You are on page 1of 781

A

System Administration Made Easy


for SAP Basis 4.6C/D

SAP Labs, Inc.


Palo Alto, California

Copyright
2002 by SAP AG. All rights reserved. Neither this documentation nor any part of it may be copied or reproduced in any form or by any means or translated into another language, without the prior consent of SAP AG.

Disclaimer
SAP AG makes no warranties or representations with respect to the content hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. SAP AG assumes no responsibility for any errors that may appear in this document. The information contained in this document is subject to change without notice. SAP AG reserves the right to make any such changes without obligation to notify any person of such revision or changes. SAP AG makes no commitment to keep the information contained herein up to date.

Trademarks
SAP, the SAP logo, mySAP.com, R/2, R/3, ABAP, mySAP, mySAP.com, and other SAP-related products mentioned herein are registered or unregistered trademarks of SAP AG. All other products mentioned in this document are registered or unregistered trademarks of their respective companies.

Simplification Group SAP Labs, Inc. 3475 Deer Creek Road Palo Alto, CA 94304

www.saplabs.com/simple simplify-r3@sap.com
Printed in the United States of America. ISBN 1-893570-44-4

C O N T E N T S

Acknowledgements ............................................................. xxi

Introduction

xxiii
What Is This Guidebook About? ..........................................xxiii About This Guide ................................................................ xxv Who Should Read This Book? .................................................................xxv Prerequisites ...........................................................................................xxv User .................................................................................................xxvi System .............................................................................................xxvi How to Use This Guidebook ..............................................xxviii Organization ................................................................................. xxviii Whats New .....................................................................xxviii Content .......................................................................................... xxviii Conventions ....................................................................... xxix Sample R/3 Release 4.6 Screen .............................................................xxx Special Icons ...........................................................................................xxx

iv

System Administration Made Easy | Release 4.6C/D

Part 1: System Administration Overview . . . . . . . . . . . . 1


Part Overview .........................................................................2

Chapter 1: System Administration Basics

Overview ................................................................................4 Roles of a System Administrator ..............................................4 Within the mySAP.com component ............................................................ 5 External to the mySAP.com component ..................................................... 5 System Administrator Traits ....................................................6 System Guidelines ...................................................................6 Protect the System ...................................................................................... 7 Do Not Be Afraid to Ask for Help .............................................................. 7 Network with Other Customers and Consultants ........................................ 8 Keep It Short and Simple (KISS) ................................................................ 8 Keep Proper Documentation ...................................................................... 8 Use Checklists ............................................................................................ 9 Use the Appropriate Tool for the Job ......................................................... 9 Perform Preventive Maintenance ............................................................... 9 Do Not Change What You Do Not Have To ............................................10 Do Not Make System Changes During Critical Periods ...........................11 Do Not Allow Direct Database Access ....................................................11 Keep all Non-SAP Activity Off the mySAP Servers ...................................12 Minimize Single Points of Failure .............................................................12 Special Definitions .................................................................13

Part 2: Disaster Planning Overview . . . . . . . . . . . . . . . . 15


Part Overview .......................................................................16

Chapter 2: Disaster Recovery

17

Overview ..............................................................................18 What Is a Disaster? ...............................................................18 Why Plan for a Disaster? .......................................................18 Planning for a Disaster ..........................................................19 Creating a Plan ........................................................................................19

Contents

What Are the Business Requirements for Disaster Recovery? ...................20 When Should a Disaster Recovery Procedure Begin? ..............................21 Expected Downtime or Recovery Time .....................................................21 Expected Downtime ...........................................................................21 Recovery Time ...................................................................................21 Recovery Group and Staffing Roles .........................................................22 Types of Disaster Recovery ......................................................................23 Onsite ................................................................................................23 Offsite ................................................................................................23 Disaster Scenarios .................................................................23 Three Common Disaster Scenarios ...........................................................24 A Corrupt Database ...........................................................................24 A Hardware Failure ...........................................................................24 A Complete Loss or Destruction of the Server Facility ........................24 Recovery Script ......................................................................25 Creating a Recovery Script ......................................................................26 Recovery Process ...................................................................26 Major Steps .............................................................................................26 Crash Kit ..................................................................................................27 Business Continuation During Recovery ...................................................29 Offsite Disaster Recovery Sites .................................................................30 Integration with your Companys General Disaster Planning ...................30 When the SAP R/3 System Returns .........................................................30 Test your Disaster Recovery Procedure ....................................................30 Other Considerations .............................................................32 Other Upstream or Downstream Applications .........................................32 Backup Sites .............................................................................................32 Minimizing the Chances for a Disaster ....................................32 Minimize Human Error .............................................................................33 Minimize Single Points of Failure .............................................................33 Cascade Failures .....................................................................................34

Chapter 3: Backup and Recovery

35

Overview ..............................................................................36 Restore ..................................................................................36 Strategy ...................................................................................................36 Testing Recovery ................................................................................37 Backup ..................................................................................37 What to Backup and When ......................................................................37 Database ...........................................................................................37 Transaction Logs ................................................................................38 Operating System Level Files .............................................................39 Backup Types ...........................................................................................40 What Is Backed Up ............................................................................41

vi

System Administration Made Easy | Release 4.6C/D

How the Backup Is Taken ...................................................................42 When the Backup Is Made .................................................................43 Backup Strategy Design ...........................................................................44 Supplementary Backups .....................................................................45 General Procedures .................................................................................45 Backup ...............................................................................................45 Transaction Log Backup .....................................................................45 Verifying Backups ..............................................................................45 Database Integrity .............................................................................45 Roles and Responsibilities ..................................................................46 Design Recommendations ........................................................................46 Database ...........................................................................................46 Transaction Logs ................................................................................46 Operating System Level Files .............................................................47 A Strategy Checklist ...........................................................................47 Backup Procedures and Policies .........................................................48 Tape Management .................................................................48 Tracking and Documenting .....................................................................48 Labeling .............................................................................................49 Tracking .............................................................................................51 Handling ............................................................................................51 Retention Requirements ...........................................................................52 Recommendations ..............................................................................53 Tape Retention Period ........................................................................53 Storage ....................................................................................................53 Offsite ................................................................................................53 Onsite ................................................................................................54 Performance ..........................................................................54 Backup .....................................................................................................55 Backup Options .......................................................................................55 Back Up to Faster Devices ..................................................................55 Parallel Backup .................................................................................56 Backing Up to Disks, Then to Tape .....................................................57 Recovery ..................................................................................................57 Restore Options .......................................................................................57 Useful SAP Notes ...................................................................58

Contents

vii

Part 3: Tasks Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 61


Part Overview .......................................................................62

Chapter 4: Scheduled Tasks

63

Overview ..............................................................................64 Daily ......................................................................................65 Critical Tasks ............................................................................................65 The SAP R/3 System ................................................................................65 Database .................................................................................................67 Operating System ....................................................................................68 Other .......................................................................................................68 Notes .......................................................................................................68 The SAP R/3 System ................................................................................69 Critical Tasks ............................................................................................70 Verify that SAP R/3 Is Running ..........................................................70 Verify that the Backups Ran Successfully ............................................70 Weekly ..................................................................................74 The SAP R/3 System ................................................................................74 Database .................................................................................................74 Operating System ....................................................................................75 Other .......................................................................................................75 Notes .......................................................................................................75 Monthly .................................................................................77 The SAP R/3 System ................................................................................77 Database .................................................................................................77 Operating System ....................................................................................77 Other .......................................................................................................78 Notes .......................................................................................................78 Quarterly ..............................................................................79 The SAP R/3 System ...............................................................................79 Database .................................................................................................80 Operating System ....................................................................................80 Other .......................................................................................................80 Notes .......................................................................................................81 Annual ...................................................................................82 The SAP R/3 System ................................................................................82 Database .................................................................................................83 Operating System ....................................................................................83 Other .......................................................................................................84 Notes .......................................................................................................84

viii

System Administration Made Easy | Release 4.6C/D

Chapter 5: Multi-Role Tasks

87

Starting the SAP R/3 system ..................................................88 Start SAP R/3NT (SQL Server, Oracle) .................................................88 Stopping the SAP R/3 system .................................................90 Stop SAP R/3 Checklist ............................................................................91 Tasks to Be Completed Before Stopping the System ................................91 System Message (SM02) ...................................................................92 Check that No Active Users Are on the System (AL08/SM04) ..........94 Check for Batch Jobs Running or Scheduled (SM37) .........................95 Check for Active Processes on All Systems (SM51) ...........................99 Check for External Interfaces ...........................................................100 Stopping SAP R/3 .................................................................................100 STOP SAP R/3NT ..........................................................................101

Chapter 6: SAP System Administration

105

Overview ............................................................................106 Major System Monitoring Tools ...........................................106 CCMS Central Alert Monitor (Transaction RZ20) ..................................106 Current View and Alert View ...........................................................109 Maintaining The Alert Thresholds for RZ20 .....................................120 Hiding SAP Standard Monitor Sets ..................................................124 Create a New Monitor Set ...............................................................127 System Administration Assistant (Transaction SSAA) .............................132 Specific Transaction Monitoring Overview ...........................136 Failed Updates (Transaction SM13) ......................................................136 Managing Update Terminates ...............................................................139 User Training ...................................................................................141 System Log (Transaction SM21) ............................................................142 Locks (Transaction SM12) .....................................................................145 Active Users (Transactions SM04 and AL08) ........................................148 Problems ..........................................................................................148 Work Processes (Transactions SM50 and SM51) ..................................150 ABAP Dump Analysis (Transaction ST22) ..............................................152 System Message (SM02) ......................................................155 Editing a Message .................................................................................156 ABAP Editor (SE38) ...............................................................................158 For Information About a Program or Report ....................................159

Contents

ix

Part 4: Security Overview . . . . . . . . . . . . . . . . . . . . . . .161


Part Overview .....................................................................162 Central User Administration (CUA) ........................................................162 Single Sign-On (SSO) ............................................................................162

Chapter 7: Security Administration

163

Overview ............................................................................164 What Is Security? ...................................................................................164 Keeping Unauthorized People Out of the System ............................164 Keeping Users out of Prohibited System Areas ................................165 Safeguarding the Data from Damage or Loss ..................................165 Complying with Legal, Regulatory, and Other Requirements ...........165 Audits ..................................................................................166 Financial Audit .......................................................................................166 Security Audit ........................................................................................167 Audit Considerations ..............................................................................167 Security Layers ....................................................................168 Access Security ......................................................................................168 Physical Security ..............................................................................168 Network Security .............................................................................169 Application Security .........................................................................170 Operational Security .............................................................................170 Data Security .........................................................................................171 Application or SAP R/3 Security ............................................................172 Controlling Access to SAP R/3 .........................................................172 Prevent Multiple User Logins ............................................................172 Preventing Changes in the Production System ........................................172 Setting the Production System to Not Modifiable (Transactions SE03, SCC4) ............................................................................................174 Verifying that Dangerous Transactions Are Locked ...............................178 Operational Security ............................................................186 Segregation of Duties ............................................................................186 Accounts Receivable and Cash Collection .......................................187 Restricting Access to SAP* or DDIC .......................................................187 Change Management ............................................................................188 Sharing of User IDs ..........................................................................188 Password Issues and Tasks .....................................................................189 Setting Password Standards Using Transaction RZ10 ......................189 Eliminating Some Easy Passwords ....................................................189 Maintaining a Table of Prohibited Passwords ..................................190 Recording System Passwords ...........................................................191

System Administration Made Easy | Release 4.6C/D

Operating System Level ...................................................................194 NT ....................................................................................................194 UNIX ................................................................................................195 Databases ........................................................................................195 DB2 ..................................................................................................195 Informix ...........................................................................................195 Microsoft SQL Server .......................................................................195 Oracle/UNIX ...................................................................................195 Useful SAP Notes for Oracle/UNIX .................................................195 Oracle/NT .......................................................................................196 Audit Tools ...........................................................................196 Audit Information System (Transaction SECR) ........................................196 Security Audit Log (SM20) ....................................................................203 Running the Audit Log ......................................................................204 Setting Security Audit Log Parameters (SM19) ......................................206 User Security Audit Jobs ........................................................................214 Audit Tasks ..........................................................................217 Review that all Named Users are Valid .................................................217 Reviewing Profiles for Accuracy and Permission Creep .........................218

Chapter 8: User Administration

219

Overview ............................................................................220 User Groups ..........................................................................................220 Profile Generator ...................................................................................220 Recommended Policies and Procedures ...............................220 User Administration ...............................................................................221 System Administration ............................................................................222 Special user IDs ...............................................................................222 User passwords ...............................................................................223 Sample SAP R/3 User Change Request Form ..................................224 New User Setup ...................................................................225 Prerequisites ..........................................................................................225 General Process or Procedure .........................................................225 The Users Desktop ..........................................................................225 Network Functionality ......................................................................225 For Installation of SAP GUI ..............................................................225 Installing the Frontend SoftwareSAP GUI ............................................226 Installing SAP GUI from a File Server ..............................................226 Installing SAP GUI from the Presentation CD ...................................231 Adding Additional Systems ....................................................................232 Setting Up a New User (SU01) .............................................................233 Copying an Existing User (SU01) ....................................................233 Creating a New User (SU01) ..........................................................237 Maintaining a User (SU01) ...................................................241

Contents

xi

Resetting a Password (SU01) ...............................................242 Locking or Unlocking a User (SU01) .....................................243 Locking a user ........................................................................................244 Unlocking a user ....................................................................................244 User Groups ........................................................................245 Usage ....................................................................................................245 How to Create a User Group (SU01) ....................................................246 Deleting a Users Session (Transaction SM04) ......................247 Terminate a User Session .......................................................................248 Active Users (Transactions SM04 and AL08) ........................................248 Problems ..........................................................................................249

Part 5: Database Overview . . . . . . . . . . . . . . . . . . . . . .251


Part Overview .....................................................................252

Chapter 9: Database Administration - IBM DB2 Universal Database 253


Overview ............................................................................254 Starting and Stopping the Database ....................................254 DB2 UDB Administration in SAP Systems ..............................255 Database Performance (ST04) ..............................................................255 Space Allocation ...................................................................................259 Backups and Recovery ...........................................................................260 Scheduling Database Administration Tasks (DB13) ...............................264 Reviewing the DBA Planning Calendar ..................................................266 Diagnostics ............................................................................................268 Command Line Processor .....................................................269 The DB2 UDB Control Center .................................................273

Chapter 10: Database Administration Microsoft SQL Server

275

Overview ............................................................................276 Starting and Stopping the Database ....................................276 Database Performance ........................................................278 Overview ...............................................................................................278 Database Activity (ST04) .......................................................................278 Database Allocation (DB02) .................................................................282 Scheduling Database Tasks (DB13) ......................................284

xii

System Administration Made Easy | Release 4.6C/D

Determining the Tape (Label) Necessary for a Backup ..........................288 Deleting an Entry from the Planning Calendar (DB13) ..........................290 Checking the Database Backup (DB12) ................................291 Initializing Backup Tapes .....................................................293 Database Backups with Microsoft Tools ...............................293 Online Backup Using SQLserver 2000 Enterprise Manager ..............294 Offline Backup Using Windows 2000 Backup ....................................298 Viewing Database Error Logs ...............................................303 SAP R/3 Database Performance Analysis (ST04) ..............................303 Verify Database Consistency ...............................................305 Run Update Statistics ...........................................................305 System Passwords ...............................................................305 SQL server .............................................................................................305

Chapter 11: Database Administration Informix

309

Overview ............................................................................310 Scheduling Database Tasks ..................................................310 Initializing the DBA Planning Calendar ..................................................310 Scheduling a DBA Task to Run Regularly ...............................................312 Checking the Status of DBA Tasks ..........................................................313 Changing DBA Tasks .............................................................................315 Backing Up the Database .....................................................317 Requirements for Backing Up the Database ...........................................317 Scheduling Backups of Database Data ..................................................317 Backing Up Logical Log Data .................................................................321 Checking the Database System ............................................321 Viewing the Database Message Log ....................................324 Updating Statistics ...............................................................326 Checking Database Consistency ...........................................327 Checking Database Disk Space ...........................................329 Using SAPDBA .....................................................................333 What is SAPDBA? ..................................................................................333 Getting Started with SAPDBA ................................................................334 Starting and Stopping the Database ......................................................334 Extending a Dbspace ...........................................................337 Further Information .............................................................341

Chapter 12: Database Administration Oracle Database

343

Overview ............................................................................344 Starting and Stopping the Database ....................................344 Computing Center Management System (CCMS) ..................349

Contents

xiii

Database Performance Monitor .............................................................350 Database Tables and Indexes Analysis ..................................................353 Scheduling Database Tasks (DB13) ......................................355 Scheduling the DBA task ........................................................................355 Scheduling Predefined Action Patterns ...................................................356 The Database Utility .............................................................360 SAPDBA ...............................................................................363 Checking the Database ........................................................366 Checking the Database System ..............................................................366 Database Verification ............................................................................369 SAPDBA Backup Tasks .........................................................371 Initializing the Backup Tapes ..................................................................371 Initializing the Database Backup (BRBACKUP) Tape .......................371 Initializing the Archive Tape ..................................................................374 Back Up .................................................................................................378 Determining the Tapes Required to Back Up ....................................378 Backing Up the Database ................................................................378 Back Up the Archive Logs ................................................................381 Useful Online Service System Notes .....................................384

Part 6: Operations Overview . . . . . . . . . . . . . . . . . . . .385


Part Overview .....................................................................386

Chapter 13: Output Management

387

Overview ............................................................................388 Printer Setup (SPAD) ............................................................388 Check the Spool for Printing Problems (Transaction SP01) ....394 Check that Old Spools are Deleted (SP01) ............................397 Printing the Output (SP01) ...................................................401 Printing the Screen ...............................................................404 Check Spool Consistency (SPAD) ..........................................407 Check TemSe Consistency (SP12) ..........................................409

Chapter 14: Network/OS/Server Administration

411

Overview ............................................................................412 Operating System Tasks ......................................................412 System Logs (OS06) ..............................................................................412

xiv

System Administration Made Easy | Release 4.6C/D

Checking File System Space Usage (RZ20) ...........................................414 Changing the Alert Threshold (RZ20) ....................................................416 Cleaning Out Old Transport Files ..........................................................418 Other Tasks .........................................................................419 Clean the Tape Drive .............................................................................419 Uninterruptible Power Supply ................................................................420 Check the Uninterruptible Power Supply ..........................................420 Check your UPS Shutdown Process ..................................................420 Check Maintenance Contracts ...............................................................421 Review Hardware or a System Monitor Paging System .........................421

Chapter 15: Operations

425

Overview ............................................................................426 Check that All Application Servers Are Up (Transaction SM51) ... 426 Background (Batch) Jobs .....................................................427 Regularly Scheduled Jobs ......................................................................427 Batch User ID ...................................................................................428 Performance ....................................................................................428 Housekeeping Jobs ..........................................................................428 Others ..............................................................................................428 Performance Factors for Background Jobs .............................................429 Creating and Scheduling a Batch Job (SM36) ......................................431 Background Jobs (SM37) .....................................................439 Checking the Job Log .......................................................................441 Graphical Job Monitor (Transaction RZ01) ...........................................442 Batch Input Jobs, New or Incorrect (SM35) ..........................................443 Operation Modes ................................................................445 Backups ...............................................................................458 Periodic Archival ....................................................................................458 Backup the Database .............................................................................458 Performing a Full Server Backup ............................................................458 Operating System Level Backups .....................................................462 UNIX ................................................................................................462 NT ....................................................................................................462 Checking Consumable Supplies ............................................462 Other Considerations .............................................................................464

Chapter 16: Change Management

465

Overview ............................................................................466 Table Maintenance (Transaction SM31) ................................466

Contents

xv

Creating an Entry in the Table (SM31) ..................................................466 Deleting an Entry from a Table (SM31) .................................................470 Change Control ....................................................................472 Managing SAP Notes ...........................................................472 Sample Forms ........................................................................................473 General Note Record ......................................................................473 Detailed Online Service System Note Record ..................................474 Note Assistant .....................................................................475 Change Control (Managing Transports) ................................483 Sample Transport Request Form ......................................................485 Transporting Objects ............................................................486 Transports into the Production System ....................................................486 Transporting Objects ..............................................................................486 TMS Method ....................................................................................487 Operating System Method ...............................................................487 Standard Transport Process ...................................................................488 Importing the Entire Import Buffer ....................................................488 Special Transports from SAP ..................................................................489 Releasing a Request (Transport) ............................................................490 TMS Method of Transporting .................................................................495 Adding a Special Transport into the Import Buffer ...........................495 OS Method of Transporting ...................................................................507 Adding a Special Transport Into the Import Buffer ...........................507 Importing the Transport ....................................................................508 Checking the Transport Log (Transaction SE10) ..............................509

Part 7: Troubleshooting and Performance Overview .513


Part Overview .....................................................................514

Chapter 17: Troubleshooting

515

Overview ............................................................................516 Basic Troubleshooting Techniques ........................................516 Gather Data .....................................................................................516 Analyze the Problem .......................................................................517 Evaluate the Alternatives .................................................................517 Make only One Change at a Time ...................................................517 Document the Changes ....................................................................517 Get the Complete Error Message ..........................................................517 Get the SAP Patch Level .........................................................................518 Determining What Support Packages Have Been Applied .....................520

xvi

System Administration Made Easy | Release 4.6C/D

Chapter 18: Performance

523

Overview ............................................................................524 Critical Assumption ................................................................................524 Priority of Evaluation .............................................................................524 General Procedure ..............................................................525 SAP R/3 ...............................................................................525 Workload Analysis of the System (Transaction ST03N) .........................525 Buffers (ST02) ........................................................................................529 Memory Defragmentation .....................................................................530 Database .............................................................................531 Operating System ................................................................531 Operating System Monitor (OS07) .......................................................531 Hardware ............................................................................535 CPU and Disk .........................................................................................535 Memory .................................................................................................535

Part 8: Miscellanous Topics Overview . . . . . . . . . . . . . 537


Part Overview .....................................................................538

Chapter 19: SAP Service Marketplace

539

Overview ............................................................................540 Logging on to SAPNet ..........................................................540 Navigation ..........................................................................542 Solving a Problem with SAPNet ...........................................543 Customer Messages ...............................................................................547 Entering Customer Messages .................................................................547 Priority table ....................................................................................547 Component ......................................................................................548 Problem Description .........................................................................548 Viewing Customer Messages .................................................................554 Registering a Developer or Object .......................................559 Registering a Developer ........................................................................560 Enter the Developer Key ..................................................................564 Registering an Object ............................................................................565 Enter the Object Key ........................................................................570 SAP Software Center ...........................................................571 Getting the Latest SPAM version ............................................................573 Connecting to SAPNet ..........................................................582

Contents

xvii

Prerequisites ...........................................................................................582 Opening a Service Connection .............................................585 Order of Access to Systems ...................................................................586

Chapter 20: Remote Services

593

Overview ............................................................................594 Retrieving Files from SAP, SAPSERV .....................................594 NT ....................................................................................................595 UNIX ................................................................................................595 Connecting to SAPSERV Using a GUI (NT) ...........................................595 An FTP Client Example ...........................................................................595 Connecting to SAPSERV Using the Command Prompt ............................597 Navigating in SAPSERV ...................................................................597 Connecting at the Command Prompt .....................................................598 Downloading Files .................................................................................600 Partial Organization of SAPSERV ..........................................................602 Unpacking a CAR or SAR File ..........................................................603 Special SAPNet Notes .....................................................................604 EarlyWatch Service ..............................................................605

Chapter 21: Special Maintenance

607

Overview ............................................................................608 Changing System Profile Parameters (Transaction RZ10) .....608 Support Packages ................................................................617 Strategy .................................................................................................617 Applying Support Packages ...................................................................618 Determining What Support Packages Have Been Applied .....................619 Requesting SPAM or a Support Package from SAPNet .........................630 Downloading a Support Package (Hot Package) SAPNet ...........633 Uploading the Support Package from a CD or SAP Service Marketplace ... 634 Support Package Collection CD .......................................................634 SAP Service Marketplace ................................................................635 Updating SPAM .....................................................................................640 Applying the Support Package ..............................................................643 Object Conflicts .....................................................................................649 Regression Testing .................................................................................650 Useful SAP Notes ...................................................................................650 Kernel Upgrade ...................................................................651 Restart Option 1 ..............................................................................653 Restart Option 2 ..............................................................................653

xviii

System Administration Made Easy | Release 4.6C/D

Client Copy ..........................................................................653 Special Notes ..................................................................................653 Some Useful SAP Notes ...................................................................654 Processing Notes .............................................................................654 Security ............................................................................................655 Creating a Client ....................................................................................655 Copying a Client ....................................................................................658 Copying on the Same System/SID ...................................................658 Copying to a Different System/SID ..................................................662 Post-Client Copy Tasks ...........................................................................664 Deleting a Client ....................................................................................665 Production Refresh Strategies ..............................................668 Database Copy of Production System ....................................................668 Benefits ............................................................................................669 Disadvantages .................................................................................669 Client Copy of the Production System with Data ....................................669 Advantages .....................................................................................669 Disadvantages .................................................................................670 Client Copy of the Production System Without Data ...........................670 Advantages .....................................................................................670 Disadvantages .................................................................................670

Part 9: Appendixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671


Appendix A: Useful Transactions 673

Transaction Code Switches ....................................................................673 Transaction Code Table .........................................................................674 Dangerous .......................................................................................674 Performance Impact .........................................................................674

Appendix B: Useful Resources and Products

681

Other System Administration Resources ..............................681 SAP Resources .......................................................................................681 Books ..............................................................................................682 CDs ..................................................................................................683 Training Classes ...............................................................................684 Other ...............................................................................................684 White papers ...................................................................................685 SAPNet, Selected Items of Interest ...................................................685 Third-Party Resources .............................................................................686

Contents

xix

SAP R/3 Books Written by SAP Employees .....................................686 SAP R/3 Books Written by Third-Party Authors ................................687 UNIX Books .....................................................................................687 Microsoft Windows NT Books ..........................................................687 OS/400 Books ................................................................................688 Microsoft SQL Server Books ............................................................689 Informix Books .................................................................................689 DB2 Books .......................................................................................689 Oracle Books ...................................................................................690 Books on Other Topics .....................................................................690 Magazines .......................................................................................691 Helpful Third-Party Information ........................................................691 Web Sites ..............................................................................................692 SAP ..................................................................................................692 SAP Affiliates ...................................................................................692 Third-Party ........................................................................................692 Internet News Groups ...........................................................................692 Other Resources ....................................................................................693 Operating System ............................................................................693 Database .........................................................................................693 Other Helpful Products: Contributed by Users ......................694 UNIX ......................................................................................................694 Backup .............................................................................................694 Monitor ............................................................................................694 Scheduler .........................................................................................694 Spool Management .........................................................................695 Other ...............................................................................................695 NT ..........................................................................................................695 Backup .............................................................................................695 Monitor ............................................................................................695 Remote Control ................................................................................695 Scheduler .........................................................................................696 Spool Management .........................................................................696 Other ...............................................................................................696 Common, Both UNIX and NT .................................................................696 Network .................................................................................................697

Appendix C: Useful SAP Notes

699

Overview ............................................................................699 SAP Notes ............................................................................700 Operating System Notes ......................................................704 Common to Multiple Operating Systems ................................................704 NT ..........................................................................................................704 UNIX ......................................................................................................706

xx

System Administration Made Easy | Release 4.6C/D

AS-400 ..................................................................................................706 Database Notes ...................................................................707 MS SQL server .......................................................................................707 DB2 / UDB ............................................................................................709 Informix .................................................................................................710 Oracle ...................................................................................................711

Appendix D: Upgrade Discussion

715

Upgrade Discussion .............................................................715 Reasons Not to Upgrade .......................................................................715 When to Upgrade ..................................................................................716 Upgrade Issues ....................................................................716 Other Considerations ...........................................................717 Software Issues ......................................................................................717 Hardware ..............................................................................................717 Performance ..........................................................................................718

Appendix E: Training / Learning

719

Training / Learning ..............................................................719 Mini-Basis system ...................................................................................719

Appendix F: Monitoring Multiple SAP R/3 Systems

721

Overview ............................................................................721 Configuring the Batch Job to Collect Historical Data (RZ21) ...........726

Index

731

xxi

Acknowledgements
The combined experience in SAP and general systems administration of those who contributed to this book is measured in decades. I hope that I am able to share with you some of their wisdom. I also wish to express appreciation to the following individuals who provided time, material, expertise, and resources that helped make the Release 4.6C/D guidebook possible:

Customers and partners: Michelle Alexander, Pfizer/IBM; Thomas Beam,


National Credit Union Administration; Sreeni Challa ; Ronnie Fong, ATI; Naz Haji; Patricia Kenny, Sony; Shanell Lowary ; Udesh Naicker, HP/Synopsys; Karen Richmond, Baldor; Vladimir Sytnykov, Optimum; Khanh Vo, Avanti.

SAP: Dieter Babutzka, Sari Bearson, Ronald Binford, Dr. Meinolf Block,
Regine Brehm, Dr. Thomas Brodkorb, Eddie Carter, Michael Demuth, Dr. Stefan Fuchs, Andreas Graesser, Christian Graf, Volker Groeschel, Roland Hamm, Christian Hiller, Uwe Inhoff, Indradev Kadidal, Casper Wai-Fu Kann, Steven Kerner, Dr. Wulf Kruempelman, Gisbert Loff, Sue McFarland, Dr. Christoph Nake, Lance Pawlikowski, Benjamin Prusinski, Sriram Raghunathan, Raj Rathnam, Dr. Gert Rusch, Joerg Schmidt, Dr. Carsten Thiel, Jeffrey Thomas, Fabian Troendle, Jackie Wang, Mark Weber, William Willis Jr., Jody Honghua Yang, Kitty Yue.

