12–3 User Administration ............................................................................................. 12–3 System Administration......................................................................................... 12–5 New User Setup ................................................................................................. 12–7 Prerequisites........................................................................................................ 12–7 General Process or Procedure ............................................................................. 12–7 The User’s Desktop .............................................................................................. 12–7 Network Functionality ........................................................................................... 12–7 For Installation of SAP GUI .................................................................................. 12–7 Recommended Prerequisite for the GUI Installation ............................................ 12–7

Installing the Frontend Software–SAP GUI......................................................... 12–8 Installing SAP GUI from a File Server .................................................................. 12–8 How to Install the SAP GUI .................................................................................. 12–8 Installing SAP GUI from the Presentation CD .................................................... 12–14

Adding Additional Systems ............................................................................... 12–15 To Add Additional Systems in the SAP Logon ................................................... 12–15

Setting Up a New User (SU01) ......................................................................... 12–16 Copying an Existing User (SU01)....................................................................... 12–16 Creating a New User (SU01).............................................................................. 12–21

Maintaining a User (SU01).............................................................................. 12–24 Resetting a Password (SU01) ........................................................................ 12–26 Locking or Unlocking a User (SU01)............................................................. 12–27 User Groups..................................................................................................... 12–29 How to Create a User Group (SU01) ................................................................ 12–30 Deleting a User’s Session (Transaction SM04)............................................ 12–32 How to Terminate a User Session .................................................................... 12–33 Active Users (Transactions SM04 and AL08)................................................... 12–34 Single-Instance System (Transaction SM04) ..................................................... 12–35 Multi-Instance System (Transaction AL08) ........................................................ 12–36

&KDSWHU 'DWDEDVH$GPLQLVWUDWLRQ²0LFURVRIW64/6HUYHU² Overview............................................................................................................. 13–2 Starting and Stopping the Database ............................................................... 13–2 Starting the Database.......................................................................................... 13–2 Stopping the Database........................................................................................ 13–3 Database Performance ..................................................................................... 13–4 Overview.............................................................................................................. 13–4 Database Activity (ST04)..................................................................................... 13–4 Database Allocation (DB02)................................................................................ 13–7 Scheduling Database Tasks (DB13)................................................................ 13–9

System Administration Made Easy

xi

xi

Detailed Table of Contents

Determining the Tape (Label) Necessary for a Backup.................................... 13–13 Deleting an Entry from the Planning Calendar (DB13)..................................... 13–14 Checking the Database Backup (DB12)........................................................ 13–15 Initializing Backup Tapes ............................................................................... 13–18 Database Backups with Microsoft Tools ...................................................... 13–19 Online Backup – Using SQLserver 7.0 Enterprise Manager ............................ 13–19 Offline Backup – Using NTBackup.................................................................... 13–24 Database Error Logs ....................................................................................... 13–28 R/3 – ST04 ........................................................................................................ 13–28 Microsoft SQL Server 7.0 - Enterprise Manager............................................... 13–28 Verify Database Consistency......................................................................... 13–29 Run Update Statistics ..................................................................................... 13–29 System passwords.......................................................................................... 13–30 SQL server ........................................................................................................ 13–30 &KDSWHU 2XWSXW0DQDJHPHQW ² Contents ............................................................................................................. 14–1 Printer Setup (SPAD) ........................................................................................ 14–2 How to Set Up the Printer in the R/3 System ....................................................... 14–2

Check the Spool for Printing Problems (Transaction SP01)........................ 14–9 Check that Old Spools are Deleted (SP01)................................................... 14–12 Printing the Output (SP01) ............................................................................. 14–15 Printing the Screen ......................................................................................... 14–18 Check Spool Consistency (SPAD)................................................................. 14–21 Check TemSe Consistency (SP12)................................................................ 14–23 &KDSWHU 1HWZRUN266HUYHU$GPLQLVWUDWLRQ² Overview............................................................................................................. 15–2 Operating System Tasks .................................................................................. 15–2 Operating System Alert (AL16) ........................................................................... 15–2 System Logs (OS06) ........................................................................................... 15–3 NT Event Logs ...................................................................................................... 15–5

Checking File System Space Usage (RZ20) ...................................................... 15–6 Changing the Alert Threshold (RZ20) ................................................................. 15–9 Cleaning Out Old Transport Files...................................................................... 15–11 Other Tasks...................................................................................................... 15–12 Clean the Tape Drive ........................................................................................ 15–12 Uninterruptible Power Supply............................................................................ 15–13 Check the Uninterruptible Power Supply............................................................ 15–13 Check your UPS Shutdown Process .................................................................. 15–13

Check Maintenance Contracts .......................................................................... 15–14 Review Hardware or a System Monitor Paging System................................... 15–15 &KDSWHU 2SHUDWLRQV ² Overview............................................................................................................. 16–2 Check that All Application Servers Are Up (Transaction SM51).................. 16–2 Background (Batch) Jobs ................................................................................ 16–3 Regularly Scheduled Jobs .................................................................................. 16–4 Performance ......................................................................................................... 16–4

xii

Release 4.6A/B

Detailed Table of Contents

Housekeeping Jobs .............................................................................................. 16–4 Others ................................................................................................................... 16–5

Performance Factors for Background Jobs ........................................................ 16–5 Creating and Scheduling a Batch Job (SM36).................................................... 16–8 Background Jobs (SM37) ............................................................................... 16–15 Checking the Job Log......................................................................................... 16–17 Using the Job Tree ............................................................................................. 16–18

Graphical Job Monitor (Transaction RZ01)....................................................... 16–19 Batch Input Jobs, New or Incorrect (SM35) ...................................................... 16–20 Operation Modes ............................................................................................. 16–21 To Define the Operation Mode (RZ04) ............................................................. 16–23 Assign an Instance Definition to an Operation Mode (RZ04) ........................... 16–25 The First Time You Generate an Instance Operation Mode .............................. 16–25 Adding a New Operation Mode .......................................................................... 16–26

Defining Distribution of Work Processes (RZ04) .............................................. 16–29 Assigning Operation Modes (SM63) ................................................................. 16–32 Backups............................................................................................................ 16–36 Periodic Archivals.............................................................................................. 16–36 Backup the Database ........................................................................................ 16–36 Performing a Full Server Backup ...................................................................... 16–36 Checking the Backups (DB12 & DB13) ............................................................ 16–38 Database ............................................................................................................ 16–38 Operating System Level Backups ...................................................................... 16–40 UNIX ................................................................................................................... 16–40 NT ....................................................................................................................... 16–40

Checking Consumable Supplies ................................................................... 16–42 &KDSWHU &KDQJH0DQDJHPHQW ² Table Maintenance (Transaction SM31).......................................................... 17–2 Creating an Entry in the Table (SM31) ............................................................... 17–2 Deleting an Entry from a Table (SM31) .............................................................. 17–6 Change Control.................................................................................................. 17–9 Managing SAP Notes ........................................................................................ 17–9 Change Control (Managing Transports) ....................................................... 17–12 Transporting Objects ...................................................................................... 17–15 Transports into the Production System............................................................. 17–15 Transporting Objects ......................................................................................... 17–15 TMS Method ....................................................................................................... 17–16 Operating System Method.................................................................................. 17–16

Standard Transport Process ............................................................................. 17–17 Importing the Entire Import Buffer ...................................................................... 17–18

Special Transports from SAP............................................................................ 17–18 Releasing a Request (Transport) ...................................................................... 17–19 TMS Method of Transporting ............................................................................ 17–24 The Main TMS Screen........................................................................................ 17–24 Adding a Special Transport into the Import Buffer ............................................. 17–25 Using TMS to Import a Transport Request......................................................... 17–27 Check the Transport Log .................................................................................... 17–32

OS Method of Transporting............................................................................... 17–34 Adding a Special Transport Into the Import Buffer ............................................. 17–34 Importing the Transport ...................................................................................... 17–34 Checking the Transport Log (Transaction SE10) ............................................... 17–35

System Administration Made Easy

xiiixiii

Detailed Table of Contents

Checking the Transport Log ............................................................................... 17–36

&KDSWHU 7URXEOHVKRRWLQJ ² Overview............................................................................................................. 18–2 Basic Troubleshooting Techniques ................................................................ 18–2 Gather Data .......................................................................................................... 18–2 Analyze the Problem ............................................................................................ 18–3 Evaluate the Alternatives...................................................................................... 18–3 Make only One Change at a Time........................................................................ 18–3 Document the Changes........................................................................................ 18–3

Get the Complete Error Message ....................................................................... 18–4 Get the SAP Patch Level..................................................................................... 18–5 Determining What Support Packages Have Been Applied................................. 18–6 &KDSWHU 3HUIRUPDQFH ² Overview............................................................................................................. 19–2 Critical Assumption.............................................................................................. 19–2 Priority of Evaluation ........................................................................................... 19–3 General Procedure ............................................................................................ 19–3 R/3 ....................................................................................................................... 19–4 Workload Analysis of the System (Transaction ST03) ...................................... 19–4 Buffers (ST02) ..................................................................................................... 19–8 Memory Defragmentation.................................................................................. 19–10 Database........................................................................................................... 19–11 Operating System............................................................................................ 19–11 Operating System Monitor (OS07).................................................................... 19–11 Hardware .......................................................................................................... 19–15 CPU and Disk .................................................................................................... 19–15 Memory.............................................................................................................. 19–15 &KDSWHU 6$31HW³:HE)URQWHQG² Overview............................................................................................................. 20–2 Logging on to SAPNet ...................................................................................... 20–3 Online Services ................................................................................................. 20–4 Solving a Problem with SAPNet ...................................................................... 20–5 Searching for SAP Notes .................................................................................... 20–5 Customer Messages ........................................................................................... 20–8 Entering Customer Messages............................................................................. 20–9 How..................................................................................................................... 20–11

Viewing Customer Messages............................................................................ 20–13 Viewing Customer Messages ............................................................................. 20–14

Registering a Developer or Object ................................................................ 20–15 Registering a Developer.................................................................................... 20–15 Developer Requests Developer Key .................................................................. 20–16 The System Administrator Gets the Access Key................................................ 20–16 Registering a Developer ..................................................................................... 20–17 Enter the Developer Key .................................................................................... 20–18

Deleting a Developer......................................................................................... 20–19 Registering an Object........................................................................................ 20–19 Developer Requests Object Key ........................................................................ 20–20 The System Administrator Gets the Access Key:............................................... 20–20

xiv

Release 4.6A/B

Detailed Table of Contents

Enter the Object Key .......................................................................................... 20–23

Delete an Object................................................................................................ 20–23 Online Correction Support ............................................................................. 20–24 Getting the Latest SPAM version ...................................................................... 20–25 Downloading Support Packages ....................................................................... 20–27 Specific Support Package-Related Notes .......................................................... 20–28 Downloading Suppor Packages ......................................................................... 20–30

&KDSWHU 6$31HW²5)URQWHQG ² Overview............................................................................................................. 21–2 Useful SAP Notes .............................................................................................. 21–3 Connecting to SAPNet–R/3 .............................................................................. 21–3 Researching a Problem with SAPNet-R/3....................................................... 21–6 Finding Notes in the SAPNet-R/3........................................................................ 21–6 Entering Customer Messages (Problems) into SAPNet-R/3 ............................ 21–10 Getting Status on Your Message ...................................................................... 21–15 Review the Action Log........................................................................................ 21–16 Display Long Text............................................................................................... 21–17 Reopen ............................................................................................................... 21–18 Confirm ............................................................................................................... 21–21

Registering a Developer or Object ................................................................ 21–22 Registering a Developer.................................................................................... 21–22 Developer Requests Developer Key .................................................................. 21–23 The System Administrator Gets the Access Key................................................ 21–23 Enter the Developer Key .................................................................................... 21–25

Registering an Object........................................................................................ 21–26 Developer Requests Object Key ........................................................................ 21–26 The System Administrator Gets the Access Key................................................ 21–27 Enter the Object Key .......................................................................................... 21–29

Opening a Service Connection ...................................................................... 21–30 Order of Access to Systems ............................................................................... 21–30

&KDSWHU 5HPRWH6HUYLFHV ² Overview............................................................................................................. 22–2 Retrieving Files from SAP, SAPSERV4........................................................... 22–2 Connecting to SAPSERV4 Using a GUI (NT)..................................................... 22–3 An Example of an FTP Client.............................................................................. 22–4 Connecting to SAPSERV4 Using the Command Prompt ................................... 22–6 Navigating in SAPSERV4..................................................................................... 22–6

Connecting at the Command Prompt.................................................................. 22–6 Downloading Files ............................................................................................... 22–9 Partial Organization of SAPSERV4................................................................... 22–10 Unpacking a CAR File ........................................................................................ 22–13 Unpacking a File ................................................................................................. 22–13

Special SAPNet Notes ...................................................................................... 22–14 EarlyWatch Session ........................................................................................ 22–14 &KDSWHU 6SHFLDO0DLQWHQDQFH ² Overview............................................................................................................. 23–2 Changing System Profile Parameters (Transaction RZ10)........................... 23–2 Support Packages ........................................................................................... 23–11

System Administration Made Easy

xv

xv

Detailed Table of Contents

Strategy ............................................................................................................. 23–12 High-Level Process of Applying Support Packages ......................................... 23–12 Determining What Support Packages Have Been Applied............................... 23–13 Getting Information on the Support Package from SAPNet–R/3...................... 23–15 To View All Notes ............................................................................................... 23–17 To View a Specific Note ..................................................................................... 23–21

Requesting SPAM or a Support Package from SAPNet–R/3........................... 23–22 Downloading a Support Package (Hot Package) – SAPNet–R/3 ...................... 23–24

Uploading the Support Package from a CD or SAPNet–Web .......................... 23–25 Support Package Collection CD ......................................................................... 23–26 SAPNet–Web...................................................................................................... 23–26

Updating SPAM................................................................................................. 23–29 Applying the Support Package.......................................................................... 23–31 Object Conflicts ................................................................................................. 23–37 Regression Testing ........................................................................................... 23–39 Useful SAPNet – R/3 Frontend Notes............................................................... 23–39 Kernel Upgrade................................................................................................ 23–40 Restart Option 1 ................................................................................................. 23–41 Restart Option 2 ................................................................................................. 23–41

Client Copy....................................................................................................... 23–42 Special Notes...................................................................................................... 23–42 Useful SAP Notes ............................................................................................... 23–43 Processing Notes ............................................................................................... 23–43

Creating a Client................................................................................................ 23–44 Copying a Client ................................................................................................ 23–47 Copying on the Same System/SID..................................................................... 23–47 Copying to a Different System/SID..................................................................... 23–50

Post-Client Copy Tasks..................................................................................... 23–52 Deleting a Client ................................................................................................ 23–52 Delete Client Transaction ................................................................................... 23–53 Reviewing the Client Copy Log .......................................................................... 23–54

Production Refresh Strategies ...................................................................... 23–56 Database Copy of Production System .............................................................. 23–57 Benefits............................................................................................................... 23–57 Disadvantages .................................................................................................... 23–57

Client Copy of the Production System with Data .............................................. 23–57 Advantages......................................................................................................... 23–57 Disadvantages .................................................................................................... 23–57

Client Copy of the Production System – Without Data ..................................... 23–58 Advantages......................................................................................................... 23–58 Disadvantages .................................................................................................... 23–58

$SSHQGL[$ 8VHIXO7UDQVDFWLRQV $² Useful Transactions ............................................................................................A–2 Transaction Code Switches ..................................................................................A–2 Transaction Code Table ........................................................................................A–2 $SSHQGL[% 8VHIXO5HVRXUFHVDQG3URGXFWV %² Other System Administration Resources.........................................................B–2 SAP Resources .....................................................................................................B–2 Books...................................................................................................................... B–3 CDs......................................................................................................................... B–4 Training Classes ................................................................................................... B–4

xvi

Release 4.6A/B

Detailed Table of Contents

Other....................................................................................................................... B–5 White papers........................................................................................................... B–5 SAPNet, Selected Items of Interest ........................................................................ B–5

Third-Party Resources ..........................................................................................B–7 Books:..................................................................................................................... B–7 R/3 .......................................................................................................................... B–7 UNIX ....................................................................................................................... B–8 NT ........................................................................................................................... B–8 OS/400.................................................................................................................... B–9 Microsoft SQL Server ............................................................................................. B–9 Informix ................................................................................................................... B–9 DB2....................................................................................................................... B–10 Oracle ................................................................................................................... B–10 Other Topics ......................................................................................................... B–10 Magazines: ........................................................................................................... B–11 Helpful Third-Party Information............................................................................. B–11

Web Sites ............................................................................................................B–11 SAP....................................................................................................................... B–11 SAP Affiliated........................................................................................................ B–12 Third Party ............................................................................................................ B–12

Internet News Groups .........................................................................................B–12 Other Resources .................................................................................................B–13 Operating System ................................................................................................. B–13 Database .............................................................................................................. B–13

Other Helpful Products: Contributed by Users..............................................B–13 UNIX ....................................................................................................................B–14 Backup.................................................................................................................. B–14 Monitor.................................................................................................................. B–14 Scheduler.............................................................................................................. B–14 Spool Management .............................................................................................. B–14 Other..................................................................................................................... B–14

NT ........................................................................................................................B–14 Backup.................................................................................................................. B–14 Monitor.................................................................................................................. B–14 Remote Control .................................................................................................... B–15 Scheduler.............................................................................................................. B–15 Spool Management .............................................................................................. B–15 Other..................................................................................................................... B–15

Common, Both UNIX and NT..............................................................................B–15 Network ...............................................................................................................B–16 $SSHQGL[& 8VHIXO6$31RWHV &² Overview...............................................................................................................C–2 R/3 Notes ..............................................................................................................C–2 Operating System Notes.....................................................................................C–6 Common to Multiple Operating Systems ..............................................................C–6 NT ..........................................................................................................................C–6 UNIX ......................................................................................................................C–8 AS-400...................................................................................................................C–8 Database Notes ...................................................................................................C–9 MS SQL server ......................................................................................................C–9 DB2 / UDB ...........................................................................................................C–11 Informix................................................................................................................C–12 Oracle ..................................................................................................................C–13

System Administration Made Easy

xvii xvii

Detailed Table of Contents

$SSHQGL[' 8SJUDGH'LVFXVVLRQ '² Upgrade Discussion............................................................................................D–2 Reasons Not to Upgrade.......................................................................................D–2 When to Upgrade ..................................................................................................D–2 Upgrade Issues....................................................................................................D–3 Other Considerations..........................................................................................D–3 Software Issues.....................................................................................................D–3 Hardware ...............................................................................................................D–3 Performance ..........................................................................................................D–4 ,QGH[

xviii

,²

Release 4.6A/B

$FNQRZOHGJHPHQWV The combined experience in SAP and general systems administration of those who contributed to this book is measured in decades. I hope that I am able to share with you some of their wisdom. I also wish to express appreciation to the following individuals who provided time, material, expertise, and resources which helped make the Release 4.6A/B guidebook possible: Customers and partners: Bill Robichaud, Bridgestone/Firestone; Chad Horwedel, XXX; Doris Steckel, Agilent/HP; Gary Canez, Motorola; Hanumantha Kasoji, Celanese Acetate; John Blair, Steelcase; Joyce Courtney, Infineon; Laura Shieh, John Muir Mt Diablo Health System; Kerry Ek, Finteck; Lynne Lollis, e.coetry/Chaptec; Otis Barr, Ceridian; Paul Wiebe, TransAlta; Richard Doctor, Acuson; Sam Yamakoshi, Timothy Rogers; Tony Schollum, Ernst & Young; Thomas Beam, NCUA; HP; Udesh Naicker, HP. SAP AG: Andreas Graesser, Dr. Arnold Niedermaier, Dr. Carsten Thiel, Fabian Troendle, Georg Chlond, Dr. Gert Rusch, Herbert Stegmueller, Joerg Schmidt, Dr. Meinolf Block, Michael Demuth, Michael Schuster, Dr. Nicholai Jordt, Otto Boehrer, Rudolf Marquet, Stephen Corbett, Dr. Stefan Fuchs, Thomas Arend, Thomas Besthorn, Dr. Uwe Hommel, Uwe Inhoff, and Dr. Wulf Kruempelman. SAP America: “Casper” Wai-Fu Kan, Daniel Kocsis, Daniel-Benjamin Fig Zaidspiner, Jackie Wang, Lance Pawlikowski, Maria Gregg, Sue McFarland. SAP Labs: Dr. Arnold Klingert, Jaideep Adhvaryu, “Jody” Honghua Yang, John Wu, Kitty Yue, Nihad AlFtayeh, Peter Aeschlimann, Philippe Timothee, Dr. Thomas Brodkorb. SAP UK: Peter Le Duc. Contributing authors: Patricia Huang, SAP America; Jerry Forsey, SAP America. QA testers: Brad Barnes, e.coetry; Claudia Helenius; Jeff Orr, Utilx; Lynne Lollis, e.coetry; Marc Punzalan, Heat and Control; Patrick McShane, Bramasol. Documentation and production: Rekha Krishnamurthy, John Kanclier, Kurt Wolf.

Gary Nakayama, CPA SAP Labs, Inc., 2000

System Administration Made Easy

xix

xx xx

Release 4.6 A/B

,QWURGXFWLRQ

&RQWHQWV What Is This Guidebook About? ...........................................................................xxii Who Should Read This Book?...............................................................................xxii How to Use This Guidebook ..................................................................................xxv What’s New ..............................................................................................................xxv Special Icons .........................................................................................................xxvii

System Administration Made Easy

xxi

Introduction What Is This Guidebook About?

:KDW,V7KLV*XLGHERRN$ERXW" 3KLORVRSK\

Release 4.6 of the System Administration Made Easy Guidebook continues in the direction of the 4.0 version. The primary focus is the importance of the on-going nature of system administration. This book is written for an installed system, where all installation tasks have been completed. Installation and related tasks, which are usually performed once, have not been included in this guidebook. 2UJDQL]DWLRQ

We have tried to group items and tasks in job role categories, which allows this guidebook to be a better reference book. &RQWHQW

Real world practical advice from consultants and customers has been integrated into this book. Because of this perspective, some of the statements in this book are blunt and direct. Some of the examples we have used may seem improbable, but “facts can be, and are, stranger than fiction.” Because system administration is such a large area, it is difficult to reduce the volume to what can be called “Made Easy.” Although material in this book has been carefully chosen, it is by no means comprehensive. Certain chapters can be expanded into several books [two examples are the chapters on disaster recovery (chapter 2) and security (chapter 11)]. :KDW,V1RW3URYLGHG

Although there are chapters on problem solving and basic performance tuning, these chapters are only introductions to the subjects. This guidebook is not meant to be a trouble shooting or performance tuning manual. Installation tasks are not presented. We assume that your SAP consultant has completed these tasks.

:KR6KRXOG5HDG7KLV%RRN" The target audience for this guidebook is:

xxiixxii

<

The customer person or team where: The R/3 administrator is from a small to mid-size company with a small (one to three people) technical team. Each team member in the team has multiple job responsibilities. The system administrator has a basic knowledge of the operating system and database.

<

The junior consultant

Release 4.6 A/B

Introduction Who Should Read This Book?

Senior consultants, experienced system administrators, and DBAs may find portions of this guidebook very elementary, but hopefully useful.

3UHUHTXLVLWHV To help you use this guidebook, and to prevent this guidebook from becoming as thick as an unabridged dictionary, we defined a baseline for user knowledge and system configuration. The two sections below (User and System) define this baseline. Review these sections to determine how you and your system match. This book is also written with certain assumptions about your knowledge level and the expectation that particular system requirements have been met. 8VHU We assume that you have a baseline knowledge of R/3, the operating system, and the database. If you lack knowledge in any of the following points, we recommend that you consult the many books and training classes that specifically address your operating system and database. You should know how to complete the following tasks at the: <

R/3 System level: Be able to log on to R/3 Know how to navigate in R/3 using menus and transaction codes There are screens that do not have menu paths and the only way to access them is by using the transaction codes. In the “real world,” navigating by transaction codes is faster and more efficient than menus.

<

Operating system level: Be familiar with the file and directory structure Be able to use the command line to navigate and execute programs Set up a printer Perform a backup using standard operating system tools or third-party tools Perform basic operating system security Copy and move files Properly start and stop the operating system and server

<

Database level Properly start and stop the database Perform a backup of the database

R/3 runs on more than five different versions of UNIX. In many cases, significant differences exist between these versions. These differences contributed to our decision to not go into detail at the operating system level.

System Administration Made Easy

xxiii

xxiii

Introduction Who Should Read This Book?

6\VWHP For an ongoing productive environment, we assume that the: <

R/3 System is completely and properly installed

<

Infrastructure is set up and functional

The following checklist will help you determine if your system is set up to the baseline assumptions of this book. If you can log on to your R/3 System, most of these tasks have already been completed. +DUGZDUH

Is the backup equipment installed and tested? ,QIUDVWUXFWXUH

<

Is the Uninterruptible Power Supply (UPS) installed?

<

Is a server or system monitor available?

6RIWZDUH

<

<

<

Are the following utility software installed (as appropriate)? Backup program Hardware monitors System monitors UPS control R/3 System Is R/3 installed according to SAP’s recommendation? Is the TPPARAM file configured? (In Release 4.6, TMS creates a file to be used as the TPPARAM file.) Is the TMS/CTS configured? Is the SAProuter configured? Is the OSS1 transaction configured? Is the ABAP workbench configured? Has initial security been configured (default passwords changed)? Are the NT sapmnt share or UNIX NFS sapmnt exports properly configured? Is the online documentation installed? Can users log on to R/3 from their desktops?

'HVNWRS

For optimal results, we recommend that the minimum screen resolution be set as follows: <

For the users, 800 × 600

<

For the system administrator, 1024 × 768 and a minimum color depth of 256 colors The Release 4.6 GUI displays better with 64K colors.

xxiv xxiv

Release 4.6 A/B

Introduction How to Use This Guidebook

+RZWR8VH7KLV*XLGHERRN This guidebook is organized in the following fashion: <

The first two chapters provide a high-level view of disaster recovery and backup and recovery.

<

Chapters 4-8 are helpful checklists that help the system administrator complete various tasks, including daily, weekly, and yearly. These chapters also provide helpful transaction codes and where in the book these codes are found.

<

Chapter 9 discusses how to stop or start the R/3 System.

<

Chapters 10-13 involve the following topics: R/3 administration Security administration User administration Database administration (SQL Server)

The rest of the book covers subjects such as operations, troubleshooting, remote services, change management, and SAPNet R/3–Frontend (formerly known as OSS). The four appendices cover useful transactions, other resources, SAPNet R/3–Frontend notes, and a discussion on upgrades. 2UJDQL]DWLRQ All the task procedures are classified in one section and by job roles, where related tasks are placed together. Regardless of the job schedule, all jobs related to a job role are grouped in one place.

:KDW·V1HZ This guidebook evolved from the previous versions of this guidebook and incorporates customer and consultant comments. Send us your comments, so we can make future versions better meet your needs. &RQWHQW The new features of the Release 4.6 guidebook are: <

System Administration Assistant (transaction SSAA), chapter 10

<

New chapters on: Security (chapter 11) Microsoft SQL Server / Windows NT (chapter 13) Basic problem solving (chapter 17 ) Basic performance tuning (chapter 22)

System Administration Made Easy

xxv

xxv

Introduction What’s New

The procedures to perform regularly-scheduled tasks have been moved to the Roles section. The unscheduled tasks section from the 4.0B guidebook has become a role-oriented section. This change accommodates customers who perform scheduled tasks at times other than the times presented in this guidebook. Therefore, all the task procedures are classified in one section and by job roles, where related tasks are placed together. Regardless of the job schedule, all jobs related to a job role are grouped in one place.

&RQYHQWLRQV In the table below, you will find some of the text conventions used throughout this guide. Column Title

Column Title

Sans-serif italic

Screen names or on-screen objects (buttons, fields, screen text, etc.)

Monospace

User input (text the user types verbatim)

Name1 → Name2

Menu selection Name1 is the menu name, and Name2 is the item on the menu

Sample R/3 Release 4.6 Screen

Menu Bar Standard Toolbar Screen Title ♦ Application Toolbar

User menu SAP standard menu

♣ Workplace Menu

Workplace

Status Bar

♦ Application toolbar:

xxvi xxvi

Release 4.6 A/B

Introduction Special Icons

The screenshots shown in this guide are based on full user authorization (SAP_ALL). Depending on your authorizations, some of the buttons on your application toolbar may not be available. ♣ Workplace menu: Depending on your authorizations, your workplace menu may look different from screenshots in this guide which are based on SAP_ALL. The User menu and SAP standard menu buttons provide different views of the workplace menu. To learn how to build user menus, see Authorizations Made Easy guidebook Release 4.6A/B.

1RWH In this guidebook, we show the technical names of each transaction. To match our settings, choose Extras → Settings and select Show technical names.

6SHFLDO,FRQV Throughout this guide special icons indicate important messages. Below are brief explanations of each icon:

Exercise caution when performing this task or step. An explanation of why you should be careful is included.

This information helps you understand the topic in greater detail. It is not necessary to know this information to perform the task.

These messages provide helpful hints and shortcuts to make your work faster and easier.

System Administration Made Easy

xxvii

xxvii

Introduction Special Icons

xxviii xxviii

Release 4.6 A/B

&KDSWHU 56\VWHP$GPLQLVWUDWLRQ %DVLFV

&RQWHQWV Overview ..................................................................................................................1–2 Roles of an R/3 System Administrator .................................................................1–2 Traits of an R/3 System Administrator .................................................................1–4 R/3 System Guidelines ...........................................................................................1–4 Corollaries to Murphy’s Law................................................................................1–13 Special Definitions ................................................................................................1–14

System Administration Made Easy

1–1

Chapter 1: R/3 System Administration Basics Overview

2YHUYLHZ This chapter is about the roles that a system administrator plays. These roles cross all functional areas, and the number and intensity of the tasks depends on the size of the company. In a small company, one person can be the entire system administration department. In a larger company, however, this person is probably part of a team. The purpose of this “definition” is to help clarify the roles of a system administrator. This chapter is a list of commonly used system administration terms and their definitions. At the end of this chapter is a list of 14 R/3 System guidelines, which a system administrator must be aware of while working with the system. Sample guidelines include: <

Keep it short and simple (KISS)

<

Use checklists

<

Do not allow direct database access

5ROHVRIDQ56\VWHP$GPLQLVWUDWRU Depending on the size of the company and available resources, R/3 administrator(s) may range from one person to several specialized people in several departments. Factors that affect an R/3 system administrator’s tasks, staffing, and roles: <

Company size

<

Available resources (the size of the Basis group)

<

Availability of infrastructure support for: Desktop support Database Network Facilities

The R/3 system administrator may wear many hats both in or directly related to, R/3 and indirectly or external to R/3.

:LWKLQ5 <

User administrator Set up and maintain user accounts

<

1–2

Security administrator Create and maintain SAP security profiles Monitor and manage security access and violations

Release 4.6A/B

Chapter 1: R/3 System Administration Basics Roles of an R/3 System Administrator

<

System administrator Maintain the system’s health Monitor system performance and logs

<

Transport administrator Transport changes between systems Manage change requests

<

Batch scheduler Create and manage the scheduling of batch jobs

<

Backup operator Schedule, run, and monitor backup jobs of the SAP database and any required operating system level files

<

Disaster recovery technical manager Create, test, and execute the SAP disaster recovery plan

<

Programmer Apply SAPNet R/3 note fixes to programs

<

Data Dictionary (DDIC) manager Change the Data Dictionary (when applicable)

<

Data Base Administrator (DBA)

([WHUQDOWR5 <

<

<

<

DBA for the specific database on which the system is running Manage database specific tasks Maintain the database’s health and integrity Operating system administrator Manage the operating system access and user IDs Manage operating system specific tasks Network administrator Manage network access and user IDs Manage network support and maintenance Server administrator Manage the servers

<

Desktop support Supports the user’s desktop PC

<

Printers

<

Facilities Manages facilities-related support issues, such as: Power/utilities Air conditioning (cooling)

System Administration Made Easy

1–3

Chapter 1: R/3 System Administration Basics Traits of an R/3 System Administrator

Physical server access

7UDLWVRIDQ56\VWHP$GPLQLVWUDWRU An R/3 system administrator should: <

Have a proper attitude Protect and safeguard the system. The system administrator is the guardian of the system. Know when to call for help The ability to know when you need to get help is a strength. The weakness is not knowing when to get help and getting into trouble. Be willing to work the hours required to support the system Certain tasks must be done after hours or on weekends to avoid disrupting normal business operations.

<

Be technically competent When necessary, the company must invest in training for the Basis staff. You must also take responsibility for your own training and education, whether your company pays for it or not.

<

Be a team-player The system administrator will have to work with various functional groups, users, the IS staff, and others to successfully complete the necessary tasks.

56\VWHP*XLGHOLQHV When working on an R/3 System:

1–4

<

Protect the system

<

Do not be afraid to ask for help

<

Network with other customers and consultants

<

Keep it short and simple (KISS)

< <

Keep proper documentation Use checklists

<

Use the appropriate tool for the job

<

Perform preventive maintenance

<

Do not change what you do not have to

<

Do not make changes to the system during critical periods

<

Do not allow direct database access

<

Keep all non-SAP activity off the SAP servers

<

Minimize single points of failure

Release 4.6A/B

Chapter 1: R/3 System Administration Basics R/3 System Guidelines

3URWHFWWKH6\VWHP :KDW

Everything you do as a system administrator should be focused on protecting and maintaining the system’s integrity. :K\

<

If the system’s integrity is compromised, incorrect decisions could be made based on invalid data.

<

If the system cannot be recovered after a disaster, your company could be out of business.

+RZ

<

The system administrator must have a positive, professional attitude. If the system administrator has less than this attitude, critical tasks may not be properly completed (for example, backups may not be taken as scheduled and backup logs may not be checked, which reduces the chances for a successful recovery).

<

System administrators should maintain a “my job is on the line” attitude. This attitude helps to ensure that administrators focus on maintaining the integrity of the system. The company may not survive if the system crashes and cannot be recovered.

<

The system must be protected from internal and external sources. One problem today is employees “poking around” in the network.

'R1RW%H$IUDLGWR$VNIRU+HOS :K\

<

R/3 is so large and complex that one person cannot be expected to know everything. If you are unsure which task to complete or how to complete it, you could make a mistake and cause a larger problem.

<

Mistakes within the system can be expensive. Certain things cannot be “undone,” and once set, are set forever.

<

The only way to learn is to ask. There are no dumb questions—only dumb reasons for not asking them.

+RZ

<

SAPNet R/3 notes

<

Various web sites and news groups

<

Consultants

Also see the section in this chapter that covers networking with other customers and consultants.

System Administration Made Easy

1–5

Chapter 1: R/3 System Administration Basics R/3 System Guidelines

1HWZRUNZLWK2WKHU&XVWRPHUVDQG&RQVXOWDQWV :KDW

Get to know the R/3 Basis and system administrators in other companies. :K\

<

Other customers may be able to provide solutions to your problems.

<

Customers who help each other reduce their consulting expenses.

<

The more people you know, the better your chances of finding someone to help you solve a problem.

:KHQ:KHUHDQG+RZ

When you have the opportunity, meet: < <

Other SAP customers and consultants, especially those in your specialty area Others using your operating system or database

Where to network: <

Training classes

<

SAP events Technical Education Conference (TechEd) SAPPHIRE Participate in user groups: Americas SAP Users Group (ASUG) Regional SAP users groups Database user groups, such as those for Microsoft SQL Server, Informix, DB2, or Oracle Operating system user groups, such as those for UNIX (the various versions), NT, or IBM (AIX, AS400, or OS390)

<

<

Participate in professional organizations

Participation means getting involved in the organization. The more you participate, the more people you meet and get to know. <

Whenever you attend an event, carry a stack of business cards. Set the goal of collecting “at least” ten business cards, of people in your area of specialty.

<

Do not forget to ask the “old-timers.” Decades ago, the mainframe community may have solved many of the issues and problems you now face.

1–6

Release 4.6A/B

Chapter 1: R/3 System Administration Basics R/3 System Guidelines

.HHS,W6KRUWDQG6LPSOH.,66 :K\

<

Complex tasks are more likely to fail as situations change. A process with 27 steps has 27 chances to fail, because complex tasks are difficult to create, debug, and maintain.

<

It is difficult to train people for complex tasks.

<

Explaining a complex task on the telephone increases the chance that what is said will not be properly understood and an error will be made. If the error is severe, you may have a disaster on your hands.

+RZ

< <

Keep tasks as simple as possible. Test

.HHS3URSHU'RFXPHQWDWLRQ :KDW

Document processes, procedures, hardware changes, configuration changes, checks performed, problems, errors, etc. If in doubt about what to document, write it all down. :K\

<

As time passes, you will forget the details of a process or problem. At some point, you may not remember anything about the process or problem. In an extreme situation, which happens with short-term memory, you can quickly forget the information in minutes.

<

If you violate the KISS principle, complete documentation becomes even more important.

<

If the process is complex, complete documentation reduces the chance of errors.

<

If you are sick or unavailable, complete documentation can help someone else do the job.

<

If changes need to be undone, you will know exactly what needs to be done to complete this task.

<

Documentation helps train new people. Employee turnover must be planned for. Proper documentation makes the training and transition of new employees easier and faster.

System Administration Made Easy

1–7

Chapter 1: R/3 System Administration Basics R/3 System Guidelines

:KHQ

Documentation must be changed when: <

Documented items change. Inaccurate documentation could be dangerous because it describes a process that should not be followed.

<

Changes are made to the system.

<

Problems, such as hardware failures, error log entries, and security violations, occur.

“Hot” projects or emergencies tend to take precedence over writing documentation. Do not postpone writing documentation, or the task may never get done. Record everything that is done to the system—as it is being done. +RZ

<

Record everything done to the system, as it is being done, so details are not forgotten.

<

Document items clearly and sufficiently so that, without assistance, a qualified person can read what you have written and perform the task.

<

Re-read older documentation to see where improvements can be made. Obvious items get “fuzzy” over time and are no longer obvious.

<

Use graphics, flowcharts, and screenshots to clarify documentation.

:KHUH

<

Keep a log (notebook) on each server and record everything that you do on the servers.

<

Keep a log for everything done remotely to any of the servers.

<

Keep a log for other related items.

8VH&KHFNOLVWV :KDW

A checklist lists the steps required to complete a task. Each step requires an acknowledgement of completion (a check) or an entry (date, time, size, etc.). :K\

<

Checklists enforce a standardized process and reduce the chance that you will overlook critical steps. For example, if you were to use a checklist every time you drive a car, then you would remember to turn off your headlights when you park your car, or you would not drive off with your parking brake still set.

<

1–8

Checklists force you to document events, such as run times, which may later become important.

Release 4.6A/B

Chapter 1: R/3 System Administration Basics R/3 System Guidelines

:KHQ

Checklists are especially useful for tasks that are: <

Complex or critical If a step is missed or done incorrectly, the result could be serious (for example, inability to restore the database).

<

Done for the first time

<

Done infrequently It is difficult to remember how to do a complicated task that you do only once a year.

+RZ

See examples in Scheduled Tasks.

8VHWKH$SSURSULDWH7RROIRUWKH-RE Sometimes a low-tech solution is best. Depending on the situation, a paper-and-pencil solution may work better and be more cost effective than a computerized solution. Paper and pencil still works during a power failure.

3HUIRUP3UHYHQWLYH0DLQWHQDQFH :KDW

Preventive maintenance is the proactive monitoring and maintenance of the system. :K\

< <

It is less disruptive and stressful if you can plan a convenient time to do a task, rather than have it develop into an “emergency” situation. Fix a potential problem before it negatively impacts the system and company operations. An extreme situation is that the entire system is down until a particular task is completed (for example, if the log file space goes down to zero (0), the database will stop, and then R/3 also stops. Until sufficient file space is cleared, R/3 will not run and certain business operations, such as shipping, may stop).

:KHQ

<

Checking for problems should be a part of your regular routine.

<

Scheduling tasks to fix a problem should be based on your situation, and when least disruptive to your users.

+RZ

<

Monitor the various logs and event monitors

< <

Obtain additional disk storage before you run out of room Regularly clean the tape drive(s)

<

Check the database for consistency and integrity

System Administration Made Easy

1–9

Chapter 1: R/3 System Administration Basics R/3 System Guidelines

'R1RW&KDQJH:KDW
<

If the system works, leave it alone.

<

Do not change something just to upgrade to the latest version.

:K\

<

Risk When something changes, there is a chance that something else may break.

<

Cost Upgrading is expensive in terms of time, resources, and consulting, etc.

:KHQ

<

A business need exists.

<

Legal requirements call for an update. This really is not an option. If you do not keep up you will not be complying with legal requirements. The associated penalties can be expensive.

<

If the hardware or software release is no longer supported by the vendor.

<

The new release offers a specific functionality that offers added business value to your company.

<

Fixing a major problem requires an upgrade. A fix is unavailable in a patch or an “advance release.”

+RZ

<

If the change fails or causes problems, make certain you can recover to a before-thechange condition.

<

All changes must be regression tested to make sure that nothing else has been affected by the change. In other words, everything still works as it is supposed to. Regression testing of R/3 involves the functional team and users.

<

Stage the change and test it in the following order: 1. Test system (a “Sandbox” system) 2. Development system 3. Quality Assurance system 4. Production system Even if your company does not have all the above-mentioned systems, the key is to maintain the general order. For example, if your company does not have a test system, test the change in the following order: 1. Development 2. Quality Assurance 3. Production

1–10

Release 4.6A/B

Chapter 1: R/3 System Administration Basics R/3 System Guidelines

By the time you reach the production system, you should be comfortable that nothing will break.

'R1RW0DNH6\VWHP&KDQJHV'XULQJ&ULWLFDO3HULRGV :KDW

A critical period is when system disruptions could cause severe operational problems. :K\

If a problem occurs during a critical period, the business maybe severely impacted. Note the following sequence of events: 1. A system administrator changes a printer in Shipping at the end of the month. 2. R/3 cannot send output to the new printer. 3. The users cannot print shipping documents. 4. The company cannot ship their products. 5. Revenue for the month is reduced. :KHQ

A critical period is any time where the users and the company may be “severely” impacted by a system problem. These periods differ depending on the particular industry or company. What is a critical period for one company may not be critical for another company. The following are “real” examples of critical periods: <

At end of the month, when Sales and Shipping are booking and shipping as much as they can, to maximize revenue for the month

<

At the beginning of the month, when Finance is closing the prior month

<

During the last month of the year, when Sales and Shipping are booking and shipping as much as they can, to maximize the revenue for the year

<

During the beginning of the year, when Finance is closing the books for the prior year and getting ready for the financial audit

+RZ

<

Always coordinate potentially disruptive system events with the users. Different user groups in the company, such as Finance and Order Entry, may have different quiet periods that need to be coordinated.

<

Plan all potentially disruptive systems-related activities during quiet periods when a problem will have minimal user impact.

System Administration Made Easy

1–11

Chapter 1: R/3 System Administration Basics R/3 System Guidelines

'R1RW$OORZ'LUHFW'DWDEDVH$FFHVV :KDW

Direct database access means allowing a user to run a query or update directly to the database without going through R/3. :K\

<

By not going through R/3, there is the risk of corrupting the database.

<

Directly updating the database could put the database out of sync with the R/3 buffers.

+RZ

<

<

When R/3 writes to the database, it could be writing to many different tables. If a user writes directly to the tables, missing a single table may corrupt the database by putting the tables out of sync with each other. With direct database access, a user could accidentally execute an update or delete, rather than a read.

.HHSDOO1RQ6$3$FWLYLW\2IIWKH56HUYHUV :KDW < Do not allow users to directly access (telnet, remote access, etc.) the R/3 server(s). < Do not use the R/3 server as a general file server. < Do not run programs that are not directly related to R/3 on an R/3 server. :K\

<

Security Not allowing users to have access to the R/3 server reduces the chance of files from being accidentally deleted or changed. No access also means that user cannot look at confidential or sensitive information.

<

Performance Using the production R/3 sever as a file server creates resource contention, where performance is a primary concern. Programs running on the R/3 servers will contend for the same resources that R/3 is using, which affects the performance of R/3.

+RZ

Use other servers to perform functions unrelated to R/3.

1–12

Release 4.6A/B

Chapter 1: R/3 System Administration Basics Corollaries to Murphy’s Law

0LQLPL]H6LQJOH3RLQWVRI)DLOXUH :KDW

A single-point failure is when the failure of a single component, task, or activity causes the system to fail or creates a critical event. :K\

Each place where a single-point failure could occur increases the chances of a system failure or other critical event. For example, if: <

You only have one tape drive and it fails, you cannot back up your database.

<

You rely on utility line power, and do not have a UPS, the server will crash during a power failure and possibly corrupt the database.

<

You are the only one who can complete a task, and you are on vacation, the task will not be completed until you return (or you will be “on call” while on vacation).

To guard against a single-point failure, consider the following options: < <

Systems configured with a built-in backup Redundant equipment, such as dual power supplies

<

On-hand spares

<

Sufficient personnel

<

On-call consultants

<

Cross-training

<

Outsourcing

&RUROODULHVWR0XUSK\·V/DZ Murphy’s Law states: “Whatever can go wrong will go wrong.” The following are some corollaries to Murphy’s Law: <

Without telling you, someone will change something in the infrastructure and crash the system.

<

When the power fails, you find out that the battery in your UPS is dead.

<

If you have only one tape drive, it will fail.

<

The one thing that you did not test is “where” the problem is.

<

Someone will need a network jumper cable, and will remove it from your server.

<

When disaster strikes, you will be out of town or unavailable .

<

Disaster will strike at the worst time.

<

Problems always happen at 2:00 AM.

<

Problems come in clusters.

System Administration Made Easy

1–13

Chapter 1: R/3 System Administration Basics Special Definitions

<

The latest full backup tape will be bad.

<

The one time you did not check the backup log will be the time when the backup fails.

< <

You will need a tape from the backup that failed. The computer room will be destroyed—along with all your backup tapes.

<

What you did not write down, and forgot, is what you need to know.

<

User transparent, is not.

<

The Peter Principle will strike.

<

A shortcut is the longest distance between two points.

<

When you need to send an alpha page, a link in the e-mail system will fail.

<

When a disaster strikes, and you need to be found, you will be out of the pager or cell phone coverage area.

<

When a disaster strikes, and you need to be contacted, the battery in your pager or cell phone will be dead.

6SHFLDO'HILQLWLRQV There are terms used in this guidebook that have very specific meanings. To prevent confusion, they are defined below:

'DWDEDVHVHUYHU This is where R/3 and the database resides. The system clock of the database server is the master clock for the R/3 system.

$SSOLFDWLRQVHUYHU This is where R/3 application runs. On a two-tiered system, this would be combined on the database server. Application servers can be dedicated to online users, batch processing or a mix.

,QVWDQFH An installation of R/3 on a server. The two types of instances are central, and dialog. More than one instance could exist on a physical server.

6\VWHP The complete R/3 installation for a System ID (SID), for example PRD. A system logically consists of the R/3 central instance and dialog instances for the SID. This physically consists of the database server and application servers for that SID.

1–14

Release 4.6A/B

Chapter 1: R/3 System Administration Basics Special Definitions

Three-tiered R/3 Configuration

Layers

Physical Devices

R/3 Instance

What Runs on Each Layer

Presentation

Desktop PC—many

N/A

SAP GUI

Application

Application Server

Dialog

R/3

Central

Database: SQL Server, DB2, Informix, ADABAS, Oracle

—N/A —many Database

Database server – only one

A two-tiered configuration combines the application and database layers on a single server.

System Administration Made Easy

1–15

Chapter 1: R/3 System Administration Basics Special Definitions

1–16

Release 4.6A/B

&KDSWHU 'LVDVWHU5HFRYHU\

&RQWHQWV Overview ..................................................................................................................2–2 Why Plan for a Disaster?........................................................................................2–3 Planning for a Disaster...........................................................................................2–4 Test your Disaster Recovery Procedure ............................................................2–15 Other Considerations ...........................................................................................2–16 Minimizing the Chances for a Disaster ...............................................................2–17

System Administration Made Easy

2–1

Chapter 2: Disaster Recovery Overview

2YHUYLHZ The purpose of this chapter is to help you understand what we feel is the most critical job of a system administrator—disaster recovery. We included this chapter at the beginning of our guidebook for two reasons: <

To emphasize the importance of the subject Disaster recovery needs to be planned as soon as possible, because it takes time to develop, test, and refine.

<

To emphasize the importance of being prepared for a potential disaster

Murphy’s Law says: “Disaster will strike when you are not prepared for it.” The faster you begin planning, the more prepared you will be when a disaster does happen. This chapter is not a disaster recovery “how to.” It is only designed to get you thinking and working on disaster recovery.

:KDW,VD'LVDVWHU" The goal of disaster recovery is to restore the system so that the company can continue doing business. A disaster is anything that results in the corruption or loss of the R/3 System. Examples include: < Database corruption. For example when test data is accidentally loaded into the production system. This happens more often than people realize. <

A serious hardware failure.

<

A complete loss of the R/3 System and infrastructure. For example, the destruction of the building due to natural disaster.

The ultimate responsibility of a system administrator is to successfully restore R/3 after a disaster. The ultimate consequence of not restoring the system is that your company goes out of business. The administrator’s goal is to prevent the system from ever reaching the situation where the ultimate responsibility is called upon. Disaster recovery planning is a major project. Depending on your situation and the size and complexity of your company, disaster recovery planning could take more than a year to

2–2

Release 4.6 A/B

Chapter 2: Disaster Recovery Why Plan for a Disaster?

prepare, test, and refine. The plan could fill many volumes. This chapter helps you start thinking about and planning for disaster recovery.

:K\3ODQIRUD'LVDVWHU" <

A system administrator should expect and plan for the worst, and then hope for the best.

<

During a disaster recovery, nothing should be done for the first time. Unpleasant surprises could be fatal to the recovery process.

Here are some of the reasons to develop a disaster recovery plan: <

Will business operations stop if R/3 fails?

<

How much lost revenue and cost will be incurred for each hour that the system is down?

<

Which critical business functions cannot be completed?

<

How will customers be supported?

<

How long can the system be down before the company goes out of business?

<

Who is coordinating and managing the disaster recovery?

< <

What will the users do while R/3 is down? How long will the system be down?

<

How long will it take before the R/3 System is available for use?

If you plan properly, you will be under less stress, because you know that the system can be recovered and how long this recovery will take. If the recovery downtime is unacceptable, management should invest in: <

Equipment, facilities, and personnel

<

High availability (HA) options HA options can be expensive. There are different degrees of HA, so customers need to determine which option is right for them. HA is an advanced topic beyond the scope of this guidebook. If you are interested in this topic, contact an HA vendor.

System Administration Made Easy

2–3

Chapter 2: Disaster Recovery Planning for a Disaster

3ODQQLQJIRUD'LVDVWHU This chapter is not a disaster recovery “how to.” It is only designed to get you thinking and working on disaster recovery.

&UHDWLQJD3ODQ Creating a disaster recovery plan is a major project because: <

It can take over a year and considerable time to develop, test, and document.

<

The documentation may be extensive (literally thousands of pages long).

If you do not know how to plan for a disaster recovery, get the assistance of an expert. A bad plan (that will fail) is worse than no plan, because it provides a false sense of security.

:KDW$UHWKH%XVLQHVV5HTXLUHPHQWVIRU'LVDVWHU5HFRYHU\" Who will provide the requirements? < Senior management needs to provide global (or strategic) requirements and guidelines. <

The business units’ needs drive the specific detailed requirements. These units should understand that as the requirement for the recovery time decreases, the cost for disaster recovery increases. The units should budget for it, or if the funds come from an administrative or IT budget, the units should support it.

What are the requirements? Each requirement should answer the following questions: <

Who is the requestor?

<

What is the requirement?

< <

Are other departments or customers affected by this requirement? Why is the requirement necessary? When R/3 is offline, what does (or does not) happen? What is the cost (or lost revenue) of an hour or a day of R/3 downtime? The justification should be a concrete objective value (such as $20,000 an hour). Define the cost (per hour, per day, etc.) of having the R/3 System down.

2–4

Release 4.6 A/B

Chapter 2: Disaster Recovery Planning for a Disaster

([DPSOH

What: No more than one hour of transaction data may be lost. Why: The cost is 1,000 transactions per hour of lost transactions that are entered in R/3 and cannot be recreated from memory. This inability to recreate lost transactions may result in lost sales and upset customers. If the lost orders are those that the customer quickly needs, this situation can be critical.

([DPSOH

What: The system cannot be offline for more than three hours. Why: The cost (an average of $25,000 per hour) is the inability to book sales.

([DPSOH

What: In the event of disaster, such as the loss of the building containing the R/3 data center, the company can only tolerate a two-day downtime. Why: At that point, permanent customer loss begins. Other: There must be an alternate method of continuing business.

:KHQ6KRXOGD'LVDVWHU5HFRYHU\3URFHGXUH%HJLQ" Ask yourself the following questions: <

What criteria constitute a disaster?

<

Have these criteria been met?

<

Who needs to be consulted?

The person must be aware of the effect of the disaster on the company’s business and the critical nature of the recovery.

([SHFWHG'RZQWLPHRU5HFRYHU\7LPH ([SHFWHG'RZQWLPH Expected downtime is only part of the business cost of disaster recovery. For defined scenarios, this cost is the expected minimum time before R/3 can be productive again. Downtime may mean that no orders can be processed and no products shipped. Management must approve this cost, so it is important that they understand that downtime are potential business costs. To help business continue, it is important to find out if there are alternate processes that can be used while the R/3 System is being recovered.

System Administration Made Easy

2–5

Chapter 2: Disaster Recovery Planning for a Disaster

The following costs are involved with downtimes: <

The length of time that R/3 is down. The longer the system is down, the longer the catch-up period when it is brought back up. The transactions from the alternate processes that were in place during the disaster have to be applied to the system to make it current. This situation is more critical in a high-volume environment.

<

A downed system is more expensive during the business day when business activity would stop than at the end of the business day when everyone has gone home.

<

When customers cannot be serviced or supported, they may be lost to a competitor.

The duration of acceptable downtime depends on the company and the nature of its business. 5HFRYHU\7LPH Unless you test your recovery procedure, the recovery time is only an estimate, or worse, a guess. Different disaster scenarios have different recovery times, which are based on what needs to be done to become operational again. The time to recover must be matched to the business requirements. If this time is greater than the business requirements, the mismatch needs to be communicated to the appropriate managers or executives. Resolving this mismatch involves: <

Investing in equipment, processes, and facilities to reduce the recovery time.

<

Changing the business requirements to accept the longer recovery time and accepting the consequences.

An extreme (but possible) example: A company cannot afford the cost and lost revenue for the month it would take one person to recover the system. During that time, the competition would take away customers, payment would be due to vendors, and bills would not be collected. In this situation, senior management needs to allocate resources to reduce the recovery time to an acceptable level.

5HFRYHU\*URXSDQG6WDIILQJ5ROHV There are four key roles in a recovery group. The number of employees performing these roles will vary depending on your company size. In a smaller company, for example, the recovery manager and the communication liaison could be the same person. Titles and tasks will probably differ based on your company’s needs. We defined the following key roles: <

Recovery manager Manages the entire technical recovery. All recovery activities and issues should be coordinated through this person.

<

Communication liaison Handles user phone calls and keeps top management updated with the recovery status. One person handling all phone calls allows the group doing the technical recovery to proceed without interruptions.

2–6

Release 4.6 A/B

Chapter 2: Disaster Recovery Planning for a Disaster

<

Technical recovery team Does the actual technical recovery. As the recovery progresses, the original plan may have to be modified. This role must manage the changes and coordinate the technical recovery.

<

Review and certification manager Coordinates and plans the post-recovery testing and certification with users.

To reduce interruption of the recovery staff, we recommend you maintain a status board. The status board should list key points in the recovery plan and an estimate of when the system will be recovered and available to use.

<

If the disaster is a major geographical event (like an earthquake), your local staff will be more concerned with their families—not the company.

<

Depending on the disaster, key personnel could be injured or killed.

You should expect and plan for these situations. Plan for staff from other geographic sites to be flown in and participate as disaster recovery team members. A final staffing role is to plan for at least one staff member to be “unavailable.” Without this person, the rest of the department must be able to perform a successful recovery. This issue may become vital during an actual disaster.

7\SHVRI'LVDVWHU5HFRYHU\ Disaster recovery scenarios can be grouped into two types: <

Onsite

<

Offsite

2QVLWH Onsite recovery is disaster recovery done at your site. The infrastructure usually remains intact. The best case scenario is a recovery done on the original hardware. The worst case scenario is a recovery done on a backup system. 2IIVLWH Offsite recovery is disaster recovery done at a disaster recovery site. In this scenario, all hardware and infrastructure are lost as a result of facility destruction such as a fire, a flood, or an earthquake. The new servers must be configured from scratch. A major consideration is that once the original facility has been rebuilt and tested, a second restore must take place back to the customer’s original facility. While this second restore can be planned and scheduled at a convenient time to disrupt as few users as possible. The timing is just as critical as the disaster. While the system is being recovered, it is down.

System Administration Made Easy

2–7

Chapter 2: Disaster Recovery Planning for a Disaster

'LVDVWHU6FHQDULRV There are an infinite number of disaster scenarios that could occur. It would take an infinite amount of time to plan for them, and you will never account for all of them. To make this task manageable, you should plan for at least three and no more than five scenarios. In the event of a disaster, you would adapt the closest scenario(s) to the actual disaster. The disaster scenarios are made up of: <

Description of the disaster event

<

High level plan of major tasks to be performed

<

Estimated time to have the system available to the users

To create your final scenario: 1. Use the Three Common Disaster Scenarios section below as a starting point. 2. Prepare three to five scenarios that cover a wide range of disasters that would apply to you. 3. Create a high-level plan (are made up of major tasks) for each scenario. 4. Test the planned scenario, by creating different test disasters and determining if (and how) your scenario(s) would adapt to an actual disaster. 5. If the test scenario(s) cannot be adapted, modify or develop more scenarios 6. Repeat the process.

7KUHH&RPPRQ'LVDVWHU6FHQDULRV The following three examples range from a best-to-worst scenario order: The downtimes in the examples below are only samples. Your downtimes will be different. You must replace the sample downtimes with the downtimes applicable to your environment. $&RUUXSW'DWDEDVH <

< <

A corrupt database could result from: Accidentally loading test data into the production system. A bad transport into production, which results in the failure of the production system. Such a disaster requires the recovery of the R/3 database and related operating system files. The “sample” downtime is eight hours.

$+DUGZDUH)DLOXUH <

2–8

The following types of items may fail: A system processor A drive controller

Release 4.6 A/B

Chapter 2: Disaster Recovery Planning for a Disaster

<

<

Multiple-drives in a drive array, so that the drive array fails

Such a disaster scenario requires: Replacing failed hardware Rebuilding the server (operating system and all programs) Recovering the R/3 database and related files The “sample” downtime is seven days and comprises: Five days to procure replacement hardware Two days to rebuild the NT server (one person); 16 hours of actual work time

$&RPSOHWH/RVVRU'HVWUXFWLRQRIWKH6HUYHU)DFLOLW\ <

The following items can be lost: Servers All supporting infrastructure All documentation and materials in the building The building

<

A complete loss of the facility can result from the following types of disasters: Fire Earthquake Flood Hurricane Tornado Man-made disasters, such as the World Trade Center bombing Such a disaster requires: Replacing the facilities Replacing the infrastructure Replacing lost hardware Rebuilding the server and R/3 environment (hardware, operating system, database, etc.) Recovering the R/3 database and related files

<

<

The “sample” downtime lasts eight days and comprises: At least five days to procure hardware. In a regional disaster, this purchase could take longer if your suppliers were also affected by the disaster. Use national vendors with several regional distribution centers and, as a backup, have an out-of-area alternate supplier.

Two days to rebuild the NT server (one person); 16 hours actual work time As the hardware is procured and the server is being rebuilt, an alternate facility is obtained and an emergency (minimal) network is constructed One day to integrate into the emergency network

System Administration Made Easy

2–9

Chapter 2: Disaster Recovery Planning for a Disaster

<

Complete loss or destruction requires a recovery back to a new facility.

5HFRYHU\6FULSW :KDW

A recovery script is a document that provides step-by-step instructions about: < The process required to recover R/3 <

Who will complete each step

<

The expected time for long steps

<

Dependencies between steps

:K\

A script is necessary because it helps you: <

Develop and use a proven series of steps to restore R/3

<

Prevent missing steps Missing a critical step may require restarting the recovery process from the beginning, which delays the recovery.

If the primary recovery person is unavailable, a recovery script helps the backup person complete the recovery.

&UHDWLQJD5HFRYHU\6FULSW Creating a recovery script requires: <

A checklist for each step

<

A document with screenshots to clarify the instructions, if needed

<

Flowcharts, if the flow of steps or activities is critical or confusing

5HFRYHU\3URFHVV To reduce recovery time, define a process by: <

Completing as many tasks as possible in parallel

<

Adding timetables for each step

0DMRU6WHSV 1. During a potential disaster, anticipate a recovery by: <

Collecting facts

<

Recalling the latest offsite tapes

<

Recalling the crash kit (see page 2–11 for more information).

<

Calling all required personnel These personnel include the internal SAP team, affected key users, infrastructure support, IT, facilities, on-call consultants, etc.

2–10

Release 4.6 A/B

Chapter 2: Disaster Recovery Planning for a Disaster

<

Preparing functional organizations (sales, finance, and shipping) for alternate procedures for key business transactions and processes.

2. Minimize the effect of the disaster by: <

Stopping all additional transactions into the system Waiting too long could worsen the problem

<

Collecting transaction records that have to be manually reentered

3. Begin the planning process by: <

Analyzing the problem

<

Fitting the disaster to your predefined scenario plans

<

Modifying the plans as needed

4. Define when to initiate a disaster recovery procedure. <

What are the criteria to declare a disaster, and have they been met?

<

Who will make the final decision to declare a disaster?

5. Declare the disaster. 6. Perform the system recovery. 7. Test and sign off on the recovered system. Key users, who will use a criteria checklist to determine that the system has been satisfactorily recovered should perform the testing. 8. Catch up with transactions that may have been handled by alternate processes during the disaster. Once completed, this step should require an additional sign-off. 9. Notify the users that the system is ready for normal operations. 10. Conduct a postmortem debriefing session. Use the results from this session to improve your disaster recovery planning.

&UDVK.LW :KDW

A crash kit contains everything needed to: <

Rebuild the R/3 servers

<

Reinstall R/3

<

Recover the R/3 database and related files

:K\

During a disaster, everything that is needed to recover the R/3 environment is contained in one (or a few) containers. If you have to evacuate the site, you will not have the time to run around, gathering the items at the last minute, hoping that you get everything you need. In a major disaster you may not even have that opportunity.

System Administration Made Easy

2–11

Chapter 2: Disaster Recovery Planning for a Disaster

:KHQ

When a change is made to a component (hardware or software) on the server, replace the outdated items in the crash kit with updated items that have been tested. A periodic review of the crash kit should be performed to determine if items need to be added or changed. A service contract is a perfect example of an item that requires this type of review. :KHUHWR3XWWKH&UDVK.LW

The crash kit should be physically separated from the servers. If it is located in the server room, and the server room is destroyed, this kit is lost. Some crash kit storage areas include: < <

Commercial offsite data storage Other company sites

<

Another secure section of the building

+RZ

The following is an inventory list of some of the major items to put into the crash kit. You will need to add or delete items for your specific environment. This inventory list is organized into the following categories: <

Documentation

<

Software

'RFXPHQWDWLRQ

An inventory of the crash kit should be taken by the person who seals the kit. If the seal is broken, items may have been removed or changed, making the kit useless in a recovery.

The inventory list below must be signed and dated by the person checking the crash kit. The following documentation must be included in the crash kit:

2–12

<

Disaster recovery script

<

Installation instructions for the: Operating system Database R/3 System

<

Special installation instructions for: Drivers that have to be manually installed Programs that must be installed in a specific manner

Release 4.6 A/B

Chapter 2: Disaster Recovery Planning for a Disaster

<

Copies of: SAP license for all instances Service agreements (with phone numbers) for all servers

Ensure that maintenance agreements are still valid and check if the agreements expired. These should be part of a regular schedule task. <

Instructions to recall tapes from offsite data storage

<

List of personnel authorized to recall tapes from offsite data storage This list must correspond to the list maintained by the data storage company.

<

A parts list If the server is destroyed, this list should be in sufficient detail to purchase or lease replacement hardware. Over time, if original parts are no longer available, an alternate parts list will have to be prepared. At this point, you might consider upgrading the equipment.

<

File system layout

<

Hardware layout You need to know which: Cards go in which slots Cables go where (connector-by-connector) Labeling cables and connectors greatly reduces confusion

<

Phone numbers for: Key users Information services personnel Facilities personnel Other infrastructure personnel Consultants (SAP, network, etc.) SAP hotline Offsite data storage Security department or personnel Service agreement contacts Hardware vendors

6RIWZDUH

<

Operating system: Installation kit Drivers for hardware, such as a Network Interface Card (NIC) or a SCSI controller, which are not included in the installation kit Service packs, updates, and patches

System Administration Made Easy

2–13

Chapter 2: Disaster Recovery Planning for a Disaster

<

<

< <

Database: Installation kit Service packs, updates, and patches Recovery scripts, to automate the database recovery For R/3: Installation kit Currently installed kernel System profile files tpparam file saprouttab file saplogon.ini Other R/3 integrated programs (for example, a tax package) Other software for the R/3 installation: Utilities Backup UPS control program Hardware monitor FTP client Remote control program System monitor

%XVLQHVV&RQWLQXDWLRQ'XULQJ5HFRYHU\ Business continuation during a recovery is an alternate process to continue doing business while recovering from a disaster. It includes: <

Cash collection

<

Order processing

<

Product shipping

<

Bill paying

<

Payroll processing

<

Alternate locations to continue doing business

:K\

Without an alternate process, your company would be unable to do business. Some of the problems you would encounter include:

2–14

<

Orders cannot be entered

<

Product cannot be shipped

<

Money cannot be collected

Release 4.6 A/B

Chapter 2: Disaster Recovery Test your Disaster Recovery Procedure

+RZ

There are many alternate processes, including: <

Manual paper-based

<

Stand alone PC-based products

2IIVLWH'LVDVWHU5HFRYHU\6LWHV <

Other company sites

<

Commercial disaster recovery sites

<

Share or rent space from other companies

,QWHJUDWLRQZLWK\RXU&RPSDQ\·V*HQHUDO'LVDVWHU3ODQQLQJ Because there are many dependencies, the R/3 disaster recovery process must be integrated with your company’s general disaster planning. This process includes telephone, network, product deliveries, mail, etc.

:KHQWKH56\VWHP5HWXUQV How will the transactions that were handled with the alternate process be entered into R/3 when it is operational?

7HVW\RXU'LVDVWHU5HFRYHU\3URFHGXUH Unless you test your recovery process, you do not know if you can actually recover your system. A test is a simulated disaster recovery which verifies that you can recover the system and exercise every task outlined in the disaster recovery plan. <

Test to find out if: Your disaster recovery procedure works Something changed, was not documented, or updated There are steps that need clarification for others

The information that is clear to the person documenting the procedure may be unclear to the person reading the procedure. Older hardware is no longer available Here, alternate planning is needed. You may have to upgrade your hardware to be compatible with currently available equipment.

Since many factors affect recovery time, actual recovery times can only be determined by testing. Once you have actual times (not guesses or estimates), your disaster planning

System Administration Made Easy

2–15

Chapter 2: Disaster Recovery Other Considerations

becomes more credible. If the procedure is practiced often, when a disaster occurs, everyone will know what to do. This way, the chaos of a disaster will be reduced. +RZ

1. Execute your disaster recovery plan on a backup system or at an offsite location. 2. Generate a random disaster scenario. 3. Execute your disaster plan to see if it handles the scenario. :KHQ

A full disaster recovery should be practiced at least once a year. :KHUH

<

The disaster recovery test should be done at the same site that you expect to recover. If you have multiple recovery sites, perform a test recovery at each site. The equipment, facilities, and configuration may be different at each site. Document all specific items that need to be completed for each site. You do not want to discover that you cannot recover at a site after a disaster occurs.

<

A backup onsite server

< <

Another company site At another company where you have a mutual support agreement

<

A company that provides disaster recovery site and services

:KR6KRXOG3DUWLFLSDWH

<

Primary and backup personnel who will do the job during a real disaster recovery A provision should be made that some of the key personnel are to be unavailable during a disaster recovery. A test procedure might involve randomly picking a name and declare that person unavailable to participate. This procedure duplicates a real situation in which a key person is seriously injured or killed.

