SAP Requirements
The following prerequisites for installing Cxlink Suite are applicable for SAP Systems hosted in the cloud or on-premise.
Topics
SAP software version requirements
Cxlink Suite is compatible with SAP Netweaver 700 and higher versions. Due to SLT limitations Cxlink Datalakes is compatible with newer versions. See the table for minimal versions required:
| Product | Platform | SAP Version |
|---|---|---|
| Cxlink Documents & Archive + Datalakes | SAP S/4HANA | SAP S/4HANA 1909 and above |
| Cxlink Documents & Archive | SAP S/4HANA | SAP S/4HANA 1609 and above |
| Cxlink Documents & Archive | SAP Netweaver | SAP Netweaver 700 and above |
| Cxlink Datalakes | SAP Netweaver | DMIS version 2011 SP15 or higher installed |
SAP Kernel requirements
SDK for SAP ABAP and tools that use the Internet Communication Manager (ICM) for HTTP connectivity, rely on the SAP kernel for its cryptographic, HTTP, XML, and JSON capabilities. We recommend using the latest kernel release that is compatible with your SAP NetWeaver platform.
_10SAP Kernel release 720 or higher
Profile parameters
Ensure that your SAP Server has the following parameters set in the DEFAULT.PFL or Instance Profile:
_10ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH_10ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH_10icm/HTTPS/client_sni_enabled = TRUE_10ssl/client_sni_enabled = TRUE
Internet Communication Manager (ICM)
Ensure that both Internet Communication Manager (ICM) HTTP and HTTPS services are defined and running. You can use the below values as example to configure:
_10icm/server_port_0 = PROT=HTTP,PORT=5$(SAPSYSTEM)00,TIMEOUT=600,PROCTIMEOUT=600 _10icm/server_port_1 = PROT=SMTP,PORT=25$(SAPSYSTEM),TIMEOUT=120,PROCTIMEOUT=120_10icm/server_port_2 = PROT=HTTPS,PORT=5$(SAPSYSTEM)01,TIMEOUT=600,PROCTIMEOUT=600
Additional Information can be found in https://help.sap.com/docs/SAP_NETWEAVER_AS_ABAP_FOR_SOH_740/9b04fcf34bff4d2594f653d14637e25d/260b9a6a21ae46b69b897b700301daaf.html
SAP Cryptographic Library
Ensure your server has the CommonCryptoLib Minimum version required:
- Minimum
8.4.38 - Recommended
8.4.49 or higher
You can find your CommomCryptoLib version from the STRUST transaction, selecting menu option Environment -> Display SSF Version.
Webdynpro dependencies
Ensure that the following services are active and run in the SICF transaction:
- /default_host/sap/bc/webdynpro
- /default_host/sap/public/bc/ur
- /default_host/sap/public/bc/icons
- /default_host/sap/public/bc/icons_rtl
- /default_host/sap/public/bc/webicons
- /default_host/sap/public/bc/pictograms
- /default_host/sap/public/bc/webdynpro
- /default_host/sap/bc/webdynpro/lnkaws/wd_rocketsteam_s3
Ensure outbound connectivity
For CxLink Suite to be able to interact with the needed Cloud Services you will need to ensure that your server can reach the proper endpoints. Ensure that your server is able to reach the cloud endpoints for the region that you plan to use.
- For your SAP host system, confirm that the firewall rules and proxies allow HTTPS connection to AWS or Azure.
- Make sure that the access to reach the Amazon Web Services or Microsoft Azure APIs is not restricted from a networking perspective.
Import SSL certificates for HTTPS connectivity
As part of CxLink Suite implementation, as in any SAP Netweaver based server, there is a requirement to establish SSL (Secure Sockets Layer) security for an ABAP-based system that requires secure, encrypted communications. SSL (Secure Sockets Layer) is a communication method whereby secure communication between system entities is accomplished by the use of encryption facilitated by X.509 certificates published by Certificate Authorities (CA) in tandem with public and private decryption keys.
Download and install the proper certificates into STRUST transaction.
Cxlink Suite can manage the certificate download for you if wget and openssl are installed in your server.
Check the Set up SSL certificates section in Post Processing Steps
For Amazon Web Services
- Go to https://www.amazontrust.com/repository/.
- Under Root CAs, download all the certificates using the PEM link.
- Import these certificates in STRUST of your SSL Client (Standard) PSE on each of your SAP systems,as shown in the following image.1
- Remember to Save once all certificates are uploaded.