Authors: Agapius Chan, Jim Chen, Aidan Constable, Sven-Uwe Kusche, Gary Nakayama Documentation, Planning, and Production: Scott Bulloch, Usha Nair,
Noelle Wolf Gary Nakayama, CPA SAP Labs, Inc., 2002

xxii

System Administration Made Easy | Release 4.6C/D

INTRODUCTION

Introduction

What Is This Guidebook About?


The System Administration Made Easy Guidebook, release 4.6C/D, continues in the direction of the 4.0B and 4.6A/B versions. The primary focus of this guidebook is the importance of the on-going nature of system administration. This book is written for a system where all installation tasks have been completed. Installation and related tasks, which are usually performed once, are not covered in this guidebook. At the application layer, as shown in the following diagram, the various mySAP.com components are built on the Basis layer. The mySAP.com components include:
I I

Customer Relationship Management (CRM) Advanced Planner and Optimizer (APO)

xxiv

System Administration Made Easy | Release 4.6C/D


I

Business Warehouse (BW)

Because this design uses a common Basis layer, tasks learned in SAP R/3 system administration can be leveraged for use with other mySAP.com components. Therefore, as long as the mySAP.com component has a Basis layer, you will be able to manage and administer it the same as all other mySAP.com components with a Basis layer. Additionally, there may be administrative tasks specific to the component. Other components do not have a basis layer, such as:
I I I

Internet Transaction Server (ITS) CRM, Communication Station (part of the CRM Mobile Sales component) CRM, Business Application Studio, Development Server (part of the CRM Mobile Sales component)

Because these components do not have a Basis layer, the administration of these components is specific to the component itself. The system administration of these components will not be discussed in this guidebook. While we do not go into the specifics of administering the various components, we will discuss the tasks that are common to them. Except where there is a significant difference in the transaction (screen), enough to cause confusion, we will not make a distinction between a 4.6C transaction and a 4.6D transaction. Because screenshots will come from either a 4.6C or 4.6D system, the appearance of the screens may be different from the system you are on. You may see other visual differences between the screen shots in the guidebook and what you see on your system. In addition to the version difference mentioned above, several other factors will affect how a screen appears to a user, such as:
I I

The level of the support packages that has been applied to the system. The version and patch level of the GUI that is used.

We have tried to group items and tasks in job role categories, which allows this guidebook to be a better reference book.

Introduction

xxv

Real-world practical advice from consultants and customers has been integrated into this book. Because of this perspective, some of the statements in this book are blunt and direct. Some of the examples we have used may seem improbable, but many are based on real situations.
Simplifying system administration tasks for a Made Easy guidebook is not a simple task. The material in this guidebook was carefully chosen, but may not be comprehensive. Installation tasks are not presented. We assume that your SAP consultant has completed these tasks, in keeping with the guidebook philosophy. Although there are chapters on problem solving and basic performance tuning, these chapters only serve to introduce the subjects. This guidebook is not meant to be a trouble shooting or performance-tuning manual.

About This Guide


Who Should Read This Book?
The target audience for this guidebook is:
I

The customer person or team where: The mySAP Technology administrator is from a small to mid-size company with a small (one to three people) technical team. Each team member in the team has multiple job responsibilities. The system administrator has a basic knowledge of the operating system and database.

The junior consultant

Senior consultants, experienced system administrators, and database administrators (DBAs) may find portions of this guidebook elementary, but hopefully useful.

Prerequisites
To help you use this guidebook, we defined a baseline for user knowledge and system configuration. The two sections below (User and System) define this baseline. Review these sections to determine how you and your system match. This book is also written with certain assumptions about your knowledge level and the expectation that particular system requirements have been met.

xxvi

System Administration Made Easy | Release 4.6C/D User


We assume that you have a baseline knowledge of mySAP.com components, the operating system, and the database. If you lack knowledge in any of the following points, we recommend that you consult the many books and training classes that specifically address your operating system and database. You should know how to complete the following tasks at the:
I

mySAP.com component level: Be able to log on to the mySAP.com component Know how to navigate in the mySAP.com component using menus and transaction codes Some screens do not have menu paths and can only be accessed with transaction codes. Navigating by transaction codes is faster and more efficient than menus.

Operating system level: Be familiar with the file and directory structure Be able to use the command line to navigate and execute programs Set up a printer Perform a backup using standard operating system tools or thirdparty tools Perform basic operating system security Copy and move files Properly start and stop the operating system and server

Database level Properly start and stop the database Perform a backup of the database

System
The mySAP.com components run on over five different versions of UNIX, in addition to NT, OS400 and OS390. In many cases, significant differences exist between the different versions of Unix. These differences contributed to our decision to not go into detail at the operating system level. For an ongoing productive environment, we assume that the:
I I

mySAP.com component is completely and properly installed Infrastructure is set up and functional

Introduction xxvii
I

The following checklist will help you determine if your system is set up to the baseline assumptions of this book. If you can log on to your mySAP component, most of these tasks have already been completed. Questions Is the backup equipment installed and tested? Is the Uninterruptible Power Supply (UPS) installed? Is a server or system monitor available?

Item Hardware Infrastructure

Software (general)

Are the following utilities installed (as appropriate)?


I I I I

Backup programs Hardware monitors System monitors UPS control

Software (mySAP.com components)

Is the mySAP.com component installed according to SAPs recommendation? Is the TMS/CTS configured? Is the TPPARAM file configured? (In Release 4.6, TMS creates a file to be used as the TPPARAM file.) Is the SAProuter configured? Is the OSS1 transaction configured? Is the ABAP workbench configured? Has initial security been configured (default passwords changed)? Are the NT sapmnt share or UNIX NFS sapmnt exports properly configured? Is the online documentation installed? Can users log on to the mySAP.com component from their desktops?

Desktop

For optimal results, we recommend that the minimum screen resolution be set as follows:
I I

For users, 1024 x 768 For the system administrator, 1024 x 768 and a minimum color depth of 256 colors (The Release 4.6 GUI displays better with 64K colors)

xxviii

System Administration Made Easy | Release 4.6C/D

How to Use This Guidebook


This guidebook is organized in the following fashion:
I I

Part two (chapters 2 and 3) provide a high-level view of disaster recovery and backup and recovery. Chapter 4 contains checklists that help the system administrator complete various tasks on a recurring periodic basis.

These chapters also provide helpful transaction codes.


I I

Chapter 5 discusses how to stop or start the SAP R/3 system. Chapters 6 through 12 involve the following topics: SAP system administration Security administration User administration Database administration (SQL Server)

The rest of the book covers subjects such as operations, troubleshooting, remote services, change management, and SAP Notes (formerly known as OSS). The four appendices cover useful transactions, other resources, SAP Notes, and a discussion on upgrades.

Organization
All the task procedures are classified in one section by job roles, where related tasks are placed together. Regardless of the job schedule, all jobs related to a job role are grouped in one place.

Whats New
Note
To send us your comments, visit http://www.saplabs.com/sysadmin. This guidebook has evolved from the previous versions of this guidebook to incorporate customer and consultant comments. Send us your comments, so we can ensure that future versions better meet your needs.

Content
The new features of the Release 4.6C/D guidebook are:
I I

Coverage of SAP System Administration with a view of administration for all mySAP components that utilize the Basis 4.6C and 4.6D releases. Multiple Databases Microsoft SQL Server / Windows 2000

Introduction

xxix

IBM DB2/UDB Infomix Oracle / Unix

New sections on: Information on the Note Assistant (chapter 16 ) Self training/education with the mini-Basis system

New Terminology NEW SAP Service Market Place SAP Note

OLD SAPNet-Web OSS Note

Conventions
The table below explains the text conventions used throughout this guide. Text Convention Italic fonts Courier bold Name1 Name2 Description Screen names or on-screen objects (buttons, fields, screen text, etc.) User input; text the user types verbatim Menu selection Name1 is the menu name, and Name2 is an item on the menu Command syntax Replace the information within the angle brackets (< >) with wording specific to your task. We use angle brackets in place of a screen name or other screen text that is derived from steps within an adapted procedure (for example, if you were to choose Sold-to party instead of Ship-to party as shown in the screenshot, your resulting screen names would reflect your selection of Sold-to party). Therefore, we use angle brackets to reflect screen items that may differ from the example screenshots.

Arial monospace <XXXXX>

xxx

System Administration Made Easy | Release 4.6C/D

Sample R/3 Release 4.6 Screen


Your screens and on-screen icons may look different than those pictured in this book, depending on your GUI release and the support package level. Menu bar Standard toolbar Screen title Application toolbar User menu SAP standard menu

Navigation menu Work area Status bar Application toolbar: The screenshots shown in this guide are based on full user authorization (SAP_ALL). Depending on your authorizations, some of the buttons on your application toolbar may not be available. Navigation menu: Depending on your authorizations, your navigation menu may look different from screenshots in this guide that are based on SAP_ALL. The User menu and SAP standard menu buttons provide different views of the navigation menu. To learn how to build user menus, see the Authorizations Made Easy guidebook, Release 4.6A/B.

Special Icons
Throughout this guide, special icons indicate important messages. Below are brief explanations of each icon: Exercise caution when performing this task or step. An explanation of why you should be careful is included.
Caution

Information within a TechTalk helps you to understand the topic in greater technical detail. You need not know this information to perform the task.
TechTalk

Introduction

xxxi

These messages provide helpful hints and more detailed information to make your work faster and easier.
Tips & Tricks

Note
This information clarifies a statement in the accompanying text.

xxxii

System Administration Made Easy | Release 4.6C/D

PART ONE

System Administration Overview

System Administration Made Easy | Release 4.6C/D

Part Overview
A system administrator has many roles to perform. This section discusses some general duties of system administration and talks about important issues.

C H A P T E R

System Administration Basics

System Administration Made Easy | Release 4.6C/D

Overview
This chapter covers the roles that a system administrator performs. These roles cross all functional areas. In a small company, one person can be the entire system administration department. In a larger company, however, a team of administrators is required. The purpose of this definition is to help clarify the roles of a system administrator. This chapter presents a list of commonly used system administration terms and their definitions. At the end of this chapter is a list of fourteen mySAP.com guidelines that a system administrator must be aware of while working with the system. Sample guidelines include:
I I I

Keep it short and simple (KISS) Use checklists Do not allow direct database access

Roles of a System Administrator


Depending on the size of the company and available resources, the administrator(s) may range from one person to several specialized people in several departments. Factors that affect the system administrators tasks, staffing, and roles:
I I I

Company size Available resources (the size of the Basis group) Availability of infrastructure support for: Desktop support Database Network Facilities

The system administrator may perform many roles both in or directly related to, the mySAP.com component and indirectly or external to the mySAP.com component.

Chapter 1: System Administration Basics

Within the mySAP.com component


Inside the mySAP.com component, system administrators perform multiple roles: Role User administrator Security administrator Duties Set up and maintain user accounts Create and maintain SAP security profiles Monitor and manage security access and violations System administrator Maintain the systems health Monitor system performance and logs Transport administrator Transport changes between system Manage change requests Batch scheduler Backup operator Disaster recovery technical manager Programmer Data Dictionary (DDIC) manager Database administrator (DBA) Creates and manages batch job scheduling Schedule, run, and monitor backup jobs of the SAP database and any required system level files Create, test, and execute the SAP disaster recovery plan Apply SAP Note fixes to programs Change the Data Dictionary when applicable Administers the SAP database

External to the mySAP.com component


The system administrators are also responsible for supporting other, nonSAP, products: Role Database Administrator Operating system (OS) administrator Duties Manage database specific tasks Maintain the databases health and integrity Manage the operating system access and user IDs Manage operating system specific tasks Manage network access and user IDs Manage network support and maintenance Manage the servers

Network administrator Server administrator

System Administration Made Easy | Release 4.6C/D

Role Desktop support Printers Facilities

Duties Supports the users desktop PC Supports the network and desktop printers Manages facilities-related support issues, such as:
I I I

Power/utilities Air conditioning (cooling) Physical server access

System Administrator Traits


A system administrator should have a proper attitude, be technically competent, and work well with a team. The system administrator must safeguard the system, and should know when to call for help. System administration can require working outside of a normal schedule. Some tasks may require working later hours or on weekends. The administrator must be willing to work the hours required to support the system adequately. Technical competency is of utmost importance for a system administrator. A good administrator must keep abreast of new techniques and developments, through reading, doing, and training.

System Guidelines
Some guidelines must be followed when working on a system. These guidelines are explained in more detail in the following sections.
I I I I I I I I

Protect the system Do not be afraid to ask for help Network with other customers and consultants Keep it short and simple (the KISS principle) Keep proper documentation Use checklists Use the appropriate tool for the job Perform preventive maintenance

Chapter 1: System Administration Basics


I I I I I

Do not change what you do not have to Do not make changes to the system during critical periods Do not allow direct database access Keep all non-SAP activity off the SAP servers Minimize single points of failure

Protect the System


Everything you do as a system administrator should be focused on protecting and maintaining system integrity. If system integrity is compromised, incorrect decisions could be made based on invalid data. Additionally, if the system cannot be recovered after a disaster, your companys business could suffer.
I

Very important to this is a positive, professional attitude on the part of the system administrator. Also, because the system administrator is responsible for the informational backbone of the company, they must maintain a my job is on the line attitude. Mistakes can be costly to the company. Another consideration is protecting the system from threats. These threats can be external, such as hackers, or internal, such as employees who are too curious.

Do Not Be Afraid to Ask for Help


Some of the mySAP components are so large and complex that one person cannot be expected to know everything. Acting without knowledge can be troublesome, and you may make mistakes. Mistakes within the system can be expensive. In some cases, mistakes cannot be undone. The only way to learn and avoid mistakes is to ask for help. Bad questions do not existonly bad reasons for not asking them. Help can come in many forms, such as SAP Notes, various web sites and news groups, and consultants. For more information, see the following section.

System Administration Made Easy | Release 4.6C/D

Network with Other Customers and Consultants


In order to increase your knowledge base, it is a good idea to get to know the Basis people and system administrators in other companies. Other customers may be able to provide solutions to your problems, as they may have been through similar situations themselves. Also, getting a colleague to answer a question can save money in consulting expenses. Whenever you attend an event, carry a stack of business cards. Set the goal of collecting at least ten business cards, of people in your area of specialty.
Tips & Tricks

Do not forget to ask the old-timers. Decades ago, the mainframe community may have solved many of the issues and problems you now face. Good places to network include training classes, professional organizations, SAP events (such as the SAP TechEd and Sapphire conferences), and user groups (such as the Americas SAP Users Group (ASUG), regional users groups, database users groups, and operating system users groups). Participation means getting involved in the organization. The more you participate, the more people you meet and get to know.

Keep It Short and Simple (KISS)


The KISS principle is an important one. Do not overcomplicate a task if it does not require it. By breaking a major or complex task into smaller, easy-todigest chunks, the learning curve for the task set is reduced.

Keep Proper Documentation


Make sure that you document processes, procedures, hardware changes, configuration changes, checks performed, problems, errors, and so on. If in doubt about what to document, write everything down. As time passes, you may forget some of the details of a process or problem. Being able to refer to well-documented procedures will be helpful in such a case, and can serve to jog your memory. Complete documentation can also assist others if you are not available to perform a task. Additionally, documentation assists in training new hires. Employee turnover is a fact of doing business, and maintaining proper documentation eases the transition and training of new employees. Documentation must grow and develop with the system. As changes are made in the system, they must also be reflected in the documentation. Inaccuracies in the documentation can lead to costly mistakes. Documentation needs to be comprehensive. Too much information in a document is always better than not enough information. The documentation must also be clear and easy to understand. Maintain older documents to

Hot projects or emergencies tend to take precedence over writing documentation. Do not postpone writing documentation, or the task may never get done. Record everything that is done to the systemas it is being done.

Chapter 1: System Administration Basics

ensure that they are kept up-to-date with system changes. Where necessary, use graphics, flowcharts, and screenshots to clarify and to provide additional information. Make sure that documentation is kept in an easily accessible location. Keep logs (notebooks) on each server, reflecting everything that is done on that server.

Use Checklists
Checklists enforce a standardized process and reduce the chance that you will overlook critical steps. Checklists force you to document events, such as run times, which may later become important. Checklists are especially useful for tasks that are complex or critical. If a step is missed or done incorrectly, the result could be serious (for example, inability to restore the database). If you are performing a task for the first time, or a task that is done infrequently, a checklist will assist you in performing the task correctly. For more information, see chapter 4, Scheduled Tasks on page 63.

Use the Appropriate Tool for the Job


Sometimes a low-tech solution is best. Depending on the situation, a paperand-pencil solution may work better and be more cost effective than a computerized solution.

Perform Preventive Maintenance


Preventive maintenance is the proactive monitoring and maintenance of the system. A regular schedule for maintenance can prevent small issues from developing into big problems. Potential problems are taken care of before they negatively impact the system and company operations. For example, if log file space drops to zero, the database will stop, which also will cause SAP R/3 to stop. SAP R/3 will not run until sufficient file space is cleared, and the delay this causes can stop business operations, such as shipping. Make problem resolution a regular part of your routine. Scheduling tasks to fix a problem should be based on your situation, and when it is least disruptive to your users.
I

You should monitor the various logs and event monitors for potential issues. The database should be regularly checked for integrity and consistency. Maintenance also refers to physical maintenance. Make sure the hardware is kept clean and kept in a cool environment. Additionally, consider when hardware may require upgrading, such as additional disk storage.

10

System Administration Made Easy | Release 4.6C/D


I

Make sure your UPS system is in working order.

Do Not Change What You Do Not Have To


One temptation that exists in the world of technology is to have the latest and greatest in hardware and software. This temptation is not always a good thing. If your system works, and works well, leave it alone. Do not upgrade just because you can. Upgrading to new software or hardware can introduce new elements into a previously stable environment, opening the system up to risk. Also, upgrading can be costly in terms of time, resources, money, and potential system downtime to the business. Changing your system environment should be done if a business need exists, or to comply with legal requirements. If hardware or software is no longer supported by the vendor, moving to those that are supported is a good reason to upgrade. If you do plan to change your system environment, ensure that you can recover the system to a pre-change condition. Perform regression testing with the functional team and users to make sure that any changes affect nothing else. We recommend staging and testing the change in the following order:
I I I I

Test system (a sandbox system) Development system Quality Assurance system Production system

Even if your company does not have all the above-mentioned systems, the key is to maintain the general order. For example, if your company does not have a test system, test the change in the following order:
I I I

Development Quality Assurance Production

By the time you reach the production system, you should be comfortable that nothing will break.

Chapter 1: System Administration Basics

11

Do Not Make System Changes During Critical Periods


We do not recommend making system changes during critical periods. A critical period is when system disruptions could cause severe operational problems and impact business.

Example

A system administrator changes a printer in the Shipping department at the end of the month, but neglects to change the printer setting in SAP R/3. As a result, SAP R/3 cannot send output to the new printer. The users are not able to print shipping documents, which results in the company being unable to ship products. As a result, revenue for the month declines. Other examples include:
I I I I

At end of the month, when Sales and Shipping are booking and shipping as much as they can, to maximize revenue for the month At the beginning of the month, when Finance is closing the prior month During the last month of the year (calendar or fiscal), when Sales and Shipping are booking and shipping as much as they can, to maximize the revenue for the year During the beginning of the year, when Finance is closing the books for the prior year and getting ready for the financial audit

Always coordinate potentially disruptive system events with the users. Different user groups in the company, such as Finance and Order Entry, may have different quiet periods that must be coordinated. Plan all potentially disruptive systems-related activities during quiet periods when a problem will have minimal user impact.

Do Not Allow Direct Database Access


Direct database access means allowing a user to run a query or update directly to the database without going through a mySAP component. Allowing a user direct access runs the risk of corrupting the database, and could put the database out of sync with the mySAP component buffers. mySAP.com components may write to multiple tables in the database. If a user writes directly to the tables, missing a single table may corrupt the database by putting the tables out of sync with each other. With direct database access, a user could accidentally execute an update or delete, rather than a read.

12

System Administration Made Easy | Release 4.6C/D

Keep all Non-SAP Activity Off the mySAP Servers


The servers that run your mySAP.com components should be dedicated to those sole tasks. Running services that have nothing to do with the mySAP.com components can slow down the servers, and may possibly put data at risk of change or deletion. Do not allow users to directly access the mySAP component servers, using telnet or remote access programs. Disallowing direct access keeps users away from confidential or sensitive information. Do not use the mySAP component server as a general file server. Disallowing this prevents putting data at risk of deletion or change. Do not run programs that are not directly related to the mySAP component on its server. Disallowing this will keep system resources dedicated to mySAP tasks.

Caution

Minimize Single Points of Failure


A single-point failure is when the failure of a single component, task, or activity causes the system to fail or creates a critical event. Each place where a single-point failure could occur increases the chances of a system failure or other critical event.

Example

You only have one tape drive and it fails. You cannot back up your database. You rely on utility line power, and do not have a UPS, the server will crash during a power failure and possibly corrupt the database. You are the only one who can complete a task, and you are on vacation, the task will not be completed until you return (or you will be on call while on vacation). To guard against a single-point failure, consider the following options:
I I I I I I I

Systems configured with a built-in backup Redundant equipment, such as dual power supplies On-hand spares Sufficient personnel On-call consultants Cross-training Outsourcing

Chapter 1: System Administration Basics

13

Special Definitions
There are terms used in this guidebook that have very specific meanings. To prevent confusion, they are defined below:

Database server. This server contains the mySAP component and the
database. The database servers system clock is the master clock for the mySAP component.

Application server. This server houses the mySAP component application.

On a two-tiered system, this server would be combined on the database server. Application servers can be dedicated to online users, batch processing or both.

Instance. An installation of the mySAP component on a server. Instances are


either central or dialog. The central instance contains the database, and only exists once in the system landscape. Dialog instances are the application servers. Multiple dialog instances are possible in the system landscape. More than one instance can exist on a physical server.

System. The complete mySAP installation for a System ID (SID), for example
PRD. A system logically consists of the SAP R/3 central instance and dialog instances for the SID. This physically consists of the database server and application servers for that SID. Three-tiered SAP R/3 Configuration Layers Presentation Application Database Physical Devices Desktop PCmany Application Server - many Database server only one SAP R/3 Instance N/A Dialog Central What Runs on Each Layer SAP GUI SAP R/3 Database: SQL Server, DB2, Informix, ADABAS, Oracle

A two-tiered configuration combines the application and database layers on a single server.

14

System Administration Made Easy | Release 4.6C/D

PART T WO

Disaster Planning Overview

16

System Administration Made Easy | Release 4.6C/D

Part Overview
Disaster planning is a necessary and critical part of system administration. Business processes happen daily at a fantastic rate, usually without problems. However, the smallest problem can cause terrific disruption to business, causing a loss of time, money, and resources. Having plans to recover from problems, regardless of their size and complexity, is a good business move. This section covers disaster recovery and backup processes. Chapter 2 covers disaster planning and recovery. We talk about why you need to plan for disasters, what to do to plan, and how to test your disaster recovery plans. Chapter 3 discusses backup and recovery. We talk about what to back up and how often.

C H A P T E R

Disaster Recovery

18

System Administration Made Easy | Release 4.6C/D

Overview
The purpose of this chapter is to help you understand what we feel is the most critical job of a system administratordisaster recovery. We included this chapter at the beginning of our guidebook for two reasons:
I

This chapter is not a disaster recovery how to. It is only designed to get you thinking and working on disaster recovery.

To emphasize the importance of disaster recovery. Disaster recovery needs to be planned as soon as possible, because it takes time to develop, test, and refine. To emphasize the importance of being prepared for a potential disaster

The earlier you begin planning, the more prepared you will be when a disaster does happen.

What Is a Disaster?
The goal of disaster recovery is to restore the system so that the company can continue doing business. A disaster is anything that results in the corruption or loss of the SAP R/3 system such as database corruption (for example, loading test data into the production system), serious hardware failure, or complete loss of the SAP R/3 system and infrastructure (for example, as a result of natural disaster or a building fire). The ultimate responsibility of a system administrator is to successfully restore SAP R/3 after a disaster. To this end, the administrator should act to prevent the system from ever reaching the situation where disaster recovery is required. Disaster recovery planning is a major project. Depending on your situation and the size and complexity of your company, disaster recovery planning could take more than a year to prepare, test, and refine. The plan could fill many volumes. This chapter helps you start thinking about and planning for disaster recovery.

Why Plan for a Disaster?


A system administrator should expect and plan for the worst, and then hope for the best. During a disaster recovery, nothing should be done for the first time. Unpleasant surprises could be fatal to the recovery process.

Chapter 2: Disaster Recovery

19

Some questions must be asked that will help to develop your disaster recovery plan:
I I I I I I I I I I

If the SAP R/3 system fails, will business operations stop? How much lost revenue and cost will be incurred during system downtime? Which critical business functions cannot be completed? How will customers be supported? How long can the system be down before the company goes out of business? Who coordinates and manages the disaster recovery? What will the users do while SAP R/3 is down? How long will the system be down? How long will it take before the SAP R/3 system is available for use? What minimum component of the SAP R/3 system must be restored if offsite recovery is required?

If you plan properly, you will be under less stress, because you know that the system can be recovered and how long this recovery will take. If the recovery downtime is unacceptable, management should look at investing in equipment, facilities, and personnel. Another area to explore is High Availability (HA) options. HA means to keep the system or component running continuously for a relatively long period of time. This option can be expensive. There are different degrees of HA, so customers must determine which option is right for them. HA is an advanced topic beyond the scope of this guidebook. If you are interested in this topic, contact an HA vendor.

Planning for a Disaster


Creating a Plan
Creating a disaster recovery plan is a major project because it can take over a year and considerable time to develop, test, and document. Also, the documentation may be extensive, perhaps thousands of pages long. If you do not know how to plan for a disaster recovery, get the assistance of an expert. A bad plan that will fail is worse than no plan, because it provides a false sense of security. There are third party disaster recovery consultants and vendors that can assist you in creating a disaster recovery plan.

20

System Administration Made Easy | Release 4.6C/D

What Are the Business Requirements for Disaster Recovery?


Senior management provides strategic requirements and guidelines. Individual business units will drive the specific requirements. Each requirement should answer the following questions:
I I I I

The individual business units must understand that as recovery time decreases, the cost for disaster recovery increases. The units should budget for it, or if the funds come from an administrative or IT budget, the units should support it.

Who is the requestor? What is the requirement? Are other departments or customers affected by this requirement? Why is the requirement necessary? When SAP R/3 is offline, what does (or does not) happen? What is the cost (or lost revenue) of an hour or a day of SAP R/3 downtime?

The justification should be a concrete objective value (such as $20,000 an hour). Define the cost (for example, on an hourly or daily basis) of having the SAP R/3 system down.

Example

No more than one hour of transaction data may be lost. The cost is 1,000 transactions per hour of lost transactions that are entered in SAP R/3 and cannot be recreated from memory. This inability to recreate lost transactions may result in lost sales and upset customers. If the lost orders are those that the customer quickly needs, this situation can be critical.

Example

The system cannot be offline for more than three hours. The cost (an average of $25,000 per hour) is the inability to book sales

Example

In the event of disaster, such as the loss of the building containing the SAP R/3 data center, the company can only tolerate a two-day downtime. At that point, permanent customer loss begins. There must be an alternate method of continuing business.

Chapter 2: Disaster Recovery

21

When Should a Disaster Recovery Procedure Begin?


Ask yourself the following questions:
I I I

What criteria constitute a disaster? Have these criteria been met? Who needs to be consulted?

The person must be aware of the effect of the disaster on the companys business and the critical nature of the recovery.

Expected Downtime or Recovery Time


Expected Downtime
Expected downtime is only part of the business cost of disaster recovery. For defined scenarios, this cost is the expected minimum time until SAP R/3 becomes productive again. Downtime may mean that no orders can be processed and no products shipped. Management must approve this cost, so it is important that they understand that downtime affects potential business costs. To prevent interruption in business, it is important to research alternate processes that can be used while the SAP R/3 system is being recovered. The following costs are involved with downtime:
I

The length of time that SAP R/3 is down. The longer the system is down, the longer the catch-up period required when it is brought back up. The transactions from the alternate processes that were in place during the disaster must be applied to the system to make it current. In a high-volume environment, this situation becomes more critical. A downed system is more expensive during the business day, because it causes business activity to stop. Customers who cannot be serviced or supported may be lost to competitors.

I I

The duration of acceptable downtime depends on the company and the nature of its business.

Recovery Time
Unless you test your recovery procedure, the recovery time is only an estimate. Different disaster scenarios have different recovery times, based on operational requirements. Recovery time must be matched to the business requirements. If recovery time exceeds the time set forth by business requirements, the mismatch must be communicated to the appropriate managers or executives.

22

System Administration Made Easy | Release 4.6C/D

Resolving this mismatch involves:


I I

Investing in equipment, processes, and facilities to reduce the recovery time. Changing business requirements to accept the longer recovery time and accepting the consequences.

Example

An extreme (but possible) example: A company cannot afford the cost and lost revenue for the month it would take one person to recover the system. During that time, the competition would take away customers, payment would be due to vendors, and bills would not be collected. In this situation, senior management needs to allocate resources to reduce the recovery time to an acceptable level.