<

Personnel at other sites Integrate these people into the test, since they may be needed to perform the recovery during an actual disaster. These people will fill in for unavailable personnel.

2WKHU&RQVLGHUDWLRQV 2WKHU8SVWUHDPRU'RZQVWUHDP$SSOLFDWLRQV For the company to function, other up (or down) stream applications also need to be recovered with R/3. Some of these applications may be tightly associated with R/3. The applications should be accounted for and protected in the company-wide disaster recovery planning.

2–16

Release 4.6 A/B

Chapter 2: Disaster Recovery Minimizing the Chances for a Disaster

Applications located on only one person’s desktop computer must be backed up to a safe location.

%DFNXS6LWHV Having a contract with a disaster recovery site does not guarantee that the site will be available. In a regional disaster, such as an earthquake or flood, many other companies will be competing for the same commercial disaster sites. In this situation, you may not have a site to recover to, if others have booked it before you. The emergency backup site may not have equipment of the same performance level as your production system. Reduced performance and transaction throughput must be considered. Examples: <

A reduced batch schedule of only critical jobs

<

Only essential business tasks will be done while on the recovery system

0LQLPL]LQJWKH&KDQFHVIRUD'LVDVWHU There are many ways to minimize chances for a disaster. Some of these ideas seem obvious, but it is these ideas that are often forgotten.

0LQLPL]H+XPDQ(UURU Many disasters are caused by human error, such as a mistake or a tired operator. Do not attempt dangerous tasks when you are tired. If you have to do a dangerous task, get a second opinion before you start. <

Dangerous tasks should be scripted and checkpoints included to verify the steps. Such tasks include: Deleting the test database

Check that the delete command specifies the Test, not the Production, database. Moving a file

Verify that the target file (to be overwritten) is the old, not the new, file. Formatting a new drive Verify that the drive to be formatted is the new drive, not an existing drive with data on it.

System Administration Made Easy

2–17

Chapter 2: Disaster Recovery Minimizing the Chances for a Disaster

0LQLPL]H6LQJOH3RLQWVRI)DLOXUH A single-point failure is when the failure of one component causes the entire system to fail. To minimize single-point failure: <

Identify conditions where a single-point failure can occur

<

Anticipate what will happen if this component or process fails

<

Eliminate as many of these single points of failure as practical. Practical is defined as the level of work involved or cost compared to the level of risk and failure.

Types of single points of failure include: <

The backup R/3 server is located in the same data center as the production R/3 server. If the data center is destroyed, the backup server is also destroyed.

<

All the R/3 servers are on a single electrical circuit. If the circuit breaker opens, everything on that circuit loses power, and all the servers will crash.

&DVFDGH)DLOXUHV A cascade failure is when one failure triggers additional failures, which increases the complexity of a problem. The recovery involves the coordinated fixing of many problems.

([DPSOH $&DVFDGH)DLOXUH 1. A power failure in the air conditioning system causes an environmental (air conditioning) failure in the server room. 2. Without cooling, the temperature in the server room rises above the equipment’s acceptable operating temperature. 3. The overheating causes a hardware failure in the server. 4. The hardware failure causes a database corruption. In addition, overheating can damage many things, such as: Network equipment Phone system Other servers

The recovery becomes complex because: <

Fixing one problem may uncover other problems or damaged equipment.

<

Certain items cannot be tested or fixed until other equipment is operational.

In this case, a system that monitors the air conditioning system or the temperature in the server room could alert the appropriate employees before the temperature in the server room becomes too hot.

2–18

Release 4.6 A/B

&KDSWHU %DFNXSDQG5HFRYHU\

&RQWHQWV Overview ..................................................................................................................3–2 Restore.....................................................................................................................3–2 Backup .....................................................................................................................3–3 Tape Management.................................................................................................3–13 Performance ..........................................................................................................3–20 Useful SAP Notes..................................................................................................3–24

System Administration Made Easy

3–1

Chapter 3: Backup and Recovery Overview

2YHUYLHZ The most important aspect of a technical implementation is establishing an effective backup and recovery strategy. This process entails a restore of all, or part, of the database after hardware or software errors and a recovery during which the system is updated to a point just before the failure. There are many situations other than disk failures that may require a restore and recovery. Your backup strategy should be as uncomplicated as possible. Complications in backup strategy can create difficult situations during restoration and recovery. Procedures, problem identification, and handling must be well documented so all individuals clearly understand their roles and required tasks. This strategy should also not adversely impact daily business. This chapter discusses backup and restore of your system. The details of a specific database are covered in the database administration chapter(s). The information in this chapter will help you better understand the concepts that enhance your operating environment and access the methods that best suit your needs.

5HVWRUH Usually a restore is done to: <

Recover after a disaster

<

Test your disaster recovery plan

<

Copy your database to another system

(For additional details on the first two items, see chapter 2; and for details on the last item, see chapter 23.) The business requirement for speed in a restore is driven by the need to get the system quickly operational after a disaster. This way, the company can continue to do business.

6WUDWHJ\ Business recovery time is the result of the time needed to: <

Find the problem

<

Repair the damage

<

Restore the database

Factors that affect the chosen restore strategy include:

3–2

< <

Business cost of downtime to recover Operational schedule

<

Global or local users

<

Number of transactions an hour

<

Budget

Release 4.6A/B

Chapter 3: Backup and Recovery Backup

The actual process to restore R/3 and the database will not be covered in this book. This critical task has specific system dependencies, and we leave it to a specialist to teach. If a restore must be done, contact a specialist or your Basis consultant. Work with your DBA or consultant to test and document the restore process for your system. With proper training, you should be able to do the restore. If the restore is not done properly and completely, it could fail and must be restarted, or be missing other files. There may be special data that you must record about your database to recover it. Work with your specialist to identify and document this data. 7HVWLQJ5HFRYHU\ Since the restore procedure is one of the key issues of the R/3 System, database recovery must be regularly maintained and tested. See chapter 2, Disaster Recovery.

%DFNXS Backup is like insurance. You only need a backup if you need to restore your system.

:KDWWR%DFNXSDQG:KHQ There are three categories of files to backup: < Database <

Log files

<

Operating system files

Note; you may need to use different tools to backup all the files. Some tools may only be able to backup one or two of the three categories of files that need to be backed up. Example, using the SAP DBA Calendar DB13 for on Microsoft SQL Server, it can backup the database and the transaction log, but not the operating system files. 'DWDEDVH :KDW

This is the core of the R/3 system and your data. Without the database backup, you cannot recover the system. :KHQ

The frequency of a full database backup determines how many days back in time you must go to begin the restore: <

If a daily full backup is done, you will need yesterday’s full backup. Only logs since yesterday’s backup need to be applied to bring the system current.

<

If a weekly full backup is done, you will need last week’s full backup. All the logs for each day (since the full backup) must now be applied to bring the system current.

System Administration Made Easy

3–3

Chapter 3: Backup and Recovery Backup

A daily full backup reduces the number of logs that need to be applied to bring the database current. This backup reduces the risk of not getting a current database backup because of a “bad” (unusable) log file. If a daily full backup is not done, more logs would need to be applied. This step lengthens the recovery process time and increases the risk of not being able to recover to the current time. A point may be reached when it would take too long to restore the logs, because so many logs need to be applied. For additional safety, we recommend that you do a full monthly database backup in addition to the full daily backups.

([DPSOH:HHNO\%DFNXS A restore from last week’s full backup that was done four days ago.

<

There are 10 logs a day.

<

A total of 40 logs (10 logs per day × 4 days) need to be restored.

<

It takes 120 minutes to restore the log file from tape to disk (40 log x 3 minutes per log).

<

It takes 200 minutes to restore the log files to the database (40 logs x 5 minutes per log).

<

The total time to do the restore, excluding database files, is 320 minutes (5.3 hours).

([DPSOH:HHNO\%DFNXS A restore from last night’s full backup <

There are maximum of 10 logs a day.

<

It takes 30 minutes to restore the log file from tape to disk (10 log x 3 minutes per log).

<

It takes 50 minutes to restore the log files to the database (10 logs x 5 minutes per log). The total time to do the restore, excluding database files, is 80 minutes (1.3 hours).

<

As you can see, the weekly backup takes four times longer to recover than a daily backup.

These examples show that the time it takes to do a log restore depends on how many days back you have to go to get to the last full backup. Increasing the frequency of the full backup (with less days between full backups) reduces the recovery time. Also consider maintaining two backup cycles of the logs on disk to reduce the need to restore these logs from tape.

3–4

Release 4.6A/B

Chapter 3: Backup and Recovery Backup

7UDQVDFWLRQ/RJV :KDW

Transaction logs are critical to the database recovery. These logs contain a record of the changes made to the database, which is used to roll forward (or back) operations. It is critical to have a complete chain of valid log backups. If you have to restore and one log is corrupted, you cannot restore past the corrupt log. Weekly Full Backups If the system crashes on Thursday, a log on Tuesday is corrupt. You can only recover to the last good log on Tuesday. Everything after that is lost. Transaction log is stored in a directory, which must not be allowed to become full. If the transaction log fills the available filespace, the database will stop, and no further processing can be done in the database (and consequently) in R/3. It is important to be proactive and periodically back up the transaction logs. Refer to the chapter specific to your database for more information. :KHQ

The frequency of the log backups is a business decision based on: <

Transaction volume

<

Critical period(s) for the system

<

Amount of data senior management is willing to lose

<

Resources to perform the backups and take them offsite

Also see the examples in the database section above.

If your transaction volume is high, decrease the time interval between log backups. This reduced time interval decreases the amount of data that could be lost in a potential data center disaster. +RZ

To back up transaction logs: 1. Backup the transport log to disk. 2. Copy the backup of the transaction log to an offsite backup file server. This backup file server should ideally be in another building or in another city. A separate location increases the chance that the log files will be preserved if the primary data center (containing the R/3 servers) is destroyed. 3. Back up the backup of the transaction logs on both servers (the R/3 server and the offsite backup file server) to tape each day along with the other operating system-level files.

System Administration Made Easy

3–5

Chapter 3: Backup and Recovery Backup

If you do not have an offsite backup server, back up the transaction log backups to tape after each log backup and immediately send the tape offsite. Do not back up the logs to the tape drive in “append” mode and append multiple backups on the same tape. If a data center disaster occurs, the tape with all these logs will be lost.

2SHUDWLQJ6\VWHP/HYHO)LOHV :KDW

Operating system level files, which must also be backed up, are for: <

Operating environment (for example, system and network configuration)

<

R/3 files Spool files, if stored at the operating system level (system profile: rspo/store_location = G) Change management transport files located in /usr/sap/trans Other R/3 related applications Interface or add-on products, such as those used for EDI or taxes, that store their data or configuration outside the R/3 database.

<

The amount of data is small in relation to the R/3 database. Depending on how your system is used, the above list should only require several hundred megabytes to a few gigabytes of storage. In addition, some of the data could be “static” and may not change for months. :KHQ

The frequency of the operating system level backup depends on the specific application. If these application files must be kept in sync with the R/3 System, they must be backed up at the same frequency as the log backup files. An example of this situation is a tax program that stores its sales tax data in files external to the R/3 database. These files must be in sync with the sales orders in the system. A simple and fast method to back up operating system files is to copy all data file directories to disk on a second server; from the second server, you can back up those files to tape. This process minimizes file downtime. Use the sample schedule below to determine your backup frequency:

%DFNXS7\SHV Backup types is like a three-dimension matrix, where any combination can be used:

3–6

<

What is backed up: full database vs incremental of the logs

<

How the backup taken: online vs offline

<

When the backup is made: scheduled vs nonscheduled (ad-hoc)

Release 4.6A/B

Chapter 3: Backup and Recovery Backup

:KDW,V%DFNHG8S <

Full database backup A backup of the entire database. Advantages: The entire database is backed up at once, making the restore of the database easier and faster. There are less logs that need to be applied to bring the restored database current. Disadvantages: Takes longer to run than an incremental log backup. Because of the longer backup window there is more impact on the users while the backup is running.

<

Incremental backup of the transaction logs A backup of the transaction logs. A full database backup is still required on a periodic basis. The usual arrangement is; a full backup on the weekend and incremental backups during the week. Advantages: Much faster than a full database backup. Because of the smaller backup window, there is less impact to the users. Disadvantages: A full backup is needed, as a starting point to restore the database. To restore the database takes significantly longer and is more complicated than restoring a full backup. The last full database backup must be restored, then all log backups since the full backup. This can be many logs if for example the system crashed on Friday, then the logs from Monday through Friday have to be applied. If one log cannot be restored, all the logs after that point cannot be restored. Differential backup

<

Depending on your database and operating system, you may (or may not) have a third option. A differential backup is a backup of only what has changed since the last full backup. A full database backup is still required on a periodic basis. The usual arrangement is; a full backup on the weekend and differential backups during the week. Differential backup is not supported from within R/3 using DB13, you must use other tools to perform a differential backup. Microsoft SQL Server; to do a differential backup you must execute the differential backup using Microsoft SQL Server tools. Advantages: The exposure to a corrupt log backup is reduced. Each differential backup is backing up all the changes to the database since the last full backup. Disadvantages: Like the incremental log backup, a full backup is needed as the starting point.

System Administration Made Easy

3–7

Chapter 3: Backup and Recovery Backup

The backup window for a differential is longer than a transaction log backup. It starts as being short (just after the full backup) and gets longer as more data is changed.

+RZWKH%DFNXS,V7DNHQ <

Offline An offline backup is taken with the database and R/3 System down. Advantages: An offline backup is faster than an online backup. During the backup, there is no issue with data changing in the database. If the files are backed up at the same time, the related operating system files will be in sync with the R/3 database. Disadvantages: R/3 is unavailable during an offline backup. Buffers for R/3 and the database are flushed. This process will impact performance until the buffers are populated.

<

Online An online backup is taken with the database and R/3 running. Advantages: R/3 is available to users during a backup. This is needed where the system is running and used 24 hours a day and seven days a week. The buffers are not flushed. Since buffers are not flushed, once the backup is complete, there is no impact on performance. Disadvantages: An online backup is slower than an offline backup (a longer backup time). Backup time is increased because processes such as R/3 are running and competing for system resources. Online performance is degraded while the backup is running. Data may change in the database while it is being backed up. Therefore, the transaction logs become critical to a successful recovery. Related operating system level files may be out of sync with the R/3 database. If you are using online backups, the transaction logs are critical to successfully recovering the database.

3–8

Release 4.6A/B

Chapter 3: Backup and Recovery Backup

:KHQWKH%DFNXS,V0DGH <

Scheduled Scheduled backups are those that are run on a regular schedule, such as daily or weekly. For normal operations, configure a scheduled backup. Automated backups should use the DBA Planning Calendar (transaction DB13). This calendar provides the ability to set up and review backup cycles. It also has the ability to process essential database checks and update statistics. You can also set up CCMS to process the backup of transaction logs. Depending on the operating platform, backups and other processes configured here can be viewed in the Batch Processing Monitors (transaction SM37). In general, the status of the backups can be viewed using Backup Logs overview (transaction DB12).

<

On-demand On-demand backup is done on an ad hoc basis. It is done before a major change to the system, such as for an R/3 upgrade. Backups that are controlled directly by an operator, or on-demand, can be performed either by the DBA Planning Calendar (transaction DB13), at the database, or at operating system level. Although the DBA Planning Calendar can schedule backups for periodic use, it can also be used to perform an immediate backup. For an on-demand backup, it is more common to use tools at the database level such as Enterprise Manager (Microsoft SQL Server) or SAPDBA (Oracle and Informix).

Regardless of the chosen backup method, you should achieve the following goals: <

Provide a reliable backup that can be restored.

<

Keep the backup simple.

<

Reduce the number of dependencies required for operation.

<

Provide the above items with little or no impact to business units.

%DFNXS6WUDWHJ\'HVLJQ SAP provides tools under CCMS-DB Administration in R/3 to assist in implementing your strategy. The DBA Planning Calendar (transaction DB13) is designed for scheduling backups. The other tool, the CCMS Monitoring tool (transaction DB12), provides historical information to review backup statistics and tape management information. At the operating system or database level, there are additional tools you can use to administer backup and restores. These tools include SQL Enterprise Manager (Microsoft SQL Server) and SAPDBA (Oracle and Informix). To design your backup procedures: 1. Determine the recovery requirements based on an acceptable outage. It is difficult to define the concept of acceptable outage, because “acceptable” is subjective and will vary from company to company. The cost of what is an outage includes productivity loss, time, money, etc. spent on recovery. This cost should be evaluated in a manner similar to insurance. (The more coverage you want, the more the

System Administration Made Easy

3–9

Chapter 3: Backup and Recovery Backup

insurance will cost.) Therefore, the faster the recovery time requirements, the more expensive the solution. 2. Determine what hardware, software and process combinations can deliver the desired solution. Review the section on performance to decide which method is best. Follow the “Keep It Simple” (KISS) rule, but more importantly, make sure your method is reliable. 3. Test your backup procedures by implementing the hardware and reviewing the actual run times and test results. Ensure that you get results from all types of backup that could be used in your environment, not just the ones you think might be used. This information will aid further evaluation and capacity planning decisions and provide useful comparison information as needed. 4. Test your recovery procedures by creating various failure situations. Document all aspects of the recovery including the process, who should perform various tasks, who should be notified, etc. Remember that a recovery will be needed when you least expect it so be prepared. Testing is not a one-time event. It should occur regularly, with additional tests as hardware or software components change. 6XSSOHPHQWDU\%DFNXSV Supplementary backups are made on special days (month-end, year-end), so that you can restore the database to a previous state.

*HQHUDO3URFHGXUHV %DFNXS The unattended backup is performed based on the backup frequency table. The scheduling functionality of the R/3 CCMS is used to schedule the backup. In CCMS, the required tapes can be listed by choosing theVolumes Needed button on the backup scheduling screen. Extra backups, such as the monthly and yearly backup, should be performed offline. 7UDQVDFWLRQ/RJ%DFNXS If transaction log backup is performed during normal system operation, there is no user impact. You can also find the tapes needed by choosing Volumes Needed. No special archiving is required for offline backup. (Since the backup is performed offline, the database remains in a consistent state.) 9HULI\LQJ%DFNXSV Backups must be verified following a regular schedule. Transaction DB13 and other backup utilities provide buttons such as Verify Backup to perform this task. Unless the backup is verified, you will not know that you have properly backed up everything onto tape.

3–10

Release 4.6A/B

Chapter 3: Backup and Recovery Backup

([DPSOH A backup of several files was done, but the “append” switch was not properly set for second and later files. Consequently, rather than appending the files one after the other, for each file, the tape was rewound and the backed up. The end result was that only the last backed up file was on the tape.

File verify has to be done after all files have been backed up. If it was done after each file, it would not detect that the previous file was erased. 0RQLWRULQJ&RQWUROOLQJ For each system, after backing up the database and finishing the archives, all logs must be printed and placed in the folder. 'DWDEDVH,QWHJULW\ An integrity check of the database must be performed in one retention period to ensure that no corrupted blocks exist in the database. These blocks may go unrecognized during backup (see the chapter written for your database for more information). To avoid backing up a hidden, inconsistent database, the database must be checked at least once during a retention period. System

Frequency of DB Checks

DEV QAS PRD

Every 2 weeks Every 2 weeks Every week

5ROHVDQG5HVSRQVLELOLWLHV Task

Role

Backup Database Backup Archives Verifying Backups Monitoring/Controlling Database check

Operator Operator Operator/DBA Operator/DBA DBA

System Administration Made Easy

3–11

Chapter 3: Backup and Recovery Backup

'HVLJQ5HFRPPHQGDWLRQV <

Database Assuming the size of your database and backup window permits it, we recommend a full database backup be taken every day. For databases that are too large for daily full database backup, a full backup should be taken weekly.

<

Transaction Logs Backing up the transaction logs is critical. If the filespace is used up, the database will stop, which stops R/3. Between 6:00 a.m. and 9:00 p.m., we recommend that you back up these logs at least every three hours. A company with high transaction volume carries higher risk and would increase the frequency accordingly, perhaps to every hour. Similarly, if you have a Shipping department that opens at 3:00 a.m. and a Finance department that closes at 10:00 p.m., you would need to extend the start and end times.

<

Operating System Level Files The frequency of the operating system level backup depends on the application. If these files must be kept in sync with R/3, they must be backed up with the same frequency and at the same time as the database and log backups. An option for a non-sync-critical situation is to back up these operating system level files once a day.

$6WUDWHJ\&KHFNOLVW It is important to set up a proper procedure to back up the valuable system information. Procedures should be defined as early as possible to prevent possible data loss. Resolve the following list of backup issues before you go live: <

Decide how often to perform complete database backups

<

Decide whether partial or differential backups are necessary

<

Decide when to perform transaction log backups

<

Have the ability to save a day’s worth of logs on the server.

<

Provide ample disk space for the transaction log directory

<

Consider using DBA Planning Calendar (DB13) to schedule transaction log backups

<

Set the appropriate R/3, operating system, and database authorizations

<

Create a volume labeling scheme to ensure smooth operations

<

Decide on a backup retention period

<

Determine tape pool size (tapes needed per day × retention + 20 percent) Allow for growth and special needs.

<

Initialize tapes

<

Determine physical tape storage strategy

<

Decide whether to use unattended operations If using unattended operations, decide where (in CCMS or elsewhere).

3–12

<

Document backup procedures in operations manual

<

Train operators in backup procedures

Release 4.6A/B

Chapter 3: Backup and Recovery Tape Management

<

Implement a backup strategy

<

Perform a test restore and recovery

<

Define an emergency plan and determine who to contact in case of an emergency

%DFNXS3URFHGXUHVDQG3ROLFLHV Backup policies and procedures should be defined as early as possible to prepare for potential data loss during an implementation. Some examples of policies and procedures are included below: <

System Environment In the three-system landscape, CCMS backs up and restores the software components. (In the three-system landscape in this guidebook, DEV is a development system, QAS is a quality assurance system, and PRD is a production system.)

<

Hardware Components The hardware listed in the table below is to backup and restore the database and transaction logs: System Name

Backup Hardware

DEV QAS PRD

1 x DLT 7000 35/70 GB, 1 DDS-3 12/24 1 x DLT 7000 35/70 GB, 1 DDS-3 12/24 2 x DLT 7000 35/70 GB, 2 DDS-3 12/24

7DSH0DQDJHPHQW 7UDFNLQJDQG'RFXPHQWLQJ To easily retrieve tapes from storage, you need to track and document them. The issues are: <

Labeling

<

Tracking

<

Handling

<

Retention requirement

/DEHOLQJ Tapes should be clearly labeled using one of many labeling methods. Three simple methods are described in the examples below. Two of these methods are used by R/3 and are important if you use DB13 to schedule your backups. Third-party backup management software may assign their own tracking number for the labels. In this case, you must use the label specified by the software.

System Administration Made Easy

3–13

Chapter 3: Backup and Recovery Tape Management

([DPSOH This five-character naming convention is used by DB13 on Microsoft SQL Server 7.0. (see SAP note 141118). Microsoft SQL server 6.5 had a different naming convention. Each label has the following data: <

What is backed up: R = R/3 database or transaction log M = msdb database S = master database C = combination

<

Type of backup: L = transaction log D = database F = file G = file group + = differential

<

Day of the month (01-31)

<

Parallel or Sequential backup (P or S)

RD06S

Sample Label:

R (R/3) + D (database) + 06 (6th day of the month) + S (sequential)

([DPSOH This six-character naming convention is used by SAPDBA and BRBACKUP (Oracle). Each label has the following data: <

System ID <SID>

<

What is backed up B = database A = log O = operating system files

<

Sequence number of the tape

(This number is a sequential tape number, starting from 1 and is unrelated to the date.) Sample Label:

PRDB25 PRD (Production db) + B (Brbackup/Database) + 25 (tape number 25)

3–14

Release 4.6A/B

Chapter 3: Backup and Recovery Tape Management

([DPSOH This method is more visual, where the length of the label name is less of a limitation. Each label has the following data: <

System ID <SID>

<

What is backed up db = database tl = transaction log os = operating system files

<

Day of the month

<

Multiple tape indicator for a single day (can be omitted if only one tape is used) Sample Label:

PRD-db-06-a PRD (Production database) + db (database) + 06 (6th day of the month) + a (tape “a”, the first tape)

If DB13 is not used, for all of above naming conventions, additional codes can be used to indicate additional types of files that are backed up. In addition to the naming schemes, use a different color label for each system. A color scheme is one more indicator to help identify the tape and reduce confusion. An example of a color scheme is: <

PRD = orange

< <

QAS = green DEV = white

7UDFNLQJ Tapes should be logged to track where they are stored, so you can locate them when you need them. In addition to tracking and documenting tapes when tape locations change, tapes should be tracked and documented when they are: <

Used

<

Sent to offsite storage

<

Returned from offsite storage

<

Moved to a new location

To help you track and retrieve the offsite backup, log the: <

Date of backup

<

Database

<

Tape number

System Administration Made Easy

3–15

Chapter 3: Backup and Recovery Tape Management

<

<

Tape storage company’s number Some storage companies label the cartridges with their own tracking label, so that they can track them internally to their system and facility. OS level backup tape number

<

Date sent offsite

<

Date returned

The table below is an example: Date

Volume Label

Purpose

7/15/98

PRDB01

7/15/98

PRDO23

Notes

Storage Company Label

Out

Back

Database

X7563

7/15/98

7/30/98

Operating Sys

X7564

7/15/98

8/15/98

+DQGOLQJ When you transport tape cartridges, carry them in a protected box to minimize damage and potential data loss if they are accidentally dropped. The box should have foam cutouts for each tape cartridge you use. For a small company, an ideal tape collection device is a small or medium-sized plastic tool box with a foam insert that has cutouts for each tape cartridge. Plastic is used because it is nonmagnetic. We recommend that you use two boxes. One box should collect the tapes to be sent offsite, and a second box should contain the new backup tapes. The second box should be empty when you finish changing tapes. When changing tapes, to avoid confusion: < Handle one tape cartridge at a time < Follow the same procedure each time To change tapes: 1. Remove the tape cartridge from the tape drive. 2. Insert it in the collection box. 3. Remove the next tape. 4. After all tapes have been removed, insert the new tapes in the drive in the same manner. If you are using preinitialized tapes, you must use the correct tape for that day, or the backup program will reject the tape. The backup program reads the tape header for the

3–16

Release 4.6A/B

Chapter 3: Backup and Recovery Tape Management

initialization information (which includes the tape label name) and compares it to the next label in the sequence. Keep track which tape cartridges: <

Have been used

<

Are to be sent offsite

<

Are to be loaded in the drives

It is easy to accidentally put the wrong tape cartridge in a drive and destroy the recent backup or cause the next backup to fail. When you initialize a tape, some programs write an expiration date on the tape. The tape cannot be overwritten by that same program before the expiration date. However, it might be overwritten by another program that ignores the tape header. The next section discusses the importance of retention requirements.

5HWHQWLRQ5HTXLUHPHQWV There are legal requirements that determine data retention. Check with your company’s legal department on complying with federal, state, and local data retention requirements. Complying with these requirements should be discussed with your legal and finance departments, external auditors, and consultants. The retention requirement should then be documented. The practical side of data retention is that you may be unable to realistically restore an old backup. If the operating system, database, and the R/3 System have each been upgraded twice since the backup, it is unlikely that the backup can be restored without excessive cost—if at all. Retention is related to your backup cycle. It is important to have several generations of full backups and all their logs because: <

If the database is corrupted, you will have to return to the last full backup before the database corruption.

<

If the last full backup is corrupted, you will have to return to the previous full backup before the corruption or disaster and roll forward using the backup of the logs from that backup until the corruption. How far back you go depends on the level of corruption.

<

Since R/3 is an online real-time system, to recover the database from a full database backup, you must apply all the logs since that backup. If this is a significant amount of time, the number of logs could be tremendous. Therefore, the number of logs you may need to apply is a practical constraint to how far back you can recover.

System Administration Made Easy

3–17

Chapter 3: Backup and Recovery Tape Management

5HFRPPHQGDWLRQV <

If a full database backup is taken each day, we recommend that you keep at least two weeks of backups and all the logs for these weeks.

<

If a full database backup is taken weekly, you should go back at least three generations.

<

The traditional three generations of backup are: Grandfather Father Son Store selected backup sets (month-end, quarter-end, year-end, etc.) for extended periods, as defined by your legal department and auditors.

Tape Retention Period Even if one tape (backup/archive) is damaged or lost, the tape retention period assures the ability to recover the database. System Name

Regular Backup

DEV QAS PRD

14 days 14 days 31 days

Month-End Backup

24 months

Quarter-End Backup

2 years

Year-End Backup

4 years

Archives 31 days 31 days 31 days

System administrators cannot determine tape retention periods on their own. To determine the retention period, administrators must consult the departments that are impacted, such as accounting and legal. There is room for some negotiation, but the administrator must comply with the final decision. As a policy, this decision must be written down.

6WRUDJH 2IIVLWH :KDW

The offsite storage site is a separate facility (building or campus) from the R/3 data center. :K\

An offsite storage safeguards the backups if your facility is destroyed. :KHUH

The magnitude of the disaster will determine what is considered adequate protection: <

Sending tapes to a separate location in the building or another building in the campus will be sufficient. If the disaster is confined to the building where the data center is located.

3–18

Release 4.6A/B

Chapter 3: Backup and Recovery Tape Management

<

If the disaster is local or regional (for example, a flood or earthquake) adequate protection means sending tapes to a distant location several hundred miles away.

Offsite data storage can be at a separate company facility or a commercial data storage company. The offsite data storage facility or vendor should have a certified data storage site. Data tapes have different handling and storage requirements than paper.

Once the backup is complete, send the tapes offsite immediately. If there is a data center disaster and the backup tapes are destroyed, you can only recover to the last full backup that you have offsite. For log backups, it is critical to send the tapes offsite immediately. If not, everything since this backup is lost. 2QVLWH :KDW

Onsite storage means storing your data in the same facility as your data center. +RZ

Tape cartridges should be properly stored, following the tape manufacturer’s storage requirements. The most difficult requirement to comply with is magnetic fields. The problem is determining if there is a strong magnetic field near the tape storage location. A vacuum cleaner motor or a large electric motor on the opposite side of the wall from where the data tapes are stored can generate a magnetic field strong enough to damage tapes. When storing tape cartridges, keep all related tape cartridges together. All the tapes used in a daily backup should be considered as a set, comprising backups for: <

Database

<

Logs

<

Operating system files

Tapes and files in a set need to be restored as a set. For example, if operating system files are not restored with database and log files, the operating system files will not be in sync with the database and critical information will be missing.

System Administration Made Easy

3–19

Chapter 3: Backup and Recovery Performance

3HUIRUPDQFH The most important performance target is the time required to restore the database. This determines how long the R/3 system will be down and not available for use. With R/3 down, certain company operations may not occur. Backup performance is important, especially if the system is global or used 24 hours a day. When doing a backup, it is important to minimize the impact on users. The key is to reduce backup time, which in turn reduces the impact on the users. To increase performance: 1. Identify the bottleneck or device that is limiting the throughput. 2. Eliminate the bottleneck. Repeat steps 1 and 2 until the performance is adequate or the additional cost is no longer justified. This iterative process is subject to cost considerations. Additional performance can always be purchased, which is almost always a business cost justification exercise.

%DFNXS All of the backup performance items that follow also apply to restoring the database. There are three major variables that affect performance: <

Database size

<

The larger the database, the longer it will take to back up. Backup window The backup window is the time allocated for you to take the regular backups of the system. This window is driven by the need to minimize the impact on users. An online backup The backup window for this backup type is defined as the time when there are the fewest users on the system and is usually done early in the morning. An offline backup The backup window for this backup type is defined by when and for how long R/3 can be brought down and is usually done during the weekend.

<

3–20

Hardware throughput This variable limits how fast the backup can run and is defined by the slowest link in the backup chain such as: Database drive array I/O channel that is used Tape drive

Release 4.6A/B

Chapter 3: Backup and Recovery Performance

%DFNXS2SWLRQV Our backup options assume that the backup device is local to the database server. A backup performed over a network will be affected by network topology, overhead, and traffic. Rarely is the full capacity of the network available. If a backup is done over the network, it will decrease performance for other network users. Although technically possible, performing a backup over a network is beyond the scope of this guidebook. %DFN8SWR)DVWHU'HYLFHV All of the backup options attempt to eliminate the bottleneck at the backup device. The backup device, usually a tape drive, is the throughput-limiting device. The table below contains capacity and throughput values to help you plan tape drive selection: Type

Capacity (GB)

Rate (GB/hr)

(native/compressed)

(native/compressed)

DAT (DDS-2)

4 / 6.8

1.8 / 3.1

DAT (DDS-3)

12 / 20.4

3.6 / 6.1

DLT 4000

20 / 34

5.4 / 9.2

DLT 7000

35 / 60

18 / 30.6

DLT 8000

40/68

21.6/36.7

The compressed capacity values in this table assume the use of hardware compression and use a more conservative 1.7x ratio, as opposed to the typical 2x compression ratio. The actual compression ratio and rate depends on the nature of the file and how much it can be compressed. A 20 GB database with only 9 GB of data will only require 9 GB of tape space. As the volume of data in the database increases, so will the tape space requirement. However, if you are backing up at the operating system level, the entire file is being backed up. Therefore, you will need to provide tape space for the entire 20 GB database. As technology advances, and the capacity and throughput of tape drives increases, these values will become obsolete. We recommend that you investigate what is currently available at the time of your purchase. Advantages: Faster and larger capacity tape drives allow you to back up an entire database on a single tape cartridge in a reasonable period of time (for example, a two-hour backup of a 60 GB database to a DLT7000).

System Administration Made Easy

3–21

Chapter 3: Backup and Recovery Performance

Disadvantages: < A backup to a single tape drive is the slowest option. <

Unless an automated changer or library is used, without manually changing the cartridge, you are limited to the maximum capacity of the tape cartridge.

Not all databases and backup tools support tape changers or libraries; make certain that these tools are compatible before purchasing them. For example, SAPDBA supports tape changers, but Microsoft SQL Server Enterprise Manager and NT Backup do not. 3DUDOOHO%DFNXS Backing up to multiple tape drives uses a RAID-0 (stripe) array, in which several tape drives are written to in parallel. In certain environments, like Oracle, individual tablespaces or files are simultaneously backed up to separate tape drives. Because you are writing to multiple tape drives in parallel, total performance is significantly faster than if you were using a single tape drive. With sufficient tape drives in parallel, the bottleneck can be shifted from the tape drives to another component. You must consider the performance of each subsystem when using tape drives in parallel. This subsystem includes the tape drive(s), controller(s), CPU, and I/O bus. In many configurations, a controller or bus is the limiting factor. To restore a parallel backup, all the tapes in the set must be readable. If one tape is bad, the entire backup set will not be usable. The more tapes you have in a set, the greater the chance that one tape will be bad. %DFNLQJ8SWR'LVNV7KHQWR7DSH Advantages: < For the database, this option is the fastest. Under most situations, you can back up to disk faster than to tape. <

This option allows you to make several identical backup copies (for example, one for onsite storage and one for offsite storage).

<

Once the backup has been made to disk, R/3 System performance is minimally affected. Because the tape backup is made from the disk copy, and not the live database, the backup to tape is not competing with database activity for significant system resources.

<

During an onsite disaster recovery to the same equipment, the recovery can be done from the on-disk backup.

Disadvantages: < Significant additional disk space, up to the same amount of space as the database, is required. This additional space makes this option the most expensive, especially for a large database. <

3–22

Until the backup to tape is completed, you are vulnerable to a data center disaster.

Release 4.6A/B

Chapter 3: Backup and Recovery Performance

<

In a major disaster recovery, you have to first restore the files to disk, then execute the database recovery from the files on disk. This process increases the time to recover the system.

There are other options available for a faster backup, such as the various High Availability options, but these options are beyond the scope of this guidebook.

5HFRYHU\ The performance requirement for a recovery is more critical than for backup. Recovery performance determines how quickly the system will be available for use and how soon business can continue. The goal is to restore the database and related files to make the system quickly available for general use. The longer this restore takes, the greater the impact on your business.

5HVWRUH2SWLRQV To increase database restore performance, all of the above database backup options are valid. The option also exists to restore to a faster disk array with a higher data-write throughput. There are different ways to restore to a faster disk array: <

Dedicated drives In conjunction with parallel backups, restoring files and tablespaces to individually dedicated disk drives makes the process faster. Because at any one time, only one tablespace or file is written to the drive, you do not have head contention writing another tablespace to the same drive.

<

RAID type Mirrored stripe (RAID 0+1) is faster than RAID5, but this speed depends on the specific hardware. In most cases, the task of computing the parity data for the parity drive (RAID5) takes more time than it would to write all the data twice (RAID 0+1). This option is expensive because the usable capacity is 50 percent of the total raw capacity— significantly less than RAID5: RAID 0+1 = [single_drive_capacity × (number_of_drives/2)] RAID5 = [single_drive_capacity × (number of drives – 1)]

<

Drives with faster write performance

<

Drive array “system” with faster write performance

System Administration Made Easy

3–23

Chapter 3: Backup and Recovery Useful SAP Notes

8VHIXO6$31RWHV SAPNet – R/3 Frontend Note #

Description

0LFURVRIW64/6HUYHU

141118

New Scheduling calendar in the CCMS (DB13) SQL Server 7

102467

Online documentation for SQL Server with SAP

50990

DB-Backup/Restore of Microsoft SQL Server

142731

DBCC checks for SQL Server 7

28667

Microsoft SQL Specific Profile Parameters

128126

Database Connect for external tools

111372

Standby Database for Microsoft SQL 7.0

126808

Configuration Parameter for Microsoft SQL 7.0 2UDFOH

68059

SAPDBA - option -next with tablespace list

43499

All collective notes concerning DBA Tools

43491

Collective note: SAPDBA – Command line options

43486

Collective note: General SAPDBA

43484

Collective note: General DBA

42293

SAPDBA - new command line option –analyze

34432

ORA-00020: max number of processes exceeded

31073

SAPDBA - new command lines -next, -analyze

21568

SAPDBA: Warning: only one member of online redo

16513

File system is full—what do I do?

15465

SAPDBA - shrinking a tablespace

04754

Buffer synchronization in centralized systems

03807

Tablespace PSAPROLL, rollback segments too small

02425

Function of tablespaces/DBspaces on the database

01042

ORACLE TWO_TASK connect failed

3–24

Release 4.6A/B

&KDSWHU 6FKHGXOHG'DLO\7DVNV

&RQWHQWV Overview ..................................................................................................................4–2 Critical Tasks...........................................................................................................4–3 The R/3 System .......................................................................................................4–4 Database ..................................................................................................................4–6 Operating System ...................................................................................................4–6 Other.........................................................................................................................4–7 Notes ........................................................................................................................4–7 The R/3 System .......................................................................................................4–8 Critical Tasks...........................................................................................................4–9

System Administration Made Easy

4–1

Chapter 4: Scheduled Daily Tasks Overview

2YHUYLHZ We have provided sample checklists that you may use and modify depending upon your specific needs. The checklists provided for your convenience include: < Critical tasks

4–2

<

R/3 System

<

Database

<

Operating system

<

Other

<

Notes

Release 4.6A/B

Chapter 4: Scheduled Daily Tasks Critical Tasks

&ULWLFDO7DVNV System: __________ Date: ____/____/____ Admin: _____________________ Task

Transaction

Chapter Procedure

Check that the R/3 System is up. Check that daily backups executed without errors.

Check off/Initial

Log onto the R/3 System DB12 – Backup Logs: Overview

13

Check database backup. Database backup run time. Check operating system level backup Operating system backup run time.

System Administration Made Easy

4–3

Chapter 4: Scheduled Daily Tasks The R/3 System

7KH56\VWHP Task

Transaction

Chapter

Procedure

Check that all application servers are up.

SM51 – SAP Servers

16 & 10

Check that all servers are up.

Check the CCMS alert monitor (4.0+).

RZ20 – CCMS Monitor (4.0)

10

Check work processes (started from SM51).

SM50 – Process Overview

Look for any failed updates (update terminates).

SM13 – Update Records

16 & 10

10

Check off/Initial

Look for alerts.

All work processes with a “running” or a “waiting” status < Set date to one year ago < Enter * in the user ID < Set to “all” updates Check for lines with “Err.”

Check system log.

SM21 – System Log

10

Set date and time to before the last log review. Check for: < Errors < Warnings < Security messages < Abends < Database problems < Any other different event

Review for cancelled jobs.

Check for “old” locks.

4–4

SM37 – Select Background jobs

16

SM12 – Lock entry list.

10

Enter an asterisk (*) in User ID. Verify that all critical jobs were successful. Enter an asterisk (*) for the user ID.

Release 4.6A/B

Chapter 4: Scheduled Daily Tasks The R/3 System

Task

Transaction

Chapter

Procedure

Check off/Initial

Check for entries for prior days. Check for users on the system.

SMO4 – Users

10

Review for an unknown or different user ID and terminal. This task should be done several times a day.

AL08 - Users

Check for spool problems.

SP01 – Spool: Request Screen

14

Look for spool jobs that have been “in process” for over an hour.

Check job log.

SM35 – Batch input: Initial Screen

16

Check for:

Check work processes.

SM50/SM51 Processes

16 & 10

Review and resolve dumps.

ST22 – ABAP Dump Analysis

10

Review workload statistics.

STO3 – Workload: Analysis of <SID>

19

Review buffer statistics.

ST02 – Tune Summary

19

System Administration Made Easy

< New jobs < Incorrect jobs

Look for an excessive number of dumps. Look for dumps of an unusual nature.

Look for swaps.

4–5

Chapter 4: Scheduled Daily Tasks Database

'DWDEDVH Task

Where

Review error log for problems.

AL02 – Database (DB) alert ST04 – DB Performance Analysis

Chapter Procedure

Check off/Initial

13

2SHUDWLQJ6\VWHP Task

Transaction

Chapter

Review system logs for problems.

AL16 – OS Alerts

15

OS06 – OS Monitor

15

Review operating system log

NT system log

15

Look for any errors or failures.

NT system log

15

Check for failed logon attempts to the SAP servers.

NT application log

15

Look for errors or failures.

Review NT system logs for problems.

4–6

Procedure

Check off/Initial

Release 4.6A/B

Chapter 4: Scheduled Daily Tasks Other

2WKHU Task

Where

Chapter

Check the uninterruptible power supply (UPS).

UPS program log

15

Procedure

Check off/Initial

Review for: < Events < UPS self test < Errors

1RWHV Problems

Action

Resolution

System Administration Made Easy

4–7

Chapter 4: Scheduled Daily Tasks The R/3 System

System: __________ Date: ____/____/____ Admin: _____________________

7KH56\VWHP These tasks are done several times a day. Task

Transaction

Look for any failed updates (update terminates).

SM13 – Update Records

Chapter 10

Procedure

Check off/Initial

< Set date to one year ago < Enter * in the user ID < Set to “all” updates Check for lines with “Err.”

Check System Log

SM21- System Log

10

Set date and time to before the last log review. Check for: < Errors < Warnings < Security messages < Abends < Database problems Any other different event

Review for cancelled and critical jobs

SM37 – Select Background jobs

16

Enter * in User ID Verify that all critical jobs were successful. Review any cancelled jobs.

Check users on system

RZ01 – Graphical job monitor

16

Same as for SM37.

SM04 – Users

10

Review for an unknown or different user ID and terminal. This task should be done several times a day.

AL08 – Users

4–8

Release 4.6A/B

Chapter 4: Scheduled Daily Tasks Critical Tasks

&ULWLFDO7DVNV There are a few critical tasks that should be completed every morning. These tasks answer the following questions: < Is the R/3 System running? <

Did the backups execute and complete successfully?

If the answer to either question is “no,” then the situation must be resolved quickly because: <

If the R/3 System is down, no work can be done.

<

If the backups failed, and a disaster occurs, you could lose all the data since your most recent good backup.

9HULI\WKDW5,V5XQQLQJ Your first task of the day is to perform a high-level check to see if the R/3 System is running. :K\

If the system is not running, your users will be calling to find out what happened and when the system will be up again. As a basic level check, if you can connect to the R/3 System, the following questions are answered: <

Is the R/3 System working?

<

Is the network between you and the R/3 System working?

+RZ

From a workstation, log on with the SAP GUI. If you can log on, the test is successful.

9HULI\WKDWWKH%DFNXSV5DQ6XFFHVVIXOO\ :KDW

You need to verify that the backups that were supposed to run last night, ran successfully. Backups of the R/3 database and related nondatabase operating system level files are essential to recover the R/3 System. Types of nondatabase files include: <

Database log dumps

<

Data files for third-party applications that do not store their data in the system Examples of such files are external tax files.

<

Transport files

<

Inbound and outbound interface files

<

Externally stored print files

System Administration Made Easy

4–9

Chapter 4: Scheduled Daily Tasks Critical Tasks

:K\

If there is a problem with any of the backups, the problem needs to be quickly resolved. If a database failure occurs that requires a restore, and the last backup failed, you will have to recover using the last successful backup. If you do not have a good (usable) backup, you will have to go to an older backup. This process requires applying more logs the further back you go and increases the time required to restore the database and bring it current. Once the problem has been fixed, if it does not significantly impact performance, execute an online backup. Even if it impacts performance, your company may make it policy to run the online backup. This step gives you a more recent backup. At the operating system level, some of these files may need to be in sync with the R/3 database. Restoring the R/3 System without these files results in an incomplete (unusable) restore (for example, external tax files that need to be in sync with the system data or the tax systems reports will not match the R/3 reports). :KHQ

These critical tasks need to be done first thing in the morning. If there is a “graveyard” operations shift, the backup check should be done once the backup job is complete. The “graveyard” shift is the third shift of the day and is typically from 10:00 p.m. to 7:00 a.m. Any failed backup must be immediately investigated and resolved. Do not maintain a “we will just run the backup again tonight and see if it works” attitude. If that backup fails, you have another day without a backup. In chapters 4–8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist.

8VHUV7UDQVDFWLRQ$/ :KDW

This transaction displays all the users who are currently logged on to the system. It shows both the user’s ID and terminal name. :K\

In a smaller company, the administrator can recognize user IDs logged on to unfamiliar terminals. This step may indicate that someone—other than the designated user—is using that user ID. A user is logged on to more than one terminal may indicate that the user ID is being used or shared by more than one person.

4–10

Release 4.6A/B

Chapter 4: Scheduled Daily Tasks Critical Tasks

260RQLWRU7UDQVDFWLRQ26 :KDW

The system logs are where the operating system and some applications write event records. Depending on the operating system, there may be multiple logs. :K\

There may be indications of a developing problem (for example, a hard drive generating errors or a failing drive that needs to be replaced).

6HOHFW%DFNJURXQG-REV*UDSKLFDO-RE0RQLWRU7UDQVDFWLRQ 605= :KDW

Background jobs are batch jobs scheduled to run at specific times during the day. :K\

If you are running critical jobs, you need to know if the job failed, because there may be other processes, activities, or tasks that are dependent on these jobs.

&&06$OHUW0RQLWRU7UDQVDFWLRQ5= :KDW

Transaction RZ20 is a centralized alert monitor and is new with Release 4.0. With this transaction, you can monitor the servers in your landscape, such as development, QA, testing, production, etc. You no longer have to individually log into each system to search for alerts. If there is an alert, the monitor will link to many of the other transactions later in this chapter. :K\

An alert indicates a potentially serious problem that should be quickly resolved. If not contained, these problems could degenerate into a disaster.

8VHUV7UDQVDFWLRQV60 :KDW

These transactions display all the users who are currently logged on to the system and show the user’s ID and terminal name. :K\

In a smaller company, the administrator can recognize user IDs logged on to “unfamiliar” terminals, indicating that someone—other than the designated user—is using that user ID.

System Administration Made Easy

4–11

Chapter 4: Scheduled Daily Tasks Critical Tasks

A user logged on to more than one terminal indicates that the user ID is being: <

Used by someone else

<

Used or shared by several people

/RFN(QWU\/LVW7UDQVDFWLRQ60 :KDW

A lock is a mechanism that prevents other users from changing the record on which you are working. An example that illustrates the importance of using this function follows.

([DPSOH You are changing a customer mailing address. Someone else is changing the customer’s telephone number at the same time. You save your change first; then the other person saves their change. The other person’s change overwrites your change, and your change will be lost. :K\

There may be old locks still in place from transactions that did not release, or from when the user was cut off from the network. Unless cleared, these locks prevent access or change to the record until the system is cycled. The easiest way to locate them is to look for locks from prior days. We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter defines an automatic logout of the user if there is no activity for the set number of minutes.

8SGDWH5HFRUGV7UDQVDFWLRQ60 :KDW

A failed update, or an “update terminate,” is an update to the failed database. These failed updates occur when a user entry or transaction is not entered or updated in the database. The following analogy should help clarify this concept: 1. A secretary gives a file clerk a folder (similar to a save). 2. The file clerk gives the secretary a receipt (similar to the R/3 document number). 3. On the way to the file cabinet, the clerk falls, and gets hurt. The folder in not put into the cabinet (this is the failed update). 4. The end result is the folder is not in the cabinet—even though the secretary has the receipt. For performance reasons, the database update is done in asynchronous mode. In this mode, the user continues to work while the system takes over the update process and waits for the

4–12

Release 4.6A/B

Chapter 4: Scheduled Daily Tasks Critical Tasks

database update to complete. In synchronous mode, users would have to wait until the database successfully updated before they could continue to work. :K\

The users probably received a document number, so they assume that the entry is in the system; however, if a failed update occurred, the entry is not in the system. In a customer order, unless the order is reentered, the customers would not get their order and no trace of it would be found in the system!

6\VWHP/RJ7UDQVDFWLRQ60 :KDW

The system log is the R/3 System’s log of events, errors, problems, and other system messages. :K\

The log is important because unexpected or unknown warnings and errors could indicate a serious problem.

%DWFK,QSXW7UDQVDFWLRQ60 :KDW

This transaction shows jobs that need to be processed or started, and jobs with errors that need to be resolved. :K\

This transaction is important because it alerts you to batch input jobs that are: <

New These are jobs that are waiting to be processed (for example, a posting from an interface file). If not processed, the data will not post to the system.

<

Incorrect These are jobs that have failed due to an error. The danger is that only a portion of the job may have posted to the system. This increases the potential for data corruption of a different sort, as only part of the data is in the system.

System Administration Made Easy

4–13

Chapter 4: Scheduled Daily Tasks Critical Tasks

:RUN3URFHVVHV7UDQVDFWLRQV60DQG60 :KDW

These transactions allow users to view the status of work processes and monitor for problems. Transaction SM51 is a central transaction from which you can select the instance to monitor. SM51 starts transaction SM50 for each application server. Transaction SM50 is used for systems without application servers. :K\

Transaction SM51 is one place to look for jobs or programs that may be “hung,” (indicated by long run times). If batch jobs are not running, if all the batch work processes are in use, transaction SM50 may provide a hint of the problem.

6SRRO7UDQVDFWLRQ63 :KDW

The spool is the R/3 System’s output manager. Data sent to the printer is sent to the R/3 spool and then sent to the operating system to print. :K\

There may be problems with the printer at the operating system level. These problems need to be resolved immediately for time-critical print jobs (for example, checks, invoices, shipping documents, etc.) or there may be an operational impact. Active spool jobs that have been running for over an hour could indicate a problem with the operating system spool or the printer.

7XQH6XPPDU\7UDQVDFWLRQ67 :KDW

The buffer tune summary transaction displays the R/3 buffer performance statistics. It is used to tune buffer parameters of R/3 and, to a lesser degree, the R/3 database and operating system. :K\

The buffer is important because significant buffer swapping reduces performance. Look under Swaps for red entries. Regularly check these entries to establish trends and get a feel of the buffer behavior.

:RUNORDG$QDO\VLVRI6,'!7UDQVDFWLRQ67 :KDW

Workload analysis is used to determine system performance.

4–14

Release 4.6A/B

Chapter 4: Scheduled Daily Tasks Critical Tasks

+RZ

Check statistics and record trends to get a feel for the system’s behavior and performance. Understanding the system when it is running well helps you determine what changes may need to be made when it is not.

'DWDEDVH3HUIRUPDQFH$QDO\VLV7UDQVDFWLRQ67 :KDW

A high-level database performance monitor. :K\

This transaction provides the ability to: <

Monitor the database in relation to: Growth Capacity I/O statistics Alerts

<

Drill down for additional information.

<

Monitor the database without logging on to it.

$%$3'XPS$QDO\VLV7UDQVDFWLRQ67 :KDW

An ABAP dump (also known as a short dump) is generated when a report or transaction terminates as the result of a serious error. The system records the error in the system log (transaction SM21) and writes a snapshot (dump) of the program termination to a special table. This transaction can also be called from the system log (transaction SM21). :K\

You use an ABAP dump to analyze and determine why the error occurred, and take corrective action.

System Administration Made Easy

4–15

Chapter 4: Scheduled Daily Tasks Critical Tasks

4–16

Release 4.6A/B

&KDSWHU 6FKHGXOHG:HHNO\7DVNV

&RQWHQWV The R/3 System .......................................................................................................5–2 Database ..................................................................................................................5–3 Operating System ...................................................................................................5–3 Other.........................................................................................................................5–3 Notes ........................................................................................................................5–4

System Administration Made Easy

5–1

Chapter 5: Scheduled Weekly Tasks The R/3 System

7KH56\VWHP System: __________ Date: ____/____/____ Admin: _____________________ Task

Transaction

Check database for free space.

DB02 – DB Performance: Database Allocation

13

Record free space.

Monitor database growth.

DB02 – DB Performance: Database Allocation.

13

Record database space history.

Check spool for problems and that spool is properly cleared.

SP01 - Spool

14

Transport into PRD.

STMS, or TP

17

TemSe Consistency check

SP12

Review Security Audit Log.

SM20

5–2

Chapter Procedure

Column Title

All properly approved transports imported into PRD. Delete inconsistencies.

Release 4.6A/B

Chapter 5: Scheduled Weekly Tasks Database

'DWDEDVH Task

Where

Chapter

Procedure

Check off/initial

DBCC

13

Check output from DBCC job for errors (SQL Server).

Run MS-SQL server update statistics.

13

Check for successful completion of update stats job.

2SHUDWLQJ6\VWHP Task

Where

Check file system for adequate space.

RZ20 – CCMS Alert

Chapter Procedure 10

Check off/initial

Review space usage and that sufficient free space exists in the file systems.

Files system

2WKHU Task

Where

Check system monitoring systems for update.

System monitor

15

Review for any events that should be added or deleted.

Check system monitor alert mechanisms.

System monitor

15

Test e-mail.

Clean tape drive.

Tape drive

System Administration Made Easy

Chapter

Procedure

Check off/initial

Test paging. 15

Clean using cleaning cartridge.

5–3

Chapter 5: Scheduled Weekly Tasks Notes

1RWHV Problem

Action

Resolution

In chapters 4–8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist.

'DWDEDVH3HUIRUPDQFH7UDQVDFWLRQ'% :KDW

This screen provides a way to examine database allocation. :K\

This transaction allows you to monitor items such as: <

DB space history

<

DB Analysis

From this screen, you can view database history by dates and times.

&&06$OHUW0RQLWRU7UDQVDFWLRQ5= :KDW

Transaction RZ20 is a centralized alert monitor and is new with Release 4.0. With this transaction, you can monitor the servers in your landscape, such as development (DEV), quality assurance (QAS), testing, production (PRD), etc. You no longer have to individually log into each system to search for alerts. If there is an alert, the monitor will link to many of the other transactions later in this chapter. :K\

An alert indicates a potentially serious problem that should be quickly resolved. If not contained, these problems could degenerate into a disaster.

6SRRO7UDQVDFWLRQ63 :KDW

The spool is the R/3 System’s output manager. Data sent to the printer is first sent to the R/3 spool and then to the operating system to print.

5–4

Release 4.6A/B

Chapter 5: Scheduled Weekly Tasks Notes

:K\

There may be problems with the printer at the operating system level. These problems need to be resolved immediately for time-critical print jobs (for example, checks, invoices, shipping documents, etc.) or there may be an operational impact. You should check for active spool jobs that have been running for over an hour. These long-running jobs could indicate a problem with the operating system spool or the printer.

7HP6H7UDQVDFWLRQ63 :KDW

A TemSe (Temporary Sequential) database consistency check compares data in TST01 (TemSe objects) and TST03 (TemSe data) tables. TemSe contains temporary objects such as job logs, spool requests, tests for workflow, batch input logs, and personnel administration temporary data. Report RSTS0020 performs the consistency check. :K\

The relationship between the object and data in the TemSe may be destroyed as a result of: <

Restore from backups

<

Copying databases

<

Copying clients using improper tools

<

Deleting clients without first deleting their objects

7UDQVDFWLRQ67067066\VWHP :KDW

This transaction helps you perform transports. :K\

To move objects and configuration between systems or clients in the production pipeline. A transport starts in DEV, is transported to QAS where it is tested, and is finally moved into PRD.

System Administration Made Easy

5–5

Chapter 5: Scheduled Weekly Tasks Notes

5–6

Release 4.6A/B

&KDSWHU 6FKHGXOHG0RQWKO\7DVNV

&RQWHQWV The R/3 System .......................................................................................................6–2 Database ..................................................................................................................6–2 Operating System ...................................................................................................6–3 Other.........................................................................................................................6–4 Notes ........................................................................................................................6–5

System Administration Made Easy

6–1

Chapter 6: Scheduled Monthly Tasks The R/3 System

7KH56\VWHP System: __________ Date: ____/____/____ Admin: _____________________ Task

Transaction

Chapter

Defragment the memory

Procedure

Check off/initial

Cycle the R/3 System.

'DWDEDVH Task

Transaction

Plot database growth.

DB02—DB Performance: Tables

6–2

Chapter Procedure 13

Check off/initial

Record usage and plot.

Release 4.6A/B

Chapter 6: Scheduled Monthly Tasks Operating System

2SHUDWLQJ6\VWHP Task Backup file server. Review file system usage.

Where

Chapter 13

Procedure

Check off/initial

Perform a full server backup. Record file system usage. Plot usage. Is additional storage space needed? Is “house cleaning” needed?

System Administration Made Easy

6–3

Chapter 6: Scheduled Monthly Tasks Other

2WKHU Task Check consumable supplies.

Where

Chapter 16

Procedure

Check off/initial

Spare tape cleaning cartridge available for all tape drives. < DAT < DLT Spare tape cartridges available for all drive types. < DAT DLT Spare data cartridges available for removable media devices: < Zip® < MO (MagnetoOptical) < CD (Recordable) Preprinted forms: < Shipping documents < Invoices < Checks Special supplies, such as magnetic toner cartridge. Normal supplies: < Laser printer toner < Paper (for printers) < Batteries < Diskettes < Pens, and so on

6–4

Release 4.6A/B

Chapter 6: Scheduled Monthly Tasks Notes

1RWHV Problem

Action

Resolution

In chapters 4-8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist.

'DWDEDVH3HUIRUPDQFH7UDQVDFWLRQ'% :KDW

This screen provides a way to examine database allocation. :K\

This transaction allows you to monitor items such as: <

DB space history

<

DB Analysis

From this screen, you can view database history by dates and times.

System Administration Made Easy

6–5

Chapter 6: Scheduled Monthly Tasks Notes

6–6

Release 4.6A/B

&KDSWHU 6FKHGXOHG4XDUWHUO\7DVNV

&RQWHQWV The R/3 System .......................................................................................................7–2 Database ..................................................................................................................7–3 Operating System ...................................................................................................7–3 Other.........................................................................................................................7–4 Notes ........................................................................................................................7–4

System Administration Made Easy

7–1

Chapter 7: Scheduled Quarterly Tasks The R/3 System

7KH56\VWHP System: __________ Date: ____/____/____ Admin: _____________________ Task

Transaction

Chapter Procedure

Archive quarterly backup

Security review

Review scheduled jobs

7–2

Check off/Initial

Send quarter-end backup tapes to long-term offsite storage. SU01—User Maintenance

12

Review user ID for terminated users that should be locked or deleted.

SM31—Table Maintenance

19

Review list of “prohibited” passwords (Table USR40).

RZ10—Edit System Profile

20

Review system profile parameters for password standards.

SM37— Background Jobs

16

Review all scheduled jobs to determine if they are still appropriate.

Release 4.6A/B

Chapter 7: Scheduled Quarterly Tasks Database

'DWDEDVH Task

Where

Archive quarterly backup

Review all scheduled jobs

SM37

Test database recovery process

Chapter

Procedure

3

Send quarter-end backup tape to longterm offsite storage.

16

Review all scheduled jobs to determine if they are still appropriate.

2&3

Restore database to a test server.

Check off/Initial

Test the restored database.

2SHUDWLQJ6\VWHP Task

Where

Archive quarterly backup

Archive old transport files.

Transport directories; log, data, cofiles

Cleanup SAPDBA logs (Oracle)

SAPDBA cleanup

System Administration Made Easy

Chapter

Procedure

3

Send quarter-end backup tape to longterm offsite storage.

15

Archive the old transport files.

Check off/Initial

Maintain init<SID>.dba

7–3

Chapter 7: Scheduled Quarterly Tasks Other

2WKHU Task

Where

Procedure

Check maintenance contacts

Check off/Initial

Check for expiration date. Check for usage changes.

1RWHV Problem

Action

Resolution

In chapters 4-8, we have included a list of transactions like the ones below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist.

(GLW6\VWHP3URILOH3DUDPHWHUV7UDQVDFWLRQ5= :KDW

There are security parameters for the user’s password (for example, the minimum password length, the time interval that the user must change their password, and so on). The following is a list of the most important password parameters:

7–4

<

Minimum password length: login/min_password_lng A longer password is more difficult to break or guess. The standard for many companies is five (5) characters.

<

Password expiration time: login/password_expiration_time This is the length of time before the user must change their password. The length of time that auditors recommend is thirty (30) days. The maximum that should be used is ninety (90) days.

<

Password lockout: login/fails_to_user_lock This parameter locks out users after attempting to log in with an invalid password for a defined number of times. The standard is to lock a user after three (3) failed attempts. Release 4.6A/B

Chapter 7: Scheduled Quarterly Tasks Notes

:K\

Properly assigned parameters will make it more difficult to break into the system.

6HOHFW%DFNJURXQG-REV7UDQVDFWLRQ60 :KDW

Background jobs are batch jobs scheduled to run at specific times during the day. :K\

If you are running critical jobs, you need to know if the job failed because there may be other processes, activities, or tasks that are dependent on these jobs.

8VHU0DLQWHQDQFH7UDQVDFWLRQ68 :KDW

The lock/unlock function is part of the logon check, which allows or prevents the user from logging onto the R/3 System. For terminated users, the user’s ID should be locked and the user assigned to the user group “term.” :K\

<

Locking a user If an employee leaves the company, is assigned to a different group, or is on leave, their R/3 access should be removed. With the lock function, the user’s ID and security profile remain on the system but the user cannot log on. This function is ideal for temporary personnel or consultants where, unless the access is required, the user ID remains locked.

<

Unlocking a user If users incorrectly log on more that the allowed number of times, they are automatically locked out of the system. (An incorrect logon is usually the result of a forgotten password.) The administrator must unlock the user ID and more than likely reset the user’s password.

System Administration Made Easy

7–5

Chapter 7: Scheduled Quarterly Tasks Notes

7–6

Release 4.6A/B

&KDSWHU 6FKHGXOHG$QQXDO7DVNV

&RQWHQWV The R/3 System .......................................................................................................8–2 Database ..................................................................................................................8–3 Operating System ...................................................................................................8–3 Other.........................................................................................................................8–4 Notes ........................................................................................................................8–4

System Administration Made Easy

8–1

Chapter 8: Scheduled Annual Tasks The R/3 System

7KH56\VWHP System: __________ Date: ____/____/____ Admin: _____________________ Task

Transaction

Chapter

Procedure

Archive year-end backup.

3

Send year-end backup tapes to long-term offsite storage.

Audit user security.

11

Review users security authorization forms against assigned profiles.

Check off/Initial

Can also be done with report RSUSR100 SU02 – Security Profile Maintenance

11

With report RSUSR101

SU03– Security Authorization Maintenance

11

With report RSUSR102

Run SAP user audit reports.

SA38 (or SE38) – Execute ABAP program

11

Run user audit reports.

Check that the system is set to Not modifiable.

SE03 – Workbench Organizer Tools

11

Verify that system is set to Not modifiable.

SCC4– “Clients”: Overview

11

Check changeable status for applicable client

Audit profiles and authorizations.

Review segregation of duties.

Audit user IDs SAP* and DDIC.

8–2

Release 4.6A/B

Chapter 8: Scheduled Annual Tasks Database

Task

Transaction

Check locked transactions

SM01 – Transaction codes: Lock/Unlock

Chapter 11

Procedure

Check off/Initial

Check against your list of locked transactions.

'DWDEDVH Task

Where

Archive year-end backup

Chapter 3

Procedure

Check off/Initial

Send year-end backup tapes to long-term offsite storage.

2SHUDWLQJ6\VWHP Task Archive year-end backup

System Administration Made Easy

Where

Chapter 3

Procedure

Column Title

Send year-end backup tapes to long-term offsite storage.

8–3

Chapter 8: Scheduled Annual Tasks Other

2WKHU Task

Where

Perform disaster recovery.

Chapter

Procedure

Check off/Initial

2&3

Restore entire system to disaster recovery test system Test business resumption

1RWHV Problem

Action

Resolution

In chapters 4–8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist.

7UDQVDFWLRQ6$6( :KDW

All users who have left the company should have their R/3 access terminated immediately. By locking or deleting these user IDs, you limit access to only those users who should have access to R/3. Periodic review assures the task of locking or deleting has been completed. :K\

Proper audit control requires that a user who no longer has a valid business need to access R/3 should not be allowed to keep that access. Deleting or locking these user IDs also prevents anyone who had been using the terminated user ID from accessing the system under that ID.

7UDQVDFWLRQ6(6&& :KDW

There are switches that prevent changes from being made in the system. In the production system, these should be set to Not modifiable.

8–4

Release 4.6A/B

Chapter 8: Scheduled Annual Tasks Notes

The purpose of setting the production system to Not modifiable is to make sure that changes are made using the development pipeline. In the development pipeline, changes are: 1. Created in the development system 2. Tested in the development system 3. Transported from the development system to the test system 4. Tested in the test system 5. Transported from the test system to the production system Using this procedure, changes are properly tested and applied to the systems in the pipeline. :K\

Objects should not be modifiable in the quality assurance or production systems. This rule is to protect the production system from object and configuration changes being made, without first being tested. By setting the production system to Not modifiable, the integrity of the pipeline is preserved.

7UDQVDFWLRQ60 :KDW

“Dangerous transactions” are transactions that could do the following: <

Damage or corrupt the system

<

Present a security risk

<

Adversely impact performance

:K\

<

If a user accidentally accesses these transactions, they could corrupt or destroy the R/3 System. Access to dangerous transactions is more critical in the production system than the development or test systems. This is because of live data and the fact that the company’s operations are dependent on the R/3 System.

<

Certain transactions should be locked in the production system, but not in the development, test, or training systems. Standard security normally prevents access to these transactions. However, some administrators, programmers, consultants, and functional key users could have access to the transactions depending on the system they are on. In these cases, the transaction lock provides a second line of defense.

There are over 48,000 English transaction codes in the R/3 System. To make it manageable, only the critical ones need to be locked. Your functional consultants should supply you with any additional critical transactions in their modules.

System Administration Made Easy

8–5

Chapter 8: Scheduled Annual Tasks Notes

8–6

Release 4.6A/B

&KDSWHU 0XOWL5ROH7DVNV

&RQWHQWV Starting the R/3 System..........................................................................................9–2 Stopping the R/3 System........................................................................................9–5

System Administration Made Easy

9–1

Chapter 9: Multi-Role Tasks Starting the R/3 System

6WDUWLQJWKH56\VWHP To start the R/3 System in a productive environment: 1. Start the operating system (if required). 2. Check the operating system logs to verify a good start. 3. Start the database. This step is optional because starting the R/3 System also starts the database. However, manually starting the database allows you to review the database log before starting the R/3 System. <

NT/SQL:

If not automatically started, use the SQL Server Service Manager to start the database.

<

NT/Oracle:

If not automatically started, use SAPDBA to start the database.

<

UNIX:

At the command prompt, enter startsap db.

4. Check the database logs to verify a good start. 5. Start R/3 on the central instance. <

NT:

<

UNIX: At the command prompt, enter startsap r3.

Use the SAP Management Console.

To start the R/3 System, at the restart, wait for 60 seconds before you change the server’s clock. This step makes it easier to read the system log. For example, the last stop entry is 19:26:xx and the first start entry is 19:27:xx, where time is reported as hh:mm:ss. 6. Check the R/3 System log (SM21) to verify a good start. Problems at this point may require you to cycle (stop and start) the system. 7. Start R/3 on the application instances. The application servers would be started any time after step 2. 8. Check the R/3 System log.

9–2

Release 4.6A/B

Chapter 9: Multi-Role Tasks Starting the R/3 System

6WDUW5³17 1. On the NT desktop, double-click SAP R3 Management Console.

2. Click on the nodes (+) to drill down to the <servers>. Start the Central Instance (on the database server).

3

3. Right click on the (for example, pa100767), and choose Start.

4. The following two items indicate that the database instance has started and that R/3 has completed the start process: a. The status indicators for the database server change color to green.

4a

4b

b. The Status for both processes indicates Running. Wait a few minutes because startup activity is still occurring on the server. Tools such as QuickSlice and Perfmon allow you to monitor the activity of the server and know when it is OK to logon to the system.

System Administration Made Easy

9–3

Chapter 9: Multi-Role Tasks Starting the R/3 System

The steps below are applicable only if you have an application server: Start the dialog instance (on the application server). 1. Click on the nodes (+) to drill down to the (for example, pal002840), and choose Start.

1

2. The following two items indicate that the database instance has started and that R/3 has completed the start process: a. The status indicators for the application server change color to green. b. The Status for the process indicates Running.

2a

2b

3. Wait a few minutes because startup activity is still occurring on the server.

9–4

Release 4.6A/B

Chapter 9: Multi-Role Tasks Stopping the R/3 System

6WRSSLQJWKH56\VWHP <

When you stop R/3, coordinate and plan this stoppage with all users or their representatives.

<

Stopping a system at “your convenience” is unprofessional and usually causes considerable operational issues with users who need (and expect) the system to be up and running.

6WRS5&KHFNOLVW

Task

Date

Initial

The following tasks must be completed well before the R/3 System is stopped: Coordinate the shutdown with all affected parties, such as: < Finance < Shipping < Sales < Other Reschedule/cancel jobs that would be running or starting during the scheduled shutdown (SM37). Create a system message announcing the planned shutdown (SM02). The following tasks must be completed before the R/3 System is stopped: Check that there are no active users on the system (SM04 and AL08). Check that there are no active background jobs running (SM37). Check for active processes (SM50 and SM51). Check for active external interfaces. To stop the R/3 System: Stop the application server instance(s). Stop the central instance. Stop the database (optional).

System Administration Made Easy

9–5

Chapter 9: Multi-Role Tasks Stopping the R/3 System

7DVNVWR%H&RPSOHWHG%HIRUH6WRSSLQJWKH6\VWHP <

Coordinate the shutdown with all effected parties. If an organization has planned to do something and expects the system to be operational, they may or may not be able to reschedule. You may have to reschedule your shutdown around them and shutdowns are usually negotiated activities.

([DPSOH An IT person in a company rebooted a server in the middle of the day without telling anyone. He had a date that evening and did not want to stay late. The CFO said, “Yeah, he’ll have a date with the unemployment line.” Before stopping the system, there are several checks that need to be made. The purpose is to determine that there is no activity on the system when the system is stopped. Certain activities (such as a large posting job), if interrupted, could have some transactions posted and some not yet posted. Recovery could then become an issue.

If you are the cause of the emergency, be prepared to take the consequences. An example of an emergency is not monitoring the file system, having it fill up, which results in stopping R/3. <

Reschedule or cancel jobs that will be running or starting during the scheduled shutdown. Check SM37 for these jobs and cancel or reschedule them to run after the shutdown. Watch for repeating jobs, such as daily or weekly jobs. These jobs are not created until the job for the prior period (day, week, etc.) has run. In other words, a daily job cannot exist several days in advance.

<

Create a system message announcing the planned shutdown.

<

Emergency or priority shutdowns (for example, file system full, log full, equipment failure, etc.) are a different matter. In these instances, you need to shutdown immediately and users need to accommodate you. There may be little—if any—negotiating.

6\VWHP0HVVDJH60 :KDW

A system message is a popup that users see when they first log on to the R/3 System. This window appears after a new message has been created or when users move between screens.

9–6

Release 4.6A/B

Chapter 9: Multi-Role Tasks Stopping the R/3 System

*XLGHG7RXU

In the Command field, enter transaction SM02 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Administration → SM02-System messages). Choose

Create.

2

In System message text, enter your message. If you are only shutting down one server, you may also enter text in the Server field. To enter this text,

3

choose and select the instance on which the message should appear. In Expiry on, enter the message’s expiration date and time. Choose

4 5 6

. When referencing the time for the shutdown, always enter the specific time, time zone, and date (for example, 0230 PDST-Mon–Jun 8,1998). Entering vague information, such as “in 15 minutes” creates possible confusion as to when and where an event has been scheduled. Some examples of confusion that may arise include: <

15 minutes (from when?)

<

0230 (where? Corporate offices or where the user is?)

<

6:00 (a.m. or p.m.?)

<

Monday (of which week?)

System Administration Made Easy

9–7

Chapter 9: Multi-Role Tasks Stopping the R/3 System

The message in the status bar indicates that your message has been saved.

This screen shows the message as the user would see it.

9–8

Release 4.6A/B

Chapter 9: Multi-Role Tasks Stopping the R/3 System

&KHFNWKDW1R$FWLYH8VHUV$UHRQWKH6\VWHP$/60

*XLGHG7RXU

For a system without application servers: 1. In the Command field, enter SM04 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring → SM04-User overview). 2. Contact the users and have them log off. 3. If users cannot be contacted, delete their session as described in chapter 12, Deleting a User’s Session.

System Administration Made Easy

9–9

Chapter 9: Multi-Role Tasks Stopping the R/3 System

For systems with application servers: 1. In the Command field, enter AL08 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → Performance menu → Exceptions/users → Active users → AL08-Users global). 2. Scroll down the transaction screen to see all the servers in the system and the users on those servers. 3. Contact the users to have them log off. 4. If the users cannot be contacted, delete their session as described in chapter 12, Deleting a User’s Session. You cannot delete a user from transaction AL08. You must log into the individual instance and use transaction SM04 to delete the user session.

9–10

Release 4.6A/B

Chapter 9: Multi-Role Tasks Stopping the R/3 System

&KHFNIRU%DWFK-REV5XQQLQJRU6FKHGXOHG60 Check for any batch jobs that are running or are scheduled to run during the shutdown.

*XLGHG7RXU

1. In the Command field, enter SM37 and choose Enter (or from the SAP standard menu, choose Tools → CCMS Jobs → SM37-Maintenace). 2. Enter * in User name. 3. Under Job status, select the following: < Planned < Released < Ready < Active 4. Change the Fr (from) date back a year. 5. Change the To date to a date beyond the shutdown period. 6. In or after event, choose select *. 7. Choose

7 2 3

4

5

and 6

Execute.

System Administration Made Easy

9–11

Chapter 9: Multi-Role Tasks Stopping the R/3 System

8. Choose a job to review (for example, GARY-TEST).

9

9. From the menu bar, choose Job → Change.

8

Change the display to show the planned start date and time. From the menu bar, on the screen above, choose Settings → Display variant → Current. On the field selection screen, move the planned start date and planned start time from the hidden fields on the right, to the displayed fields on the left.

10. Choose

Start condition.

10

9–12

Release 4.6A/B

Chapter 9: Multi-Role Tasks Stopping the R/3 System

11. Change the Scheduled start date, to a date after the shutdown. 12. Choose Save. 11

12

13. Verify the new start date. 14

14. Choose Save.

13

System Administration Made Easy

9–13

Chapter 9: Multi-Role Tasks Stopping the R/3 System

15. A message indicates that the job was saved. 16. Repeat the steps for each of the other jobs that need to be moved.

15

17. As a final step, repeat the initial job selection to verify that there are no jobs scheduled during the system shutdown.

9–14

Release 4.6A/B

Chapter 9: Multi-Role Tasks Stopping the R/3 System

&KHFNIRU$FWLYH3URFHVVHVRQ$OO6\VWHPV60

*XLGHG7RXU

1. In the Command field, enter transaction SM51 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring → SM51-Servers). This screen lists all instances in the system. 2. Select an instance. 3. Choose

3

. 2

4. The screen that appears is the transaction SM50 screen for that server.

6

5. Review for activities. 6. Choose Back and return to the SAP servers transaction (SM51). 7. Repeat steps 2 to 5 for each instance.

5

&KHFNIRU([WHUQDO,QWHUIDFHV External interfaces are interfaces where data is being moved to or from the R/3 System. Checking for active interfaces depends on the specific interface and how it has been designed, built, and implemented. The developer or consultant can help you determine if the interface is active.

System Administration Made Easy

9–15

Chapter 9: Multi-Role Tasks Stopping the R/3 System

6WRSSLQJ5 <

When you bring down or stop R/3, coordinate and plan this event with all the R/3 users or their representatives.

<

Stopping a system at “your convenience” is unprofessional and usually causes considerable operational issues with users who need (and expect) the system to be up and running.

Stop R/3 only after all checks have been made and you are certain that there is no activity on the system. To stop the R/3 System: 1. If there are application servers in the system, stop the instance on the application server(s). 2. Stop the instance on the database server. <

NT/SQL:

Use the SAP Management Console.

<

UNIX:

At the command prompt, enter stopsap This script may also stop the database; check your specific installation.

3. If needed, stop the database. The database must be stopped separately. Unlike the start process, stopping the system does not also stop the database. <

NT/SQL:

Use SQL Server Service Manager to stop the database.

<

NT/Oracle:

Use SAPDBA to stop the database.

<

UNIX:

Use either SAPDBA or the stopsap script to stop the database.

4. If needed, stop the operating system. 67235³17 1. On the NT desktop, double-click SAP R3 Management Console.

9–16

Release 4.6A/B

Chapter 9: Multi-Role Tasks Stopping the R/3 System

2. Drill down to the: a. <SID> (for example, SAS). b. <servers> (for example, pa100767 and pal002840).

2a

2b

2b

The following steps are applicable only if you have application servers. Stop the R/3 dialog instance (on the application server). 1. Click on the nodes (+) to drill down to the (for example, pal002840).

1

2. Right click on the and choose Stop. 3. Choose Yes.

3

4. When R/3 stops: a. The status indicators change color to gray. b. The Status indicates Stopped.

4b

4a

System Administration Made Easy

9–17

Chapter 9: Multi-Role Tasks Stopping the R/3 System

Stop the R/3 central instance (on the database server). 1. Click on the nodes (+) to drill down to the (for example, pa100767).

1

2. Right click on the and choose Stop.

3. Choose Yes.

3

4. When R/3 stops: a. The status indicators change color to gray. b.

9–18

The Status indicates Stopped.

4a

4b

Release 4.6A/B

&KDSWHU 56\VWHP$GPLQLVWUDWLRQ

&RQWHQWV Overview ................................................................................................................10–2 Major System Monitoring Tools ..........................................................................10–2 Specific Transaction Monitoring Overview ......................................................10–32 System Message (SM02) ....................................................................................10–51

System Administration Made Easy

10–1

Chapter 10: R/3 System Administration Overview

2YHUYLHZ This chapter will help you understand how to monitor your system. It is crucial that a system administrator gets a quick overview of the system status and is quickly notified of critical situations. In this chapter, the reader will learn about the following items: <

Some CCMS tools

<

Major tasks

<

Specific transactions

<

System messages

0DMRU6\VWHP0RQLWRULQJ7RROV The major tools of system monitoring provide a quick mechanism to monitor your system. The two major tools, the CCMS Central Alert Monitor and the System Administration Assistant (SAA), perform two different functions. The CCMS Central Alert Monitor is primarily an alert monitor. The SAA is a control panel from which you can directly access the specific monitoring tools and be notified of any alerts. If you have time constraints, these major tools provide a quick overview of the system status and notify you of critical situations that warrant your immediate attention.

&&06&HQWUDO$OHUW0RQLWRU7UDQVDFWLRQ5= :KDW

Transaction RZ20 is a centralized alert monitor. With this transaction, you can monitor the servers in your landscape, such as development, QA, testing, production, etc. You no longer have to individually log into each system to search for alerts. If there is an alert, the monitor will link to many of the other transactions in this guidebook. You can do many of your system monitoring tasks with the Central Alert Monitor. To find Alert Monitor documentation, from the menu bar, choose: 1. Help → SAP Library. 2. SAP Library → Basis Components → Computing Center Management System (BC-CCM) → BC-Computing Center Management System 3. BC-Computing Center Management System → the Alert Monitor. The Central Alert Monitor is not a replacement for examining the other checklist tasks. Certain alerts, such as Microsoft SQL Server and TMS have not yet been integrated into the Central Alert Monitor.

10–2

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

:K\

An alert indicates a potentially serious problem that should be quickly resolved. If not contained, these problems could deteriorate into a disaster.

*XLGHG7RXU

1. In the Command field, enter transaction RZ20 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → RZ20-Alert monitor). This screen is the standard display. We will use a modified display with most of the monitor sets suppressed.

We will be using this monitor set display. See the configuration section later in the RZ20 section to learn how to configure your display.

System Administration Made Easy

10–3

Chapter 10: R/3 System Administration Major System Monitoring Tools

$FFHVVLQJWKH&&06$OHUW0RQLWRU5= 1. From the CCMS Alert Monitor screen, we have the display with only two monitor sets: < SAP-delivered SAP CCMS Monitor Templates < User-created SystemAdmin docu

2. Click the node (+) to expand the monitor sets. 3. In the SAP CCMS Monitor Templates, there are predefined monitors to use 6 as your starting point. These monitor templates cannot be modified. To modify them, copy them into a customer monitor set and modify the monitor there. 4. In this example, we copied the Entire system monitor from the SAP CCMS Monitor Template into SystemAdmin docu.

3

4

This step allows us to modify the monitor. 5. Select a monitor. (In this example, we selected Entire system.) 6. To load the monitor, choose

10–4

4, 5

.

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

This is the “monitor screen.” 7. The monitor contains the alerts for a single system/SID. 8. Here, we can see the application servers in that system. Here we show the following: a. pa100767_SAS_00, the central instance b. pal101003_SAS_00, the application server

7 8 8a

8b

&XUUHQW9LHZDQG$OHUW9LHZ The display has two modes: <

The current system status This mode shows the alert situation right now.

<

Open alerts This mode shows alerts that have been generated but not yet “acknowledged.” In this mode, alerts are collected over time.

The recommended process is to look for: 1. Immediate problems (current system status) 2. Prior or transient problems (open alerts)

System Administration Made Easy

10–5

Chapter 10: R/3 System Administration Major System Monitoring Tools

6ZLWFKLQJ%HWZHHQWKH&XUUHQWDQG$OHUW9LHZV On the View: Current system status screen: 1

1. To view alerts, choose Open alerts.

2. On the View: Open Alerts screen, to return to the current status view, choose Current status. 2

10–6

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

)LQGLQJDQ$OHUW From the monitor screen: 1. Look for red node text. If a node text is highlighted in red, there is an alert somewhere below that text.

4

2. Drill down to the bottom node. Here, the alert node is Percentage Used of the file system on drive H. 3. Select the node text. 4. Choose

.

3 2

5. Scroll to the bottom of the screen or choose .

System Administration Made Easy

5

10–7

Chapter 10: R/3 System Administration Major System Monitoring Tools

6. At the bottom of the detail screen are two tables. These table show the alert values over the last: < 30 minutes < 24 hours

6

These tables can be of significant value in troubleshooting.

6

To display a graph of a timetable: 7. Select the table to use (for example, last 24 hours). 8. Choose

8

.

7

The graphical display shows how the values changed over a 24-hour period.

9

9. Choose Back when you have finished.

10–8

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

10. Choose Performance history. The batch job that collects historical data must be running. The default is that the job will not run. But, 13 running this job will add more data to the database and affect database growth. For more information, see Configuring the Batch Job to Collect Historical Data (RZ21) on the following page.

14 10

11. Enter a “from” and “to” period in any of the time frames. 12. Choose , which returns you to the screen above. 13. Select the history items to display. 14. Choose

.

12

System Administration Made Easy

10–9

Chapter 10: R/3 System Administration Major System Monitoring Tools

&RQILJXULQJWKH%DWFK-REWR&ROOHFW+LVWRULFDO'DWD5= The batch job that collects historical data must be running. The default situation is that the job will not run. But, running this job will add more data to the database and affect database growth. The batch jobs provide the data for the performance history option above.

Do not run this batch job unless you want performance history data (RZ20).

1. In the Command field, enter transaction RZ21 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Configuration → RZ21-Alert Monitor). 2. From the menu bar, choose Technical infrastructure → Performance Database → Define Background Job.

10–10

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

3. This user ID is the user ID that was used to log in. 4. Enter the time to run the job. The job will run every six hours.

5 6

5. Choose Save. 6. Choose

Next step. 3 4

This screen shows the second of the two jobs that will be scheduled. 7. Choose Back.

System Administration Made Easy

7

10–11

Chapter 10: R/3 System Administration Major System Monitoring Tools

9LHZWKH$OHUWV 1. Choose Display alerts.

1

2. The alerts are listed in order of priority (Red at the top and yellow below).

10–12

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

$QDO\]HWKH$OHUW 1. Select the alert. 2. Choose

. 2 1

3. The specific analysis tool that is started is node dependent. (In this case it is the OS Monitor.) These tools that are individually covered in the remainder of this guidebook. If no tool is assigned, you will get a “No method assigned” message.

System Administration Made Easy

10–13

Chapter 10: R/3 System Administration Major System Monitoring Tools

$FNQRZOHGJHWKH$OHUW 1. From the detail screen, choose Display alerts. 1

This screen is the same screen where you start to analyze an alert (see previous page). 2. Select the alert to acknowledge.

3 2

3. Choose Complete alert.

4. Note the message at the bottom of the screen. 5. There is one less alert displayed. 5

4

You still have to perform a task based on the alert. Acknowledging the alert only means that you received the alert notification.

10–14

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

6. When all alerts and warnings are acknowledged, the alert will change color to green.

6

3URYLGH6\VWHP&RQILJXUDWLRQ,QIRUPDWLRQ7UDQVDFWLRQ5= 1. Under the SAP CCMS Monitor Templates, select System Configuration. 2. Choose

.

2

1

System Administration Made Easy

10–15

Chapter 10: R/3 System Administration Major System Monitoring Tools

The various nodes will provide a variety of information about: < Clients < SAP license < Database

As shown here, a monitor can be configured to display multiple systems. Note that this monitor has been configured to monitor the following systems: < SAS < RW8 < BSK

10–16

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

0DLQWDLQLQJ7KH$OHUW7KUHVKROGVIRU5= :KDW

The alert threshold is the point where the alert indicator changes color from: < <

Green to yellow Yellow to red

<

Red to yellow

<

Yellow to green

:K\

Each installation is different, so the point at which an alert changes color depends on the individual installation. Sample situations where you would want to change the threshold levels when: <

A high amount of paging is a cause for concern on the production system, but it is expected on the development system.

<

The only file on a drive may be the database file, which is completely filling the drive. A “filesystem full” alert on that particular drive is of no concern, because the database would have been configured to take up the whole drive.

+RZ

*XLGHG7RXU

1. Click the node (+) of the specific alert that you want to change the threshold. 3

2. Select an alert. 3. Choose Properties. 1

2

System Administration Made Easy

10–17

Chapter 10: R/3 System Administration Major System Monitoring Tools

4. If the displayed values are for a group, an indicator field will appear in the screen.

5

In this case the group indicator means that the values displayed apply to all drives, not just the selected drive. 5. To switch to group or individual: <

Group: From the menu bar, choose Edit → Properties → Use from MTE class/group.

<

Individual: From the menu bar, choose Edit → Properties → Use for individual Monitoring Tree Element (MTE).

6. Choose

4

.

7. The threshold value field will change color from grey to white. 6

10–18

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

8. If the transaction is set to group mode, an information screen will 8 appear. 9. Choose

. 9

10. Enter new values for when the alerts will change (for example, 98).

11

These threshold values are specific to the alert you indicated. 11. Choose Save.

10

+LGLQJ6$36WDQGDUG0RQLWRU6HWV The monitor sets that are being “hidden” are not usually needed. 1. On the CCMS alert monitor screen, from the menu bar, choose Extras → Activate maintenance function.

System Administration Made Easy

1

10–19

Chapter 10: R/3 System Administration Major System Monitoring Tools

2. Expand all the monitor sets. 3. Under Public sets, select a monitor set (for example, SAP Business Communication). 4. Choose

4

.

3

5. Deselect Public (visible for all users). 6. Choose

.

5 6

10–20

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

7. The monitor set will disappear from My favorites and Public sets. 8. The set still exists under SAP. Therefore, if it is needed, this set could be “unhidden.”

8

System Administration Made Easy

10–21

Chapter 10: R/3 System Administration Major System Monitoring Tools

9. Repeat the steps until the only SAP standard set remaining is SAP CCMS Monitor Template.

9

Once the extra monitor sets disappear, this screen shows how the CCMS monitor sets will look.

10–22

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

&UHDWHD1HZ0RQLWRU6HW 1. On the CCMS alert monitor screen, from the menu bar, choose Extras → Activate maintenance function.

1

2. Select Public sets. 3. Choose

.

3

2

4. Under Monitor set, enter a name for the new monitor set (for example, SysAdmin 2).

4

5. Select Public (visible for all users). 6. Choose

.

5 6

System Administration Made Easy

10–23

Chapter 10: R/3 System Administration Major System Monitoring Tools

7. The new monitor set is in the Public sets and My favorites.

8

8. To turn off maintenance, from the menu bar, choose Extras → Deactivate maintenance function.

7

7

9. The new monitor set (SysAdmin 2) now appears on the screen.

9

$GGD0RQLWRUWRWKH0RQLWRU6HW 1. From the menu bar, choose Extras → Activate maintenance function.

10–24

1

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

2. Select the Monitor set (for example, SysAdmin 2). 3. Choose

. 3

2

4. Expand the monitor design tree. 6

5. Select the nodes (+) that you want to include in the monitor (for example, Background under both RW8 and SAS). 6. Choose Save.

5

5

System Administration Made Easy

10–25

Chapter 10: R/3 System Administration Major System Monitoring Tools

7. Under Monitor, enter a relevant name for the new monitor (for example background-SAS+RW8). 8. Choose

.

7 8

9. The monitor definition is saved.

9

10. Expand the monitor set to see the new monitor.

11

11. To turn off maintenance, from the menu bar, choose Extras → Deactivate maintenance function.

10

10–26

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

12. Select the new monitor. 13. Choose

.

13

12

14. Expand the monitor tree. 15. This new monitor shows only the nodes you selected. This monitor is monitoring background service on two different systems (SAS and RW8).

15

15

System Administration Made Easy

10–27

Chapter 10: R/3 System Administration Major System Monitoring Tools

6\VWHP$GPLQLVWUDWLRQ$VVLVWDQW7UDQVDFWLRQ66$$ :KDW

The System Administration Assistant (SAA) was developed as part of the Ready-to-RunR/3 project. The core of the SAA has been brought into standard R/3 and is now available. The SAA lists all the R/3 administrative tasks and tracks tasks that need to be done. It also provides documentation on each task and displays critical, and non-critical, alerts. :K\

It helps the system administrator track work by providing a point of reference for all relevant system administration transactions. +RZ

*XLGHG7RXU

1. In the Command field, enter transaction SSAA and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → SSAA-System Administration Assistant). 2. Choose Entire View tab.

2

10–28

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

3. Choose

.

3

4. Choose

. 4

System Administration Made Easy

10–29

Chapter 10: R/3 System Administration Major System Monitoring Tools

5. From the menu bar, choose View → Transaction code to display the transaction codes on the right side.

5

6. If a task needs to be performed, a red square will appear next to it. 7. To execute the task, choose on that line (for example, R/3: Checking Background Jobs). 6

7

10–30

Release 4.6A/B

Chapter 10: R/3 System Administration Major System Monitoring Tools

8. The associated transaction is started. The specific transaction code selected is node dependent. The task to execute the transaction will be specific to the started transaction.

9

9. When you have finished, choose Back.

10. The list is updated, and the task has a green circle indicating that it has been performed. 11. To see if there are any alerts in each task, choose List Current Alerts.

11

10

System Administration Made Easy

10–31

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

12. Critical and noncritical in each task are displayed.

alerts

12

6SHFLILF7UDQVDFWLRQ0RQLWRULQJ2YHUYLHZ )DLOHG8SGDWHV7UDQVDFWLRQ60 :KDW

An update terminate (or failed update) is an update to the database that failed. These terminates occur when a user entry or transaction is not entered or updated in the database. The following example should help clarify this concept:

([DPSOH 1. The accountant gives a file clerk a folder (similar to the “save” in a transaction). 2. The file clerk gives the accountant a receipt (similar to the R/3 document number). 3. On the way to the file cabinet, the clerk falls and gets hurt. The folder in not filed in the cabinet (the failed update). 4. The end result is that the folder is not in the cabinet—even though the accountant has the receipt. This same end result occurs in an update environment, the document is not in the R/3 System—even though the user has a document number.

10–32

Release 4.6A/B

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

For performance reasons, the database update is done in an asynchronous mode. In this mode, the user continues to work while the system takes over the update process and waits for the database update to complete. In a synchronous mode, users would have to wait until the database has successfully updated before they could continue to work. :K\

Users assume that when they receive a document number, the entry is in the system. But it is not. Even if the users received a document number, because of the update terminate, no trace of it exists in the system.

([DPSOH Even though a sales order document number is generated, the order does not exist. Therefore, customers would not receive their order, and no trace of the order would exist in the system. :KHQ

Check the system for failed updates several times a day. During a dayshift, the checks can be distributed: <

First thing in the morning

<

Late morning

< <

Early afternoon Late afternoon

If you have a global operation, your schedule should be adjusted to account for other time zones and someone in that time zone should participate in the monitoring. The longer you wait after the update terminate has occurred, the more difficult it is for users to remember what they did when the update terminate occurred. If you wait too long, the user will not remember. When things go wrong, they can really go wrong. For example, in one situation, there were over 600 update terminates that occurred in a 30-minute period. The system administrators were not alerted to the problem so prompt action was not taken. Therefore, normal business transactions continued to be entered and each one was terminated. On Windows NT, from R/3 Release 3.0F and higher, system log entries are written to the NT event log. You might consider configuring an “event log monitor” to page you when an update terminate occurs. This step reduces the need to constantly check transaction SM13. It also reduces the exposure between the time the update terminate occurs, when you find out about it, and when you can get to the user. The following message appears: “You have express mail in you inbox.” This message means that an update terminate has occurred on the user’s transaction.

System Administration Made Easy

10–33

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

*XLGHG7RXU

1. In the Command field, enter transaction SM13 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → SM13-Update). 2. In Client enter *. 3. In User enter *.

6

4. Under Status, select All. 5. In From date, change the date to a year ago (for example, 09/07/1998). 6. Choose

2 3

.

4

5

7. In the Status column, look for entries with an Err. These entries are failed updates or update terminates. You may also see other entries listed without the Err status. If you have no failed updates, stop here. If you have failed updates, continue with the next section, Managing Update Terminates.

10–34

7

Release 4.6A/B

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

0DQDJLQJ8SGDWH7HUPLQDWHV 1. Double-click on an entry with an Err status.

1

2. This screen shows in what module (Mod.name) and where in the process (Mod.ID) that the update terminate occurred. 2

3. Double-click on the entry with an Err status.

3

4. Choose ABAP short dump. If a short dump exists, it will appear.

4

System Administration Made Easy

10–35

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

5. After choosing ABAP short dump in the previous screen, you will see one of the following screens: a. If you have an ABAP dump, you will see this screen.

b. If a short dump does not exist, you will see: < A dialog box (titled Update Status). < The message No ABAP/4 short dump exists which appears either in the inactive Update Modules window or a separate dialog box. Do not attempt to reapply the failed update! There are conditions under which this reapplication can lead to corruption of the database. Always advise users to reenter the transaction.

10–36

Release 4.6A/B

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

Some of the problems that can occur with an update terminate include: <

No short dump In this case, the only clues you have are the: User ID Date Time Transaction

<

Difficulty reading the short dump Do not be discouraged because you cannot understand a short dump. The ability to read a short dump comes with experience and practice. Some of the content is only useful to the developer. You may recognize a pattern of characters as a part number, document number, vendor code, etc.

<

Short dump with little usable information

<

Update terminate occurring “downstream” from the actual transaction The data in the short dump may be of little value in finding the root of the update terminate. (For example, if the terminate occurred in the FI posting of an SD transaction, you will not know which SD transaction document caused the problem.)

<

Update terminate occurring in a batch job There is no indication of which batch job (by job name) caused the update terminate. SAP is aware of the inability to identify the batch job which was the source of an update terminate.

6. The users need to be contacted. 7. The users should check for the missing entry and reprocess the missing transaction. 8VHU7UDLQLQJ When a user receives the following message, “You have express mail in your inbox,” usually signals a problem. The user should immediately stop and get assistance to determine what happened. R/3 uses “express mail” to notify the user of a failed update. It is during this “window” (immediately after the error has occurred) that the user has the best chance of correcting the problem.

System Administration Made Easy

10–37

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

6\VWHP/RJ7UDQVDFWLRQ60 :KDW

The system log is the R/3 System’s log of events, errors, problems, and other system messages. :K\

The log is important because unexpected or unknown warnings and errors could indicate a serious problem. :KHQ

You should check the system log several times a day.

The ability to properly monitor the system log comes with experience. Over time, you will become familiar with what log entries “normally” appear in your system log, and recognize the unusual ones that need investigation.

*XLGHG7RXU

1. In the Command field, enter transaction SM21 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitoring → SM21-System log). If you select Problems only, you will see this screen. 2. You can get more information on certain entries. In this example, double-click on the “short dump.” Proceed to step 4. 2

10–38

Release 4.6A/B

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

If you select All messages, you will see this screen. 3. Notice that the warning messages on this screen (indicated by the yellow highlight under the column MNo), and the text Perform rollback) did not appear in the previous screen. 3

What to look for: < Unusual entries For your installation for a specific system, before you can recognize the unusual entries, you will need to become familiar with “normal” entries. < Column MNo for the error status Errors are in red and pink, and warnings are in yellow. These entries may have been examined when you did the Alert Monitor (RZ20). To minimize the video processing overhead, many NT servers are configured with a video color depth of 16 colors. On these servers, increase the video color depth to 256 colors to see the alerts in color, or view the log from a computer that has the video set to at least a color depth of 256 colors.

System Administration Made Easy

10–39

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

4. Choose Analyze runtime errors.

4

This screen is the short dump. You can access this screen using transaction ST22.

10–40

Release 4.6A/B

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

/RFNV7UDQVDFWLRQ60 :KDW

A “lock” is a mechanism that prevents other users from changing the record on which you are working. The example below illustrates the importance of using this function.

([DPSOH You are changing a customer mailing address, while someone is simultaneously changing the customer’s telephone number. You first save your change; then the other person saves his or her change. The other person’s change overwrites your change, and your change will be lost.

:K\

There may be “old” locks still in place from transactions that did not release, or from when the user was cut off from the network. Unless cleared, these locks prevent access or change to the record until the system is cycled. The easiest way to locate these locks is to look for locks from prior days.

We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter defines an automatic logout of the user if there is no activity for the set number of minutes. Setting the auto_logout parameter is recommended for security. It is also an item for which your external auditors may test. The parameter is a global setting that applies to all users on the instance. You cannot have different logout times for different groups of users on the same instance. The only way to have different logout times for different groups of users is to have specific groups (for example, Finance) log in to specific instances (for example, the Finance application server) where this parameter is set in the instance profile of that instance.

System Administration Made Easy

10–41

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

*XLGHG7RXU

1. In the Command field, enter transaction SM12 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → SM12-Lock entries). 2. In Client enter *. 3. Clear the User name field. 4. Choose

4

.

2 3

5. In the Time column, look for locks from previous days. The presence of a lock from a previous day could mean that the user was “disconnected” from the network and the R/3 System.

5

Deleting a lock is a dangerous task. Do not delete a lock without checking first to see if it is being used. If you delete a lock that is in use, you risk corrupting the database.

10–42

Release 4.6A/B

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

The following process should be followed before deleting a lock: Task

Transaction Code that Completes this Task

Is the user logged on any of the servers?

<

Transaction SMO4 (without application servers)

<

Transaction AL08 ( with application servers)

If the user is not on the system, but transaction SM04 shows them on the system, delete their sessions as described in chapter 9, Deleting a User’s Session. This step, alone, may clear the lock. Are there are processes running under the user ID? <

Transaction SM50

<

Transaction SM51

Also see the Processes section later in this chapter. Are there batch jobs running under the user ID?

<

Transaction SM37

Also see the Background Jobs section in this chapter. Are there updates in process for that user ID?

<

Transaction SM13

Also see Failed Updates section in this chapter. Once you know that there is no activity using the user’s ID: 1. Select the lock entry for deletion. 2. From the menu bar, choose Lock entries→ Delete. <

Double-check the user ID of the entry that you selected to delete. If you delete the wrong lock, you could corrupt the database.

<

Clear only one lock entry at a time.

<

Do not use the mass delete option. This option will delete all the locks, not just the ones for the user you have selected.

$FWLYH8VHUV7UDQVDFWLRQV60DQG$/ :KDW

These transactions display all the users who are currently logged on to the system. They show both the user’s ID and terminal name. :K\

In a smaller company, the administrator can recognize user IDs logged on to “unfamiliar” terminals. An unfamiliar terminal may indicate that someone—other than the designated user—is using that user ID.

System Administration Made Easy

10–43

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

A user logged on to more than one terminal may indicate that the ID is being used: <

Used by someone else

<

Used/shared by several people

Here are some reasons not to share user IDs: <

If a problem arises, you will not know who created the problem. This situation makes the problem difficult for you to fix and prevent from happening again.

<

Prudent security practices do not allow for the sharing of user IDs.

<

Your external auditors may also perform this test to test your security.

Release 4.6 allows you to prevent concurrent sharing of user IDs by activating the disable_mult_gui_login system profile. We recommend that you activate this parameter. 3UREOHPV

Transaction SM04 may show a user as active, when the user has actually logged off. Because the user session was not properly closed, the system “thinks” that the user is still logged on. This condition can be caused by one of the following: <

A network failure, which cuts off the user.

<

Users who turn off their computer without logging off from the R/3 System.

6LQJOH,QVWDQFH6\VWHP7UDQVDFWLRQ60

*XLGHG7RXU

1. In the Command field, enter transaction SM04 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring → SM04-User overview). 2. Select the user ID (for example, GARYN) to view the session the user has opened. 3. Choose Sessions. 3

2

10–44

Release 4.6A/B

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

The Overview of Sessions screen shows what sessions the user has opened. 4. Choose

.

4

0XOWL,QVWDQFH6\VWHP7UDQVDFWLRQ$/

If you have several instances in your system, using AL08 is easier, because you can simultaneously see all users in all instances on the system. 1. In the Command field, enter transaction AL08 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → SM66-All work processes. 2. From the menu bar, choose Goto → Global users overview. 3. The Current Active Users screen shows all the instances in your system. 4. For each instance, a list of the users logged onto that instance/ application server is also provided.

3

3 4

3 4

System Administration Made Easy

10–45

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

:RUN3URFHVVHV7UDQVDFWLRQV60DQG60 :KDW

Process overview transactions allow users to view the status of work processes and monitor for problems. Transaction SM51 is a central transaction from which you can select the instance to monitor. SM51 starts transaction SM50 for each application server, which is used for a system without application servers. :K\

Transaction SM51 is one place to look for jobs or programs that may be “hung,” which maybe indicated by long run times. If batch jobs are not running, transaction SM50 may provide a hint of the problem, if all the batch work processes are in use. )RUD6\VWHPZLWK$SSOLFDWLRQ6HUYHUV

*XLGHG7RXU

1. In the Command field, enter transaction SM51 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring → SM51-Servers). 2. Select the instance you want to view (for example, pawdf071_Q99_75). 3. Choose

3

. 2

10–46

Release 4.6A/B

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

This screen shows the Process Overview transaction (SM50) for that instance.

)RUD6\VWHP:LWKRXW$SSOLFDWLRQ6HUYHUV

*XLGHG7RXU

In the Command field, enter transaction SM50 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring → SM50-Process overview). What to look for: a. Dialog work processes (DIA) that have long Time values. These values could indicate a problem or a long running step in batch programs, which sometimes start dialog work processes.

b

a

b. In the Status column, work processes that say stopped, can sometimes be a problem because a process may have stalled or failed. The columns are defined in the table below.

System Administration Made Easy

10–47

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

b

a

Column Text

Definitions

No

Work process number

Ty

Type of work process

PID

OS PID (Process ID) number

Status

Current status of the work process

Err

Number of detected errors in the work process

CPU

Cumulative CPU time that the current process is taking

Time

Cumulative “wall” time that the current process is taking

Program

Name of the ABAP program

Clie

Client number

User

User ID that is using the work process

Table

Table that the action is being performed on

$%$3'XPS$QDO\VLV7UDQVDFWLRQ67 :KDW

An ABAP dump (also known as a short dump) is generated when a report or transaction terminates as the result of a serious error. The system records the error in the system log (transaction SM21) and writes a snapshot (dump) of the program termination to a special table. This transaction can also be called from the system log (transaction SM21). :K\

An ABAP dump is used to analyze and determine why the error occurred and take corrective action.

10–48

Release 4.6A/B

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

*XLGHG7RXU

1. In the Command field, enter transaction ST22 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → ST22-Dump analysis). There are two selection methods to display the list of dumps: <

For a simple selection, Today or Yesterday (proceed to step 2)

<

For a free selection (proceed to step 5)

6LPSOH6HOHFWLRQ 2. Under No. of short dumps, if you see a value other than zero (0) in Today or Yesterday, dumps have occurred that need to be examined. 3. Select Today. 4. Choose

4

3

2

.

Proceed to step 8.

)UHH6HOHFWLRQ 5. Choose

Selection. 5

System Administration Made Easy

10–49

Chapter 10: R/3 System Administration Specific Transaction Monitoring Overview

6. Enter your selection criteria in the ABAP Dump Analysis screen. 7. Choose

.

7 6

8. Double-click on the dump you want to analyze.

8

10–50

Release 4.6A/B

Chapter 10: R/3 System Administration System Message (SM02)

This screen shows the “short dump.”

Despite being called a “short dump,” ABAP dumps may be more than 75 pages long. We recommend you save the dump locally and print out only the portion you need. If the SAP hotline asks for a copy of the short dump, rather than fax the entire dump, it is easier to e-mail or upload the file (see SAP note 40024).

6\VWHP0HVVDJH60 :KDW

A system message is a popup that users see when they: <

First log on to the R/3 System

<

Move between screens

:K\

<

To send a broadcast message to everyone on the system (for example, “SAP will be down for scheduled maintenance from 6:00 p.m. PST Friday, October 23 to 12:00 p.m. PST Saturday, October 24.”).

<

To inform the user about the system they are logging on to. This information is recommended for systems other than the production system, such as development, test, sandbox, training, etc. (for example, “You are logging into QAS, copy of PRD as of Nov-1-98 at 0100 PST”).

System Administration Made Easy

10–51

Chapter 10: R/3 System Administration System Message (SM02)

&UHDWLQJD0HVVDJH

*XLGHG7RXU

1. In the Command field, enter transaction SM02 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Administration → SMO2-System messages). 2. Choose

Create.

2

3. Enter your message in System message text. 4. Optionally, you may also enter text in the following fields: a. In Server, choose and select the instance on which the message should appear. b. In Client, enter the client number, for a client specific message.

3 4a 4b 5 6

5. In Expiry on, enter the message’s expiration date and time. 6. Choose

10–52

.

Release 4.6A/B

Chapter 10: R/3 System Administration System Message (SM02)

To prevent the message from expiring, enter a date several years in the future. When referencing the time for an event, always enter the specific time, time zone, and date (for example, 0230 PDST-Mon–Jun 8,1998). Entering vague information (such as “in 15 minutes”), creates confusion as to when and where an event has been scheduled. Some examples of confusion that may arise includes: <

15 minutes (from when?)

<

0230 (which time zone?)

<

6:00 (a.m. or p.m.?)

<

Monday (of which week?)

7. The message in the status bar indicates that your message has been saved.

7

The System Messages popup window will appear.

System Administration Made Easy

10–53

Chapter 10: R/3 System Administration System Message (SM02)

(GLWLQJD0HVVDJH

*XLGHG7RXU

1. In the Command field, enter transaction SM02 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Administration → SM02-System messages). 2. Select the message. 3. Choose

Change.

To delete the message from this screen, choose Delete, not Change.

3 2

4. Enter your changes. 5. If necessary, change the following: a. ServerName b. Client c. Expiry on 6. Choose

.

4

5a 5b

5c 6

10–54

Release 4.6A/B

Chapter 10: R/3 System Administration System Message (SM02)

7. The message in the status bar indicates that your message has been changed. 8. Check the changed message. 8

7

$%$3(GLWRU6( :KDW

An R/3 system administrator will need to execute certain reports and programs to apply a note or in relation to everyday duties and tasks. +RZ

1. In the command field, enter transaction SE38 and choose Enter (or from the SAP standard menu, choose Tools→ ABAP workbench → Development → SE38-ABAP Editor). 2. In Program, enter the report or program name (for example, RSPARAM). 3. Choose

. 3 2

Be careful when executing reports and programs because it may affect and change your system. Make sure you are executing the correct program, and you know what the program is going to do.

System Administration Made Easy

10–55

Chapter 10: R/3 System Administration System Message (SM02)

4. This program has a variant screen where you can indicate whether you want parameters that cannot be substituted to also be listed. 5. Choose

5

.

6. The report is run. In this case, the report displays the profile parameters.

7

7. Choose Back.

)RU,QIRUPDWLRQ$ERXWD3URJUDPRU5HSRUW 1. In the Program, enter RSPO0041. 2. Select Documentation. 3. Choose

Display.

1

2 3

10–56

Release 4.6A/B

Chapter 10: R/3 System Administration System Message (SM02)

The screen displays information about the program RSPO0041.

System Administration Made Easy

10–57

Chapter 10: R/3 System Administration System Message (SM02)

10–58

Release 4.6A/B

&KDSWHU 6HFXULW\$GPLQLVWUDWLRQ

&RQWHQWV Overview ................................................................................................................11–2 Audits .....................................................................................................................11–4 Security Layers .....................................................................................................11–6 Operational Security...........................................................................................11–25 Audit Tools ..........................................................................................................11–37 Audit Tasks..........................................................................................................11–57

System Administration Made Easy

11–1

Chapter 11: Security Administration Overview

2YHUYLHZ The purpose of this chapter is to make you aware of your responsibilities as the R/3 system administrator(s) for security. These responsibilities include: < Protecting the R/3 System <

Preparing you for a computer security audit

When an audit is performed on an R/3 System, the administrator(s) will be responsible for responding to the audit findings. This chapter is an attempt to prepare you for these audits. Each auditing firm has their own audit procedures and may look at many different items, so we cannot prepare you for everything. However, we will try to prepare you for the core group of items that all firms normally look at. This chapter is only an introduction to computer security and its importance. Although an entire book can be written on this subject, even that would be insufficient. We recommend that you contact and work with all the parties (external auditors, internal auditors, finance department, legal department, and others) who might be affected by system security.

:KDWLV6HFXULW\" Security is more than the R/3 authorization (or keeping “undesirables” out of the system). It is concerned with the following issues regarding data: <

Protecting it from hardware problems

<

Maintaining its integrity

<

Restoring it in the event of a disaster

Security is a broad topic and can be organized in many different ways. Some of the areas covered include: <

Keeping unauthorized people out of the system

<

Keeping people out of places that they should not be

<

Safeguarding the data from damage or loss

<

Complying with legal, regulatory, and other requirements

Each of these areas can be further divided. .HHSLQJ8QDXWKRUL]HG3HRSOHRXWRIWKH6\VWHP This area is what we usually think about as security and includes the R/3 authorization concept, operating system and network logon security, and physical security. .HHSLQJ3HRSOHRXWRI3ODFHV:KHUH7KH\6KRXOG1RW%H This area covers users having access to more parts of the system and to more data than they need to perform their job. The data may not be damaged but accessing and revealing this data could be equally damaging.

11–2

Release 4.6A/B

Chapter 11: Security Administration Overview

Examples of this sensitive data include: < <

Your company’s customer list, contacts, and sales volume. This information could be used by a competitor. Your employees’ personnel data. There are privacy laws that protect this type of data.

<

Financial performance data, such as quarterly financial statements. There are strict SEC rules governing insider trading (see below for a definition of insider trading).

<

Items specified in contracts with customers, vendors, or other parties.

6DIHJXDUGLQJWKH'DWDIURP'DPDJHRU/RVV There are two major sources of damage: <

<

Accidental, such as: Loading test data into the production system. This situation happens, unfortunately, more often than people admit. A hardware failure. A fire that destroys the data center. Arson A flood, hurricane, earthquake, tornado, or other regional natural disasters. Deliberate, such as: A disgruntled employee who deletes or damages files from the system. A hacker who deletes or damages files from the system.

&RPSO\LQJZLWK/HJDO5HJXODWRU\DQG2WKHU5HTXLUHPHQWV :KDW

Other reasons for security are defined by laws, contracts and other parties. Security is a sensitive issue, and it has legal implications. One good example of security is insider trading. Before defining insider trading, we have to first define insider knowledge or inside information. Insider knowledge or inside information means you have information, which is not known or available to the general public. If the information is known to the general public, it could affect the stock price. Insider trading is using inside information to buy or sell stock and make a profit or reduce a loss. Even if you do not profit from the sale, you could be held liable.

System Administration Made Easy

11–3

Chapter 11: Security Administration Audits

([DPSOH In one company, an employee’s spouse passed on inside information to a relative, who purchased the stock, then sold the stock at a profit after the earnings announcement. That relative made a profit by buying the stock before the earnings announcement (insider trading). The SEC fined the spouse and the relative. The spouse was guilty of providing insider information to the relative, who then made the profit on the sale of the stock. Both, therefore, were guilty of insider trading.

([DPSOH The IS director of a company asked for authorization to log into the production R/3 System. This request raised the concern of the accounting/finance department. Access to financial information is typically on a “need-to-know” or “need-to-access” basis, and the IS director did not need to access the production R/3 System. “Red flags” went up when he started asking about financial performance information (quarterly earnings), well before this information was made public. He was asking for insider information.

+RZ

You will need the assistance of your company’s legal department.

$XGLWV As a system administrator, you will be affected by two audits: < Security <

Financial

)LQDQFLDO$XGLW :KDW

A financial audit is a review of your company’s financial statements by a Certified Public Accountant (CPA) in the U.S., or their equivalent in other countries. The purpose of the audit is to issue an opinion on the company’s financial statements. This opinion essentially states that the financial statement represents fairly the financial position of the company. A financial audit is usually not an option. If your company’s stock is traded on the stock market, the audit is required by the Securities and Exchange Commission (SEC) in the U.S., or its equivalent in other countries. If your company is private, a financial audit could be required by creditors. As a part of the financial audit, the CPA will typically do a security audit of R/3 and the associated systems. The purpose of the security audit is to determine how much reliance can

11–4

Release 4.6A/B

Chapter 11: Security Administration Audits

be placed on the data in the R/3 System. Your external auditors will evaluate your system security to determine what audit tests to perform and how much testing they will have to do. :K\

If their evaluation results are not good, they may need to increase the scope of their audit. This increased scope also increases the cost of the audit, and the extra work could delay the completion of the audit. In a worst case scenario, they could determine that the security is so weak that they cannot issue an opinion on the company’s financial statements. This situation is really bad. Because of the effect on the stock price (down) that this inability to issue an opinion will probably cause, the chief financial officer (CFO), and likely the president, will be quite upset. Is your resume updated?

6HFXULW\$XGLW :KDW

A security audit is performed specifically to test the security of the R/3 environment. This audit is usually done as a part of the financial audit or to comply with government or other regulatory agencies. It can also be done by your company’s internal audit group. :K\

As a security audit. As a part of the financial audit, the CPA will typically do a security audit of R/3 and the associated systems. The purpose of the security audit is to determine how much reliance can be placed on the data in the R/3 System. Your external auditors will evaluate your system security to determine what audit tests to perform and how much testing they will have to do. The audit is also done to test the security of confidential data, such as: <

Financial information

<

Customer data

<

Product information

<

Company personnel data (from the HR module)

$XGLW&RQVLGHUDWLRQV :KDW

Audit considerations are the things that auditors will look at when they do the financial audit, or a computer security audit. Some of these considerations are: <

Physical security

<

Network security

System Administration Made Easy

11–5

Chapter 11: Security Administration Security Layers

<

<

User administration procedures Adequate segregation of duties Proper training Passwords Data security Protection from hardware failure; mirrored drives, RAID, fail-over, HA, etc. Backup and recovery procedures Protecting the production system from unauthorized changes Locking dangerous transactions

:K\

These tasks are done to support the financial or security audit. Without knowing what the auditors will look for, you cannot properly prepare yourself, and protect the system.

1RWH This section is not an all-inclusive SAP security audit. It is only to make you aware of some of the things that could be reviewed as part of a security audit. We recommend that you work with your auditors before the financial audit, to review your system and bring it up to acceptable standards for the audit.

6HFXULW\/D\HUV To make security more manageable, we have chosen to use the security layer model, one of the many existing security models. It uses the following three major layers of security:

Data Security Access security

11–6

<

Access security Physical security Network security Application security

<

Operational security

<

Data security

Operational Security

Release 4.6A/B

Chapter 11: Security Administration Security Layers

$FFHVV6HFXULW\ 3K\VLFDO6HFXULW\ :KDW

Physical security controls the physical access to R/3 and network equipment. Like the graphic on the previous page, to get to the inner circle, an intruder must penetrate the outer circles as follows: <

Onto the property or site

<

Into the building

<

Into the areas of the building where the users are or where the equipment is located Finance MIS Computer operations Into the specific equipment rooms within these areas of the building Server room Wiring closet Network room

<

:K\

This layer is probably the most important. If an intruder can physically access your equipment, all your other security layers can be bypassed. When this layer is bypassed: < <

Equipment can be physically damaged or destroyed. The system can be accessed from the operators console (and could bypass strong network security).

<

Equipment can be removed.

<

Data could be hacked.

Without physical access to the equipment, the intruder must electronically access the system through the network. +RZ

The R/3 equipment should be located in a secured room. Access to the room should be only through a locked door. It is crucial to control who is allowed access to the server room. If you have electronic card key access, periodically audit the access log for the server room. The periodic review of the access log may be an item for which auditors will test.

System Administration Made Easy

11–7

Chapter 11: Security Administration Security Layers

1HWZRUN6HFXULW\ :KDW

Network security also has sublayers of security. The goal of this security type is to control the following types of access to the network: < External <

Logon This type controls on-site and remote access and where on the network users can go once they gain access.

:K\

If intruders access your network, they could have an electronic link to your computers. +RZ

Use network security specialists to properly configure the various access points into your network and, once users are on the network, control their movements. Some of these points of control are:

<

Outside access Dial-in access Internet access Other remote access methods, such as VPN

<

Network login access

<

This access method is the actual logon to the network (for example, the NT domain). Access to portions of the network. NT domains

1RWH We recommend that you have: <

A dedicated SAP domain where only the administrators are allowed to directly log onto.

<

Other domains where users will log onto, trust the SAP domain, but the SAP domain does not trust other domains.

Router tables This table can be used to control (by IP address) which users can access the SAP servers.

11–8

Release 4.6A/B

Chapter 11: Security Administration Security Layers

$SSOLFDWLRQ6HFXULW\ :KDW

Like the other layers, application security has sublayers of security, which controls: < <

The ability to log into the application, such as logging into R/3 Where a user can go in the application

<

What a user can do in the application

<

What a user can do based on the system data in the application [such as the R/3 System (for example, limiting the user to company 001 and cost center 200)] R/3 security functions at this layer.

:K\

This layer provides the fine or specific security of what a user can do [for example, read (not change) accounting data for only cost center 200 in company 001]. +RZ

Using R/3 application tools such as: <

Profile Generator (transaction PFCG; for more information, see Authorizations Made Easy)

<

Audit Information System (transaction SECR; see page 11–37)

< <

Security Audit Log (transaction SM19/SM20; see page 11–44) Delete Old Audit Logs (transaction SM18)

2SHUDWLRQDO6HFXULW\ :KDW

This layer is security at the operational or user level. Because it is primarily procedures and control, there are few computer or systems issues related at this level. :K\

These are organizational and people issues, which are always a problem, because people need to comply with guidelines and rules. The problem is, of course, that some people never want to comply with guidelines. +RZ

Some of the methods of operational control are: <

Segregation of duties

<

Preventing sharing of user IDs

<

Password standards

<

Log off when away from the computer, such as during lunch or at the end of day

System Administration Made Easy

11–9

Chapter 11: Security Administration Security Layers

'DWD6HFXULW\ This layer is closely knit to the material in chapter 2, because disaster recovery is an integral part of data security. :KDW

Data security is the protection of the data. <

Data on the servers Here we are protecting the data on the server from damage or loss. This protection is accomplished in various ways. The goal is to prevent or minimize loss of data in a disaster.

<

Backup data The goal of this security layer is to preserve application data (usually on tape) so that the system can be recovered.

<

The backup tapes must be stored safely to: Preserve the backup tapes in the event of a disaster Protect the backup tapes from theft Disaster Recovery For more information on disaster recovery, see chapter 2.

:K\

It is easier to be proactive and prevent a problem than to recover from it. To remain proactive: < Reduce the chances of losing data. The first place to do it is on the server. <

Protect backup data from damage or loss.

<

Ensure that, if there is a disaster, the system be completely recovered.

+RZ

<

Data on the servers The goal is to prevent or minimize loss of data in a disaster. Some of the items below can be referred to as High Availability (HA) items: RAID arrays for drives Redundant equipment Using reliable equipment and vendors Premium hardware support agreements for the production system The following are facilities-related items: Uninterruptible Power Supplies (UPS) Fire detection and prevention devices

11–10

Release 4.6A/B

Chapter 11: Security Administration Security Layers

<

Intrusion alert Environmental alerts

Backups Backup tapes should be sent to a secure, off-site data storage facility.

This step protects the backup data from damage or destruction a disaster. Tapes at both the off-site backup and the on-site tape storage facilities must be secured to prevent the theft of the backup tapes. If the backup tapes were stolen, the data can be restored and hacked. Using database tools, most R/3 security could be bypassed by directly reading the tables.

$SSOLFDWLRQRU56HFXULW\ &RQWUROOLQJ$FFHVVWR5 Also see the Password section in this chapter. 3UHYHQW0XOWLSOH8VHU/RJLQV :KDW

This process prevents users from logging onto the system multiple times. Multiple user logons is when several users are sharing a user ID, or someone is using a user’s ID without the user’s knowledge. Preventing multiple user logons is not allowing more than one R/3 logon from one user ID. :K\

If several people share a user ID: <

You do not know who created a problem.

<

This situation is an audit security issue.

+RZ

Set the disable multi-login parameter (login/disable_multi_gui_login) in the system profile. You can “allow” specific users to log on multiple times by entering their user IDs in the parameter login/multi_login_users separated by commas and no spaces.

3UHYHQWLQJ&KDQJHVLQWKH3URGXFWLRQ6\VWHP :KDW

The production system should be set to Not modifiable. The “locks” on the system should be set so that configuration changes (client-independent and client-dependent) cannot be made directly into the production system. The purpose for this setting is to ensure that all changes are completed in a controlled manner.

System Administration Made Easy

11–11

Chapter 11: Security Administration Security Layers

In the development pipeline, changes are: 1. Made in the development system 2. Tested in the development system 3. Transported from the development system to the test system 4. Tested in the test system 5. Transported from the test system to the production system This procedure ensures that changes are properly tested and applied to the systems in the pipeline. (A pipeline is the environment where development is moved from the development system to the quality assurance system, and finally to the production system.) :K\

Configuration changes should not be made directly into the production system. This restriction maintains the integrity of the production system. If changes are made directly into the production system, it may “break” because the change: <

Was not tested

<

Is not the same as the one made in the development system

The goal is to protect the production system from changes, without the changes being properly tested and to preserve the integrity of the pipeline. If changes are made into the production system, the development and testing pipeline could become out of sync with the production system. If the pipeline is out of sync, it get difficult to develop and test with any certainty that things will not be different in the production system. All changes should be made in the development system and then transported through the pipeline into production. In this way, all systems get the same changes. A common excuse is that making changes directly into the production system, “takes too long to transport the fix.” By making changes directly into the production system, you: <

Create an “out of sync” landscape, where the change made to the production system is not the same as the changes made to the development or test systems.

<

Allow emergency transports to occur at any time, with coordination.

([FHSWLRQV

Infrequent exceptions occur when:

11–12

<

There is no mechanism to transport the changes.

<

An SAP note requires the direct change.

Release 4.6A/B

Chapter 11: Security Administration Security Layers

When a change cannot be transported, the following procedure should be used: 1. Verify that the change cannot be transported. Some objects may use an ABAP program to transport the object. 2. “Unlock” the system (to make it modifiable). 3. Make the change. 4. Immediately re-lock the system. 5. Make the same changes to all other systems. Use this procedure only if a change cannot be transported.

Manual entry always increases the chance of making an error.

6HWWLQJWKH3URGXFWLRQ6\VWHPWR´1RW0RGLILDEOHµ7UDQVDFWLRQV6(6&& :KDW

There are switches that prevent changes from being made in the system. In the production system, these switches should be set to Not modifiable. The purpose of this setting in the production system is to make sure that changes are made using the development pipeline. With this procedure, changes are properly tested and applied to the systems in the pipeline. :K\

Objects should not be modifiable in the production system. This rule protects the production system from object and configuration changes before being tested. By setting the production system to Not modifiable, before the integrity of the pipeline is preserved. +RZ

There are two transactions (SE03 and SCC4) that you will use to set the system to Not modifiable. (These transactions can also be used for other tasks.)

System Administration Made Easy

11–13

Chapter 11: Security Administration Security Layers

&OLHQW,QGHSHQGHQW&KDQJHV7UDQVDFWLRQ6(

*XLGHG7RXU

1. In the Command field, enter transaction SE03 and choose Enter. The menu path to access this screen is extremely complicated, which is why it is not included. 2. Select Set System Change Option. 3. Choose

.

3

2

4. Under Global setting, choose : a. To lock the system, select Not modifiable. b. To unlock the system, select Modifiable (selected in this example). 5. Choose

11–14

5

4

.

Release 4.6A/B

Chapter 11: Security Administration Security Layers

&OLHQW,QGHSHQGHQWDQG&OLHQW'HSHQGHQW&KDQJHV6&&

*XLGHG7RXU

1RWH This method also locks the client-dependent changes. 1. In the Command field, enter transaction SCC4 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Administration → Client administration → SCC4-Client maintenance). 2. Choose

.

2

3. To continue, choose

.

3

System Administration Made Easy

11–15

Chapter 11: Security Administration Security Layers

4. Select the client number (for example, 500). 5. Choose

. 5

4

To Lock a Client (Not modifiable): 6. Under Changes and transports for client-dependent objects, select No changes allowed.

9

7. Under Client-independent object changes, choose and select No changes to Repository and clientindependent custom obj. 8. Under Protection: Client copier and comparison tool, choose and select Protection level 2: No overwriting, no external availability.

6

9. Choose Save.

7

8

11–16

Release 4.6A/B

Chapter 11: Security Administration Security Layers

To Unlock a Client (Modifiable): 6. Under Changes and transports for client-dependent objects, select Automatic recording of changes.

9

7. Under Client-independent object changes, choose and select Changes to Repository and client-ind. Customizing allowed. 8. Under Protection: Client copier and comparison tool, choose and select Protection level 0: No restriction. 6

9. Choose Save.

7

8

9HULI\LQJWKDW'DQJHURXV7UDQVDFWLRQV$UH/RFNHG :KDW

“Dangerous transactions” could: < <

Damage or corrupt the system Present a security risk

<

Adversely impact performance

:K\

If users accidentally access these transactions, they could corrupt or destroy the R/3 System. <

In a production system:

<

Access to dangerous transactions is more critical in the production system than the development or test systems. This criticality is because of live data and the company’s operational dependency on the R/3 System. In a developmental system: Certain transactions should be locked in the production system, but not in the development, test, or training systems. Standard security normally prevents access to these transactions, but some administrators, programmers, consultants, and functional key users could access them depending on which system they are. In these cases, the transaction lock provides a second line of defense.

System Administration Made Easy

11–17

Chapter 11: Security Administration Security Layers

There are over 48,000 English transaction codes in the R/3 System. To manage such a large number of transactions, lock only the critical ones. Your functional consultants should supply you with any additional critical transactions in their modules. The table below is organized with input from Basis consultants and users and lists transactions that we recommend you lock. The transactions are categorized by the following risk categories:

11–18

<

Dangerous

<

Security-related

<

Performance impact

Transaction

Description

Dangerous

Security

F040

Document Archiving

X

F041

Bank Master Data Archiving

X

F042

G/L Accounts Archiving

X

F043

Customer Archiving

X

F044

Vendor Archiving

X

F045

Document Archiving

X

F046

Transaction Figures Archiving

X

GCE2

Profiles: Initial screen

X

GCE3

Maintain Authorizations: Object Classes

X

KA10

Archive Cost Centers (all)

X

KA12

Archive cost centers (plan)

X

KA16

Archive cost centers (line items)

X

KA17

Archive admin: cost centers (line items)

X

KA18

Archive admin: completely cancelled doc

X

KA20

Archive admin: cost centers (all)

X

O001

Maintain Users: Initial Screen

X

O002

Profiles: Initial Screen

X

O016

Maintain Authorizations: Object Classes

X

OBR1

Reset Transaction Data (delete transaction data)

OBZ7

Maintain Users: Initial Screen

X

OBZ8

Profiles: Initial screen

X

Performance

X

Release 4.6A/B

Chapter 11: Security Administration Security Layers

Transaction

Description

OBZ9

Maintain Authorizations: Object Classes

X

OD02

Maintain Authorizations: Object Classes

X

OD03

Profiles: Initial screen

X

OD04

Maintain Users: Initial Screen

X

OIBA

Maintain Authorizations: Object Classes

X

OIBB

Maintain Users: Initial Screen

X

OIBP

Profiles: Initial Screen

X

OMDL

Maintain Users: Initial Screen

X

OMDM

Profiles: Initial Screen

X

OMEH

Maintain Users: Initial Screen

X

OMEI

Profiles: Initial Screen

X

OMG7

Maintain Authorizations: Object Classes

X

OMI6

Maintain Authorizations: Object Classes

X

OML0

Maintain Users: Initial Screen

X

OMM0

Profiles: Initial Screen

X

OMNP

Maintain Authorizations: Object Classes

X

OMSN

Maintain Users: Initial Screen

X

OMSO

Profiles: Initial Screen

X

OMSZ

Maintain Authorizations: Object Classes

X

OMWF

Maintain Users: Initial Screen

X

OMWG

Profiles: Initial Screen

X

OMWK

Maintain Authorizations: Object Classes

X

OOPR

Profiles: Initial Screen

X

OOSB

Change View "User Authorizations": Overview

X

OOSP

Change View "Authorization Profiles": Overview

X

OOUS

Maintain Users: Initial Screen

X

OP15

Profiles: Initial Screen

X

OP29

Maintain Users: Initial Screen

X

OPCA

Maintain Users: Initial Screen

X

System Administration Made Easy

Dangerous

Security

Performance

11–19

Chapter 11: Security Administration Security Layers

11–20

Transaction

Description

Dangerous

OPCB

Profiles: Initial Screen

X

OPCC

Maintain Authorizations: Object Classes

X

OPE9

Profiles: Initial Screen

X

OPF0

Maintain Users: Initial Screen

X

OPF1

Maintain Authorizations: Object Classes

X

OPJ0

Maintain Users: Initial Screen

X

OPJ1

Profiles: Initial Screen

X

OPJ3

Maintain Authorizations: Object Classes

X

OSSZ

Maintain Authorizations: Object Classes

X

OTZ1

Maintain Users: Initial Screen

X

OTZ2

Profiles: Initial Screen

X

OTZ3

Maintain Authorizations: Object Classes

X

OVZ5

Maintain Users: Initial Screen

X

OVZ6

Profiles: Initial Screen

X

OY20

Maintain Authorizations: Object Classes

X

OY21

Profiles: Initial Screen

X

OY22

Maintain Users: Initial Screen

X

OY27

Maintain Users: Initial Screen

X

OY28

Maintain Users: Initial Screen

X

OY29

Maintain Users: Initial Screen

X

OY30

Maintain Users: Initial Screen

X

SARA

Archive Management: Initial Screen

X

SCC5

Client delete

X

SE01

Transport Organizer

SE06

System Table maintenance

SE09

Workbench Organizer

SE10

Customizing Organizer

SE11

Data Dictionary maintenance

X

SE13

Maintain Storage parameters for table

X

SE14

Utilities for dictionary tables

X

X

Security

Performance

X

Release 4.6A/B

Chapter 11: Security Administration Security Layers

Transaction

Description

Dangerous

Security

Performance

SE15

Data Dictionary Information System

SE16

Data Browser

X

SE17

General Table display

X

SE38

ABAP workbench

X

SM49

External OS commands

X

SM59

Maintain RFC destinations

SM69

External OS commands

ST05

SQL trace

SU12

Delete All Users

X X X

X

The following table shows dangerous transactions that probably cannot be locked because they are (or could be) used regularly. These transactions may have other valid reasons for use in a production system—but because of the potential danger, need to have restricted access. Transaction

Description

Dangerous

Security

RZ10

Edit System Profiles

X

SA38

ABAP Workbench

X

SM04

User Overview

SM12

System Locks

X

SM13

Update Terminates

X

SM30

Table Maintenance

X

SM31

Table Maintenance

X

STMS

Transport Management System

X

SU01

User Maintenance

X

SU02

Profiles: Initial Screen

X

SU03

Maintain Authorizations: Object Classes

X

Performance

X

Table TSTCT contains the transaction codes and the name of the transaction. The current content is over 93,000 entries in the table, with over 48,000 in English.

System Administration Made Easy

11–21

Chapter 11: Security Administration Security Layers

+RZ

Create and maintain a list of the following information: <

Which transactions were locked?

<

Why are they locked?

<

Who locked them?

<

When were they locked?

Maintaining the above-mentioned information will be important, because someone will invariably want to know who locked the transaction and why it was locked.

*XLGHG7RXU

1. In the Command field, enter transaction SM01 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Administration → SM01 Transaction Code Administration). 2. Enter the transaction code you want to lock (for example, SE14) 3 in the search field at the bottom of the TCode column. 3. Choose

.

2

11–22

Release 4.6A/B

Chapter 11: Security Administration Security Layers

4. Use the locked checkbox: < To lock a transaction, select the transaction. < To unlock a transaction, deselect the transaction. 5. Choose

5 6

. 4

6. Choose Back.

Check which transactions you are locking. You could accidentally lock yourself out of a key transaction, which would prevent you from unlocking this or other transactions.

Access to transactions can also be controlled by building security authorizations on the security object S_TCODE under Cross application authorization objects.

System Administration Made Easy

11–23

Chapter 11: Security Administration Security Layers

7R/LVW/RFNHG7UDQVDFWLRQV 1. In the Command field, enter transaction SECR and choose Enter. 2. Select Complete audit. 3. Choose

. 3 2

4. Expand the following menu path: Audit Information System (AIS) → System Audit → Development / Customizing → Transactions → Locked Transactions: Display. next to Locked 5. Choose Transactions: Display.

4

5

11–24

Release 4.6A/B

Chapter 11: Security Administration Operational Security

6. Verify that the following are selected: < Locked < Transactions < Menu transactions < Parameter transactions < Report transactions 7. Choose

7

6

.

This screen shows the list of locked transactions.

2SHUDWLRQDO6HFXULW\ This section describes selected operational security issues.

6HJUHJDWLRQRI'XWLHV :KDW

There are standard audit guidelines that cover job or task combinations that are considered “risky” or that reduce internal controls. Some of these combinations are: <

Accounts Payable and Check Generation

<

Accounts Receivable and Cash Receipts

<

ABAP development and transport control

System Administration Made Easy

11–25

Chapter 11: Security Administration Operational Security

Your external auditors should help you define these risky combinations. Testing for segregation of duties is a standard audit procedure.

:K\

Accounts Receivable and Cash Collection The purpose is to separate the person who collects and handles the cash from the person who keeps the records of what a customer owes. In this combination, the cash received from the customer could be pocketed and the amount written off the customer’s account. This separation explains why, in a restaurant, the waiter is not also the cashier, or why a mechanic must get spare parts from a storekeeper. +RZ

The review of segregation of duties should be completed with the various user owners (key users of each functional area). Out of necessity, smaller companies must assign multiple functions to a single person. Be aware of the potential security risks in this situation. If you must combine functions, combine them in a way that minimizes risks.