Recovery Group and Staffing Roles


Four key roles exist in a recovery group. The number of employees performing these roles will vary depending on your company size. In a smaller company, for example, the recovery manager and the communication liaison could be the same person. Titles and tasks will probably differ based on your companys needs. The four key roles are defined as follows:
I

To reduce interruption of the recovery staff, we recommend you maintain a status board. The status board should list key points in the recovery plan and an estimate of when the system will be recovered and available to use.

Recovery manager Manages the entire technical recovery. All recovery activities and issues should be coordinated through this person.

Communication liaison Handles communication (phone calls, email, and so on) with the users and keeps top management updated with the recovery status. One role to handle all user communication allows the group doing the technical recovery to proceed without interruption.

Technical recovery team Does the actual technical recovery. As the recovery progresses, the original plan may have to be modified. This role must manage the changes and coordinate the technical recovery.

Review and certification manager Coordinates and plans the post-recovery testing and certification with users.

A final staffing role is to plan for at least one key staff member to be unavailable. Without this person, the rest of the department must be able to perform a successful recovery. This issue may become vital during an actual disaster.

Chapter 2: Disaster Recovery

23

Types of Disaster Recovery


Disaster recovery scenarios can be grouped into two types:
I I

Onsite Offsite

Onsite
Onsite recovery is disaster recovery done at your site. The infrastructure usually remains intact. The best-case scenario is a recovery done on the original hardware. The worst-case scenario is a recovery done on a backup system.

Offsite
Offsite recovery is disaster recovery done at a disaster recovery site. In this scenario, all hardware and infrastructure are lost as a result of facility destruction such as a fire, a flood, or an earthquake. The new servers must be configured from scratch. A major consideration is that once the original facility has been rebuilt and tested, a second restore must take place to the customers original facility. While this second restore can be planned and scheduled at a convenient time to disrupt as few users as possible, the timing is just as critical as the disaster. During system recovery, the system will be down.

Disaster Scenarios
There are many possible disaster scenarios that could occur. It would take an infinite amount of time to plan for them, and you will never account for all of them. To make this task manageable, you should plan for three to five likely scenarios. In the event of disaster, you would adapt the scenario closest to the actual disaster. The disaster scenarios consist of:
I I I

Description of the disaster event High-level plan of major tasks to be performed Estimated downtime

To create your final scenario:


I I

Use the Three Common Disaster Scenarios section below as a starting point. Prepare three to five scenarios that cover a wide range of disasters that would apply to you.

24

System Administration Made Easy | Release 4.6C/D


I I I I

Create a high-level plan (are made up of major tasks) for each scenario. Test the planned scenario, by creating different test disasters and determining if and how your scenarios would adapt to an actual disaster. If the test scenarios cannot be adapted, modify or develop more scenarios. Repeat the process.

Three Common Disaster Scenarios


The following three examples range from a best-to-worst scenario order: The downtimes in the examples below are only samples. Your downtimes will be different. You must replace the sample downtimes with the downtimes applicable to your environment.

A Corrupt Database
A corrupt database could result from accidentally loading test data into the production system, or a bad transport into production that results in the failure of the production system. Such a disaster requires the recovery of the SAP R/3 database and related operating system files. The sample downtime is eight hours.

A Hardware Failure
The following types of items may fail: Plan and prepare to use you test (QAS) system as a backup server if the production (PRD) server fails.
I I I

A system processor A drive controller Multiple-drives in a drive array, causing drive array failure

Such a disaster scenario requires:


I I I

Replacing failed hardware Rebuilding the server (operating system and all programs) Recovering the SAP R/3 database and related files

The sample downtime is seven days and comprises:


I I

Five days to procure replacement hardware Two days to rebuild the NT server (one person); 16 hours of actual work time

A Complete Loss or Destruction of the Server Facility


The following items can be lost:
I I

Servers All supporting infrastructure

Chapter 2: Disaster Recovery


I I

25

All documentation and materials in the building The building

A complete loss of the facility can result from disasters such as fire, earthquake, flood, hurricane, and man-made disasters. Such a disaster requires: Use national vendors with several regional distribution centers and, as a backup, have an out-of-area alternate supplier.
I I I I I

Replacing the facilities Replacing the infrastructure Replacing lost hardware Rebuilding the server and SAP R/3 environment (hardware, operating system, database, and so on) Recovering the SAP R/3 database and related files

The sample downtime lasts eight days and comprises:


I I I I

At least five days to procure hardware. In a regional disaster, this purchase could take longer if your suppliers were also affected by the disaster. Two days to rebuild the NT server (one person); 16 hours actual work time As the hardware is procured and the server is being rebuilt, an alternate facility is obtained and an emergency (minimal) network is constructed One day to integrate into the emergency network

Complete loss or destruction requires a recovery to a new facility.

Recovery Script
A recovery script is a document that provides step-by-step instructions about:
I I I I

The process required to recover SAP R/3 Who will complete each step The expected time for long steps Dependencies between steps

A script helps you to develop and use a proven series of steps to restore SAP R/3 and prevents missing steps. Missing a critical step may require restarting the recovery process from the beginning, which delays the recovery. If the primary recovery person is unavailable, a recovery script helps the backup person complete the recovery.

26

System Administration Made Easy | Release 4.6C/D

Creating a Recovery Script


Creating a recovery script requires:
I I I

A checklist for each step A document with screenshots to clarify the instructions, if needed Flowcharts, if the flow of steps or activities is critical or confusing

Recovery Process
To reduce recovery time, define a process by completing as many tasks as possible in parallel and adding timetables for each step.

Major Steps
During a potential disaster, anticipate a recovery by:
I I I I I I I

Collecting facts Recalling the latest offsite tapes Recalling the crash kit (for more information, see page Crash Kit). Calling all required personnel These personnel include the internal SAP team, affected key users, infrastructure support, IT, facilities, on-call consultants, and so on Preparing functional organizations (sales, finance, and shipping) for alternate procedures for key business transactions and processes. Also prepare non-SAP systems that interface to and from the SAP system.

Minimize the effect of the disaster by:


I I

Stopping all additional transactions into the system Collecting transaction records that must be manually reentered

Begin the planning process by:


I I I

Analyzing the problem Selecting the predefined scenario plans that most closely matches the disaster Modifying the plans as needed

Define when to initiate a disaster recovery procedure.


I

What are the criteria to declare a disaster, and have they been met?

Chapter 2: Disaster Recovery


I

27

Who will make the final decision to declare a disaster?

Declare the disaster.


I I I I

Perform the system recovery. Test and sign off on the recovered system. Key users should perform the testing. These users will use a criteria checklist to determine that the system has been satisfactorily recovered. Catch up with transactions that may have been handled by alternate processes during the disaster. Once completed, this step should require an additional sign-off. Notify the users that the system is ready for normal operations. Conduct a post-disaster debriefing session. Use the results from this session to improve your disaster recovery planning.

I I

Crash Kit
A crash kit contains everything needed to rebuild the SAP R/3 servers, reinstall SAP R/3, and recover the SAP R/3 database and related files. This kit must contain everything required to recover your SAP R/3 environment in one or more containers. If you must evacuate the site, you will not have the time to run around, gathering the items at the last minute, hoping that you get everything you need. In a major disaster you may not even have that opportunity. A periodic review of the crash kit should be performed to determine if items must be added or changed. A service contract is a perfect example of an item that requires this type of review. The crash kit should be physically separated from the servers. If it is located in the server room, and the server room is destroyed, the kit may be lost. Some crash kit storage areas include:
I I I

When a change is made to a component (hardware or software) on the server, replace the outdated items in the crash kit with updated items that have been tested.

Commercial offsite data storage Other company sites Another secure section of the building

The person who seals the kit should take an inventory of the crash kit. If the seal is broken, items may have been removed or changed, making the kit useless in a recovery.

The following is an inventory list of some of the major items to put into the crash kit. You must add or delete items for your specific environment. This inventory list is organized into the documentation and software.

Documentation . The inventory list below must be signed and dated by the
I

person checking the crash kit. The following documentation must be included in the crash kit: Disaster recovery script

28

System Administration Made Easy | Release 4.6C/D


I I

Test and verification script fro functional user groups Installation instructions: Operating system Database SAP R/3 system

Special installation instructions for: Drivers that must be manually installed Programs that must be installed in a specific manner

Ensure that maintenance agreements are still valid and check if the agreements expired. These should be part of a regular schedule task.

Copies of: SAP license for all instances Service agreements (with phone numbers) for all servers

I I I I

Instructions to recall tapes from offsite data storage List of personnel authorized to recall tapes from offsite data storage. This list must correspond to the list maintained by the data storage company. A parts list If the server is destroyed, this list should be in sufficient detail to purchase or lease replacement hardware. Over time, if original parts are no longer available, an alternate parts list must be prepared. At this point, you might consider upgrading the equipment. File system layout Hardware layout You must know which cards go in which slots, and which cables go where (connector-by-connector). Labeling cables and connectors greatly reduces confusion. Phone numbers for: Key users Information services personnel Facilities personnel Other infrastructure personnel Consultants (SAP, network, and so on) SAP hotline Offsite data storage Security department or personnel Service agreement contacts Hardware vendors

I I I

Chapter 2: Disaster Recovery

29

Software.
I

Operating system: Installation kit Drivers for hardware, such as a Network Interface Card (NIC) or a SCSI controller, which are not included in the installation kit Service packs, updates, and patches

Database: Installation kit Service packs, updates, and patches Recovery scripts, to automate the database recovery

For SAP R/3: New installation kit of current SAP R/3 release. Not the upgrade kit Currently installed kernel System profile files

tpparam file saprouttab file saplogon.ini

I I

Other SAP R/3 integrated programs (for example, a tax package) Other software for the SAP R/3 installation: Utilities Backup UPS control program Hardware monitor FTP client Remote control program System monitor

Business Continuation During Recovery


Business continuation during disaster recovery is an alternate process to continue doing business while recovering from a disaster. It includes:
I I I

Cash collection Order processing Product shipping

30

System Administration Made Easy | Release 4.6C/D


I I I

Bill paying Payroll processing Alternate locations to continue doing business

Without an alternate process, your company s business will suffer or stop. Some of the problems you may encounter include:
I I I

Orders cannot be entered Product cannot be shipped Money cannot be collected

Alternate processes include:


I I

Manual paper-based data recording (for example, hand-written purchase orders) Stand alone PC-based products

Offsite Disaster Recovery Sites


Some ideas for offsite disaster recovery sites include other company sites, commercial disaster recovery sites, and sharing or renting space from other companies.

Integration with your Companys General Disaster Planning


Because there are many dependencies, the SAP R/3 disaster recovery process must be integrated with your companys general disaster planning. This process includes telephone, network, product deliveries, mail, and so on.

When the SAP R/3 System Returns


How will the transactions that were handled with the alternate process be entered into SAP R/3 when it is operational?

Test your Disaster Recovery Procedure


Unless you test your recovery process, you do not know if you can actually recover your system. Performing a simulated disaster recovery verifies that you can recover the system and exercise every task outlined in the disaster recovery plan. This simulation determines if:
I I I

Your disaster recovery procedure works Something changed, was not documented, or updated Steps require clarification. Information that is clear to the person documenting the procedure may be unclear to the person reading the procedure.

Chapter 2: Disaster Recovery


I

31

Older hardware is no longer available Here, alternate planning is needed. You may have to upgrade your hardware to be compatible with currently available equipment. Because many factors affect recovery time, actual recovery times can only be determined by testing. Once you have actual times (not guesses or estimates), your disaster planning becomes more credible. If the procedure is practiced often, when a disaster occurs, everyone will know what to do. This way, the chaos of a disaster will be reduced.

I I I

Execute your disaster recovery plan on a backup system or at an offsite location. Generate a random disaster scenario. Execute your disaster plan to see if it handles the scenario. A full disaster recovery should be practiced at least once a year. However based on the cost the frequency is a business decision.

The disaster recovery test should be done at the same site that you expect to recover. If you have multiple recovery sites, perform a test recovery at each site. The equipment, facilities, and configuration may be different at each site. Document all specific items that must be completed for each site. You do not want to discover that you cannot recover at a site after a disaster occurs. Other options for sites to test your disaster recovery scenario include: A backup onsite server Another company site At another company where you have a mutual support agreement A company that provides disaster recovery site and services

During the disaster recovery test, someone still must support the real production system.
I

Primary and backup personnel will do the job during a real disaster recovery. A provision should be made that some of the key personnel are to be unavailable during a disaster recovery. A test procedure might involve randomly picking a name and declare that person unavailable to participate. This procedure duplicates a real situation in which a key person is seriously injured or killed. Additionally, personnel at other sites should also participate. Integrate these people into the test, because they may be needed to perform the recovery during an actual disaster. These people will fill in for unavailable personnel.

32

System Administration Made Easy | Release 4.6C/D

Other Considerations
Other Upstream or Downstream Applications
For the company to function, other upstream or downstream applications also must be recovered with SAP R/3. Some of these applications may be tightly associated with SAP R/3. The applications should be accounted for and protected in the company-wide disaster recovery planning. Applications located on only one persons desktop computer must be backed up to a safe location.
Caution

Backup Sites
The emergency backup site may not have equipment of the same performance level as your production system. Reduced performance and transaction throughout must be considered.

Caution

Having a contract with a disaster recovery site does not guarantee that the site will be available. In a regional disaster, such as an earthquake or flood, many other companies will be competing for the same commercial disaster sites. In this situation, you may not have a site to recover to, if others have booked it before you.

Example
I I

A reduced batch schedule of only critical jobs Only essential business tasks will be done while on the recovery system

Minimizing the Chances for a Disaster


There are many ways to minimize chances for a disaster. Some of these ideas seem obvious, but it is these ideas that are often forgotten.

Chapter 2: Disaster Recovery

33

Minimize Human Error


Dangerous tasks (such as deleting the test database, moving a file, or formatting a new drive) should be scripted and checkpoints included to verify the steps. Many disasters are caused by human error, such as a mistake or a tired operator. Do not attempt dangerous tasks when you are tired. If you must do a dangerous task, get a second opinion before you start.

Caution

Minimize Single Points of Failure


A single-point failure is when the failure of one component causes the entire system to fail. To minimize single-point failure:
I I I

Identify conditions where a single-point failure can occur Anticipate what will happen if this component or process fails Eliminate as many of these single points of failure as practical.

Types of single points of failure include:


I

The backup SAP R/3 server is located in the same data center as the production SAP R/3 server. If the data center is destroyed, the backup server is also destroyed. All the SAP R/3 servers are on a single electrical circuit. If the circuit breaker opens, everything on that circuit loses power, and all the servers will crash.

34

System Administration Made Easy | Release 4.6C/D

Cascade Failures
A cascade failure is when one failure triggers additional failures, which increases the complexity of a problem. The recovery involves the coordinated fixing of many problems.

Example

Cascade Failure A power failure in the air conditioning system causes an environmental (air conditioning) failure in the server room. Without cooling, the temperature in the server room rises above the equipments acceptable operating temperature. The overheating causes a hardware failure in the server. The hardware failure causes a database corruption. In addition, overheating can damage many things, such as:
I I I

Network equipment Phone system Other servers

The recovery becomes complex because:


I I

Fixing one problem may uncover other problems or damaged equipment. Certain items cannot be tested or fixed until other equipment is operational.

In this case, a system that monitors the air conditioning system or the temperature in the server room could alert the appropriate employees before the temperature in the server room becomes too hot.

C H A P T E R

Backup and Recovery

36

System Administration Made Easy | Release 4.6C/D

Overview
Establishing an effective backup and recovery strategy is the most important aspect of a technical implementation. This process entails a full or partial restore of the database after hardware or software errors and a recovery during which the system is updated to a pre-failure status. Other situations aside from disk failures may require a restore and recovery. Your backup strategy should be as simple as possible. Unnecessary complication in backup strategy creates difficult situations during restoration and recovery. Procedures, problem identification, and handling must be well documented so all individuals clearly understand their roles and required tasks. This strategy should also not adversely impact daily business. This chapter discusses backup and restore of your system. The details of specific databases are covered in the database administration chapters.

Restore
Usually a restore is done to:
I I I

Recover after a disaster (for more information, see When Should a Disaster Recovery Procedure Begin? on page 21.) Test your disaster recovery plan (for more information, see Test your Disaster Recovery Procedure on page 30.) Copy your database to another system (for more information, see Database Copy of Production System on page 668.)

The business requirement for a quick restore is driven by the need to get the system operational quickly after a disaster, so the company can continue to do business.

Strategy
Business recovery time is the result of the time needed to, find the problem, repair the damage, and restore the database. Factors that affect the chosen restore strategy include:
I I I I I

Business cost of downtime to recover Operational schedule Global or local users Number of transactions an hour Budget

Chapter 3: Backup and Recovery

37

If the restore is not done properly and completely, it could fail and must be restarted, or be missing other files. You must record special data about your database to recover it. Work with your specialist to identify and document this data.

The actual process to restore SAP R/3 and the database is not covered in this book. This critical task has specific system dependencies, and we leave it to a specialist to teach. If a restore must be done, contact a specialist or your Basis consultant. Work with your DBA or consultant to test and document the restore process for your system. With proper training, you should be able to do the restore.

Testing Recovery
Because the restore procedure is one of the key issues of the SAP R/3 system, database recovery must be regularly tested. For more information, see chapter 2, Disaster Recovery on page 17.

Backup
Backup is like insurance. You only need a backup if you must restore your system.

What to Backup and When

Note
You may need to use different tools to backup all the files. Some tools may only be able to backup one or two of the three categories of files that must be backed up. For example, the SAP DBA Calendar DB13 for Microsoft SQL Server can backup the database and the transaction log, but not the operating system files.

There are three categories of files to backup:


I I I

Database Log files Operating system files

Database
The database is the core of the SAP R/3 system and your data. Without the database backup, you cannot recover the system. The frequency of a full database backup determines how many days back in time you must go to begin the restore:
I

If a daily full backup is done, you will need yesterdays full backup. Only logs since yesterdays backup must be applied to bring the system current. If a weekly full backup is done, you will need last weeks full backup. All the logs for each day since the full backup must be applied to bring the system current.

A daily full backup reduces the number of logs that must be applied to bring the database current. This backup reduces the risk of not getting a current database backup because of a bad (unusable) log file. SAP recommends a daily backup of the productive database and to store the last 28 backups.

38

System Administration Made Easy | Release 4.6C/D

If a daily full backup were not done, more logs must be applied. This step lengthens the recovery process time and increases the risk of not being able to recover to the current time. A point may be reached when it may take too long to restore the logs, because of the quantity of logs to be applied. For additional safety, we recommend that you do a full monthly database backup in addition to the full daily backups. However, there must be strong reasons not to backup a productive database on daily basis (for example, the database is too big to back up over night).

Example
Weekly Backup A restore from last weeks full backup that was done four days ago. There are 10 logs per day. A total of 40 logs (10 logs per day 4 days) must be restored. It takes 120 minutes to restore the log file from tape to disk (40 log x 3 minutes per log). It takes 200 minutes to restore the log files to the database (40 logs x 5 minutes per log). The total time to do the restore, excluding database files, is 320 minutes (5.3 hours) Daily Backup A restore from last nights full backup There are a maximum of 10 logs a day. It takes 30 minutes to restore the log file from tape to disk (10 log x 3 minutes per log). It takes 50 minutes to restore the log files to the database (10 logs x 5 minutes per log). The total time to do the restore, excluding database files, is 80 minutes (1.3 hours). As you can see in this example, the weekly backup takes four times longer to recover than the daily backup. These examples show that the time it takes to do a log restore depends on the size of the logs and how many days back you must go to get to the last full backup. With large logs, such as 100MB or more every hour, this quickly becomes impractical. Increasing the frequency of the full backup (with fewer days between full backups) reduces the recovery time. Also consider maintaining two backup cycles of the logs on disk to reduce the need to restore these logs from tape.

Transaction logs are stored in a directory, which must not be allowed to become full. If the transaction log fills the available file space, the database stops, and no further processing can be done in the database and, consequently, in SAP R/3. It is important to be proactive and periodically back up the transaction logs. Refer to the chapter specific to your database for more information.

Transaction Logs
Transaction logs are critical to the database recovery. These logs contain a record of the changes made to the database, which is used to roll forward (or back) operations. It is critical to have a complete chain of valid log backups. If you must restore and one log is corrupted, you cannot restore past the corrupt log.

Chapter 3: Backup and Recovery

39

The frequency of the log backups is a business decision based on: Weekly Full Backups A log from Tuesday becomes corrupt. The system crashes two days later on Thursday. You can only recover to the last good log on Tuesday. Everything after that is lost.
I I I I I

Transaction volume Critical periods for the system Amount of data senior management is willing to lose Resources to perform the backups and take them offsite Also see the examples in the database section above.

To back up transaction logs, backup the transaction log to disk. If your transaction volume is high, decrease the time interval between log backups. This reduced time interval decreases the amount of data that could be lost in a potential data center disaster. Copy the backup of the transaction log to an offsite backup file server. Backing up your log information over a network should always be done with verification. This backup file server should ideally be in another building or in another city. A separate location increases the chance that the log files will be preserved if the primary data center (containing the SAP R/3 servers) is destroyed. Back up the transaction log backups of both servers (the SAP R/3 server and the offsite backup file server) to tape each day along with the other operating system-level files. Do not back up the logs to the tape drive in append mode, which will append multiple backups on the same tape. If a data center disaster occurs, the tape with all these logs will be lost. If you do not have an offsite backup server, back up the transaction log backups to tape after each log backup and immediately send the tape offsite.

Operating System Level Files


Operating system level files must also be backed up:
I I

Operating environment (for example, system and network configuration) SAP R/3 files Spool files, if stored at the operating system level (system profile: rspo/store_location = G) Change management transport files located in /usr/sap/trans

Other SAP R/3 related applications Interface or add-on products, such as those used for EDI or taxes, which store their data or configuration outside the SAP R/3 database

The amount of data is small in relation to the SAP R/3 database. Depending on how your system is used, the above list should only require several hundred megabytes to a few gigabytes of storage. In addition, some of the data may be static and may not change for months. The frequency of the operating system level backup depends on the specific application. If these application files must be kept in sync with the SAP R/3 System, they must be backed up at the same frequency as the log backup files.

40

System Administration Made Easy | Release 4.6C/D

An example of this situation is a tax program that stores its sales tax data in files external to the SAP R/3 database. These files must be in sync with the sales orders in the system. A simple and fast method to back up operating system files is to copy all data file directories to disk on a second server. From the second server, you can back up those files to tape. This process minimizes file downtime. Use the sample schedule below to determine your backup frequency:

Backup Types
Backup types is like a three-dimension matrix, where any combination can be used:
I I I I

What is backed up: full database vs. incremental of the logs How the backup taken: online vs. offline When the backup is made: scheduled vs. nonscheduled (ad-hoc) The table below shows different backup terminology used by various database system. Full Database Backup Partial Database Backup Offline/Onlin e Tablespace Backup into TSM Incremental Database backup with DB2 UDB v7.2 into TSM Incremental Database backup with DB2 UDB v7.2 into device Incremental Database Backup with DB2 UDB v7.2 with vendor library Differential Database Backup Log Backup

DB2 UDB

Full Database Backup into TSM

Archive inactive log files with TSM

Full database Offline/Onlin backup into e Tablespace Device Backup into Device

Archive inactive log files to device

Full database Offline backup with Tablespace vendor library backup with vendor library

One-step archiving to Storage Software

SQL Server

Full Database Backup

Transaction Log Backup

Chapter 3: Backup and Recovery

41

Full Database Backup Informix Whole system backup Whole database offline + redo log backup) Whole database online + redo log backup

Partial Database Backup Incremental Database whole system backup backup Whole database offline backup Whole database online backup Partial database offline backup Partial database online backup Incremental database backup

Log Backup

Logical Log Backup Redo log backup

Oracle

What Is Backed Up
What Is Backed Up Backup Type: Full database backup Content: Entire database Advantages The entire database is backed up at once, making the restore of the database easier and faster. Fewer logs must be applied to bring the restored database current. Disadvantages A full database backup takes longer to run than an incremental log backup. Because of the longer backup window, there is more impact on the users while the backup is running.

Backup Type: Incremental backup of the transaction logs Content: A backup of the transaction logs. A full database backup is still required on a periodic basis. The usual arrangement is a full backup on the weekend and incremental backups during the week. Advantages Disadvantages

Much faster than a full database backup. A full backup is needed as a starting point to Because of the smaller backup window, there restore the database. is less impact to the users. To restore the database takes significantly longer and is more complicated than restoring a full backup. The last full database backup must be restored, then all log backups since the full backup are restored. If days have passed between the last full backup and a system crash, many logs may need to be restored. If one log cannot be restored, all the logs after that point cannot be restored.

42

System Administration Made Easy | Release 4.6C/D

What Is Backed Up Backup Type: Differential backup Content: Depending on your database and operating system, you may have a third option. A differential backup is a backup of only what has changed since the last full backup. A full database backup is still required on a periodic basis. The usual arrangement is a full backup on the weekend and differential backups during the week. Advantages The exposure to a corrupt log backup is reduced. Each differential backup is backing up all the changes to the database since the last full backup. Disadvantages Like the incremental log backup, a full backup is needed as the starting point. The backup window for a differential is longer than a transaction log backup. It starts as being short (just after the full backup) and gets longer as more data is changed.

How the Backup Is Taken

Note
The definition we use here for offline and online is likely different from what you think. Neither is wrong but view from different point of view, our point of view is the end user.

How the Backup is Taken Backup Type: Offline An offline backup is taken when the SAP system is not available for users. Advantages An offline backup is faster than an online backup. During the backup, there is no issue with data changing in the database. If the files are backed up at the same time, the related operating system files will be in sync with the SAP R/3 database. Disadvantages SAP is unavailable during an offline backup. If SAP is stopped, the SAP buffer is flushed. SAP does not have to be stopped to start an offline backup. If the database is stopped, the database buffer is flushed.

This process will impact performance until During offline backup you have the possibility the buffers are populated. to perform a binary verify operation. However this will double the backup time. SAP does not have to be stopped to start an offline backup. This preserves the SAP buffer. Backup Type: Online If you are using online backups, the transaction logs are critical to successfully recovering the database.

Chapter 3: Backup and Recovery

43

Note
The definition we use here for offline and online is likely different from what you think. Neither is wrong but view from different point of view, our point of view is the end user.

How the Backup is Taken An online backup is taken with the database and SAP R/3 running. Advantages SAP R/3 is available to users during a backup. This is needed where the system is running and used 24 hours a day and seven days a week. The buffers are not flushed. Because buffers are not flushed, once the backup is complete, there is no impact on performance after the backup. Disadvantages An online backup is slower than an offline backup (a longer backup time). Backup time is increased because processes such as SAP R/3 are running and competing for system resources. There is additional overhead to record information about the updates being made while the data is being backed up. Online performance is degraded while the backup is running. Data may change in the database while it is being backed up. Therefore, the transaction logs become critical to a successful recovery. Related operating system level files may be out of sync with the SAP R/3 database.

When the Backup Is Made

Scheduled. Scheduled backups are those that are run on a regular schedule, such as daily or weekly. For normal operations, configure a scheduled backup. Automated backups should use the DBA Planning Calendar (transaction DB13). This calendar provides the ability to set up and review backup cycles. It also has the ability to process essential database checks and update statistics. You can also set up CCMS to process the backup of transaction logs.
Depending on the operating platform, backups and other processes configured here can be viewed in the Batch Processing Monitors (transaction SM37). In general, the status of the backups can be viewed using Backup Logs overview (transaction DB12).

On-demand. On-demand backup is done on an ad hoc basis. It is done


before a major change to the system, such as for an SAP R/3 upgrade or after a structural change of the database like adding a data file. Backups that are controlled directly by an operator, or on-demand, can be performed either by the DBA Planning Calendar (transaction DB13), at the database, or at operating system level. Although the DBA Planning Calendar can schedule backups for periodic use, it can also be used to perform an immediate backup. For an on-demand backup, it is more common to use tools at the database level such as Enterprise Manager (Microsoft SQL Server) or SAPDBA (Oracle and Informix).

44

System Administration Made Easy | Release 4.6C/D

Regardless of the chosen backup method, you should achieve the following goals:
I I I I

Provide a reliable backup that can be restored. Keep the backup strategy simple. Reduce the number of dependencies required for operation. Provide the above items with little or no impact to business units.

Backup Strategy Design


SAP provides tools under CCMS-DB Administration in SAP R/3 to assist in implementing your strategy. The DBA Planning Calendar (transaction DB13) is designed for scheduling backups. The other tool, the CCMS Monitoring tool (transaction DB12), provides historical information to review backup statistics and tape management information. At the operating system or database level, there are additional tools you can use to administer backups and restores. These tools include SQL Enterprise Manager (Microsoft SQL Server) and SAPDBA (Oracle and Informix). To design your backup procedures:
I

Determine the recovery requirements based on an acceptable outage. It is difficult to define the concept of acceptable outage, because acceptable is subjective and will vary from company to company. The cost of what is an outage includes productivity loss, time, money, and so on spent on recovery. This cost should be evaluated in a manner similar to insurance. (The more coverage you want, the more the insurance will cost.) Therefore, the faster the recovery time requirements, the more expensive the solution.

Determine what hardware, software and process combinations can deliver the desired solution. Review the section on performance to decide which method is best. Follow the Keep It Simple rule, but more importantly, make sure your method is reliable.

Test your backup procedures by implementing the hardware and reviewing the actual run times and test results. Ensure that you get results from all types of backup that could be used in your environment, not just the ones you think might be used. This information will aid further evaluation and capacity planning decisions and provide useful comparison information as needed.