5HVWULFWLQJ$FFHVVWR6$3 RU'',& :KDW

These are system user IDs that have restricted uses for specific purposes. :K\

There are certain functions that can only be performed by SAP* or DDIC. If an R/3 user requires similar functionality, they should have a copy of the SAP* profile. These users should be grouped as “super users,” with the appropriate security approvals. The security profile for SAP* is SAP_ALL. This profile is extremely powerful because it grants the user complete access to the system. For more information, see chapter 12, Recommended Polices and Procedures: System Administration. A user with user administration rights cannot change the password to gain access to a user ID and then change it back to the original password. Passwords are not visible to the administrators, so they cannot restore the original password if they do not know it. At the next logon, the owner of the user ID will know that the password has been altered because they will be unable to log on with their current password.

11–26

Release 4.6A/B

Chapter 11: Security Administration Operational Security

+RZ

1. Log on using SAP* and DDIC to determine if someone has changed the password. 2. Periodically change the password for these users in all: <

Systems

<

Clients in those systems

This step prevents a person who knows the password from accessing the system. 3. Update the secured password list. 4. Verify that the system profile parameter login/no_automatic_user_sapstar has been configured, to prevent the use of the automatic user sap*. If the user ID has been deleted, this step prevents the “backdoor” usage of user sap*.

&KDQJH0DQDJHPHQW :KDW

Change management is the process of controlling what changes are made to the system. In this context, “system” refers to the entire system environment, not just R/3. :K\

One aspect of security is to control and know what changes are made to the system. +RZ

Item of concern: < Is there a change management procedure for changes being made to the R/3 System? <

Is a QA testing process in place?

<

Are reviews and approvals required to move changes into the production system?

6KDULQJRI8VHU,'V :KDW

This process occurs when more than one person uses a single user ID. :K\

This issue is a security concern because: < <

There is no way to tell who is doing the activity. If there is a training problem, you do not know who needs training.

<

If there is a deliberate security breach, there is no way to track the responsible party.

2WKHU

Despite the cautionary statements above, there are a few situations where it is not practical to have individual user IDs. These situations must be treated individually and with management and internal audits review and approval.

System Administration Made Easy

11–27

Chapter 11: Security Administration Operational Security

([DPSOH$:DUHKRXVH In a warehouse, there is one computer and several employees who use that computer to post their warehouse transactions such as goods issued, goods received, etc. This process occurs because the user ID is used to log on, not at the individual transaction level, but the R/3 System. For each transaction that the warehouse employee access, it is impractical to log on to R/3, access transaction, and log off from R/3. The alternative is to have a computer for each warehouse person, although this step may not be economically justified. +RZ

To prevent a user ID from being shared, the system profile parameter (login/disable_multi_gui_login) can (and should) be set. Parameter values are: <

1 (to block multiple logins)

<

0 (to allow multiple logins)

We recommend that this value be set to “1” to prevent multiple logins under the same user ID.

3DVVZRUG,VVXHVDQG7DVNV The password is the users key to accessing R/3. Like the key to your house, safeguarding this key is important to keep “undesirables” out. Your company should have a clear and practical company password policy, which should be distributed to all users informing them not to use easy-to-guess passwords. A password policy that is too restrictive or difficult to comply with could defeat the purpose of this policy. Users will write their passwords down and leave it in an easily seen place, which means you have lost your security.

11–28

Release 4.6A/B

Chapter 11: Security Administration Operational Security

6HWWLQJ3DVVZRUG6WDQGDUGV8VLQJ7UDQVDFWLRQ5= :KDW

There are security parameters for the user’s password (for example, the minimum password length, the time interval that the user must change their password, etc.). The following is a list of the most important password parameters: <

Minimum password length: login/min_password_lng A longer password is more difficult to break or guess, so the standard is usually five (5) characters.

<

Password expiration time: login/password_expiration_time This time period is the limit before users must change their password. Auditors usually recommend 30 days. A practical number that customers use is 90 days. Password lockout: login/fails_to_user_lock This parameter locks out users who, after a specified number of times, try to logon with an incorrect password. Users are usually locked out after three failed attempts.

<

:K\

Properly assigned parameters will make it more difficult to break into the system.

Your external auditors may check to see if you have set the security parameters.

+RZ

To set up password parameters, maintain system profiles with transaction RZ10 (for more information on this transaction, see chapter 20). (OLPLQDWLQJ6RPH(DV\3DVVZRUGV :KDW

There are certain passwords (for example, 123, QWERTY, abc, sex, sap, ) that are well known or easy to guess. You can prevent these passwords from being used by loading them into a table (USR40) that the system checks when the user attempts to save a new password. Table USR40 is only a basic level of password security and is maintained manually. There are third-party password security programs that can be integrated into R/3.

System Administration Made Easy

11–29

Chapter 11: Security Administration Operational Security

:K\

A password is the key to enter the system, similar to the key you use to enter your home. If users choose easy-to-guess or well-known passwords, security is compromised and your system is potentially at risk.

Your external auditors may check to see if you have a mechanism to secure against users with “easy-to-guess” passwords.

+RZ

By maintaining the table of prohibited passwords. 0DLQWDLQLQJD7DEOHRI3URKLELWHG3DVVZRUGV :KDW

A table of prohibited passwords is a user-defined list of passwords that are prohibited from being used in the R/3 System. This table is not a substitute for good password policies and practices by the users. Interaction occurs between a system profile parameter and the table of prohibited passwords. If the minimum password length is set to five characters, there is no reason to prohibit passwords like “123” or “SAP,” because these passwords would fail the minimum length test. However, if company security policy requires it, you could include all passwords that are considered “risky” in the table. The following is a list of easily guessed passwords that cannot be put into any table: <

<

<

<

<

<

<

:K\

There are many lists circulating of commonly used user passwords. If one of these passwords is used, the chances of an unauthorized person accessing a user’s account increases. +RZ

Changes will be made to table USR40 using transaction SM31, the general table maintenance transaction. (For more information on this transaction, see chapter 19, Change Management:

11–30

Release 4.6A/B

Chapter 11: Security Administration Operational Security

Table Maintenance.). This change creates a transport that can then be transported throughout the landscape.

Keep a log of changes made to this table in your security log. A few suggestions for table entries are: < <

SAP GOD

<

ABC

<

QWERTY

<

SEX

<

XYZ

<

PASSWORD

<

123

<

12345*

<

54321*

<

*12345*

Other table entries include: <

Days of the week (Monday*, Tuesday*, Mon*, Tue*, etc.)

<

Months of the year

<

(January*, February*, Jan*, Feb*, etc.)

<

<

<

5HFRUGLQJ6\VWHP3DVVZRUGV We recommend that you never write down passwords, except for the: <

Critical nature of the R/3 System.

<

Many systems, clients, and all the other areas where passwords are required.

<

Need to access the system if the SAP system administrator(s) is not available.

System Administration Made Easy

11–31

Chapter 11: Security Administration Operational Security

5HFRPPHQGHG3URFHVV

<

All passwords for all system IDs should be: Recorded Placed in a sealed envelope Put in a company safe (possibly both an onsite and offsite safe) that has restricted access. Only a select list of company personnel should have access to this information.

<

User IDs that are used or needed to maintain the R/3 System include: SAP* DDIC SAPCPIC (see note 29276) EarlyWatch (client 066) All user-created administrative IDs Any other non-SAP user ID that is required to operate the system, such as for the operating system, the database, and other related applications.

<

The password list should be updated and replaced whenever passwords are changed.

Two people should prepare the list, change the password, and verify the new password— one user ID at a time. If the recorded password is wrong, those “keys” are lost, and you may not be able to log on to the system. Following are sample password tables: Server

SID

Client

User ID

Password

SAPR3T

TST

000

SAP*

Newpass

DDIC

Newpass

<SID>ADM

Newpass

SAPCPIC

Newpass

SAP*

Newpass

DDIC

Newpass

<SID>ADM

Newpass

SAPCPIC

Newpass

SAP*

Newpass

<SID>ADM

Newpass

Earlywatch

Newpass

SAP*

Newpass

DDIC

Newpass

001

066

100

11–32

Release 4.6A/B

Chapter 11: Security Administration Operational Security

Server

SID

Client

User ID

Password

BATCH1

Newpass

<SID>ADM

Newpass

SAPCPIC

Newpass

All systems should have entries for clients 000 and 001. In addition, the production system should have an entry for client 066. Clients 000 and 001 are default clients in all systems, and client 066 is the EarlyWatch client and may not exist in every system.

Where

User ID

Password

NT

Finance/DEVADM

Newpass

Finance/PRDADM

Newpass

sa

Newpass

sapr3

Newpass

root

Newpass

<SID>ADM

Newpass

system

Newpass

SYS

Newpass

OPS$<SID>ADM

Newpass

OPS$SAPSERVICE<SID>

Newpass

SAPR3

Newpass

SQLserver

UNIX

Oracle

System Administration Made Easy

11–33

Chapter 11: Security Administration Operational Security

*XLGHG7RXU

To change the password for a user ID: 1. In each instance and each client, log on under the user ID to change the password. 2. In Client, enter the client number (for example, 500). 3. In User, enter the user ID you want to change (for example, sap*). 5

4. In Password, enter the current password.

2

5. Choose New password.

3 4

6. Enter the new password twice in the popup window. 6

7

Be careful when you enter the new password. It is easy to enter the password incorrectly or to make the same error twice (for example, user versus users and the versus teh). 7. Choose

.

At this point the logon will proceed as normal.

11–34

Release 4.6A/B

Chapter 11: Security Administration Operational Security

8. Record the new password in the password table. 9. Log on using the new password to verify it. At this point, if the new password fails, use another administrative user ID to reset the password. This reason is why password changes should be made one user ID at a time.

This process must be repeated for every system and client in which the user ID has an entry. With Central User Management, you can manage users across all systems (for more information, see Authorizations Made Easy, Release 4.6). 2SHUDWLQJ6\VWHP/HYHO At the operating system level, the following user IDs should have their passwords changed: 17 In some places, NT is case sensitive (for example, at the initial login screen). 8VHU,'V

<

<SID>ADM

<

SAPService<SID>

6HUYLFHV

<

<

SAP These services will either use user ID <SID>ADM or SAPService<SID> SAP<SID>_ SAPOsCol SAProuter Oracle OracleService<sid> OracleTNSListener80 The default user that the Oracle services runs under is system

<

SQLserver MSSQLServer SQLServerAgent

The user ID that they run under is either <SID>ADM or SAPService<SID> <

Informix INFORMIX-OnLineDynamicServer INFORMIX-OnLineMessageService

<

DB2 DB2-DB2DA400

System Administration Made Easy

11–35

Chapter 11: Security Administration Operational Security

81,; 8VHU,'V

<

<sid>adm

<

root

6HUYLFHV

ora<sid> 'DWDEDVHV For the databases, the following user IDs should have their passwords changed: '% NT/DB2 (see SAP note 80292) ,QIRUPL[ See note 15399 0LFURVRIW64/6HUYHU <

See SAP note 28893

<

sa

<

sapr3

2UDFOH81,; User IDs: <

SAPR3

<

SYS

<

SYSTEM

8VHIXO6$31RWHVIRU2UDFOH81,;

11–36

SAP Note #

Description (Release)

117736

4.5A

101318

4.0B

086857

4.0A

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

Use the program chdbpass to change the passwords. This program automatically updates the SAPUSER table and enables the user <sapsid>adm to access the database. 2UDFOH17 < system < sys < op$<sid>adm < ops$sapservice<sid> < sapr3

$XGLW7RROV $XGLW,QIRUPDWLRQ6\VWHP7UDQVDFWLRQ6(&5 :KDW

The Audit Information System (AIS) is designed for the system and business audits and will likely be requested to be run by internal or external auditors. It puts into one place many of the R/3 security tools. The center of the AIS is the Audit report tree. AIS uses standard R/3 reports and transactions to conduct the review and is a standard component in Release 4.6A. However, you can import the AIS into your system back to Release 3.0D or higher. AIS also provides an interface to export data to an external auditing system that analyzes financial statements. :K\

Auditors examine the results of automated and manual financial and system procedures to ensure that there is a checks-and-balances infrastructure to prevent fraud, etc. AIS enables the auditors to test transactions and run reports during the inspection. +RZ

There are two ways to conduct an audit: < Complete <

User defined

System Administration Made Easy

11–37

Chapter 11: Security Administration Audit Tools

&RPSOHWH$XGLW In the Command field, enter transaction SECR and choose Enter (or from the SAP standard menu, choose Information Systems → SECR-Audit Info System). 1. Select Complete audit. 2. Choose

. 2 1

A complete audit consists of a system audit and business audit. The structure on this screen is Audit_All with a standard view. 3. Click the node (+) to expand the following: < System Audit < Business Audit

11–38

3

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

6\VWHP$XGLW

The following example shows how to use the AIS. 1. Under System Audit, click the node (+) next to Repository / Tables.

1

2. Click the node (+) next to Table Information. 3. Choose

next to Data Dictionary display.

2 3

System Administration Made Easy

11–39

Chapter 11: Security Administration Audit Tools

4. When the transaction executes, you will see this screen. From here, you will execute the transaction normally.

5

5. Choose Back.

11–40

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

%XVLQHVV$XGLW

1. Under Business Audit, click the node (+) next to Closing (FI-GL). 2. Click the node (+) next to Balance Sheet/ P&L/ Balances. 3. Click the node (+) next to Balance Sheet/ P&L. You can execute different reports to inspect the financial balances. 4. Choose

1

next to Profit and Loss Projection.

2 3 4

5. On this screen, you can enter criteria for your report then choose . 6. Choose Back.

System Administration Made Easy

6 5

11–41

Chapter 11: Security Administration Audit Tools

8VHU'HILQHG$XGLW You can also conduct a user-defined audit by creating a view or subset of a complete audit. 1. In the Command field, enter transaction SECR and choose Enter (or from the SAP standard menu, choose Information Systems → SECR-Audit Info System) 2. Select User-defined audit. 3. Under User-defined audit, enter a view name (for example, ZVUE). 4. Choose

.

4 2 3

View names must start with “Y” or “Z.”

5. In Name, under New view, enter the name of the view (for example, ZVUE). 6. Under Select using, select Manual selection.

5

You will select the procedures that will be included in the view. 7. Choose

.

When you are creating a view and you entered a different name in Name, the name of the view is what was entered in the main screen.

6 7

We want to include all the procedures for a system audit in this view. 8. Select System Audit. 9. Choose

.

10. Choose

.

11–42

9 10

8

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

The message in the status bar indicates that the generation was successful. 11

11. Choose Back.

12. Choose Display to check the view of this structure.

12

13. Click on the System Audit node (+) to expand it.

13

System Administration Made Easy

11–43

Chapter 11: Security Administration Audit Tools

These are all the procedures for the Audit_All structure with a ZVUE view.

6HFXULW\$XGLW/RJ60 :KDW

The Security Audit Log records the security-related activities of users in the system. These activities include successful and failed: <

Dialog logon attempts

<

Report and transaction starts

<

RFC/CPIC logons

Other events written into the log are: <

Locked transactions or users

<

Changed or deleted: Authorizations Authorization profiles User master records Changes to the audit configuration

<

The log is created each day, and previous logs are neither deleted nor overwritten. The log files can become numerous and large, so we recommend that the logs be periodically archived before being manually purged. An audit analysis report can be generated from the audit logs. You can analyze a local server, a remote server, or all the servers in an R/3 System. :K\

Based on certain criteria, the information in the security audit files can be manipulated to tailor the audit analysis report. The report assists the administrator:

11–44

<

Reconstruct or analyze incidents

<

Improve security by recognizing inadequate measures

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

<

Trace unusual user activities

<

Understand the impact of changes to transactions or users

+RZ

To start a security audit, you can do one of the following: <

Set the profile parameter rsau/enable to 1 (For more information, see the section on RZ10 in chapter 20.)

<

Dynamically start it using transaction SM19.

The number of audit logs created by the system depend on the following: <

<

You may choose to set the maximum space for the security audit file in parameter rsau/max_diskspace/local. When the limit has been reached, logging will end. You can define the size of an individual security log file to fit in the chosen archiving media. This definition means that the system produces several log files each a day and these files can be, for example, archived periodically into CDs. The profile parameter is rsau/max_diskspace/per_file, and the maximum size per file is 2 GB.

1RWH You cannot set both parameters. You have to choose the method by which the audit files are created.

System Administration Made Easy

11–45

Chapter 11: Security Administration Audit Tools

5XQQLQJWKH$XGLW/RJ

*XLGHG7RXU

This procedure assumes that the audit has been running for some time and that audit logs have been created. 1. In the Command field, enter transaction SM20 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → Security Audit log → SM20-Analysis). 2. Complete the steps below: a. In From date/time, enter a time and a date (for example, 13:00). 3 b. Under Audit classes, select: < Dialog logon < Transaction start < Report start

2a

2b

3. Choose Re-read audit log. This button is used to read a log for the first time.

The security report is displayed. 4. To see the details of an audit message, select a line and choose .

11–46

4

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

5. Documentation for the message and technical details are revealed. This screen is most useful when displaying negative messages such as failed logins or locked transactions.

6HWWLQJ6HFXULW\$XGLW/RJ3DUDPHWHUV60 :KDW

The audit log parameters are the criteria used to write the types of audit messages into the audit log file. The parameters are grouped into audit profiles that can be activated at the next system startup (configuration status) or applied “on the fly” (dynamic configuration). :K\

Audit profiles need to be first created before audit logs can be written. These profiles limit the amount and type of data written into the security audit files, which makes the subsequent security reports more meaningful to the administrator. +RZ

Decide what to audit and set selection criteria at the database level or dynamically at the application server level: <

If the audit configuration is permanently stored at the database level, all application servers use the identical criteria to save events in the audit log. The settings take effect at the next application server start.

<

At the application server level, however, dynamic changes can be set to individual application servers and distributed to the entire system. The new criteria will remain in effect until the server is brought down.

You can define up to 5 sets of selection criteria or filters. The system parameter, rsau/selection_slots (that defines the number of filters has a default value of 2). You can activate an audit in the dynamic configuration using transaction SM19.

System Administration Made Easy

11–47

Chapter 11: Security Administration Audit Tools

*XLGHG7RXU

1. In the Command field, enter transaction SM19 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → Security Audit log → SM19-Configuration). Configuration status refers to the storage of the parameters in the database. 2. Choose

. 2

3. Enter a profile name (for example, audprof1). 4. Choose

.

3

4

11–48

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

5. In this screen, you may specify two filter groups and define the types of audit messages that will be written into the log.

'HILQH)LOWHU*URXS 6. Choose Filter 1. 7. Under Selection criteria, in: < Client, enter * < User Names, enter * 8. In Audit classes, select: < Dialog Logon < Transaction Start 6

9. Under Events, select All. 10. Select Filter active.

10 7

System Administration Made Easy

8

9

11–49

Chapter 11: Security Administration Audit Tools

'HILQH)LOWHU*URXS 11. Choose Filter 2. This filter traces the reports started by one user. 12. Under Selection criteria: <

In Client, enter *.

<

In User Names, enter a user ID (for example, GARYN).

13. In Audit Classes, select Report start.

11

14. Under Events, select Severe and critical. 15. Deselect Filter active.

16

15

This setting allows you to save the filter settings 12 but does not activate them.

13

14

16. Choose Detail setting to drill down the audit class and event class categories. 17. Scroll down to Report start. Notice that the category is automatically chosen based on the earlier selection of Event type and Audit class type. 18. Choose

18

.

17

11–50

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

19. The general categories are cleared indicating that settings were browsed or defined at the detail level.

20

20. Choose Save.

19

21. A message at the bottom of the screen notifies the user that the profile was successfully saved. 22. Choose

.

22

21

System Administration Made Easy

11–51

Chapter 11: Security Administration Audit Tools

23. The profile name is now in the Active profile field, and the message in the status bar indicates that the profile will be activated when the application server is restarted.

24

24. To dynamically change the selection criteria for one or more application servers in a running system, choose the Dynamic configurat (Dynamic configuration) tab.

23

25. In this example, the audit has been running for some time (indicated by the current file size greater than zero) before being stopped briefly. 26 The red square indicates that the audit is inactive. 26. Choose

. 25 25

11–52

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

5XQQLQJDQ$XGLWRQD'LIIHUHQW8VHU

*XLGHG7RXU

In this procedure, we will run an audit on a different user and check on all the reports that were started. 1. Under Selection criteria, in: <

Client, enter *.

<

User names, enter a user ID (for example, Patricia).

2. Under Audit classes, select Report start.

5

3. Under Events, select All. 4. Under Filter 1, select Filter active. 5. Choose

. 4 1

2

3

6. Choose Yes.

6

System Administration Made Easy

11–53

Chapter 11: Security Administration Audit Tools

7. A green dot appears in the Stat (Status) column and the message at the bottom of the screen indicates that the configuration was activated.

7

7

8VHU6HFXULW\$XGLW-REV Many of these reports are included as part of the AIS. :KDW

There are several predefined SAP security reports, including: <

RSUSR003

Checks for default password on user IDs SAP* and DDIC

<

RSUSR005

Lists users with critical authorizations

<

RSUSR006

Lists users who are locked due to incorrect logon This report should be scheduled to run each day, just before midnight.

<

RSUSR007

Lists users with incomplete address data

<

RSUSR008

Lists users with critical combinations of authorizations or transactions

<

RSUSR009

Lists users with critical authorizations, with the option to select the critical authorizations

<

RSUSR100

Lists change documents for users and shows changes made to a user’s security

<

RSUSR101

Lists change documents for profiles and shows changes made to security profiles

<

RSUSR102

Lists change documents for authorizations and shows changes made to security authorizations

Some of these reports have parameter tables that need to be properly maintained. Review and analyze these reports based on your knowledge of the company. However, be aware

11–54

Release 4.6A/B

Chapter 11: Security Administration Audit Tools

that security issues may exist. If you have a small company, these issues cannot be avoided because “one person often must wear many different hats.” :K\

Your external auditors may require some of these reports to be executed as part of the annual financial audit.

+RZ

You can use either of the following transactions: <

SA38 (ABAP: Execute Program) This transaction only allows the program to be executed.

<

SE38 (ABAP Editor) With this transaction, if the user has the security authorization, the user can execute and change the program.

6$²$%$3([HFXWH3URJUDP

1. In the Command field, enter transaction SA38 and choose Enter. 2. In Program, enter the report name. 3. Choose

3

.

2

System Administration Made Easy

11–55

Chapter 11: Security Administration Audit Tools

6(²$%$3(GLWRU

1. In the Command field, enter transaction SE38 and choose Enter. 2. In Program enter the report name . 3. Choose

. 3 2

1RWHVIRU6SHFLILF5HSRUWV

RSUSR008 (lists critical combinations of authorizations or transactions):

11–56

<

These combinations are maintained on table SUKRI.

<

Dangerous combinations include the following transactions: RZ02 (with anything) RZ03 (with anything) SE14 (with anything) SU01 (with security, users, and profiles) SU02 (with security, users, and profiles)

Release 4.6A/B

Chapter 11: Security Administration Audit Tasks

$XGLW7DVNV 5HYLHZWKDWDOO1DPHG8VHUVDUH9DOLG :KDW

All users who have left the company should have their R/3 access terminated immediately. By locking or deleting these user IDs, you limit access to only those users who should have access to R/3. Periodic review assures that the task of locking or deleting has been completed. :K\

Proper audit control requires that a user who no longer has a valid business need to access R/3 should not be allowed to do so. Deleting or locking these user IDs also prevents anyone who had been using the terminated user ID from accessing the system with that ID.

One of the audit procedures that your external auditors will use is to test whether a person who does not need to access R/3 has a live user ID.

+RZ

*XLGHG7RXU

1. In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools → Administration → User maintenance → SU01-Users). 2. Choose

.

2

System Administration Made Easy

11–57

Chapter 11: Security Administration Audit Tasks

Review the active users and verify that these users are valid.

In a large company, you should do a random audit on at least 20 users. The minimum number should be determined by your auditors.

For additional information on how to “lock” a user, see chapter 12, User Administration.

5HYLHZLQJ3URILOHVIRU$FFXUDF\DQG3HUPLVVLRQ&UHHS :KDW

A “permission creep” is an incremental increase in permission and is given to a user over time. If left unchecked, increased permissions may grant a user more authority in the system than is required or intended. :K\

Users may have undesirable authorization(s) or combinations.

Your external auditors may have an audit step to check for permission creep. +RZ

You can conduct a spot audit of: <

Individuals 1. Review the security forms for a user 2. Compare these forms to the activity groups and profiles assigned to that user 3. Investigate inconsistencies

11–58

Release 4.6A/B

Chapter 11: Security Administration Audit Tasks

4. Review the activity groups and profiles assigned to the individual for reasonableness. Reasonableness is defined as, “Does it make sense?” 5. Review the individual profiles assigned for content and check to see if the profile has been recently changed. <

Profiles (transaction SU02) and authorizations (transaction SU03) Check if the change date is recent.

You can also execute the following audit reports: <

RSUSR100 (user changes)

<

RSUSR101 (profile changes)

<

RSUSR102 (authorization changes)

For additional information on these reports, see the User Security Audit on page 11–54.

System Administration Made Easy

11–59

Chapter 11: Security Administration Audit Tasks

11–60

Release 4.6A/B

&KDSWHU 8VHU$GPLQLVWUDWLRQ

&RQWHQWV Overview ................................................................................................................12–2 Recommended Policies and Procedures ...........................................................12–3 New User Setup.....................................................................................................12–7 Maintaining a User (SU01)..................................................................................12–24 Resetting a Password (SU01) ............................................................................12–26 Locking or Unlocking a User (SU01).................................................................12–27 User Groups ........................................................................................................12–29 Deleting a User’s Session (Transaction SM04)................................................12–32

System Administration Made Easy

12–1

Chapter 12: User Administration Overview

2YHUYLHZ User administration is a serious function, not just a necessary administrative task. Security is at stake each time the system is accessed. Because the company’s financial and other proprietary information is on the system, the administrator is subject to external requirements from the company’s external auditors, regulatory agencies, and others. Customers should consult with their external auditors for audit-related internal control user administration requirements. For example, human resources should be consulted if the HR module is implemented or if personnel data is maintained on the system. A full discussion on security and user administration is beyond the scope of this guidebook. For example, manually creating and maintaining security profiles and authorizations is also not covered. Our discussion is limited to a general introduction and a list of the major issues related to security. The two sections below affect all aspects of security, which is why we begin with them.

8VHU*URXSV User groups are created by an administrator to organize users into logical groups, such as: <

Basis

<

Finance

<

Shipping

For additional information, refer to the section User Groups on page 12–29.

3URILOH*HQHUDWRU The Profile Generator is a tool used to simplify the creation and maintenance of SAP security. It reduces (but does not eliminate) the need for specialized security consultants. The value of the Profile Generator is more significant for smaller companies with limited resources that cannot afford to have dedicated security administrators. For more information on the Profile Generator, see the Authorizations Made Easy guidebook.

12–2

Release 4.6A/B

Chapter 12: User Administration Recommended Policies and Procedures

5HFRPPHQGHG3ROLFLHVDQG3URFHGXUHV Some of the tasks in this guidebook are aimed at complying with common audit procedures. Obtaining proper authorization and documentation should be a standard prerequisite for all user administration actions.

8VHU$GPLQLVWUDWLRQ User administration tasks comprise the following: <

User ID naming conventions The employee’s company ID number (for example, e0123456) Last name, first initial, or first name, last initial

In a small company where names are often used as ID, it is common to use the employee’s last name and first initial of the first name or the employee’s first name and first initial of the last name (for example, doej or johnd, for John Doe). Clearly identifiable user IDs for temporary employees and consultants (for example, T123456, C123456).

<

Adding or changing a user The user’s manager should sign a completed user add-or-change form. The form should indicate the required security, job role, etc., that defines how security is assigned in your company. If security crosses departments or organizations, the affected managers should also give their approval. If the user is not a permanent employee, or if the access is to be for a limited time, the time period and the expiration date should be indicated. The forms should be filed by employee name or ID. A periodic audit should be performed, where all approved authorizations are verified against what was assigned to the user.

<

Users leaving the company or changing jobs This event is particularly sensitive. The policies and procedures for this event must be developed in advance and be coordinated by many groups. As an example, see the table below.

System Adminstration Made Easy

12–3

Chapter 12: User Administration Recommended Policies and Procedures

Group

Responsibility

Human resources

Legal or personnel matters

External auditors

Internal control issues related to financial audit

IT

Procedures to terminate network access

Senior management

Policy approval

Employee’s manager

“Handover” or training period for the employee’s replacement

To manage terminated employees: < The user’s manager or HR should send a form or e-mail indicating that the employee is leaving. <

The user’s ID should be locked and the user assigned to the user group “term” for terminated. If the user’s ID is not required as a template: The activity groups assigned to the user should be deleted. (use transaction SU01, under the Activity Group tab, delete the activity groups). The security profiles assigned to the user should be deleted (use transaction SU01 and under the Task profile and Profile tabs, delete the profiles).

<

Check Background Jobs (transaction SM37) for jobs scheduled under that user ID. The jobs will fail when the user ID is locked or deleted.

<

If the user leaves one job for another and needs to maintain access for handover, this handover should be documented. The duration of the handover access must be defined and the expiration (Valid to) date entered in the R/3 System.

<

All temporary employees or consultants should have expiration (Valid to) dates on their user IDs. Similar to banks, there should be a “secret word” that users could use to verify their identity over the phone. This word would be used when the user needs their password reset or their user ID unlocked. But, realize that others can “overhear” this secret word and render it useless.

12–4

Release 4.6A/B

Chapter 12: User Administration Recommended Policies and Procedures

6\VWHP$GPLQLVWUDWLRQ <

Special user IDs The two user IDs (SAP* and DDIC) should only be used for tasks that specifically require either of those user IDs. A user who requires similar “super user” security rights should have a copy of the SAP* user security. The security rights of SAP* and DDIC are extensive, dangerous, and pose a security risk. Anyone who requires or requests similar security rights should have an extremely valid reason for the request. Convenience is not a valid reason. The security profiles that serves as the “master key” are SAP_ALL, and to a lesser degree, SAP_NEW. The user ID SAP* should never be deleted. Instead: 1. Change the password. 2. Lock the user ID. If the user ID SAP* is deleted, logon and access rights are gained by rights programmed into the R/3 System. The user ID SAP* then gains unknown and uncontrollable security rights. The user IDs SAP* and DDIC should have their default passwords changed to prevent unauthorized use of these special user IDs. An external audit procedure checks the security of these two user IDs. For medium- and large-size companies, granting developers SAP* equivalent security rights in the development and test systems is usually inappropriate. SAP* equivalent security in the production system is a security and audit issue and should be severely limited.

<

User passwords Parameters that define and restrict the user password are defined by entries in the system profiles. Passwords should be set to periodically expire.

The recommended expiration date is no more than 90 days, but auditors will usually want this date to be set at 30 days. Minimum password length of five (5) characters should be set. User should be locked after three unsuccessful logon attempts.

The table of “prohibited” passwords (USR40) should be maintained.

System Adminstration Made Easy

12–5

Chapter 12: User Administration Recommended Policies and Procedures

Sample R/3 User Change Request Form

R/3 User Change Request

Company ID: System/Client No.

PRD 300 QAS 200 210 220 DEV 100 110 120

Employee:

Type of Change

Department Name/Cost Center Number:

W

Change user

W

Delete user

W

Add user

User ID: Position:

Expiration Date (mandatory for temporary employees)

Secret Word:

Request Urgency

W

High

Requester:

W

Medium

Requester’s position:

W

Low

Requester’s phone: Employee’s Job Function (If similar to others in department, name and user ID of a person with similar job function):

Special Access/Functions:

Requester Signoff Name

Signature

Date Signed

Name

Signature

Date Signed

Name

Signature

Date Signed

Name

Signature

Date Signed

Name

Signature

Date Signed

Name

Signature

Date Signed

Manager Signoff

Owner Signoff

Security

In addition to security approval (above), is a signed copy of computer security and policy statement attached? W Yes

12–6

W No

Release 4.6A/B

Chapter 12: User Administration New User Setup

1HZ8VHU6HWXS 3UHUHTXLVLWHV *HQHUDO3URFHVVRU3URFHGXUH Before you set up a new user, have “in hand” the user add form (with all the required information and approvals). 7KH8VHU·V'HVNWRS Does the user’s desktop meet the following criteria: <

Does the system configuration meet the minimum requirements for SAP?

<

Is the display resolution set to a minimum of 800 x 600?

<

Is there sufficient space on the hard disk to install the SAP GUI with sufficient room for desktop application to run? For windows, a minimum of 50MB free space should remain after installing SAP GUI. A practical minimum however, is at least 100MB of free space.

1HWZRUN)XQFWLRQDOLW\ Can the user log on to the network? From the user’s computer: <

Can you “ping” the SAP application server(s) that the user will be logging onto?

<

If the SAP GUI will be loaded from a file server, can you access the file server from the user’s computer where the SAP GUI will be installed?

)RU,QVWDOODWLRQRI6$3*8, Before you install the SAP GUI, you should have the R/3 server name and the R/3 System (instance) number (for example, xsysdev and 00). You will need to enter this information during the installation. 5HFRPPHQGHG3UHUHTXLVLWHIRUWKH*8,,QVWDOODWLRQ The online documentation should be installed according to the instructions in the SAP document Installing the Online documentation. The online documentation installation and access method has changed since Release 3.x.

System Adminstration Made Easy

12–7

Chapter 12: User Administration New User Setup

,QVWDOOLQJWKH)URQWHQG6RIWZDUH²6$3*8, The SAP GUI or frontend installation instructions are in the installation guide, Installing SAP Frontend Software for PCs. The SAP GUI can be installed from: <

A copy of the presentation CD on a file server

<

The presentation CD or a copy of the CD

In most situations, accept the installation defaults.

,QVWDOOLQJ6$3*8,IURPD)LOH6HUYHU The preferred method is to install SAP GUI from a file server because you do not need to carry the presentation CD around. Also, remote installations can be completed without shipping out and potentially losing the original CD. The following is a list of the prerequisites to install SAP GUI from a file server: <

Copy the SAP GUI load files from the presentation CD to a shared directory on a file server.

<

Have access to the shared directory from the user’s PC.

+RZWR,QVWDOOWKH6$3*8,

*XLGHG7RXU

1. Map a drive to the shared drive on the network where the presentation CD has been copied. Select the mapped drive to the presentation CD software. In this example, Sim-cd on ‘Pal100767’ (E:). 2. Navigate down to the directory for the gui. In this example, Sim-cd on ‘Pal100767’ (E:) → 46a-gui → Win32.

1 2

3

3. Double-click on Setup.exe. The installation program starts.

12–8

Release 4.6A/B

Chapter 12: User Administration New User Setup

4. Choose Next.

4

5. Select Local installation. 6. Choose Next.

5

6

7. Choose Next.

7

System Adminstration Made Easy

12–9

Chapter 12: User Administration New User Setup

8. Select SAPgui. Steps 9–12 are optional. 9. Click on Desktop Interfaces. 10. Choose Change option.

9 8

10

From this screen, select the components you want: 11. Example, select Graphical Distribution Network. This component is required if system administrators wish to view specific screens.

11

12. Choose OK.

12

12–10

Release 4.6A/B

Chapter 12: User Administration New User Setup

13. Choose Next.

13

14. Select English. 15. Choose Next.

14

15

16. Choose Next.

16

System Adminstration Made Easy

12–11

Chapter 12: User Administration New User Setup

This parameter is set in the R/3 System when the online documentation is installed (Release 4.0B+). 17. Choose Next.

17

18. For path for shared drives, choose Next (not shown). 19. Enter the following information: < Application server < System number 20. Choose Next. 19 19

20

21. Choose Next.

21

12–12

Release 4.6A/B

Chapter 12: User Administration New User Setup

22. Choose Install.

22

23. The SAPSetup window appears to show you how the installation is progressing.

The installation is now complete. 24. Choose OK. 24

25. Choose Yes to restart your computer.

25

To add systems to the SAP Logon see section Adding Systems in the SAP Logon.

System Adminstration Made Easy

12–13

Chapter 12: User Administration New User Setup

,QVWDOOLQJ6$3*8,IURPWKH3UHVHQWDWLRQ&' When the network connection between the SAP GUI files on the network and the user is too slow to permit installation, install SAP GUI from the presentation CD. A slow connection could result from a slow modem or a slow network link. A copy should be made of the original presentation CD and the copy shipped to the user site. You then maintain control of the original CD and reduce the chance that it might get lost. The SAP GUI installation files can also be copied to other high-capacity removable media such as ZIP® or optical disk, as appropriate for your company. The copy of the presentation CD can then be safely sent to the user’s site. From there, it can be either loaded onto a local file server for installation or installed directly from the delivery media. The prerequisites for such an installation is that the user has a CD drive or other drive compatible with the delivery media (ZIP®, optical, etc.) on which the SAP GUI files are delivered. To install SAP GUI from a CD: 1. Insert the CD into the drive. 2. In Windows Explorer, choose this drive. 3. Choose Gui → Win32. 4. Double-click on Setup.exe. 5. Follow the same procedure as when loading from a file server. 6. Test your connection 7. Log on to the system.

12–14

Release 4.6A/B

Chapter 12: User Administration New User Setup

$GGLQJ$GGLWLRQDO6\VWHPV

*XLGHG7RXU

7R$GG$GGLWLRQDO6\VWHPVLQWKH6$3/RJRQ 1. On the SAP Logon window, choose New.

1

2. In Description, enter a short description of the system (for example, SAS App Server 1).

2

3. In Application Server, enter the name of the server (for example, pal101003 or xsapdev).

3

4. The SAP Router String field is usually blank.

5

4

6

5. In SAP System, select R/3. 6. In System Number, enter the system (instance) number for the instance in which you are creating the logon (for example, 00).

7

7. Choose OK.

System Adminstration Made Easy

12–15

Chapter 12: User Administration New User Setup

8. The new system is in the SAP Logon.

8

9. Test your connection 10. Log on to the additional system.

6HWWLQJ8SD1HZ8VHU68 The procedural prerequisite is to check that all documentation and authorizations required to set up a new user are present. There are two ways to create a new user: <

Copy an existing user

<

Create a new user from scratch

&RS\LQJDQ([LVWLQJ8VHU68 You can copy from an existing user if you have a good match. The new user will have the same security profiles as the existing user. This process is the easiest and is the recommended method for a small company. Create “template” users for the various job functions that can be copied to create new users. Prerequisite: A valid user ID to copy is identified on the user setup form.

12–16

Release 4.6A/B

Chapter 12: User Administration New User Setup

*XLGHG7RXU

1. In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools → Administration → User maintenance → SU01-Users). 2. Enter the user ID (for example, GARYN) that you want to copy. 3. Choose

.

3 2

4. In the Copy Users window, enter the new user ID in To (for example, GARY). 4

Follow your company’s naming convention for creating user IDs. 5. Choose

.

5

System Adminstration Made Easy

12–17

Chapter 12: User Administration New User Setup

6. Under the Password section, in Initial password, enter an initial password (for example, init). Reenter the same password in Repeat password. Your company may have a password policy where a “random” initial password is to be used.

10

7. In User group for authorization check, enter the user group (for example, SUPER) to which the user is to be assigned.

6

7

8

9

A user group must exist before a user can be assigned to it. to select from a list of 8. Check user groups. 9. Enter dates in the Valid from and Valid to fields to limit the duration that the users will have access to the system.

Entering valid to/from dates is usually required for contractors and other temporary personnel. 10. Choose the Address tab to change the user’s address data.

12–18

Release 4.6A/B

Chapter 12: User Administration New User Setup

11. Enter the user’s Last name. 12. Enter the user’s First name. 13. Enter the user’s job Function. 14. Enter the user’s Department. 15. Enter the user’s location (for example, Room no., Floor, Building).

17

16. Enter the user’s phone number. 11 12

A telephone number should be a required entry field. If there is a system problem identified with the user, you need to contact that user.

13 14 15

15

15

16

17. Choose the Defaults tab.

System Adminstration Made Easy

12–19

Chapter 12: User Administration New User Setup

18. Check that the Logon language is set correctly (for example, EN for English).

23

If the system default language has been set (for example, to English), then this field is only used to enter a default logon language for the individual user (for example, DE for German). 18

19. Under Output Controller: a. For OutputDevice, enter a default printer or choose printer.

21

to select a 19a

b. Select: < Output immediately < Delete after output

19b

22

20

20. Check that the Personal time zone is correct, or choose zone.

to select a time

21. Under Decimal notation, select the appropriate notation (for example, Point for United States).

The Decimal notation affects how numbers are displayed. Setting it correctly is critical to prevent confusion and mistakes. 22. Under Date format, select the appropriate date format (for example, MM/DD/YYYY). 23. Choose Save.

12–20

Release 4.6A/B

Chapter 12: User Administration New User Setup

&UHDWLQJD1HZ8VHU68 Sometimes it becomes necessary to create a completely new user. You may need to create a new user when you do not have another user from which to copy.

*XLGHG7RXU

1. In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools → Administration → User maintenance → SU01-Users). 2. Enter the user ID (for example, GARY) that you want to create. 3. Choose

. 3

2

4. Enter the user’s Last name. 5. Enter the user’s First name. 6. Enter the user’s job Function. 7. Enter the user’s Department. 8. Enter the user’s location (for example, Room no., Floor, Building).

10

9. Enter the user’s phone number. 4 5

A telephone number should be a required entry field. If there is a system problem identified with the user, you need to contact that user.

6 7 8

8

8

9

10. Choose Logon data tab.

System Adminstration Made Easy

12–21

Chapter 12: User Administration New User Setup

11. Enter an initial password (for example, init). Reenter the same password in the second field. 12. In User group for authorization check, enter the user group (for example, SUPER) to which the user is to be assigned or choose user group.

14

to select a 11

12

A user group must exist before a user can be assigned to it.

13

13. Enter dates in the Valid from and Valid to fields to limit the duration that the users will have access to the system.

Entering valid to/from dates is usually required for contractors and other temporary personnel. 14. Choose the Defaults tab.

12–22

Release 4.6A/B

Chapter 12: User Administration New User Setup

15. As an option, in Logon language, enter the appropriate language code (for example, EN for English). If the system default language has been set (to for example, English), this field is only used to enter a default logon language for the individual user (example, DE for German).

20

15

16. Under Output Controller: a. For OutputDevice, enter a default 16a printer or choose printer.

18

to select a 16b

b. Select: < Output immediately < Delete after output

17

19

17. Under Personal time zone, enter a time zone or choose time zone.

to select a

18. Under Decimal notation, select the appropriate notation (for example, Point, for United States).

The Decimal notation affects how numbers are displayed. Setting it correctly is important to prevent confusion and mistakes. 19. Under Date format, select the appropriate date format (for example, MM/DD/YYYY). 20. Choose Save.

System Adminstration Made Easy

12–23

Chapter 12: User Administration Maintaining a User (SU01)

21. The message indicates that the user was saved.

21

22. Assign security to the user by using the Profile Generator (see the Authorizations Made Easy guidebook).

0DLQWDLQLQJD8VHU68 Before maintaining a user, have a properly completed and approved user change form.

The user change documentation is audited in a security audit.

:K\

You need to maintain a user to manage: < Job changes to an existing job or position

12–24

<

New jobs or positions

<

User data changes, such as name, address, phone number, etc.

Release 4.6A/B

Chapter 12: User Administration Maintaining a User (SU01)

*XLGHG7RXU

1. In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools → Administration → User maintenance → SU01-Users). 2. Enter the user ID (for example, gary) to be maintained. 3. Choose

. 3

2

The Maintain User screen allows you to change a user’s: < Address

4

< Logon data < Defaults < Password < User group < Other 4. When you finish making the changes, choose Save.

System Adminstration Made Easy

12–25

Chapter 12: User Administration Resetting a Password (SU01)

5HVHWWLQJD3DVVZRUG68 :K\

The most common reason to reset a password is that users forget their password. In this situation, the user has probably attempted to log on too many times with an incorrect password. The user has probably also locked their user ID, which also needs to be unlocked.

Make certain the person who requests their password to be reset is indeed the valid user.

A basic user verification method is to have a telephone with a display so that the displayed caller’s phone number can be compared to the user’s phone number, which is stored in the system or can be found in the company phone directory. We recommend that you use a method similar to what banks use where the user has a “secret word” that verifies their identity on the phone. This method is not foolproof because someone can overhear the secret word. You should maintain a security log of password resets. This log should be periodically audited to look for potential problems.

*XLGHG7RXU

1. In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools → Administration → User maintenance → SU01-Users). 2. Enter the user ID (for example, gary) to be maintained. 3. Choose

. 3 2

12–26

Release 4.6A/B

Chapter 12: User Administration Locking or Unlocking a User (SU01)

4. In the Change Password popup window, enter a new password in New password and reenter this password in Repeat password. 5. Choose

Copy.

4

5

For security, you can only set an initial value for the user’s password. Users are then required to change the password when they log on. You cannot see what the users current password is, nor can you set a permanent password for the user.

/RFNLQJRU8QORFNLQJD8VHU68 :KDW

The lock/unlock function is part of the logon check, which allows the user to log on (or prevents the user from logging on) to the R/3 System. :K\

<

Locking a user R/3 access should be removed if a user: Leaves the company Is assigned to a different group Is on leave The lock function allows the user ID and the user’s security profile remains on the system but does not allow the user to log on. This function is ideal for temporary personnel or consultants where the user ID is locked unless they need access.

<

Unlocking a user Users are automatically locked out of the system if they attempt to incorrectly log on more than a specified number of times. The administrator must unlock the user ID and more than likely reset the user’s password. Before unlocking a user, determine if the request is valid. Do not unlock a user who has been manually locked without first finding out why this was done. There may be an important reason why the user should not access the system.

System Adminstration Made Easy

12–27

Chapter 12: User Administration Locking or Unlocking a User (SU01)

Maintain a security log of unlocking users, which should be periodically audited for potential problems.

*XLGHG7RXU

1. In the Command field, enter transaction SU01 and choose Enter (or choose SAP standard menu → Tools → Administration → User maintenance → SU01-Users). 2. Enter the user ID (for example, gary) to be maintained. 3. Choose

. 3

2

4. A popup window appears. In this example, an administrator has manually locked the user ID.

4

5

If a user is locked by the system manager, always check why. There may be a valid reason to refuse to unlock a user. 5. Choose

.

In this example, this step will unlock the user.

12–28

Release 4.6A/B

Chapter 12: User Administration User Groups

6. A message at the bottom of the screen indicates that the user has been unlocked (or locked).

6

8VHU*URXSV :KDW

A user group is a logical grouping of users (for example, shipping, order entry, and finance). The following restrictions apply to user groups: <

A user can belong to only one user group.

<

A user group must be created before users can be assigned to it.

<

A user group provides no security until the security system is configured to use user group security.

Create the group “term” for terminated users. Lock all users in this group and, for most of these users, delete the security profiles. This process maintains the user information for terminated users, and prevents the user ID from being used to log on. :K\

The purpose of a user group is to: <

Provide administrative groups for users so they can be managed in these groups.

<

Apply security.

System Adminstration Made Easy

12–29

Chapter 12: User Administration User Groups

8VDJH

Following are a few recommended special groups: Group

Definition

TERM

Terminated users. This way, user records can be kept in the system for identification. < All users in this group should be “locked.” < If it is not being used as a template, all security profiles should be removed from the user.

SUPER

Users with SAP* and DDIC equivalent profiles.

TEMPLATE

Template users to be used to create real users.

+RZWR&UHDWHD8VHU*URXS68

*XLGHG7RXU

1. In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools → Administration → User maintenance → SU01-Users). 2. From the menu bar choose Environment → User groups → Maintain.

12–30

2

Release 4.6A/B

Chapter 12: User Administration User Groups

3. Enter the name of the user group you would like to create (for example, purchasing). 4. Choose

.

4

3

5. In Text, enter a description of the user group. 7

6. Under User Assignment, in User, choose group.

to add users to the

7. Choose Save. 5

6

System Adminstration Made Easy

12–31

Chapter 12: User Administration Deleting a User’s Session (Transaction SM04)

8. The message inidicates the new user group was created.

8

'HOHWLQJD8VHU·V6HVVLRQ7UDQVDFWLRQ60 :KDW

Use transaction SM04 to terminate a user’s session. :K\

Transaction SM04 may show a user as being active when the user has actually logged off. This condition is usually caused by a network failure, which cuts off the user, or that the user has not properly logged off the system. (For example, the user turned the PC off without logging off the system.) A user may be on the system and needs to have their session terminated: < <

12–32

The user’s session may be “hung” and terminating the session is the only way to remove the user’s session. The user may have gotten into a “one way” menu path without an exit or cancel option. This situation is dangerous, and the only safe option is to terminate the session.

Release 4.6A/B

Chapter 12: User Administration Deleting a User’s Session (Transaction SM04)

+RZWR7HUPLQDWHD8VHU6HVVLRQ

*XLGHG7RXU

1. Verify that the user is actually logged off from R/3 and that there is no SAP GUI window minimized on the desktop. Verification is done by physically checking the user’s computer. Verification is important because users may have forgotten that they minimized a session. 2. In the Command field, enter transaction SM04 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring → SM04-User overview). 3. Select the user ID that you want to delete. 4. Choose Sessions. 4

3

In step 3 above, double-check that the selected user is the one you really want to delete. It is very easy to select the wrong user. 5. Select the session to be deleted. 6. Choose End session. It may take a while to actually delete the session so be patient. 7. Repeat steps 5 and 6 until all sessions for that user are deleted.

System Adminstration Made Easy

5

6

12–33

Chapter 12: User Administration Deleting a User’s Session (Transaction SM04)

$FWLYH8VHUV7UDQVDFWLRQV60DQG$/ :KDW

These transactions display all the users who are currently logged on to the system. They show both the user’s ID and terminal name. :K\

In a smaller company, the administrator can recognize user IDs logged on to “unfamiliar” terminals. This recognition may indicate that someone—other than the designated user—is using that user ID. A user logged on to more than one terminal indicates that the user ID is being: <

Used by someone else

<

Used or shared by several people

User IDs should not be shared for several reasons. <

One reason is that if a problem arises, you will not know who created the problem. This situation makes the problem difficult to fix, prevent, and from re-occurring.

<

Prudent security practices do not allow for sharing of user IDs.

<

Set the system profile login/disable_multi_gui_login. Your external auditors may also perform this test to test your security.

3UREOHPV

Transaction SM04 may show a user as active, when in fact the user has actually logged off. Because the user session was not properly closed, the system “thinks” that the user is still logged on. This condition can be caused by the following (among others):

12–34

<

A network failure, which cuts off the user from the network or R/3.

<

The user turning off their computer without logging off from the R/3 System.

Release 4.6A/B

Chapter 12: User Administration Deleting a User’s Session (Transaction SM04)

6LQJOH,QVWDQFH6\VWHP7UDQVDFWLRQ60

*XLGHG7RXU

1. In the Command field, enter transaction SM04 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring → SM04-User overview). 2. Select the user ID to view the session the user has open. 3. Choose Sessions. 3

2

The Overview of Sessions screen shows what sessions the user has open. 4. Choose

.

4

System Adminstration Made Easy

12–35

Chapter 12: User Administration Deleting a User’s Session (Transaction SM04)

0XOWL,QVWDQFH6\VWHP7UDQVDFWLRQ$/ If you have several instances in your system, using AL08 is easier, because you can simultaneously see all users in all instances. 1. In the Command field, enter transaction AL08 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → Performance menu→ Exceptions/Users→ Active users→ ALO8-Users, global). 2. The Current Active Users screen shows all the instances in your system and the number of active users. 3. For each instance, the users logged into that instance/application server are listed. 2

3

3

12–36

Release 4.6A/B

&KDSWHU 'DWDEDVH$GPLQLVWUDWLRQ²

0LFURVRIW64/6HUYHU

&RQWHQWV Overview ................................................................................................................13–2 Starting and Stopping the Database ...................................................................13–2 Database Performance .........................................................................................13–4 Scheduling Database Tasks (DB13)....................................................................13–9 Checking the Database Backup (DB12)............................................................13–15 Initializing Backup Tapes ...................................................................................13–18 Database Backups with Microsoft Tools..........................................................13–19 Database Error Logs...........................................................................................13–28 Verify Database Consistency.............................................................................13–29 Run Update Statistics .........................................................................................13–29 System passwords .............................................................................................13–30

System Administration Made Easy

13–1

Chapter 13: Database Administration – Microsoft SQL Server Overview

2YHUYLHZ Microsoft SQL Server is a low maintenance database that is increasingly popular with smaller R/3 installations. This chapter will review the database administrative tasks that can be accomplished within the R/3 System with associated tasks utilizing the Microsoft administrative tools.

6WDUWLQJDQG6WRSSLQJWKH'DWDEDVH 6WDUWLQJWKH'DWDEDVH 1. From the NT desktop, choose Start → Programs → MS SQL Server 7.0 → Service Manager. 2. Choose Start/Continue.

2

3. Check that Microsoft SQL Server is started by checking the color and shape of the status icon (the green arrow), and the status message at the bottom of the window. 3

3

13–2

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Starting and Stopping the Database

6WRSSLQJWKH'DWDEDVH 1. Verify that R/3 has been stopped. If R/3 has not been stopped, stop R/3 now. Follow the proper procedure to stop R/3. 2. From the NT desktop, choose Start→ Programs→ MS SQL Server 7.0 →Service Manager. 3. Choose Stop.

3

4. Choose Yes.

4

5. Check that Microsoft SQL Server is stopped by checking the color and shape of the status icon (a red square), and the status message at the bottom.

5

5

For more information on stopping the database, see chapter 9.

System Administration Made Easy

13–3

Chapter 13: Database Administration – Microsoft SQL Server Database Performance

'DWDEDVH3HUIRUPDQFH 2YHUYLHZ The CCMS System has tools available for R/3 Administrators to monitor the database for growth, capacity, I/O statistics, and alerts. This section will discuss the initial transactions that can help the database administrator.

'DWDEDVH$FWLYLW\67 :KDW

The Database Performance Monitor (ST04) provides a database-independent tool to analyze and tune the following components: < Memory and buffer usage <

Space usage

<

CPU usage

<

SQL requests

<

Detailed SQL items

:K\

To manage your system performance, the database must be monitored. One of the important items is the ability to view the database error log from within R/3. This view saves the extra effort of logging into the database to view this log.

13–4

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Database Performance

+RZ

*XLGHG7RXU

1. In the Command field, enter transaction ST04 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → Performance → Database → ST04 - Activity). 2. An initial overview of database activity is provided which pertains to database, operating system, CPU, and memory. Microsoft SQL Server allows the analysis of specific attributes pertaining to memory, space, I/O, and quality of table reads and writes. This information can signal adjustments necessary to improve performance of the database. In the screen to the right, some important areas are highlighted:

2d

2a

2a

a. Memory Usage Procedure cache and Data cache hit ratio can reflect memory problems. These values should be greater than 2b 95 percent for optimal memory usage. b. Server Engine/Elapsed Shows how hard the CPU has been working on Microsoft SQL Server processes. You are interested in the ratio of busy : idle time.

2c

2c

c. SQL Requests Allows for snapshots of how SQL queries are utilizing table access pertaining to full table or index scans. A high ratio of full table scans vs. index scans can indicate performance bottlenecks. d. Detail analysis menu

System Administration Made Easy

13–5

Chapter 13: Database Administration – Microsoft SQL Server Database Performance

3. This screen is the Detailed analysis menu (option 2D). c. This screen is composed of the following three sections: 3a

< Analyze database activity < Analyze exceptional conditions

3b

3b

< Additional functions d. Areas of common interest are: < Server details < SQL processes

3a

3b

< Error logs (see the following screen) 3a c. Additional functions are links to transactions that will be discussed in 3c later sections.

This screen shows the Database Error Log. 3b

13–6

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Database Performance

'DWDEDVH$OORFDWLRQ'% :KDW

The Database Allocation transaction is used to analyze: < <

Database growth Database index, consistency, etc.

<

Tables

:K\

One critical reason is to monitor database growth. Using the growth rate you could project the growth to determine when you may need to get additional disk storage for the database. +RZ

*XLGHG7RXU

1. In the Command field, enter transaction DB02 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → Performance → Database→ DB02-Tables/Indexes). 2. An initial review would identify the type of database, name, size, file systems, and totals for database objects. The following describes some of the features of the screen to the right: a. Database information indicates space used for data and log information.

2a 2b 2c

b. DB space history takes you to the View database history screen. c. DB analysis takes you to an analysis menu screen. d. To determine attributes for a specific database object, use Detail analysis to make decisions for an individual object.

System Administration Made Easy

2d

13–7

Chapter 13: Database Administration – Microsoft SQL Server Database Performance

This screen is the DB space history display. A spreadsheet allowing analysis based on calendar scenarios exists with the ability to sort on column information.

1

1. To view by file, choose Files.

Here you can analyze the physical file information.

This screen is the DB analysis display. From here, the administrator can: < Analyze the database for missing indexes, conflicts between ABAP Dictionary and database, and R/3 Kernel integrity. <

Perform a database consistency check.

Analysis can be done for table specific objects to determine the largest tables, and tables that are modified.

13–8

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Scheduling Database Tasks (DB13)

6FKHGXOLQJ'DWDEDVH7DVNV'% :KDW

The DBA Planning Calendar (DB13) is the scheduling tool for DBA tasks in R/3. Using the Calendar, the DBA can schedule many of the DBA tasks that need to be performed, such as: <

Database and transaction log backup

<

Update statistics

<

Check table and database consistency

:K\

These tasks can be conveniently managed and scheduled without going to the database. The DBA Planning Calendar works with transaction DB12 (Backup logs). For more information on transaction DB12, see page 13–15. +RZ

To schedule a backup task using the DBA Planning Calendar, the backup must be able to run “unattended,” which means that you must have one of the following options: < A single tape drive with sufficient capacity to back up the database without changing tapes. < Multiple tape drives with sufficient total capacity to back up the database without changing tapes.

System Administration Made Easy

13–9

Chapter 13: Database Administration – Microsoft SQL Server Scheduling Database Tasks (DB13)

*XLGHG7RXU

1. Enter transaction DB13 and choose Enter. (or from the SAP standard menu, choose Tools → CCMS → DB Administration → DB13-DBA Planning Calendar). 2. Double-click on the date.

2

If a task exists for that day, this window appears. 3. Choose Insert to add a new task.

3

13–10

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Scheduling Database Tasks (DB13)

4. In StartTime, enter the time to begin the backup.

4 5

The start time is the time on the database server. 5. Under Action, select a task (for example, Full Database Backup). 6. Choose Continue.

6

7. Select all the databases. 8. Choose OK. 7

8

9. Select the backup device. (Select R3DUMP0 if you only have a single tape drive attached.) 10. Choose OK.

9

10

System Administration Made Easy

13–11

Chapter 13: Database Administration – Microsoft SQL Server Scheduling Database Tasks (DB13)

11. In the Log backup tape options popup window, select the following options as appropriate: a. Unload tape To eject the tape after the backup is completed. b. Initialize tape To overwrite existing data, rather than appending to last backup. c. Verify backup To verify the backup after it has run. If you are doing an online backup when transactions are being performed, selecting this option is not useful because the database changes during this 13 time will cause this test to fail. d. Format tape To erase the entire tape and write a new tape label.

11a 11b

11c 11d

12

This option is selected when using a brand new tape, or a tape that was previously used with a different application. 12. In Expiration period for backup volumes, enter the number of days to protect the tape. The backup tape is protected from overwriting by the backup program for this number of days. 13. Choose OK.

13–12

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Scheduling Database Tasks (DB13)

14. The task will be listed in the day.

14

'HWHUPLQLQJWKH7DSH/DEHO 1HFHVVDU\IRUD%DFNXS 1. Double-click on the day.

1

System Administration Made Easy

13–13

Chapter 13: Database Administration – Microsoft SQL Server Scheduling Database Tasks (DB13)

2. If there is more than one entry, select the backup entry. 3. Choose Volumes needed to see what tape (label name) is required for that backup.

2

3

Using the correct tape is important. If the wrong tape is used, the backup will fail. For further information on tape labeling, see chapter 3. 4. The required tape is displayed (for example, CD27S). 4

'HOHWLQJDQ(QWU\IURPWKH3ODQQLQJ&DOHQGDU'% 1. On the DBA Planning Calendar, double-click on the date.

1

13–14

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Checking the Database Backup (DB12)

2. Select the item to delete. 3. Choose Delete.

2

a. Here you can also choose Change to change the options you originally selected for the job.

3a

3

4. Choose Yes.

4

5. The item has been deleted. 6. Choose

.

5

6

&KHFNLQJWKH'DWDEDVH%DFNXS'% :KDW

The Backup Logs transaction (DB12) provides backup and restore information, such as: <

Log file size and free space in the log file

<

Date and time of last successful restore for: R/3 database Transaction log Master database Msdb database

<

Backup history

<

Restoration history

<

Backup device list

System Administration Made Easy

13–15

Chapter 13: Database Administration – Microsoft SQL Server Checking the Database Backup (DB12)

<

SQL Server jobs

<

Tapes needed for restore

:K\

It is a convenient “one stop” point for backup information. Some of the important backup information such as tape label name is passed to DB12 from DB13. The “tapes needed for restore” option is important. Do not rely on the “tapes needed for restore” feature. You must have a method that does not rely on R/3 being available to tell you what tapes you will need to do a restore of the R/3 system. If there is a severe disaster, and the R/3 system is lost, R/3 is not available for you to look at this report. The only missing information is the run time (duration) of the backup job. This is a problem indicator, when compared to the expected duration of the backup. +RZ

*XLGHG7RXU

1. In the Command field, enter transaction DB12 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → DB Administration → DB12-Backup logs). 2. Review log space information to analyze growth. 3. Review backup information and notice the date and time of success or failures. 4. The following is a list of the available buttons and their functions: a. Backup history A spreadsheet summary of 2 each backup is listed. Each backup type can be reviewed with detailed log information available using History info. 3 (see the SAP R/3 screen below).

4a

4b 4c 4d 4e

b. Restoration history A spreadsheet of detailed restoration information is listed.

13–16

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Checking the Database Backup (DB12)

c. Backup device list Each logical device name is listed with the appropriate physical device name (see the Backup Device List screen below).

4a

d. SQL Server jobs A spreadsheet listing of all scheduled jobs with options for CCMS, Database and History Info is listed. History Info lists the specifics of the job, that pertain to success or failure of the job. e. Tapes needed For restore A listing of the tapes that are needed to restore the various 4c databases. Scroll to the bottom of the screen, for the instructions to restore the database (see the Tapes Needed For Restore screen below).

System Administration Made Easy

13–17

Chapter 13: Database Administration – Microsoft SQL Server Initializing Backup Tapes

4e

,QLWLDOL]LQJ%DFNXS7DSHV :KDW

Initializing the tape writes a label on the tape header. This label is the same as the physical label of the tape (for example, CD26S). :K\

The tape label and the expiration date are additional safety levels to prevent backing up to the wrong tape, and possibly, destroying needed data. When using the DBA Planning Calendar (DB13) for backups, the tape must be properly labeled to execute a backup to tape, because the transaction expects a specific tape to be in the drive. If the tape label does not match the required label, the backup will fail. +RZ

Initializing and labeling is an option when executing the backup using DB13, SQL Server Enterprise Manager, or NT Backup. (For SQL Server, see SAP note 141118 for a description of the tape label naming convention used by DB13).

13–18

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Database Backups with Microsoft Tools

'DWDEDVH%DFNXSVZLWK0LFURVRIW7RROV Backing up R/3 on SQL Server involves backing up the following SAP-specific and database-related directories: < \usr\sap <

\usr\sap\trans

<

of <sid>adm

<

\<sid>data The R/3 database files

<

\<sid>log The R/3 log file

If the log is allowed to grow to capacity and use all available filespace on the drive, SQL Server will stop. This event is critical, because when R/3 stops, so does the business processes that require R/3 to be running. <

\tempdb

Also backup the following Microsoft SQL Server databases: <

Master In case of failures or hardware or software disasters, the Master database contains the data necessary to recover the database.

<

MSDB The MSDB database contains the data for the SQL Server job scheduler and the database backup history.

To make the backup process easier, and open to fewer errors, we recommend that you backup the entire server and not just specific directories and files.

2QOLQH%DFNXS²8VLQJ64/VHUYHU(QWHUSULVH0DQDJHU :KDW

The SQL 7.0 Enterprise manager is Microsoft SQL Server’s “general tool.” Here it is used to backup the following while R/3 is running: <

The R/3 database

<

The R/3 log To clear the log, the log backup must periodically be done in the initialization mode.

If the log is allowed to grow to capacity and use all available filespace on the drive, SQL Server will stop. This event is critical, because when R/3 stops, so does the business processes that require R/3 to be running.

System Administration Made Easy

13–19

Chapter 13: Database Administration – Microsoft SQL Server Database Backups with Microsoft Tools

<

\tempdb

You must also backup the following SQL Server databases: <

Master If there is a hardware or software disaster, the master database contains the data necessary to recover the database.

<

MSDB The MSDB database contains the data for the SQL Server job scheduler and the database backup history.

:K\

An online backup allows you to backup the database(s) when R/3 and the database is running, so that system users are not impacted. +RZ

To backup any of the databases mentioned above: 1. On the NT desktop, choose Start → Programs → Microsoft SQL Server 7.0 → Enterprise Manager. 2.

3.

4. 5. 6.

In the Enterprise Manager: Expand the SQL Server Group under which your server is located. (You may have a different group name.) Expand the server that you want to look at. (You will have a different server name.) Choose Management Choose Backup. Choose Tools → Backup Database.

13–20

6 2 3 4 5

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Database Backups with Microsoft Tools

7. In Database, choose database to backup.

to select the

11

8. Under backup, select the type of backup to perform (for example, Database - complete). Select Database – complete to do a full backup of the database. Select Transaction log to backup only the transaction log. 9. Under Destination:

7

8

9

< Select the media (in this case Tape) < Select the device R3DUMP0. 10. Under Overwrite select Overwrite existing media.

10

11. Choose the Options tab.

12. Under Options, select: < Verify backup upon completion < Eject tape after backup < Backup set will expire 13. Under Backup set will expire, select one of the following options and complete the entry field: < After (a defined number of days), then enter the number of days. < On (a specific date), then enter the date.

System Administration Made Easy

12 12

12 13

13–21

Chapter 13: Database Administration – Microsoft SQL Server Database Backups with Microsoft Tools

On the screens below, you have three options: < Backup without checking the tape label. < Backup checking the tape label. < Initialize the tape and writing a new tape label, before backing up. To backup without checking the tape label: 1. Leave the following options deselected: < Check media set name and backup set expiration < Initialize and label media

This step will overwrite and destroy any data on the tape. Be certain that the correct tape is in the drive.

1

1

2. Choose OK. The backup will now begin. 2

13–22

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Database Backups with Microsoft Tools

To check the tape label before backing up: 1. Select Check media set name and backup set expiration. 2. Enter the tape label in Media set name (for example, RD26S). 3. Choose OK, to begin the backup. If the label of the tape does not match the name entered in Media set name, the backup will fail.

1 2

3

To initialize the tape before backing up: 1. Select Initialize and label media. 2. Enter the tape label name in Media set name (for example, RD26S).

This step will relabel, overwrite, and destroy any data on the tape. Be certain that the correct tape is in the drive. 3. Choose OK to begin the backup.

1 2

3

System Administration Made Easy

13–23

Chapter 13: Database Administration – Microsoft SQL Server Database Backups with Microsoft Tools

2IIOLQH%DFNXS²8VLQJ17%DFNXS :KDW

The offline backup is done when R/3 and the database are down. Here, we also use the offline backup to also backup other files which are needed to restore R/3. Since high capacity tape drives are now more common, it is simpler and safer to backup the entire server. This full server backup eliminates the possibility of not backing up an important file. For smaller customers, the entire server could be backed up to a single DLT cartridge.

At a minimum, backing up R/3 on SQL Server involves backing up the following SAPspecific and database-related directories: <

\usr\sap

<

\usr\sap\trans

<

of <sid>adm

<

\<sid>data

<

\<sid>log

<

\tempdb

(the R/3 database files) (the R/3 log file)

In addition to these directories, you must back up any directories and files for third-party products, interfaces, etc. that store their data outside the R/3 database. Getting all the required files and directories can be difficult, which is why we recommend that you backup the entire server. :K\

The data in the database does not change while the backup is being made, which means that you have a static “picture” of the database and do not have to deal with the issue of data changing while the backup is being run. With some third party applications, you cannot back up the files unless they are closed, and this is not possible unless R/3 and the application are shut down. Therefore, an offline backup needs to be done. A “full server” offline backup also gives you the most complete backup in the event of a catastrophic disaster. On one tape, you have everything on the server. +RZ

Due to system limitations on the documentation system, the location of the files in this example are presented differently from the recommendations in the SAP installation manual.

13–24

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Database Backups with Microsoft Tools

*XLGHG7RXU

To do an offline backup, we use NT Backup interactively: 1. Shut down R/3. 2. Shut down the database. 3. Shut down any other applications. 4. Insert the appropriate tape into drive. 5. On the NT desktop, choose Start → Programs → Administrative Tools → Backup. 6. Select all drives on the server. 7. Choose Backup.

7

6

Enter appropriate information in the Backup Information dialog box. 8. In Tape Name, enter the tape label name (for example, CD26S). 9. Select Verify After Backup. 10. If your tape drive supports hardware compression, select Hardware Compression.

8 9 11 10

11. Under Operation, select Replace. 12. In Description, enter a description. 12

13. Choose OK.

13

System Administration Made Easy

13–25

Chapter 13: Database Administration – Microsoft SQL Server Database Backups with Microsoft Tools

14. This window will appear to verify that the correct tape is in the drive. Even if the tape name you entered in the previous screen matches the tape label, this window will appear.

15 14

15. Choose Yes. 16. The backup will run. The window displays the backup progress.

16

17. When the backup has successfully completed, choose OK.

17

13–26

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Database Backups with Microsoft Tools

18. From the menu bar, choose Operations → Exit.

18

19. Remove the tape from the tape drive and store properly.

System Administration Made Easy

13–27

Chapter 13: Database Administration – Microsoft SQL Server Database Error Logs

'DWDEDVH(UURU/RJV 5²67 You can view the database error logs from within R/3 using transaction ST04. For more information on database error logs, see the Database Performance Analysis (ST04) section earlier in this chapter.

0LFURVRIW64/6HUYHU(QWHUSULVH0DQDJHU

*XLGHG7RXU

1. From the NT desktop, choose Start → Programs → Microsoft SQL Server 7.0 → Enterprise Manager. In the Enterprise Manager: 2. Expand the SQL Server Group under which your server is located. 3. Expand the server where the R/3 system is installed. 4. Expand Management.

2 3 4

5. Expand the SQL Server Logs. 5

6. Select the Current log. Here, you can also look at the six previous error logs. 7. Read the log in the right-hand side window. 7

6

13–28

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server Verify Database Consistency

9HULI\'DWDEDVH&RQVLVWHQF\ :KDW

In a database management system, consistency can be represented from the logical and physical levels. R/3 must insure a logical consistency when communicating with the SQL Server engine, and SQL Server must insure a physical consistency for the database. :K\

Sometimes a physical inconsistency can occur in the database’s internal structures. This problem occurs when R/3 “thinks” the data is, and where the data actually is, in the database are different. +RZ

SQL Server uses the DBCC CHECKDB command to correct and repair the database to a consistent state. This is executed using: <

CCMS Scheduling calendar (DB13)

<

The SQL Server Enterprise Manager

The consistency checks should be done during non-peak hours or when R/3 users are offline. For those coming from SQL Server 6.5 environments, SQL Server 7.0 executes the DBCC CHECKDB job much faster than SQL Server 6.5.

5XQ8SGDWH6WDWLVWLFV :KDW

Database objects statistics help make data access more efficient. :K\

The optimizer of the database engine will perform better if the table index’s statistical information is current. This information helps R/3 find an item in the database faster. +RZ

By default, SQL Server 7.0 has automatic statistics turned on. The possibility of manually scheduling update statistics using the CCMS scheduling calendar still exists. Examples of when this scheduling might be necessary after large data inserts or deletes from a given table (for example, client copy, BDC sessions, and archiving).

System Administration Made Easy

13–29

Chapter 13: Database Administration – Microsoft SQL Server System passwords

6\VWHPSDVVZRUGV 64/VHUYHU For additional information, see SAP note 28893. User IDs to change: < sa < sapr3 During the installation, by default: < SQL server does not ask for, nor does it set, a password for user sa. Once the installation is complete, the system administrator must manually create a password. < For user sapr3, a password is created, but it is created with a default password. Therefore, you must change the password. Beginning with release 4.5, user sapr3 is no longer used by R/3. These “loopholes” must be closed manually. +RZ

*XLGHG7RXU

1. From the NT desktop, choose Start → Programs → Microsoft SQL Server 7.0 → Enterprise Manager. In the SQL server Enterprise Manager: 2. Expand the SQL Server Group. 3. Expand the server. 4. Expand Security. 5. Choose Logins. 2

3

4

13–30

5

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server System passwords

6. On the right side of the screen, double-click “sa” (or “sapr3,” if sapr3 was created).

6

7. Choose General tab. 8. Enter new password in Password.

7

9. Choose Apply.

8

9

10. Reenter the password in Confirm New Password. 11. Choose OK. 10 11

System Administration Made Easy

13–31

Chapter 13: Database Administration – Microsoft SQL Server System passwords

12. Choose OK.

12

For user sapr3, up through release 4.0, the following also needs to be done: 13. In the SQL Server Enterprise Manager Console, choose Tools → SQL Query Analyzer.

13–32

13

Release 4.6A/B

Chapter 13: Database Administration – Microsoft SQL Server System passwords

14. Enter the following SQL commands: use <SAPSID> go sap_change_password ‘’, ‘’

15

14

15. Choose Execute Query (or choose Query → Execute Query).

System Administration Made Easy

13–33

Chapter 13: Database Administration – Microsoft SQL Server System passwords

13–34

Release 4.6A/B

&KDSWHU 2XWSXW0DQDJHPHQW

&RQWHQWV Contents.................................................................................................................14–1 Printer Setup (SPAD) ............................................................................................14–2 Check the Spool for Printing Problems (Transaction SP01) ............................14–9 Check that Old Spools are Deleted (SP01) .......................................................14–12 Printing the Output (SP01) .................................................................................14–15 Printing the Screen .............................................................................................14–18 Check Spool Consistency (SPAD) ....................................................................14–21 Check TemSe Consistency (SP12)....................................................................14–23

System Administration Made Easy

14–1

Chapter 14: Output Management Printer Setup (SPAD)

3ULQWHU6HWXS63$' Before you set up a printer: <

Set up the printer at the operating system level. This step must be completed before the printer can be set up in R/3.

<

Know the name of the printer. This name is the network name of the printer (for example, FIN3 or \\FINANCE\ACCT2; not HP Laser Jet 5si).

<

Know the type of printer. This information is the manufacturer and model of the printer (for example, HP Laser Jet 5si).

+RZWR6HW8SWKH3ULQWHULQWKH56\VWHP

*XLGHG7RXU

1. In the Command field, enter transaction SPAD and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Spool → SPAD-Spool administration). 2. In the Device/servers tab, choose Output devices.

2

14–2

Release 4.6A/B

Chapter 14: Output Management Printer Setup (SPAD)

3. Choose

.

3

4. Choose

.

4

System Administration Made Easy

14–3

Chapter 14: Output Management Printer Setup (SPAD)

5. In Output device, enter a descriptive name for the printer (required). 6. Enter a short name in Short name or let the system define it for you (optional). In our example, we will let R/3 define the short name.

5

7 8 9

7. Choose Device Attributes tab. 8. In Device type, choose to select the appropriate device type for your printer (required). 9. In Spool server, choose to select the appropriate server where your print requests will be processed. 10. In Model, enter the printer’s make and model.

6

10 11 12

11. In Location, enter the printer’s location.

The Model and Location fields are important because you cannot use a printer if you do not know its location and its model name. The key is to make your description as precise as possible. If the printer has moved, remember to update this field. 12. The message field is used for a temporary message that replaces the Location text. Messages are useful if a printer is “offline” for repair, etc.

14–4

Release 4.6A/B

Chapter 14: Output Management Printer Setup (SPAD)

11

13. Choose the HostSpoolAccMethod tab. 14. In Host spool access method, choose to select the appropriate access method.

13 14 15

At this point, things can get complicated. In general, use the following local access methods to reduce network problems in the system. For: <

<

NT Select C – Direct operating system call. UNIX Select L – Print locally via LP/LPR.

15. In Host printer, enter the printer name as defined in your network (required). 16. Select the Output Attributes tab. 17. In this section, you can specify a cover page (optional).

19

18. Select Monitor using monitoring architecture. If you have a large number of printers, do not select this option.

16

19. Choose Save. 17 18

System Administration Made Easy

14–5

Chapter 14: Output Management Printer Setup (SPAD)

20. In our example, to let R/3 create the short name: a. Choose Yes. 20a

b. If we had entered a short name, and there is a name conflict with an existing printer, this conflict message would appear.

20b

If this name conflict exists, at this dialog box, choose Yes. 21. A message indicates that the printer was created. 22. Choose Paper tray info.

22

21

23. Under Actv., select the paper tray to activate it for automatic selection.

23

24

Automatic selection means that the correct tray is selected based on the paper format (i.e., letter). This selection applies only to the paper format, not the type of paper (for example, letter head, invoice, blank, etc.)

14–6

Release 4.6A/B

Chapter 14: Output Management Printer Setup (SPAD)

24. In the screen above, under Page format, enter the page format or choose

.

25. Select the proper paper format. Scroll down to see the Letter and Legal paper formats. 26. Choose

. 25

26

27. Repeat steps 23–26 for all printer trays. 28. Choose

.

27

28

System Administration Made Easy

14–7

Chapter 14: Output Management Printer Setup (SPAD)

29. Choose Save. 30. A message in the status bar indicates that the paper tray information was saved.

29 31

31. Choose Back.

30

32. The new printer (Finance GL) is now in the printer list. 33. Test the printer by printing this screen to it. 32

14–8

Release 4.6A/B

Chapter 14: Output Management Check the Spool for Printing Problems (Transaction SP01)

&KHFNWKH6SRROIRU3ULQWLQJ3UREOHPV7UDQVDFWLRQ63 :KDW

The spool is the R/3 System’s output manager. Data is first sent to the R/3 spool and then to the operating system for printing. :K\

There may be problems with the printer at the operating system level. These problems need to be resolved immediately for time-critical print jobs (for example, checks, invoices, shipping documents, etc.) or there may be an operational impact. You should check for active spool jobs that have been running for over an hour. These longrunning jobs could indicate a problem with the operating system spool or the printer.

*XLGHG7RXU

1. In the Command field, enter transaction SP01 and choose Enter (or choose SAP standard menu → Tools→ CCMS→ Spool→ SP01-Output Controller). 2. Delete information in Created by. 3. Set the Date created field to, for example a week ago, or to any other date range to check for other 5 problems. The range of data will depend on your installation. If you generate hundreds or thousands of spools a day, you would choose every day. This data range would be much shorter, possibly only two days.

2 3 4

4. Delete information in Client. 5. Choose

.

System Administration Made Easy

14–9

Chapter 14: Output Management Check the Spool for Printing Problems (Transaction SP01)

6. Look for jobs with an error in the Output Status column. 7. Double click on the Error. 6

7

8. Select the error. 9. Choose

.

9

8

10. Review the error. 11. From this point, troubleshooting depends on the specific problem. 12. Choose

.

12

14–10

Release 4.6A/B

Chapter 14: Output Management Check the Spool for Printing Problems (Transaction SP01)

13. Select the error. 14. Choose

.

14

13

15. Use the log to investigate the problem (for example, this job was Unable to establish connection to the Berkley LPD).

15

System Administration Made Easy

14–11

Chapter 14: Output Management Check that Old Spools are Deleted (SP01)

&KHFNWKDW2OG6SRROVDUH'HOHWHG63 :KDW

The SAP spool is the output manager for R/3. From the SAP spool, the print job goes to the operating system’s print spooler or manager. You need to check that old spool jobs are being properly cleared by the daily batch job. :K\

<

Depending on how the spool system has been configured, old spools will use database space or file system space. Whether it is database or file system space, potentially available “space” is being used by these spools.

<

Look for any errors that may indicate problems in the printing process.

*XLGHG7RXU

1. In the Command field, enter transaction SP01 and choose Enter (or from the SAP standard menu, choose Tools→ CCMS→ Spool→ SP01-Output Controller). 2. Clear the following fields: < Created by < < <

Date created (date) to (date) Client

3. Choose

3

. 2

14–12

Release 4.6A/B

Chapter 14: Output Management Check that Old Spools are Deleted (SP01)

After the system has been operating for some time, check whether old jobs are being purged. 4. Scroll down the screen to find the oldest date. This date should be within the time frame defined for the job that runs RSPO0041 program (see SAP note 16083).

5

If the spool requests beyond the minimal age are found, the job may not be properly deleting the old jobs and needs to be analyzed. 5. To view the attributes of a spool request, highlight a request and choose . Two reasons for failure of the job that runs the RSPO0041 program are: < The user ID under which the job is run does not have the proper security authorization to execute the program. < The job is routed to an invalid printer. From this screen, the spool attributes, output, and temporary sequential database (TemSe) attributes can be conveniently accessed. 6. Notice that information on the Number of pages generated, the Recipient, and the Delete date of the spool request are displayed.

6

6 6

System Administration Made Easy

14–13

Chapter 14: Output Management Check that Old Spools are Deleted (SP01)

7. Choose Output attributes tab. 8. On this screen, you can set the priority of the output request. The priority levels are from 1–9 with 1 being the highest priority.

7

8

9. Select the TemSe attributes tab. 10. This screen displays the name and size of the object as it is stored in the TemSe database. It is useful to know this information when there are inconsistencies in the spool and TemSe databases. (For more information, see the section on Check Spool Consistency)

9

10

14–14

Release 4.6A/B

Chapter 14: Output Management Printing the Output (SP01)

3ULQWLQJWKH2XWSXW63 :KDW

There are two types of requests: <

Spool

<

Output

The spool request contains the “printed” document which has not been sent to the output device. The output data of this document is partially formatted and stored in the TemSe database. The output request tells R/3 to format the request to a particular device and contains attributes such as target printer, number of copies, etc. Each time you select the printer icon, an output request is created for the spool request. :K\

To print the contents of a spool request immediately or at another date and time using different parameters. +RZ

(continued from the previous section) 1. Select a spool request. 2. Choose

to print directly.

This step creates an output request and prints the contents of the spool request immediately on the printer.

2

1

System Administration Made Easy

14–15

Chapter 14: Output Management Printing the Output (SP01)

3. A message appears on the status bar stating that an output request was created. 4. In the Status column, is the status of the print job.

4

If the output was printed successfully, the status is Compl (complete). Otherwise, a status of Waiting or Error will be displayed.

3

You can also print a spool request with a different printer or change the start date and time. 1. Select a spool request. 2

2. Choose to print with changed parameters. 1

14–16

Release 4.6A/B

Chapter 14: Output Management Printing the Output (SP01)

3. On this screen, you can: < Change to another output device < Increase the number of copies

4

< Change the priority 3

< Change the start date and time In our example, we change the printer to DCBZ. 4. Choose

to print directly.

5. You are notified that an output request was created.

5

System Administration Made Easy

14–17

Chapter 14: Output Management Printing the Screen

6. Under the Status text column, the request is scheduled for printing.

3ULQWLQJWKH6FUHHQ :KDW

You can quickly and easily print the contents of most screens or do a “print screen” by choosing the printer icon. A spool request and an output request are also generated by using this procedure. :K\

This is most useful in testing that a new printer was setup correctly.

14–18

Release 4.6A/B

Chapter 14: Output Management Printing the Screen

+RZ

Continue from the prior step or any screen with a printer icon:

*XLGHG7RXU

On some screens, there are two printer icons. The one to choose is usually located just under the menu bar. (When the cursor is passed over this button, Print Ctrl+P appears.) 1. Choose

1

.

2. You can specify or change the: < Output device < Number of copies < Pages to print < Spool request name < Start time < Change the priority < Number of days you wish to keep the spool request < Print format 3. Choose

next to Retention period.

3

System Administration Made Easy

14–19

Chapter 14: Output Management Printing the Screen

In this dialog box, selecting Do not delete keeps the spool request indefinitely. Therefore, this request will not be purged by program RSPO0041 that deletes old spools.

4

4. Choose a spool retention period (for example, Delete after 3 days). 5. Choose

Save.

6. Choose Continue.

6

14–20

Release 4.6A/B

Chapter 14: Output Management Check Spool Consistency (SPAD)

7. In the status bar, a message stating that a spool request was created is displayed. 8. Choose

.

8

7

9. The new output requested now appears. 9

&KHFN6SRRO&RQVLVWHQF\63$' :KDW

A spool consistency check compares data in the spool and output request tables (TSP01 and TSP02), with the entries in the TemSe tables (TST01 and TST03), TSP0E (archive) and TSP02F (frontend print request) tables. It also displays a list of obsolete write locks which should be deleted. :K\

If you delete table entries manually from the spool and TemSe tables or delete spool and TemSe objects from the directories, inconsistencies can occur. Other causes of inconsistencies are report and transaction terminations or an incorrectly executed client copy.

System Administration Made Easy

14–21

Chapter 14: Output Management Check Spool Consistency (SPAD)

*XLGHG7RXU

1. In the Command field, enter transaction SPAD and choose Enter (or from the SAP standard menu, choose Tools→ CCMS→ Spool→ SPAD-Spool administration). 2. Choose the Administr. tab.

2

3. Choose Consistency check of spool database.

3

14–22

Release 4.6A/B

Chapter 14: Output Management Check TemSe Consistency (SP12)

The system checks the spool tables and the TemSe tables to make sure that each spool object has corresponding entries in each of the tables.

1RWH There is another report, RSPO1043, that can be used for the spool consistency check. It should be scheduled as a periodic batch job (see SAP note 98065).

&KHFN7HP6H&RQVLVWHQF\63 :KDW

A TemSe consistency check compares data in TST01 [Temporary Sequential Database (TemSe) objects] and TST03 (TemSe data) tables. The TemSe contains objects that are temporary such as job logs, spool requests, tests for workflow, batch input logs, and personnel administration temporary data. The report RSTS0020 performs the consistency check. :K\

The relationship between the object and data in the TemSe may be destroyed due to the following activities: < Restore from backups <

Copying databases

<

Copying clients using improper tools

<

Deleting clients without first deleting their objects

System Administration Made Easy

14–23

Chapter 14: Output Management Check TemSe Consistency (SP12)

*XLGHG7RXU

1. In the Command field, enter transaction SP12 and choose Enter (or from the SAP standard menu, choose Tools→ CCMS→ Spool→ SP12-TemSe Administration). 2. From the menu bar choose TemSe database → Consistency check.

2

3. The TemSe objects and data were checked. 4. If there are inconsistencies: a. Select the item b. Choose Delete Selection.

14–24

Release 4.6A/B

&KDSWHU 1HWZRUN266HUYHU

$GPLQLVWUDWLRQ

&RQWHQWV Overview ................................................................................................................15–2 Operating System Tasks ......................................................................................15–2 Other Tasks .........................................................................................................15–12

System Administration Made Easy

15–1

Chapter 15: Network/OS/Server Administration Overview

2YHUYLHZ This chapter is about using transactions to get to the operating system log, regardless of the platform.

2SHUDWLQJ6\VWHP7DVNV 2SHUDWLQJ6\VWHP$OHUW$/

*XLGHG7RXU

Use the operating system alert monitor for a quick visual review. 1. In the Command field, enter transaction AL16 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → Performance menu → Operating System → Local → Alerts → AL16-Operating system). 2. Review this screen for potential problems.

15–2

Release 4.6A/B

Chapter 15: Network/OS/Server Administration Operating System Tasks

6\VWHP/RJV26 :KDW

The system logs are where the operating system and some applications write event records. Depending on the operating system, there may be multiple logs. :K\

There may be indications of a developing problem (for example, a hard drive that generates errors may indicate that it is failing and needs to be replaced). +RZ

*XLGHG7RXU

1. In the Command field, enter transaction OS06 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → Performance menu → Operating System → Local → OS06-Activity). 2. Choose Detail analysis menu.

2

System Adminstration Made Easy

15–3

Chapter 15: Network/OS/Server Administration Operating System Tasks

3. Choose OS Log.

3

This screen shows the operating system log. In this example, it is the NT event log.

15–4

Release 4.6A/B

Chapter 15: Network/OS/Server Administration Operating System Tasks

17(YHQW/RJV :KDW

NT has three event logs: < <

System Security

<

Application

:K\

There may be indications of a developing problem. If the security audit parameters have been properly set, you could detect unauthorized attempts to access files. Configuring the security audit function is a tradeoff among the following: < The need to log security events. < System resources to track and maintain the log. The more detailed you make the log, the more the system performance will degrade. This degradation is due to the extra processing required to track and log the items. < Effort required to audit the log (dependent on the size of the log).

*XLGHG7RXU

The following steps show you how to open the NT event logs. 1. On the NT desktop, choose Start → Programs → Administrative Tools → Event Viewer. 2. The following logs can be selected 2 under Log: < System < Security < Application 3. Look for unusual entries. Monitor these entries regularly to recognize unfamiliar events such as errors, failures, or securityrelated entries. These events do not usually occur.

System Adminstration Made Easy

15–5

Chapter 15: Network/OS/Server Administration Operating System Tasks

&KHFNLQJ)LOH6\VWHP6SDFH8VDJH5= :KDW

The file system should have sufficient “free space” for normal operations. Over time, various activities will write files that will use up file space. These files need to be periodically reviewed and moved or backed up and deleted. A few of the items that consume file space when monitoring file space usage include: <

Transports

<

Support packages

<

Extract files from the R/3 System

<

Program logs

<

Backup logs

<

Error logs

<

Inbound interface files

<

Third-party programs that store their data outside the R/3 database

<

Trace files

<

Spool files (if stored at the OS level)

In addition to these items, check to see that the “house cleaning” programs are running properly (see SAP note 16083). :K\

If your file system fills up, the R/3 System may stop because the database cannot write to a file. If R/3 stops, any business operations that use the system will also stop. For example, note the following sequence of events: 1. The SQL Server transaction log fills up the file system. 2. SQL Server cannot write anymore entries into the log. 3. SQL Server will stop. 4. R/3 will stop. Your user will not be able to perform activities such as: < Enter orders < Generate shipping documents to ship products To plan for such a situation:

15–6

<

Anticipate and plan for disk space needs.

<

Determine if storage space expansion is needed. If storage space expansion is needed, purchase and installation plans need to be made. The expansion should be planned to minimize operational disruption.

Release 4.6A/B

Chapter 15: Network/OS/Server Administration Operating System Tasks

<

Determine if “house cleaning” is needed. If archiving is required for data files, archive to quality storage media such as an optical disk, CD, or other long-term storage media.

*XLGHG7RXU

You can use the R/3 Alert Monitor or go to the operating system to check file system space usage. In this section, we use the R/3 Alert Monitor, because we can set alert points. 1. In the Command field, enter transaction RZ20 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → RZ20-Alert Monitor). 2. Click the node (+) to expand the monitor set. 3. Select the monitor set (for example, SAS for docu). 4. Choose

4

.

2 3

System Adminstration Made Easy

15–7

Chapter 15: Network/OS/Server Administration Operating System Tasks

5. Drill down to get to the following starting node: <SID>\_<SID>_ (for example, SAS\pa100767_SAS_00). 6. Drill down to the drives OperatingSystem → Filesystems. The drives are color coded to indicate alert status: < Green (OK) < Yellow (Warning) < Red (Critical) 7. Select a drive (for example, H:) and drill down to see its statistics (Freespace and Percentage_Used):

5

These are statistics at the drive (not directory) level. As you view these statistics, keep your system in mind. For example, on your system, drive H may contain the database which takes up all the space on that drive. Keeping this in mind, you can expect and ignore the warning message, or change the alert threshold for that specific drive. For more information on changing the alert threshold, see page 15–9.

15–8

6

7

Release 4.6A/B

Chapter 15: Network/OS/Server Administration Operating System Tasks

&KDQJLQJWKH$OHUW7KUHVKROG5= Also see chapter 10, Maintaining the Alert Thresholds for RZ20. To customize the points when the alert indicator changes from green to yellow, yellow to red, back from red to yellow, and yellow to green: 1. Click the node of the drive for which you want to change the threshold (for example, drive H:).

3

2. Select an alert (for example, Freespace). 3. Choose Properties.

1 2

System Adminstration Made Easy

15–9

Chapter 15: Network/OS/Server Administration Operating System Tasks

4. Then: a. Choose

7

.

b. The Threshold values fields will 4a change color from grey to white, indicating that you can change the values. 5. Under Threshold values, select a threshold change point (for example, Change from GREEN to YELLOW). 6. Enter the new value for when the alert will change color (for example, 500).

5

4b

6

These threshold values are specific to your system and even to specific drives in your system. 7. Choose Save. 8. A message appears in the status bar indicating that the new properties were saved.

15–10

8

Release 4.6A/B

Chapter 15: Network/OS/Server Administration Operating System Tasks

&OHDQLQJ2XW2OG7UDQVSRUW)LOHV :KDW

Transport files are used to transport or move SAP objects and customizing changes between clients and systems. :K\

If left unchecked, transport files could gradually fill up the file system. If the file system fills, operations may be affected because: <

Outbound R/3 System files may not be created.

<

Transport export may fail.

<

Inbound files may not be created.

In an extreme situation, if you run out of file system space, R/3 may stop, or you may have other failures because R/3 or other applications cannot write to the necessary files. :KHQ

The transport directory check is important: <

After a major implementation where many transports have been created that take up a lot of space.

<

Immediately before (or after) performing a database copy, if you do not use a central transport directory, most (if not all) files dated before the copy become irrelevant to the system.

<

After installing a large support package.

+RZ

To complete a transport directory check: 1. Check the following directories under /usr/sap/trans: <

Data

<

Cofiles

<

Log

2. Sort the directory by date to determine file age. 3. Archive obsolete files. These are files created before a database refresh or those that have been applied successfully to all target systems. 4. As an option, archive old transports to a backup media such as tape, optical disc, or CD.

System Adminstration Made Easy

15–11

Chapter 15: Network/OS/Server Administration Other Tasks

Check the following: < Support package directory /usr/sap/trans/EPS/in < Transport data directory /usr/sap/trans/data Support package files can be reloaded if needed and can be large (for example, hot package 10 for Release 4.0B is over 200MB).

2WKHU7DVNV &OHDQWKH7DSH'ULYH To minimize a backup failure due to a dirty head, clean the tape drive as part of a preventive maintenance program. To keep your tape drive clean: <

Follow the tape drive manufacturer’s instructions for your tape drive. Some drives specify a specific interval of use for cleaning, typically based on hours of use. Adjust your cleaning frequency to account for your usage. Remember, that these are recommendationsnot rules. If you consistently have recording errors or “head dirty” messages, then decrease the time between cleanings. If you have to clean your tape drives more or less frequently, this task should be moved to the appropriate interval. Some drives (for example, DLT) do not require regular cleaning. They only need cleaning when the “clean head” indicator light is activated.

<

Use the manufacturer’s approved cleaning cartridge for the tape drive.

<

Use the cleaning cartridge according to the manufacturer’s instructions.

<

Between uses, store the cleaning cartridge according to the manufacturer’s instructions.

Keep your server room clean. A dusty or dirty environment will not only make you clean your tape drive more often, but will also coat the inside of the server with dust and cause a cooling problem.

15–12

Release 4.6A/B

Chapter 15: Network/OS/Server Administration Other Tasks

8QLQWHUUXSWLEOH3RZHU6XSSO\ &KHFNWKH8QLQWHUUXSWLEOH3RZHU6XSSO\ :KDW

The uninterruptible power supply (UPS) that you use should be monitored by a control program. This program, when triggered by a power event, records the event and initiates a shutdown process of the R/3 environment (R/3, the database, related applications, and the operating system), and finally the server. In addition, most UPSs have a self-test and capacity calibration function. The results of these tests are logged. Specific data logged depends on the program and the UPS. :K\

You need to review the power events that triggered the UPS control program. While the UPS protects the server, the control program should be recording power events such as power dips, brown outs, power failures, etc. This recording could help you or the facilities person solve electrical problems in the facility. For example, a pattern of power dips or outages may indicate a problem elsewhere in the building. You need to verify that: <

The UPS is functioning

<

The self-tests completed successfully

<

There is sufficient capacity in the batteries

The batteries in the UPS must be periodically replaced. If the batteries are low, the capacity test will indicate that the batteries do not have sufficient capacity to shutdown the system before failing. +RZ

Review the log for the UPS control program. &KHFN\RXU8366KXWGRZQ3URFHVV :KDW

Verify that your UPS shutdown process works. A shutdown process is an automated script for the UPS to shut down R/3, the database, other applications, the operating system, and the UPS. :K\

This check verifies that the entire shutdown process works as planned and documented. When there is a power failure, the R/3 environment should be shut down in an orderly manner. There should be sufficient reserve in the UPS to reach the end of the shutdown

System Adminstration Made Easy

15–13

Chapter 15: Network/OS/Server Administration Other Tasks

process. Something might have changed since your last test to cause the shutdown process to fail. If this process fails, you need to find out why and fix the problem. The stopsap command does not work within all UPS control programs. You need to verify that your UPS control program will properly stop R/3 and the database before shutting down the server. Like a car battery, UPS batteries wear out over time and must be replaced. If the battery is worn out, the UPS will not have sufficient power to complete the shutdown process.

&KHFN0DLQWHQDQFH&RQWUDFWV :KDW

Many of the servers and related equipment are under maintenance or service contracts with the manufacturer or distributor. <

The production system and critical equipment should be under a “premium” 24 hour x 7 day (x 2 hour response) support agreement.

<

Less critical equipment can be under a next-business-day support agreement.

:K\

If you need support or service and the service contract has expired, the confusion and time to reestablish the service contract could be critical. :KDW

The support level should be selected based on equipment use. If a piece of equipment becomes critical to the company’s operation, its support level should be upgraded to reflect the critical nature of that equipment. Conversely, equipment could become “noncritical” or be replaced. In this situation, the service contracts could be downgraded or dropped as appropriate. +RZ

<

Keep a list of service contracts. Include what these contracts are for and the expiration date in the list.

<

Review equipment usage to determine if the support level for equipment should be upgraded, downgraded, or dropped.

<

Review the list for expiration dates each quarter. How long in advance of the expiration date to do this review depends on the time it takes to go through the purchase requisition and approval process in your company.

<

15–14

Renew service contracts.

Release 4.6A/B

Chapter 15: Network/OS/Server Administration Other Tasks

5HYLHZ+DUGZDUHRUD6\VWHP0RQLWRU3DJLQJ6\VWHP :KDW

A hardware or system monitor paging system generates alert messages (including e-mail) and pages based on your predefined parameters. Depending on the software, the following can be monitored: <

Hardware items (such as servers, routers, and printers)

<

Logs (such as operating system, applications, and database) By monitoring the NT event logs, you can monitor events from the SAP system log. This way, critical events such as an Update Terminate can be detected and acted on as soon as they happen. The following screen is courtesy of TNT Software.

The screenshot above shows that the monitor has three functional windows: < Notification Rules

<

This mechanism passes or filters events, and determines what action will be taken on the events that are passed. Events

<

These are the events that have been passed to the monitor program. (They got through the filters in Notification Rules.) Monitored device

System Adminstration Made Easy

15–15

Chapter 15: Network/OS/Server Administration Other Tasks

These are the monitored servers and IP devices. This example, however, has not been configured to pick up and report on SAP events. Initially, there will be a lot of tuning as the system parameters are adjusted. Over time, parameter adjustments will reduce. :K\

You may need to change alert parameters to filter noncritical events and to generate alerts for critical events. The key to remember is that this process is dynamic. Some of these tasks are as follows: <

Account for new events that have never occurred. Critical, you need to generate a page Important, you need to generate a message (for example, e-mail)

<

Determine if an event that used to be filtered now needs to generate an alert

<

Filter out events (both old and new) that should not generate alert messages

<

Filtering is necessary to manage the messages that are reviewed. If too many irrelevant messages get through the filter, it becomes difficult to review the alert message log. Adjust for personnel changes There may be other events that require action (for example, shift or duty changes for organizations with several people “on call”).

<

Test that all alert mechanisms are functional.

The paging/messaging function needs to be tested regularly. If the monitoring program is unable to send a page, you will not receive the page when a critical alert occurs. The inability to send a page can be caused by: <

Someone changing something in the e-mail or phone system that prevents alert messages from being sent.

<

A phone patch cable that has disconnected from the modem.

+RZ

To review the paging system: <

Review the various monitored logs (such as the NT event logs) to look for events that should generate an alert message (e-mail or page). The monitor program needs to be configured to pick these events up and properly process them.

<

Review the alert monitor log for alert events that should be “filtered” out. The monitor program needs to be configured to filter or ignore such events.

<

Test all alert mechanisms, such as pager, e-mail, etc. to make sure that they are functional. If you receive regular daily e-mail messages, then the e-mail testing is being done for you.

15–16

Release 4.6A/B

&KDSWHU 2SHUDWLRQV

&RQWHQWV Overview ................................................................................................................16–2 Check that All Application Servers Are Up (Transaction SM51)......................16–2 Background (Batch) Jobs ....................................................................................16–3 Background Jobs (SM37)...................................................................................16–15 Operation Modes.................................................................................................16–21 Backups ...............................................................................................................16–36 Checking Consumable Supplies .......................................................................16–42

System Administration Made Easy

16–1

Chapter 16: Operations Overview

2YHUYLHZ Operations is a generic category that refers to the tasks that would be done by a computer operations group. These are the tasks that the people in the “glass room” in a data center would be doing. If you do not have a data center, these tasks do not disappear; they must be assigned to the appropriate employees. This chapter is important because operations is a crucial part of system administration. While learning to manage operations, readers will learn how to perform: <

Batch jobs

<

Background jobs

<

Operation modes

<

Backups

&KHFNWKDW$OO$SSOLFDWLRQ6HUYHUV$UH8S7UDQVDFWLRQ 60 :KDW

Transaction SM51 allows you to look at all the servers in your system (for example, the PRD database server and all of its application servers). You do not have to log into each server individually. :K\

The ability to look at the servers is important because if: < One of your dialog application servers is not up, the users who usually log on to that application server will not have a server to log on to. <

16–2

The batch application server is down, batch jobs that are specified to run on that server will not run.

Release 4.6A/B

Chapter 16: Operations Background (Batch) Jobs

*XLGHG7RXU

1. In the Command field, enter transaction SM51 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring → SM51 - Servers). 2. Review the list of instances under Server name. Verify that all your instances are listed. If it is listed, it is up and running.

2

%DFNJURXQG%DWFK -REV :KDW

In the R/3 System, a batch job is referred to as a background job. This job runs independently of a user being logged on. There are two kinds of background jobs: <

Regular These are jobs that are run on a regular schedule.

<

Ad hoc These are jobs that are run as needed or required.

:K\

Background jobs are used for the following reasons: <

Users have the flexibility of scheduling jobs when they are out of the office.

<

The program can be run without locking a user session.

<

Jobs that run for a long time would time out if executed online.

System Administration Made Easy

16–3

Chapter 16: Operations Background (Batch) Jobs

5HJXODUO\6FKHGXOHG-REV :KDW

Regularly scheduled jobs are background jobs that will run on a schedule (for example, daily at 11:00 a.m., Sundays at 5:00 a.m., etc.) :K\

Regularly schedule jobs are run to: <

Collect performance statistics

<

Populate an information system, such as the Special Ledger.

<

Generate a report

<

Generate output for an outbound interface

<

Process an inbound interface

<

Perform housekeeping tasks, such as deleting old spool requests

+RZ

The job is scheduled like any other background job, but with a few additional considerations: %DWFK8VHU,'

<

Create a special user ID to be used only for scheduling batch jobs, such as BATCH1. The reason for special user IDs is to keep scheduled jobs independent of any user. This way, when a user leaves the company, the jobs will not fail when the user ID is locked, shut down, or deleted.

<

Consider multiple-batch user IDs when batch jobs are scheduled by or for different organizations or groups. This method has the disadvantage of having to manage multiple accounts. For example: BATCH1 System Jobs BATCH2 Finance BATCH3 Accounts Payable BATCH4 Warehouse BATCH5 Material Planning/Inventory

3HUIRUPDQFH For more information on performance, see 16–5. +RXVHNHHSLQJ-REV These background jobs must be run regularly to perform administrative tasks, such as:

16–4

<

Deleting old spools

<

Deleting old batch jobs

<

Collecting statistics

Release 4.6A/B

Chapter 16: Operations Background (Batch) Jobs

See SAP note 16083 for the required SAP housekeeping jobs, and to schedule the spool consistency check, see SAP note 98065.

Program RSPO0041 is sometimes troublesome; see SAP note 48400.

2WKHUV Various modules and functions may require their own regularly scheduled jobs. For example, the Special Ledger requires a regular job to copy data from the FI/CO modules and to regenerate sets in Special Ledger. There may be various database and operating system-level housekeeping jobs that also need to run.

3HUIRUPDQFH)DFWRUVIRU%DFNJURXQG-REV Background jobs consume a significant amount of system resources. As a result, they could adversely affect online system performance. There are several ways to improve system performance while running background jobs. These methods benefit both online users and other background jobs. To reduce the system impact from background jobs: < Run batch jobs on a dedicated “batch” application instance/server. This step separates the processing requirements of the background job from the processing requirements of online users and of the database. Even with as little as 10 users on a “small” central instance (no application servers), two batch jobs can significantly slow down the online system response. Therefore, even for a small installation, there may be a need for application servers to offload the batch processing from the central instance. The instance profile for this application server would be tuned for background jobs rather than dialog (online) performance (for example, five background work processes and only two dialog work processes). Specifying a target host is a “double-edged sword.” If you specify the target host, load balancing is not performed. There may be the situation where all the batch work processes on the batch application server are in use, and other application servers are idle. However, by specifying that the job is to run on the batch application server, it will not run on any of the other available application servers. This job will wait until a batch work process is available on the specified batch application server. <

Schedule background jobs to run during nonpeak periods, such as at night or during lunch. If no one is on the system, slow system performance does not matter.

<

Minimize job contention. Two background jobs are running at the same time and contending for the same files, possibly even the same records. Minimizing this conflict is one reason to coordinate background job scheduling (for example, by not simultaneously running two AR aging

System Administration Made Easy

16–5

Chapter 16: Operations Background (Batch) Jobs

reports). In such cases, the reports may finish sooner if they are run sequentially, rather than in parallel. <

For global operation, consider the local time of your users. For example, scheduling a resource intensive background job to start at 1:00 a.m. PST in California (0900 GMT) corresponds to 10:00 a.m. CET in Germany. This time may be good for Americans who are not working, but it is the middle of the workday morning in Germany. When these jobs run can be critical, for tasks such as backing up operating system-level files, because of the following: A backup of these files may require that the file not be changed or used during the backup, or the backup will fail. Programs attempting to change the file will fail because the backup has the file locked.

Make a chart that converts your local time to the local time for all affected global sites. With this chart you can quickly see what the local time is for locations that would be affected by a job (see following example): A corporate “master clock” (or time) should be defined for a company with operations in multiple time zones. Two common methods are: < The time zone where the corporate office is located. For SAP in Walldorf, Germany this is Central European Time (CET). For United Airlines in Chicago, IL, this is Central Standard Time (CST). < Coordinated Universal Time (UTC), formerly known as Greenwich Mean Time (GMT). This common time is used by global operations, such as the airlines.

The change to and from “daylight savings time” does not occur on the same day in all countries. During that interim time, the “offset” time could be different. The time conversion table (based on a 24-hour clock) below shows selected times around the world.

16–6

Release 4.6A/B

Chapter 16: Operations Background (Batch) Jobs

The Microsoft Excel file for this table is included on this guide’s companion CD, which is located inside the back cover of this book. <

Highlight the column for your local time zone, so you do not accidentally read the wrong column.

<

Using a 24-hour clock eliminates the common A.M./P.M. confusion.

If you use daylight savings time, you need to be aware of the days when the time changes: <

Daylight savings time starts A one-hour time period will “disappear.” Jobs scheduled to run in this missing hour may either not run or run as a late job. Any tasks following this change, which rely on a job scheduled to run during the missing hour, need to be reviewed.

System Administration Made Easy

16–7

Chapter 16: Operations Background (Batch) Jobs

<

Daylight savings time ends This period creates a problem where a one-hour period of time repeats itself. For example, at 3:00 a.m., the clock resets back to 2:00 a.m. This time period will occur twice.

One way to avoid problems when daylight savings time is switched on and off is to use UTC (formerly known as GMT) as your master clock. If you are in a U.S. state that does not use daylight savings time, such as Hawaii, it is not a concern. See the following SAP notes: <

7417 - Changing to daylight savings time and back

<

102088 - End of daylight savings time: the “double” hour

&UHDWLQJDQG6FKHGXOLQJD%DWFK-RE60 :K\

Background jobs are used for the following reasons: <

Users have the flexibility of scheduling jobs when they are not in the office.

<

The program can be run without locking a user session.

<

Jobs that run for a long time would time out if run online.

1RWHV

<

The job class determines the start priority of the job. For example, a “class A” job would start before a “class B” job, and a “class B” job would start before a “class C” job.

<

Once started, all job classes have equal priority. A “class A” job will not take processing resources away from a “class B” job to finish faster.

<

Jobs in the start queue do not affect running jobs. A “class A” job in the start queue will not replace a currently running “class C” job.

Avoid “playing priority games” with the job class. If you make every job a “class A” job, there is no priority, because every job will be at the same priority level. The recommended method is to assign all jobs to job “class C”. The exceptions to this recommendation are those jobs that need the priority. This priority increase should be properly justified. 3UHUHTXLVLWH

A batch job may require that a variant be created to execute the job.

16–8

Release 4.6A/B

Chapter 16: Operations Background (Batch) Jobs

*XLGHG7RXU

1. In the Command field, enter transaction SM36 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Jobs → SM36-Definition). 2. In Job name, enter a job name.

4

Using the standard naming convention makes it easier to manage jobs.

2 3

3. In the Job class, enter C. “Class C” is the standard job class. 4. Choose

Start condition.

5. Choose Date/Time. 5

System Administration Made Easy

16–9

Chapter 16: Operations Background (Batch) Jobs

6. For Schedule start, in Date and Time, enter the start date and time. 8

6 7

The Schedule start is the date and time on the database server, not the local time. 7. On No start after, enter the date and time by which time the program must start. If the program does not start by the specified date and time, then it will not start at all. 8. If you have a job that will run periodically, perform steps 9–13.

9

10

If not, choose Immediate and skip to step 14. 9. Select Periodic job. 10. Choose Period values. 11. Choose the appropriate period button (for example, Daily). 12. Choose

Check.

13. Choose Save.

11

13 12

16–10

Release 4.6A/B

Chapter 16: Operations Background (Batch) Jobs

14. Choose

Check.

15. Choose Save.

15 14

16. Choose

Step.

16

System Administration Made Easy

16–11

Chapter 16: Operations Background (Batch) Jobs

17. To schedule an ABAP program, choose ABAP program. 18. In the ABAP program section, in Name, enter the name of the program (for example, rspo0041). 19. Choose

17

Check. 18

19

If the program has variants, a window with the list of available variants appears. 20. Select the appropriate variant. 21. Choose

20

.

21

16–12

Release 4.6A/B

Chapter 16: Operations Background (Batch) Jobs

22. Choose

Print specifications.

22

23. Enter the printer name or choose 23

to select the printer. 24. Select the appropriate Spool control options. 25. Under Print settings: <

Lines and Columns values are generated by the report.

<

For Format, choose to select the value that most closely matches the Lines and Columns 24 value.

26. Choose

.

25

26

System Administration Made Easy

16–13

Chapter 16: Operations Background (Batch) Jobs

27. Choose Save.

27

28. Choose Save. 29. A message will appear in the status bar indicating that the batch job has been created.

28 30

30. Choose Back.

29

16–14

Release 4.6A/B

Chapter 16: Operations Background Jobs (SM37)

%DFNJURXQG-REV60 :KDW

Background jobs are batch jobs scheduled to run at specific times during the day. :K\

If you are running critical jobs, you need to know if the job failed because there may be other processes, activities, or tasks that depend on these jobs. +RZ

You should have a list of all the critical jobs that are scheduled to run. For each of these jobs, you should have a list that shows: <

When the jobs are scheduled to run

<

The expected run time

<

An emergency contact (names and phone numbers) for job failure or problems

<

Restart or problem procedures

System Administration Made Easy

16–15

Chapter 16: Operations Background Jobs (SM37)

*XLGHG7RXU

1. In the Command field, enter transaction SM37 and choose Enter (or from the SAP standard menu, choose Tools→ CCMS→ Jobs→ SM37 - Maintenance). 2. In Job name, enter * to get all jobs. 3. Enter one of the following options: < * (for all users) < User ID that the batch jobs run under (to limit the display to those scheduled under a specific user ID in User name). 4. Under Job status, select: < Active < Finished < Canceled

8 2 3 4

6

5

5. In Fr., enter a start date. 6. In To, enter an end date. 7. In after event, choose *. 8. Choose

7

and select

Execute.

9. Check for failed or cancelled jobs. Analyze why jobs failed or were cancelled and make the necessary corrections. 10. Check critical jobs such as MRP, check payment jobs, etc. To do this check, you need to know the job name.

9

11. From this point, you may do one of the following tasks: < Check the job log < Get basic job information

16–16

Release 4.6A/B

Chapter 16: Operations Background Jobs (SM37)

&KHFNLQJWKH-RE/RJ To check a job log: 1. Select the job. 2. Choose

2

Job log.

1

3. Check job performance and record run times.

4

A deviation from the usual run time on a job may indicate a problem and should be investigated. 4. Choose Back.

System Administration Made Easy

16–17

Chapter 16: Operations Background Jobs (SM37)

8VLQJWKH-RE7UHH To get basic job information at a glance using the job tree: 1. Select the job. 2. Choose

.

2

1

3. A job tree is displayed showing information such as: <

Job class and status

< <

Target server Job steps

<

Job start conditions

4. Choose

5

.

3

5. Choose Back.

4

16–18

Release 4.6A/B

Chapter 16: Operations Background Jobs (SM37)

*UDSKLFDO-RE0RQLWRU7UDQVDFWLRQ5= :KDW

The graphical job monitor is useful when coordinating many background jobs because it allows you to see individual job statistics. :K\

The graphical job monitor is a visual format where status is indicated by the following colors: <

Aborted job (red)

<

Active job (blue)

If a job ran past its expected end time, and other jobs are scheduled to start, the graphical job monitor lets you see the conflict.

*XLGHG7RXU

1. In the Command field, enter transaction RZ01 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Control/Monitoring → RZ01-Job Scheduling Monitor). 2. Choose Time unit → Hour to get a more usable time scale. 3. Choose Legend to get a popup legend of the colors or patterns used.

2 3 4

4. Choosing Timer ON will update the display every three minutes.

System Administration Made Easy

16–19

Chapter 16: Operations Background Jobs (SM37)

%DWFK,QSXW-REV1HZRU,QFRUUHFW60 :KDW

This transaction shows jobs that need to be processed or started, and jobs with errors that need to be resolved. :K\

This transaction is important because it alerts you to batch input jobs that are: <

New These are jobs that are waiting to be processed (for example, a posting from an interface file). If not processed, the data will not post to the system.

<

Incorrect These are jobs that have failed due to an error. The danger is that only a portion of the job may have posted to the system. This partial posting increases the potential for data corruption of a different sort, since only part of the data is in the system.

*XLGHG7RXU

1. In the Command field, enter transaction SM35 and choose Enter (or from the SAP standard menu, choose Tools→ Administration→ Monitor→ SM35-Batch Input). 2. Enter a start date of at least a week ago (or even further back if people 3 are not good about resolving these jobs) in the From field. 2

3. Choose

16–20

.

Release 4.6A/B

Chapter 16: Operations Operation Modes

4. Choose the New tab. A list of batch input sessions that need to be processed are displayed. 5. Choose the Incorrect tab.

4

5

A list of incorrect batch input sessions are displayed. 6. Contact the responsible user to notify them or determine why these jobs are in: <

New Sessions

<

Incorrect sessions

2SHUDWLRQ0RGHV :KDW

Operation modes allow the R/3 System configurations to be adapted to different requirements. The configuration is the mix of the number of dialog (online) and batch processes at different times of the day. When switching operation modes, the R/3 work processes are automatically redistributed, without stopping and restarting the instance. Only the work process type changes. For example, a work process used as a dialog process can be switched for use as a background process. The total number of work process remains the same. The new process type is not activated until the process is free, which means that a process may not be immediately switched. Instead, it is set for switching at the earliest possible time. For example, if all background processes to be switched to dialog processes still have jobs running, the processes are individually switched when the jobs are completed. Processing is not interrupted and normal system operation continues uninterrupted during the operation mode switch. Operation mode switches are recorded in the system log. The old process type and the new process type are recorded for each switched work process. :K\

A batch job runs on a batch work process until it is completed and does not “time share” the work process. Therefore, to increase the number of batch jobs that are processed during a given period, you need to increase the number of batch work processes. To achieve this

System Administration Made Easy

16–21

Chapter 16: Operations Operation Modes

increase, you must also decrease the number of dialog (online) work processes by the same amount. This process is usually done to increase the number of batch sessions available to process batch sessions at night, when most of the online users have gone home and you have many batch jobs to run. During the day the opposite situation occurs. The number of batch work processes is reduced, and the number of dialog work processes is increased to accommodate the number of online users. For example: Mode

Dialog WP

Batch WP

Day

5

2

Night

2

5

There should always be a minimum of two dialog processes. Do not reduce the value below two. There must be at least two batch work processes on the system. An individual instance, such as a dialog application server, could be configured without a batch work process. But there must be batch work processes to use somewhere on the system, or a task (such as a transport) will fail if it needs a batch work process to execute. For small clients with little batch processing at night, the additional process of configuring and maintaining operation modes may not be necessary. Not using operation modes reduces the level of administration required to maintain the system. Although once configured and running, there is little maintenance required. +RZ

To set up and use the operations modes: 1. Define the operation mode (RZ04). 2. Assign the instance definition to an operation mode (RZ04). 3. Define the distribution of work processes for the operation modes (RZ04). This distribution is the mix of dialog and batch work processes. 4. Assign the operation modes (SM63). Define or set the schedule of when the modes will switch and to what mode it will switch to.

16–22

Release 4.6A/B

Chapter 16: Operations Operation Modes

7R'HILQHWKH2SHUDWLRQ0RGH5=

*XLGHG7RXU

1. In the Command field, enter transaction RZ04 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Configuration → RZ04 - OP Modes/instances). 2. Choose

.

2

3. In the Operation Mode field, enter a name or title description. 5

4. In Description, enter a short description for the mode. 5. Choose Save.

3 4

Make the name and descriptions meaningful, such as day mode and night mode, which makes it easier to select them later.

System Administration Made Easy

16–23

Chapter 16: Operations Operation Modes

Productive Operation Modes are for normal R/3 operation. Test Operation Modes are used for systems where development work or testing is being done. Test Operation Mode can be switched manually or by using the timetable. 6. The Operation mode (for example, day) is created.

6

7. Repeat the above steps for any additional operation modes (for example, afternoon and nite) you need.

7

16–24

Release 4.6A/B

Chapter 16: Operations Operation Modes

$VVLJQDQ,QVWDQFH'HILQLWLRQWRDQ2SHUDWLRQ0RGH5=

*XLGHG7RXU

7KH)LUVW7LPH
2

3. To generate an instance definition for our host, from the menu bar, choose Settings → Based on current status → New instances → Generate.

System Administration Made Easy

3

16–25

Chapter 16: Operations Operation Modes

4. The instances are populated. 5

5. Choose Save.

6

6. Choose Back.

4

$GGLQJD1HZ2SHUDWLRQ0RGH 1. In the Command field, enter transaction RZ04 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Configuration → RZ04 - OP Modes/instances). 2. Choose Instances/operation modes.

2

16–26

Release 4.6A/B

Chapter 16: Operations Operation Modes

3. Choose any operation mode. 4. Choose

.

4

3

5. Choose Other operation mode. 6. Choose mode.

to select an operation

6

5

System Administration Made Easy

16–27

Chapter 16: Operations Operation Modes

7. Choose the new Operation Mode (for example, morning). 8. Choose

. 8

7

9. At this point, you can also define the work process distribution (see Defining Distribution of Work Processes later in this chapter). 10. Choose Save.

10

16–28

Release 4.6A/B

Chapter 16: Operations Operation Modes

11. Under Op Mode, the new operation mode, morning, appears.

12

12. Choose Save.

11

'HILQLQJ'LVWULEXWLRQRI:RUN3URFHVVHV5=

*XLGHG7RXU

1. In the Command field, enter transaction RZ04 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Configuration → RZ04 - OP Modes/instances). 2. Select the operation mode you wish to define (for example, nite). 3. Choose Instances/operation modes. 3

2

System Administration Made Easy

16–29

Chapter 16: Operations Operation Modes

4. Select an OP Mode, for example nite. 5. Choose

. 5

4

6. Click in the Background field.

Do not change any other field. Use the minus (-) or plus (+) buttons to reduce or increase the number of Background work processes. This step automatically changes the number of Dialog work processes by the opposite amount, to keep total number of work processes the same.

6

In this example, we increased the number of background work processes from 1 to 3.

6

6

7. Choose Save. 7

Remember that there should always be a minimum of: < Two dialog processes on an instance < Two batch work processes on a system

16–30

Release 4.6A/B

Chapter 16: Operations Operation Modes

8. The changes now appear on this screen.

9

9. Choose Save.

8

10. Repeat for all the other operation modes.

11

11. Choose Save.

10

System Administration Made Easy

16–31

Chapter 16: Operations Operation Modes

$VVLJQLQJ2SHUDWLRQ0RGHV60

*XLGHG7RXU

1. In the Command field, enter transaction SM63 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Configuration → SM63 – Operation mode calendar). 2. Select Normal operation (24hr). 3. Choose

Chan.(Change).

2 3

16–32

Release 4.6A/B

Chapter 16: Operations Operation Modes

4. This screen shows the timetable. The dashed arrow (= =>) indicates the current time. 5. Double-click on the beginning and ending times when the operation mode should be in effect.

6

6. Choose Assign.

5

5

4

7. In Op. mode, choose

. 7

8. Choose the mode to assign (for example, day). 9. Choose

.

9

8

System Administration Made Easy

16–33

Chapter 16: Operations Operation Modes

10. Choose

.

10

11. The operation mode name is next to the time periods you assigned.

11

16–34

Release 4.6A/B

Chapter 16: Operations Operation Modes

12. Repeat steps 5–11 for the other operation mode(s).

13

13. Choose Save.

14. When the Operation Mode switches, entries appear in the system log (transaction SM21).

14

System Administration Made Easy

16–35

Chapter 16: Operations Backups

%DFNXSV 3HULRGLF$UFKLYDOV At the end of the quarter: <

Made certain you get a usable backup at the end of the quarter.

<

Send quarter-end backup tapes offsite for an extended period.

At the end of the year: < <

Make certain to get a usable backup at year-end. Send the backup tapes offsite for an extended period.

Be aware that you may have two year-end backup dates: <

End of the calendar or fiscal year

<

After the financial books are closed for the year This period may be several months after the end of the fiscal year.

The length of the “extended” period should be determined by your legal and finance departments, external auditors, and others as appropriate in the company (for more information, see discussion in chapter 3).

%DFNXSWKH'DWDEDVH See the procedures in chapter 3, 15, and 17.

3HUIRUPLQJD)XOO6HUYHU%DFNXS :KDW

An offline backup of the entire server is done at the operating system level. This process requires that the R/3 System and the database be down so that no files are open. :K\

Performing an offline backup is necessary for files that cannot be backed up if the R/3 System or the database is active. With this full-server backup, you know you have “everything” on the server. If you experience major system problems, you will have a defined point from where everything is backed up and from where you can begin a restore.

16–36

Release 4.6A/B

Chapter 16: Operations Backups

:KHQ

A full-server backup should be performed before and after major changes on the server, such as: <

Installing new software

<

Upgrading installed software

<

Changing hardware

If a change has a catastrophic effect (a disaster), you will need to recover the server to its “before-the-change” state. +RZ

To perform a full server backup: 1. Stop the R/3 System. 2. Stop the database. 3. Stop all “services” (NT). 4. Execute the backup using your backup program (database and file system). 5. Check backup times and logs. 6. Cycle the server.

System Administration Made Easy

16–37

Chapter 16: Operations Backups

&KHFNLQJWKH%DFNXSV'% '% 'DWDEDVH

*XLGHG7RXU

1. In the Command field, enter transaction DB12 and choose Enter (or from the SAP standard menu, choose Tools → CCMS → DB Administration → DB12-Backup logs). 2. Record the date and time that appears next to Full R/3 backup. 3. If the backup failed, there is no indication on this screen, except that the last successful backup date was not the expected date. You must review DB13 to see the indication that the job failed.

4

4. Choose Backup history to get more detail on the backups.

2

5. This screen shows the backup. For the backup that ran, you can see the following info: a. Start date and time.

5a

5b

5c

5d

b. DB name c. Media name or tape label d. Position on the backup tape

16–38

Release 4.6A/B

Chapter 16: Operations Backups

*XLGHG7RXU

1. In the Command field, enter transaction DB13 and choose Enter (or from the SAP Standard Menu, choose Tools → CCMS → DB Administration → DB13-DBA Planning Calendar). 2. Look for the backup job that is listed under each data square. 3. If the backup failed, the job will be indicated in red.

5

In Release 4.6, red-text jobs could also mean that the job log is unavailable, and the job could still be running. 4. Select the entry for the backup.

4

3

5. Choose Action logs.

This is the job log from the backup.

System Administration Made Easy

16–39

Chapter 16: Operations Backups

2SHUDWLQJ6\VWHP/HYHO%DFNXSV The general process is as follows: 1. Record the usual or expected run time for the backup. 2. Compare the actual backup time to the expected (usual) run time for the backup. If the backup takes longer or shorter than this time, there may be a problem that needs to be investigated.

Any failed backup must be immediately investigated and resolved. 81,; For your UNIX-level backup, review the results using the appropriate UNIX backup application. 17 We assume that you are using the NTBackup application. If you are using another program, use that program’s documentation to determine its status after backup. NTBackup records some log information in the NT event logs. A more specific log is written to a file as specified when NTBackup is run.

*XLGHG7RXU

1. From the Windows NT desktop, 2 choose Start → Programs → Administrative tools → Event viewer. 3

Create a shortcut on your desktop to the Administrative tools group. 2. Choose Log → Application. 3. Under Source, look for the NTBackup entries. 4. Check for error messages, which are indicated in red.

16–40

Release 4.6A/B

Chapter 16: Operations Backups

5. To view the details for a line entry, double-click on the line. This view will give you a bit more information.

5HYLHZWKH17%DFNXSORJ

If the event log indicates problems: 1. Review the NTBackup log to determine more specifically what the error was. 2. Using that information, take corrective action. The NTBackup log is by default: c:\winnt\backup.log. If the NTBackup writes to a different file or directory, you need to review that file. 1. In Explorer, select the directory c:\Winnt. 2. Double-click on Backup.log. Backup.log is a text file. This step assumes that you have Notepad associated with the extension log. 2 1

System Administration Made Easy

16–41

Chapter 16: Operations Checking Consumable Supplies

3. Scroll through the file to look for any problems.

&KHFNLQJ&RQVXPDEOH6XSSOLHV :KDW

Consumable supplies are those that you use regularly, such as: <

Cleaning cartridges

<

Data cartridges (tape and disk)

<

Laser printer toner

< <

Ink cartridges Batteries

<

Forms

<

Envelopes, etc.

Within the group of consumable supplies are “critical supplies.” If these supplies run out, your business operations could be affected or stopped. Examples are preprinted forms with your company’s name or other special printing and magnetic toner cartridges. The amount of spare supplies purchased and available on-hand should be enough to accommodate varying usage levels and to allow for time to purchase replacements. :K\

Running out of supplies will create an inconvenience, or even an operational problem. &ULWLFDO6XSSOLHV

If an item is critical, and you run out of it, business operation may stop.

16–42

Release 4.6A/B

Chapter 16: Operations Checking Consumable Supplies

([DPSOH If you run out of the magnetic toner cartridge for the check printer, you will not be able to generate checks out of the system. At this point, either you cannot print checks to pay your vendors, or you have to manually type the checks (if you have blank manual check stock on hand). Special or custom supplies such as the following require special consideration: <

Special magnetic ink toner cartridges to print the MICR characters on checks. Not every computer supplier will stock these special cartridges.

<

Preprinted forms (with company header, instructions, or other custom printing). Due to the customized nature of these items, there is usually a significant lead time to restock these items.

If it is a critical item, stock extras, the first spare may be bad or defective.

Murphy says: “When you need something immediately, it will be Friday evening and vendors and stores will be closed.” +RZ

To check consumable supplies: <

Check the expiration date on supplies that are subject to aging. This check applies to supplies currently being used and those in inventory (not yet in use).

<

Check supplies that have a “time in service” expiration, such as hours, cycles, etc. ([DPSOH Certain DAT tapes are rated for 100 full backups. After that they should be discarded and replaced with new tapes. (This usage limit can be entered into the SAPDBA control file for Oracle.)

<

Keep in touch with your purchasing agent and the market place. Market conditions may make certain supplies difficult to purchase. In such conditions, the lead time and quantities to be purchased need to be increased. For example, at one time, 120 meter DAT tapes cartridges were difficult to buy, at any price.

<

Track usage rates and adjust stocking levels and purchasing plans as needed.

System Administration Made Easy

16–43

Chapter 16: Operations Checking Consumable Supplies

2WKHU&RQVLGHUDWLRQV

Certain supplies may have long lead times for purchase, manufacture, or shipping. Do not make your lack of planning the purchasing agent’s emergency. If you do this too often, you will soon “use up your favors.” Then when you really need help, the purchasing agent may not be as willing to help you.

16–44

Release 4.6A/B

&KDSWHU &KDQJH0DQDJHPHQW

&RQWHQWV Table Maintenance (Transaction SM31) .............................................................17–2 Change Control .....................................................................................................17–9 Managing SAP Notes ............................................................................................17–9 Change Control (Managing Transports) ...........................................................17–12 Transporting Objects..........................................................................................17–15

System Administration Made Easy

17–1

Chapter 17: Change Management Table Maintenance (Transaction SM31)

7DEOH0DLQWHQDQFH7UDQVDFWLRQ60 If no transaction is available to maintain a table, it can be directly maintained using transaction SM31. Use this method if, and only if, there is no transaction to maintain the table. Directly maintaining a table circumvents all edits and validations in the system. When a change is made directly to a table and the table is saved, the change is immediate. There is no “undo” function.

&UHDWLQJDQ(QWU\LQWKH7DEOH60

*XLGHG7RXU

1RWH This procedure shows how to create new entries in the Prohibited Password table, USR40. 1. In the Command field, enter transaction SM31 or SM30 and choose Enter (or from the menu bar, choose System → Services → Table maintenance → Extended table maintenance). 2. In Table Views, enter the table name (for example, USR40). 3. Choose

Maintain.

2

3

17–2

Release 4.6A/B

Chapter 17: Change Management Table Maintenance (Transaction SM31)

4. If the table you are changing is client-independent, this dialog box appears. Choose

. 4

Client independent changes will affect all clients on a system, not just the client on which you are working. 5. Choose New entries.

5

System Administration Made Easy

17–3

Chapter 17: Change Management Table Maintenance (Transaction SM31)

6. In Password (the field name that appears depends on the table selected), enter the new entry (for example, january).

7

7. Choose Save.

6

If the client is not configured to record changes for transport, this screen does not appear. 8. If this screen appears, create a request by choosing . 8

9. In Short description, enter text that describes what change you are making to the table and why you are making the change.

9

10. Choose Save.

10

17–4

Release 4.6A/B

Chapter 17: Change Management Table Maintenance (Transaction SM31)

11. Record the request number. This number is needed to transport the table changes to the other systems. 12. Choose

. 11

12

13. The message in the status bar indicates that the entries have been saved.

14

14. Choose Back.

13

15. Here you see the new entry january in the table. 16

16. Choose Back.

15

System Administration Made Easy

17–5

Chapter 17: Change Management Table Maintenance (Transaction SM31)

'HOHWLQJDQ(QWU\IURPD7DEOH60

*XLGHG7RXU

1. In the Command field, enter transaction SM31 or SM30 and choose Enter (or from the menu bar, choose System → Services → Table maintenance → Extended table maintenance). 2. Enter the table name (for example, USR40). 3. Choose

Maintain.

2

3

4. If the table is client-independent this window appears. Choose

.

4

Client-independent changes affect all clients on a system, not just the client you are working in.

17–6

Release 4.6A/B

Chapter 17: Change Management Table Maintenance (Transaction SM31)

5. Navigate to the password by scrolling up or down to go through the table or choose Position to go directly to the entry.

5a

7

6. Select the password to delete (for example, password). 7. Choose

5

. 6

5

8. The message in the status bar indicates that the password was deleted.

9

9. Choose Save.

8

10. Choose

.

10

System Administration Made Easy

17–7

Chapter 17: Change Management Table Maintenance (Transaction SM31)

11. In Short description, enter text about the change you are making to the table and why.

11

12. Choose Save.

12

13. Record the request (transport) number. This number is needed to transport the table changes to the other systems. 14. Choose

13

. 14

15. The message in the status bar indicates the change was saved.

15

17–8

Release 4.6A/B

Chapter 17: Change Management Change Control

&KDQJH&RQWURO Change control is the managing of the changes, modifications and customizing made to your system. This control allows you to be aware of and control what changes are made. These change must be made in a controlled manner, because uncontrolled changes are a recipe for disaster. The process is: <

<

Managing the changes: SAP notes that are applied to the system. Authorization process for moving the changes from one system to another. Making the changes to the R/3 System.

<

Moving the changes from one system to another.

The SAP training class BC325 (Software Logistics) covers change management and transports. Also see Software Logistics by Sue McFarland.

0DQDJLQJ6$31RWHV :KDW

SAP notes were formerly known as OSS notes. Managing SAP notes means tracking the notes that you have reviewed and applied. These notes are release and configuration specific and may (or may not) relate to your system’s configuration. Some of these notes may actually be specific to individual systems in your environment. :K\

There are several reasons to track SAP notes that are applied to your system: <

If a problem arises, SAP may ask if a specific note has been applied. If you do not have a record of what notes you have applied, then you must manually investigate your system. This process can be difficult and time consuming.

<

When the system is upgraded, for conflict resolution, you need to know what notes have been applied. You must know what notes: Are included in the upgrade, so you can go back to SAP standard code May need reapplying because they are not included in the upgrade

System Administration Made Easy

17–9

Chapter 17: Change Management Managing SAP Notes

+RZ

<

Document all SAP notes applied to your system(s), and specify which system and instance to which it is applied.

<

Document all code changes with the SAP note number that applies. This documentation is important especially if a program is changed by an upgrade or support package. It helps you determine if your code change is included in the upgrade or patch and, therefore, whether the program can revert back to “SAP standard.”

<

In addition to a high-level tracking table, detailed records should be kept on the individual notes. The record should include the problem to be fixed, objects changed, release in which the note was fixed (important for upgrades), and other applied or recommended notes (see sample form in chapter 12).

<

Document all SAP notes that are “noted” and do not require actual changes to be made to the system (for example, procedural or informational notes).

<

Document SAP notes that have not been applied to your systems. There may be cases in which you review a note and determine that it does not apply. You should document the reason(s). If SAP asks why a specific note was not applied, you will have an answer.

6DPSOH)RUPV

General Note Record Note #

Description

12345 36987

17–10

Noted

DEV

QAS

PRD

xxx

11/06/98

11/15/98

11/30/98

yyy

2/06/99

2/13/99

2/28/99

Release 4.6A/B

Chapter 17: Change Management Managing SAP Notes

Detailed Online Service System Note Record

Note – Applied Note # : Short text: Module: Problem to solve: Objects changed:

Fixed in release: Comments:

Other notes applied with this problem: Applied to:

System

Client

DEV

100

Transport number

Date imported or applied

Return code

Sign off/Initial

110 QAS

200 210

PRD

300

System Administration Made Easy

17–11

Chapter 17: Change Management Change Control (Managing Transports)

&KDQJH&RQWURO0DQDJLQJ7UDQVSRUWV :KDW

Change control is the process of managing changes, modifications and customizing made to the system and the transport of those changes through the pipeline from the development to the test system, and finally to the production system. One of the most important change management tasks involves notifying the appropriate people of the changes and getting their approvals. :K\

Because R/3 is an integrated system, there are items that may impact many other modules or groups. If, for example, a change is made to a module which impacts other modules, and this change is done without the knowledge of the appropriate people, a process may cease to function. If something stops functioning in the production system, business may stop until the problem is resolved. In the past, most application systems were independent, so changes in one system were insulated from the other systems. Because of this independence, users may not be used to consulting with other organizations when making changes to what they consider “their” systems. In change control, there is a review and approval process. You should not make a change and apply it to the system without a review and approval of the changes. These changes apply to changes to SAP objects and system configuration. +RZ

The following steps demonstrate a change control process: 1. Document all code, configuration, and other changes. 2. Test by: < <

Developer Functional analyst

3. Get the following signoffs (see sample Transport Request Form on page 14) By all functional groups:

17–12

<

Review and be aware of changes that might affect their functional areas.