I I

Test your recovery procedures by creating various failure situations. Document all aspects of the recovery including the process, who should perform various tasks, who should be notified, and so on. Remember that a recovery will be needed when you least expect it. Testing should occur regularly, with additional tests as hardware or software components change.

Chapter 3: Backup and Recovery

45

Supplementary Backups
Supplementary backups are made on special days (month-end, year-end), so that you can restore the database to a previous state.

General Procedures
Backup
The unattended backup is performed based on the backup frequency table. The scheduling functionality of the SAP R/3 CCMS is used to schedule the backup. In CCMS, the required tapes can be listed by choosing the Volumes Needed button on the backup scheduling screen. Extra backups, such as the monthly and yearly backup, should be performed offline.

Transaction Log Backup


The transaction log backup can be performed during normal system operation without impacting the users.

Verifying Backups
File verification must be done after all files have been backed up. If it were done after each file, it would not detect that the previous file was erased. Backups must be verified following a regular schedule. To do this verify you must perform a restore of the system and test that the restore is good. Unless the backup is verified, you will not know that you have properly backed up everything onto tape.

Example
A backup of several files was done, but the append switch was not properly set for second and later files. Consequently, rather than appending the files one after the other, for each file, the tape was rewound and then backed up. The end result was that only the last backed up file was on the tape.

Database Integrity
An integrity check of the database must be performed in one retention period to ensure that no corrupted blocks exist in the database. These blocks may go unrecognized during backup (see the chapter appropriate to your database for more information).

46

System Administration Made Easy | Release 4.6C/D

To avoid backing up a hidden, inconsistent database, the database must be checked at least once during a retention period. System DEV QAS PRD Frequency of DB Checks Every 2 weeks Every 2 weeks Every week

Roles and Responsibilities


Task Backup Database Backup Archives Verifying Backups Monitoring/Controlling Database check Role Operator Operator Operator/DBA Operator/DBA DBA

Design Recommendations
Database
Assuming the size of your database and backup window permits it, we recommend a full database backup be taken every day. For databases that are too large for daily full database backup, a full backup should be taken weekly.

Transaction Logs
Backing up the transaction logs is critical. If the file space is used up, the database will stop, which stops SAP R/3. Between 6:00 a.m. and 9:00 p.m., we recommend that you back up these logs at least every three hours. This time increment defines the maximum amount of data you are willing to loose. A company with high transaction volume carries higher risk and would increase the frequency accordingly, perhaps to every hour. Similarly, if you have a Shipping department that opens at 3:00 a.m. and a Finance department that closes at 10:00 p.m., you must extend the start and end times.

Chapter 3: Backup and Recovery

47

Operating System Level Files


The frequency of the operating system level backup depends on the application. If these files must be kept in sync with SAP R/3, they must be backed up with the same frequency and at the same time as the database and log backups. An option for a non-sync-critical situation is to back up these operating system level files once a day.

A Strategy Checklist
A proper procedure must be set for backing up valuable system information. Procedures should be defined as early as possible to prevent possible data loss. Resolve the following list of backup issues before you go live:
I I I I I I I I I I I I I

Decide how often to perform complete database backups Decide whether partial or differential backups are necessary Decide when to perform transaction log backups Have the ability to save a days worth of logs on the server Provide ample disk space for the transaction log directory Consider using DBA Planning Calendar (DB13) to schedule transaction log backups Set the appropriate SAP R/3, operating system, and database authorizations Create a volume labeling scheme to ensure smooth operations Decide on a backup retention period Determine tape pool size (tapes needed per day retention + 20 percent) Allow for growth and special needs. Initialize tapes Determine physical tape storage strategy Decide whether to use unattended operations If using unattended operations, decide where (in CCMS or elsewhere).

I I I I I

Document backup procedures in operations manual Train operators in backup procedures Implement a backup strategy Perform a test restore and recovery Define an emergency plan and determine who to contact in case of an emergency

48

System Administration Made Easy | Release 4.6C/D

Backup Procedures and Policies


Backup policies and procedures should be defined as early as possible to prepare for potential data loss during an implementation. Some examples of policies and procedures are included below:
I

System Environment In the three-system landscape, CCMS backs up and restores the software components. (In the three-system landscape example used in this guidebook, DEV is a development system, QAS is a quality assurance system, and PRD is a production system.)

Hardware Components The hardware listed in the table below is to backup and restore the database and transaction logs:

System Name DEV QAS PRD

Backup Hardware 1 x DLT 7000 35/70 GB, 1 DDS-3 12/24 1 x DLT 7000 35/70 GB, 1 DDS-3 12/24 2 x DLT 7000 35/70 GB, 2 DDS-3 12/24

Tape Management
Check with your tape vendor to determine maximum tape life. This is normally in cycles. Note that a backup with verify is two cycles; one for the backup and a second for the verify. Tapes should be destroyed after reaching their manufacture rated life span to prevent accidental reuse.

Tracking and Documenting


To easily retrieve tapes from storage, you must track and document them. The issues involved with this are:
I I I I

Labeling Tracking Handling Retention requirement

Chapter 3: Backup and Recovery

49

Labeling
Tapes should be clearly labeled using one of many labeling methods. Three simple methods are described in the examples below. Two of these methods are used by SAP R/3 and are important if you use DB13 to schedule your backups. Third-party backup management software may assign its own tracking number for the labels. In this case, you must use the label specified by the software.

Example

This five-character naming convention is used by DB13 on Microsoft SQL Server 7.0. (See SAP Note 141118). Microsoft SQL server 6.5 used a different naming convention. Each label has the following data:
I

What is backed up: R = SAP R/3 database or transaction log M = msdb database S = master database C = combination

Type of backup: L = transaction log D = database F = file G = file group + = differential

I I

Day of the month (01-31)

Parallel or Sequential backup (P or S) Sample Label: CD06S C (Combination) + D (database) + 06 (6th day of the month) + S (sequential)

50

System Administration Made Easy | Release 4.6C/D

Example

This six-character naming convention is used by SAPDBA and BRBACKUP (Oracle). Each label has the following data:
I I

System ID <SID> What is backed up B = database A = log O = operating system files

Sequence number of the tape (This number is a sequential tape number, starting from 1 and is unrelated to the date.) Sample Label: PRDB25 PRD (Production db) + B (Brbackup/Database) + 25 (tape number 25)

Example

This method is more visual, where the length of the label name is less of a limitation. Each label has the following data:
I I

System ID <SID> What is backed up: db = database tl = transaction log os = operating system files

I I

Day of the month

Multiple tape indicator for a single day (can be omitted if only one tape is used) Sample Label: PRD-db-06-a PRD (Production database) + db (database) + 06 (6th day of the month) + a (tape a, the first tape) If DB13 is not used, for all of above naming conventions, additional codes can be used to indicate additional types of files that are backed up. However, in case of BRBACKUP, the label is limited to 8 characters. In addition to the naming schemes, use a different color label for each system. A color scheme is one more indicator to help identify the tape and reduce confusion. An example of a color scheme is:
I I I

PRD = orange QAS = green DEV = white

Chapter 3: Backup and Recovery

51

Tracking
Tapes should be logged to track where they are stored, so you can locate them when you need them. In addition to tracking and documenting tapes when tape locations change, tapes should be tracked and documented when they are:
I I I I

Used Sent to offsite storage Returned from offsite storage Moved to a new location

To help you track and retrieve the offsite backup, log the:
I I I I

Date of backup Database Tape number Tape storage companys number Some storage companies label the cartridges with their own tracking label, so that they can track them internally to their system and facility.

I I I

OS level backup tape number Date sent offsite Date returned

The table below is an example: Date Volume Label Purpose Database Operating Sys Notes Storage Company Label Out X7563 X7564 Back

7/15/98 PRDB01 7/15/98 PRDO23

7/15/98 7/30/98 7/15/98 8/15/98

Handling
When you transport tape cartridges, carry them in a protected box to minimize damage and potential data loss due to mishandling. The box should have foam cutouts for each tape cartridge you use. We recommend that you use two boxes. One box should collect the tapes to be sent offsite, and a second box should contain the new backup tapes. The second box should be empty when you finish changing tapes. To change tapes:
I I

For a small company, an ideal tape collection device is a small or medium-sized plastic toolbox with a foam insert that has cutouts for each tape cartridge. Plastic is used because it is nonmagnetic.

Remove the tape cartridge from the tape drive. Insert it in the collection box.

52

System Administration Made Easy | Release 4.6C/D


I

Remove the next tape.

Keep track which tape cartridges have been used, are to be sent offsite, and are to be loaded in the drives. It is easy to accidentally put the wrong tape cartridge in a drive and destroy the recent backup or cause the next backup to fail.

After all tapes have been removed, insert the new tapes in the drive in the same manner. If you are using preinitialized tapes, you must use the correct tape for that day, or the backup program will reject the tape. The backup program reads the tape header for the initialization information (which includes the tape label name) and compares it to the next label in the sequence. When you initialize a tape, some programs write an expiration date on the tape. That same program cannot overwrite the tape before the expiration date. However, it might be overwritten by another program that ignores the tape header. When changing tapes, to avoid confusion:
I
Tips & Tricks

Handle one tape cartridge at a time Follow the same procedure each time

Retention Requirements
There are legal requirements that determine data retention. Check with your companys legal department for compliance with federal, state, and local data retention requirements. Compliance with these requirements should be discussed with your legal and finance departments, external auditors, and consultants. The retention requirement should then be documented. The practical side of data retention is that you may be unable to realistically restore an old backup. If the operating system, database, and the SAP R/3 system have each been upgraded twice since the backup, it is unlikely that the backup can be restored without excessive costif at all. Retention is related to your backup cycle. It is important to have several generations of full backups and all their logs because:
I I

If the database is corrupted, you must return to the last full backup before the database corruption. If the last full backup is corrupted, you must return to the previous full backup before the corruption or disaster and roll forward using the backup of the logs from that backup until the corruption. How far back you go depends on the level of corruption.

Because SAP R/3 is an online real-time system, to recover the database from a full database backup, you must apply all the logs since that backup. If this is a significant amount of time, the number of logs could be tremendous. Therefore, the number of logs you must apply is a practical constraint to how far back you can recover.

Chapter 3: Backup and Recovery

53

Recommendations
System administrators cannot determine tape retention periods on their own. To determine the retention period, administrators must consult the departments that are impacted, such as accounting and legal. There is room for some negotiation, but the administrator must comply with the final decision. As a policy, this decision must be written down. SAPs standard retention period is 28 days.
I I I

If a full database backup is taken each day, we recommend that you keep at least two weeks of backups and all the logs for these weeks. If a full database backup is taken weekly, you should go back at least three generations. Store selected backup sets (month-end, quarter-end, year-end, and so on) for extended periods, as defined by your legal department and auditors.

Tape Retention Period


Even if a backup or archive tape is damaged or lost, the tape retention period assures the ability to recover the database. System Name DEV QAS PRD Regular Backup 14 days 14 days 31 days 2 years 2 years 4 years Month-End Backup Quarter-End Backup Year-End Backup Archives 31 days 31 days 31 days

Storage
Offsite
The offsite storage site is a separate facility (building or campus) from the SAP R/3 data center. Offsite storage safeguards the backups if your facility is destroyed. The magnitude of the disaster will determine what is considered adequate protection:
I I I

Sending tapes to a separate location in the building or another building in the campus will be sufficient. If the disaster is confined to the building where the data center is located. If the disaster is local or regional (for example, a flood or earthquake) adequate protection means sending tapes to a distant location several hundred miles away.

Once the backup is complete, send the tapes offsite immediately. If there is a data center disaster and the backup tapes are destroyed, you can only recover to the last full backup that you have offsite. For log backups, it is critical to send the tapes offsite immediately. If not, everything since this backup is lost.

Offsite data storage can be at a separate company facility or a commercial data storage company. The offsite data storage facility or vendor should have a certified data storage site. Data tapes have different handling and storage requirements than paper.

54

System Administration Made Easy | Release 4.6C/D

Onsite
Onsite storage means storing your data in the same facility as your data center. Tape cartridges should be properly stored, following the tape manufacturers storage requirements. When storing tape cartridges, keep all related tape cartridges together. All tapes used in a daily backup should be considered as a set, comprising backups for:
I I I

Database Logs Operating system files The most difficult requirement to comply with is magnetic fields. The problem is determining if there is a strong magnetic field near the tape storage location. A vacuum cleaner motor or a large electric motor on the opposite side of the wall from where the data tapes are stored can generate a magnetic field strong enough to damage tapes.

Caution

Tapes and files in a set must be restored as a set. For example, if operating system files are not restored with database and log files, the operating system files will not be in sync with the database and critical information will be missing.

Performance
The most important performance target is the time required to restore the database. This determines how long the SAP R/3 system will be down and not available for use. With SAP R/3 down, certain company operations may not occur. Backup performance is important, especially if the system is global or used 24 hours a day. When doing a backup, it is important to minimize the impact on users. The key is to reduce backup time, which in turn reduces the impact on the users. To increase performance:
I I I

Identify the bottleneck or device that is limiting the throughput. Eliminate the bottleneck. Repeat both steps until the performance is adequate or the additional cost is no longer justified.

This iterative process is subject to cost considerations. Additional performance can always be purchased, which is almost always a business cost justification exercise.

Chapter 3: Backup and Recovery

55

Backup
All of the following backup performance items also apply to restoring the database. Three major variables affect performance:
I

Database size The larger the database, the longer it will take to back up.

Note
Beware of the local time in other geographical locations of your company. For example, 1 am PST is 10 am CET.

Backup window The backup window is the time allocated for you to take the regular system backups. This window is driven by the need to minimize impact on the users. An online backup The backup window for this backup type is defined as during nonpeak periods of activity on the system and is usually done early in the morning. An offline backup The backup window for this backup type is defined by when and for how long SAP R/3 can be brought down and is usually done during the weekend.

Hardware throughput This variable limits how fast the backup can run and is defined by the slowest link in the backup chain such as: Database drive array I/O channel that is used Tape drive

Backup Options
Our backup options assume that the backup device is local to the database server. A backup performed over a network will be affected by network topology, overhead, and traffic. Rarely is the full capacity of the network available. If a backup is done over the network, it will decrease network performance for other users. Although performing a backup over a network is technically possible, it is beyond the scope of this guidebook. However, thirdparty products exist that do backup across the network.

Back Up to Faster Devices


All of the backup options attempt to eliminate the bottleneck at the backup device. The backup device, usually a tape drive, is the throughput-limiting device.

56

System Administration Made Easy | Release 4.6C/D

The table below contains capacity and throughput values to help you plan tape drive selection: Type DAT (DDS-3) DLT 4000 DLT 7000 DLT 8000 Super DLT Capacity (GB) (native/compressed) 12 / 20.4 20 / 34 35 / 60 40/68 110/220 Rate (GB/hr.) (native/compressed) 3.6 / 6.1 5.4 / 9.2 18 / 30.6 21.6/36.7 39.6/79.2

The compressed capacity values in this table assume the use of hardware compression and use a more conservative 1.7x ratio, as opposed to the typical 2x compression ratio. The actual compression ratio and rate depends on the nature of the file and how much it can be compressed. A 20 GB database with only 9 GB of data will only require 9 GB of tape space. The tape space requirement increases as the volume of data in the database increases. However, if you are backing up at the operating system level, the entire file is being backed up. Therefore, you must provide tape space for the entire 20 GB database. As technology advances, and the capacity and throughput of tape drives increases, these values will become obsolete. We recommend that you investigate what is currently available at the time of your purchase. Advantages:
I

Not all databases and backup tools support tape changers or libraries; make certain that these tools are compatible before purchasing them. For example, SAPDBA supports tape changers, but Microsoft SQL Server Enterprise Manager and NT Backup do not.

Faster and larger capacity tape drives allow you to back up an entire database on a single tape cartridge in a reasonable period of time (for example, a two-hour backup of a 60 GB database to a DLT7000).

Disadvantages:
I I

A backup to a single tape drive is the slowest option. Unless an automated changer or library is used, without manually changing the cartridge, you are limited to the maximum capacity of the tape cartridge.

Parallel Backup
Backing up to multiple tape drives uses a RAID-0 (stripe) array, in which several tape drives are written to in parallel. In certain environments, like Oracle, individual tablespaces or files are simultaneously backed up to separate tape drives. Because you are writing to multiple tape drives in parallel, total performance is significantly faster than if you were using a single tape drive.

Chapter 3: Backup and Recovery

57

To restore a parallel backup, all the tapes in the set must be readable. If one tape is bad, the entire backup set will not be usable. The more tapes you have in a set, the greater the chance that one tape will be bad.

With a sufficient number of tape drives in parallel, the bottleneck can be shifted from the tape drives to another component. You must consider the performance of each subsystem when using tape drives in parallel. This subsystem includes the tape drives, controllers, CPU, and I/O bus. In many configurations, a controller or bus is the limiting factor.

Backing Up to Disks, Then to Tape


This method has the advantage of being the fastest option to back up the database. Backing up to disk is usually faster than backing up to tape. You can quickly make multiple identical copies on disk, for example, for onsite and offsite storage. Once the backup has been made to disk, the system performance is minimally affected. Because the tape backup is made from the disk copy, not the live database, the tape backup does not compete with database activity for system resources. Also, during an onsite disaster recovery to the same equipment, the recovery can be done from the on-disk backup. This method does have some disadvantages. Additional disk space, equal in size to the database, is required. For a larger database, this can incur extra expense. Also, until the backup to tape is complete, you are vulnerable to a data center disaster. In a disaster recovery situation, you must first restore the files to disk, then execute the database recovery from the disk. Other options exist for faster backups, such as High Availability options, but these options are beyond the scope of this guidebook.

Recovery
The performance requirement for a recovery is more critical than for backup. Recovery performance determines how quickly the system will be available for use and how soon business can continue. The goal is to restore the database and related files to make the system quickly available for general use. The longer this restore takes, the greater the impact on your business.

Restore Options
To increase database restore performance, all of the above database backup options are valid. You can also restore to a faster disk array with a higher data-write throughput. You can perform a restore to a faster disk array by using:
I

Dedicated drives In conjunction with parallel backups, restoring files and tablespaces to individually dedicated disk drives speeds up the process. At any one time, only one tablespace or file is written to the drive, avoiding head contention writing another tablespace to the same drive.

58

System Administration Made Easy | Release 4.6C/D


I

RAID type Mirrored stripe (RAID 0+1) is faster than RAID5, but this speed depends on the specific hardware. In most cases, the task of computing the parity data for the parity drive (RAID5) takes more time than it would to write all the data twice (RAID 0+1). This option is expensive because the usable capacity is 50 percent of the total raw capacitysignificantly less than RAID5: RAID 0+1 = [single_drive_capacity (number_of_drives/2)] RAID5 = [single_drive_capacity (number of drives 1)]

I I

Drives with faster write performance Drive array system with faster write performance

Useful SAP Notes


SAPNet R/3 Frontend Note # Description Microsoft SQL Server 141118 102467 50990 142731 28667 128126 111372 126808 New Scheduling calendar in the CCMS (DB13) SQL Server 7 Online documentation for SQL Server with SAP DB-Backup/Restore of Microsoft SQL Server DBCC checks for SQL Server 7 Microsoft SQL Specific Profile Parameters Database Connect for external tools Standby Database for Microsoft SQL 7.0 Configuration Parameter for Microsoft SQL 7.0 Oracle 68059 43499 43491 43486 43484 42293 SAPDBA - option -next with tablespace list All collective notes concerning DBA Tools Collective note: SAPDBA Command line options Collective note: General SAPDBA Collective note: General DBA SAPDBA - new command line option analyze

Chapter 3: Backup and Recovery

59

SAPNet R/3 Frontend Note # 34432 31073 21568 16513 15465 04754 03807 02425 01042

Description ORA-00020: max number of processes exceeded SAPDBA - new command lines -next, analyze SAPDBA: Warning: only one member of online redo File system is fullwhat do I do? SAPDBA - shrinking a tablespace Buffer synchronization in centralized systems Tablespace PSAPROLL, rollback segments too small Function of tablespaces/DBspaces on the database ORACLE TWO_TASK connect failed

60

System Administration Made Easy | Release 4.6C/D

PART THREE

Tasks Overview

62

System Administration Made Easy | Release 4.6C/D

Part Overview
As a system administrator, you have tasks that you must perform to ensure the continued functioning of your system. This section covers scheduled tasks that must be done on a regular basis, as well as adhoc tasks that are done as necessary. Chapter 4 covers regularly-scheduled tasks that occur on a daily, weekly, monthly, quarterly and annual basis. Chapter 5 covers tasks that require more than one employee to complete. Chapter 6 talks about general system administration. Tools and methods to monitor your SAP system are discussed here.

C H A P T E R

Scheduled Tasks

64

System Administration Made Easy | Release 4.6C/D

Overview
We have provided sample checklists that you may use and modify depending upon your specific needs. The checklists provided for your convenience include:
I I I I I I

Critical tasks SAP R/3 system Database Operating system Other Notes

Please note that just because tasks are listed weekly does not mean you cannot do it daily. The schedule of a task is dependent on the individual installation.

Chapter 4: Scheduled Tasks

65

Daily
Critical Tasks
System: __________ Date: ____/____/____ Admin: _____________________ Tasks Check that the SAP R/3 system is up Check that daily backups executed without errors. DB12 Backup Logs: Overview 9-12 Transaction Chapter Procedure Log onto the SAP R/3 system Check database backup. Database backup run time. Check operating system level backup Operating system backup run time Check off/Initial

The SAP R/3 System


Task Check that all application servers are up. Check the CCMS alert monitor (4.0+). Check work processes (started from SM51). Transaction SM51 SAP Servers RZ20 CCMS Monitor Chapter 6 & 15 Procedure Check that all servers are up. Look for alerts. Check off/Initial

SM50 Process 6 & 15 Overview

All work processes with a running or a waiting status

66

System Administration Made Easy | Release 4.6C/D

Task Look for any failed updates (update terminates).

Transaction SM13 Update Records

Chapter 6

Procedure Set date to one year ago Enter * in the user ID Set to all updates Check for lines with Err.

Check off/Initial

Check system log.

SM21 System Log

Set date and time to before the last log review. Check for: Errors Warnings Security messages Abends Database problems Any other different event

Review for cancelled jobs.

SM37 Select 15 Background jobs

Enter an asterisk (*) in User ID. Verify that all critical jobs were successful.

Check for old locks.

SM12 Lock entry list.

Enter an asterisk (*) for the user ID. Check for entries for prior days.

Check for users on the system.

SM04 Users AL08 - Users

Review for an unknown or different user ID and terminal. This task should be done several times a day.

Chapter 4: Scheduled Tasks

67

Task Check for spool problems.

Transaction

Chapter

Procedure Look for spool jobs that have been in process for over an hour. Check for: New jobs Incorrect jobs

Check off/Initial

SP01 Spool: 13 Request Screen

Check job log.

SM35 Batch input: Initial Screen ST22 ABAP Dump Analysis

15

Review and resolve dumps.

Look for an excessive number of dumps. Look for dumps of an unusual nature.

Review workload statistics. Review buffer statistics.

ST03N Workload: Analysis of <SID> ST02 Tune Summary

18

18

Look for swaps.

Database
Task Transaction Chapter Procedure Check off/Initial

Review error log AL02 for problems. Database (DB) alert ST04 DB Performance Analysis Check tables/space usage DB12 10

9-12

68

System Administration Made Easy | Release 4.6C/D

Operating System
Task Review system logs for problems Transaction OS06 OS Monitor Chapter 14 Procedure Review operating system logs Check off/Initial

Other
Task Check the uninterruptible power supply (UPS) Transaction UPS program log Chapter 14 Procedure Review for:
I I I

Check off/Initial

Events UPS self test Errors

Notes
Problems Action Resolution

Chapter 4: Scheduled Tasks

69

The SAP R/3 System


System: __________ Date: ____/____/____ Admin: _____________________ These tasks are done several times a day. Previous SAP R/3 tasks are once a day. Task Look for any failed updates (update terminates). Transaction SM13 Update Records Chapter 6 Procedure Set date to one year ago Enter * in the user ID Set to all updates Check for lines with Err Check System Log SM21- System Log 6 Set date and time to before the last log review. Check for:
I I I I I I

Check off/Initial

Errors Warnings Security messages Abends Database problems Any other different event

70

System Administration Made Easy | Release 4.6C/D

Task Review for cancelled and critical jobs

Transaction

Chapter

Procedure Enter * in User ID Verify that all critical jobs were successful. Review any cancelled jobs.

Check off/Initial

SM37 Select 15 Background jobs

RZ01 Graphical job monitor Check users on system SM04 Users AL08 Users

15

Same as for SM37 Review for an unknown or different user ID and terminal. This task should be done several times a day.

Critical Tasks
Some critical tasks should be completed every morning. These tasks help you determine if the SAP R/3 system is running properly, and if backups executed and completed successfully. If these tasks determine that SAP R/3 is not running properly, or backups did not execute or complete, the situation must be resolved quickly to prevent downtime or data loss.

Verify that SAP R/3 Is Running


The first task of the day is to perform a high-level check to see if the SAP R/3 system is running. If the system is not running, your users will be calling to find out what happened and when the system will be up again. At a basic level, if you can connect to the SAP R/3 system, you know that the SAP R/3 system is working, and the network between you and the SAP R/3 system is working. To accomplish this, from a workstation, log on with the SAP GUI. If you can log on, the test is successful.

Verify that the Backups Ran Successfully


You must verify that the backups that were supposed to run last night ran successfully. Backups of the SAP R/3 database and related non-database operating system level files are essential to recover the SAP R/3 system. Types of nondatabase files include:
I

Database log dumps

Chapter 4: Scheduled Tasks


I I I I I

71

Data files for third-party applications that do not store their data in the system Examples of such files are external tax files. Transport files Inbound and outbound interface files Externally stored print files

Any failed backup must be immediately investigated and resolved. Do not maintain a we will just run the backup again tonight and see if it works attitude. If that backup fails, you have another day without a backup.

Problems with the backups must be quickly resolved. If a database failure occurs that requires a restore, and the last backup failed, you will have to recover using the last successful backup. If you do not have a usable backup, you must use an older backup, and apply transaction logs, which will increase the time required to restore the database and bring it current. Once the problem has been fixed, execute an online backup if it does not significantly impact performance or if policy requires such a backup. At the operating system level, some of these files may need to be in sync with the SAP R/3 database. Restoring the SAP R/3 system without these files results in an unusable restore (for example, external tax files that must be in sync with the system data or the tax systems reports will not match the SAP R/3 reports). These critical tasks must be done first thing in the morning. If there is an operations shift that runs between 10:00 p.m. and 7:00 a.m., the backup check should be done once the backup job is complete. In chapters 4 through 8, we have included a list of transactions like the ones below. This list contains basic information about selected transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist. Transaction Name User Transaction Code AL08/SM04 Description Reason for Use

Displays all users Lets administrators currently logged onto detect erroneous or the system, with user multiple logons ID and terminal name View system logs Lets administrators detect possible OS and hardware problems (such as a failing hard drive) Determine if critical jobs have failed to execute. Other tasks may depend on completion of these jobs.

OS Monitor We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter defines an automatic logout of the user if there is no activity for the set number of minutes.

OS06

Select Background Jobs/Graphical Job Monitor

SM37/RZ01

Select and monitor background batch jobs

72

System Administration Made Easy | Release 4.6C/D

Transaction Name CCMS Alert Monitor

Transaction Code RZ20

Description Monitor servers (DEV, QA, Testing, PRD, and so on) in your landscape from one central program Displays a list of locked transactions. Locks prevent other users from changing the record on which you are working.

Reason for Use Alerts are signs of potentially serious problems in need of immediate resolution. Allows the administrator to clear old and unreleased locks

Lock Entry List

SM12

Update Records

SM13

Allows the administrator to display, process, test, reset, delete and get statistics on updates Analyze system logs

In the event that an update is not processed, the administrator can manage the processing manually. Helps an administrator detect SAP R/3 system problems early Alerts you to new or incorrect batch sessions Allows users to monitor work processes and see if any have failed or are taking too long

System Log

SM21

Batch Input

SM35

Manage batch input sessions View status of work processes (SM50 used for systems without application servers) (SM51 central transaction that starts SM50 for each application server) SAP R/3 system output manager Displays SAP R/3 buffer performance statistics. Assists in tuning SAP R/3 buffer parameters, as well as SAP R/3 database and operating system parameters

Work Processes

SM50/SM51

Spool

SP01

Helps to resolve time-critical print job problems Resolves performance issues relating to significant buffer swapping. Look for red entries in Swaps, and monitor over time to determine any trends.