<

If needed, perform additional tests by and with other functional groups, where there is possible interaction from the change.

Release 4.6A/B

Chapter 17: Change Management Change Control (Managing Transports)

Operations review <

Review any changes that may affect the operations staff

< <

Schedule new jobs Program error or problem procedure Document the program restart procedure. Is it “safe” for the operator to restart the job, if it fails or hangs?

4. Verify the change in the target system Change control should also contain a recovery plan that includes: <

What to do if the import to the production system creates a problem?

<

How to roll back? Will it be possible to roll back?

<

Will a problem require a database restore?

A transport cannot be “undone.”

System Administration Made Easy

17–13

Chapter 17: Change Management Change Control (Managing Transports)

Sample Transport Request Form Request to Transport Transport number: Transport title/description: Objects:

SAP Notes Applied:

(SAP note form required for each note)

Effect on other functional areas:

Special transport instructions:

Specific order

Need quiet time: Yes/No

Request for transport by: Tested by:

Functional area review and approval: FI

MM

Computer Operations

SD Approved for transport by: Transport details: System

Client

QAS

200

Date

Start time

End time

Return code

Sign off/ Initial

210 PRD

17–14

300

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

7UDQVSRUWLQJ2EMHFWV 7UDQVSRUWVLQWRWKH3URGXFWLRQ6\VWHP :KDW

A transport is the mechanism that R/3 uses to move changes: < Within a system from one client to another client <

From one system to another system on the same client

<

From one system to another system and from one client to another client

:KHQ

Complete the transport in the production system during a “quiet” period (for example, Sunday afternoon or evening) when users are not logged on the system. Ideally, a full system backup should have been completed before transports are imported. :K\

During a transport, objects may be overwritten. If an object is being used in the target system when a transport is performed, the transport may cause inconsistent results or terminate the transaction. In the worst case scenario, a transport may “break” the production system and you will need to restore the system. +RZ

Transports are only done when necessary (when you have a transport that needs to be moved). You may also have the occasional “emergency” transport that must be moved at a time other than at your normal weekly transport time.

7UDQVSRUWLQJ2EMHFWV The transport system has been significantly changed in Release 4.x. (It used to be known as Correction and Transport System.) It is still CTS, but is now called the Change and Transport System; In CTS are the Transport Management System (TMS) and Change and Transport Organizer (CTO). The purpose of transports is to move objects and configuration from one system to another in the production pipeline. This pipeline is defined in a three-system landscape as systems comprising development to quality assurance to production. A transport starts in the development system, is transported to the quality assurance system where is tested, and finally into the production system. To transport objects, use one of the following methods: <

Transport Management System (TMS)

<

Operating system (OS)

Transports are taught in BC325 (Software Logistics).

System Administration Made Easy

17–15

Chapter 17: Change Management Transporting Objects

7060HWKRG The TMS method uses a new transaction, STMS, to perform the transports. Benefits: < The user does not have to go into the operating system to do the transport. <

The user selects the transport from a GUI to do the import. There is no risk of incorrectly typing the wrong command or transport number.

<

Because the import is done from within R/3, there is no need to physically go down to the server or use a “remote connection” (for NT) to the server to do the import.

<

The transport route can be specific to clients. With one export, the TMS system is set up to import into several combinations of system and client as defined in the transport route. (This functionality is new in Release 4.6.)

<

Transport requests can be grouped into projects, and the transport request selected and moved by these projects. This grouping reduces the chances of transporting the wrong transport request when there are many activities and projects going on. (This functionality is new in Release 4.6.)

<

Advanced quality assurance prevents transports from being imported into the production system until they are released after successful testing in the quality assurance system. (This functionality is new in Release 4.6.)

<

The import of transport requests can be scheduled. You no longer have to manually import the transport requests or write scripts to do the import. (This functionality is new in Release 4.6.)

706GRFXPHQWDWLRQ

The TMS documentation (including configuration) can be found on the R/3 online documentation by choosing Help→ SAP Library → Basis Components → Change and Transport System (BC-CTS) → BC-Transport Management System. 2SHUDWLQJ6\VWHP0HWKRG The operating system (OS) method requires you to go down to the OS level to execute the transport program (tp) at the command line. Disadvantages: < The user must go into the operating system to do the transport. This action is a security issue in companies that restrict which employees can have this level of access. <

The import is done from the command line. There is the risk of incorrectly typing and importing the wrong transport.

17–16

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

6WDQGDUG7UDQVSRUW3URFHVV This section describes the standard transport process from your development system to your production system. The following steps are part of your company’s change management process: 1. Obtain proper authorization to transport the objects. Obtaining this authorization is the responsibility of the person who requests the transport move. The required authorizations and approval process differ based on the company. Some companies require the approval of only one person, while other companies require the approval of numerous people. A major purpose of the approval process is to give other functional groups a “heads up” as to what you are moving. If the move affects any of the functional groups, and they know about it, they can take the appropriate action: review, test, etc. If necessary, your transport is delayed until the affected functional groups are satisfied. This way, there will not be problems related to your transport. 2. Define other necessary transport management related information, such as: <

Who to contact in case of problems The person doing the transport typically is not a programmer. If there is a problem with the transport, that person will need assistance to determine what failed.

<

What recovery process to follow if the transport fails

<

Who will test the transport in the target system to determine that it works as intended

<

The transport number

<

The source system

<

The target system(s)

<

Relationship to other transports, such as sequence order, etc.

For more information, see chapter 12. 3. Use transactions SE01, SE09, or SE10 as necessary to release the transport. First release the task, then release the request (or transport). The TMS (normal) import and one of the OS import options, tp import all, will import all transports in the import buffer. The assumption is that all objects released into the import buffer have been tested and approved for transport into the target system. If you use either method, it is important to not release the objects until they have been tested and approved for transport. Up to, and including Release 4.5, in a three-system landscape, once the transport is imported into the quality assurance system, it is added into the production system import buffer, and there is no “second release” out of the quality assurance system. 4. Import the request into the target system.

System Administration Made Easy

17–17

Chapter 17: Change Management Transporting Objects

5. Check the transport log. ,PSRUWLQJWKH(QWLUH,PSRUW%XIIHU If you import the entire import buffer, everything in the buffer will be imported into the target system, regardless of whether all the transports are ready. The problem with importing the entire buffer is that the various transports may be in different stages of testing. Some may be finished, while others may still be in the process of being tested. An “import all” imports all the objects in the buffer, regardless of whether they are ready to be transported. A new feature in Release 4.6 is the Advance Quality Assurance. In this feature, the requests imported into the quality assurance system must be approved in this system to be transported to the production system. This process helps prevent the “accidental” transport of a request that has not completed quality assurance testing in this system. This change is an important change management enhancement and should be used by everyone with a standard three-system landscape. Before Release 4.6, when a transport was imported into the quality assurance system, it was automatically added to the import buffer of the production system. Therefore, an “import all” would import everything, ready or not. To manage the import buffer in the: < Source system, do not release the transport until the testing is complete. <

Production system: Using the TMS method, use “preliminary import” to select the individual transport to import. Using the TMS method, use the project method to manage the transport requests. Using the OS method, import the requests (transports) individually. Do an “import all” only when the entire buffer is ready to be imported.

6SHFLDO7UDQVSRUWVIURP6$3 Special manual transports fix specific problems, add features, or add functionality from third-party software vendors. U.S. customers can download the transport files from SAPSERV4. These files are usually a single file that you have to unpack using the CAR program. The downloading and unpacking procedure is described in chapter 22. 1. Get the files from SAP or the delivery media, such as a CD. Two files (sometimes there is a third file) are normally combined as a set (for example, K174511.P30, R174511.P30, and D174511.P30). 2. Copy the files into the appropriate transport directories: a. Copy files beginning with “K” into: <

NT

<

UNIX

:\usr\sap\trans\cofiles \\\sapmnt\trans\cofiles /usr/sap/trans/cofiles

b. Copy files beginning with “R” and “D” into:

17–18

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

<

NT

:\usr\sap\trans\data \\\sapmnt\trans\data

<

UNIX

/usr/sap/trans/data

1RWH “D” files do not always exist. 3. Add the special transport to the import buffer (process described in 17–25 and 17–34). 4. Import the transport (process described in 17–27 and 17–34).

5HOHDVLQJD5HTXHVW7UDQVSRUW To release a request: 1. Release all tasks associated with the request. 2. Release the request.

*XLGHG7RXU

1. In the Command field, enter transaction SE10 and choose Enter (or from the SAP standard menu, choose Tools → Accelerated SAP → Customizing → SE10-Customizing Organizer). 2. In User, enter the user ID of the person who owns the Request. 3. Verify that the following categories are selected: < Customizing < Workbench < All clients

2 3

4. To verify the Request status: < Select Modifiable. < As an option, you may deselect Released. Over time the released list will be large. 5. Choose

4

5

Display.

System Administration Made Easy

17–19

Chapter 17: Change Management Transporting Objects

6. Select the task to release. 7. Choose

.

7

6

8. Document the content of the transport. 9 11

9. Choose Save. 10. A message appears on the message line indicating the task was released. 11. Choose Back.

10

17–20

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

12. A message indicates that the task was released into the specified request. All of the tasks associated with a request must be released, before the request can be released. The next step is to release the request.

12 5HOHDVLQJWKH5HTXHVW

1. Select the request. 2. Choose

. 2

1

3. If this window appears, select Release and export. 4.

Choose

3

. 4

System Administration Made Easy

17–21

Chapter 17: Change Management Transporting Objects

5. As the export is running the line “In process Requires update” appears. 6. Choose

.

6

5

7. When the export is finished, the above message changes to a status message.

10

8. Check the export return code and text message. This screen shows that the export Ended OK and has a return code of 0. 9. Check the test import return code and text message. This screen shows that the import Ended OK and has a return code of 0.

7, 8 9

The return codes are: < 0 – Successful < 4 – Warnings occurred < 8 – Performed with errors < 12+ - Transport was terminated

A return code of 8 or higher is a failed transport. 10. Choose Back.

17–22

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

11. A message appears indicating that the request was released and exported.

11

12. The request is now in the Released section. You can see this request only if you selected to view released requests in step 1 of releasing a task.

12

,I7KHUH,VD3UREOHP

If there is a problem, review the transport log. For more information, see the transport log later in this chapter.

System Administration Made Easy

17–23

Chapter 17: Change Management Transporting Objects

7060HWKRGRI7UDQVSRUWLQJ 7KH0DLQ7066FUHHQ

*XLGHG7RXU

1. In the Command field, enter transaction STMS and choose Enter (or from the SAP standard menu, choose Tools → Administraton → Transports → STMS-Transport Management System). 2. The Transport Management System (TMS) screen appears. This is the transaction that all the following TMS processes will start from.

17–24

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

To access TMS’s online documentation, choose: 1. SAP Library → Basis Components → Change and Transport System (BC-CTS) → BC-Transport Management System 2. BC-Transport Management System Under BC-Transport Management System, there are five major topics: < Configuring TMS < Performing Transports < Approving or Rejecting Requests < Special Transport Workflow < Troubleshooting $GGLQJD6SHFLDO7UDQVSRUWLQWRWKH,PSRUW%XIIHU

*XLGHG7RXU

Adding a special transport into the import buffer is usually not done. The release process adds the transport into the appropriate input buffer. This task is only performed for special transports that are downloaded from SAPSERV4 or received via CD. 3UHUHTXLVLWH

The transport files have been moved into the appropriate directories. 1. From the TMS screen, choose

.

1

System Administration Made Easy

17–25

Chapter 17: Change Management Transporting Objects

2. Position cursor on the <SID> of the R/3 System to which you want to add the transport. 3. Choose

3

.

2

4. From the menu bar, choose Extras → Other requests → Add.

4

5. Enter the transport number. 6. To continue, choose

.

5

6

7. Choose Yes.

7

17–26

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

8. The special transport is now in the system buffer.

8

8VLQJ706WR,PSRUWD7UDQVSRUW5HTXHVW

*XLGHG7RXU

1. From the TMS screen, choose

.

1

System Administration Made Easy

17–27

Chapter 17: Change Management Transporting Objects

2. Select the <SID> of the system into which the request will be imported. 3. Choose

3

.

2

4. From this screen, you have two options: < Preliminary Import to selectively import requests one at a time. < Import All to import all the requests in the queue for the selected system.

,PSRUWD6HOHFWHG5HTXHVW

1. Select the request you wish to import. 2. Choose

. 2

1

17–28

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

3. Enter the Target client. 4. Choose

. 3

4

5. The Options tab is where you select special import options. These options correspond to the unconditional codes used when transporting at the OS level.

5

5

6. Choose Yes.

6

System Administration Made Easy

17–29

Chapter 17: Change Management Transporting Objects

7. The import process begins and may run for a while. You can monitor the progress of the import by watching the process indicators.

7

8. The Request number now appears with a green check, indicating that it was imported as a “preliminary import.”

8

,PSRUW$OO5HTXHVWV

1. At this point, all the requests shown in the input buffer will be imported and indicated in the Request column. 2. Choose

2

. 1

17–30

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

3. Enter the target client number. 4. Choose

. 3

4

5. Choose Yes.

5

6. To refresh the screen, periodically choose . 7. When completed, the message Import queue is empty appears. 8. Choose Back.

System Administration Made Easy

8 6

7

17–31

Chapter 17: Change Management Transporting Objects

&KHFNWKH7UDQVSRUW/RJ

*XLGHG7RXU

1. From the TMS screen, choose

.

1

2. Select the <SID> of the R/3 System for which you want to check the transport log.

3

3. From the menu bar, choose Goto → TP system log. 2

17–32

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

4. Choose (or from the menu bar, choose Syslog → Refresh). 5. Check the final return code: < 0 (Successful)

6 4

< 4 (Warning) < 8 (Error) < 12 (Fatal)-6 Anything other than a 0 or 4 is considered a failed transport. 6. From the menu bar, choose GoTo → Transport steps (this was formerly known as alog). 5

7. From this screen, you can verify the request number and the return code for that request. 8. The return code (indicated in column RC) is the same as in step 5 above.

8

7

By using TMS to review the transport logs, the inconsistency encountered in the OS method of viewing the transport log does not occur. The inconsistency is when the tp return code (received when the import is done) does not match the return code in the transport log. The following line would appear in the above screen: Request

SID

S

RC

ALL

SAS

S

0008

System Administration Made Easy

17–33

Chapter 17: Change Management Transporting Objects

260HWKRGRI7UDQVSRUWLQJ $GGLQJD6SHFLDO7UDQVSRUW,QWRWKH,PSRUW%XIIHU Adding a special transport into the import buffer is normally not done. This task is only performed for special transports that are downloaded from SAPSERV4 or received via CD. 3UHUHTXLVLWH

<

The transport files have been moved into the appropriate directories.

<

You must be on the target system (PRD).

1. Go to the transport program directory: <

NT:

<

UNIX: /usr/sap/trans/bin

:\usr\sap\trans\bin

2. Load the transport into the import buffer with the following command: tp addtobuffer tp addtobuffer P30K174511 DEV Where the: <

Target system is DEV

<

File is K174511.P30

<

Transport number is P30K174511

<

The transport number is derived from the transport file number, where the first three characters are the file extension (P30), and the rest of the name is the base name of the file (K174511).

3. Import the transport. ,PSRUWLQJWKH7UDQVSRUW 3UHUHTXLVLWH

<

You must be on the target system.

<

For NT, on the target system, you must have mapped a drive to the shared directory (\sapmnt) on the source system (for example, where drive S: is mapped to \\devsys\sapmnt).

+RZ

1. Go to the transport directory. NT:

:\trans\bin

UNIX:

/usr/sap/trans/bin

2. Test your connection to the target system with the following command: tp connect tp connect prd

17–34

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

3. Enter the transport command. <

To specify an individual transport, enter: tp import client= tp import devk900023 prd client=100 Where the: Transport number is devk900023 Target system is PRD Target client number is 100

<

To import the entire import buffer, enter: tp import all tp import all prd

You may be instructed in an SAP note or by the SAPNet hotline to use Unconditional codes or U codes. These are special program option switches that the tp program uses during the import process. <

In NT, use QuickSlice, an application included with the NT resource kit, and the CPU activity in the NT Performance Monitor to monitor the import process. After a few times, you will recognize the activity pattern of a transport.

<

In UNIX, use the utilities top or xload to monitor the import process.

1. Record the start and finish time for the transport on the transport log or the transport form. 2. Check the exit code. If you receive an exit code of 8 or higher, the import failed. You must resolve the problem and reimport the transport. If you get a return code of 8, there is a known condition where this return code does not match the transport log. This condition is described in Checking the Transport Log section below. 3. Check the transport log (see below). &KHFNLQJWKH7UDQVSRUW/RJ7UDQVDFWLRQ6( :K\

The transport log indicates why a transport failed. +RZ

The information in this chapter is only a portion of the first half of the process, that is, determining if the transport succeeded or failed. The second half of the process, investigating why the transport failed, is not covered. If the transport involves an object such as an ABAP program or SAPscript layout, you will need the assistance of your programmers to determine why it failed and how to fix it.

System Administration Made Easy

17–35

Chapter 17: Change Management Transporting Objects

After the transport is completed, check the transport’s exit code: <

0 = OK

< <

4 = Warning 8 = Error

<

12 = Severe Error

If you receive an exit code of 8 or higher, the import failed. You must resolve the problem and re-import the transport. The transport could still have failed even if you did not receive a failed return code. The final test is to verify in the target system that the transport arrived properly. The developer and functional area owner are responsible for this verification. &KHFNLQJWKH7UDQVSRUW/RJ

*XLGHG7RXU

1RWHYou must check the transport log from the transaction that released the transport (SE09 or SE10). 1. In the Command field, enter transaction SE10 and choose Enter (or from the SAP standard menu, choose Tools → Accelerated SAP → Customizing → SE10-Customizing Organizer). 2. Under Category, select: < Customizing < Workbench < All clients 3. Under Request status: < Deselect Modifiable. < Select Released.

2

4. Enter a date range in the Last changed From and To fields to limit the 3 amount of requests to review. 5. Choose

4

Display. 5

17–36

Release 4.6A/B

Chapter 17: Change Management Transporting Objects

6. Select the request. 7. Choose

.

7

6

8. On the Import line, check the return message and code: < 0 – Successful < 4 – Warnings occurred < 8 – Performed with errors < 12+ – Transport was terminated 8 9

A return code of 8 or higher is a failed transport. 9. If you see a warning in step 8, choose display log for the line with the warning.

System Administration Made Easy

17–37

Chapter 17: Change Management Transporting Objects

10. Choose to drill down for additional details. 11. The status bar indicates how many levels you have drilled down. 10

11

You may run into a rare inconsistency between the return code in this log and the return code when you ran the import program tp. This condition occurs when the tp program ends with a return code 8 (Error) and the log above shows a maximum return code of 4 (Warning). This inconsistency is caused by a step in the import that is not associated with the transport number (in the example RW6K9000079). Thus when the log is reviewed, the maximum return code of 4 [(and not 8) (Warning)] appears. However, it is still a failed transport. The TMS method does not have this inconsistency.

17–38

Release 4.6A/B

&KDSWHU 7URXEOHVKRRWLQJ

&RQWHQWV Overview ................................................................................................................18–2 Basic Troubleshooting Techniques ....................................................................18–2

System Administration Made Easy

18–1

Chapter 18: Troubleshooting Overview

2YHUYLHZ This chapter is a basic problem solving chapter. We will present you with some of the tools and techniques to help you solve the problem yourself. We will not be going into advanced troubleshooting techniques. Troubleshooting is learned by doing; the more experience you have, the better you become. The next chapter is on performance tuning. Performance tuning is a specialized troubleshooting, so troubleshooting techniques are also relevant for performance tuning.

%DVLF7URXEOHVKRRWLQJ7HFKQLTXHV The general procedure when working on troubleshooting is not new. It is the standard problem solving procedure that has been in use for years by many professions. Your auto mechanic would follow the same procedure when repairing your car: <

Gather data

<

Analyze the problem

< <

Evaluate the alternatives Make a change Remember to make only one change at a time.

<

Document the changes

<

Evaluate the results

*DWKHU'DWD

18–2

<

Ask the following questions: What is the problem? What error messages, dumps, or other diagnostic aids are available from the problem? What conditions caused the problem? Is the problem repeatable?

<

To analyze the problem, use your available tools, such as: System Log (SM21) Update Failure (SM13) ABAP Dump (SM22) Spool (SP01)

Release 4.6A/B

Chapter 18: Troubleshooting Basic Troubleshooting Techniques

$QDO\]HWKH3UREOHP <

<

What are the resources you have to help solve the problem: Online documentation Reference books SAP notes Other customers (this is your network) Call for assistance: Consultants SAPNet help desk

(YDOXDWHWKH$OWHUQDWLYHV 0DNHRQO\2QH&KDQJHDWD7LPH <

If there is a problem, and you made several changes at once, you will not know which change caused or fixed a problem.

<

There are times where several changes need to be made, to fix a problem. Unless they must be done together, such as related program changes, make the changes separately.

'RFXPHQWWKH&KDQJHV <

If a change causes a problem, you need to undo the change. To do that you need to know what the configuration was before the change and what you did.

<

If the change needs to be applied to multiple systems, you need to know exactly what changes to make and how to do it. This process must be repeated exactly the same on all systems.

System Administration Made Easy

18–3

Chapter 18: Troubleshooting Basic Troubleshooting Techniques

*HWWKH&RPSOHWH(UURU0HVVDJH

*XLGHG7RXU

When you get an error message in an R/3 transaction, you need all the information on the error to forward to SAP. To get the complete error message, do the following: 1. When an error occurs, the field with the error is highlighted. 2. Double-click on the error message.

1

2

3. The error message appears in the dialog box. 4. Record the relevant information from the screen to send to SAP.

18–4

3

Release 4.6A/B

Chapter 18: Troubleshooting Basic Troubleshooting Techniques

*HWWKH6$33DWFK/HYHO :KDW

This level is the R/3 kernel patch level that is being used. :K\

This patch level is needed when submitting problem messages to SAP. It tells the hot line personnel on what kernel patch level you are. Different problems are fixed in different patch levels.

([DPSOH You are on patch level 50 and have a particular problem. The fix to your problem may have been done in patch level 61. This level identifies that the problem is an older kernel that contains the problem. The solution is to upgrade to the current kernel, “at least” patch level 61. +RZ

*XLGHG7RXU

1. In the Command field, enter transaction SM51 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → System monitoring → SM51-Servers). 2. Select the central instance (for example, pa100767_SAS_00). 3. Choose Release notes. 3 2

System Administration Made Easy

18–5

Chapter 18: Troubleshooting Basic Troubleshooting Techniques

4. Record the Patch level (for our example, we chose Patch level 55).

4

'HWHUPLQLQJ:KDW6XSSRUW3DFNDJHV+DYH%HHQ$SSOLHG :KDW

A support package is an SAP-provided R/3 fix and is similar to an NT Service Pack. :K\

As with the SAP Patch level, problems you have may be related to the level of the applied support package.

18–6

Release 4.6A/B

Chapter 18: Troubleshooting Basic Troubleshooting Techniques

+RZ

*XLGHG7RXU

1. From the menu bar, choose System → Status. 2. Choose

.

2

3. Choose the Patches tab. 3

System Administration Made Easy

18–7

Chapter 18: Troubleshooting Basic Troubleshooting Techniques

4. In this example, the following patches have been applied: < SPAM update 17-Sept-99 < Support Package 01 for 4.6A Patch Status values are: < N – The patch has not yet been applied <

I – Patch has been successfully applied

<

? – Patch application has been aborted

The name of a Support Package is interpreted as follows: < SAPKH<sequence_number> <

18–8

SAPKH46A01 is interpreted as SAPKH / 46A / 01, and is for Release 4.6A and is the first Support Package.

Release 4.6A/B

&KDSWHU 3HUIRUPDQFH

&RQWHQWV Overview ................................................................................................................19–2 General Procedure ................................................................................................19–3 R/3...........................................................................................................................19–4 Database ..............................................................................................................19–11 Operating System ...............................................................................................19–11 Hardware..............................................................................................................19–15

System Administration Made Easy

19–1

Chapter 19: Performance Overview

2YHUYLHZ This chapter is an introduction to performance issues in R/3. We provide only general guidelines, not detailed performance tuning instructions. It is not possible in one chapter, to provide the breadth and depth of information available in the SAP training class or the Performance Optimization book. For more detailed performance tuning, we recommend the following resources: <

BC315 – R/3 Workload Analysis (the SAP Performance Tuning class)

<

SAP R/3 Performance Optimization, by Thomas Schneider, SAP’s TCC organization, which recently published a book on performance optimization.

Performance tuning is specialized troubleshooting. Since you are trying to solve performance issues, all troubleshooting techniques are also relevant. Rather than using database and operating system-specific details, where possible, we will be using R/3 transactions to access relevant database and operating system data. This approach makes the information database and operating system independent.

&ULWLFDO$VVXPSWLRQ The hardware, operating system, database, and R/3 have been properly installed based upon SAP’s recommendations. :K\

As with the design of this book, performance tuning has to have a starting point. This point is the SAP-recommended configuration for hardware, database, operating system, network, etc. An extreme example (that did occur with a customer) is where the operating system, the database, and R/3 has been installed on a single logical drive. In this situation, all the drives in the server were configured in a single RAID5 array and treated as a single, huge drive. This situation created a classic condition known as “head contention,” where R/3, the database, and the operating system all simultaneously competing for the same disk drive head. Head contention is similar to you being asked to do many things at the same time, such as: <

Cook dinner

<

Read a book

<

Help your child with homework

<

Water the yard

<

Fix the fence

You run around doing a little of each task then going to the next. None of the tasks get done with any reasonable speed.

19–2

Release 4.6A/B

Chapter 19: Performance General Procedure

This is an example of a problem that is not new. Head contention existed in the early days of computing. The solution now is essentially the same as it was back then, that is, to spread the data over multiple drives.

3ULRULW\RI(YDOXDWLRQ The SAP EarlyWatch group has determined that the majority of the performance issues and gains are from within R/3. This gain is followed first by database issues, then operating system, then hardware. Thus we will primarily discuss R/3 performance issues.

*HQHUDO3URFHGXUH The general procedure when working on performance issues is not new. It is the standard problem-solving procedure: <

Gather data

<

Analyze the problem

<

Evaluate the alternatives

<

Make only one change at a time If there is a problem, you will not know which change caused a problem. There are times where several changes need to be made to fix a problem. Even so, unless they must be done together, such as related program changes, make the changes one at a time.

<

Document the changes. If a change causes a problem, you need to undo the change. To do that you need to know what the configuration was before the change and what you did. If the change needs to be applied to multiple systems, you need to know exactly what changes to make, and how to do it. This process must be repeated exactly the same on all systems.

System Administration Made Easy

19–3

Chapter 19: Performance R/3

5 One of the most common reasons for R/3 performance problems is poorly written custom (or modified standard) ABAP programs.

:RUNORDG$QDO\VLVRIWKH6\VWHP7UDQVDFWLRQ67 :KDW

Workload analysis is used to determine system performance. +RZ

You should check statistics and record trends to get a “feel” for the system’s behavior and performance. Understanding the system when it is running well helps you determine what changes may need to be made when it is running poorly.

*XLGHG7RXU

1. In the Command field, enter transaction ST03 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → Performance → Workload → ST03-Analysis). 2. Choose Data base server or This application server. (In this example, we chose This application server, pal101003_SAS_00.)

2

19–4

Release 4.6A/B

Chapter 19: Performance R/3

3. Select a time period to analyze. (In this example, we chose Last minute load.)

3

4. Enter how many minutes back to analyze, or choose Other selection to specify a date and time period to analyze. In this example, we chose Other selection.

4

5. Under Time interval to be analyzed is, enter the Date and time range to 6 be analyzed. 6. Choose

.

5

System Administration Made Easy

19–5

Chapter 19: Performance R/3

7. Check the Current value under Task types (for example, Total). The task types are: < Total < Dialog < Background < RFC

10

8. Choose the appropriate button to view performance values for that Task type. 9. Examine Av. response time. If this value is less than 1,000 ms (1 second), the response time meets the target standard response time.

9

For more information on Av. response time, see notes below. 10. Choose Transaction profile. 8 7

Judgment must be applied when reviewing statistical values. If you just started the R/3 System, the buffers will be empty and many of the statistics will be unfavorable. Once the buffers are loaded, values can be properly evaluated. In this example, the Av. response time of almost 4 seconds must be evaluated with other factors in mind.

The R/3 user default for a decimal point is a comma. If your default profile for decimal point, (point or comma) is not appropriately set, the display may be misread. For example, rather than 3,888 ms, it would read 3.888 ms. Quite a difference!

19–6

Release 4.6A/B

Chapter 19: Performance R/3

11. Click on any cell in the Response time avg column. 12. Choose

.

12

11

Analysis of transaction ST03 is covered in BC315 (the Workload Analysis and Tuning class). We recommend you take this class. 13. The programs and transactions are now sorted in average response time order.

13

System Administration Made Easy

19–7

Chapter 19: Performance R/3

A few standard functional transactions will exceed the one-second guideline. They include, but are not limited to the following: Type

Transaction

Create Sales Order

VA01

Change Sales Order

VA02

Display Sales Order

VA03

Create Billing Document

VF01

Create Delivery

VL01

Maintain Master HR data

PA30

%XIIHUV67 :KDW

The buffer tune summary transaction displays the R/3 buffer performance statistics. It is used to tune buffer parameters of R/3 and, to a lesser degree, the R/3 database and operating system. :K\

The buffer is important because significant buffer swapping reduces performance. Look under Swaps for red entries. Regularly check these entries to establish trends and get a feel for buffer behavior.

19–8

Release 4.6A/B

Chapter 19: Performance R/3

*XLGHG7RXU

1. In the Command field, enter transaction ST02 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → Performance → Setup/Buffers → ST02-Buffers).

2a

2b

2. The two important things to review on the above screen are: a. Hit Ratio The target value is 95 percent and higher. Soon after starting the system, this value is typically low, because buffers are empty. The hit ratio will increase as the system is used and the buffers are loaded. It usually takes a day to load the buffers that are normally used. b. Swaps The target value is less than 1,000. Swaps occur when the necessary data is not in the buffer. The system has to retrieve the data from the database. The swap value is reset to zero (0) when the system is restarted.

System Administration Made Easy

19–9

Chapter 19: Performance R/3

Analysis of transaction ST02 is covered in BC315 (the Workload Analysis and Tuning class). We recommend you take this class.

0HPRU\'HIUDJPHQWDWLRQ :KDW

A computer’s memory behaves similar to a hard disk. As different programs execute, they are loaded into, and later deleted out of, memory. Over time, like a hard disk, the usage of the computer’s memory becomes fragmented with unused spaces scattered throughout. :K\

At a certain point you may have sufficient “free memory” (that is, the total of all the unused spaces), but not a contiguous (single) piece of memory large enough to allow certain programs to execute. At that point, those types of programs attempting to run that need contiguous memory will fail because they cannot be loaded into memory. +RZ

To defragment the system’s memory: 1. Stop R/3. This step requires stopping R/3 on all application and database servers. (For more information, see Start/Stop R/3 in chapter 10.) 2. Restart R/3. You only need to restart R/3, you do not need to cycle the server. When R/3 is restarted, the buffers are refreshed. This process means that the first person who accesses the buffered object will have a long response because the system must get the data from disk and load it into the buffer. The second person will have a normal (quick) response time. This process repeats until all normally used objects are loaded into the buffer, which usually takes up to a day to accomplish.

19–10

Release 4.6A/B

Chapter 19: Performance Database

'DWDEDVH See chapter 13 (Database Administration – Microsoft SQL Server) for the database-related performance tuning transactions: < Activity - ST04 <

Tables/Indexes - DB02

2SHUDWLQJ6\VWHP 2SHUDWLQJ6\VWHP0RQLWRU26 :KDW

The operating system monitor allows you to view relevant operating system and hardware details. The operating system-related detail, such as: <

Memory paging

<

Operating system log

In addition, the following hardware details are available: < <

CPU utilization Free space on disks

:K\

Certain operating system items will impact R/3 performance.

System Administration Made Easy

19–11

Chapter 19: Performance Operating System

+RZ

*XLGHG7RXU

1. In the Command field, enter transaction OS07 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Monitor → Performance → Operating System → Remote → OS07-Activity). 2. Select the appropriate server. 3. Choose

. 3 2

This screen is a snapshot of the CPU, Memory, Swap, and Disk response data. 4. To analyze, choose Detail analysis menu. 4

19–12

Release 4.6A/B

Chapter 19: Performance Operating System

5. Choose an item under Previous hours (for example, Memory or OS Log).

5

This screen shows CPU utilization over time.

System Administration Made Easy

19–13

Chapter 19: Performance Operating System

This window shows the memory paging and free memory over time.

This is the Operating System Log.

19–14

Release 4.6A/B

Chapter 19: Performance Hardware

+DUGZDUH &38DQG'LVN Also see Operating System – Operating System Monitor (OS07) to get data on: <

CPU utilization

<

Free space on disks

0HPRU\ The hardware item that has the largest effect on R/3 performance is memory. The R/3 System uses memory extensively. By keeping data in buffer, physical access to the drives is reduced. Thus, in general, the more memory you have, the faster R/3 will run. Physical access to the drives is the slowest activity.

System Administration Made Easy

19–15

Chapter 19: Performance Hardware

19–16

Release 4.6A/B

&KDSWHU 6$31HW³:HE)URQWHQG

&RQWHQWV Overview ................................................................................................................20–2 Logging on to SAPNet ..........................................................................................20–3 Online Services .....................................................................................................20–4 Solving a Problem with SAPNet ..........................................................................20–5 Registering a Developer or Object ....................................................................20–15 Online Correction Support.................................................................................20–24

System Administration Made Easy

20–1

Chapter 20: SAPNet—Web Frontend Overview

2YHUYLHZ SAPNet–Web Frontend (SAPNet–web) is the internet access to SAP resources and SAPNet– R/3 (formerly OSS) functions such as: < Registering developers and objects <

Searching for SAP notes

<

Downloading support packages

Most of the OSS functions will be migrated to SAPNet. The entering and retrieving of customer messages on SAPNet has just become available and is currently in pilot. However, not all OSS functions will be migrated to SAPNet. The opening and use of the SAP service connections for Earlywatch and SAP hotline access to customer systems will remain in OSS or SAPNet–R/3. We recommend that you use SAPNet–Web as your primary SAPNet access method. For most companies with an existing (flat fee) internet access line, the cost of the internet access is already paid for. The SAP service connection required for SAPNet-R/3, if using ISDN, is additional per minute cost. +RZ

The prerequisites to use SAPNet–Web are: <

An internet connection

<

A browser SAPNet works better with Microsoft Internet Explorer.

<

20–2

A valid SAPNet/OSS user ID and password

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Logging on to SAPNet

/RJJLQJRQWR6$31HW

*XLGHG7RXU

1. In your web browser, enter www.sapnet.sap.com. 2. In User Name, enter your OSS/SAPNet user ID. 3. In Password, enter your OSS/SAPNet password.

2 3

This main screen (SAPNet for Customers and Partners) is the starting screen for the following tasks.

System Administration Made Easy

20–3

Chapter 20: SAPNet—Web Frontend Online Services

2QOLQH6HUYLFHV

*XLGHG7RXU

1. In the left frame, scroll down to Services. 2. Choose Online Services.

1

2

The Online Services main screen appears. Most of the SAPNet functions used by systems administrators are grouped in this screen.

20–4

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

6ROYLQJD3UREOHPZLWK6$31HW If you have a particular problem or question, you should search: < <

The online documentation SAP notes. This large database contains problem notes.

6HDUFKLQJIRU6$31RWHV

*XLGHG7RXU

SAP Notes were formerly known as OSS Notes. 1. On the Online Services screen, choose SAP Notes.

1

2. SAP Notes are divided into several topics. For example, you can retrieve a list of notes on the: < Installation and upgrade processes < Managing Y2K issues < Latest or “hot” news about R/3

2

System Administration Made Easy

20–5

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

3. The search can be done in one of many different ways: a. You can use a text search with the following options: <

AND – the note must contain all of the words in the search text field

<

OR – the note must contain at least one of the words in the search text field

<

PHRASE – the note must contain the words in the exact order specified in the field.

3a 3b

b. You can also specify the specific: < Note Number < R/3 Release < Application Area < Database You cannot simultaneously specify a Note Number and Search Text. 4. On the SAP Notes Search screen, in each of the following fields, enter the following text: a. In Search Text, enter spool system b. In Search Mode, select all given words (AND) c. In Release, enter 46A d. In Database, enter a database name 5. Choose Submit.

4a 4b 4c 4d 5

20–6

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

6. The results from the criteria are displayed. Each page contains 20 hits and the total number of hits is limited to 500. 7. Choose the first note.

6 7

8. Review the note. 9. Close this window and return to the SAP Notes list.

7R6HDUFKIRU1RWHV5HODWHGWR,QVWDOODWLRQ

1. On the left frame, click the node (+) next to Installation folder. The folder contents appear in the main frame. 2. Choose a note.

2 1

System Administration Made Easy

20–7

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

3. The note gives additional information on the 4.5B R/3 installation in the NT/Oracle environment. 4. Return to the Online Services main menu.

3

&XVWRPHU0HVVDJHV

1RWH As this guidebook is going to print, the Customer Message function has just been released to SAPNet-Web. Since this function is in pilot mode, it may change from the process described here. At present, you can only create and view messages via SAPNetWeb, modifying messages is only possible via SAPNet-R/3. If you have searched both the online documentation and SAP notes and not found the answer to your question or problem, then you should submit a SAPNet message for assistance.

1RWH The SAPNet customer message function is not meant to replace consulting. Messages entered into SAPNet are for reporting and getting resolution on SAP problems or bugs. If a message is interpreted as a request for consulting information, it will be returned to you, and you will be advised to seek consulting assistance.

20–8

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

(QWHULQJ&XVWRPHU0HVVDJHV Include as much information as possible in your message, so the SAPNet Hotline consultants can help you. Indicate where in the online documentation you have searched and which SAP notes you have reviewed. 3ULRULW\WDEOH

Assign your message a priority from the following table below:

Priority

Situation

Very High

<

In your production system, only for system or application shutdown

<

In your nonproductive system, during a critical project phase

These messages are reviewed by an Online Service System/SAPNet consultant within 30 minutes of arrival. If the problem does not fall within the defined description for a “very high” priority problem, the priority is immediately reduced. Do not assign a message this priority if you cannot be available to receive a call back from SAP. If SAP attempts to call you and you cannot be reached, your message may be downgraded. High

When important applications or subprograms fail in function, or for a system shutdown in a nonproductive system.

Medium

For errors with less serious consequences than the above two cases, where the operation of the productive system is not seriously affected.

Low

For minor errors, such as documentation errors, typographical mistakes, etc.

Use care when assigning a priority to your message. If the problem does not meet the Very High criteria, assigning the message this priority will not guarantee you a quicker response time.

System Administration Made Easy

20–9

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

The following list contains hints that can improve total problem resolution time: &RPSRQHQW

<

If you know the specific component, assign it. If you do not know it, do not assign to a detailed component level (for example, assign it to level 3, BC-CCM-PRN rather than a level 4, BC-CCM-PRN-DVM). The Online Service System Hotline consultant can assign a specific component. If you assign the message to a wrong component, and it is forwarded to the incorrect person, time is lost. It will take that much more time to resolve your problem.

<

Be aware that the cause of the problem may be in an area other than the module you are working on.

3UREOHP'HVFULSWLRQ

<

Be clear and descriptive. The better the information you provide, the better the results. Information that is clear to you may not be clear to the hotline consultant.

<

Provide enough data so that SAPNet Hotline personnel will not have to ask additional questions before beginning work on your problem.

<

Examples of complete data includes: If there is an error message, enter it exactly as it appears. Provide the transaction or menu path describing where the error or problem occurred. Indicate if the problem can be duplicated on your test system. Describe the circumstances that created the problem. Describe anything unique about the data entered in the transaction where the problem occurred. List which problem-related SAP notes that have been reviewed and which notes have been applied. List which actions and research you have already performed. The following examples are messages in which the SAPNet hotline requires more information before beginning on the problem: “FB01 does not work.” “The system is slow.” Keep your system technical information in SAPNet current and correct. This information is used by hotline personnel when they work on your problem.

20–10

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

+RZ

*XLGHG7RXU

(QWHULQJ&XVWRPHU0HVVDJHV

1. On the Online Services screen, choose Customer Messages.

1

2. Note that the Customer messages function is in pilot. The final process many change from the steps in this guidebook. 3. Choose Message Wizard. 3 3

2

System Administration Made Easy

20–11

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

4. Under Reporter, check that the values in the fields are correct. If it is not, you must use SAPNetR/3 to correct your user information. 5. In System type, select the type of your system: < Development

4

< Production < Test 6. In Installation, choose the installation that your message is for. 7. In Release, choose the R/3 release of your system from display options.

5 6

8. In Add-on, choose the add-on that you are running.

7 8 9

9. In Add-on release, choose the release of the add-on.

10

10. Choose continue.

11. In Oper system (operating system), click the down arrow and choose your operating system. 12. In Database, click the down arrow and choose your database. 13. In Frontend, click the down arrow and choose your frontend. 14. Choose continue.

11 12 13

20–12

14

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

15. Under Classification, in Priority click the down arrow and choose the appropriate priority for your message. Use the table on page 20–9 to determine the proper priority level. 16. In Components, entering the fields in order (from 1 to 3), click the down arrow and choose the component for the message. 17. Choose continue.

15 16 17

18. In Language, click the down arrow and choose the language for the message. 19. In Short text, enter a short (one line) problem description. 20. In Long text, enter a complete description of the problem. 21. Choose Send to SAP. 18 19 20

21

9LHZLQJ&XVWRPHU0HVVDJHV The response to your message is often in the form of an electronic message, rather than a telephone call. It is, therefore, important to monitor the status of your messages.

System Administration Made Easy

20–13

Chapter 20: SAPNet—Web Frontend Solving a Problem with SAPNet

9LHZLQJ&XVWRPHU0HVVDJHV 1. On the SAPNet screen, on the menu bar, choose Inbox.

1

2. Choose Sent SAPNet Items.

3. Messages will be in the following three categories: < Messages – to be sent to SAP < Messages – in process at SAP < Messages – solution proposed by SAP

20–14

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Registering a Developer or Object

5HJLVWHULQJD'HYHORSHURU2EMHFW :KDW

To modify an SAP object, both the developer and the object that will be modified need to be registered with SAP. A developer, once registered for the installation, does not have to register again. Similarly, an SAP object once registered for the installation, does not have to be registered again. It is for this reason that on the registration screen either or both the developer or object access key would be required. :K\

<

Only an SAP-registered developer can make changes to SAP objects. Restricting access to registered developers provides a record of who has made changes to the system.

<

Registering an SAP object provides a record of which SAP objects have been modified by the customer. The assumption is that if you requested an object access key, you will be modifying the object.

+RZ

See the following sections for registering a developer and an SAP object.

5HJLVWHULQJD'HYHORSHU To modify an SAP object, the developer needs to be registered with SAP. Once registered for the installation, the developer does not have to register again. :K\

Only an SAP-registered developer can make changes to SAP objects. Restricting access to registered developers provides a record of who has made changes to the system. +RZ

In the following procedure: 1. The developer requests a developer key 2. The system administrator obtains the key 3. The developer enters the key

System Administration Made Easy

20–15

Chapter 20: SAPNet—Web Frontend Registering a Developer or Object

*XLGHG7RXU

'HYHORSHU5HTXHVWV'HYHORSHU.H\ 1. This screen is seen by the developer when a developer key is required. a. If the developer Access key is blank, you need to obtain a developer access key. b. Give the developer User name (2) to the system administrator to get a developer access key.

b a

7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\ 1. On the Online Services screen, choose SSCR.

1

20–16

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Registering a Developer or Object

2. On the SSCR screen, you can register and get keys for: < <

Developers SAP objects that will be changed

3. Choose Start SSCR now.

3

5HJLVWHULQJD'HYHORSHU 1. If your site has several R/3 installations, select the one for which you wish to perform registrations. 2. Choose Register Developer.

2 1

3. In Developer, enter the developer’s user ID. 4. Choose Register.

3

4

System Administration Made Easy

20–17

Chapter 20: SAPNet—Web Frontend Registering a Developer or Object

5. The registration information for the developer is displayed. If the registration date is not today’s date and the registration name is not the name of the user who just submitted the request to register a developer, the developer has been previously registered. 6. Record the Registration key. The generated key enables the user to create or change customer objects and change SAP objects. The registration is done only once for each developer.

6

(QWHUWKH'HYHORSHU.H\ In the development system: 1. In the developer Access key field, the developer enters the key received from the system administrator.

1

20–18

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Registering a Developer or Object

'HOHWLQJD'HYHORSHU On the same screen that was used to register a developer: 1. In Developer, enter the user ID of the developer to delete. 2. Select Delete. 3. Choose Register. 4. To check if the deletion is successful, choose Overview, which displays a list of developers.

4

1

2 3

5HJLVWHULQJDQ2EMHFW :K\

Registering an SAP object provides a record of which SAP objects have been modified by the customer. The assumption is that if you requested an object access key, you will be modifying the object. If the customer modifies an object and problems arise, resolving the problem may be the customer’s responsibility. If an object is not modified and problems arise, resolving the problem is SAP’s responsibility. +RZ

In the following procedure: 1. The developer requests a developer key 2. The system administrator obtains the key 3. The developer enters the key

System Administration Made Easy

20–19

Chapter 20: SAPNet—Web Frontend Registering a Developer or Object

*XLGHG7RXU

'HYHORSHU5HTXHVWV2EMHFW.H\ 1. This screen is seen by the developer when an object key is required: a. If the object Access key is blank, you need to obtain an object access key. b. Give the three object fields to the system administrator (for example, R3TR, PROG, RSPARAM). All three fields are required to obtain the object key.

b c a

c. If you are in a mixed release environment, also give the system administrator the SAP Release for the system.

7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\ 1. On the Online Services screen, choose SSCR.

1

20–20

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Registering a Developer or Object

2. On the SSCR screen, you can register and get keys for: < <

Developers SAP objects that will be changed

3. Choose Start SSCR now.

3

5HJLVWHULQJDQ2EMHFW

1. If your site has several R/3 installations, select the one for which you wish to perform registrations. 2. Choose Register Object.

2 1

System Administration Made Easy

20–21

Chapter 20: SAPNet—Web Frontend Registering a Developer or Object

3. TADIR is the table that contains R/3 repository objects. Information must be entered in the following fields: < Program ID < Object < Object name In this example, we wish to change a program (PROG) named RSPO0041. The entry is R3TR / PROG / RSPO0041. 4. Select Advance correction to apply an SAP note, and this note is an advance correction.

4 3

5. Choose Register.

5

6. Registration information for the object is displayed. If the registration date is not today’s date and the registration name is not the name of the user who logged onto SAPNet, the object has been previously registered in this installation. 7. Record the Registration key. Return to the Online Services main screen.

7

20–22

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Registering a Developer or Object

(QWHUWKH2EMHFW.H\ In the development system: 1. In Access key, the developer would enter the object key received from the system administrator.

10

'HOHWHDQ2EMHFW From the Register Object Screen: 1. In TADIR Object, enter the Program ID/Object/Object name of the object to be deleted. 2. Select Delete. 3. Choose Register. 4. To check whether the deletion is successful, choose Overview, which displays a list of developers.

4

1

2 3

System Administration Made Easy

20–23

Chapter 20: SAPNet—Web Frontend Online Correction Support

2QOLQH&RUUHFWLRQ6XSSRUW The SAP Online Correction Support provides information and tools to retrieve support packages such as hot packages, legal change packages, SPAM updates, etc.

*XLGHG7RXU

1. On the Online Services screen, choose Online Correction Support.

1

2. In the left frame, choose Download.

2

20–24

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Online Correction Support

*HWWLQJWKH/DWHVW63$0YHUVLRQ Make sure that you have the latest version of the SAP Patch Manager or SPAM on your R/3 System before you apply any support packages: 1. To get the latest SPAM version, on the download screen, choose SPAM Updates.

1

2. Choose SPAM Updates.

2

3. Choose the SPAM update for your release. Use the date (for example, 17-Sept-1999) to determine if the SPAM update is a newer version than what you have. The transport number for an R/3 release (example SAPKD00029) does not change.

3

System Administration Made Easy

20–25

Chapter 20: SAPNet—Web Frontend Online Correction Support

4. Choose Download.

4

5. Select Save this file to disk. 6. Choose OK.

5

6

7. Specify the directory where you want the update to be saved. 8. Choose Save.

7

The downloading process begins.

8

9. Choose OK.

9

20–26

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Online Correction Support

'RZQORDGLQJ6XSSRUW3DFNDJHV 1. On the download screen, from the left frame, select R/3 Support Packages.

1

2. Select the appropriate release (for example, select HP 4.6A on the left frame).

2

3. Select the appropriate support package. The file size column tells you how large the patch file is.

3

Make sure that your system has enough file space to: <

Download the patch

<

Upload the patch into usr/sap/trans/EPS/in

<

Create the transport file in usr/sap/trans/da

System Administration Made Easy

20–27

Chapter 20: SAPNet—Web Frontend Online Correction Support

4. From this screen, you have the following options: < <

Download the support package View the related SAP notes that apply to the support package

<

View the objects that are affected by the support package

6SHFLILF6XSSRUW3DFNDJH5HODWHG1RWHV To look at the notes related to the specific Support Package: 1. On the Option screen, choose R/3 Notes.

1

20–28

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Online Correction Support

The listed notes appear. 2. To display a note, click on it.

3 2

3. You can print the note or save it as any other browser page.

System Administration Made Easy

20–29

Chapter 20: SAPNet—Web Frontend Online Correction Support

'RZQORDGLQJ6XSSRU3DFNDJHV To download the Support Package: 1. On the option screen, choose Download.

1

2. Select Save this file to disk. 3. Choose OK.

2

3

4. Specify the directory. 5. Choose Save. 4

5

20–30

Release 4.6A/B

Chapter 20: SAPNet—Web Frontend Online Correction Support

The downloading process has begun.

6. After the download has completed, choose OK.

7

After downloading the support packages (whether SPAM update or support package), complete the following steps: 1. Unpack the patch archive file (see Unpacking a CAR file in chapter 22). 2. Transfer the resulting *.ATT and *.PAT files to the /usr/sap/trans/EPS/in subdirectory. Useful SAP Notes

Description

83458

OCS Info: Downloading patches from SAPNet

97621

OCS Info: Online Correction Support (OCS)

169142

Online Correction Support (OCS)

36579

Questions and answers on the topic: SSCR

152170

Migration of support functions to SAPNet-Web frontend

169329

New functions in the SAPNet as of 09/05-06/99

86161

Registering developers and objects

69224

Access to the SAPNet server via OSS User ID

System Administration Made Easy

20–31

Chapter 20: SAPNet—Web Frontend Online Correction Support

20–32

Release 4.6A/B

&KDSWHU 6$31HW²5)URQWHQG

&RQWHQWV Overview ................................................................................................................21–2 Useful SAP Notes..................................................................................................21–3 Connecting to SAPNet–R/3 ..................................................................................21–3 Researching a Problem with SAPNet-R/3...........................................................21–6 Registering a Developer or Object ....................................................................21–22 Opening a Service Connection..........................................................................21–30

System Administration Made Easy

21–1

Chapter 21: SAPNet–R/3 Frontend Overview

2YHUYLHZ SAPNet–R/3 Frontend [SAPNet-R/3 (formerly OSS)] is a group of services offered by SAP that is used to: < Search for solutions to problems <

Enter problem messages

<

Register developers and objects before changing SAP objects

<

Open a service connection This connection allows SAP personnel to log on to your system(s) when solving a problem or performing an EarlyWatch session.

<

Retrieve patches from SAP

Periodically, the SAPNet–R/3 user interface changes as the frontend is upgraded. Therefore, screens may not appear as shown in this book or be the same over time. In this chapter, you will learn how to: <

Connect to SAPNet–R/3

<

Research problems about SAPNet–R/3

<

Open a service connection

<

Register a developer and an object

If you have an ISDN connection, the telephone bill can become high. ISDN is normally billed “by the minute” of connect time. Manage the time that you are connected to SAPNet-R/3, or you could get a large phone bill for your SAP service connection. Check with your networking person or company about how your SAP service connection is configured. Some will hold the ISDN connection open even if there is no traffic, which could result in an even larger phone bill. 3UHUHTXLVLWHV

<

<

21–2

The SAP Service connection must be set up and working SAProuter must be installed and configured OSS1 technical settings must be configured You must have a valid SAPNet/OSS user ID and password for your company

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Useful SAP Notes

8VHIXO6$31RWHV SAPNet R/3 – Note #

Description

32789

OSS – Quick reference sheet

33221

Easy to Use guide for transaction OSS1 – SAPSERV4

&RQQHFWLQJWR6$31HW²5

*XLGHG7RXU

1. In the Command field, enter transaction OSS1 and choose Enter. 2. Choose Logon to the SAP Online Service System.

Once you pass this screen, the SAP service connection is open, and the ISDN “billing meter” is running.

2

3. Select 1_PUBLIC. 4. Choose Continue.

3

4

System Administration Made Easy

21–3

Chapter 21: SAPNet–R/3 Frontend Connecting to SAPNet–R/3

5. In User, enter your OSS/SAPNet user ID. 6. In Password, enter your password. 7. In Language, enter your language preference (for example, DE for German). The default language is English. 8. Choose

8

. 5 6

7

This screen shows System News. We recommend that you periodically review these headlines to see if any apply to your system’s configuration. 9. Choose Continue.

9

21–4

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Connecting to SAPNet–R/3

10. The Inbox is the main SAPNet–R/3 screen. In the rest of this chapter, this screen is repeatedly referenced as the first screen of each process.

System Administration Made Easy

21–5

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

5HVHDUFKLQJD3UREOHPZLWK6$31HW5 SAPNet-R/3 contains a large database of problem notes. If you have a particular problem or question, you should first search the online documentation, then search these notes. You can also access SAP notes through SAPNet-Web.

)LQGLQJ1RWHVLQWKH6$31HW5

*XLGHG7RXU

1. On the main SAPNet–R/3 screen, choose Gen. functions.

1

21–6

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

2. Choose Notes. 3. Choose Find.

2

3

4. Enter the search parameter(s) (for example, sapserv4). Additional search parameters include: a. Keywords with and/or logic b. Release number c. Component d. Note number e. Priority f. Category 5. Choose

4 4a 4a 4a

. 4b 4c 4d

By using a combination of parameters, you can search for: 4e

“High priority” notes < <

Microsoft SQL Server R/3 Release 4.0B and higher

System Administration Made Easy

4f

5

21–7

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

If the search is too broad, a warning message appears.

6. If the warning window appears, you have two options: <

Option 1: To view all matching entries, choose Yes.

<

Option 2: To return to the previous screen and refine the search parameters or to narrow the results, choose No.

6

In this example, we chose Yes to list all 532 entries. 7. Select a note (for example, SAP note 0016663). 8. Choose

8

.

7

21–8

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

From this screen, you can read the note online or download it to your local PC. Once the note is downloaded to your PC, print it using a text editor or word processor.

9

9. To download the note to your PC, from the menu bar, choose System → List → Save → Local file.

You can also download a note to your PC by entering %pc in the Command field.

10. Select unconverted. 11. Choose

.

10

11

12. In File name, enter . A suggested filename is the note number and a short text description. 13. Choose Transfer.

12

13

14. Once the file is downloaded to your local computer, you can view and print the file using a text editor or a word processor.

System Administration Made Easy

21–9

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

(QWHULQJ&XVWRPHU0HVVDJHV3UREOHPV LQWR6$31HW5 If you have searched both the online documentation and SAP notes and not found the answer to your question or problem, then submit a SAPNet message. The SAPNet message function does not replace consulting. Messages entered into SAPNet are for reporting and getting resolution on SAP problems or bugs. If a message is interpreted as a request for consulting information, it will be returned to you, and you will be advised to seek consulting assistance. Include as much information as possible in your message, so the SAPNet Hotline consultants will be able to best help you. Indicate where in the online documentation you have searched and the individual SAP notes you have reviewed. Assign your message a priority from the following table below: Priority

Situation

Very High

<

In your production system, only for system or application shutdown

<

In your nonproductive system, during a critical project phase

These messages are reviewed by an Online Service System/SAPNet consultant within 30 minutes of arrival. If the problem does not fall within the defined description for a “very high” priority problem, the priority is immediately reduced. Do not assign a message this priority if you cannot be available to receive a call back from SAP. If SAP attempts to call you and you cannot be reached, your message may be downgraded. High

This priority is for situations when important applications or subprograms fail in function, or for a system shutdown in a nonproductive system.

Medium

This priority is for errors with less serious consequences than the above two cases, where the operation of the productive system is not seriously affected.

Low

This priority is for minor errors, such as documentation errors, typographical mistakes, etc.

Use care when assigning a priority to your message. If the problem does not meet the Very High criteria, assigning the message this priority will not guarantee you a quicker response time.

21–10

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

The following list contains hints that can improve total problem resolution time: &RPSRQHQW

<

If you know the specific component, assign it. If you do not know it, do not assign to a detailed component level (for example, assign it to level 3, BC-CCM-PRN rather than a level 4 BC-CCM-PRN-DVM). The SAPNet Hotline consultant can assign a specific component. If you assign the message to a wrong component, and it is forwarded to the incorrect person, time is lost. It will take that much more time to resolve your problem.

<

Be aware that the cause of the problem may be in an area other than the module you are working on.

3UREOHPGHVFULSWLRQ

<

Be clear and descriptive. The better the information you provide, the better the results. Information that is clear to you may not be clear to the hotline consultant.

<

Provide enough data so that SAPNet Hotline personnel will not have to ask additional questions before beginning work on your problem:

<

Examples of complete data includes: If there is an error message, enter it exactly as it appears. Provide the transaction or menu path describing where the error or problem occurred. Indicate if the problem can be duplicated on your test system. Describe the circumstances that created the problem. Describe anything unique about the data entered in the transaction where the problem occurred. List which problem-related SAP notes that have been reviewed and which notes have been applied. List which actions and research you have already performed. The following examples are messages in which the SAPNet hotline requires more information before beginning on the problem: “FB01 does not work.” “The system is slow.” Keep your system technical information in SAPNet current and correct. This information is used by hotline personnel when they work on your problem.

System Administration Made Easy

21–11

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

*XLGHG7RXU

1. On the main SAPNet–R/3 screen, choose Messages. 2. Choose Create.

1

2

3. Select your system <SID> (for example, SAS). Depending on your installation, this screen may not appear. 4. Choose

21–12

4

.

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

From the message entry screen: 15

5. Verify phone and fax numbers. 6. Verify the R/3 release (required). 7. Verify the system type (required). 8. Enter the Component area where the error occurred (required). You can also choose selection.

7

to make a

6

9. Select the priority (see the table on page 21–10 for a list of priorities.) 5 10. Enter a short description of the problem (required). 11. Provide, where possible, the following information: < Kernel patch level <

Kernel release

<

Transaction code or menu path

< <

Program name Error message

9

8 10

11-14

12. Describe the sequence of your actions as precisely as possible. 13. Describe any modification(s) you made to the standard system. 14. Provide the following remote access information: <

System ID

<

Client number

<

User ID

<

Type of connection

15. Choose Save.

To control access to your system and mange how long the service connection is open, request that you be contacted to: < Get the password < Open the SAP service connection

System Administration Made Easy

21–13

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

16. Choose Yes.

16

17. The Status changes to Sent to SAP. 18. A message number appears on the message line. Record the message number, because in the future, you may need to reference it.

17

18

21–14

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

*HWWLQJ6WDWXVRQ

*XLGHG7RXU

1. On the main SAPNet–R/3 screen, choose Messages to view the status of your message. In this section, you can choose one of the following options: a. New at SAP is where the message has been sent to SAPNet but not picked up yet by a SAPNet consultant. b. In process by SAP is where an SAPNet consultant is working on your message. c. Inquiry from SAP is where the SAPNet consultant has a question for you. To resolve the problem, you need to respond in a timely manner.

1

1a 1b 1c 1d 2

d. Solution proposed by SAP is where the SAPNet consultant has proposed what they feel is a solution to your message. 2. For this example, we have a message in Solution proposed by SAP, so choose this option. 3. Double-click on your message.

3

System Administration Made Easy

21–15

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

From this screen, there are four tasks that should be completed in the following order: 4. Action log – View the current status and stages through which the message has passed.

6

7

5

4

5. Long text – View the full text message, the original message, and all subsequent messages that have been sent and received. 6. Reopen – Reopen the message, if you are not satisfied with the proposed solution. 7. Confirm – Close the message if you are satisfied with the response.

5HYLHZWKH$FWLRQ/RJ 1. Choose Action Log.

1

21–16

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

2. Review the action log. 3. Choose Close.

3

'LVSOD\/RQJ7H[W 1. Choose Long text.

1

System Administration Made Easy

21–17

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

2. Review the message. 3. Choose Back.

3

2

5HRSHQ 1. Choose Reopen.

1

2. To provide a reason why the problem is being reopened, choose reason. 3. Choose Reopen.

21–18

and select a

2 3

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

4. Choose Additional info to reply to the message.

4

5. Enter your reply to the SAP message. 6. Choose Back. 6

5

System Administration Made Easy

21–19

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

7. Choose Send to SAP.

7

8. A message appears in the status bar indicating the message has been changed.

9

9. Choose Back.

8

21–20

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Researching a Problem with SAPNet-R/3

&RQILUP 1. Choose Confirm.

1

2. Choose Yes.

2

System Administration Made Easy

21–21

Chapter 21: SAPNet–R/3 Frontend Registering a Developer or Object

5HJLVWHULQJD'HYHORSHURU2EMHFW :KDW

To modify an SAP object, both the developer and the object that is to modified needs to be registered with SAP. A developer, once registered for the installation, does not have to register again. Similarly, an SAP object once registered for the installation, does not have to be registered again. It is for this reason that on the registration screen either or both the developer or object access key would be required. :K\

Only an SAP-registered developer can make changes to SAP objects. Restricting access to registered developers provides a record of who has made changes to the system. Registering an SAP object provides a record of which SAP objects have been modified by the customer. The assumption is that if you requested an object access key, you will be modifying the object. +RZ

See the following sections for registering a developer and registering an SAP object.

5HJLVWHULQJD'HYHORSHU To modify an SAP object, the developer needs to be registered with SAP. A developer, once registered for the installation, does not have to register again. :K\

Only an SAP-registered developer can make changes to SAP objects. Restricting access to registered developers provides a record of who has made changes to the system. +RZ

In the following procedure: 1. The developer requests a developer key 2. The system administrator obtains the key 3. The developer enters the key

21–22

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Registering a Developer or Object

*XLGHG7RXU

'HYHORSHU5HTXHVWV'HYHORSHU.H\ 1. This screen is seen by the developer when a developer key is required. a. If the developer Access key is blank, you need to obtain a developer access key.

b a

b. Give the developer User name (2) to the system administrator to get a developer access key.

7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\ 1. From the main SAPNet–R/3 screen, choose Registration.

1

System Administration Made Easy

21–23

Chapter 21: SAPNet–R/3 Frontend Registering a Developer or Object

2. Choose Register developer.

2

3. Select the installation (for example, 820014122-R/3 SAP Tech Installation–NT/Intel/MSSQLSRV.) This screen may not appear in your system. 4. Choose

4

. 3

5. In User, enter the user ID of the developer.

5

6. Choose Register.

6

21–24

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Registering a Developer or Object

7. Record the key number for the developer. Write down the key, or use the “copy and paste,” function and give the key to the developer.

7

(QWHUWKH'HYHORSHU.H\ In the development system: 1. In the User name Access key field, the developer enters the key received from the system administrator.

1

The easiest way to enter the developer key is to use “copy and paste.” This function can be done either: <

From screen to screen

<

Into an intermediate file using a text editor, such as Notepad (NT) or vi (UNIX)

System Administration Made Easy

21–25

Chapter 21: SAPNet–R/3 Frontend Registering a Developer or Object

5HJLVWHULQJDQ2EMHFW :K\

Registering an SAP object provides a record of which SAP objects have been modified by the customer. The assumption is that if you requested an object access key, you will be modifying the object. If the customer modifies an object and problems arise, resolving the problem may be the customer’s responsibility. If an object is not modified and problems arise, resolving the problem is SAP’s responsibility. +RZ

In the following procedure: 1. The developer requests a developer key 2. The system administrator obtains the key 3. The developer enters the key 'HYHORSHU5HTXHVWV2EMHFW.H\

*XLGHG7RXU

1. This screen is seen by the developer when an object key is required: a. If the object Access key is blank, you need to obtain an object access key. b. Give the three object fields to the system administrator (for example, R3TR, PROG, RSPARAM). All three fields are required to obtain the object key.

b c a

c. If you are in a mixed release environment, also give the system administrator the SAP Release for the system.

21–26

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Registering a Developer or Object

7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\ 1. On the main SAPNet–R/3 screen, choose Registration.

1

2. Choose Register Objects.

2

System Administration Made Easy

21–27

Chapter 21: SAPNet–R/3 Frontend Registering a Developer or Object

3. Select the installation (for example, 820014122-R/3 SAP Tech Installation–NT/Intel/MSSQLSRV). This screen may not appear in your system. 4. Choose

4

. 3

5. Select SAP patch only if the change that is being made is an SAPprovided advanced correction, such as via an SAP note.

5 6 7

6. Enter information in the following fields: < < <

PGMID (Program ID) Object Name of the object (for example, R3TR PROG) RSP00041).

8

These three values are provided to you by the developer. (For more information, see the Enter user and SAP object key screen on page 21– 22.) 7. Enter the SAP release (for example, 46A). 8. Choose Register and deliver the key to the developer.

21–28

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Registering a Developer or Object

9. Record the key number for the object. Write down the key or use “copy and paste” and give the key to the developer.

9

(QWHUWKH2EMHFW.H\ The developer completes this step: 1. In Access key, the developer enters the object key received from the system administrator.

1

The easiest way to enter the developer key is to use the “copy and paste” function. Copy and paste can be done either from screen to screen or into an intermediate file using a text editor, such as Notepad (NT) or vi (UNIX).

System Administration Made Easy

21–29

Chapter 21: SAPNet–R/3 Frontend Opening a Service Connection

2SHQLQJD6HUYLFH&RQQHFWLRQ :KDW

A service connection allows SAPNet/OSS Hotline and EarlyWatch personnel to remotely access your system.

1RWH For security reasons: The customer opens this connection. SAP cannot access the customer’s system until the customer opens the connection. The service connection functionality is not available via SAPNet-web. :K\

<

SAPNet Hotline personnel use the connection to remotely examine and diagnose your system while investigating your question or problem.

<

EarlyWatch consultants use the connection to remotely review performance and system configuration.

1RWHYou can only specify the length of time for a connection to remain open, not the start time. To schedule the time when a service connection will open, you must apply SAP note 170102. This note is valid back to Release 3.1G. To manage your telephone expense: 1. Request that SAPNet consultants call to request that the connection be opened at a specific time for a specified duration. 2. Open the connection at the time they request. 2UGHURI$FFHVVWR6\VWHPV <

Try to first duplicate the problem in your development or test server, and have SAP access that server first.

<

As a last resort, and only if the problem cannot be duplicated on the development or test server, grant access to the production server.

:K\

Problem solving may require making an entry into the system to observe the problem. Testing is not an activity that should be done in the production system. Entering test data, even if “reversed,” could affect operational statistics. If the problem is basis related, an “accident” could result in a disaster. The Service Connection function has changed in September 1999.

21–30

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Opening a Service Connection

Review the following SAP notes for further information:

SAP Note

Description

31515

Service connections

169296

Integrating service connections into maintain system data

169329

New functions in the SAPNet as of 09/05-06/99

170102

Automatic opening of a service connection

171569

Maintaining service connection in system data maintenance2

*XLGHG7RXU

To open a service connection: 1. On the main SAPNet–R/3 screen, choose Service.

1

System Administration Made Easy

21–31

Chapter 21: SAPNet–R/3 Frontend Opening a Service Connection

2. Under Service, choose Service connection. 3. Under Service Connection, choose Service connection.

2 3

4. Scroll down to find your system. Depending on your installation, this screen will be different.

21–32

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Opening a Service Connection

5. Select the <SID> of the system to open the connection to (for example, SAS). 6. Choose

. 6

5

7. Under Service selection, select R/3 Support. 8. Choose

. 8

7

System Administration Made Easy

21–33

Chapter 21: SAPNet–R/3 Frontend Opening a Service Connection

9. To select the user contact, choose

. 9

10. Under Connections, select the appropriate type of connection. (It is usually R/3 Support). 11. Choose

. 11

10

12. Enter the duration of the connection (in Days and Hours). 13. Choose Save.

12

13

21–34

Release 4.6A/B

Chapter 21: SAPNet–R/3 Frontend Opening a Service Connection

To schedule the time when a service connection will open, you must apply SAP note 170102. This note is valid back to Release 3.1G.

14. The connection status is shown.

14

System Administration Made Easy

21–35

Chapter 21: SAPNet–R/3 Frontend Opening a Service Connection

21–36

Release 4.6A/B

&KDSWHU 5HPRWH6HUYLFHV

&RQWHQWV Overview ................................................................................................................22–2 Retrieving Files from SAP, SAPSERV4 ..............................................................22–2 EarlyWatch Session............................................................................................22–14

System Administration Made Easy

22–1

Chapter 22: Remote Services Overview

2YHUYLHZ In this chapter, readers will learn about SAPSERV4 and EarlyWatch. The information in this chapter should help the user understand how to: < Retrieve files from SAP and SAPSERV4 <

Connect to SAPSERV4

<

Download files

<

Arrange for an EarlyWatch session

5HWULHYLQJ)LOHVIURP6$36$36(59 :KDW

SAPSERV is a series of servers that contain patches and other downloadable files for customers. In this guidebook, we specifically discuss the U.S. server, SAPSERV4. The difference between the various SAPSERV servers is the name, the IP address, and the location (see table below). At present, we are not aware of any plans to move this functionality to SAPNet–Web. Location

Host

IP Address

Long Hostname

Walldorf

sapserv3

147.204.2.5

sapserv3.wdf.sap-ag.de

Foster City

sapserv4

204.79.199.2

sapserv4.sfo.sap-ag.de

Tokyo

sapserv5

194.39.138.2

sapserv5.tyo.sap-ag.de

Sydney

sapserv6

194.39.139.16

sapserv6.syd.sap-ag.de

Singapore

sapserv7

194.39.134.35

sapserv7.sin.sap-ag.de

:K\

The following types of files are retrieved from SAPSERV4:

22–2

<

Updates to the R/3 System kernel.

<

Various patches, such as: R/3 System Database SAP GUI

<

Miscellaneous downloadable files.

Release 4.6A/B

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

:KHUH

If you cannot connect to SAPSERV4, you may not be on the machine where SAProuter is installed. The SAProuters at SAP are configured to only recognize their counterpart SAProuter on the customer’s side. Therefore, you must connect from the computer where the SAProuter is installed and running. 17

You must either: < <

Be physically on the NT server where the SAProuter is installed. Use a remote control program to take over the server where the SAProuter is installed.

81,;

You must either: <

Be physically on the UNIX server where the SAProuter is installed

<

Telnet to the server where the SAProuter is installed.

+RZ

You can connect to, navigate within, and download files from SAPSERV4 using: <

Command prompt

<

Windows FTP GUI client

<

Internet browser

For ease of use and navigation, use an FTP GUI client to access SAPSERV.

&RQQHFWLQJWR6$36(598VLQJD*8,17 Using an FTP GUI client is much easier than using the command prompt. In this guidebook, we use only one of the many available FTP clients. Other FTP clients are listed in the resources section of appendix A. SAP does not endorse any particular product. Also, it is your responsibility to perform compatibility testing to determine if the software you select functions on your system without conflict (for example, without crashing the system).

System Administration Made Easy

22–3

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

3UHUHTXLVLWHV

Before attempting a connection to SAPSERV4 using a GUI, make certain that: <

The SAP service connection to SAPSERV4 has been established, tested, and is functional.

<

An FTP client is installed on the computer where the SAProuter is located.

<

The FTP client has been configured with the following parameters: IP address of SAPSERV4, 204.79.199.2 Login user ID, FTP User password Directory to download files to on the client PC (optional)

$Q([DPSOHRIDQ)73&OLHQW

*XLGHG7RXU

The following example of an FTP client is courtesy of Van Dyke Technologies. 1. Start the FTP client program. 2. Connect to SAPSERV4.

22–4

Release 4.6A/B

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

3. Navigate down the tree structure to the directory that contains the file(s) you need.

3

4. In some directories, there are informational files ( .message and *.info) that you should download and read.

4

5. Select the file(s) you want to download. *.CAR (program) files must be downloaded in binary format.

System Administration Made Easy

5

22–5

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

&RQQHFWLQJWR6$36(598VLQJWKH&RPPDQG3URPSW 1DYLJDWLQJLQ6$36(59 SAPSERV4 is a UNIX server. <

<

UNIX differences to remember for NT users: UNIX is a case-sensitive operating system, NT is not. When navigating in SAPSERV4 or downloading a file, enter the directory or filename exactly as it is displayed (for example, Rel40B is not the same as rel40b). UNIX commands differ from NT commands (for example, dir [NT] = ls [UNIX] ). Important UNIX commands: ls List (similar to the dir command in NT and DOS) cd Change directory (similar to the cd command in NT and DOS) get Get or download a file bin Switch to binary mode, to download programs bye Log off

&RQQHFWLQJDWWKH&RPPDQG3URPSW

*XLGHG7RXU

Both UNIX and NT use a command prompt window, and the commands entered are the same. The NT command prompt window is shown in the following example. The directory you are currently in is the directory into which file will be downloaded. To download the file to a different directory, change to that directory after you open the command prompt window and before you enter the FTP command.

1. Open a Command Prompt window. 2. As an option, you can change to your download directory.

2

3. Enter ftp 204.79.199.2 If your network personnel put sapserv4 into the hosts file or DNS, you can enter ftp sapverv4 after the prompt. In this example, the file(s) will download to the root directory of the C drive.

22–6

Release 4.6A/B

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

4. Enter ftp at the User prompt. 5. Enter your e-mail address at the Password: prompt.

4 5

6. From this screen, use the cd command to navigate through the directory structure. A portion of the SAPSERV4 directory structure is provided at the end of this chapter to help you navigate within SAPSERV.

In NT, to increase the screen buffer size and prevent the text from scrolling off the screen: 1. On the NT desktop, choose My Computer → Control Panel → Console→ Layout tab. 2. Under screen buffer size, increase the height to 100.

System Administration Made Easy

22–7

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

7. The navigation commands are cd and ls.

7

This is the directory for Release 4.0b HPUX Oracle 8. There are informational files (.message and *.info) that we recommend you download and read.

8

9. Remember the file you want to download, because you will enter the filename later. The files indicated are only for example.

9

22–8

Release 4.6A/B

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

'RZQORDGLQJ)LOHV < Download patches, kernels, transports, and other files in binary format. < Many of the files are in *.CAR archives. Use the CAR program to unpack these files (see Unpacking a CAR file on page 22–13).

*XLGHG7RXU

For text files ( .message and *.info), skip to step 2. 1. For binary files, such as patches, kernels, and transports (with the .CAR extension), to switch to binary mode, enter bin at the ftp prompt. 2. Enter get to download the file (for example, get sapdba_60.CAR).

1 2 4

Filenames are case sensitive. 3. Press Enter. 4. Wait for the download to finish and the ftp prompt to appear. This screen shows an example of an information file, in this case dw.info (a text file that contains the patch level of the kernel).

System Administration Made Easy

22–9

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

Scroll down to view a listing (by patch level) of what is fixed in the kernel patch.

3DUWLDO2UJDQL]DWLRQRI6$36(59 Not all directories on SAPSERV4 are listed or expanded. For those that are similar (release, database, operating system), only one is expanded in detail. Over time, the directory structure may change or be reorganized. See below for the SAPSERV4 structure.

22–10

Release 4.6A/B

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

general ----------------------------------------------------------for all corrections that generally apply to customers 3rdparty --------------------------------------------database and hardware specific adabas compaq datageneral db2 informix mssql oracle sni (Seimens) frontend patches ----------------------------------patches to the SAPGUI rel31H rel31I rel40A rel40B windows win16 win32 rel45A sapgui -----------------------------------released SAPGUI apple nt 30f 30f_r2 31G 31H 40A pre_release os2 win saplpd (spool) barcode NT WIN LPRINT alphaosf hp NT rm600 rs6000 sun WIN NT rel30F rel31G rel31H rel40A rel40B rel45A rel45B WIN R3server A abap note.*-------------------------corrections specific to a note number binaries

System Administration Made Easy

22–11

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

A

R3server abap note.*

corrections specific to a note number

binaries

NT support

i386 UNIX languages Note.*-------------------------specific note numbers patches -----------------------------------R/3 patches, where most of the downloads will be COMMON ------------------Kernel, release-independent programs NT i386 ---this dir has car.exe, sappad.exe, tar.exe OS400 UNIX NT ALPHA I386 ---------------this dir has car.exe, sappad.exe, tar.exe MSSQL rel31H rel31I rel40A rel40B -----------------------Kernel release, OS, hardware, db specific programs NT I386 MSS --------------MS SQLserver ORA --------------Oracle OS400 UNIX AIX DEC HPUX ORA HPUX_SHM RELIANT SOLARIS rel45A

22–12

Release 4.6A/B

Chapter 22: Remote Services Retrieving Files from SAP, SAPSERV4

8QSDFNLQJD&$5)LOH :KDW

A CAR file is a packaged file similar to a zip file. Like a zip file, a CAR file may contain more than one file. SAP delivers transports, patches, and other programs and files in CAR files. To use the contents of these files, you must unpack them using car.exe. 3UHUHTXLVLWHV

1. Get car.exe from SAPSERV4 (for the latest version) or from the directory NT: \usr\sap\<sid>\sys\exe\run\ UNIX: /usr/sap/<sid>/SYS/exe/run If your version of the CAR program is older than six months, replace it with the latest version. 2. Create an “unpacking” directory where you “unpack” files (for example, d:\sap\unpack). 3. Copy the file car.exe into this directory. 8QSDFNLQJD)LOH

*XLGHG7RXU

To reduce confusion: <

Begin the “unpacking” session with only the car.exe program in the unpacking directory.

<

Handle only one CAR file at a time. Complete everything for that file before proceeding to the next file.

1. Copy the file to be unpacked into the unpacking directory (for example, sapdba_64.car). 2. Open a command prompt window. 3. Change to the unpacking directory.

System Administration Made Easy

22–13

Chapter 22: Remote Services EarlyWatch Session

4. Execute the unpack command, car –xvf (for example, car –xvf sapdba_64.CAR). The file will be unpacked into the unpacking directory. 5. Move the unpacked files to where you need them.

4

6. Clean the unpacking directory by deleting all files, except the car.exe file.

6SHFLDO6$31HW1RWHV Note #

Function

29372

Unpacking CAR archives

63786

FAQ – Frequently Asked Questions: sapservX

63845

Corrections on SAPSERV4 – searching for files

96885

Downloading a front-end patch from SAPSERVx

(DUO\:DWFK6HVVLRQ :KDW

The underlying concept of EarlyWatch is to prevent problems before they occur or escalate. EarlyWatch diagnoses a system’s potential problems and resource bottlenecks so they can be resolved in advance. During an EarlyWatch session, performance experts log on to your system (into client 066) to monitor its performance, review its performance-related configuration settings, and recommend changes to your system. Analysis is done in five areas: <

R/3 configuration

<

R/3 application

<

Server

<

Workload

<

Database

EarlyWatch applies only to the production system, not the development system. The goal is for satisfactory online performance, not background performance. A system, other than the

22–14

Release 4.6A/B

Chapter 22: Remote Services EarlyWatch Session

production, is difficult to tune to a moderate degree and is almost impossible to tune optimally. This difficulty is because the activity in a development or test environment is not regular or consistent; development activity can vary greatly from week to week. :K\

EarlyWatch’s primary function is to improve the online performance of the production system. :KHQ

< <

A couple of months after going live After implementing significant changes to your system, such as: New modules Expansion of existing modules Addition of significant numbers of users to the system These and similar items change the workload to the system. This change could render the existing EarlyWatch parameters inapplicable. As your system or company conditions change, we recommend that you request a new EarlyWatch session.

You do not have to do an EarlyWatch session if your system or company conditions have remained the same. <

After experiencing significant degradation of online performance This condition should be a steady condition and not an intermittent spike.

1RWH The target response is “less than 1 second,” which excludes the network delay from the user’s PC to the R/3 System. This delay is outside the scope and control of SAP. +RZ

1. The customer contacts SAP to arrange for an EarlyWatch session at: SAP America, Inc. EarlyWatch 600 East Las Colinas Blvd, Ste. 2000 Irving, TX 75039 Tel.: (800) 677-7271 or (972) 868-2094 FAX: (972) 868-2108 2. There are prerequisites to an EarlyWatch session and you will be advised of them. These prerequisites may require technical assistance to apply. 3. The customer opens the SAP service connection to the production system for EarlyWatch. 4. EarlyWatch connects to client 066 on the production system via SAP service connection to gather data and record configuration. Client 066 is reserved exclusively for EarlyWatch.

System Administration Made Easy

22–15

Chapter 22: Remote Services EarlyWatch Session

5. Once the customer’s system is analyzed, a report is generated and sent to the customer. Recommendations may be at any of three levels: < <

R/3 System Database

<

Operating system

6. The customer reviews the report and recommendations. If you have any questions about the report, discuss them with the EarlyWatch analyst. If a recommended change seems drastic or does not make sense, discuss it with the analyst before proceeding. Mistakes have been made. Try to understand the recommendations made by EarlyWatch. As a system administrator, the R/3 System is your responsibility. 7. After the review, apply the recommendations to your system. 8. Monitor your system for signs of problems.

22–16

Release 4.6A/B

&KDSWHU 6SHFLDO0DLQWHQDQFH

&RQWHQWV Overview ................................................................................................................23–2 Changing System Profile Parameters (Transaction RZ10) ...............................23–2 Support Packages...............................................................................................23–11 Kernel Upgrade ...................................................................................................23–40 Client Copy ..........................................................................................................23–42 Production Refresh Strategies ..........................................................................23–56

System Administration Made Easy

23–1

Chapter 23: Special Maintenance Overview

2YHUYLHZ In this chapter, the reader will learn about special maintenance. This topic includes the following: < Kernel upgrade <

Client copy

<

Production refresh strategies

&KDQJLQJ6\VWHP3URILOH3DUDPHWHUV7UDQVDFWLRQ5= :KDW

The system profile parameters are what R/3 uses when it starts up. Parameters may define how many of each work process to create, the minimum length of the user password, etc. The system uses the following three parameters: < Start This parameter defines which R/3 services are started. < Default This parameter defines the profile for all instances in the system. <

Instance This parameter defines the profile for the specific instance, which allows individual application servers to be configured differently for specific tasks and users.

:K\

Change a value only for a specific purpose and only with proper knowledge of what is being changed and why it is being changed. <

If a parameter is incorrectly changed, R/3 may not start. Changing system profile parameters should only be done under the instruction of the SAP Hotline, SAP EarlyWatch, or an experienced consultant.

<

Use RZ10 to maintain your profile parameters.

<

Do not modify the files at the operating system level. This process could lead to inconsistency and confusion.

Before making changes to the system profiles, make certain that you have a recent, usable copy of the system profile files. This backup is your last line of defense if a profile change is made that results in R/3 not being able to start.

23–2

Release 4.6A/B

Chapter 23: Special Maintenance Changing System Profile Parameters (Transaction RZ10)

*XLGHG7RXU

1. In the Command field, enter transaction RZ10, and choose Enter (or from the SAP standard menu, choose Tools → CCMS → Configuration → RZ10 - Profile maintenance). 2. In the Profile field, choose

.

2

3. Select the instance or default profile as appropriate (for example, the instance profile, SAS – DVEBMGS00 – PA100767). 4 4. Choose

. 3

The profiles used by the system work in the following order: <

Start profile

< <

Default profile (for all instances in the system) Instance profile (specific to the instance you are on)

System Administration Made Easy

23–3

Chapter 23: Special Maintenance Changing System Profile Parameters (Transaction RZ10)

Use the instance profile to make the parameters of a specific application server “different” than the other servers for specific reasons (for example, a batch application server). Under Edit profiles, there are three selections: <

Administration data

<

This selection is not a maintenance mode. It is used to change the name of the file where the profile should be activated. Basic maintenance (maintenance mode) This mode allows you to set the buffers, work processes, and directories in the system profiles. It also allows you to specify the SAP components to be started (for example, message server, application server, SNA gateway, etc.) in start up profiles. This form of maintenance protects most profile parameters from being changed by potentially incorrect settings.

<

Extended maintenance (maintenance mode) This mode allows you to access all system profile parameters or start up profile entries.

5. Note the Version number of the instance profile. Step 32 in this procedure shows the version number has changed. 6. Under Edit profile, select Extended maintenance. 7. Choose

Change.

5

6 7

23–4

Release 4.6A/B

Chapter 23: Special Maintenance Changing System Profile Parameters (Transaction RZ10)

8. Click on the line above which you want the entry to be inserted (for example, abap/buffersize). 9. Choose

Parameter..

9

8

The point where you insert the new profile parameter has no effect on the process. But, to make it easier to read, you may want to group or order the parameters (for example, group the logon parameters together). Once you enter the profile parameter, it cannot be easily moved to another location. Therefore, be careful where you choose to insert it. 10. Click in the Parameter name and choose

.

10

System Administration Made Easy

23–5

Chapter 23: Special Maintenance Changing System Profile Parameters (Transaction RZ10)

11. The list that appears is long. To find the profile parameter you want 13 to add, scroll down. 12. Select the parameter. 13. Choose

. 12

14. A default value appears in Unsubstituted standard value. 15. Enter the new value in Parameter val. (for example, enter 5 to increase the minimum length to five).

17

16. In Comment, document your change by entering a description of why the change was made. The system attaches your user ID and date to your comment.

15

17. Choose Copy. 14

16

23–6

Release 4.6A/B

Chapter 23: Special Maintenance Changing System Profile Parameters (Transaction RZ10)

18. This screen shows that the system inserted your user ID and the date and time of the change into the Comment.

19

In this way, you can determine who made a profile change, and when this change was made. 19. Choose Back.

18

20. This screen shows the new parameter login/min_password_lng with a value of 5 inserted above abap/buffersize. 21. Choose Copy.

21

20

System Administration Made Easy

23–7

Chapter 23: Special Maintenance Changing System Profile Parameters (Transaction RZ10)

22. The message at the bottom of the screen indicates that the profile was changed.

23

23. Choose Back.

22

24. In Version, note the profile’s version number.

25

25. Choose Save. 24

26. Choose Yes.

26

23–8

Release 4.6A/B

Chapter 23: Special Maintenance Changing System Profile Parameters (Transaction RZ10)

27. Choose

.

27

28. Choose

.

28

Only if you have operation modes configured, will this screen appear. If this screen does not appear, skip to step 32. 29. Double-click on Yes. 29

System Administration Made Easy

23–9

Chapter 23: Special Maintenance Changing System Profile Parameters (Transaction RZ10)

30. Review the check log. 31. Choose

31

.

32. Note that the profile’s version number has changed.

32

Use transaction RZ11 to get the details of a specific profile parameter.

23–10

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

6XSSRUW3DFNDJHV :KDW

1RWH < Hot Packages are now known as R/3 Support Packages < Legal Change Patches (LCP) are known as R/3 HR Support Packages A Support Package is a collection of corrections that address serious errors in the ABAP repository. These corrections affect the Basis and functional areas. There are defined rules about what kind of fixes should be (and are) included in a Support Package. Some rules are technical while other rules are policy. A Support Package is not a cumulative fix for application modules. You must still get and apply the notes for the functional modules. However, since Support Packages contain patches for the various functional areas, some of the notes may be applied in the Support Package. The Support Package is not supposed to contain functional enhancements, but this is not always the case. :K\

The purpose of a Support Package is to fix problems before they become problems. :KHQ

There is a conflict about when Hot Packages should be (and are) applied: <

To prevent serious problems, SAP’s position is that customers should apply all Support Packages as they are released..

<

The position of many customers is that all system changes must be regression tested. This stance, with the frequency of Support Package releases, results in the Support Packages not being applied. The reason is that the amount of testing required cannot be done continuously This customer position is not unique to SAP and has been taken by many customers since the early days of computing.

SAP development is working on ways to make Support Package application easier.

1RWH As of Release 4.5, Hot Packages have been separated from the HR Legal Change Patch (HR LCP). This separation allows LCPs to be applied quickly, to be in legal compliance, and not applying Support Packages before they are scheduled to be applied. Before Release 4.5, the LCP contained the Hot Packages; applying a LCP also meant applying the Hot Package.

System Administration Made Easy

23–11

Chapter 23: Special Maintenance Support Packages

6WUDWHJ\ Obtain the notes related to the Support Package, and review what it fixes: <

If there is nothing in the Support Package that applies to you, do not apply it.

<

If there is something in the Support Package that applies to you: Determine if the entire Support Package (or just the note) must be installed. If the Support Package is to be installed, treat the installation as a “mini-upgrade.”

+LJK/HYHO3URFHVVRI$SSO\LQJ6XSSRUW3DFNDJHV Applying Support Packages 1. Determine what Support Packages have been applied to your system. 2. Get and review the notes for the Support Package(s). 3. Determine if the Support Package should be or needs to be applied. Steps 4 through 9 assume that the Support Package is to be applied and are repeated for all Support Packages that are to be applied at the current time. 4. Obtaining the Support Package Depending on the size of the Support Package, it can be obtained three ways: < Download it from the SAPNet–R/3 (formerly OSS). This option is size limited, so large Support Packages cannot be downloaded via SAPNet–R/3. < Download it from SAPNet–Web. < Upload it from the Support Package collection on CD. The Support Package collection contains all Support Packages available at that point in time. Download from SAPNet – R/3 (OSS)

Download from SAPNet –Web

Support Package collection on CD

5. Request the Support Package from the SAPNet–R/3.

5. Download the Support Package.

5. Request the Hot Package collection.

6. Download the Support Package.

6. N/A

6. Upload the Hot Package.

7. Apply the Support Package. 8. Execute the regression test. 9. When successful, confirm the Support Package.

23–12

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

'HWHUPLQLQJ:KDW6XSSRUW3DFNDJHV+DYH%HHQ$SSOLHG

*XLGHG7RXU

0HWKRG

1. From the menu bar, choose System → Status. 2. On the right-hand side of this screen, under SAP System data, for additional choose component information.

2

3. Choose the Patches tab. 3

System Administration Made Easy

23–13

Chapter 23: Special Maintenance Support Packages

4. In this example, the following patches have been applied: < SPAM update 17-Sept-99 < Support Package 01 for 4.6A Patch status values are: < N – The patch has not yet been applied. < I – Patch has been successfully applied. < ? – Patch application has been aborted.

The Support Package name is interpreted as follows: < SAPKH<sequence_number> < SAPKH46A01, interpreted as SAPKH / 46A / 01, is for Release 4.6A and is the first Support Package. 0HWKRG

1. In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools → ABAP Workbench → Utilities → Maintenance→ SPAM - Patches). 2. Select Applied patches. 3. Choose

Display.

2

3

23–14

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

This screen shows: 4. Under Applied Patches: a. SPAM Update version level. b. Hot Packages / Support Packages applied.

4

In this example, the following patches have been applied: SPAM update 17-Sept-99 Support Package 01 for 4.6A

*HWWLQJ,QIRUPDWLRQRQWKH6XSSRUW3DFNDJHIURP6$31HW²5

*XLGHG7RXU

1. Choose Service. 2. Choose SAP Patch Service. 3. Choose R/3 support packages.

1 2 3

System Administration Made Easy

23–15

Chapter 23: Special Maintenance Support Packages

4. Search the extended list for your release. 5. Click the node (+) to the left of your release to select it. 6. Choose

6

.

5

From this screen, you can view the: a. SPAM update This is the SAP Support Package Manager (formerly Patch Manager). Download and apply the current version before applying any Support Package.

10

b. Hot Packages Extra Large indicates that the Hot Package may not be downloadable. 7. To display the notes for a specific Support Package, select it, then choose Notes for patch.

23–16

a b

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

8. To view all notes, click the node (-) to the left of Application areas. 8 9. Choose Expand. From this screen, you may view one of the following: < All notes < A specific note

9

7R9LHZ$OO1RWHV 1. Right-click anywhere on the screen. 2. Select Download list from the popup menu (not shown).

System Administration Made Easy

23–17

Chapter 23: Special Maintenance Support Packages

3. Select unconverted. 4. Choose

.

3

4

5. in the File name field , enter the where you want to save the notes. 6. Choose Transfer.

5

6

This screen shows the saved note list as read by a text editor or word processor.

23–18

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

To create a file of all notes (in case there are too many notes to go through individually on the screen): 7. Choose Select all. 8. Choose List selection.

7

8

9. Choose Download to download the notes to a file.

9

System Administration Made Easy

23–19

Chapter 23: Special Maintenance Support Packages

10. Choose No related copy.

10

11. Choose No. Here you only want to review the notes, not to register the object for change. After reviewing the notes, you may decide not to install the Support Package.

11

1RWH The duration of the download depends on the number of notes addressed by the Support Package. It could take 20 minutes (or more) to download the notes for a large Support Package. 12. Enter the path to your local PC and create a name for the file.

12

13. Choose Transfer. 13

23–20

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

7R9LHZD6SHFLILF1RWH 1. Double-click the node (+) to expand an individual branch (for example, BC). 2. Double-click the node (+) for BCCCM, BC-CCM-PRN and BC-CCMPRN-SPO.

1

2

3. Under BC-CCM-PRN-SPO, select note 0168529. 4. Choose Choose.

3

4

This screen shows the SAP note.

System Administration Made Easy

23–21

Chapter 23: Special Maintenance Support Packages

5HTXHVWLQJ63$0RUD6XSSRUW3DFNDJHIURP6$31HW²5

*XLGHG7RXU

1. Choose Service. 2. Choose SAP Patch Service. 3. Choose R/3 support packages.

1 2 3

4. From the Support Packages screen, select one of the following: < SPAM update < R/3 Support Package

5

5. Choose Request patch.

4

23–22

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

6. Select the installation that the patch is for. 7. Enter the <SID> for the system (for example, SAS). 8. Choose Continue. 6

7

8

9. The message in the status bar indicates that the patch request has been generated. 10. The next step is to download the patch (see the next section, Downloading SPAM or a Support Package).

9

System Administration Made Easy

23–23

Chapter 23: Special Maintenance Support Packages

'RZQORDGLQJD6XSSRUW3DFNDJH+RW3DFNDJH ²6$31HW²5 <

Always plan to first apply the Support Package on a test server to assure it will not create a problem.

<

Back up the test server before applying the Support Package.

3UHUHTXLVLWH

The Support Package(es) must have been requested for the system/<sid> to which you are downloading it.

*XLGHG7RXU

1. Log on to client 000, under any user that has the SAP* equivalent authorizations. 2. In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools → ABAP Workbench → Utilities → Maintenance → SPAM-Patches). 3. Choose

.

3

From this window you can specify which Hot Packages to download. 4. Select the Hot Package (if not already selected). 5. Choose

4

. 5

23–24

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

This screen shows the EPS Transmission (download) monitor: a. Progress bar with the Size [MB] of the Hot Package.

b

b. Elapsed Transmission time for the download.

c

c. Remaining time to complete for the download. 6. A message indicates that the SPAM or Hot Package download has finished.

a

7

7. Choose Back.

6

Make sure that the directory /usr/sap/trans/EPS/in has enough space to download the Hot Package.

8SORDGLQJWKH6XSSRUW3DFNDJHIURPD&'RU6$31HW²:HE Large Support Packages (those too large to download from the SAPNet–R/3) are available via the following two methods: <

Support Package Collection CD

<

SAPNet–Web

SAP periodically releases a Support Package Collection CD, which contains all the released Support Packages up to a certain date.

System Administration Made Easy

23–25

Chapter 23: Special Maintenance Support Packages

6XSSRUW3DFNDJH&ROOHFWLRQ&' 1. Load the CD containing the patches. 2. Log on to the operating system as: <

NT:

<

UNIX: <sid>adm

<SID>adm

3. Change to the transport directory. <

NT:

<

UNIX: /usr/sap/trans

:\usr\sap\trans

4. Unpack the patch archive. <

NT:

<

UNIX: CAR –xvf ///.CAR

CAR –xvf :\\.CAR

6$31HW²:HE 1. Log on to the operating system as: <

NT:

<

UNIX: <sid>adm

<SID>adm

2. Copy the downloaded patch files (example kh46a02.car) into an “unpack” directory. 3. Unpack the patch file by entering: car –xvf <patch-file> 4. Copy the unpacked files from the EPS\in directory to the directory to upload patches:

23–26

<

NT:

<

UNIX: /usr/sap/trans/eps/in

:\usr\sap\trans\eps\in

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

*XLGHG7RXU

The next step is to upload the patch from the operating system into R/3. 1. Log on to client 000, under any user that has SAP*-equivalent authorizations. 2. In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools → ABAP Workbench → Utilities → Maintenance → SPAM-Patches). 3. From the menu bar, choose Patch → Upload.

4. Choose

3

.

4

5. Check that the Support Packages have successfully uploaded. 6. Choose Back.

6

5

System Administration Made Easy

23–27

Chapter 23: Special Maintenance Support Packages

7. Select All patches. 8. Choose

Display.

7 6

9. The patch is under New patches.

9

23–28

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

8SGDWLQJ63$0 3UHUHTXLVLWHV

<

The R/3 System should not be active, which means that no: Users are logged on Jobs are running

<

All application servers should be shut down.

<

The current SPAM update should have been downloaded from either SAPNet-R/3 or from SAPNet–Web. When using SAPNet–Web, the unpacked SPAM update files (.ATT and .PAT) should have been moved to the /usr/sap/trans/EPS/in subdirectory.

<

If a SPAM update is available, apply it before any Support Packages. Some Support Package changes require the new SPAM program to properly update the system.

*XLGHG7RXU

Log on to client 000, under any user that has SAP*-equivalent authorizations (not SAP*). 1. In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools → ABAP Workbench → Utilities → Maintenance→ SPAM-Patches). 2. To upload the SPAM update file, from the menu bar, choose Patch→ 2 Import SPAM update.

System Administration Made Easy

23–29

Chapter 23: Special Maintenance Support Packages

3. Choose

.

3

4. Choose

.

4

After applying the SPAM update, SPAM must restart to use the latest version. 5. Choose

.

5

6. Restart transaction SPAM. 7. Note the version number change. 8. Select All patches. 9. Choose

7

Disp.

8 9

23–30

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

10. You will see the SPAM update under Applied patches.

10

$SSO\LQJWKH6XSSRUW3DFNDJH 3UHUHTXLVLWHV

<

<

The R/3 System should not be active, so no: Users are logged on Jobs are running All application servers should be shut down.

<

The current SPAM update should have been downloaded from SAPNet and applied.

<

The following programs should be updated to the latest version: r3trans tp The Hot Package should have been downloaded from SAPNet or uploaded from the CD.

<

System Administration Made Easy

23–31

Chapter 23: Special Maintenance Support Packages

*XLGHG7RXU

1. Log on to client 000 under any user that has SAP*-equivalent authorizations (not SAP*). 2. In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools → ABAP Workbench → Utilities → Maintenance→ SPAM-Patches). $GGLQJWKH+RW3DFNDJHWRWKH3DWFK4XHXH

3. From the menu bar, choose Patch→ Upload.

3

4. Select the component to import. In this case, the Support Package is under SAP_APPL. 5. Choose

. 4

5

6. Verify the patch to upload is selected. 7. Choose

. 6

7

23–32

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

'HILQHWKH3DWFK4XHXH

1. Choose Display/define to define a patch queue.

1

2. Verify that the patch is selected. 3. Choose

. 2

3

System Administration Made Easy

23–33

Chapter 23: Special Maintenance Support Packages

$SSO\LQJWKH+RW3DFNDJH

1. The name of the first support package appears in Patch queue. 2. Choose

to apply the patch queue. 2 1

3. Choose

.

3

4. Choose

.

4

1RWH Depending on the size of the Hot Package, the patch application process could run for a long time.

23–34

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

&KHFNWKH3DWFK/RJ

1. Choose

.

1

2. Review the return codes. Values greater than 4 indicate a failure.

3

3. Choose Back. 2

At this point, regression testing should be performed on the Hot Package. If several Hot Packages are going in as a group, the option is to confirm them after applying and then perform the regression testing.

System Administration Made Easy

23–35

Chapter 23: Special Maintenance Support Packages

&RQILUPWKH3DWFK

1. Choose

.

The next Hot Package cannot be applied until the previous one is confirmed.

1

2. Check the status bar to see if the patch queue was confirmed.

2

23–36

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

9HULI\WKH3DWFK$SSOLFDWLRQ

1. Select All patches. 2. Choose

Display.

1 2

3. The support packages are found in the Applied patches section.

3

2EMHFW&RQIOLFWV :KDW

Object conflicts occur when SAP objects (such as programs, tables, etc.) that you modified are included in a Support Package. :K\

If an object has been modified by you and is being changed in the Support Package, you could lose your modifications. This problem usually occurs with an “advanced correction,” where a fix is incorporated in a future release of the R/3 System, and the advanced correction is available before the future release.

System Administration Made Easy

23–37

Chapter 23: Special Maintenance Support Packages

([DPSOH If you are on Release 4.0B and experience a problem. Your problem has already been fixed in a higher release (for example, Release 5.0). You do not have to wait for the upgrade. The fix is available now for you to make as an advanced correction to your system. Support Packages may not always include this correction. Thus, after applying the package, you may have to reapply the correction. +RZ

<

Determine if the change is (or is not) included in the Support Package by: Reviewing the code comparison (transaction SPAU) Checking if the advanced correction is from a future release If so, it probably will not be included in the Support Package. Checking if the change is your own modification

<

If the change is included in the Support Package, return to the SAP standard, which will simplify future system maintenance.

<

If the change is not included in the Support Package: 1. Check to see what needs to be done to reapply the modification. 2. Apply the modification. 3. Test the modification. This process is the same as that performed during an upgrade.

23–38

Release 4.6A/B

Chapter 23: Special Maintenance Support Packages

5HJUHVVLRQ7HVWLQJ Regression testing is necessary because many objects in many functional areas may be affected by changes from a Hot Package. All functional areas must perform regression tests to verify that a Hot Package does not create new problems as it fixes old ones. A Hot Package is a “mini-upgrade,” especially if it is large (for example, Release 4.0B, Hot Package 10). All existing processes should continue to function as they did before the Hot Package was applied. A review of the notes related to a Hot Package indicates what specific tests need to be performed by the technical and functional team. As during the implementation, the functional teams should have a script of test procedures to test the system. This script could also be used in the regression test.

8VHIXO6$31HW²5)URQWHQG1RWHV SAP Note #

Description

19466

Downloading a patch from SAPSERVx

33525

Important information about SAP patches < 3.1H

53902

Conflicts between Hot Packages/LCPs and Add-ons

62119

Obtaining extra large patches

73510

Problems during upgrade of patched source releases

82264

Important information about SAP patches >= 3.1H

83458

OCS Info: Downloading patches from SAPNet

84962

Info: SPAM update

85820

Patch is not displayed in patch queue

86241

HR Legal Change Patches for the HR component

87432

Contents of and applying LCPs

89089

Configuration of R/3 Systems for LCPs

97620

OCS Info: Overview of Important OCS Notes

97621

OCS Info: Online Correction Support (OCS)

97623

Patch types

97630

Known problems with patches >= 3.1H

104664

Applying patches from CD

119738

Problems during upgrade with too new Hot Packages

173814

Known problems with patches Release 4.6

System Administration Made Easy

23–39

Chapter 23: Special Maintenance Kernel Upgrade

.HUQHO8SJUDGH :KDW

The kernel upgrade process is the replacing of operating system level files (the kernel files) with updated versions of these files. <

Special notes on the kernel version: It is now independent of the R/3 release. The kernel is backward compatible, which means that a user could be running a Release 3.0F with a 3.1I kernel. If you are on a release before 3.1I, review documentation to determine which kernel version is applicable to your release.

You must remember the R/3 release and kernel version you are running. After the kernel is upgraded, apply kernel patches for the upgraded version of the kernel. Do not apply kernel patches for the old version of the kernel. When getting which patches, remember that your R/3 release stays the same, regardless of which version your kernel changes to. On rare occasions, a SAP note instructs you to apply a fix based on the R/3 release of the system; not the kernel version. All servers in a system must be on the same version of the kernel. :K\

Kernel upgrades are normally done to fix “bugs” or other problems in the kernel. Some kernel upgrades provide enhanced functionality. +RZ

To upgrade the kernel: 1. Review all applicable documentation: <

Kernel instructions

<

SAP notes

<

Upgrade manual

2. Always first perform the upgrade on a test server. 3. Obtain the new kernel from:

23–40

<

SAPSERV4

<

This route is more current than getting the kernel via CD (see chapter 13, Retrieving files from SAP, SAPSERV4). Distribution CD (if provided)

Release 4.6A/B

Chapter 23: Special Maintenance Kernel Upgrade

<

The kernel files are: dw1_nnn.CAR dw2_nnn.CAR In this filename, nnn is the patch level (for example, dw1_114.CAR.)

4. Unpack the kernel files (see chapter 13, Retrieving files from SAP, SAPSERV4 for the unpacking procedure). 5. Back up the system at the database and operating system levels. 6. Stop the R/3 System. 7. Stop the SAP services that are using the kernel files (NT). 8. Backup the kernel directory NT:

:\usr\sap\<sid>\sys\exe\run

UNIX:

/usr/sap/<sid>/sys/exe/run

Copy the current kernel files to a backup directory, to be prepared in the event that you need to restore back to the old version if a problem occurs with the new version. 9. Copy the new kernel files into the kernel directory This replaces the old programs with the new programs. 10. Perform any special instructions contained in: <

Kernel instructions

< <

Online Service System notes Upgrade manual

11. Restart. 5HVWDUW2SWLRQ 1. Restart the SAP services that are using the kernel files (NT). 2. Start the R/3 System 3. Check the R/3 logs. 4. Monitor the system and system logs for problems. 5HVWDUW2SWLRQ 1. Restart the server. 2. Check all logs for: <

Operating system

<

Database

3. Start the R/3 System 4. Check the R/3 logs 5. Monitor the system and system log for problems.

System Administration Made Easy

23–41

Chapter 23: Special Maintenance Client Copy

&OLHQW&RS\ :KDW

The client copy function copies client-dependent customizing and data. Client copy allows the copy or transport of the complete customizing environment from a source client to a target client within the same system (instance) or to another system. Tables are selected based on their delivery class.

Client copy is not meant to copy client-independent objects, such as ABAP programs and table structures. If a table is changed to add an additional field, and the added field is then populated with data, the table change is not copied to the target system. Thus, the data in the additional field is not copied. 6SHFLDO1RWHV Read the current online documentation on client copy. The client copy programs and functionality improve and change significantly with each new release. To access the online help documentation on client copy: 1. From the menu bar, choose SAP Library 2. In the left frame, click the node (+) next to SAP Library. 3. Click the node (+) next to Basis Components. 4. From the list that appears, choose Change and Transport System (BC-CTS) 5. Choose Client Copy and Transport. 6. In this screen, click the node (+) next to Client Copy and Transport. 7. Click the node (+) next to Client Copy and you will see the following list of files: < Technical Background < Copy profiles < Authorizations < Maintaining clients < Copying clients within the Same System < Copying Clients Between Systems < Transporting Clients Between Systems < Copying Transport Request within the Same System < Deleting Clients < Displaying Copy Logs

23–42

Release 4.6A/B

Chapter 23: Special Maintenance Client Copy

< <

Restarting Client Copy Error Handling

You cannot separate “master” data from “transaction” data.

The developer of client copy maintains several informational SAP notes. Do a SAP note search on component BC-CTS-CCO and search for notes beginning with CC*.

8VHIXO6$31RWHV SAP Note #

Description

7312

Create client 066 for EarlyWatch

13391

Deleting/resetting a client (up to 3.0F)

24853

CC info: Client copy, functionality in 3.0, 4.0

47502

CC-TOPIC: Remote Client copy

69556

CC-TOPIC: Missing tables and data

70643

CC-TOPIC: Delete client

84504

CC-TOPIC: SM29 transfers data in spite of Cancel

3URFHVVLQJ1RWHV During the copy process, do not work in the source client or the target client. The target client is locked for all users except SAP* and DDIC. Since large volumes of data are involved, copying a client could take several hours. If you are copying a large productive client, the copy time could take upwards of a day. For client copy of a large client, see SAP note 67205. Due to the long run time, the probability of an abnormal termination due to external factors is high. A client copy produces a large amount of log activity. If this directory runs out of space, the database will stop. Turn off logging (i.e., truncate on checkpoint) or monitor the filespace in the directory where the log file(s) is located.

System Administration Made Easy

23–43

Chapter 23: Special Maintenance Client Copy

6HFXULW\

To perform a client copy, the user ID of the person doing the copy must have the same authorizations in the source client and in the target client. A system administrator with the same authorizations as user SAP* will have all the required authorizations.

&UHDWLQJD&OLHQW

*XLGHG7RXU

1. In the Command field, enter transaction SCC4 and choose Enter (or from the SAP standard menu, choose Tools → Administration, then Administration → Client admin → Client maintenance). 2. Choose

.

2

3. Choose

.

3

23–44

Release 4.6A/B

Chapter 23: Special Maintenance Client Copy

4. Choose New entries.

4

5. In Client, enter the client number (for example, 100) and name (for example, test client for docu).

13

5 6

Do not use clients: 000,001, or 066. These clients are reserved for 9 SAP.

7 8

6. In City, enter the city name (for example, Palo Alto). 7. In Std. Currency, enter the standard currency for the client (for example, USD). 8. In Client role, choose role for the client.

10

to select the 11

9. Under Changes and transports for client-dependent objects, select the appropriate option. In this case we selected Automatic recording of changes.

12

10. Under Client-independent object changes, choose and select the appropriate option. In this screen, we selected Changes to Repository and client-ind.

System Administration Made Easy

23–45

Chapter 23: Special Maintenance Client Copy

Customizing allowed. 11. Under Protection: Client copier and comparison tool, choose and select the appropriate entry. In this screen, we selected Protection level 0: No restriction. 12. Under Restrictions, if CATTs are allowed to be executed, select Allows CATT processes to be started. 13. Choose Save. 14. The new client is listed. In later steps, this new client may be referred to as the “target client.”

14

15. To log on to the “new client,” enter SAP* for the user and PASS for the password. SAP* with the default password PASS is a known user ID password. Do not leave the client in this condition for longer than absolutely needed. Once the client copy is complete, verify that the passwords for all system user IDs in the new client are secure.

23–46

Release 4.6A/B

Chapter 23: Special Maintenance Client Copy

&RS\LQJD&OLHQW

*XLGHG7RXU

&RS\LQJRQWKH6DPH6\VWHP6,' To copy a client on the same system/<sid>, do a “local client copy.” 1. To log on to the “target client,” enter sap* for the user ID and pass for the password. Be sure you are logged on to the correct target client. If you are on the wrong client, you will destroy that client. 2. In the Command field, enter transaction SCCL and choose Enter (or from the SAP standard menu, choose Tools → Administration, then Administration → Client admin → Client copy → Local copy). to 3. In Selected profile, choose select a copy profile that matches your requirements. 4. In Source client, enter the source client number (for example, 001). 5. If your user masters will be copied from a specific client, in the Source client user masters field, enter this client number (for example, 001).

6 3 4 5

6. Choose Schedule as background job.

You will be taken to the background scheduling screen to complete the task. 7. In Background server, choose to select the server on which to run the client copy.

7

System Administration Made Easy

23–47

Chapter 23: Special Maintenance Client Copy

8. Select the server to run the client copy on. 9. Choose

.

8 9

10. Choose Schedule job.

10

11. Choose Continue.

11

23–48

Release 4.6A/B

Chapter 23: Special Maintenance Client Copy

At this point, the scheduling proceeds as in scheduling any other background job.

12

12. To begin the copy immediately, select Immediate. 13. Choose

Check.

14. Choose Save.

13

15. In Output device, enter the printer name (for example, dcba). 16. Choose

14

15

.

16

System Administration Made Easy

23–49

Chapter 23: Special Maintenance Client Copy

17. Choose

.

17

18. The displayed message indicates the job was successfully scheduled. 19. Choose

.

18

19

&RS\LQJWRD'LIIHUHQW6\VWHP6,' To copy a client to a different system/<sid>, do a “remote client copy.” 3UHUHTXLVLWH

In the target system, the: < Source system needs to be set up in transaction SM59. < Client must have been created. Copying from one system to another using remote client copy uses the RFC interface, therefore, there is no intermediate storage on disk.

*XLGHG7RXU

1. Log in to the target system and client. Be sure you are logged in to the correct target client. If you are on the wrong client, you will destroy that client. 2. In the Command field, enter transaction SCC9 and choose Enter (or from the SAP standard menu, choose Tools → Administration → Administration → Client admin → Client copy → Remote copy).

23–50

Release 4.6A/B

Chapter 23: Special Maintenance Client Copy

3. In Selected profile, choose to select a profile that matches your requirements. 4. In Source destinat., use for a list of available RFC destinations, and choose the source system.

3 4

5. Verify the source System name and Source client.

6. In Background server, choose select a background server.

5

to

7. Choose Schedule job. 7

6

8. Choose Continue.

8

System Administration Made Easy

23–51

Chapter 23: Special Maintenance Client Copy

9. From this point, schedule the job as you would any other background job.

10. When you have finished scheduling the client copy, this message window will appear.

3RVW&OLHQW&RS\7DVNV <

<

Secure the passwords for SAP* and DDIC in the new client. If you copied the user master, the user IDs and passwords for those users have been copied from the source client. When you create a new client, immediately change the default passwords for user SAP*. The default password is well known and has been posted on the Internet. Always have at least two administrative user IDs for each client, so you do not lock yourself out of the client. SAP* and DDIC should only be used for tasks that require those user IDs be used. A better solution is to create an administrative user ID, which is a copy of the user SAP*.

'HOHWLQJD&OLHQW To delete a client, there are two options: <

The Delete Client transaction, SCC5.

<

The R3TRANS program (see SAP note 13391).

We recommend that you use SCC5 to delete the client.

23–52

Release 4.6A/B

Chapter 23: Special Maintenance Client Copy

Before deleting a client, in the event of a major problem (for example, deleting the wrong client), make certain you have a usable backup of the system. 'HOHWH&OLHQW7UDQVDFWLRQ

*XLGHG7RXU

1. Log on to the client that will be deleted. Be sure you are logged in to the client you want to delete. If you are on the wrong client, you will destroy that client. 2. In the Command field, enter transaction SCC5 and choose Enter (or from the SAP standard menu, choose Tools → Administration→ Administration → Client admin → Special functions → Delete client). 3. Verify the Client to be deleted (for example, 500). The Client to be deleted field is a “nonchangeable” field and is the client onto which you log. If the client number is incorrect, you are logged onto the wrong client.

5 3 4

4. Select Delete entry from T000. 5. Choose

Background.

to 6. In Background server, choose select the server to run the delete job. 7. Choose Schedule job.

7

6

System Administration Made Easy

23–53

Chapter 23: Special Maintenance Client Copy

8. Select Continue. From this point, the process is the same as scheduling a background job.

8

5HYLHZLQJWKH&OLHQW&RS\/RJ 1. Log on to another client. 2

2. In the Command field, enter transaction SM37 and choose Enter. 3. In User name, enter the user ID that the client copy job was run under (for example, garyn). 4. Choose

23–54

4 3

Execute.

Release 4.6A/B

Chapter 23: Special Maintenance Client Copy

5. Select the client copy entry. 6. Choose

Job log. 6

Review the log.

7. At the bottom of the log is the message that the job has successfully finished.

7

System Administration Made Easy

23–55

Chapter 23: Special Maintenance Production Refresh Strategies

3URGXFWLRQ5HIUHVK6WUDWHJLHV Because data in the target system is being replaced, refreshing a system is an inherently dangerous.

:KDW

Production refresh is where the other systems are refreshed with data from the production system. After the copy, actual production data exists in the test system. This data poses data security issues which must be addressed by the various data owners. It is more critical if the HR system is installed, because personnel records are sensitive. Financial, sales, and other data may also be company sensitive. :K\

Refreshing a system from the production system helps: < <

Get production data into the test environment. Sync the configuration in the test and development systems with the production system. Over time, the configuration of the various systems could drift apart and not match the production system.

<

Prepare for an upgrade. You want the test system to mirror the production system, so that the upgrade in the test system mirrors everything you will encounter into in the production system.

:K\1RW

In the recent past, the standard procedure was to create your own test data. One major reason was that disk storage space was expensive. Here are some are reasons for not to refresh the system:

23–56

<

Data storage is expensive Even with cheaper disks, the volume of data more than makes up any savings. With several copies of the entire production database, the total of all the databases could approach a hundred gigabytes for a small company to a terabyte (or more) for a large company.

<

Data security Data from the production system is “real.” Even if it is old, it could be confidential and sensitive. The development and test systems are, then, subject to the same high level of security as the production system. Created test data is “fake” and everyone knows that. There is much less issue with data confidentiality or sensitivity.

Release 4.6A/B

Chapter 23: Special Maintenance Production Refresh Strategies

+RZ

There are two ways to refresh a system: <

Database copy of the production system

<

Client copy of the production client

'DWDEDVH&RS\RI3URGXFWLRQ6\VWHP A database copy is done by copying the entire production database. %HQHILWV <

The “refreshed” system will be a duplicate of the production system. Client-independent changes will also be captured and copied to the target system.

<

The copy can be made using standard backup tapes, so there is no impact on the production system. Making a copy also tests your backup and restore process.

'LVDGYDQWDJHV <

<

All revision history of the “refreshed” system is lost, which is usually: Acceptable for the test/QA system Not acceptable for the DEV system because version history is lost. The target database needs to be as large as the PRD database.

<

After the copy, the target system must be reconfigured.

<

The target system loses its client structure and become a duplicate of the client structure of the PRD system. If the PRD system has one client and the QAS system has three clients, after the database copy, the QAS system will have one client. The other two clients are lost.

&OLHQW&RS\RIWKH3URGXFWLRQ6\VWHPZLWK'DWD A client copy is done by performing a client copy of the active client from the PRD system (instead of copying the entire database, like a database copy). $GYDQWDJHV <

Unlike a database copy, the target system does not have to be reconfigured.

<

The target system does not lose its client configuration.

'LVDGYDQWDJHV <

A client copy requires that the source and target systems are not in use during the copy. Having both systems out of use may not be a practical action for many companies because the amount of time required to do the copy could be significantly greater than the amount of time that the production system can be “down.”

<

If there are any client-independent objects (programs, table structures, etc.) that have been changed and are not the same in the two systems, these objects will not be copied (refer to the sections on Client Copy below).

System Administration Made Easy

23–57

Chapter 23: Special Maintenance Production Refresh Strategies

&OLHQW&RS\RIWKH3URGXFWLRQ6\VWHP²:LWKRXW'DWD In this option, only a basic client copy is performed (including customizing), but no master or transactional data, and possibly no user data. All test data is loaded into the new client using the following tools: <

Computer Assisted Test Tools (CATT)

<

Data Transfer Workbench

$GYDQWDJHV In addition to the benefits of the client copy above: <

You can control the data being loaded into the new client. Data can be created to test specific items. You are not subject to the randomness of real data to test specific items. Real data may (or may not) have the appropriate data to test specific test items. In this case, test data has to be created anyway.

'LVDGYDQWDJHV These are the same as for a client copy with data above.

23–58

Release 4.6A/B

$SSHQGL[$8VHIXO7UDQVDFWLRQV

&RQWHQWV Useful Transactions............................................................................................... A–2

System Administration Made Easy

A–1

Appendix A: Useful Transactions Useful Transactions

8VHIXO7UDQVDFWLRQV System administrators may find the following transactions useful. Although many of the transactions are not discussed in this guidebook, we are listing them for your convenience. Many of these transactions are for more “advanced” functions than targeted in the scope of this guidebook.

7UDQVDFWLRQ&RGH6ZLWFKHV /n

/nspad

Exit the current transaction and start the new transaction

/o

/ospad

Open a new session (window) and start the new transaction

7UDQVDFWLRQ&RGH7DEOH The following are definitions of two of the column headers. < Dangerous These transactions are potentially damaging or fatal to the system if executed incorrectly. As a general rule, most of the Basis transactions are potentially damaging. Access to these transactions should be restricted in all systems. Access to some of these transactions should be even further restricted in the production system. <

Performance Impact These transactions could have a potentially adverse impact to system performance if executed. Traces and table display are the transactions of concern here. The problem with a table display occurs when the query does a “full table scan” for data. When done on a large table, this query has serious impact on performance because the system searches every record in the table to find those that meet the search criteria.

A–2

Release 4.6A/B

Appendix A: Useful Transactions Useful Transactions

Transaction

Description

AL02

Database Alert Monitor (not supported for MS SQL Svr 7.0)

AL03

Operating System Alert Monitor

AL05

Workload Alert Monitor

AL08

Current active users (in system)

AL11

Display operating system file from CCMS

AL12

Display table buffer (buffer synchronization)

BALE

ALE administration and monitoring

DB01

Exclusive waits in Oracle database

DB02

Database performance; tables and index

DB03

Parameter changes in database

DB05

Analysis of table with respect to indexed fields

DB12

Backup logs

DB13

DBA planning calendar

DB14

DBA logs

DB20

Generate table statistics

OSS1

Online Service System logon

RZ01

Graphical background job scheduling monitor

RZ02

Network graphical display of instance

RZ03

Server status, alerts, maintain operations mode

RZ04

Maintain operations mode and instance

RZ06

Maintain alert threshold

RZ08

CCMS Alert Monitor

RZ10

Maintain system profiles

RZ11

Display profile parameter attributes

RZ20

Alert Monitor 4.0

RZ21

Maintain settings for Alert Monitor 4.0

SA38

ABAP reporting

SCAM

CATT management

System Administration Made Easy

Dangerous

Performance impact

X

A–3

Appendix A: Useful Transactions Useful Transactions

Transaction

Description

SCAT

Computer Aided Test Tool

SCC1

Client copy transport

SCC3

Client copy log

SCC4

Client copy administration

X

SCC5

Delete clients

X

SCC6

Client import

X

SCC7

Client import – post processing

SCC8

Client export

SCC9

Remote client copy

X

SCCL

Local client copy

X

SCMP

Table comparison

SCU3

Table history

SE01

Transport organizer

SE03

Workbench organizer: tools

SE06

Set up workbench organizer

SE09

Workbench organizer

SE10

Customizing organizer

SE11

Data Dictionary maintenance

SE12

Data Dictionary display

SE14

Utilities for ABAP Dictionary tables

SE15

Repository Info System

SE16

Display table content

SE17

General table display

SE38

ABAP editor

SECR

Audit Information System

SEU

R/3 Repository Browser

SFT2

Maintain public holiday calendar

SFT3

Maintain factory calendar

SICK

Installation check

A–4

Dangerous

Performance impact

X

X

X

X

X X

X

Release 4.6A/B

Appendix A: Useful Transactions Useful Transactions

Transaction

Description

SM01

Lock transactions

SM02

System messages

SM04

Overview of users

SM12

Database locks

X

SM13

Update terminates

X

SM18

Security Audit: Delete Old Audit Logs

SM19

Security Audit: Administer Audit Profile (for SM20)

SM20

System (Security) Audit Log

SM21

System log

SM30

Maintain tables (not all tables can use SM30)

X

SM31

Maintain tables

X

SM35

Batch input monitoring

SM36

Schedule background jobs

SM37

Overview of background jobs

SM39

Job analysis

SM49

External operating system commands, execute (see related SM69)

SM50

Work process overview

SM51

Instance overview

SM56

Reset or check number range buffer

SM58

Error log for asynchronous RFC

SM59

RFC connection, maintain

SM63

Operations mode, maintain

SM64

Event trigger

SM65

Background processing analysis tool

SM66

Global work process overview

SM69

External operating system commands, maintain (see related SM49)

SMLG

Maintain logon groups

System Administration Made Easy

Dangerous

Performance impact

X

X

A–5

Appendix A: Useful Transactions Useful Transactions

Transaction

Description

SMX

Display own jobs

SNRO

Maintain number range objects

SP00

Spool

SP01

Spool control

SP02

Display output requests

SP11

TemSe (temporary sequential objects) contents

SP12

TemSe administration

SPAD

Spool administration (printer setup)

SPAM

SAP Patch Manager

SPAU

Intersection SAP transport/customer modifications

SPCC

Spool; consistency check

SPDD

Intersection SAP transport/customer modifications, DDIC

SPIC

Spool; installation check

ST01

SAP system trace

ST02

Buffer statistics

ST03

Workload analysis

ST04

Database performance analysis

ST05

SQL trace

ST06

Operating system monitor

ST07

Application monitor

ST08

Network monitor

ST09

Network Alert monitor

ST10

Table call statistics – statistics on table accesses

ST11

Display developer trace

ST12

Application monitor

ST14

Application analysis – statistics related to business document volume

ST22

ABAP dump analysis

A–6

Dangerous

Performance impact

X

X

X

X

Release 4.6A/B

Appendix A: Useful Transactions Useful Transactions

Transaction

Description

ST4A

Oracle: analyze the shared cursor cache

STAT

Local transaction statistics

STMS

Transport Management System

STUN

Performance monitoring menu

STZAC

Customizing Time Zones

SU01

User maintenance

SU01D

Display users

SU02

Maintain authorization profiles

X

SU03

Maintain authorizations

X

SU10

Mass change to user records

X

SU12

Delete ALL Users

X

SU2

Maintain user parameters

SU22

Authorization object check in transactions

SU3

Maintain own user parameters

SU53

Display authorization checked values

TU02

Parameter changes – display active parameters and history of changes

System Administration Made Easy

Dangerous

Performance impact

X

X

A–7

Appendix A: Useful Transactions Useful Transactions

A–8

Release 4.6A/B

$SSHQGL[%8VHIXO5HVRXUFHVDQG3URGXFWV

&RQWHQWV Other System Administration Resources............................................................ B–2 Other Helpful Products: Contributed by Users................................................. B–13

System Administration Made Easy

B–1

Appendix B: Useful Resources and Products Other System Administration Resources

2WKHU6\VWHP$GPLQLVWUDWLRQ5HVRXUFHV The references cited by no means represent an all inclusive listing of resources because SAP training classes, guidebooks, white papers, and internet sites are constantly being created and updated.

6$35HVRXUFHV SAP books and CDs can be ordered from the SAP online store (http://shop.sap.com) or for items with an SAP part number, from your SAP account executive. Books with ISBN numbers can be ordered from Fatbrain (www.fatbrain.com/sap), Amazon (www.amazon.com) or Barnes & Noble (www.bn.com).

B–2

Release 4.6A/B

Appendix B: Useful Resources and Products Other System Administration Resources

%RRNV Title

SAP Part Number

Complementary Software Program Directory

50-018-672

R/3 System Getting Started

50-018-896

SAP Dictionary R/2 System Release 5.0: English–German

5000-5296

SAP Wörterbuch System R/2 Release 5.0: Deutsch–English (SAP Dictionary R/2 System Release 5.0: German–English)

5000-5295

Authorizations Made Easy

ISBN Number

1-893570-21-5 (3.1G/H) 500-23994

1-893570-22-3 (4.0B) 1-893570-23-1 (4.5A/B) 1-893570-24-X (4.6A/B)

Data Transfer Made Easy (English)

500-32525

Data Transfer Made Easy (German)

1-893570-04-5 (4.0B/4.5x) 1-893570-05-3 (4.0B/4.5x)

Printout Design Made Easy (3.x)

500-22337

1-893570-12-6 (3.1H)

SAPscript Made Easy (4.x)

500-32527

1-893570-13-4 (4.0B) ISBN:

1-893570-14-2 (4.6B)

Reporting Made Easy (4.0B) (3-vol set) 500-32445

1-893570-65-7 (4.0B)

Fundamentals of Reporting

1-893570-60-6

Report Development Tools

1-893570-61-4

Commonly Used Reports

1-893570-62-2

System Administration Made Easy

1-893570-41-X (3.1H) 500-32525

1-893570-42-8 (4.0B) 1-893570-43-6 (4.6A/B)

System Administration Made Easy

B–3

Appendix B: Useful Resources and Products Other System Administration Resources

&'V < Accelerated SAP (ASAP) While ASAP is an implementation project management methodology, production system administration information is available on this CD. < Knowledge Products Knowledge products must be registered and a license installed (similar to saplicense), before they can be used. Technical Implementation and Operation Mgt 500-27903 SAP System Management 500-27391 SAP System Monitoring 500-25694 SAP Software Logistics 500-27393 SAP Database Administration – MS SQL server 500-25696 SAP Database Administration – Oracle 500-27392 SAP Database Administration – Informix 500-25695 SAP Database Administration – DB2-400 500-25697 SAP Database Administration – Adabas 500-29389 SAP Integration Technologies 500-25698 R/3 Interface Advisor 500-21636 < SAP Terminology Database 500-30826 < SAP Business Information Warehouse 500-29281 < SAP Interface Advisor, Rel 4.5 500-26902 < Computer Based Training (CBT) Archiving CBT 500-20297 < R/3 Online Documentation < Report Navigator (pre-Release 4.0) See SAP Simplification Group’s web site, www.saplabs.com/simple 7UDLQLQJ&ODVVHV In the U.S., call central registration at (888)-777-1SAP(1727) or visit SAP America’s training web site, www.sap.com/usa/trainsupp for the most current class list. /HYHO

SAP50 – R/3 Basis Technology /HYHO²7HFKQLFDO&RUH&RPSHWHQFH

B–4

<

BC310 – Windows NT/Oracle

<

BC314 – Windows NT/MS SQL Server

<

BC317 – Windows NT/DB2

<

BC360 – UNIX/Oracle

<

BC361 – UNIX/Informix

Release 4.6A/B

Appendix B: Useful Resources and Products Other System Administration Resources

<

BC370 – AS/400-DB2/400

/HYHO

BC340 – Going Live /HYHO²$GYDQFHG

<

BC305 – Advanced R/3 System Management

<

BC325 – Software Logistics

<

BC315 – R/3 Workload Analysis

<

BC505 – Database Administration - Oracle

<

BC511 – Database Administration – Informix

<

BC520 – Database Administration – MS SQL Server

<

BC525 – Database Administration – DB2/400

/HYHO²&URVV$SSOLFDWLRQ

<

BC601 – Build and Use SAP Business Workflow

<

BC615 – Archiving Technology

<

BC630 – SAP Business Communication

<

CA940 – SAP R/3 Security Concepts

2WKHU < R/3 Security Guide; see SAP note 39267 www.sapnet.sap.com/securityguide :KLWHSDSHUV < System Landscape “The R/3 System Landscape, System and Client Deployment Strategy” can be downloaded from www.saplabs.com/simple.

6$31HW6HOHFWHG,WHPVRI,QWHUHVW “Explore” SAPNet at www.sapnet.sap.com, to see what is available. The amount of information that is obtainable is extensive and is growing. We selected a few items that we think would be of particular interest to you in the abbreviated tree structure that follows. Please be aware that SAPNet will change over time and the specific path to an item may change. 1HZV (YHQWV

<

Press Release

<

SAP INFO magazine

<

Events (SAPPHIRE, TechEd, etc.)

<

Media Library SAP Knowledge Store Media by Type R/3 Online Documentation

System Administration Made Easy

B–5

Appendix B: Useful Resources and Products Other System Administration Resources

R/3 Documentation Info Center for Customers & Partners

6HUYLFHV

<

Consulting Services Individual Consulting Services, such as remote consulting, going live check, going live functional upgrade, EarlyWatch, remote upgrade, conversion services, OS/DB migration service, remote Euro conversion service, and remote archiving

<

<

<

B–6

Education Services Advanced Training Solution SAP Standard Training R/3 Knowledge Products Computer Based Training SAP TechNet, including software logistics, system management, system monitoring, technical SD/CO/PP, DB Admin Oracle/Informix/MS SQL Server, ABAP Development Workbench, data archiving, etc. SAP Team SAP Support Services Release Information • Release strategy • Release notes SAP Methodology & Tools • ASAP • Ready to Run R/3 • Sizing • Interface Advisor • Outsourcing • Legacy System Migration Workbench Online Services Installation/Upgrades • License keys • Installation/Upgrade guides • Sizing Customer data • User Administration Modifications • SSCR (SAP Software Change Registration) • Object registration • Developer registration SAP Online Correction Support • Download • SPAM

Release 4.6A/B

Appendix B: Useful Resources and Products Other System Administration Resources

• <

R/3 Support Packages

Customers & Partners SAP Users Groups Partners

7KLUG3DUW\5HVRXUFHV The following list of books is not all inclusive. There are good books that are not listed here. Also, no one book will provide you with all the information you need. You will typically need several books in each category in your library. A listing of these books does not constitute an endorsement by SAP. This listing is provided, as a starting point, for your convenience. We recommend you check with your vendors (hardware, operating system, database, and other) and the various book sources (both online and in stores) and for additional titles.