Tune Summary

ST02

Chapter 4: Scheduled Tasks

73

Transaction Name

Transaction Code

Description Determines system performance

Reason for Use Understanding the system while it is running well can help you determine changes that may need to be made during problem times. Monitors database growth, capacity, input/output statistics and alerts. Also provides additional information using drilldown, and allows database monitoring without logging into it. Assists in determining why a report or transaction terminated

Workload Analysis of ST03 <SID>

Database Performance Analysis

ST04

High-level database performance monitor

ABAP Dump Analysis

ST22

Views logs of ABAP dumps

74

System Administration Made Easy | Release 4.6C/D

Weekly
The SAP R/3 System
System: __________ Date: ____/____/____ Admin: _____________________ Tasks Check database for free space Transaction DB02 DB Performance: Database Allocation DB02 DB Performance: Database Allocation. SP01 - Spool Chapter 9-12 Procedure Record free space Check off/Initial

Monitor and estimate future database growth Check spool for problems and that spool is properly cleared

9-12

Record database space history

13

Transport into PRD STMS tp at OS level

16

All properly approved transports imported into PRD Delete inconsistencies

TemSe SP12 Consistency check Review Security Audit Log SM20

13 7

Database
Task DBCC Transaction Chapter 13 Procedure Check output from DBCC job for errors (SQL Server) Check for successful completion of update stats job Check off/Initial

Run MS-SQL server update statistics

10

Chapter 4: Scheduled Tasks

75

Operating System
Task Check file system for adequate space Transaction RZ20 CCMS Alert Files system Chapter 10 Procedure Review space usage and that sufficient free space exists in the file systems Check off/Initial

Other
Task Check system monitoring systems for update Check system monitor alert mechanisms Transaction System monitor Chapter 15 Procedure Review for any events that should be added or deleted Test e-mail Test paging 15 Clean using cleaning cartridge Check off/Initial

System monitor

15

Clean tape drive Tape drive

Notes
Problem Action Resolution

In chapters 4 through 8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist.

76

System Administration Made Easy | Release 4.6C/D

Transaction Name Database Performance

Transaction Code DB02

Description Examine database allocation

Reason for Use Monitor database space history and perform database analysis Alerts are signs of potentially serious problems in need of immediate resolution. Helps to resolve time-critical print job problems Relationships between object and data in the TemSE can be destroyed as a result of restoring from backups, copying database, copying clients improperly, or deleting client without first deleting their objects) Assists in moving objects and configuration between systems or clients in the production pipeline

CCMS Alert Monitor

RZ20

Monitor servers (DEV, QA, Testing, PRD, and so on) in your landscape from one central program SAP R/3 system output manager Compares data in TemSe (TST01) objects and TemSe (TST03) data tables

Spool

SP01

Temporary Sequential (TemSe) database consistency check

SP12

TMS System

STMS

Helps you perform transports

Chapter 4: Scheduled Tasks

77

Monthly
The SAP R/3 System
System: __________
Date: ____/____/____ Admin: _____________________ Task Defragment the memory Transaction Chapter Procedure Cycle the SAP R/3 system Check off/Initial

Database
Task Plot database growth Transaction DB02DB Performance: Tables Chapter 9-12 Procedure Record usage and plot Check off/Initial

Operating System
Task Backup file server Review file system usage Transaction Chapter 14 Procedure Perform full server backup Record file system usage Plot usage Is additional storage space needed? Is house cleaning needed? Check off/Initial

78

System Administration Made Easy | Release 4.6C/D

Other
Task Check consumable supplies Transaction Chapter Procedure 15 Spare tape cleaning cartridge available for all tape drives (such as DLT, DAT) Spare tape cartridges available for all drive types Spare data cartridges available for removable media devices (such as ZIP, CD-R, and so on) Preprinted forms (such as shipping documents, invoices, and checks) Special supplies, such as magnetic toner cartridge Normal supplies (such as laser printer toner, printer paper, batteries, diskettes, pens, and so on) Check off/Initial

Notes
Problem Action Resolution

In chapters 4 through 8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist. Transaction Name Database Performance Transaction Code DB02 Description Examine database allocation Reason for Use Monitor database space history and perform database analysis

Chapter 4: Scheduled Tasks

79

Quarterly
The SAP R/3 System
System: __________
Date: ____/____/____ Admin: _____________________ Task Archive quarterly backup Transaction Chapter Procedure Send quarter-end backup tapes to long-term offsite storage SU01User Maintenance 7 Review user ID for terminated users that should be locked or deleted Review list of prohibited passwords (Table USR40) Review system profile parameters for password standards Review all scheduled jobs to determine if they are still appropriate Check off/Initial

Security review

SM31Table Maintenance

16

RZ10Edit System 21 Profile

Review scheduled jobs

SM37 Background Jobs

15

80

System Administration Made Easy | Release 4.6C/D

Database
Task Archive quarterly backup Transaction Chapter 3 Procedure Send quarterend backup tape to long-term offsite storage. Review all scheduled jobs to determine if they are still appropriate. Restore database to a test server. Test the restored database. Check off/Initial

Review all scheduled jobs

SM37

15

Test database recovery process

2&3

Operating System
Task Archive quarterly backup Transaction Chapter 3 Procedure Send quarterend backup tape to long-term offsite storage. Archive the old transport files. Maintain init<SID>.dba Check off/Initial

Archive old transport files. Cleanup SAPDBA logs (Oracle)

Transport directories; log, data, cofiles SAPDBA cleanup

Other
Task Check maintenance contacts Transaction Chapter Procedure Check for expiration date Check for usage changes Check off/Initial

Chapter 4: Scheduled Tasks

81

Notes
Problem Action Resolution

In chapters 4 through 8, we have included a list of transactions like the ones below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist. Transaction Name Edit System Profile Parameters Transaction Code RZ10 What Allows the administrator to change security parameters, such as password length, password change period, user lockout, and so on Select and monitor background batch jobs Why Properly assigned parameters make it more difficult to break into the system.

Select Background Jobs

SM37

Determine if critical jobs have failed to execute. Other tasks may depend on completion of these jobs. Administrators can lock and unlock users, preventing or allowing access to the SAP R/3 system as needed.

User Maintenance

SU01

Allows an administrator to change the status of a user

82

System Administration Made Easy | Release 4.6C/D

Annual
The SAP R/3 System
System: __________ Date: ____/____/____ Admin: _____________________ Task Archive yearend backup Transaction Chapter 3 Procedure Send year-end backup tapes to long-term offsite storage Review users security authorization forms against assigned profiles. Can also be done with report RSUSR100 Audit profiles and authorizations SU02 Security 7 Profile Maintenance SU03 Security Authorization Maintenance Review segregation of duties Audit user IDs SAP* and DDIC 7 Can also run with report RSUSR101 Can also run with report RSUSR102 Check off/Initial

Audit user security

Chapter 4: Scheduled Tasks

83

Task Run SAP user audit reports

Transaction

Chapter

Procedure Run user audit reports. RSUSR003, RSUSR005, RSUSR006, RSUSR007, RSUSR008, RSUSR009, RSUSR100, RSUSR101, RSUSR102 Verify that system is set to Not modifiable Check changeable status for applicable client Check against your list of locked transactions

Check off/Initial

SA38 (or SE38) 7 Execute ABAP program

Check that the system is set to Not modifiable

SE03 Workbench Organizer Tools SCC4 Clients: Overview

Check locked transactions

SM01 Transaction codes: Lock/Unlock

Database
Task Archive yearend backup Transaction Chapter 3 Procedure Send year-end backup tapes to long-term offsite storage Check off/Initial

Operating System
Task Archive yearend backup Transaction Chapter 3 Procedure Send year-end backup tapes to long-term offsite storage Column Title

84

System Administration Made Easy | Release 4.6C/D

Other
Task Perform disaster recovery. Transaction Chapter 2&3 Procedure Restore entire system to disaster recovery test system Test business resumption Check off/Initial

Notes
Problem Action Resolution

Chapter 4: Scheduled Tasks

85

In chapters 4 through 8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist. Transaction Name Transaction Code SA38/SE38 SU01 SU02 SU03 Description All users who have left the company should have their SAP R/3 access terminated immediately. By locking or deleting these user IDs, you limit access to only those users who should have access to SAP R/3. Periodic review assures the task of locking or deleting has been completed. Allows the administrator to test and apply changes properly Reason for Use Proper audit control requires that a user who no longer has a valid business need to access SAP R/3 should not be allowed to keep that access. Deleting or locking these user IDs also prevents anyone who had been using the terminated user ID from accessing the system under that ID. Objects should not be modifiable in the quality assurance or production systems. This rule is to protect the production system from object and configuration changes being made, without first being tested. By setting the production system to Not modifiable, the integrity of the pipeline is preserved. Prevents users from damaging the system by running certain transactions

Note
Switches prevent changes from being made in the system. In the production system, these should be set to Not modifiable, to ensure that changes are made using the development pipeline. In the development pipeline, changes are:
I I I

Created in the development system Tested in the development system Transported from the development system to the test system Tested in the test system

Change Object Directory Entry of Objects

SE03/SCC4

I I

Transported from the test system to the production system Using this procedure, changes are properly tested and applied to the systems in the pipeline.

SM01

Lock transactions from being used

86

System Administration Made Easy | Release 4.6C/D

Dangerous transactions are transactions that could do the following:


I
Caution

Damage or corrupt the system Present a security risk

I I

Adversely impact performance If a user accidentally accesses these transactions, they could corrupt or destroy the SAP R/3 system. Access to dangerous transactions is more critical in the production system than the development or test systems. This is because of live data and the fact that the companys operations are dependent on the SAP R/3 system. Certain transactions should be locked in the production system, but not in the development, test, or training systems. Standard security normally prevents access to these transactions. However, some administrators, programmers, consultants, and functional key users could have access to the transactions depending on the system they are on. In these cases, the transaction lock provides a second line of defense. The SAP R/3 system has over 48,000 English transaction codes. To make it manageable, only the critical ones must be locked. Your functional consultants should supply you with any additional critical transactions in their modules.

C H A P T E R

Multi-Role Tasks

88

System Administration Made Easy | Release 4.6C/D

Starting the SAP R/3 system


To start the SAP R/3 system in a productive environment:
Note

1. Start the operating system (if required). 2. Check the operating system logs to verify a good start. 3. Start any application servers. 4. Start the database. 5. Check the database logs to verify a good start. 6. Start SAP R/3 on the central instance. 7. NT/SQL: Use the SAP Management Console. 8. UNIX: At the command prompt, enter startsap r3. 9. Check the R/3 System log (SM21) to verify a good start. 10. Problems at this point may require you to reset the system. 11. Start SAP R/3 on the application instances. 12. Check the R/3 System log. When you start the SAP R/3 system, wait for 60 seconds. This step makes it easier to read the system log. For example, the last stop entry is 19:26:xx and the first start entry is 19:27:xx, where time is reported as hh:mm:ss.

This step is optional because starting the SAP R/3 system also starts the database. However, manually starting the database allows you to review the database log before starting the SAP R/3 system. NT/SQL: If not automatically started, use the SQL Server Service Manager to start the database. NT/Oracle: If not automatically started, use SAPDBA to start the database. UNIX: At the command prompt, enter startsap db.

Tips & Tricks

Start SAP R/3NT (SQL Server, Oracle)


The following task describes how to start SAP R/3 from a Windows NT environment uf you use an MS SQL Server or Oracle database.
Task

Start SAP R/3 with Microsoft SQL Server or Oracle on a Windows NT system

1.

From the taskbar, choose Start Programs SAP R3 Management Console.

2. Select the nodes (+) to drill down to the servers.

Chapter 5: Multi-Role Tasks

89

3.
Tools such as QuickSlice and Perfmon allow you to monitor the activity of the server and know when you can log on to the system.

To start the central instance on the database server, right-click on the database server (for example, pa102058), and choose Start.

4.

When the status indicators for the database server turn green, the database instance has started and SAP R/3 has completed the start process. Wait a few minutes because startup activity is still occurring on the server.

The steps below are applicable only if you have an application server:
Task

Start SAP R/3 with an application server

1.

Start the dialog instance (on the application server).

90

System Administration Made Easy | Release 4.6C/D

2. Select the nodes (+) to drill down to the application server (for example,
pal01003). Right-click on the server name and choose Start.

3.

The status indicators for the application server change color to green, indicating that the database instance has started and that SAP R/3 has completed the start process. Wait a few minutes because startup activity is still occurring on the server.

Stopping the SAP R/3 system


Reasons to shut down a productive SAP system include:
I

Hardware/Software failure (unplanned)

Chapter 5: Multi-Role Tasks


I I

91

Hardware/Software maintenance (planned) Full server backup (planned) When you stop SAP R/3, coordinate and plan this stoppage with all users or their representatives. Stopping a system at your convenience is unprofessional and usually causes considerable operational issues with users who need (and expect) the system to be up and running.

Tips & Tricks

Stop SAP R/3 Checklist


Task Date Initial

The following tasks must be completed well before the SAP R/3 system is stopped: Coordinate the shutdown with all affected parties, such as Finance, Shipping, Sales, and so on. Reschedule/cancel jobs that would be running or starting during the scheduled shutdown (SM37). Create a system message announcing the planned shutdown (SM02). Send email notification to affected user The following tasks must be completed before the SAP R/3 system is stopped: Check that there are no active users on the system (SM04 and AL08). Check that there are no active background jobs running (SM37). Check for active processes (SM50 and SM51). Check for active external interfaces. To stop the SAP R/3 system: Stop the application server instance(s). Stop the central instance. Stop the database (optional).

Tasks to Be Completed Before Stopping the System


Coordinate the shutdown with all effected parties. If a group has planned to do something and expects the system to be operational, they may or may not be able to reschedule. You may have to reschedule your shutdown to compensate for their business requirements.

92

System Administration Made Easy | Release 4.6C/D

If you are the cause of the emergency, be prepared to take the consequences. An example of an emergency is not monitoring the file system, having it fill up, which results in stopping SAP R/3.

Before stopping the system, there are several checks that must be made. The purpose is to determine that there is no activity on the system when the system is stopped. Certain activities (such as a large posting job), if interrupted, could have some transactions posted and some not yet posted. Recovery could then become an issue. Reschedule or cancel jobs that will be running or starting during the scheduled shutdown.
I I

Check SM37 for these jobs and cancel or reschedule them to run after the shutdown. Watch for repeating jobs, such as daily or weekly jobs. These jobs are not created until the job for the prior period (such as day or week) has run. In other words, a daily job does not exist several days in advance.

Create a system message announcing the planned shutdown. Emergency or priority shutdowns (for example, file system full, log full, equipment failure, and so on) are a different matter. In these instances, you must shutdown immediately and users must accommodate you. There may be littleif any negotiating.

System Message (SM02)


A system message is a popup that users see when they first log on to the SAP R/3 system. This window appears after a new message has been created or when users move between screens.
Task

Send a system message

1. 2.

In the Command field, enter transaction SM02 and choose Enter (or from the navigation menu, choose Tools Administration Administration SM02-System messages). On the System Messages screen, choose

Create.

Chapter 5: Multi-Role Tasks

93

3.

In the Create System Messages dialog box:

a. b.
When referencing the time for the shutdown, always enter the specific time, time zone, and date (for example, 0230 PDST-MonJun 8,1998). Entering vague information, such as in 15 minutes creates possible confusion as to when and where an event has been scheduled.

In System message text, enter your message. If you are only shutting down one server, you may also enter text in the Server field. To enter this text, choose and select the server on which the message should appear. In Expiry on, enter the messages expiration date and time. Choose

c. d.

4.

The message in the status bar indicates that your message has been saved.

5.

When the user logs on to the SAP R/3 system, they will see a message dialog box similar to the screenshot below.

94

System Administration Made Easy | Release 4.6C/D Check that No Active Users Are on the System (AL08/SM04)
All users should log off of the system before you shut down SAP R/3. You can perform the following two tasks to check if users are still logged on to the system.
Task

Check that no active users are on the system (system without application servers)
1. 2. 3.
In the Command field, enter SM04 and choose Enter (or from the navigation menu, choose Tools Administration Monitor System monitoring SM04-User overview). Contact the users by phone or email and have them log off. If users cannot be contacted, delete their session as described in Deleting a Users Session (Transaction SM04) on page 247.

Task

Check that no active users are on the system (systems with application servers)
1. 2. 3.
In the Command field, enter AL08 and choose Enter (or from the navigation menu, choose Tools CCMS Control/Monitoring Performance menu Exceptions/users Active users AL08-Users global). Scroll down the transaction screen to see all the servers in the system and the users on those servers. Contact the users to have them log off.

Chapter 5: Multi-Role Tasks

95

4.

If the users cannot be contacted, delete their session as described in Deleting a Users Session (Transaction SM04) on page 247. You cannot delete a user from transaction AL08. You must log on to the individual instance and use transaction SM04 to delete the user session.

Check for Batch Jobs Running or Scheduled (SM37)


Check for any batch jobs that are running or are scheduled to run during the shutdown.
Task

Check for batch jobs running or scheduled


1. 2.
In the Command field, enter SM37 and choose Enter (or from the navigation menu, choose Tools CCMS Jobs SM37-Maintenance). On the Simple Job Selection screen:

a. b.
I I I I

In User name, enter *. Under Job status, select the following checkboxes:

Sched. Released Ready Active

96

System Administration Made Easy | Release 4.6C/D

c. d. e. f.

In Fr., enter a date one year ago from today. In To, enter a date in the future beyond the shutdown period (for example, if the shutdown period is from 07/13/2001 at 23:00 to 07/14/2001 at 23:00, use a To date of 07/15/2001). In or after event, choose Choose and select *.

Execute.

3.
Change the display to show the planned start date and time. From the menu bar, on the screen above, choose Settings Display variant Current (Change Layout in 46D). On the field selection screen, move the scheduled start date and scheduled start time from the hidden fields on the right, to the displayed fields on the left.

Choose a job within the shutdown period to review (for example, SPOOL_CLEANUP). From the menu bar, choose Job Change.

4.

Chapter 5: Multi-Role Tasks

97

5.

Choose

Start condition.

6. 7.

In Scheduled start, change the date to a date after the shutdown. Choose .

8.

Verify the new start date.

98

System Administration Made Easy | Release 4.6C/D

9.

Choose

10. 11.

A message indicates that the job was saved. Repeat steps 3-10 for each of the other jobs that must be moved.

Chapter 5: Multi-Role Tasks

99

12.

As a final step, repeat the initial job selection to verify that there are no jobs scheduled during the system shutdown.

Check for Active Processes on All Systems (SM51)


The following task displays processes that are active or running. You can also determine which user is running the process.
Task

Check for active processes on all systems


1.
Note

In the Command field, enter transaction SM51 and choose Enter (or from the navigation menu, choose Tools Administration Monitor System monitoring SM51-Servers). On the SAP Servers screen:

2.

The screen that appears is the transaction SM50 screen for that server.

a. b.

Select an instance. Choose .

100

System Administration Made Easy | Release 4.6C/D

3. 4. 5.

Review for activities. Choose and return to the SAP servers transaction (SM51).

Repeat steps 2-4 for each instance.

Check for External Interfaces


You can monitor active RFC connections using transaction SMGW. External interfaces move data to or from the SAP R/3 system. Checking for active interfaces depends on the specific interface and how it has been designed, built, and implemented. The developer or consultant can help you determine if the interface is active.

Stopping SAP R/3


Stop SAP R/3 only after all checks have been made and you are certain that there is no activity on the system. To stop the SAP R/3 system: 1. If there are application servers in the system, stop the instance on the application servers. 2. Stop the instance on the database server. a. NT/SQL:Use the SAP Management Console. b. NT/Oracle:Use the SAP Management Console. c. UNIX/Informix or DB2:At the command prompt, enter stopsap. This script may also stop the database; check your specific installation. You can also use SAPDBA to stop the instance. 3. If needed, stop the database. The database must be stopped separately. Unlike the start process, stopping the system does not also stop the database. a. NT/SQL:Use SQL Server Service Manager to stop the database. b. NT/Oracle:Use SAPDBA to stop the database. c. UNIX:Use either SAPDBA or the stopsap script to stop the database. 4. If needed, stop the operating system.

When you bring down or stop SAP R/3, coordinate and plan this event with all the SAP R/3 users or their representatives. Stopping a system at your convenience is unprofessional and usually causes considerable operational issues with users who need (and expect) the system to be up and running.

Chapter 5: Multi-Role Tasks STOP SAP R/3NT


Task

101

Stop SAP R/3 in Windows NT

1. 2.

From the taskbar, select Start Programs SAP R3 Management Console. Drill down to select an SID (for example, SA1), then a server (for example, pa102058 and pal01003).

Task

Stopping SAP R/3 if you have application servers

1.

Stop the SAP R/3 dialog instance (on the application server).

2. Select the nodes (+) to drill down to the application server (for example,
pal01003).

102

System Administration Made Easy | Release 4.6C/D

3.

Right-click on the application server and choose Stop.

4.

Choose Yes.

5.

When SAP R/3 stops, the status indicators change color to gray.

6.

Stop the SAP R/3 central instance (on the database server).

7. Select the nodes (+) to drill down to the database server (for example,
pa102058).

Chapter 5: Multi-Role Tasks

103

8.

Right-click on the database server and choose Stop.

9.

Choose Yes.

10.

When SAP R/3 stops, the status indicators change color to gray.

104

System Administration Made Easy | Release 4.6C/D

C H A P T E R

SAP System Administration

106

System Administration Made Easy | Release 4.6C/D

Overview
This chapter will help you understand how to monitor your system. It is crucial that a system administrator gets a quick overview of the system status and is quickly notified of critical situations. In this chapter, you will learn about:
I I I I

Some Computing Center Management System (CCMS) tools Major tasks Specific transactions System messages

Major System Monitoring Tools


The CCMS Central Alert Monitor and the System Administration Assistant (SAA) perform two different functions. The CCMS Central Alert Monitor is primarily an alert monitor. The SAA is a control panel from which you can directly access the specific monitoring tools and be notified of alerts. If you have time constraints, these tools provide a quick overview of system status and notify you of critical situations.

CCMS Central Alert Monitor (Transaction RZ20)


Using transaction RZ20, you can monitor the servers in your landscape, such as development, quality assurance, testing, production, and so on. You no longer have to individually log into each system to search for alerts. If there is an alert, the monitor will link to many of the other transactions in this guidebook. You can do many of your system monitoring tasks with the Central Alert Monitor.
Tips & Tricks

To view Alert Monitor documentation, from the menu bar, choose: Help SAP Library. SAP Library Basis Components Computing Center Management System (BC-CCM) Computing Center Management System (BC-CCM)

The Central Alert Monitor is not a replacement for examining other checklist tasks. Certain alerts, such as Microsoft SQL Server and TMS have not yet been integrated into the Central Alert Monitor.

Computing Center Management System (BC-CCM) CCMS Monitoring The Alert Monitor. An alert indicates a potentially serious problem that should be quickly resolved. If not contained, these problems could deteriorate into a disaster.

Chapter 6: SAP System Administration

107

Task

Access the CCMS Alert Monitor


1.
In the Command field, enter transaction RZ20 and choose Enter (or from the SAP standard menu, choose Tools CCMS Control/Monitoring RZ20-Alert monitor). This screen is the standard display. We will use a modified display with most of the monitor sets suppressed.

2.

On the CCMS Monitor Sets screen, we displays only two monitor sets:
I I

SAP-delivered SAP CCMS Monitor Templates User-created SystemAdmin docu

Under SAP CCMS Monitor Templates, there are predefined monitors to use as your starting point. These monitor templates cannot be modified. To modify them, copy them into a customer monitor set and modify the monitor there.

3.

Select the node (+) to expand the monitor sets. In this example, we copied the Entire System monitor from the SAP CCMS Monitor Template into SystemAdmin docu. This step allows us to modify the monitor.

108

System Administration Made Easy | Release 4.6C/D

4.

To load the monitor, select a monitor (for example, Entire system) and choose .

5.

The monitor contains the alerts for a single system/SID. In our example, the application servers pa102058_SA1_00, (central instance) and pa101003_SA1_00, (application server) are displayed.

Chapter 6: SAP System Administration

109

Current View and Alert View


The CCMS Alert Monitor display has two modes, the current system status (which shows the current alert situation right now) and open alerts (which shows alerts that have been generated but not yet acknowledged.) The recommended process is to address problems in the current system status first, then work on open alerts.
Task

Switch between the current and alert views

1.

On the SystemAdmin docu (Entire System) screen:

a.

To view alerts, choose Open alerts.

110

System Administration Made Easy | Release 4.6C/D

2.

To return to the current status view, choose Current status.

Task

Find an alert

1.

From the SystemAdmin docu (Entire System) screen:

a. b.

Look for red node text. If a node text is highlighted in red, an alert will be displayed below that text. Drill down to the bottom node.

Chapter 6: SAP System Administration

111

2.

In our example, the alert node is Percentage Used of the file system on drive H.

a. b.

Select the node text. Choose .

3.

Scroll to the bottom of the screen or choose

112

System Administration Made Easy | Release 4.6C/D

4. 5.

At the bottom of the detail screen are two tables. These tables show the alert values over the last half-hour and last 24 hours. These tables can be of significant value in troubleshooting. To display a graph of a timetable, select the table to use (for example, last 24 hours) and choose .

6. 7.

The graphical display shows how the values changed over a 24-hour period. Choose when you have finished.

Chapter 6: SAP System Administration

113

8.

Choose Performance history. The batch job that collects historical data must be running. The default setting is that the job will not run. Running this job will add more data to the database and affect database growth. For more information, see Configuring the Batch Job to Collect Historical Data (RZ21) on page 726.

9.

If the Determine MTE performance history data screen displays, choose User.

10.

Enter a time frame in the From and To fields.

114

System Administration Made Easy | Release 4.6C/D

11.

Choose

12. 13.

Select the history items to display. Choose .

Chapter 6: SAP System Administration

115

Task

View the alerts

1.

Choose Display alerts.

2.

The alerts are listed in order of priority (Red at the top and yellow below).

Task

Analyze the alert

1.

Select an alert.

116

System Administration Made Easy | Release 4.6C/D

2.

Choose

3.

The specific analysis tool that is started is node-dependent. These tools are individually covered in the remainder of this guidebook. If no tool is assigned, a No method assigned message will appear.

Chapter 6: SAP System Administration

117

Task

Acknowledge the alert

1.

From the Monitoring Attributes Detail Data screen, choose Display alerts.

2. 3.

Select the alert to acknowledge. Choose Complete alert.

You still must perform a task based on the alert. Acknowledging the alert only means that you received the alert notification.

4.

Note the message at the bottom of the screen.

118

System Administration Made Easy | Release 4.6C/D

5.

One less alert is displayed.

6.

When all alerts and warnings are acknowledged, the alert will change color to green.

Chapter 6: SAP System Administration

119

Task

Provide system configuration information (transaction RZ20)

1. 2.

Under the SAP CCMS Monitor Templates, select System Configuration. Choose .

3.

The various nodes will provide information about clients, database, and your SAP license.

120

System Administration Made Easy | Release 4.6C/D

4.
RZ20 Configuration. To configure to monitor multiple systems, see the SAP R/3 online documentation: SAP Library Basis Components Computing Center Management System (BCCCM) Computing Center Management system (BC-CCM) Computing Center Management system (BC-CCM) CCMS Monitoring The Alert Monitor The Monitoring Architecture: Concept What is Predefined in the Alert Monitor? In the right frame, choose monitoring multiple R/3 systems.

As shown here, a monitor can be configured to display multiple systems. Note that this monitor has been configured to monitor the following systems: System SAP R/3 SAP R/3 CRM BW SID SA1 DI2 C2B BW2 Basis 46C 46C 46D 46D

Maintaining The Alert Thresholds for RZ20


The alert threshold is the point where the alert indicator changes color from:
I I I I

Green to yellow Yellow to red Red to yellow Yellow to green

Each installation is different, so the point at which an alert changes color depends on the individual installation.

Chapter 6: SAP System Administration

121

Sample situations where you would want to change the threshold levels when:
I I I

A high amount of paging is a cause for concern on the production system, but it is expected on the development system. The only file on a drive may be the database file, which is completely filling the drive. A file system full alert on that particular drive is of no concern, because the database would have been configured to take up the whole drive.
Task

Maintain alert thresholds


1. 2. 3.
Select the node (+) for the specific alert that you want to change the threshold. Select an alert. Choose Properties.

4.

If the displayed values are for a group, an indicator field will appear in the screen. The group indicator means that the values displayed apply to all drives, not just the selected drive.

122

System Administration Made Easy | Release 4.6C/D

5.

To switch to group or individual:

a. b.

Group: From the menu bar, choose Edit Properties Use from MTE class/group. Individual: From the menu bar, choose Edit Properties Use for individual Monitoring Tree Element (MTE).

6.

If you choose group, the Monitoring: Properties and Methods dialog box appears. Choose .

7.

Choose

Chapter 6: SAP System Administration

123

8.

The threshold value field will change color from gray to white.

9. 10. 11.

If the transaction is set to group mode, a message appears in the status bar. Enter new values for when the alerts will change (for example, 98). These threshold values are specific to the alert you indicated. Choose .

124

System Administration Made Easy | Release 4.6C/D

Hiding SAP Standard Monitor Sets


The monitor sets that are being hidden are not usually needed.
Task

Hide SAP standard monitor sets


1.
On the CCMS Monitor Sets screen, from the menu bar, choose Extras Activate maintenance function.

2. 3. 4.

Expand all the monitor sets. Under Public sets, select a monitor set (for example, SAP Business Communication). Choose .

Chapter 6: SAP System Administration

125

5. 6.

Deselect Public (visible for all users). Choose .

7. 8.

The monitor set will disappear from My favorites and Public sets. The set still exists under SAP. If necessary, this set could be made visible to the public again.

126

System Administration Made Easy | Release 4.6C/D

9.

Repeat the steps until the only SAP standard set remaining is SAP CCMS Monitor Template.

10.

Once the extra monitor sets have been removed, your screen should look like the screenshot below.

Chapter 6: SAP System Administration

127

Create a New Monitor Set


The following task shows you how to create a new monitor set.
Task

Create a new monitor set


1.
On the CCMS Monitor Sets screen, from the menu bar, choose Extras Activate maintenance function.

2. 3.

Select Public sets. Choose .

4. 5.

Under Monitor set, enter a name for the new monitor set (for example, SysAdmin 2). Select Public (visible for all users).

128

System Administration Made Easy | Release 4.6C/D

6.

Choose

7. 8.

The new monitor set appears in Public sets and My favorites. To turn off maintenance, from the menu bar, choose Extras Deactivate maintenance function.

9.

The new monitor set (SysAdmin 2) appears on the screen.

Chapter 6: SAP System Administration

129

Add a Monitor to the Monitor Set


1.
From the menu bar, choose Extras Activate maintenance function.

Task

2. 3.

Select the Monitor set (for example, SysAdmin 2). Choose .

4. 5.

Expand the monitor design tree. Select the nodes (+) that you want to include in the monitor (for example, Background under both SA1 and DI2).

130

System Administration Made Easy | Release 4.6C/D

6.

Choose

7. 8.

In Monitor, enter a relevant name for the new monitor (for example background-SA1+DI2). To save the monitor definition, choose .

Chapter 6: SAP System Administration

131

9.

The monitor definition is saved.

10.

To turn off maintenance, from the menu bar, choose Extras Deactivate maintenance function.

11. 12.

Select the new monitor. Choose .

132

System Administration Made Easy | Release 4.6C/D

13. 14.

Expand the monitor tree. This new monitor shows only the nodes you selected. This monitor tracks background service on two different systems (SA1 + DI2).

System Administration Assistant (Transaction SSAA)


The System Administration Assistant (SAA) was developed as part of the Ready-to-Run-R/3 project. The core of the SAA has been brought into standard SAP R/3 and is now available to everyone. The SAA lists all the SAP R/3 administrative tasks and tracks tasks that must be done, and provides documentation on each task and displays critical and non-critical alerts. The SAA helps the system administrator track work by providing a point of reference for all relevant system administration transactions.
Task

Run the System Administration Assistant


1.
In the Command field, enter transaction SSAA and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor SSAA-System Administration Assistant).

Chapter 6: SAP System Administration

133

2.

On the R/3 Administrative Activities screen:

a. b.

Choose Entire View tab. The Entire View tab is chosen by default. Choose .

3.

Choose

134

System Administration Made Easy | Release 4.6C/D

4.

From the menu bar, choose View Transaction code/module to display the transaction codes on the right side.

5. 6.

If a task needs to be performed, a red square appears next to it. To execute the task, choose Background Jobs). on that line (for example, R/3: Checking

Chapter 6: SAP System Administration

135

7. 8.

The associated transaction is started. The specific transaction code selected is node-dependent. The task to execute the transaction will be specific to the started transaction. When you have finished, choose .

9. 10.

The list is updated, and a green circle appears next to the task, indicating that it has been performed. To see if there are any alerts in each task, choose List Current Alerts.

136

System Administration Made Easy | Release 4.6C/D

11.

Critical

and noncritical

alerts in each task are displayed.

Specific Transaction Monitoring Overview


Failed Updates (Transaction SM13)
For performance reasons, the database update is done in an asynchronous mode. In this mode, the user continues to work while the system takes over the update process and waits for the database update to complete. In synchronous mode, users must wait until the database has successfully updated before they can continue to work. An update terminate (or failed update) is an update to the database that failed. These terminates occur when a user entry or transaction is not entered or updated in the database. The following example should help clarify this concept:

Example

The accountant gives a file clerk a folder (similar to saving a transaction). The file clerk gives the accountant a receipt (similar to the SAP R/3 document number). On the way to the file cabinet, the clerk falls and gets hurt. The folder in not filed in the cabinet (the failed update). The end result is that the folder is not in the cabineteven though the accountant has the receipt. This same end result occurs in an update environment, the document is not in the SAP R/3 systemeven though the user has a document number.

Chapter 6: SAP System Administration

137

Users assume that when they receive a document number, the entry has been recorded in the system. However, if the update has terminated, even if the users received a document number, no trace of it exists in the system.

Example

Even though a sales order document number is generated, the order does not exist. Therefore, customers would not receive their order, and no trace of the order would exist in the system. Check the system for failed updates several times a day. The longer you wait after the update terminate has occurred, the more difficult it is for users to remember what they did when the update terminate occurred. Also, prompt action should be taken to prevent having multiple update terminates that must be addressed. During normal business hours, the checks can be distributed:
I I I I

First thing in the morning Late morning Early afternoon Late afternoon

If you have a global operation, your schedule should be adjusted to account for other time zones and someone in that time zone should participate in the monitoring. On Windows NT, from SAP R/3 release 3.0F and higher, system log entries are written to the NT event log. You might consider configuring an event log monitor to page you when an update terminate occurs. This step reduces the need to constantly check transaction SM13. It also reduces the exposure between the time the update terminate occurs, when you find out about it, and when you can get to the user. The following message appears: You have express mail in your inbox. This message means that an update terminate has occurred on the users transaction. Users should be trained to stop when they get this message.
Task

Tips & Tricks

Check the system for failed updates


1.
In the Command field, enter transaction SM13 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor SM13Update).

138

System Administration Made Easy | Release 4.6C/D

2.

On the Update Records: Main Menu screen:

a. b. c. d. e.

In Client, enter *. In User, enter *. Under Status, select All. In From date, change the date to a year ago (for example, 07/13/2000). Choose .

3.

In the Status column, look for entries with an Err. These entries are failed updates or update terminates. You may also see other entries listed without the Err status. If you have no failed updates, stop here. If you have failed updates, continue with the next section, Managing Update Terminates.

Chapter 6: SAP System Administration

139

Managing Update Terminates


Some of the problems that can occur with an update terminate include:
I

No short dump In this case, the only clues you have are the: User ID Date Time Transaction

Difficulty reading the short dump Short dumps can be difficult to read or understand. Some of the content is only useful to the developer. You may recognize a pattern of characters as a part number, document number, vendor code, and so on. Short dump with little usable information Update terminate occurring downstream from the actual transaction The data in the short dump may be of little value in finding the root of the update terminate. (For example, if the terminate occurred in the FI posting of an SD transaction, you will not know which SD transaction document caused the problem.) Update terminate occurring in a batch job There is no indication of which batch job (by job name) caused the update terminate. SAP is aware of the inability to identify the batch job which was the source of an update terminate.
Task

I I

Manage update terminates


1.
Double-click on an entry with an Err status.

2.

The Update Modules screen shows the module (Mod.name) and the process (Mod.ID) where the update terminate occurred.

140

System Administration Made Easy | Release 4.6C/D

3.

Double-click on the entry with an Err status.

4.

Choose ABAP short dump. If a short dump exists, it will appear.

Chapter 6: SAP System Administration

141

5.

After choosing ABAP short dump, you will see one of the following screens:

a.

If you have an ABAP dump, you will see the ABAP runtime errors screen.

b.
Do not attempt to reapply the failed update! There are conditions under which this reapplication can lead to corruption of the database. Always advise users to reenter the transaction.
I I

If a short dump does not exist, you will see: The Update Status dialog box The message No ABAP/4 short dump exists which appears either in the inactive Update Modules window or a separate dialog box.

6. 7.

The users must be contacted. The users should check for the missing entry and reprocess the missing transaction.

User Training
When a user receives the following message, You have express mail in your inbox, this usually signals a problem. The user should immediately stop and get assistance to determine what happened. SAP R/3 uses express mail to notify the user of a failed update. It is during this time frame (immediately after the error has occurred) that the user has the best chance of correcting the problem.

142

System Administration Made Easy | Release 4.6C/D

System Log (Transaction SM21)


The system log is the SAP R/3 systems log of events, errors, problems, and other system messages. The log is important because unexpected or unknown warnings and errors could indicate a serious problem. You should check the system log several times a day. The ability to properly monitor the system log comes with experience. Over time, you will become familiar with what log entries normally appear in your system log, and recognize the unusual ones that need investigation.
Task

View system log


1. 2.
In the Command field, enter transaction SM21 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor SM21-System Log). In From date, change the date to a week ago (for example, 07/09/2001 and choose Reread system log.)

3.

If you select Problems only, you will see this screen.

Chapter 6: SAP System Administration

143

4.

You can get more information on certain entries. In this example, double-click on the short dump.

What to look for:


IUnusual entries

Before you can recognize the unusual entries, you must become familiar with normal entries.
I

5.

If you select All messages, you will see this screen. Notice that the warning messages on this screen (indicated by the yellow highlight under the column MNo, and the text Perform rollback) did not appear in the previous screen.

Column MNo for the error status Errors are in red and pink, and warnings are in yellow. These entries may have been examined when you did the Alert Monitor (RZ20).

144

System Administration Made Easy | Release 4.6C/D

6.

Choose Analyze runtime errors.

To minimize the videoprocessing overhead, many NT servers are configured with a video color depth of 16 colors. On these servers, increase the video color depth to 256 colors to see the alerts in color, or view the log from a computer that has the video set to at least a color depth of 256 colors.

7.

This screen is the short dump. You can access this screen using transaction ST22.

Task

Display remote system logs


1.
From the menu bar, choose System log Choose All remote system logs.

Chapter 6: SAP System Administration

145

2.

Choose Reread system log.

3.

The system logs for all remote systems are shown.

Locks (Transaction SM12)


A lock prevents other users from changing the record on which you are working. The example below illustrates the importance of using this function.

Example

You are changing a customer mailing address, while someone is simultaneously changing the customer s telephone number. You first save your change; then the other person saves his or her change. The other persons change overwrites your change, and your change will be lost.

146

System Administration Made Easy | Release 4.6C/D

We assume that the profile parameter rdisp/gui_auto_logout has been set. This parameter defines an automatic logout of the user if there is no activity for a set number of minutes.

There may be old locks still in place from transactions that did not release, or from when the user was cut off from the network. Unless cleared, these locks prevent access or change to the record until the system is cycled. The easiest way to locate these locks is to look for locks from prior days.
Task

View locks
1. 2. 3. 4.
In the Command field, enter transaction SM12 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor SM12 - Lock Entries). In Client, enter *. In User name, enter *. Choose .

5.
Setting the auto_logout parameter is recommended for security and auditing. The parameter is a global setting that applies to all users on the instance. You cannot have different logout times for different groups of users on the same instance. The only way to have different logout times for different groups of users is to have specific groups (for example, Finance) log in to specific instances (for example, the Finance application server) where this parameter is set in the instance profile of that instance.

In the Time column, look for locks from previous days. The presence of a lock from a previous day could mean that the user was disconnected from the network and the SAP R/3 system.

Chapter 6: SAP System Administration

147

The following process should be followed before deleting a lock: Task Is the user logged onto any of the servers? Transaction Code that Completes this Task Transaction SM04 (without application servers) Transaction AL08 (with application servers) If the user is not on the system, but transaction SM04 shows them on the system, delete their sessions as described in chapter 9, Deleting a User s Session. This step, alone, may clear the lock. Transaction SM50 Transaction SM51 Also see the Processes section later in this chapter. Transaction SM37 Also see the Background Jobs section in this chapter. Transaction SM13 Also see Failed Updates section in this chapter.

Are there are processes running under the user ID? Deleting a lock is a dangerous task. Do not delete a lock without checking first to see if it is being used. If you delete a lock that is in use, you risk corrupting the database. Are there batch jobs running under the user ID? Are there updates in process for that user ID?

6.

Once you know that there is no activity using the users ID:

a. b.

Select the lock entry for deletion. From the menu bar, choose Lock entries Delete.

Double-check the user ID of the entry that you selected to delete. If you delete the wrong lock, you could corrupt the database.
Caution

Clear only one lock entry at a time. Do not use the mass delete option. This option will delete all the locks, not just the ones for the user you have selected.

148

System Administration Made Easy | Release 4.6C/D

Active Users (Transactions SM04 and AL08)


These transactions display all the users who are currently logged on to the system, displaying both the user ID and terminal name. In a smaller company, the administrator can recognize user IDs logged on to unfamiliar terminals. An unfamiliar terminal may indicate that someone other than the designated user is using that user ID. Reasons not to share user IDs include:
I
Tips & Tricks

If a problem arises, you will not know who created the problem. This situation makes the problem difficult for you to fix and prevent from happening again. Prudent security practices do not allow for the sharing of user IDs. Your external auditors may also perform this test to test your security.

I I

Release 4.6 allows you to prevent concurrent sharing of user IDs by activating the disable_mult_gui_login system profile. We recommend that you activate this parameter.

A user logged on to more than one terminal may indicate that the ID is being used:
I I

Used by someone else Used/shared by several people

Problems
Transaction SM04 may show a user as active, when the user has actually logged off. Because the user session was not properly closed, the system thinks that the user is still logged on. This condition can be caused by one of the following:
I I

A network failure, which cuts off the user. Users who turn off their computer without logging off from the SAP R/3 system.
Task

View active users in a single-instance system


1. 2.
In the Command field, enter transaction SM04 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor System monitoring SM04 - User Overview). Select the user ID (for example, DAVIDM) to view the session the user has opened.

If you have several instances in your system, using AL08 is easier, because you can simultaneously see all users in all instances on the system.

Chapter 6: SAP System Administration

149

3.

Choose Sessions.

4. 5.

The Overview of Sessions screen shows what sessions the user has opened. Choose .

Task

View active users in a multi-instance system


1.
In the Command field, enter transaction AL08 and choose Enter (or from the SAP standard menu, choose Tools CCMS Control/Monitoring, double-click on SM66-Work Process Overview, then from the menu bar, choose Goto Global users overview.) The Current Active Users screen shows all the instances in your system.

2.

150

System Administration Made Easy | Release 4.6C/D

3.

For each instance, a list of the users logged onto that instance (application server) is also provided.

Work Processes (Transactions SM50 and SM51)


Process overview transactions allow users to view the status of work processes and monitor for problems. Transaction SM51 is a central transaction from which you can select the instance to monitor. SM51 starts transaction SM50 for each application server. Transaction SM50 is used for a system without application servers. Transaction SM51 is one place to look for jobs or programs that may be hung, usually indicated by long run times. If batch jobs are not running, transaction SM50 may provide a hint of the problem, if all the batch work processes are in use.
Task

View work processes for a system with application servers


1.
In the Command field, enter transaction SM51 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor System monitoring SM51-Servers). Select the instance you want to view (for example, pa102058_SA1_00).

2.

Chapter 6: SAP System Administration

151

3.

Choose

4.

The Process Overview transaction (SM50) for that instance is displayed.

Task

View work processes for a system without application servers


1. 2.
In the Command field, enter transaction SM50 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor System monitoring SM50-Process overview). Look for:

a. b.

Dialog work processes (DIA) that have long Time values. These values could indicate a problem or a long running step in batch programs, which sometimes start dialog work processes. In the Status column, work processes that say stopped, can sometimes be a problem because a process may have stalled or failed.

152

System Administration Made Easy | Release 4.6C/D

c.

Some of the columns are defined in the table below.

Column Text No Ty PID Status Err CPU Time Program Clie User Table

Definitions Work process number Type of work process OS PID (Process ID) number Current status of the work process Number of detected errors in the work process Cumulative CPU time that the current process is taking Cumulative wall time that the current process is taking Name of the ABAP program Client number User ID that is using the work process Table that the action is being performed on

ABAP Dump Analysis (Transaction ST22)


An ABAP dump (also known as a short dump) is generated when a report or transaction terminates as the result of a serious error. The system records the error in the system log (transaction SM21) and writes a snapshot (dump) of the program termination to a special table. This transaction can also be called from the system log (transaction SM21). An ABAP dump is used to analyze and determine why the error occurred and enables you to take corrective action.

Chapter 6: SAP System Administration

153

Task

View ABAP dump analysis


1.
In the Command field, enter transaction ST22 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor ST22-Dump analysis). The list of dumps can be displayed using two selection methods:
I I

For a simple selection, Today or Yesterday (proceed to step 2) For a free selection (proceed to step 5)

For a simple selection

2. 3. 4.

Under No. of short dumps, if you see a value other than zero (0) in Today or Yesterday, dumps have occurred that must be examined. Select Today. Choose . Proceed to step 8.

For a free selection

5.

Choose

Selection.

6.

Enter your selection criteria in the ABAP Dump Analysis screen.

154

System Administration Made Easy | Release 4.6C/D

7.

Choose

8.

Double-click on the dump you want to analyze.

Despite being called a short dump, ABAP dumps may be more than 75 pages long. We recommend you save the dump locally and print out only the portion you need. If the SAP hotline asks for a copy of the short dump, e-mail or upload the file (see SAP Note 40024).

9.

The short dump is displayed.

Chapter 6: SAP System Administration

155

System Message (SM02)


A system message is a popup that users see when they first log on to the SAP R/3 system and move between screens. System messages are useful to send a broadcast message to everyone on the system (for example, SAP will be down for scheduled maintenance from 6:00 p.m. PST Friday, October 23 to 12:00 p.m. PST Saturday, October 24.), or to inform the user about the system. This information is recommended for systems other than the production system, such as development, test, sandbox, training, and so on (for example, You are logging into QAS, copy of PRD as of Nov-1-98 at 0100 PST).
Task

Creating a system message


1. 2.
In the Command field, enter transaction SM02 and choose Enter (or from the SAP standard menu, choose Tools Administration Administration SM02System messages). Choose Create.

3. 4.
To prevent the message from expiring, enter a date several years in the future. When referencing the time for an event, always enter the specific time, time zone, and date (for example, 0230 PDST-Tue Jun 26,2001). Entering vague information (such as in 15 minutes), creates confusion as to when and where an event has been scheduled.

In System message text, enter your message. Optionally, you may also enter text in the following fields:

a. b. 5.

In Server, choose appear.

and select the instance on which the message should

In Client, enter the client number for a client specific message.

In Expiry on, enter the messages expiration date and time.

156

System Administration Made Easy | Release 4.6C/D

6.

Choose

7.

The message in the status bar indicates that your message has been saved.

8.

The System Messages popup window will appear.

Task

Edit a message
1.
In the Command field, enter transaction SM02 and choose Enter (or from the SAP standard menu, choose Tools Administration Administration SM02-System messages).

Chapter 6: SAP System Administration

157

2.

Select the message.

a. b.

Choose Choose

Change to edit. Delete to delete the message from the screen.

3. 4.

Enter your changes. If necessary, change the following:

a. b. c. 5.

ServerName Client Expiry on .

Choose

6.

The message in the status bar indicates that your message has been changed.

158

System Administration Made Easy | Release 4.6C/D

7.

Review the changed message.

ABAP Editor (SE38)


Be careful when executing reports and programs because it may affect and change your system. Make sure you are executing the correct program, and you know what the program is going to do. An SAP R/3 system administrator must execute certain reports and programs to apply a note or in relation to everyday duties and tasks.
Task

Display profile parameters


1. 2. 3.
In the Command field, enter transaction SE38 and choose Enter (or from the SAP standard menu, choose Tools ABAP workbench Development SE38ABAP Editor). In Program, enter the report or program name (for example, RSPARAM). Choose .

4.

This program has a variant screen where you can indicate whether you want parameters that cannot be substituted to also be listed.

Chapter 6: SAP System Administration

159

5.

Choose

6. 7. 8.

The report runs. In this case, the report displays the profile parameters. Choose .

Task

Display information about a program or report


1. 2.
In Program, enter the program/report name, (for example, RSPO0041.) Select Documentation.

160

System Administration Made Easy | Release 4.6C/D

3.

Choose

Display.

4.

The screen displays information about the program RSPO0041.

PART FOUR

Security Overview

162

System Administration Made Easy | Release 4.6C/D

Part Overview
This security section is just a small part of the general subject of security. Security is comprised of many components and subjects, enough to more than fill a bookshelf. We have chosen to select but a small portion of the subject that is appropriate for this guidebook. Other security subjects are of particular interest to a mySAP.com installation that are not included in this guidebook, such as Single Sign On, Central User Administration and Network Security. The first two, being SAP products, are mentioned briefly below.

Central User Administration (CUA)


Before 4.5A, maintenance of individual users had to be done in every system. As of 4.5A, users can be created and maintained in one single central system and then distributed to different client systems. This ensures consistent users in all systems and makes the task of administrating multiple systems much easier. For more information, please go to service.sap.com/security or refer to SAP Note 159885.

Single Sign-On (SSO)


Users often need to access a variety of services and information within an intranet portal, meaning that a user would need to access different systems (SAP or others) with different user management policies. SSO can provide an environment for users to move around within the portal without having to repeatedly enter their user information for authentication, even as they access different systems. For more information, please go to service.sap.com/security or refer to SAP Note 318515. For additional information related to SAP security, please go to the CCMS-Security web page at service.sap.com/security. Of special interest is the SAP security guide, in three volumes.

C H A P T E R

Security Administration

164

System Administration Made Easy | Release 4.6C/D

Overview
The purpose of this chapter is to make you aware of your security responsibilities as the SAP R/3 system administrator. These responsibilities include protecting the SAP R/3 system and preparing for a computer security audit. When an audit is performed on an SAP R/3 system, the administrators are responsible for responding to the audit findings. This chapter prepares you for these audits. However, each auditing firm has its own audit procedures and may look at many different items. Therefore, the information in this chapter tries to prepare you for the core group of items that all firms usually address. For more information, see www.service.sap.com/security. This chapter is only an introduction to computer security and its importance. Although an entire book can be written on this subject, even that would be insufficient. We recommend you contact and work with all parties (external auditors, internal auditors, finance department, legal department, and others) who might be affected by system security.

Caution

What Is Security?
Security is more than the SAP R/3 authorization (or keeping undesirables out of the system). Security is concerned with the following issues regarding data:
I I I

Protecting data from hardware problems Maintaining data integrity Restoring data in the event of a disaster

Some security topics covered in this chapter include:


I I I I

Keeping unauthorized people out of the system Keeping people out of places that they should not be Safeguarding the data from damage or loss Complying with legal, regulatory, and other requirements

Keeping Unauthorized People Out of the System


This area is what we usually think about as security and includes the SAP R/3 authorization concept, operating system and network logon security, and physical security.

Chapter 7: Security Administration

165

Keeping Users out of Prohibited System Areas


This area covers users having access to more parts of the system and to more data than they need to perform their job. The data may not be damaged but accessing and revealing this data could be equally damaging. Examples of this sensitive data include:
I I I

Your companys customer list, contacts, and sales volume. A competitor could use this information. Your employees personnel data. Privacy laws protect this type of data. Financial performance data, such as quarterly financial statements. Strict SEC rules govern insider trading (see Complying with Legal, Regulatory, and Other Requirements on page 165 for a definition of insider trading). Items specified in contracts with customers, vendors, or other parties.

Safeguarding the Data from Damage or Loss


There are two major sources of damage:
I

Accidental, such as: Loading test data into the production system A hardware failure A fire that destroys the data center A flood, hurricane, earthquake, tornado, or other regional natural disasters

Deliberate, such as: A disgruntled employee who deletes or damages files from the system A hacker who deletes or damages files from the system

Complying with Legal, Regulatory, and Other Requirements


Laws, contracts and other parties define other reasons for security. Security is a sensitive issue with legal implications. A good example of a security issue is insider trading. Before defining insider trading, we have to first define insider knowledge or inside information. Insider knowledge or inside information means you have information that is not known or available to the general public. If the general public knows the information, it could affect the stock price. Insider trading is using inside information to buy

166

System Administration Made Easy | Release 4.6C/D

or sell stock and make a profit or reduce a loss. Even if you yourself do not profit from the sale, you could be held liable. In cases involving insider training, consult your legal department.

Example

In one company, an employees spouse passed on inside information to a relative, who purchased the stock, then sold the stock at a profit after the earnings announcement. That relative made a profit by buying the stock before the earnings announcement (insider trading). The SEC fined the spouse and the relative. The spouse was guilty of providing insider information to the relative, who then made the profit on the sale of the stock. Both, therefore, were guilty of insider trading.

Example

The IS director of a company asked for authorization to log into the production SAP R/3 system. This request raised the concern of the accounting/finance department. Access to financial information is typically on a need-to-know or need-to-access basis, and the IS director did not need to access the production SAP R/3 system. Concerns were raised when he started asking about financial performance information (quarterly earnings), well before this information was made public. He was asking for insider information.

Audits
As a system administrator, two audits affect you:
I I

Financial audit Security audit

Financial Audit
A financial audit is a review of your companys financial statements by a Certified Public Accountant (CPA) in the U.S., or the equivalent in other countries. The purpose of the audit is to issue an opinion on the companys financial statements. This opinion essentially states that the financial statement fairly represents the financial position of the company. A financial audit is usually not optional. If your companys stock is traded on the stock market, the Securities and Exchange Commission (SEC) in the U.S., or its equivalent in other countries requires the audit. If your company is private, creditors could require a financial audit.

Chapter 7: Security Administration

167

As a part of the financial audit, the CPA typically does a security audit of SAP R/3 and any associated systems. The purpose of the security audit is to determine how much reliance can be placed on the data in the SAP R/3 system. Your external auditors evaluate your system security to determine what audit tests to perform and how much testing they must do. If their evaluation results are not good, they may need to increase the scope of their audit. This increased scope also increases the cost of the audit, and the extra work could delay the completion of the audit. In a worst-case scenario, they could determine that the security is so weak they cannot issue an opinion on the companys financial statements. Because of the negative effect on the stock price that this inability to issue an opinion will probably cause, the chief financial officer (CFO), and likely the president, will be quite upset.

Security Audit
A security audit is performed specifically to test the security of the SAP R/3 environment. This audit is usually done as a part of the financial audit or to comply with government or other regulatory agencies. Your companys internal audit group can also perform a security audit. The audit is done to test the security of confidential data, such as:
I I I I

Financial information Customer data Product information Company personnel data (from the HR module)

Audit Considerations
Audit considerations are what auditors will look at when they do a financial or computer security audit. Some of these considerations are:
I I I

Physical security Network security User administration procedures Adequate segregation of duties Proper training Passwords

Data security Protection from hardware failure; mirrored drives, RAID, fail-over, High Availability (HA), and so on.

168
Note

System Administration Made Easy | Release 4.6C/D

Backup and recovery procedures Protecting the production system from unauthorized changes Locking dangerous transactions

This section is not an all-inclusive SAP security audit. It is only to make you aware of some of the things that could be reviewed as part of a security audit. We recommend that you work with your auditors before the financial audit, to review your system and bring it up to acceptable standards for the audit.

These tasks support the financial or security audit. Without knowing what the auditors will look for, you cannot properly prepare yourself and protect the system.

Security Layers
To make security more manageable, we have chosen to use the security layer model, one of many existing security models. This model uses the following three major layers of security: Access security
I I I

Physical security Network security Application security

Operational security

Data security

Access Security
Physical Security
Physical security controls the physical access to SAP R/3 and network equipment. Like the graphic on the previous page, to get to the inner circle, an intruder must penetrate onto the property or site, into the building, and into the areas of the building where the users are or where the equipment is located (such as Finance, MIS, or Computer Operations) or into the specific equipment rooms within these areas of the building (such as the server room, wiring closet, or network room). This layer is probably the most important. If an intruder can physically access your equipment, all other security layers can be bypassed.

Chapter 7: Security Administration

169

When physical security is bypassed: If you have electronic card key access, periodically audit the access log for the server room. The periodic review of the access log may be an item for which auditors will test.
I I I I

Equipment can be physically damaged or destroyed The system can be accessed from the operators console (perhaps allowing bypass of strong network security) Equipment can be removed Data could be hacked

Without physical access to the equipment, the intruder must electronically access the system through the network. The SAP R/3 equipment should be located in a secured room. Access to the room should be only through a locked door. It is crucial to control who is allowed access to the server room.

Network Security
Network security also has sub-layers of security. The goal of this security type is to control external access and logon access to the network. Logon access controls on-site and remote access and where on the network users can go once they gain access. If intruders access your network, they could have an electronic link to your computers.
Note

For NT we recommend that you have:


I

Use network security specialists to properly configure the various access points into your network and, once users are on the network, control their movements. Some of these points of control are:
I

A dedicated SAP domain where only the administrators are allowed to directly log on Other domains where users will log onto, trust the SAP domain, but the SAP domain does not trust other domains

Outside access Dial-in access Internet access Other remote access methods, such as VPN

Network login access

This access method is the actual logon to the network (for example, the NT domain).
I

Access to portions of the network. NT domains Router tables

This table can be used to control (by IP address) which users can access the SAP servers.

170

System Administration Made Easy | Release 4.6C/D

Application Security
Like the other layers, application security has sub-layers of security, which control:
I I I I

The ability to log into the application, such as logging into SAP R/3 Where a user can go in the application What a user can do in the application What a user can do based on the system data in the application (such as the SAP R/3 system [for example, limiting the user to company 001 and cost center 200) SAP R/3 security functions at this layer This layer provides the fine or specific security of what a user can do (for example, read [not change] accounting data for only cost center 200 in company 001).

Using SAP R/3 application tools such as: Profile Generator (transaction PFCG; for more information, see the Authorizations Made Easy guidebook) Audit Information System (transaction SECR; see page Audit Information System (Transaction SECR)) Security Audit Log (transaction SM19/SM20; see page Security Audit Log (SM20)) Delete Old Audit Logs (transaction SM18)

Operational Security
This layer is security at the operational or user level. Because it is primarily procedural and control-related, there are few computer or systems issues related at this level. These are organizational and people issues, which can be problematic, because people must comply with guidelines and rules. The problem is, of course, that some people never want to comply with guidelines. Some of the methods of operational control are:
I I I I

Division of duties Preventing sharing of user IDs Password standards Log off when away from the computer, such as during lunch or at the end of day

Chapter 7: Security Administration

171

Data Security
This layer is closely tied to the material in chapter 2, because disaster recovery is an integral part of data security. Data security protects:
I

Data on the servers

We protect the data on the server from damage or loss. This protection is accomplished in various ways. The goal is to prevent or minimize loss of data in a disaster.
I

Backup data

The goal of this security layer is to preserve application data (usually on tape) so that the system can be recovered. The backup tapes must be stored safely to:
I

Preserve the backup tapes in the event of a disaster Protect the backup tapes from theft

Disaster Recovery

For more information on disaster recovery, see chapter 2. A proactive approach can prevent a problem. To remain proactive:
I I I I

Reduce the chances of losing data. The server is the first place to safeguard your data. Protect backup data from damage or loss. Ensure that, if there is a disaster, the system be completely recovered.