%RRNV 5 %\6$3

Brand, Hartwig. 1999. SAP R/3 Implementation with ASAP, The Official SAP Guide. Sybex. (Release 4.0) (ISBN: 0-7821-2427-5) *This book is about technical/Basis implementation.* Buck-Emden, Rüdiger; and Jürgen Galimow. 1996. SAP R/3 System, A Client/Server Technology. Addison-Wesley. (ISBN: 0-201-40350-1) McFarland, Sue and Susanne Roehrs. 1999. SAP R/3 Software Logistics, The Official SAP Guide. Sybex. (Release 4.0/4.5) (ISBN: 0-7821-2564-6) Schneider, Thomas. 1999. SAP R/3 Performance Optimization: The Official SAP Guide. Sybex. (Release 4.x) (ISBN: 0-7821-2563-8) Will, Liane. 1998. SAP R/3 System Administration: The Official SAP Guide. Sybex. (Release 4.0) (ISBN: 0-7821-2426-7)

7KLUG3DUW\$XWKRUV

Hernandez, Jose. 1999. SAP R/3 Administrator’s Handbook, Second Edition. Osborne. (Release 4.x) (ISBN: 0-07-135413-1)  1997. The SAP R/3 Handbook. McGraw-Hill. (Release 3.x, Oracle, and UNIX) (ISBN: 0-07-033121-9)

Hirao, Joey; and Jim Meade. 1999. SAP R/3 Administration for Dummies. IDG. (Release 3.x) (ISBN: 0-7645-0375-8)

Parkinson, Robert; Johan Marneweek. 1999. Basis Administration for SAP. Prima. (Oracle, and UNIX) (ISBN: 0-7615-1887-8) Prince, Dennis. 1998. Supporting SAP R/3. Prima. (ISBN: 0-7615-1750-2)

System Administration Made Easy

B–7

Appendix B: Useful Resources and Products Other System Administration Resources

Will, Liane; Christiane Hienger, Frank Strassenburg, and Rocco Himmer. 1998. SAP R/3 Administration Addison-Wesley. (Release 3.x) (ISBN: 0-201-92469-2)

81,; Arick, Martin. 1995. Unix for DOS Users. John Wiley & Sons. (ISBN: 0471049883) Frisch, Æleen. 1998. Essential Systems Administration: Help for Unix System Administrators. O’Reilly. (ISBN: 1-56592-127-5) Nemeth, Evi., [et al.]. 1995. Unix System Administration Handbook. Prentice Hall. (ISBN: 0-13-151051-7)

Pugh, Kenneth. 1994. Unix for the MS-DOS User. Prentice Hall. (ISBN: 0-13-146077-3) Siegert, Andreas. 1996. The AIX Survival Guide. Addison-Wesley. (ISBN: 0-201-59388-2)

17 Enck, John (Editor). 1998. Windows NT Magazine, Administrator’s Survival Guide, Volume 1. Duke Communications. (ISBN: 188241988X) Frisch, Æleen. 1998. Essential Windows NT System Administration. O’Reilly. (ISBN: 1-56592-274-3)

 1998. Windows NT Desktop Reference. O’Reilly. (ISBN: 1-56592-437-1) Ivens, Kathy. 1998. Windows NT Troubleshooting. Osborne. (ISBN: 1-07882471-0) Jumes, James; Neil Cooper, etal (PW Coopers). 1999. Microsoft Windows NT4.0 Security, Audit, and Control. Microsoft Press. (ISBN: 1-57231-818-X) Lambert, Nevin; Manish Patel. 1999. Microsoft Windows NT Security. ZD Press. (ISBN: 1-56276-457-8)

Leber, Jody; Jody Schivley, and Robert Denn (Editor). 1998. Windows NT Backup & Restore. O’Reilly. (ISBN: 1-56592-272-7) McMains, John; and Bob Chronister. 1998. Windows NT Backup & Recovery. Osborne McGraw-Hill. (ISBN: 0-07-882363-3) Jumes, James (Editor);Neil F. Cooper, and Todd M. Feinman. 1998. Microsoft Windows NT 4.0 Security, Audit, and Control (Microsoft Technical Reference). Microsoft Press. (ISBN: 1-57231-818X)

Microsoft Corporation. 1996. Microsoft Windows NT Server Resource Kit: for Windows NT Server Verison 4.0. Microsoft Press. (ISBN: 1-57231-3447)  1997. Microsoft Windows NT Server Resource Kit Verison 4.0, Supplement Two. Microsoft Press. (ISBN: 1-57231-6268)  1994. Windows NT 3.5 Guidelines for Security, Audit, and Control. Microsoft Press. (ISBN: 1-55615-814-9)

Minasi, Mark. 1997. Mastering Windows NT Server 4, 5th Edition. Sybex. (ISBN 0-7821-2163-2)

B–8

Release 4.6A/B

Appendix B: Useful Resources and Products Other System Administration Resources

Pearce, Eric; Robert Denn (Editor), and Beverly Scherf. 1997. Windows NT in a Nutshell: A Desktop Quick Reference for Systems Administrators. O’Reilly. (ISBN: 1-56592-251-4) Rutstein, Charles. 1997. Windows NT security: A Practical Guide to Securing Windows NT Servers and Workstations , McGraw-Hill (ISBN: 0-07-057833-8) Siyan, Karanjit. 1997. Windows NT Server 4: Professional Reference. New Riders Publishing. (ISBN: 1-56205-805-3)

Sutton, Stephen. 1997. Windows NT Security Guide. Addison-Wesley. (ISBN: 0-201-41969-6)

26 IBM. 1994. An Implementation Guide for AS/400 Security and Auditing. IBM. (ISBN: 0-73840-573-6) (part# : GG24-4200-00)

IBM. 1998. The System Administrator’s Companion to AS/400 Availability and Recovery. IBM. (ISBN: 0-73840-038-6) (part# : SG24-2161-00)

0LFURVRIW64/6HUYHU Baird, Sean; Chris Miller, and Michael Hotek. 1998. SQL Server System Administration. Macmillan. (ISBN: 1-562059556) Dalton, Patrick. 1997. SQL Black Book (v6.5). Coriolis Group Books. (ISBN: 1-57610-149-5) Microsoft Corporation. 1998. Microsoft SQL Server 7.0 System Administration Training Kit. Microsoft Press. (ISBN: 1572318279) Prathak, Paritosh. 1998. Administering SQL Server 7. Osborne McGraw-Hill. (ISBN: 0-07-134168-4)

Rankins, Ray., [et al.]. 1998. SQL server 6.5 unleashed (3rd edition). Sams. (ISBN: 0-672-31190-9) Soukoup, Ron; Kalen Delaney. 1999. Inside Microsoft SQL Server 7.0. Microsoft Press. (ISBN 0-735605173)

Spenik, Mark; and Orryn Sledge. 1998. Microsoft SQL Server 7 DBA Survival Guide. Sams. (ISBN: 0-672-31226-3)

 1996. Microsoft SQL Server 6.5 DBA Survival Guide. Sams. (ISBN: 0-672-30959-9) Talmage, Ron. 1999. Microsoft SQL Server 7 Administrator’s Guide. Prima. (ISBN: 0-7615-1389-2)

,QIRUPL[ Doe, Charleton. 1997. Informix OnLine Dynamic Server Handbook, 1/e. Prentice Hall. (ISBN: 0-13-605296-7)

Informix Software, Inc. 1996. Evolution of the High Performance Database, 1/e. Prentice Hall. (ISBN: 0-13-594730-8)

 1996. Informix Performance Tuning, 2/e. Prentice Hall. (ISBN: 0-13-239237-2) Lumbley, Joe. 1999. Informix DBA Survival Guide, Second Edition. Prentice-Hall. (ISBN: 0-13-079623-9)

McNally, John (Editor); Glenn Miller, Jim Prajesh, Jose Fortuny, and Robert Donat. 1997. Informix Unleashed. Sams. (ISBN: 0-672-30650-6)

System Administration Made Easy

B–9

Appendix B: Useful Resources and Products Other System Administration Resources

'% Bullock, Diane; Jonathan Cook; et al. 1999. DB2 Universal Database and SAP R/3, Version 4. Prentice-Hall. (ISBN: 0-13-082426-7) IBM. 1997. IBM DB2 for AIX and SAP R/3 Administration Guide. IBM. (ISBN: 0-73840-990-1) (part# : SG24-4871-00)

2UDFOH Adkoli, Anand, and Rama Velpuri. 1998. Oracle NT handbook. Osborne. (ISBN: 0-07-211917-9) Ault, Michael. 1997. Oracle8 Administration & Management. Wiley & Sons. (ISBN 0471192341) Corey, Michael., [et al.]. 1997. Oracle8 Tuning. Osborne McGraw-Hill. (ISBN: 0-07-882390-0) Koch, Loney. 1997. Oracle8: The Complete Reference. Osborne McGraw-Hill. (ISBN: 0-07-882396-X)

Loney, Kevin. 1997. Oracle8 DBA Handbook. Osborne McGraw-Hill. (ISBN: 0-07-882406-0) Loney, Kevin; Noorali Sonawalla, and Eyal Aronoff. 1998. Oracle8 Advanced Tuning & Administration. Osborne McGraw-Hill. (ISBN: 0-07-882534-2) Spence, Greg. 1999. SAP R/3 and Oracle Backup and Recovery. Addison Wesley. (ISBN: 0-201-59622-9)

Velpuri, Rama; and Anand Adkoli. 1998. Oracle8 Backup & Recovery Handbook. Osborne McGraw-Hill. (ISBN: 0-07-882389-7)  1997. Oracle Troubleshooting. Osborne McGraw-Hill. (ISBN: 0-07-882388-9)

2WKHU7RSLFV < Disaster Recovery Corrigan, Patrick. 1994. LAN: Disaster Prevention and Recovery. Prentice Hall. (ISBN: 0-13-015819-4)

<

Rothstein, Philip. 1995. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates. (ISBN: 0-964164809) Schreider, Tari. 1998. Encyclopedia of Disaster Recovery, Security & Risk Management. Crucible. (ISBN: 0-966272900) Toigo, Jon. 1995. Disaster Recovery Planning. John Wiley & Sons. (ISBN: 0-471121754)

Security Russell, Deborah; GT Gangemi Sr. 1992. Computer Security Basics; O’Reilly. (ISBN: 0-937175-71-4)

<

B–10

Scripting Perl, www.perl.com Hoffman, Paul. 1997. Perl 5 for Dummies. IDG. (ISBN: 0-7645-0044-9) Schwartz, Randal; Tom Christiansen, and Larry Wall. 1997. Learning Perl, 2nd edition. O’Reilly. (ISBN: 1-56592-284-0) Schwartz, Randal; Erik Olson, and Tom Christiansen. 1997. Learning Perl on Win32 Systems. O’Reilly. (ISBN: 1-56592-324-3) Srinivasan, Sriram. 1997. Advanced Perl Programming. O’Reilly. (ISBN: 1-56592-220-4)

Release 4.6A/B

Appendix B: Useful Resources and Products Other System Administration Resources

Vromans, John. 1996. Perl 5 Desktop Reference. O’Reilly. (ISBN: 1-56592-187-9) Wall, Larry; Tom Christansen, and Randal Schwartz. 1996. Programming Perl, 2nd edition. O’Reilly. (ISBN: 1-56592-149-6)

0DJD]LQHV SAP Info: The Magazine of the SAP Group, [email protected] SAP Technical Journal, www.saptechjournal.com

+HOSIXO7KLUG3DUW\,QIRUPDWLRQ 6$36HUYLFH&RQQHFWLRQ

SAP service connection to SAP (rcPack): HS Network Technologies 950 Tower Lane, 12th floor Foster City, CA 94404 USA Tel.: (650)-286-3018, FAX: (650)-287-3372 %XVLQHVV&RQWLQXDWLRQ

<

Comdisco, www.comdisco.com

<

Disaster Recovery Journal, www.drj.com

<

DRI International, www.dr.org

<

IBM Business Recovery Services

<

SunGard Recovery Services, www.recovery.sungard.com

2UJDQL]DWLRQV

<

Americas’ SAP Users’ Group (ASUG), www.asug.com For customers in the Americas, ASUG is the only vehicle to submit requests for upgrades and enhancement to SAP.

:HE6LWHV 6$3 < SAP, www.sap.com < mySAP.com, www.mySAP.com < SAPNet, www.sapnet.sap.com Note: you need a SAPNet user ID to access SAPNet < SAP America, www.sap.com/usa < SAP America, training, www.sap.com/usa/trainsupp < SAP Labs, Simplification Group, www.saplabs.com/simple < SAP Online Store, www.sap.com/store_index.htm < SAP Complementary Software Program, www.sap.com/CSP

System Administration Made Easy

B–11

Appendix B: Useful Resources and Products Other System Administration Resources

6$3$IILOLDWHG Americas’ SAP Users’ Group (ASUG), www.asug.com

7KLUG3DUW\ < SAP Fans, www.sapfans.com < SAP Club, www.sapclub.com < SAP Assist, www.sapassist.com < ERP site, www.erpsupersite.com < ERP central, www.erpcentral.com

,QWHUQHW1HZV*URXSV < < <

<

B–12

SAP-related comp.soft-sys.business.sap Other comp.client-server Operating Systems UNIX comp.os.unix comp.unix.* NT comp.ms-windows.nt.* Databases Oracle comp.databases.oracle.* DB2 comp.databases.ibm-db2 Informix comp.databases.informix MS SQL server microsoft.public.sqlserver.* comp.databases.ms-sqlserver

Release 4.6A/B

Appendix B: Useful Resources and Products Other Helpful Products: Contributed by Users

2WKHU5HVRXUFHV 2SHUDWLQJ6\VWHP < UNIX Digital Unix, www.unix.digital.com HP UX, www.datacentersolutions.hp.com/2_2_index.html IBM AIX, www.austin.ibm.com/software/aix_os.html Siemens Reliant, www.siemens.com/servers/rm/rm_us/reliant.htm Sun Solaris, www.sun.com/solaris < NT Microsoft, www.microsoft.com/ntserver Microsoft TechNet, www.microsoft.com/technet 'DWDEDVH < Oracle Oracle, www.oracle.com < SQL server Microsoft, www.microsoft.com/sql < Informix Informix, www.informix.com < DB2 IBM, www.software.ibm.com/data/

2WKHU+HOSIXO3URGXFWV&RQWULEXWHGE\8VHUV The products listed here have been recommended by users and consultants and are provided as a starting point for your research. A listing of these products does not constitute an endorsement by SAP. The following list is not all inclusive. These products have different features and prices, which meet different requirements. It is your responsibility to test their compatibility with your requirements and needs, and to select the product that is appropriate to your installation. For products which have been certified by SAP to work with R/3, see Complementary Software Program at www.sap.com/CSP.

As a precaution, you should test all third-party software for compatibility and stability on a test system before installing them in a production environment. There are cases where a program many conflict with another program(s) or the hardware, and crashes the system. Testing software applies to both the server and workstation that the system administrator uses.

System Administration Made Easy

B–13

Appendix B: Useful Resources and Products Other Helpful Products: Contributed by Users

In an NT environment, if a particular task is “mission critical,” use a dedicated system to perform that task. A dedicated system eliminates much of the potential for conflict.

81,; %DFNXS < Networker, Legato, www.legato.com < OmniBack II, HP, www.hp.com/solutions/storage 0RQLWRU < Performance monitor Stopwatch, Envive, www.envive.com < System monitor OpenView, HP, www.openview.hp.com 6FKHGXOHU < AutoSys, Platinum, www.platinum.com < Maestro, Tivoli, www.tivoli.com 6SRRO0DQDJHPHQW < Dazel for R/3, Dazel, www.dazel.com 2WKHU < Messaging: TopCall, Topcall Intl., www.topcall.com

17 %DFNXS < ARCserve, Computer Associates, www.cai.com/arcserveit < Backup Exec, Seagate, www.seagatesoftware.com < OmniBack II, HP, www.openview.hp.com < Ultraback, BEI Corp, www.ultrabac.com 0RQLWRU < Log monitor ELM, TNT software, www.tntsoftware.com Provision Network Monitor (formerly AlertPage), Computer Associates www.platinum.com/products/provis/po/nmon_pv.htm < System monitor LANDesk Server Manager, Intel, www.intel.com/network/products NetIQ, NetIQ, www.netiq.com

B–14

Release 4.6A/B

Appendix B: Useful Resources and Products Other Helpful Products: Contributed by Users

OpenView ManageX, HP, www.openview.hp.com RoboMon, Heroix, www.robomon.com

5HPRWH&RQWURO < Compaq Carbon Copy 32, Compaq, www.compaq.com/products/networking/software/carboncopy < LapLink for Windows NT, Traveling software, www.travsoft.com < pcANYWHERE32, Symantec, www.symantec.com/pca < Remote Desktop 32, Network Associates, www.nai.com < Timbuktu Pro 32, Netopia, www.netopia.com 6FKHGXOHU < Auto Task 2000, Cypress Technologies, www.cypressnet.com < Event Control Server, Vinzant, www.vinsoft.com < Launch Pad, Cypress Technologies, www.cypressnet.com < crondSys, # ifdef Software, www.ifdef.com < Schedule Wizard 98 (shareware) 6SRRO0DQDJHPHQW < Dazel for R/3, Dazel, www.dazel.com 2WKHU < Anti-virus See SAP note 106267 for known problems with certain anti-virus programs. InocuLAN, CA, www.cheyenne.com Norton AntiVirus, Symantec, www.symantec.com NT shield, Network Associates, www.nai.com < FTP client AbsoluteFTP, Van Dyke Technologies, www.vandyke.com CuteFTP, GlobalSCAPE, www.cuteftp.com WS_FTP, Ipswitch, Inc., www.ipswitch.com < NT monitor Quick slice, NT Resource Kit < Time sync TimeServ, NT Resource Kit

&RPPRQ%RWK81,;DQG17 < <

UPS control Powerchute, APC, www.apcc.com Scripting Perl, www.perl.com

System Administration Made Easy

B–15

Appendix B: Useful Resources and Products Other Helpful Products: Contributed by Users

<

Time sync Network Time Protcol, www.eecis.udel.edu/~ntp

<

Network Analyser Sniffer, Network Associates, www.nai.com

1HWZRUN

B–16

Release 4.6A/B

$SSHQGL[&8VHIXO6$31RWHV

&RQWHQWV Overview ................................................................................................................. C–2

In this chapter you will learn:

{Enter here} Objective 1 of this chapter is to

{Enter here} Objective 2 of this chapter is to blah blah blah

{Enter here} Objective 3 of this chapter is to blah blah blah blah

{Enter here} Objective 3 of this chapter is to blah blah blah

R/3 Notes................................................................................................................. C–2 Operating System Notes ....................................................................................... C–6 Database Notes ...................................................................................................... C–9

System Administration Made Easy

C–1

Appendix C: Useful SAP Notes Overview

2YHUYLHZ The SAP notes are grouped by major area: <

R/3

<

Operating System

<

Database

Within each group, the notes are grouped by category. As we assembled this book, these are the notes we found important or useful. Many more notes exist for each group, many of which are also important. You are encouraged to explore the SAP notes to see what other notes would be of interest or importance to you. Over time, some of these notes may become “obsolete” and get removed. * SAP Notes used to be known as OSS notes. ** The Online Service System (OSS) is now known as SAPNet.

51RWHV Category

C–2

SAP Note #

Description

11886

Central syslog cut off

15466

Customer name range

21559

Examination of SAPgui problems

31557

The multi-client concept of R/3 – overview

42074

Using the R/3 dispatcher monitor “dpmon”

45580

How are syslog files deleted?

86985

Release of SAP Releases for SAP add-ons (IS)

Batch

06604

Deleting job logs at the operating system level

Batch

11728

Background jobs with low priority

Batch

16083

Standard jobs, reorganization jobs

Batch

18307

Batch input logs and reorganization

Batch

24092

Distribution of background jobs on application servers

Batch

31503

FAQ: Background jobs

Batch

36280

Background work processes reserved for job class A

Batch

37104

Error analysis: Background processing system

Release 4.6A/B

Appendix C: Useful SAP Notes R/3 Notes

Category

SAP Note #

Description

Batch

70639

How are batch jobs scheduled

CCMS

71364

Collective note: monitoring ST04, DB02, ST10, ST03 (30c-31h)

Client

07312

Create client 066 for EarlyWatch

Client

13391

Deleting/resetting a client (up to 3.0f)

Client

35952

Client deleted, space still filled in database

Client

40672

System changability and client control

Client copy

4010

Tables missing after client copy

Client copy

24853

CC info: Client copy, functionality in 3.0, 4.0

Client copy

47502

CC-TOPIC: Remote Client copy

Client copy

69556

CC-TOPIC: Missing tables and data

Client copy

70643

CC-TOPIC: Delete client

Client copy

84504

CC-TOPIC: SM29 transfers data in spite of cancel

Config

21636

RAM extension: Which changes to profile?

Config

31395

System parameters: Defined where? Displayed how?

Config

33576

Memory management (as of 3.0c, Unix and NT)

Config

39412

How many work processes to configure?

Config

44695

Memory management (as of 3.0c, AS400)

Ops mode

16845

Operation mode switch without background processes

Patches

19466

Downloading a patch from SAPSERVx

Patches

29372

Unpacking CAR archives

Patches

33525

Important information about SAP patches < 3.1H

Patches

37617

Online Correction Support (OCS)

Patches

53902

Conflicts between Hot Packages / LCPs and Add-Ons

Patches

63786

FAQ – Frequently Asked Questions: sapservX

Patches

63845

Corrections on SAPSERVx – searching for files

Patches

73510

Problems during upgrade of patched source release

Patches

74545

Problems when unpacking CAR archives

Patches

79376

Installation of the 3.1H kernel

Patches

80117

Admin functions in Online Service System

Patches

82264

Important information about SAP patches >= 3.1H

System Administration Made Easy

C–3

Appendix C: Useful SAP Notes R/3 Notes

C–4

Category

SAP Note #

Description

Patches

85820

Patch is not displayed in patch queue

Patches

86241

HR Legal Change Patches for the HR component

Patches

87432

Contents of and applying LCPs

Patches

89089

Configuration of R/3 systems for LCPs

Patches

96885

Downloading a front-end patch from SAPSERVx

Patches

97621

OCS Info: Online Correction Support (OCS)

Patches

97623

Patch types

Patches

97630

Known problems with patches >= 3.1H

patches

104664

OCS info: applying patches from CD

Patches

119738

Problems during upgrade with too new hot packages

Patches

169142

Online Correction Support (OCS)

Patches

173814

OCS: Known problems with Support Packages Rel. 4.6

Problems

15374

Checklist: Performance analysis

Problems

16513

File system is full – what do I do

SAPNet

15641

Print/download in Online Service System

SAPNet

22235

OSS1: What to do if R/3 does not run?

SAPNet

26740

Online Service System registration form, North America (for customers without existing Online Service System accounts)

SAPNet

29501

Search procedure for notes and messages in Online Service System

SAPNet

31515

Service connections

SAPNet

32411

The priority of your Online Service System message is changed

SAPNet

32789

OSS – Quick reference sheet

SAPNet

33221

Easy to use guide for transaction OSS1 (SAPSERV4)

SAPNet

40024

Transferring customer files to sapservX via FTP

SAPNet

40866

Information required for registration keys

SAPNet

45027

User maintenance and creation in Online Service System for customer

SAPNet

69224

Access to the SAPNet server with Online Service System user id

SAPNet

69378

Inbox BIBO in OSS/O01

SAPNet

74313

New customer messages in Online Service System

Release 4.6A/B

Appendix C: Useful SAP Notes R/3 Notes

Category

SAP Note #

Description

SAPNet

75002

Confirmation of Online Service System registration

SAPNet

75686

Changing/Deleting Online Service System users and installations

SAPNet

80618

Access to Online Service System services via the internet

SAPNet

81908

Change to Online Service System user data

SAPNet

169296

Integrating service connections into maintain system data

SAPNet

169329

New functions in the SAPNet as of 09-05-06/99

SAPNet

170102

Automatic opening of a service connection

SAPNet

171569

Maintaining service connection in system data maintenance

SAProuter

30289

SAProuter documentation

SAProuter

30374

SAProuter installation

SAProuter

87388

Download SAProuter by FTP from sapserv#

Security

23611

FAQ concerning R/3 security

Security

39267

R/3 Security Guide

Security

48018

Data security in R/3

Spool

02510

Printer off: What happens to the data?

Spool

03255

Spool log with “bad print control Sxxxx”

Spool

06427

How do you transport a printer definition

Spool

08462

Performance problems – spool output

Spool

09876

Cannot read my hostname

Spool

10551

Table TST03 (tablespace PSAPPROTD) size increasing

Spool

10743

Name of PC longer than 8 characters

Spool

10755

Long name for routing computer

Spool

11070

Space requirements of TemSe and spooler

Spool

12550

Problems with remotely connected printers (WAN)

Spool

18706

Tuning the spooler

Spool

23389

Transporting printer definitions

Spool

25941

R/3 does not find host name

Spool

26009

R/3 does not print, first steps

Spool

27831

Priority of output requests?

Spool

29666

Authorizations for spool requests

System Administration Made Easy

C–5

Appendix C: Useful SAP Notes Operating System Notes

Category

SAP Note #

Description

Spool

30187

Viewing completed print data for output device.

Spool

48914

Output requests are partially delayed

Spool

64333

Change default value for spool retention period

Spool

64337

Transport output devices (printer)

Spool

64628

Using network printers from R/3

Spool

78401

Download a list from SAP spool

Start/stop

00387

Problems when starting up a DB

Start/stop

17108

Shared memory still present, startup fails

TMS/CTS

5668

Transporting report writer ojbects

TMS/CTS

11599

Reversing transports (not possible to do)

TMS/CTS

13807

Analyzing Correction & Transport System problems

2SHUDWLQJ6\VWHP1RWHV &RPPRQWR0XOWLSOH2SHUDWLQJ6\VWHPV Category

SAP Note #

Description

80266

Installation of NT application servers in a UNIX environment

28781

Central transport directory NT/UNIX

SAP Note #

Description

28665

Central syslog under NT

89510

Installation notes for pcANYWHERE

Backup

71440

Problems when restoring DLT tapes with NTBackup

Config

22240

Windows NT Control Panel settings

Config

28392

Two systems on one NT machine

Config

31559

Setting environment variables for NT kernel

Config

31563

Setting environment variables for NT kernel

Config

33772

The correct configuration of Dr.Watson

17 Category

C–6

Release 4.6A/B

Appendix C: Useful SAP Notes Operating System Notes

Category

SAP Note #

Description

Config

65761

Configuration problems under Windows NT

Config

68544

Memory management under Windows NT

Config

74810

Notes on SAP services and NT registry

Config

75354

Multiple SAP instances on NT

Config

88416

Zero Administration Memory Management as of 4.0A/NT

Eventlog

72616

Syslog messages in the NT event log

Patches

29372

Unpacking .car archives

Patches

74545

Problems when unpacking CAR archives

Perfmon

102390

Use of NT performance monitor

Perfmon

110529

Professional use of the NT performance monitor

Problems

10616

Saposcol or collector not running

Problems

21790

WinNT: problems with notepad.exe

Problems

44803

Connection reset by peer

Problems

49776

Evaluating Dr.Watson log file

Problems

51781

Problems with SAPPAD

Problems

53211

Win NT appears to hang, SAP service problems

Problems

70572

SAP R/3 background problems on Win NT

Problems

100972

Help for analyzing a Win NT “blue screen”

Problems

122288

Win 3.51/4.0 no longer responds (hangs)

Problems

129813

NT: Problems due to address space fragmentation

SAProuter

41054

SAProuter as a service

Security

36462

Note for Oracle security on WinNT

Service pack

30478

Service Packs on Windows NT

Service pack

85582

High memory requests under NT 4.0 SP 3 fail

Start/stop

32182

Windows NT: Event log message when starting R/3

Start/stop

35388

Problems on STOP/START of R/3 via NT scheduler

TMS/CTS

28781

Central transport directory NT/UNIX

TMS/CTS

62739

Configuring a central transport host

Virus

106267

Problems with certain anti-virus software

System Administration Made Easy

C–7

Appendix C: Useful SAP Notes Operating System Notes

81,; Category

SAP Note #

Description

21960

Two instances/systems on one UNIX computer

28781

Central transport directory NT/UNIX

80266

Installation of NT application servers in a UNIX environment

AIX

48689

IBM service, fixes and patches

AIX

64885

R/3 relevant operating system patches for AIX

Digital

72984

Release of Digital UNIX 4.0B for Oracle

Digital

39698

cpio generated when restoring “sparse files”

Digital

136653

Performance problems on Digital UNIX 4.0D and 4.0E

HPUX

06599

Sudden performance decrease, in UNIX too

HPUX

41596

HP-UX: problem solving using HP-UX patches

HPUX

64884

R/3 relevant OS patches for HP-UX

HPUX

99224

HP-UX Operating System patches

HPUX

99527

Problems with MC Service Guard

HPUX

101229

Informix: HPUX 10.20 patches

HPUX

143527

End of support for HP-UX 10.20, HP-UX 10.10, HP-UX 10.01

SUN

64887

R/3 relevant operating system patches for Solaris

SUN

71479

Solaris recommended patches

SUN

101883

R/3 relevant patches for Solaris 2.6

SUN

172524

Time stamp is incorrect

SUN

182552

Y2K patches for SOLARIS

Category

SAP Note #

Description

Config

44695

Memory management as of 3.0C, AS/400

Copy

49023

Client copy

CTS

37987

Importing transports

Patches

60856

OSS1 and hot packages

Performance

49201

Performance settings

$6

C–8

Release 4.6A/B

Appendix C: Useful SAP Notes Database Notes

Category

SAP Note #

Description

Performance

107104

4.0B kernel performance

Problem

125705

R/3 hangs in STARTSAP

Problem

154599

R/3 cannot be started/shmget fails

Problem

162580

Roll memory leak & SYSTEM_CORE_DUMPED

Problem

163022

Work process terminate abnormally

SAProuter

65600

SAProuter

'DWDEDVH1RWHV 0664/VHUYHU Category

SAP Note #

Description

62849

“news,” compilation of notes This note is important for SQL server installations.

28667

MS SQL Server specific profile parameters

67320

Basic knowledge of MS SQL Server

85846

Released operating systems R/3 4.0x/4.5x MS SQL Server

95901

R/3 on MS SQL Server – release strategy

126131

Installing add-on on MS-SQL svr 3.x

159171

Recompilation of Stored Procedures

163315

MS SQL 6.5 – end of support

7.0

82035

Improvements for MS SQL Server 7.0

7.0

95600

Installation of SAP R/3 on SQL Server 7.0

7.0

138392

SQL Server 7 and Vertex database

7.0

153802

Deleting transaction log files in MSSQL 7

7.0

160178

MSSQL 4.6A minimum corrections

7.0 conv

92410

DB conversion from MS SQL 6.5 to 7.0

7.0 conv

104392

Additional info: conversion 6.5/7.0 MS SQL Server

7.0 conv

107471

Special SQL Server 7.0 conversion methods

7.0 conv

107483

SQL Server 7.0: conversion on Alpha

System Administration Made Easy

C–9

Appendix C: Useful SAP Notes Database Notes

C–10

Category

SAP Note #

Description

7.0 conv

129122

Conversion SQL Server 6.5/7.0 consultant companies

7.0 conv

130689

Conversion of multiple R/3 systems from 6.5 to 7.0

Backup

37152

SQL Server backup to a dump file

Backup

44449

Backup strategies with MS SQL Server

Backup

48585

Database copy

Backup

50990

DB – Backup/Restore of Microsoft SQL Server

Backup

68818

Error in SQL Server backup/restore

Backup

70300

Backup/restore (compilation of notes)

Backup

151603

Copying a SQL Server 7.0 database

Backup

153763

Sub-optimal tape backup performance

Backup

166588

File backup with SQL server 7.0

CCMS

36637

SAP database monitor for MS SQL Server 6.5

CCMS

77434

New sched. Calendar in CCMS (DB13) SQL Server 6.5

CCMS

139945

SAP database monitor for MS SQL Server 7.0

CCMS

141118

New scheduling calendar in the CCMS (DB13) SQL Server

Client copy

85443

Client copy

Config

67071

Moving database devices

Config

70517

Restructuring a SQL Server installation

Config

80102

Device management for MS SQL Server

Config

97066

Running two SAP R/3 systems on one sever

Config

126808

Configuration parameter for SQL Server 7.0

HA

111372

Stand-by database for MS SQL Server

Kernel

77012

Spool, batch enhancements in kernel

Maint

67437

DBCC checks

Maint

142731

DBCC checks for SQL server 7.0

Performance

38657

Slow performance of R/3 on MS SQL Server

Performance

61340

Update statistics on MS SQL Server system tables

Performance

76052

Update statistics on database tables

Problems

67297

Error 1105 trans/db log full

Problems

79262

Incorrect database and log size in DB02 and ST04

Release 4.6A/B

Appendix C: Useful SAP Notes Database Notes

Category

SAP Note #

Description

Problems

79883

Incorrect database freespace alert displayed

Problems

81692

Suspect database

Problems

87027

Fill level database logs

Problems

87029

Fill level of the database and log

Problems

111291

Analysis and avoidance of deadlocks

Problems

129190

Problems with Performance Monitor and SQL Server 7.0

Problems

150495

Deadlocks with MS SQL 7

Problems

155402

Analysis of hanging situations

Problems

166861

Analysis of DB13 problems

Problems

168408

R3load process dies directly during a start

Recovery

50745

Database restore for SQL Server

Recovery

70161

SQL error 916 and 4001 after restore

Recovery

82699

Rebuild master database

Recovery

94213

Point-in-time-recovery fails

Security

28893

Changing password of users sapr3

Security

116225

Password change for database user sapr3

Service pack

62988

Service Packs for MS SQL Server

Service pack

66365

Windows NT service packs (problems caused by)

Service packs

159069

SQL Server 7.0 service pack 1 install terminates

Service packs

159268

Service Pack installation on MS SQL server 7.0

SAP Note #

Description

80625

Released operating systems R/3 3.x/4.x DB2 for OS/390

85842

Released operating systems R/3 4.0x DB2/CS

Copy

111206

390: Homogeneous System Copy

Performance

92795

390: R3trans performance improvements

Performance

97014

390: R3trans performance improvement

Performance

122599

390: Performance of the update

'%8'% Category

System Administration Made Easy

C–11

Appendix C: Useful SAP Notes Database Notes

Category

SAP Note #

Description

Performance

107123

400: Performance improvement on the database server

Problems

54028

400: Overflow in SQL package. SQL0904, SQL0901

Problems

84270

390: Deadlocks on TPFBA and TPFID

Problems

97449

390: Unspecified core dumps with HPDT UDP

Problems

98306

390: Tablespace name not set

Problems

141527

390: Generation of matchcode objects fail

Problems

149292

UDB: DB2adut1 displays no journals

Problems

151085

CS: Some work process end with SQL1403

Problems

163356

390: Signal 11 during DDIC operations

Restore

78332

CS: Database crash/core in restore from ADSM

Restore

163731

CS: Restore Terminates with SQL0973

Security

80292

Security DB2 with R/3 under NT

SAP Note #

Description

93264

Informix: Important News

53746

Use of correct Informix versions

62340

INFCFGCHECK: ‘Download’ and ‘First steps’

64001

INFCFGCHECK: Detailed messages of single checks

71776

INFCFGCHECK: Automate database checks

85840

Released operating systems R/3 4.0x Informix

93868

BC511 Instructors contributions

AIX

102204

AIX 4.3 patches necessary with Informix

Backup

11462

Informix: Copying and renaming an R/3 database

Backup

167878

Informix: Copying and renaming an R/3 database

CCMS

66322

CCMS Database administration (DB13)

Config

12825

Installation of two R/3 systems on one host

Config

41360

Database configuration via onconfig parameter

Config

141054

Informix environment parameter for 7.3x

,QIRUPL[ Category

C–12

Release 4.6A/B

Appendix C: Useful SAP Notes Database Notes

Category

SAP Note #

Description

Document

154895

Ordering additional Informix documentation

HPUX

41596

HP-UX Problem solving using HP-UX patches

HPUX

101229

Informix: HPUX 10.20 patches

Maint

22941

Reogranization of table and dbspaces

Maint

29155

Consistency check of an Informix database

NT

126175

Service Pack 4 on NT4.0 with Informix IDS 7.X

Performance

38307

Reducing shared memory consumption

Performance

156766

Performance problems with Informix 7.3x

Performance

184760

Update Statistics: SAPDBA Rel.>=4.6A old strategy

Problems

31171

DB start/stop brings warnings

SOLARIS

48338

Problem solution through SOLARIS/SUN patches

Y2K

187183

Downloading the ON-Archive Y2K patch

SAP Note #

Description

85838

Released operating systems R/3 4.0x Oracle

112325

End of “Cust Care Support” Oracle 7.3.*

01039

Problems with ORACLE TWO_TASK linking

01042

ORACLE TWO_TASK connect failed

96397

OS06: Unable to open file os_sys.log

125242

Do not alter MAXEXTENTS on dictionary tables

128221

Increased memory consumption with Oracle 8

AIX

51396

Kernel extensions on AIX SMP computer

BR

02239

cpio with BRBACKUP and BRARCHIVE

BR

12593

BRBACKUP on several different tape drives

BR

13550

Using BRBACKUP and BRARCHIVE

BR

43494

Collective note: BRBACKUP, BRARCHIVE, BRRESTORE

BR

43499

Collective notes concerning DBA tools

CBO

93098

Changes to the upgrade to 4.0 – CBO Oracle

2UDFOH Category

System Administration Made Easy

C–13

Appendix C: Useful SAP Notes Database Notes

C–14

Category

SAP Note #

Description

CBO

93256

CBO: changes for installation of 4.0

CBO

127715

CBO: Optimal parameters for performance

CCMS

85609

Offline backup via CCMS/DB13 not possible

Config

03809

Changing the size of the redo log files

Config

09705

Mirroring the ONLINE REDO LOG FILES

Config

94801

Environment variables for Windows NT

HPUX

92788

HP-UX/Oracle: hanging LGWR

Patches

127395

Current patch set for Oracle release 8.0.5

Patches

181195

Current patch set for Oracle release 8.1.5

Performance

33868

Performance problems NT 3.51 / Oracle / TCP/IP

Performance

72638

Performance problems with SQL*Net V2

Performance

102042

System hang on AIX SMP computers under high load

Performance

114716

Performance problems Oracle 8.0.4/all entries

Problems

33735

Archiver stuck in Windows NT

Problems

38006

Ora-1631 max extents reached. Which table?

Recovery

03804

Restoring from a full backup

Recovery

04157

General flowchart for Oracle recovery

Recovery

04160

Tape management for recovery

Recovery

04161

Complete recovery

Reorg

12921

Reorganization of SYSTEM tablespace

Reorg

40521

Reorganization (external tools)

Reorg

43487

Collective note: SAPDBA – reorganization

SAPDBA

12621

SAPDBA – speeding up reorganization

SAPDBA

15465

SAPDBA – shrinking a tablespace

SAPDBA

19193

SAPDBA – size and reorg of table space PSAPTEMP

SAPDBA

29348

SAPDBA – reorganization of single table; PSAPTEMP

SAPDBA

42293

SAPDBA – new command line option – analyze

SAPDBA

43486

Collective note: General SAPDBA

SAPDBA

43490

Collective note: SAPDBA – Recovery

SAPDBA

43491

Collective note: SAPDBA command line options

Release 4.6A/B

Appendix C: Useful SAP Notes Database Notes

Category

SAP Note #

Description

SAPDBA

44395

SAPDBA: missing indexes after reorg run

SAPDBA

44595

SAPDBA: general procedure for reorganizations

Security

36462

Note for Oracle security on WinNT

Start/stop

02775

Oracle cannot be started

SUN

44361

Sun Solaris: database does not start after patch

SUN

116453

Backup via DB13 on Solaris Oracle 7.3.3

SUN

183292

Oracle crash because of kernel AIO bug on Sun

Tablespaces

02425

Function of tablespaces/Dbspaces on the database

Tablespaces

03807

Tablespace PSAPROLL, rollback segments too small

Tablespaces

09321

Next-extents in ORACLE system tables are too large

Tablespaces

39650

Maximum number of extents per tablespace

Upgrade

89691

Additional info: migrating to Oracle 8.0.3

Upgrade

98507

Additional info: migrating to Oracle 8.0.4

Upgrade

111922

NT/Oracle >= 7.3.3.4 necessary

Upgrade

126137

Additions Oracle upgrade to 8.0.5 UNIX 64 bit

Y2K

172380

Oracle Y2K bugs and fixes

System Administration Made Easy

C–15

Appendix C: Useful SAP Notes Database Notes

C–16

Release 4.6A/B

$SSHQGL['8SJUDGH'LVFXVVLRQ

&RQWHQWV Upgrade Discussion .............................................................................................. D–2 Upgrade Issues ...................................................................................................... D–3 Other Considerations ............................................................................................ D–3

System Administration Made Easy

D–1

Appendix D: Upgrade Discussion Upgrade Discussion

8SJUDGH'LVFXVVLRQ :KDW

An upgrade is an updating of your R/3 System. :K\

The question of whether to upgrade your system to a new release depends on many complex factors. Most importantly, the decision to upgrade should be based on “business need.” Some of these factors are outlined below: < <

Desired functionality in new release This can be found in the release note for the specific release. Problem fixes and resolutions

<

The need to be on a supported release

5HDVRQV1RWWR8SJUDGH Some reasons not to upgrade include the following: <

Cost—the following items could increase the cost of your upgrade. You need to: Upgrade the database and operating system (if required) Purchase and install additional hardware (if required) Test to find problems with the upgrade Upgrade the SAPgui on the users computers Find the time to do all the above

<

Disruption for users, especially if there is no functional enhancement for them.

<

Diversion of resources (Company resources that could be applied to other tasks would be assigned to upgrading the R/3 System.)

<

Desire to be on the latest release (While desirable for a personal resume, this reason is not a valid business reason to upgrade your system.)

:KHQWR8SJUDGH In deciding to upgrade your system, ask yourself the following questions: <

Have the reasons for upgrading and not upgrading been analyzed?

<

Has the “business need” criteria been met?

<

If you installed any Industry Solution (IS), are IS patches available for the new release? If the patches are not available, you cannot upgrade.

D–2

Release 4.6A/B

Appendix D: Upgrade Discussion Upgrade Issues

8SJUDGH,VVXHV An upgrade can be more complex than a new implementation because: <

There is “real data” on the system that is being upgraded. If the upgrade fails, the company’s operations could be affected and business could stop. This failure would require you to recover the database (refer to the section on disaster recovery).

<

The system is unavailable for users during a portion of the upgrade process. The technical downtime is 6–12 hours. In addition, many other tasks are performed around the backup that could increase this “downtime” significantly. System downtime could significantly impact the operations of the business during this period.

<

Upgrade changes could require changing configuration, testing, training, and documentation.

<

Changes require regression testing: Do business processes function as they did before? Does custom code need to be changed due to changes from the upgrade?

2WKHU&RQVLGHUDWLRQV 6RIWZDUH,VVXHV The following software has to be compatible with the R/3 release you plan to upgrade to: <

Database

<

Operating system

<

Third-party applications that compliment the R/3 System (for example, external tax packages, job schedulers, system monitors, spool managers, etc.)

+DUGZDUH <

The upgrade requires free working space on disks to run. The amount of space required differs with operating system and database. Some of the space is released after the upgrade; other space is permanently used.

<

As each release adds functionality, the required disk space, processing power and memory required generally tends to increase. A system configuration that was adequate for one release may be inadequate for a later release. This is especially apparent when jumping release levels; example upgrading from 3.1H to 4.6B. The following table is compiled from SAP notes:

System Administration Made Easy

D–3

Appendix D: Upgrade Discussion Other Considerations

SAP Release

CPU increase %

Memory increase %

3.1H to 4.0B

30

30

4.0B to 4.5B

20

20

4.5B to 4.6A

10

30

3HUIRUPDQFH Upgrade performance is difficult to predict. Performance is sensitive to a variety of variables, some of which can have significant impact. Therefore, an upgrade of the test system should be done to determine timing values for your configuration. The following are a few of the factors that affect the performance of an upgrade:

D–4

<

Database and operating system

<

Hardware Processor (number of processors and speed of each) Memory (amount available) Drive array – Performance factor (especially for writes) – Configuration (minimize or eliminate drive or channel contention) – Other I/O hardware (minimize or eliminate data channel contention)

<

Data volume for changes to tables that contain data

Release 4.6A/B

,QGH[

A ABAP dump analysis free selection, 10–49 in general, 4–15, 10–48 performing, 4–5 simple selection, 10–49 dump definition, 4–15, 10–48 editor, 10–55, 10–56, 11–56 execute, 8–2, 11–55

Active processes, 9–15 Active users, 10–43, 12–34 Adding additional systems in general, 12–15 SAP logon, 12–15

Administrator access key, 20–16, 20–20, 21–23, 21–27 guidelines. See System guidelines requirements of, 1–4 roles external to R/3, 1–3 factors that determine, 1–2 within R/3, 1–2

AIS. See Audit Information System (AIS) Alert monitor accessing, 10–4 acknowledge alerts, 10–14 adding a monitor, 10–24 alert threshold, 15–9 alert, finding, 10–7 analyze alerts, 10–13 checking, 4–4, 5–3, 5–4 create new monitor set, 10–23 hiding SAP standard monitor sets, 10–19 in general, 4–11, 10–2 maintaining thresholds, 10–17 views, 10–5, 10–12

Alerts acknowledge, 10–14 analyze, 10–13 database, 4–6 finding, 10–7 maintaining thresholds, 10–17 messages, 15–15 operating system, 4–6

System Administration Made Easy

parameters, 15–16 threshold, changing, 15–9 views, 10–5, 10–12

Annual tasks checklists database, 8–3 notes, 8–4 operating system, 8–3 other, 8–4

Application server, 1–14, 9–4, 16–2 Audit Information System (AIS) business, 11–41 complete, 11–38 in general, 11–37 system, 11–39 user defined, 11–42

Audits business, 11–41 check for validity, 11–57 complete, 11–38 considerations, 11–5 different users, 11–53 financial, 11–4 in general, 11–4 information system. See Audit Information System (AIS) security, 11–5, 11–25 security logs filter group 1, 11–49 filter group 2, 11–50 in general, 11–44 parameters, 11–47 running, 11–46 specific reports, 11–56 system, 11–39 tasks, 11–57 tools, 11–37 user defined, 11–42 user security jobs, 11–54

B Background jobs batch, 16–3 creating, 16–8 housekeeing, 16–4 incorrect, 16–20 new, 16–20

I–1

Index

others, 16–5 performance, 16–4 performance factors, 16–5 regularly scheduled jobs, 16–4 scheduling, 16–8 select, 4–4, 4–8, 4–11, 7–2, 7–5, 16–15 user ID, 16–4

Backup archive procedures and policies, 3–13 checking, 16–38 checklist, strategy, 3–12 database, 3–3, 3–12, 13–15, 13–19, 16–36, 16–38 dedicated drives, 3–23 design strategy, 3–9 differential, 3–7 frequency, 3–3 full, 3–7, 16–36 in general, 3–1, 3–3, 16–36 incremental, 3–7 initalizing tapes, 13–18 NTBackup, 16–40, 16–41 offline, 3–8, 13–24, 16–36 on-demand, 3–9 online, 3–8, 13–19 operating system level, 3–6, 3–12, 16–40 performance database restore options, 3–23 factors affecting, 3–20 faster devices, 3–21 in general, 3–20 options, 3–21 parallel backup, 3–22 recovery, 3–23 periodic archivals, 16–36 procedures archiving, 3–10 database check, 3–11 in general, 3–10 monitoring/controlling, 3–11 verifying backups, 3–10 scheduled, 3–9 sites, 2–18 storage in general, 3–18 offsite, 3–18 onsite, 3–19 strategy, 3–2 supplementary, 3–10 tape label, 13–13 tape management handling tapes, 3–16 in general, 3–13 labeling tapes, 3–13 retention requirements, 3–17

2

I–2

tracking and documenting tapes, 3–13, 3–15 transaction logs, 3–5, 3–12 types, 3–6 UNIX level, 16–40 verify, 4–9

Batch input, 4–5, 4–13, 16–20 Batch jobs, 9–11, 10–10, 16–3, 16–5, 16–20, 16–21 Books, B–3, B–7 Buffers definition, 19–8 hit ratio, 19–9 importing, 17–18 performance, 4–14, 19–8 special transport, adding into import buffer, 17–25, 17– 34 swaps, 19–9 tune summary, 4–5, 4–14, 19–8

Business requirements, disaster recovery. See Disaster recovery, business requirements

C CAR files, 22–13 Cascade failures, minimizing, 2–19 CCMS alert monitor. See Alert monitor Central instance, 9–3 Change control in general, 17–9 managing transports, 17–12

Checklists annual tasks database, 8–3 notes, 8–4 operating system, 8–3 other, 8–4 backup strategy, 3–12 daily tasks database, 4–6 notes, 4–7 operating system, 4–6 other, 4–7 R/3 System, 4–4, 4–8 monthly tasks database, 6–2 notes, 6–5 operating system, 6–3 other, 6–4 quarterly tasks database, 7–3 notes, 7–4 operating system, 7–3 other, 7–4 stopping R/3, 9–5

Release 4.6A/B

Index

weekly tasks database, 5–3 notes, 5–4 operating system, 5–3 other, 5–3

Cleaning tape drive, 15–12 Client copy copy to different system/SID, 23–50 copy to same system/SID, 23–47 copying, 23–47 create, 23–44 deleting a client, 23–52, 23–53 in general, 23–42 log, 23–54 post-client copy tasks, 23–52 processing notes, 23–43 production system, 23–57, 23–58 SAP notes, 23–43 security, 23–44

Client-dependent changes, 11–15 Client-independent changes, 11–14, 11–15 Consumable supplies checking, 16–42 critical, 16–42 other considerations, 16–44

Contracts, maintenance, 15–14 Correction support, online, 20–24 Crash kit in general, 2–12 inventory list, 2–13 location, 2–13

Critical tasks daily tasks, 4–9 database, 16–38 operating system level backups, 16–40 verify backups, 4–9 verify R/3 is running, 4–9

Customer messages, 20–8. See SAPNet – R/3 Frontend, customer messages SAPNet-Web, 20–8

D Daily tasks checklists database, 4–6 notes, 4–7 operating system, 4–6 other, 4–7 R/3 System, 4–4, 4–8

Dangerous transactions in general, 8–5, 11–17 recommended lock table, 11–18

System Administration Made Easy

restricted access table, 11–21

Database (DB) administration. See Database administration (DBA) alert, 4–6 backup, 3–3, 3–12, 13–15, 16–36 checking backup, 3–11, 16–38 checklists annual tasks, 8–3 daily tasks, 4–6 monthly tasks, 6–2 quarterly tasks, 7–3 weekly tasks, 5–3 passwords, 11–36 performance, 5–4, 6–5, 13–4, 19–11 performance analysis, 4–6, 4–15 performance tables, 5–2, 6–2 server, 1–14, 9–3 TemSe. See Temporary Sequential (TemSe)

Database administration (DBA). See also Database (DB) activity, 13–4 allocation, 13–7 backup tape label, 13–13 backups with Microsoft tools, 13–19 checking backup, 13–15 deleting planning calendar entry, 13–14 error logs, 13–28 in general, 13–1 initializing backup tapes, 13–18 Microsoft SQL server, 13–28 online backup, 13–19 passwords, 13–30 performance, 5–4, 6–5, 13–4 performance monitor, 13–4 scheduling, 13–9 starting the database, 13–2 statistics, 13–29 stopping the database, 13–2, 13–3 verify consistency, 13–29

DB. See Database (DB) DDIC, 11–26, 12–5 Defragmentation, memory, 19–10 Deleting user session, 12–32 Deleting users. See Locking, users Disaster definition, 2–2 minimizing opportunities cascade failures, 2–19 human error, 2–18 in general, 2–18 single points of failure, 2–19

Disaster recovery applications, up or downstream, 2–17

I–3

3

Index

backup sites, 2–18 business continuation, 2–15 business requirements defining, 2–4 in general, 2–4 performance, 3–2 who provides, 2–4 crash kit. See Crash kit disaster, minimizing. See Disaster, minimizing opportunities downtime, 2–5 integration, 2–16 offsite, 2–7, 2–16 onsite, 2–7 other considerations, 2–17 planning, 2–3, 2–4 recovery groups, 2–6 process, 2–11 scripts, 2–11, 2–15 time, 2–6 scenarios corrupt database, 2–8 hardware failure, 2–8 in general, 2–8 loss or destruction of server facility, 2–9 staffing, 2–6 testing, 2–16 types, 2–7 when to begin, 2–5

Guidelines. See System guidelines

H Hardware central processing unit, 19–15 disk, 19–15 in general, 19–15 memory, 19–15 review, 15–15

Help. See System guidelines High availability (HA) options, 2–3 Hit ratio, 19–9 Hot packages. See Support Packages Housekeeing jobs, 16–4 Human error, minimizing, 2–18

I Insider trading, 11–3 Instance definition, 1–14 operation mode, 16–25

K Keep it short and simple (KISS), 1–7, 3–10 Kernel upgrade, 23–40 KISS. See Keep it short and simple (KISS)

Downstream applications, 2–17

E EarlyWatch session, 22–14 External interfaces, 9–15

F Failed updates. See Update terminates File space old transport files, 15–11 usage, 15–6

Forms Detailed Online Service System Note Record, 17–11 General Note Record, 17–10 R/3 User Change Request, 12–6 Sample Transport Request, 17–14

Free space. See File space Frontend software. See SAP GUI

G

L LCP. See R/3 HR Support Packages Legal change patches (LCP). See R/3 HR Support Packages Lock entry list, 4–4, 4–12 Locking client modifiable, 11–17 permanent, 11–16 dangerous transactions table, 11–18, 11–21 logon, 12–27 prohibited password table, 11–30 service connection, 21–30 transaction codes, 8–3 transactions, dangerous, 11–17 users, 7–5, 8–4, 11–29

Locks definition, 4–12, 10–41 deleting, 10–42, 10–43 in general, 10–41, 11–11

Graphical job monitor, 4–8, 4–11, 16–19

4

I–4

Release 4.6A/B

Index

M Maintenance basic, 23–4 contracts, 15–14 extended, 23–4 special, 23–1 table. See Table maintenance user, 7–2, 7–5, 12–24

Management, change change control, 17–9 in general, 11–27, 17–1

Memory defragmentation, 19–10 hardware, 19–15

Microsoft SQL server, 13–28 in general, 13–1 online backup, 13–19

Modes. See Operations, modes Monthly tasks checklists database, 6–2 notes, 6–5 operating system, 6–3 other, 6–4

Multi-role tasks checklist, stopping R/3, 9–5 mySAP, B–11

N New user setup. See Users, new user setup NTBackup, 13–24

O Operating system (OS) alert threshold, 15–9 alerts, 4–6, 15–2 checklists annual tasks, 8–3 daily tasks, 4–6 monthly tasks, 6–3 quarterly tasks, 7–3 weekly tasks, 5–3 file space usage, 15–6 full server backup, 16–36 monitor, 4–6, 4–11, 19–11 NT event log, 15–5, 15–15, 15–16 old transport files, 15–11 system logs, 15–3 tasks, 15–2 transporting method, 17–34 Transporting objects, 17–16

Operational security

System Administration Made Easy

in general, 11–9, 11–25 management change, 11–27 passwords, 11–28 sharing of user IDs, 11–27

Operations consumable supplies, 16–42 critical supplies, 16–42 in general, 16–1 modes adding new, 16–26 assigning, 16–32 assigning instance definition, 16–25 define, 16–23 generate instance, 16–25 in general, 16–21 other considerations, 16–44 work processes defining distribution, 16–29

OS. See Operating system (OS) OSS notes. See SAP notes Output management in general, 14–1 output printing, 14–15 printer setup, 14–2 printing screen, 14–18 spool check consistency, 14–21 deletion, for, 14–12 printing problems, for, 14–9

P Paging system, 15–15 Passwords. See also Security, passwords changing, 11–34 database, 11–36 database administration, 13–30 eliminating easy, 11–29 expiration time, 7–4, 11–29 in general, 11–28 length, 7–4, 11–29 lockout, 7–4, 11–29 maintaining table of prohibited, 11–30, 17–2 operating system level, 11–35 purpose, 7–5 recording, 11–31 resetting, 12–26 sample tables, 11–32 security parameters, 7–4, 11–29 standards, 11–29 system administration, 12–5

Patch application verification, 23–37 confirmation, 23–36 level, 18–5

I–5

5

Index

logs, 23–35 queue, 23–32, 23–33

extended, 23–4

Profile, definition, 23–10

Performance background jobs, 16–4 backup database restore options, 3–23 factors affecting, 3–20 faster devices, 3–21 in general, 3–20 options, 3–21 parallel backup, 3–22 recovery, 3–23 to disks then tapes, 3–22 buffers, 4–14, 19–8 critical assumption, 19–2 database, 5–4, 6–5, 13–4, 19–11 evaluation priority, 19–3 in general, 19–1, 19–3 memory defragmentation, 19–10 R/3, 19–4 workload analysis, 4–14

Permission creep, 11–58 Policies backup frequency, 3–3 supplementary backups, 3–10 system adminstration, 12–5 user administration, 12–3

Printer setup in general, 14–2

Procedures backup archiving, 3–10 database check, 3–11 in general, 3–10 monitoring/controlling, 3–11 roles and responsibilities, 3–11 verifying backups, 3–10 system administration, 12–5 user administration, 12–3

Production refresh strategies client copy with data, 23–57 client copy without data, 23–58 database copy of production system, 23–57 in general, 23–56

Production system not modifiable, 11–13 preventing changes, 8–4

Profile Generator, 12–2 Profile parameters, system administration data, 23–4 editing, 7–2, 7–4, 23–2 maintenance basic, 23–4

6

I–6

Q Quarterly tasks checklists database, 7–3 notes, 7–4 operating system, 7–3 other, 7–4

R R/3 HR Support Packages, 23–11 R/3 System. See also System active processes, 9–15 administration. See System administration; User administration batch jobs. See Batch jobs checking for users, 9–9 with application servers, 9–10 without application servers, 9–9 checklists daily tasks, 4–4, 4–8 stopping R/3, 9–5 definition, 1–14 external interfaces, 9–15 guidelines. See System guidelines performance. See Performance starting, 9–2 stopping, 9–5, 9–16

R/3 system administrator. See Administrator Recovery. See Disaster recovery Recovery groups, 2–6 Recovery scripts business continuation, 2–15 creating, 2–11 definition, 2–11

Regression testing, 23–39 Remote services CAR files, 22–13 downloading files, 22–9 EarlyWatch, 22–14 FTP client example, 22–4 in general, 22–1 SAP, retrieving files, 22–2 SAPSERV4 connecting using a GUI (NT), 22–3 connecting using command prompt, 22–6 navigating, 22–6 partial organization, 22–10 retrieving files, 22–2 unpacking files, 22–13

Release 4.6A/B

Index

Restore reasons for, 3–2 strategy, 3–2 testing, 3–3

Retrieving files, 22–2 Return codes, transport, 17–38

S SAA. See System Administration Assistant (SAA) SAP GUI adding additional systems, 12–15 installing file server, from, 12–8 presentation CD, from, 12–14 software, 12–8

SAP notes, 3–24, 17–9, 20–31, 21–3, 21–31, 22–14, 23– 39, 23–43 SAP Patch Manager. See Support Package Manager (SPAM) SAP resources, B–2 SAP*, 11–26, 12–5 SAPNet, B–5 SAPNet – R/3 Frontend action log, 21–16 confirm, 21–21 connecting to, 21–3 customer messages component, 20–10, 21–11 in general, 21–10 problem description, 20–10, 21–11 finding notes, 21–6 in general, 21–1 long text, display, 21–17 message status, 21–15 notes. See SAP notes prerequisites, 21–2 problem researching, 21–6 reopen, 21–18 service connection, 21–30

SAPNet – R/3 Web Frontend developer deletion, 20–19 registration, 20–15, 20–17, 21–22 in general, 20–1 installation note searching, 20–7 logging on, 20–3 note searching, 20–5 object deletion, 20–23 registration, 20–15, 20–19, 21–22, 21–26 online correction support, 20–24 online services, 20–4

System Administration Made Easy

problem solving, 20–5 Support Package Manager (SPAM). See Support Package Manager (SPAM)

SAPSERV, 22–2 SAPSERV4, 22–2, 22–3. See also Remote services, SAPSERV4 Scenarios, disaster corrupt database, 2–8 hardware failure, 2–8 in general, 2–8 loss or destruction of server facility, 2–9

Scheduling database tasks, 13–9

Security. See also Security administration access, 11–7 administration. See Security administration application, 11–9 audit log filter group 1, 11–49 filter group 2, 11–50 in general, 11–44 parameters, 11–47 review, 5–2 running, 11–46 authorization maintenance, 8–2 auto logout, 10–41 client copy, 23–44 client-dependent changes, 11–15 client-independent changes, 11–14, 11–15 controlling access, 11–11 data, 11–10 DDIC, 11–26 definition, 11–2 layers, 11–6 multiple user logins, prevent, 11–11 network, 11–8 NT audit function, 15–5 operational, 11–25 operational security, 11–9 passwords. See also Passwords changing, 11–34 database, 11–36 eliminating easy, 11–29 expiration time, 7–4, 11–29 in general, 11–28 length, 7–4, 11–29 lockout, 7–4, 11–29 maintaining table of probibited, 11–30 operating system level, 11–35 parameters, 7–4, 11–29 purpose, 7–5 recording, 11–31 sample tables, 11–32 standards, 11–29

I–7

7

Index

permission creep, 11–58 physical, 11–7 production system changes, preventing, 11–11 profile maintenance, 8–2 R/3, 11–11 SAP*, 11–26 security reports, 11–54 segregation of duties, 11–25 sharing of user IDs, 10–44, 11–27, 12–34 user audit jobs, 11–54

Security administration, 11–1. See also Security audits, 11–4 data protection, 11–3 insider trading, 11–3 other requirements, 11–3

Server application, 9–4 database, 9–3

Service connection, 21–30 Session delete user, 12–32 terminate, 12–33

Short dump. See ABAP, dump Single points of failure, minimizing, 1–13, 2–19 SPAM. See Support Package Manager (SPAM) Spool, 4–5, 4–14, 5–2, 5–4, 14–9, 14–12, 14–21 Starting R/3, 9–2 Stopping R/3, 9–5, 9–16 Super user DDIC, 12–5 SAP*, 12–5

Supplies checking consumable, 16–42 critical, 16–42 other considerations, 16–44

Support Package Manager (SPAM) after download, 20–31 download, 20–27, 20–30 notes, 20–28 updating, 20–25

Support Packages adding to patch queue, 23–32 applying, 23–31, 23–34 applying, high-level process of, 23–12 determining which applied, 23–13 downloading SAPNet – R/3 Frontend, from, 23–24 in general, 18–6, 23–11 information, getting from SAPNet – R/3 Frontend, 23– 15 notes view all, 23–17 view specific, 23–21

8

I–8

object conflicts, 23–37 patch application verification, 23–37 confirmation, 23–36 log, 23–35 queue, 23–33 regression testing, 23–39 SAPNet – R/3 Frontend (OSS), 23–22 strategy, 23–12 updating SPAM, 23–29 uploading CD, from, 23–26 in general, 23–25 web, from, 23–26

Swaps, 19–9 System. See also R/3 System audits, 11–39 backup. See Backup confirmation information, 10–15 logs in general, 4–13, 10–38, 15–3 NT, 4–6, 15–5, 15–15, 15–16 R/3, 4–4, 4–8, 4–15, 9–2, 15–15 messages creating, 9–6, 10–52 defining, 9–6 editing, 10–54 in general, 10–51 monitor, 15–15 monitoring tools, 10–2 multi-instance, 10–45, 12–36 preventing changes, 8–4 profile parameters, 23–2. See Profile parameters, system R/3 definition, 1–14 single-instance, 12–35

System administration. See also User administration DDIC, 12–5 in general, 10–1 passwords, 12–5 SAP*, 12–5

System administration assistant (SAA), 10–28 System Administration Assistant (SAA), 10–2 System administrator. See Administrator System guidelines changes, making, 1–10, 1–11 checklists, 1–8 database access, 1–12 help, 1–5 in general, 1–4, 1–13 networking, 1–6 non-SAP activity, 1–12 preventive maintenance, 1–9 protecting the system, 1–5

Release 4.6A/B

Index

recordation, 1–7 single points of failure, 1–13

System performance. See Performance

T Table maintenance deleting entry, 17–6 in general, 17–2 review, 7–2 table entry, create, 17–2

Tape drive, cleaning, 15–12 Tasks annual, 8–1 monthly, 6–1 multi-role, 9–1 operating system (OS), 15–2 other, 15–12 post-client copy, 23–52 quarterly, 7–1 scheduling database, 13–9 weekly, 5–1

Temporary Sequential (TemSe), consistency check, 5–2, 5–5, 14–23 TemSe. See Temporary Sequential (TemSe) Time daylight savings, end, 16–8 daylight savings, start, 16–7 master clock, 16–6 zone conversion table, 16–6

TMS documentation, 17–16 import all requests, 17–30 selected requests, 17–28 transport request, 17–27 main screen, 17–24 method, 17–16, 17–24 system, 5–5

tp, 17–17 Training classes, B–4 Transaction AL02, 4–6 AL08, 4–5, 4–8, 4–10, 9–5, 9–9, 9–10, 10–43, 10–45, 12– 34, 12–36 AL16, 4–6, 15–2 DB02, 5–2, 5–4, 6–2, 6–5, 13–7 DB12, 3–9, 4–3, 13–9, 13–15, 13–16, 16–38 DB13, 3–9, 3–12, 13–9, 13–10, 13–18, 13–29, 16–38, 16–39 OS06, 4–6, 4–11, 15–3 OS07, 19–11, 19–12 OSS1, 21–3 PA30, 19–8

System Administration Made Easy

RZ01, 4–8, 4–11, 16–19 RZ04, 16–22, 16–23, 16–25, 16–26, 16–29 RZ10, 7–2, 7–4, 11–29, 23–2, 23–3 RZ11, 23–10 RZ20, 4–4, 4–11, 5–3, 5–4, 10–2, 10–3, 10–4, 10–15, 10– 17, 10–39, 15–6, 15–7, 15–9 RZ21, 10–10 SA38, 8–2, 8–4, 11–55, 11–56 SCC4, 8–2, 8–4, 11–13, 11–15, 23–44 SCC5, 23–52 SCC9, 23–50 SCCL, 23–47 SE03, 8–2, 8–4, 11–13, 11–14 SE09, 17–36 SE10, 17–19, 17–35, 17–36 SE38, 8–2, 8–4, 10–55, 11–56 SECR, 11–24, 11–37, 11–38 SM01, 8–3, 8–5, 11–22 SM02, 4–8, 9–5, 9–6, 9–7, 10–51, 10–52, 10–54 SM04, 4–5, 4–11, 9–5, 9–9, 10–43, 10–44, 12–32, 12–33, 12–34, 12–35 SM12, 4–4, 4–12, 10–41, 10–42 SM13, 4–4, 4–8, 4–12, 10–32, 10–34, 10–43 SM19, 11–47, 11–48 SM20, 5–2, 11–44, 11–46 SM21, 4–4, 4–8, 4–13, 4–15, 9–2, 10–38, 10–48 SM30, 17–2, 17–6 SM31, 7–2, 17–2, 17–6 SM35, 4–5, 4–13, 16–20 SM36, 16–8, 16–9 SM37, 4–4, 4–8, 4–11, 7–2, 7–5, 9–5, 9–11, 10–43, 12–4, 16–15, 16–16, 23–54 SM50, 4–4, 4–5, 4–14, 9–5, 10–43, 10–46, 10–47 SM51, 4–4, 4–5, 4–14, 9–5, 9–15, 10–43, 10–46, 16–2, 16– 3, 18–5 SM63, 16–22, 16–32 SP01, 4–5, 4–14, 5–2, 5–4, 14–9, 14–12, 14–15 SP12, 5–2, 5–5, 14–23, 14–24 SPAD, 14–2, 14–21, 14–22 SPAM, 23–14, 23–22, 23–24, 23–27, 23–29, 23–32 SSAA, 10–28 ST02, 4–5, 4–14, 19–8, 19–9, 19–10 ST03, 4–5, 4–14, 19–4, 19–7 ST04, 4–6, 4–15, 13–4, 13–5, 13–28 ST22, 4–5, 4–15, 10–40, 10–48, 10–49 STMS, 5–2, 5–5, 17–24 SU01, 7–2, 7–5, 11–57, 12–4, 12–16, 12–17, 12–21, 12–24, 12–25, 12–26, 12–27, 12–28, 12–30 SU02, 8–2, 11–59 SU03, 8–2, 11–59 TP, 5–2 useful, A–2 VA01, 19–8 VA02, 19–8

I–9

9

Index

VA03, 19–8 VF01, 19–8 VL01, 19–8

Transaction logs, backup, 3–5, 3–12 Transactions dangerous in general, 8–5, 11–17 recommended lock table, 11–18 restricted access table, 11–21 locked, listing, 11–24

Transport files Transporting objects importing all requests, 17–30 buffer, 17–18 in general, 17–34 selected requests, 17–28 transport request using TMS, 17–27 in general, 17–15 log, 17–32, 17–35, 17–36 managing transports, 17–12 operating system (OS) method, 17–16, 17–34 problem, if occurs, 17–23 production system, 17–15 releasing requests, 17–19, 17–21 special transports, 17–18, , 17–34 standard process, 17–17 TMS documentation, 17–16 main screen, 17–24 method, 17–16, 17–24 17–25

Troubleshooting basic techniques document changes, 18–3 error messages, 18–4 evaluate alternatives, 18–3 gather data, 18–2 in general, 18–2 making changes, 18–3 problem, analyze, 18–3 SAP patch level, 18–5 Support Packages, 18–6 in general, 18–1

Tune summary. See Buffers, tune summary

U Uninterruptible power supply (UPS)

Unlocking

10

I–10

Update terminates in general, 4–12, 10–32 looking for, 4–4, 4–8 managing, 10–35 problems with short dumps, 10–37 user training, 10–37

Uploading Support Packages

cleaning out old, 15–11 directory check, 15–11

check, 15–13 program log, 4–7 shutdown process, 15–13

logon, 12–27 password resetting, 12–26 service connection, 21–30 transaction codes, 8–3 users, 7–5

CD, from, 23–26 in general, 23–25 web, from, 23–26

UPS. See Uninterruptible power supply (UPS) Upstream applications, 2–17 User administration. See also System administration active users, 12–34 adding users, 12–3 change request form, 12–6 changing jobs, users, 12–3 changing users, 12–3 deleting user session, 12–32 ID naming, 12–3 in general, 12–1 leaving, users, 12–3 maintaining user, 7–2, 7–5, 12–24 new user setup. See Users, new user setup policies and procedures, 12–3 terminated employees, 12–4 terminating session, 12–33 user groups. See User groups

Users. See also User administration active, 10–43 AL08, 4–5, 4–8, 4–10 groups, 12–2, 12–29, 12–30 IDs, 10–43, 11–27 locking, 7–5, 8–4, 12–27 maintenance, 7–2, 7–5, 12–24 new user setup copying an existing user, 12–16 creating new user, 12–21 in general, 12–7, 12–16 installing SAP GUI. See SAP GUI, installing prerequisites, 12–7 SM04, 4–5, 4–8, 4–11 unlocking, 7–5, 12–27

W Web sites, B–11 Weekly tasks checklists database, 5–3

Release 4.6A/B

Index

notes, 5–4 operating system, 5–3 other, 5–3

Work processes checking, 4–4, 4–5 defining distribution, 16–29

System Administration Made Easy

in general, 4–14, 10–46 with application servers, 10–46 without application servers, 10–47

Workbench organizer tools, 8–2 Workload analysis, 4–5, 4–14, 19–4

I–11

11

Index

12

I–12

Release 4.6A/B