Secure data on the servers:

You must prevent or minimize data loss in a disaster. Some of the items below can be referred to as High Availability (HA) items:
RAID arrays for drives Redundant equipment Using reliable equipment and vendors Premium hardware support agreements for the production system

The following are facilities-related items:



I

Uninterruptible Power Supplies (UPS) Fire detection and prevention devices Intrusion alert Environmental alerts

Backups

172

System Administration Made Easy | Release 4.6C/D

Backup tapes should be sent to a secure, off-site data storage facility.

This step protects the backup data from damage or destruction a disaster. Tapes at both the off-site backup and the on-site tape storage facilities must be secured to prevent the theft of the backup tapes.

If the backup tapes are stolen, the data can be restored and hacked. Using database tools, most SAP R/3 security could be bypassed by directly reading the tables.

Application or SAP R/3 Security


Controlling Access to SAP R/3
For more information, see Password Issues and Tasks on page 189.

Prevent Multiple User Logins


This process prevents users from logging onto the system multiple times. Multiple user logons is when several users are sharing a user ID, or someone is using a users ID without the users knowledge. Preventing multiple user logons is not allowing more than one SAP R/3 logon from one user ID. If several people share a user ID:
I I

You do not know who created a problem. This situation is an audit security issue.

Set the disable multi-login parameter (login/disable_multi_gui_login) in the system profile. For more information, see Sharing of User IDs on page 188.

Preventing Changes in the Production System


The production system should be set to Not modifiable. The locks on the system should be set so that configuration changes (client-independent and client-dependent) cannot be made directly into the production system. The purpose for this setting is to ensure that all changes are completed in a controlled manner. In the development pipeline, changes are:
I I I I I

Made in the development system Tested in the development system Transported from the development system to the test system Tested in the test system Transported from the test system to the production system

Chapter 7: Security Administration

173

This procedure ensures that changes are properly tested and applied to the systems in the pipeline. (A pipeline is the environment where development is moved from the development system to the quality assurance system, and finally to the production system.) Configuration changes should not be made directly into the production system. This restriction maintains the integrity of the production system. If changes are made directly into the production system, it may break because the change was not tested, or is not the same as the one made in the development system. The production system should be protected from changes until the changes are properly tested to preserve the integrity of the pipeline. If changes are made into the production system, the development and testing pipeline may become out of sync with the production system. If the pipeline is out of sync, it is difficult to develop and test with any certainty that things will not be different in the production system. All changes should be made in the development system and then transported through the pipeline into production. In this way, all systems get the same changes. A common excuse is that making changes directly into the production system takes too long to transport the fix. By making changes directly into the production system, you create an out-ofsync landscape, where the change made to the production system do not match changes made to development or test systems. Additionally, you allow emergency transports to occur at any time, with coordination.

Exceptions. Infrequent exceptions occur when no mechanism is available to transport the changes, or an SAP Note requires the direct change.
When a change cannot be transported, the following procedure should be used:
I

Verify that the change cannot be transported. Some objects may use an ABAP program to transport the object. Unlock the system (to make it modifiable). Make the change. Immediately re-lock the system. Make the same changes to all other systems.

Manual entry always increases the chance of making an error.

I I I I I

Use this procedure only if a change cannot be transported.

174

System Administration Made Easy | Release 4.6C/D

Setting the Production System to Not Modifiable (Transactions SE03, SCC4)


Switches can prevent changes from being made in the system. In the production system, these switches should be set to Not modifiable. Setting these switches in the production system ensures that changes are made using the development pipeline. With this procedure, changes are properly tested and applied to the systems in the pipeline. Objects should not be modifiable in the production system. This rule protects the production system from object and configuration changes before being tested. By setting the production system to Not modifiable, before the integrity of the pipeline is preserved. Two transactions (SE03 and SCC4) let you set the system to Not modifiable. These transactions can also be used for other tasks.
Task

Prevent client-independent changes (Transaction SE03)


1. In the Command field, enter transaction SE03 and choose Enter. 2. Select Set System Change Option. 3. Choose
.

Chapter 7: Security Administration


4. Under Global setting, select the dropdown: a. To lock the system, select Not modifiable. b. To unlock the system, select Modifiable (selected in this example). c. Choose
.

175

Task

Prevent client-independent and client-dependent changes (Transaction SCC4)


Note

This method also locks the clientdependent changes.

1. In the Command field, enter transaction SCC4 and choose Enter (or from the SAP standard menu, choose Tools Administration Administration Client administration SCC4-Client maintenance).

176

System Administration Made Easy | Release 4.6C/D


2. Choose

3. To continue, choose

4. Select the client number (for example, 100). 5. Choose


.

Task
Lock a client (not modifiable)

1. Under Changes and transports for client-dependent objects, select No changes allowed.

Chapter 7: Security Administration

177

2. Under Client-independent object changes, choose the dropdown and select No changes to Repository and cross-client Customizing objs. 3. Under Protection: Client copier and comparison tool, choose the dropdown and select Protection level 2: No overwriting, no external availability. 4. Choose
.

Task
Unlock a client (modifiable)

1. Under Changes and transports for client-specific objects, select Automatic recording of changes. 2. Under Client-independent object changes, choose the dropdown and select Changes to Repository and cross-client Customizing allowed. 3. Under Protection: Client copier and comparison tool, choose the dropdown and select Protection level 0: No restriction.

178

System Administration Made Easy | Release 4.6C/D


4. Choose

Verifying that Dangerous Transactions Are Locked


Dangerous transactions can damage or corrupt the system, present a security risk, or adversely impact performance. In a production system, access to dangerous transactions is a more critical issue than in development or test systems. This criticality is because of live data and the companys operational dependency on the SAP R/3 system. Certain transactions should be locked in the production system, but not in the development, test, or training systems. Standard security normally prevents access to these transactions, but some administrators, programmers, consultants, and functional key users could access them depending on which system they access. In these cases, the transaction lock provides a second line of defense. The SAP R/3 system contains over 51,000 English transaction codes. To manage such a large number of transactions, lock only the critical ones. Your functional consultants should notify you of any additional critical transactions in their modules. The table below is organized with input from Basis consultants and users and lists transactions that we recommend you lock. The transactions are categorized by the following risk categories:

Chapter 7: Security Administration


I I I

179

Dangerous Security-related Performance impact Description Document Archiving Bank Master Data Archiving G/L Accounts Archiving Customer Archiving Vendor Archiving Document Archiving Transaction Figures Archiving Profiles: Initial screen Maintain Authorizations: Object Classes Archive Cost Centers (all) Archive cost centers (plan) Archive cost centers (line items) Archive admin: completely cancelled doc Archive admin: cost centers (all) Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Reset Transaction Data X (delete transaction data) Maintain Users: Initial Screen Profiles: Initial screen X X X X X X Dangerous X X X X X X X X X Security Performance

Transaction F040 F041 F042 F043 F044 F045 F046 GCE2 GCE3 KA10 KA12 KA16 KA18

KA20 O001 O002 O016 OBR1 OBZ7 OBZ8

X X X X

180

System Administration Made Easy | Release 4.6C/D

Transaction OBZ9 OD02 OD03 OD04 OIBA OIBB OIBP OMDL OMDM OMEH OMEI OMG7 OMI6 OML0 OMM0 OMNP OMSN OMSO OMSZ OMWF OMWG OMWK OOPR

Description Maintain Authorizations: Object Classes Maintain Authorizations: Object Classes Profiles: Initial screen Maintain Users: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Users: Initial Screen Profiles: Initial Screen Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Profiles: Initial Screen

Dangerous

Security X X X X X X X X X X X X X X X X X X X X X X X

Performance

Chapter 7: Security Administration

181

Transaction OOSB

Description Change View "User Authorizations": Overview Change View "Authorization Profiles": Overview Maintain Users: Initial Screen Profiles: Initial Screen Maintain Users: Initial Screen Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Profiles: Initial Screen Maintain Users: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Profiles: Initial Screen

Dangerous

Security X

Performance

OOSP

OOUS OP15 OP29 OPCA OPCB OPCC OPE9 OPF0 OPF1 OPJ0 OPJ1 OPJ3 OSSZ OTZ1 OTZ2 OTZ3 OVZ5 OVZ6 OY20 OY21

X X X X X X X X X X X X X X X X X X X X

182

System Administration Made Easy | Release 4.6C/D

Transaction OY22 OY27 OY28 OY29 OY30 SARA SCC5 SE01 SE06

Description Maintain Users: Initial Screen Maintain Users: Initial Screen Maintain Users: Initial Screen Maintain Users: Initial Screen Maintain Users: Initial Screen Archive Management: Initial Screen Client delete Transport Organizer Post-Installation Methods for Transport Organizer Transport Organizer (Workbench) Transport Organizer (Customizing) Data Dictionary maintenance Dictionary: Technical Settings Utilities for dictionary tables Data Dictionary Information System Data Browser General Table display ABAP workbench

Dangerous

Security X X X X X

Performance

X X

SE09 SE10 SE11 SE13 SE14 SE15 SE16 SE17 SE38 SM49 SM59 SM69 ST05 SU12

X X X

X X X X

External OS commands X Maintain RFC destinations External OS commands X SQL trace Delete All Users X

X X X

Chapter 7: Security Administration

183

The following table shows dangerous transactions that probably cannot be locked because they may be used regularly. These transactions may have other valid reasons for use in a production system. However, because of the potential danger, these transactions should have restricted access. Table TSTCT contains the transaction codes and the name of the transaction. The current content is over 98,000 entries in the table (for an English installation), with over 51,000 in English. Transaction RZ10 SA38 SM04 SM12 SM13 SM30 SM31 STMS SU01 SU02 SU03 Description Edit System Profiles ABAP Workbench User Overview System Locks Update Terminates Table Maintenance Table Maintenance Transport Management System User Maintenance Profiles: Initial Screen Maintain Authorizations: Object Classes X X X X X X X X Dangerous X X X Security Performance

Create and maintain a list of the following information: Maintaining the abovementioned information is important, because someone will invariably want to know who locked the transaction and why it was locked.
I I I I

Which transactions were locked? Why are they locked? Who locked them? When were they locked?
Task

Lock a transaction

1. 2.

In the Command field, enter transaction SM01 and choose Enter (or from the SAP standard menu, choose Tools Administration Administration SM01 Transaction Code Administration). Enter the transaction code you want to lock (for example, SE14) in the search field at the bottom of the TCode column.

184

System Administration Made Easy | Release 4.6C/D

3.

Choose

Check which transactions you are locking. You could accidentally lock yourself out of a key transaction, which would prevent you from unlocking this or other transactions.

4.

In the Locked column:

a. b. 5. 6.

To lock a transaction, select the checkbox to the left of the transaction. To unlock a transaction, deselect the checkbox to the left of the transaction. . .

Choose Choose

Building security authorizations on the security object S_TCODE under Crossapplication authorization objects can also control access to transactions.

Task
List locked transactions

1. 2.

In the Command field, enter transaction SECR and choose Enter. Select Complete audit.

Chapter 7: Security Administration

185

3.

Choose

4. 5.

Expand the following menu path: Audit Information System (AIS) System Audit Development / Customizing Transactions Blocked Transactions. Choose next to Blocked Transactions.

6.

Verify that the following are selected:


I I I I I

Locked Transactions Menu transactions Parameter transactions Report transactions

186

System Administration Made Easy | Release 4.6C/D

7.

Choose

8.

This screen shows the list of locked transactions.

Operational Security
This section describes selected operational security issues.

Segregation of Duties
Standard audit guidelines cover job or task combinations that are considered risky or that reduce internal controls. Some of these combinations are:
I I I

Your external auditors should help you define these risky combinations. Testing for segregation of duties is a standard audit procedure.

Accounts Payable and Check Generation Accounts Receivable and Cash Receipts ABAP development and transport control

Chapter 7: Security Administration

187

Accounts Receivable and Cash Collection


The person who collects and handles cash should not be the same person who keeps records of what the customer owes. In this combination, the cash received from the customer could be pocketed and the amount written off the customers account. The review of segregation of duties should be completed with the various user owners (key users of each functional area). Out of necessity, smaller companies must assign multiple functions to a single person. Be aware of the potential security risks in this situation. If you must combine functions, combine them in a way that minimizes risk.

Caution

Restricting Access to SAP* or DDIC


SAP* and DDIC are system user IDs that have restricted uses for specific purposes. Certain functions can only be performed by SAP* or DDIC. If an SAP R/3 user requires similar functionality, they should have a copy of the SAP* profile. These users should be grouped as power users, with the appropriate security approvals. Log on using SAP* and DDIC to determine if someone has changed the password. Periodically change the password for these users in all systems and their clients. This step prevents a person who knows the password from accessing the system. Update the secured password list. Verify that the system profile parameter login/no_automatic_user_sapstar has been configured, to prevent the use of the automatic user sap*. If the user ID has been deleted, this step prevents the backdoor usage of user sap*. A user with user administration rights cannot change the password to gain access to a user ID and then change it back to the original password. Passwords are not visible to the administrators, so they cannot restore the original password if they do not know it. At the next logon, the owner of the user ID will know that the password has been altered because they will be unable to log on with their current password.

The security profile for SAP* is SAP_ALL. This profile is extremely powerful because it grants the user complete access to the system. For more information, see chapter 8, User Administration on page 220.

Tips & Tricks

188

System Administration Made Easy | Release 4.6C/D

Change Management
Change management is the process of controlling what changes are made to the system. In this context, system refers to the entire system environment, not just SAP R/3. One aspect of security is to control and know what changes are made to the system. Items of concern include:
I I I

Is there a change management procedure for changes being made to the SAP R/3 system? Is a QA testing process in place? Are reviews and approvals required to move changes into the production system?

Sharing of User IDs


This process occurs when more than one person uses a single user ID. This issue is a security concern because:
I I I

There is no way to tell who is doing the activity. If there is a training problem, you do not know who needs training. If there is a deliberate security breach, there is no way to track the responsible party.

Other. Despite the cautionary statements above, there are a few situations

where it is not practical to have individual user IDs. These situations must be treated individually and with management and internal audits review and approval.

Example

In a warehouse, several employees use one computer to post their warehouse transactions such as goods issued, goods received, and so on. This process occurs because the user ID is used to log on, not at the individual transaction level, but to the SAP R/3 system. For each transaction that the warehouse employees access, it is impractical to log on to SAP R/3 individually, access the transaction, and then log off from SAP R/3. The alternative is to have a computer for each warehouse person, although this step may not be cost-effective. To prevent a user ID from being shared, the system profile parameter (login/disable_multi_gui_login) can (and should) be set. Parameter values are:
I I

1 (to block multiple logins) 0 (to allow multiple logins)

We recommend that this value be set to 1 to prevent multiple logins under the same user ID.

Chapter 7: Security Administration

189

To allow specific users to log on multiple times, you can enter their user IDs in the parameter login/multi_login_users separated by commas and no spaces.

Password Issues and Tasks


The password is the users key to accessing SAP R/3. Like the key to your house, safeguarding this key is important to keep undesirables out. Your company should have a clear and practical company password policy that should be distributed to all users informing them not to use easy-to-guess passwords.

A password policy that is too restrictive or difficult to comply with could defeat the purpose of this policy. Users will write their passwords down and leave it in an easily seen place, which means you have lost your security.

Setting Password Standards Using Transaction RZ10


Security parameters exist for the users password (for example, the minimum password length, the time interval that the user must change their password, and so on.) The following is a list of the most important password parameters:
I

Minimum password length: login/min_password_lng A longer password is more difficult to break or guess, so the standard is usually five characters. Password expiration time: login/password_expiration_time This time period is the limit before users must change their password. Auditors usually recommend 30 days. A practical number that customers use is 90 days. Password lockout: login/fails_to_user_lock This parameter locks out users who, after a specified number of times, try to logon with an incorrect password. Users are usually locked out after three failed attempts.

Your external auditors may check to see if you have set the security parameters.

Properly assigned parameters will make it more difficult to break into the system. To set up password parameters, maintain system profiles with transaction RZ10 (for more information on this transaction, see Changing System Profile Parameters (Transaction RZ10) on page 608.)

Eliminating Some Easy Passwords


Certain passwords (for example, 123, QWERTY, abc, sap, <your company name>) are well known or easy to guess. You can prevent these passwords from being used by loading them into a table (USR40) that the system checks when the user attempts to save a new password.

Table USR40 is only a basic level of password security and is maintained manually. There are third-party password security programs that can be integrated into SAP R/3.

190

System Administration Made Easy | Release 4.6C/D

A password is the key to enter the system, similar to the key you use to enter your home. If users choose easy-to-guess or well-known passwords, security is compromised and your system is potentially at risk. Your external auditors may check to see if you have a mechanism to secure against users with easy-to-guess passwords.
Tips & Tricks

Maintaining a Table of Prohibited Passwords


A table of prohibited passwords is a user-defined list of passwords that are prohibited from being used in the SAP R/3 system. This table is not a substitute for good password policies and practices by the users. Interaction occurs between a system profile parameter and the table of prohibited passwords. If the minimum password length is set to five characters, there is no reason to prohibit passwords like 123 or SAP, because these passwords would fail the minimum length test. However, if company security policy requires it, you could include all passwords that are considered risky in the table. The following is a list of easily guessed passwords that cannot be put into any table:
I I I I I I I

Your name Your spouses name Your childs name Your pets name Your cars license plate Your drivers license number Your social security number

Keep a log of changes made to this table in your security log.

There are many lists circulating of commonly used user passwords. If one of these passwords is used, the chances of an unauthorized person accessing a users account increases. Changes are made to table USR40 using transaction SM31, the general table maintenance transaction. (For more information on this transaction, see Table Maintenance (Transaction SM31) on page 466.). This change creates a transport that can then be transported throughout the landscape. A few suggestions for table entries are:
I I I I

SAP GOD ABC QWERTY

Chapter 7: Security Administration


I I I I I I

191

XYZ PASSWORD 123 12345* 54321* *12345*

Other table entries include:


I I I I I I I I

Days of the week (Monday*, Tuesday*, Mon*, Tue*, and so on) Months of the year (January*, February*, Jan*, Feb*, and so on) Your company name Your product names Competitors names Competitors products names

Recording System Passwords


We recommend that you never write down passwords, except for the:
I I I

Critical nature of the SAP R/3 system. Many systems, clients, and all the other areas where passwords are required. Need to access the system if the SAP system administrator(s) is not available.

Recommended Process. All passwords for all system IDs should be:
Two people should prepare the list, change the password, and verify the new passwordone user ID at a time. If the recorded password is wrong, those keys are lost, and you may not be able to log on to the system. Recorded Placed in a sealed envelope Put in a company safe (possibly both an onsite and offsite safe) with restricted access. Only a select list of company personnel should have access to this information.

User IDs that are used or needed to maintain the SAP R/3 system include: SAP* DDIC SAPCPIC (see note 29276) EarlyWatch (client 066)

192

System Administration Made Easy | Release 4.6C/D

All user-created administrative IDs Any other non-SAP user ID that is required to operate the system, such as for the operating system, the database, and other related applications.

The password list should be updated and replaced whenever passwords are changed.

Following are sample password tables: Server SAPR3T SID TST Client 000 User ID SAP* DDIC <SID>ADM SAPCPIC 001 SAP* DDIC <SID>ADM SAPCPIC 066 SAP* <SID>ADM EarlyWatch 100 SAP* DDIC BATCH1 <SID>ADM SAPCPIC Where NT User ID Finance/DEVADM Finance/PRDADM SQLserver sa sapr3 UNIX root <SID>ADM Oracle system SYS Password Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Password Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass

All systems should have entries for clients 000 and 001. In addition, the production system should have an entry for client 066. Clients 000 and 001 are default clients in all systems, and client 066 is the EarlyWatch client and may not exist in every system.

Chapter 7: Security Administration

193

Where

User ID OPS$<SID>ADM OPS$SAPSERVICE<SID> SAPR3

Password Newpass Newpass Newpass

Task

Change the password for a user ID:

1. 2. 3. 4. 5.

In each instance and each client, log on under the user ID to change the password. In Client, enter the client number (for example, 100). In User, enter the user ID you want to change (for example, sap*). In Password, enter the current password. Choose New password.

Be careful when you enter the new password. It is easy to enter the password incorrectly or to make the same error twice (for example, user versus users and the versus teh).

6. 7.

Enter the new password twice in the popup window. Choose . At this point, the logon will proceed as normal.

At this point, if the new password fails, use another administrative user ID to reset the password. This reason is why password changes should be made one user ID at a time.

8. 9.

Record the new password in the password table. Log on using the new password to verify it.

194

System Administration Made Easy | Release 4.6C/D

This process must be repeated for every system and client in which the user ID has an entry. With Central User Management, you can manage users across all systems (for more information, see Authorizations Made Easy, Release 4.6).

Operating System Level


At the operating system level, the following user IDs should have their passwords changed:

NT
NT is case-sensitive when dealing with passwords.

User IDs.
I I

<SID>ADM SAPService<SID>

Services.
I

SAP These services will either use user ID <SID>ADM or SAPService<SID> SAP<SID>_<instance> SAPOsCol SAProuter

Oracle OracleService<sid> OracleTNSListener80

The default user that the Oracle services runs under is system.
I

SQLserver MSSQLServer SQLServerAgent The user ID that they run under is either <SID>ADM or SAPService<SID>

Informix INFORMIX-OnLineDynamicServer INFORMIX-OnLineMessageService

DB2 DB2-DB2DA400

Chapter 7: Security Administration UNIX

195

User IDs.
I I

<sid>adm root

Services.
I

ora<sid>

Databases
For the databases, the following user IDs should have their passwords changed:

DB2
NT/DB2 (see SAP Note 80292)

Informix
See note 15399.

Microsoft SQL Server


I I I

See SAP Note 28893 sa sapr3

Oracle/UNIX
User IDs:
I I I

SAPR3 SYS SYSTEM

Useful SAP Notes for Oracle/UNIX


SAP Note # 117736 101318 086857 Description (Release) 4.5A 4.0B 4.0A

196

System Administration Made Easy | Release 4.6C/D

Use the program chdbpass to change the passwords. This program automatically updates the SAPUSER table and enables the user <sapsid>adm to access the database.

Oracle/NT
I I I I I

system sys op$<sid>adm ops$sapservice<sid> sapr3

Audit Tools
Audit Information System (Transaction SECR)
The Audit Information System (AIS) is designed for system and business audits. Auditors will likely request to run AIS. AIS collects many of the SAP R/3 security tools, centering around the Audit report tree. AIS is a standard component in Release 4.6A, and uses standard SAP R/3 reports and transactions to conduct the review. However, AIS can be imported into earlier systems, starting with Release 3.0D or higher. AIS also provides an interface to export data to an external auditing system that analyzes financial statements. Auditors examine the results of automated and manual financial and system procedures to ensure that checks and balances exist to prevent fraud. AIS enables the auditors to test transactions and run reports during the inspection. Audits can be conducted in either a complete or user-defined manner.
Task

Perform a complete audit

1. 2.

In the Command field, enter transaction SECR and choose Enter (or from the SAP standard menu, choose Information Systems SECR-Audit Info System). Select Complete audit.

Chapter 7: Security Administration

197

3.

Choose

A complete audit consists of a system audit and business audit. The structure on this screen is Audit_All with a standard view.

4.

Click the node (+) to expand the following:


I I

System Audit Business Audit

198

System Administration Made Easy | Release 4.6C/D

Task

Perform a system audit

The following example shows how to use the AIS.

1.

Under System Audit, click the node (+) next to Repository / Tables.

2. 3.

Click the node (+) next to Table Information. Choose next to Data Dictionary display.

4.

When the transaction executes, the ABAP Dictionary: Initial Screen appears.

Chapter 7: Security Administration

199

5.

Choose

Task

Perform a business audit

1. 2. 3. 4. 5.

Under Business Audit, select the node (+) next to Financial Statement Oriented Audit. Select the node (+) next to Closing (FI-GL). Select the node (+) next to Balance Sheet/ P&L/ Balances. Select the node (+) next to Balance Sheet/ P&L. You can execute different reports to inspect the financial balances. Choose next to Profit and Loss Projection.

6.

On this screen, you can enter criteria for your report then choose

200

System Administration Made Easy | Release 4.6C/D

7.

Choose

Task

Perform a user-defined audit


You can also conduct a user-defined audit by creating a view or subset of a complete audit.

View names must start with Y or Z.

1. 2. 3. 4.

In the Command field, enter transaction SECR and choose Enter (or from the SAP standard menu, choose Information Systems SECR-Audit Info System) Select User-defined audit. Under User-defined audit, enter a view name (for example, ZVUE). Choose .

Chapter 7: Security Administration

201

5. 6. 7.

In Name, under New view, enter the name of the view (for example, ZVUE). Under Select using:, select Manual selection. You will select the procedures that will be included in the view. Choose view. . We want to include all the procedures for a system audit in this

8. 9. 10.

Select System Audit. Choose Choose . .

11.

The message in the status bar indicates that the generation was successful.

202

System Administration Made Easy | Release 4.6C/D

12.

Choose

13.

Choose

Display to check the view of this structure.

Chapter 7: Security Administration

203

14.

Select the System Audit node (+) to expand it.

15.

The following screenshot lists all the procedures for the Audit_All structure with a ZVUE view.

Security Audit Log (SM20)


The Security Audit Log records the security-related activities of users in the system. These activities include successful and failed:
I I I

Dialog logon attempts Report and transaction starts RFC/CPIC logons

Other events written into the log are:


I I I

Locked transactions or users Changed or deleted authorizations, authorization profiles, and user master records Changes to the audit configuration

204

System Administration Made Easy | Release 4.6C/D

The log is created each day, and previous logs are not deleted or overwritten. The log files can become numerous and large, so we recommend that the logs be periodically archived before being manually purged. An audit analysis report can be generated from the audit logs. You can analyze a local server, a remote server, or all the servers in an SAP R/3 system. Based on certain criteria, the information in the security audit files can be manipulated to tailor the audit analysis report. The report assists the administrator:
I I I I

Reconstruct or analyze incidents Improve security by recognizing inadequate measures Trace unusual user activities Understand the impact of changes to transactions or users

To start a security audit, you can use transaction SM19 to start recording data into the security log. Alternately, you can set the profile parameter rsau/enable to 1. For more information, see Changing System Profile Parameters (Transaction RZ10) on page 608.
Note

You cannot set both parameters. You have to choose the method by which the audit files are created.

The number of audit logs created by the system depends on certain settings. You may choose to set the maximum space for the security audit file in parameter rsau/max_diskspace/local. When the limit has been reached, logging will end. Alternatively, you can define the size of an individual security log file to fit in the chosen archiving media. This definition means that the system produces several log files each day and these files can be, for example, archived periodically into CDs. The profile parameter is rsau/max_diskspace/per_file, and the maximum size per file is 2 GB.

Running the Audit Log


This procedure assumes that the audit has been running for some time and that audit logs have been created.
Task

Run the audit log

1. 2. 3. 4.

In the Command field, enter transaction SM20 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor Security Audit log SM20-Analysis). On the Security Audit Log: Local Analysis at <XXXXX> screen: In From date/time, enter a time and a date (for example, 10:00). Under Audit classes, select:
I I

Dialog logon Transaction start

Chapter 7: Security Administration


I

205

Report start

5.

Choose Re-read audit log to read a log for the first time.

6. 7.

The security report is displayed. To view the details of an audit message, select a line and choose .

206

System Administration Made Easy | Release 4.6C/D

8.

Documentation for the message and technical details are displayed. This screen is useful when displaying negative messages such as failed logins or locked transactions.

Setting Security Audit Log Parameters (SM19)


The audit log parameters are the criteria used to write the types of audit messages into the audit log file. The parameters are grouped into audit profiles that can be activated at the next system startup (configuration status) or applied dynamically. Audit profiles must be first created before audit logs can be written. These profiles limit the amount and type of data written into the security audit files, which makes the subsequent security reports more meaningful to the administrator. Decide what to audit and set selection criteria at the database level or dynamically at the application server level. If the audit configuration is permanently stored at the database level, all application servers use the identical criteria to save events in the audit log. The settings take effect at the next application server start. At the application server level, however, dynamic changes can be set to individual application servers and distributed to the entire system. The new criteria will remain in effect until the server is brought down.

Chapter 7: Security Administration

207

You can define up to five sets of selection criteria or filters. The system parameter, rsau/selection_slots, defines the number of filters has a default value of 2. You can activate an audit in the dynamic configuration using transaction SM19.
Task

Set security audit log parameters

1. 2. 3.

In the Command field, enter transaction SM19 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor Security Audit log SM19-Configuration). Configuration status refers to the storage of the parameters in the database. Choose .

4. 5.

Enter a profile name (for example, audprof1). Choose .

208

System Administration Made Easy | Release 4.6C/D

6.

In this screen, you may specify two filter groups and define the types of audit messages that will be written into the log.

Task

Define filter group 1

1. 2.

Choose Filter 1. Under Selection criteria:

a. b.
I I

In Client, enter *. In User Names, enter *.

3.

In Audit classes, select:

Dialog Logon Transaction Start

4.

Under Events, select All.

Chapter 7: Security Administration

209

5.

Select Filter active.

Task

Define filter group 2

1. 2. 3.

Choose Filter 2. This filter traces the reports started by one user. Under Selection criteria:

a. b.

In Client, enter *. In User Names, enter a user ID (for example, GARYN).

4. 5. 6.

In Audit Classes, select Report start. Under Events, select Important and critical. Deselect Filter active. This setting allows you to save the filter settings but does not activate them.

210

System Administration Made Easy | Release 4.6C/D

7.

Choose Detail configurat to drill down the audit class and event class categories.

8. 9.

Under Filter 2, scroll down to Report start. Notice that the category is automatically chosen based on the earlier selection of Event type and Audit class type. Choose .

Chapter 7: Security Administration

211

10. 11.

The general categories are cleared indicating that settings were browsed or defined at the detail level. Choose .

12. 13.

A message at the bottom of the screen notifies the user that the profile was successfully saved. Choose .

212

System Administration Made Easy | Release 4.6C/D

14.
Note

The profile name is now in the Active profile field, and the message in the status bar indicates that the profile will be activated when the application server is restarted. To dynamically change the selection criteria for one or more application servers in a running system, choose the Dynamic configuration (Dynamic configuration) tab.

15.

In this example, the audit has been running for some time (indicated by the current file size greater than zero) before being stopped briefly. The red square indicates that the audit is inactive.

16.

Choose

Chapter 7: Security Administration

213

Running an Audit on a Different User.


In this procedure, we will run an audit on a different user and check on all the reports that were started.
Task

Run an audit on a different user

1.

Under Selection criteria:

a. b.

In Client, enter *. In User names, enter a user ID (for example, Gerds).

2. 3. 4. 5.

Under Audit classes, select Report start. Under Events, select All. Under Filter 1, select Filter active. Choose .

214

System Administration Made Easy | Release 4.6C/D

6.

Choose Yes.

7.

A green appears in the Stat (Status) column and the message at the bottom of the screen indicates that the configuration was activated.

User Security Audit Jobs


Many of these reports are included as part of the AIS. There are several predefined SAP security reports, including: Report RSUSR003 RSUSR005 RSUSR006 RSUSR007 Description Checks for default password on user IDs SAP* and DDIC Lists users with critical authorizations Lists users who are locked due to incorrect logon This report should be scheduled to run each day, just before midnight. Lists users with incomplete address data

Chapter 7: Security Administration

215

Report RSUSR008 RSUSR009 RSUSR100 RSUSR101 RSUSR102

Description

Lists users with critical combinations of authorizations or transactions


Lists users with critical authorizations, with the option to select the critical authorizations Lists change documents for users and shows changes made to a user s security Lists change documents for profiles and shows changes made to security profiles Lists change documents for authorizations and shows changes made to security authorizations

Your external auditors may require some of these reports to be executed as part of the annual financial audit.

Some of these reports have parameter tables that must be properly maintained. Review and analyze these reports based on your knowledge of the company. However, be aware that security issues may exist. If you have a small company, these issues cannot be avoided because one person often must perform multiple tasks. You can use either of the following transactions:
I

SA38 (ABAP: Execute Program)


This transaction only allows the program to be executed.

SE38 (ABAP Editor)


With this transaction, if the user has the security authorization, the user can execute and change the program.
Task

Execute an ABAP program (Transaction SA38)

1. 2. 3.

In the Command field, enter transaction SA38 and choose Enter. In Program, enter the report name. Choose .

216

System Administration Made Easy | Release 4.6C/D

Task

Edit SE38 ABAP Editor

1. 2. 3.

In the Command field, enter transaction SE38 and choose Enter. In Program, enter the report name. Choose .

Notes for Specific Reports.


RSUSR008 (lists critical combinations of authorizations or transactions):
I I

These combinations are maintained on table SUKRI. Dangerous combinations include the following transactions:

RZ02 (with anything) RZ03 (with anything) SE14 (with anything) SU01 (with security, users, and profiles) SU02 (with security, users, and profiles)

Chapter 7: Security Administration

217

Audit Tasks
Review that all Named Users are Valid
One of the audit procedures that your external auditors will use is to test whether a person who does not need to access SAP R/3 has a live user ID. All users who have left the company should have their SAP R/3 access terminated immediately. By locking or deleting these user IDs, you limit access to only those users who require SAP R/3 access. Periodic review assures that the task of locking or deleting has been completed. Proper audit control requires that a user who no longer has a valid business need to access SAP R/3 should not be allowed to do so. Deleting or locking these user IDs also prevents anyone who had been using the terminated user ID from accessing the system with that ID.
Task

Ensure that all named users are valid

1. 2.

In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users). Choose .

218

System Administration Made Easy | Release 4.6C/D

3.
In a large company, you should do a random audit on at least 20 users. Your auditors should determine the minimum number.

Review the active users and verify that these users are valid.

Note
For additional information on how to lock a user, see Locking or Unlocking a User (SU01) on page 243.

Reviewing Profiles for Accuracy and Permission Creep


A permission creep is an incremental increase in permission given to a user over time. If left unchecked, increased permissions may grant a user more authority in the system than is required or intended. Users may have undesirable authorization(s) or combinations. You can conduct a spot audit of individuals. Your external auditors may have an audit step to check for permission creep. 1. Review the security forms for a user. 2. Compare these forms to the activity groups and profiles assigned to that user. 3. Investigate inconsistencies. 4. Review the activity groups and profiles assigned to the individual for sensibility. 5. Review the individual profiles assigned for content and check to see if the profile has been recently changed, using transaction SU02 (Profiles) and transaction SU03 (Authorizations). You can also execute the following audit reports:
I I I

RSUSR100 (user changes) RSUSR101 (profile changes) RSUSR102 (authorization changes)

For additional information on these reports, see User Security Audit Jobs on page 214.

C H A P T E R

User Administration

220

System Administration Made Easy | Release 4.6C/D

Overview
User administration is a serious function, not just a necessary administrative task. Security is at stake each time the system is accessed. Because the companys financial and other proprietary information is on the system, the administrator is subject to external requirements from the companys external auditors, regulatory agencies, and others. Customers should consult with their external auditors for audit-related internal control user administration requirements. For example, human resources should be consulted if the HR module is implemented or if personnel data is maintained on the system. A full discussion on security and user administration is beyond the scope of this guidebook. For example, manually creating and maintaining security profiles and authorizations is also not covered. Our discussion is limited to a general introduction and a list of the major issues related to security. The two sections below affect all aspects of security, which is why we begin with them.

User Groups
User groups are created by an administrator to organize users into logical groups, such as:
I I I

Basis Finance Shipping

For additional information, see User Groups on page 245.

Profile Generator
The Profile Generator is a tool used to simplify the creation and maintenance of SAP security. It reduces (but does not eliminate) the need for specialized security consultants. The value of the Profile Generator is more significant for smaller companies with limited resources that cannot afford to have dedicated security administrators. For more information on the Profile Generator, see the Authorizations Made Easy guidebook.

Recommended Policies and Procedures


Some of the tasks in this guidebook are aimed at complying with common audit procedures. Obtaining proper authorization and documentation should be a standard prerequisite for all user administration actions.

Chapter 8: User Administration

221

User Administration
User administration tasks comprise the following:
I

User ID naming conventions The employees company ID number (for example, e0123456) Last name, first initial, or first name, last initial In a small company where names are often used as ID, it is common to use the employees last name and first initial of the first name or the employees first name and first initial of the last name (for example, doej or johnd, for John Doe). Clearly identifiable user IDs for temporary employees and consultants (for example, T123456, C123456).

Adding or changing a user The users manager should sign a completed user add-or-change form. The form should indicate the required security, job role, and so on, that defines how security is assigned in your company. If security crosses departments or organizations, the affected managers should also give their approval. If the user is not a permanent employee, or if the access is to be for a limited time, the time period and the expiration date should be indicated. The forms should be filed by employee name or ID. A periodic audit should be performed, where all approved authorizations are verified against what was assigned to the user.

Users leaving the company or changing jobs This event is particularly sensitive. The policies and procedures for this event must be developed in advance and be coordinated by many groups. As an example, see the table below. Responsibility Legal or personnel matters Internal control issues related to financial audit Procedures to terminate network access Policy approval Handover or training period for the employees replacement

Group Human resources External auditors IT Senior management Employees manager

222

System Administration Made Easy | Release 4.6C/D

To manage terminated employees: Similar to banks, there should be a secret word that users could use to verify their identity over the phone. This word would be used when the user needs their password reset or their user ID unlocked. But, realize that others can overhear this secret word and render it useless.
I I

The users manager or HR should send a form or e-mail indicating that the employee is leaving. The users ID should be locked and the user assigned to the user group term for terminated. If the users ID is not required as a template: The activity groups assigned to the user should be deleted. (use transaction SU01, under the Activity Group tab, delete the activity groups). The security profiles assigned to the user should be deleted (use transaction SU01 and under the Task profile and Profile tabs, delete the profiles).

For privacy reasons do not use mothers maiden name as this is a common one used by banks.

Check Background Jobs (transaction SM37) for jobs scheduled under that user ID. The jobs will fail when the user ID is locked or deleted.

If the user leaves one job for another and needs to maintain access for handover, this handover should be documented. The duration of the handover access must be defined and the expiration (Valid to) date entered in the SAP R/3 system.

All temporary employees or consultants should have expiration (Valid to) dates on their user IDs.

System Administration
Special user IDs
The security rights of SAP* and DDIC are extensive, dangerous, and pose a security risk. Anyone who requires or requests similar security rights should have an extremely valid reason for the request. Convenience is not a valid reason. The security profiles that serves as the master key are SAP_ALL, and to a lesser degree, SAP_NEW. The two user IDs (SAP* and DDIC) should only be used for tasks that specifically require either of those user IDs. A user who requires similar super user security rights should have a copy of the SAP* user security. The user ID SAP* should never be deleted. Instead:
I I

Change the password. Lock the user ID.

If the user ID SAP* is deleted, logon and access rights are gained by rights programmed into the SAP R/3 system. The user ID SAP* then gains unknown and uncontrollable security rights. For medium- and large-size companies, granting developers SAP* equivalent security rights in the development and test systems is usually inappropriate. SAP* equivalent security in the production system is a security and audit issue and should be severely limited.

Chapter 8: User Administration

223

User passwords
The user IDs SAP* and DDIC should have their default passwords changed to prevent unauthorized use of these special user IDs. An external audit procedure checks the security of these two user IDs. Parameters that define and restrict the user password are defined by entries in the system profiles.
I I I I

Passwords should be set to periodically expire. The recommended expiration date is no more than 90 days, but auditors will usually want this date to be set at 30 days. Minimum password length of five (5) characters should be set. User should be locked after three unsuccessful logon attempts.

The table of prohibited passwords (USR40) should be maintained.

224

System Administration Made Easy | Release 4.6C/D

Sample SAP R/3 User Change Request Form

SAP R/3 User Change Request


Employee: Department Name/Cost Center Number: User ID: Position: Secret Word: Requester: Requester s Position: Requester s Phone:

Company ID: System/Client No PRD 300 QAS 200 210 220 DEV 100 110 120 Type of Change Change User Delete User Add User Expiration Date (mandatory for temporary employees) Request Urgency High Medium Low

Employees Job Function (If similar to others in department, name and user ID of a person with similar job function):

Special Access/Functions:

Requester Signoff Name Manager Signoff Name Owner Signoff Name Signature Date Signed Signature Date Signed Signature Date Signed

Name

Signature

Date Signed

Name Security Name

Signature

Date Signed

Signature

Date Signed

In addition to security approval (above), is a signed copy of computer security and policy statement attached? Yes No

Chapter 8: User Administration

225

New User Setup


Prerequisites
To set up a new user, certain prerequisites must be met.

General Process or Procedure


Before you set up a new user, have available the user add form, with all the required information and approvals.

The Users Desktop


The users desktop should meet the following criteria:
I I I

Does the system configuration meet the minimum requirements for SAP? Is the display resolution set to a minimum of 800 x 600? Is there sufficient space on the hard disk to install the SAP GUI with sufficient room for desktop application to run?

For Windows, a minimum of 50MB free space should remain after installing SAP GUI. A practical minimum however, is at least 100MB of free space.

Network Functionality
Can the user log on to the network? From the users computer:
I I

Can you ping the SAP application server(s) that the user will be logging onto? If the SAP GUI will be loaded from a file server, can you access the file server from the users computer where the SAP GUI will be installed?

For Installation of SAP GUI


Before you install the SAP GUI, you should have the SAP R/3 server name and the SAP R/3 system (instance) number (for example, xsysdev and 00). You must enter this information during the installation. Recommended Prerequisite for the GUI Installation:
Tips & Tricks

The online documentation should be installed according to the instructions in the SAP document Installing the Online documentation. The online documentation installation and access method has changed since Release 3.x.

226

System Administration Made Easy | Release 4.6C/D

Installing the Frontend SoftwareSAP GUI


The SAP GUI or frontend installation instructions are in the installation guide, Installing SAP Frontend Software for PCs. The SAP GUI can be installed from a copy of the presentation CD on a file server, or the presentation CD or a copy of the CD.

In most situations, accept the installation defaults.

Installing SAP GUI from a File Server


The preferred method is to install SAP GUI from a file server because you do not need to carry the presentation CD around. Also, remote installations can be completed without shipping out and potentially losing the original CD. The following is a list of the prerequisites to install SAP GUI from a file server:
I I

Copy the SAP GUI load files from the presentation CD to a shared directory on a file server. Have access to the shared directory from the users PC.
Task

Install the SAP GUI

1. 2. 3. 4.

Map a drive to the shared drive on the network where the presentation CD has been copied. Select the mapped drive to the presentation CD software (for example, sapguiwin-46d-comp4 on Pa101003 (F:)). Drill down to the directory for the SAP GUI (for example, sapgui-win-46dcomp4 on Pa101003 (F:) GUI Windows Win32). Double-click on setup.exe. The installation program starts.

Chapter 8: User Administration

227

5.

Choose Next.

6. 7.

Select Local installation. Choose Next.

8.

Choose Next.

9. 10.

Select SAPgui.

Steps 1013 are optional.


Click on Desktop Interfaces.

228

System Administration Made Easy | Release 4.6C/D

11.

Choose Change option.

12. 13.

From this screen, select the components you want (for example, select Graphical Distribution Network). This component is required if system administrators wish to view specific screens. Choose OK.

Chapter 8: User Administration

229

14.

Choose Next.

15. 16.

Select English. Choose Next.

17.

Choose Next.

18.

This parameter is set within the SAP R/3 system when the online documentation is installed (Release 4.0B+).

230

System Administration Made Easy | Release 4.6C/D

19.

Choose Next.

20.

Enter the following information:

a. b. 21.

In Application server, enter your application server name (for example, pa102058). In System number, enter your system number (for example, 00).

Choose Next.

22.

Choose Next.

Chapter 8: User Administration

231

23.

Choose Install.

24.

The SAPSetup window appears to show you how the installation is progressing.

25.

The installation is now complete. Choose OK.

26.

To add systems to the SAP Logon see section Adding Systems in the SAP Logon.

Installing SAP GUI from the Presentation CD


When the network connection between the SAP GUI files on the network and the user is too slow to permit installation, install SAP GUI from the presentation CD. The SAP GUI files can be either loaded onto a local file server for installation or installed directly from the delivery media. The prerequisites for such an installation is that the user has a CD drive or other drive compatible with the delivery media (ZIP, optical, and so on) on which the SAP GUI files are delivered.
Task
Install SAP GUI from a CD

A copy should be made of the original presentation CD and the copy shipped to the user site. You then maintain control of the original CD and reduce the chance of loss. The SAP GUI installation files can also be copied to other high-capacity removable media such as ZIP or optical disk, as appropriate for your company.

1.

Insert the CD into the drive.

232

System Administration Made Easy | Release 4.6C/D

2.

In Windows Explorer:

a. b. c. 3. 4. 5.

Choose the CD-ROM drive (for example, D:). Choose Gui Win32. Double-click on Setup.exe.

Follow the same procedure as when loading from a file server. Test your connection Log on to the system.

Adding Additional Systems


The SAP R/3 system can accommodate multiple systems in the SAP Logon dialog box. You can add numerous systems, such as systems for reporting, human resources, and so on.
Task
Add additional systems to SAP Logon

1.

On the SAP Logon window, choose New.

2.

In the New Entry dialog box:

a. b. c. d.

In Description, enter a short description of the system (for example, SA1). In Application Server, enter the name of the server (for example, pa102058). The SAP Router String field is usually blank. In SAP System, select R/3.

Chapter 8: User Administration

233

e. f.

In System Number, enter the system (instance) number for the instance in which you are creating the logon (for example, 00). Choose OK.

3. 4. 5.

The new system appears in the SAP Logon. Test your connection. Log on to the additional system.

Setting Up a New User (SU01)


The procedural prerequisite is to check that all documentation and authorizations required to set up a new user are present. New users can be created by copying an existing user, or creating a new user from scratch. Create template users for the various job functions that can be copied to create new users.

Copying an Existing User (SU01)


You can copy from an existing user if you have a good match. The new user will have the same security profiles as the existing user. This process is the easiest and is the recommended method for a small company. Before you do this task, make sure that a valid user ID to copy is identified on the user setup form.

234

System Administration Made Easy | Release 4.6C/D

Task

Copy an existing user (SU01)


1. 2. 3.
In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users). In User, enter the user ID that you want to copy (for example, GERDS). Choose

4.
Follow your companys naming convention for creating user IDs.

In the Copy Users dialog box:

a. b.

In To, enter the new user ID (for example, GERDSC). Choose .

Note

5. 6. 7. 8. 9.

Your company may have a password policy where a random initial password is to be used. A user group must exist before a user can be assigned to it.

Under the Password section, in Initial password, enter an initial password (for example, initi). Reenter the same password in Repeat password. You may choose system generate a random password. to let the

In User group for authorization check, enter the user group (for example, SUPER) to which the user is to be assigned. Check

to select from a list of user groups.

In Valid from and Valid to, enter dates to limit the system access duration for users.

Chapter 8: User Administration

235

10.

Choose the Address tab to change the users address data.

11.
Entering valid to/from dates is usually required for contractors and other temporary personnel.

On the Address tab:

a. b.

Enter the users personal information (name, job function, department, and so on). Choose the Defaults tab.

236

System Administration Made Easy | Release 4.6C/D

12.
A telephone number should be a required entry field. If there is a system problem identified with the user, you must contact that user.

Check that the Logon language is set correctly (for example, EN for English). If the system default language has been set (for example, to English), then this field is only used to enter a default logon language for the individual user (for example, DE for German). Under Output Controller:

13.

a. b.

For OutputDevice, enter a default printer or choose Select:

to select a printer.

Output immediately Delete after output


to select a time zone.

14. 15.
The Decimal notation affects how numbers are displayed. Setting it correctly is critical to prevent confusion and mistakes.

Check that the Personal time zone is correct, or choose

Under Decimal notation, select the appropriate notation (for example, Point for United States). Under Date format, select the appropriate date format (for example, MM/DD/YYYY). Choose . The message on the status bar indicates that the user was saved.

16. 17.

Chapter 8: User Administration Creating a New User (SU01)

237

Sometimes it becomes necessary to create a completely new user. You may need to create a new user when you do not have another user from which to copy.
Task

Create a new user (SU01)


1. 2. 3.
In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users). Enter the user ID (for example, GERDSC) that you want to create. Choose .

238

System Administration Made Easy | Release 4.6C/D

4.
A telephone number should be a required entry field. If there is a system problem identified with the user, you must contact that user.

On the Address tab:

a. b.

Enter the users personal information (name, job function, and so on). Choose the Logon data tab.

5.
A user group must exist before a user can be assigned to it

Enter an initial password (for example, initi). Reenter the same password in the second field. You may choose to let the system generate a random password. In User group for authorization check, enter the user group (for example, SUPER) to which the user is to be assigned or choose to select a user group. Enter dates in the Valid from and Valid to fields to limit the duration that the users will have access to the system.

6. 7.

Chapter 8: User Administration

239

8.
Entering valid to/from dates is usually required for contractors and other temporary personnel.

Choose the Defaults tab.

9.

As an option, in Logon language, enter the appropriate language code (for example, EN for English). If the system default language has been set (to for example, English), this field is only used to enter a default logon language for the individual user (example, DE for German). Under Output Controller:

10.

a. b.

For OutputDevice, enter a default printer or choose Select:

to select a printer.

Output immediately Delete after output


to select a time zone.

11.
The Decimal notation affects how numbers are displayed. Setting it correctly is important to prevent confusion and mistakes.

Under Personal time zone, enter a time zone or choose

12. 13.

Under Decimal notation, select the appropriate notation (for example, Point, for United States). Under Date format, select the appropriate date format (for example, MM/DD/YYYY).

240

System Administration Made Easy | Release 4.6C/D

14.

Choose

15.

The message indicates that the user was saved.

16.

Assign security to the user by using the Profile Generator (see the Authorizations Made Easy guidebook).

Chapter 8: User Administration

241

Maintaining a User (SU01)


Before maintaining a user, have a properly completed and approved user change form. You must maintain a user to manage job changes to an existing job or position, new jobs or positions, and user data changes, such as name, address, phone number, and so on.
Task

The user change documentation is audited in a security audit.

Maintain a user (SU01)


1. 2.
Note

In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users). Enter the user ID (for example, GERDSC) to be maintained. Choose .

3.

The Maintain User screen allows you to change a users:


I I I I I I

Address Logon data Defaults Password User group Other

242

System Administration Made Easy | Release 4.6C/D

4.

When you finish making the changes, choose

Resetting a Password (SU01)


Ensure that the person who requests their password to be reset is indeed the valid user. The most common reason to reset a password is that users forget their password. In this situation, the user has probably attempted to log on too many times with an incorrect password. The user has probably also locked their user ID, which also needs to be unlocked.

Chapter 8: User Administration

243

You should maintain a security log of password resets. This log should be periodically audited to look for potential problems. A basic user verification method is to have a telephone with a display so that the displayed callers phone number can be compared to the user s phone number, which is stored in the system or can be found in the company phone directory. We recommend that you use a method similar to what banks use where the user has a secret word that verifies their identity on the phone. However, this method is not foolproof because someone can overhear the secret word.

Tips & Tricks

1. 2. 3.

In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users). Enter the user ID (for example, GERDSC) to be maintained. Choose .

4.
For security, you can only set an initial value for the users password. Users are then required to change the password when they log on. You cannot see what the users current password is, nor can you set a permanent password for the user.

In the Change Password popup window, enter a new password in New password and reenter this password in Repeat password. You may choose Choose . to let the system regenerate a random password.

5. 6.

Locking or Unlocking a User (SU01)


The lock/unlock function is part of the logon check, which allows the user to log on (or prevents the user from logging on) to the SAP R/3 system.

244

System Administration Made Easy | Release 4.6C/D

Locking a user
SAP R/3 access should be removed if a user leaves the company, is assigned to a different group, or is on leave. The lock function allows the user ID and the users security profile remains on the system but does not allow the user to log on. This function is ideal for temporary personnel or consultants where the user ID is locked unless they need access.

Unlocking a user
Users are automatically locked out of the system if they attempt to incorrectly log on more than a specified number of times. The administrator must unlock the user ID and may need to reset the users password.
Task

Before unlocking a user, determine if the request is valid. Do not unlock a user who has been manually locked without first finding out why this was done. There may be an important reason why the user should not access the system.

Unlocking a user
1. 2. 3.
In the Command field, enter transaction SU01 and choose Enter (or choose SAP standard menu Tools Administration User maintenance SU01Users). Enter the user ID (for example, GERDSC) to be maintained. Choose .

Maintain a security log of unlocked users, which should be periodically audited for potential problems.

4.
If the system manager locks a user, always check why. A valid reason may exist for not unlocking a user.

A popup window appears. In this example, an administrator has manually locked the user ID. Choose . In this example, this step will unlock the user.

5.

Chapter 8: User Administration

245

6.

A message at the bottom of the screen indicates that the user has been unlocked (or locked).

User Groups
Create the group term for terminated users. Lock all users in this group and, for most of these users, delete the security profiles. This process maintains the user information for terminated users, and prevents the user ID from being used to log on. A user group is a logical grouping of users, such as shipping, order entry, and finance. The following restrictions apply to user groups:
I I I

A user can belong to only one user group. A user group must be created before users can be assigned to it. A user group provides no security until the security system is configured to use user group security.

The purpose of a user group is to provide administrative groups for users so they can be managed in these groups, and apply security.

Usage
Following are a few recommended special groups: Group TERM Definition Terminated users. This way, user records can be kept in the system for identification.
I I

All users in this group should be locked. If it is not being used as a template, all security profiles should be removed from the user.

SUPER TEMPLATE

Users with SAP* and DDIC equivalent profiles. Template users to be used to create real users.

246

System Administration Made Easy | Release 4.6C/D

How to Create a User Group (SU01)


You must first set up user groups before you can administer security.
Task

Create a user group (SU01)


1. 2.
In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users). From the menu bar choose Environment User groups Maintain.

3. 4.

Enter the name of the user group you would like to create (for example, purchasing). Choose .

5. 6.

In Text, enter a description of the user group. Under User Assignment, in User, choose to add users to the group.

Chapter 8: User Administration

247

7.

Choose

8.

The message indicates the new user group was created.

Deleting a Users Session (Transaction SM04)


Use transaction SM04 to terminate a users session. Transaction SM04 may show a user as being active when the user has actually logged off. This condition is usually caused by a network failure or an improper system logoff (for example, the user turned the PC off without logging off the system). A user may be on the system and needs to have their session terminated. The users session may be hung and terminating the session is the only way to remove the users session. Alternately, the user may have gotten into a oneway menu path without an exit or cancel option. This situation is dangerous, and the only safe option is to terminate the session.

248

System Administration Made Easy | Release 4.6C/D

Terminate a User Session


You must log on to the specific server that the target user is logged on.
Task

Terminate a user session


1.
Verification is important because users may have forgotten that they minimized a session. Verify that the user is actually logged off from SAP R/3 and that there is no SAP GUI window minimized on the desktop. Verification is done by physically checking the users computer, if possible. In the Command field, enter transaction SM04 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor System monitoring SM04-User overview). Select the user ID to delete. Choose Sessions.

2. 3. 4.

In step 3 above, doublecheck that the selected user is the one you really want to delete. It is very easy to select the wrong user.

5. 6. 7.

Select the session to be deleted. Choose End session. It may take a while to actually delete the session so be patient. Repeat steps 5 and 6 until all sessions for that user are deleted.

Active Users (Transactions SM04 and AL08)


These transactions display all the users who are currently logged on to the system. They show both the users ID and terminal name.

Chapter 8: User Administration

249

User IDs should not be shared for several reasons. If a problem arises, you will not know who created the problem. This situation makes the problem difficult to fix and prevent a reoccurrence. Prudent security practices do not allow for sharing of user IDs. Set the system profile login/disable_multi_gui_login. Your external auditors may also perform this test to test your security.

In a smaller company, the administrator can recognize user IDs logged on to unfamiliar terminals. This recognition may indicate that someoneother than the designated useris using that user ID. A user logged on to more than one terminal indicates that the user ID is being:
I I

Used by someone else Used or shared by several people

Problems
Transaction SM04 may show a user as active, when in fact the user has actually logged off. Because the user session was not properly closed, the system shows the user as still logged on. The following can cause this condition:
I I

A network failure, which cuts off the user from the network or SAP R/3. The user turning off their computer without logging off from the SAP R/3 system.
Task

Display active users on a single-instance system


1. 2. 3.
In the Command field, enter transaction SM04 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor System monitoring SM04-User overview). Select the user ID to view the session the user has open. Choose Sessions.

4.

The Overview of Sessions screen shows what sessions the user has open.

250

System Administration Made Easy | Release 4.6C/D

5.

Choose

Task

Display users on a multi-instance system


If you have several instances in your system, using AL08 is easier, because you can simultaneously see all users in all instances.

1. 2. 3.

In the Command field, enter transaction AL08 and choose Enter (or from the SAP standard menu, choose Tools CCMS Control/Monitoring Performance menu Exceptions/Users Active users ALO8-Users, global). The Current Active Users screen shows all the instances in your system and the number of active users. For each instance, the users logged into that instance/application server are listed.

PART FIVE

Database Overview

252

System Administration Made Easy | Release 4.6C/D

Part Overview
In the database section of the System Administration Made Easy Guidebook, we have for the first time included coverage of more than one database. The goal that was envisioned with the reorganization of the 4.0B edition, of covering more than one database in the guidebook is nearing completion. For the 4.6C/D edition we will cover DB2/UDB, Microsoft SQL Server, Informix, and Oracle. The guidebook has been arranged so that the tasks specific to individual databases are located in the database chapters. All other chapters are mostly database-independent. The various mySAP.com components run on several databases. At present, these are IBM DB2/UDB, IBM Informix, Microsoft SQL Server, Oracle, and SAPDB. The tasks that need to be performed on all the databases are the same. How they are done is specific to the individual databases. For example, you must take a backup on all databases, but the method of taking a backup differs for the different databases, similarly with other tasks such as starting and stopping the SAP instance.

C H A P T E R

Database Administration - IBM DB2 Universal Database

254

System Administration Made Easy | Release 4.6C/D

Overview
An IBM DB2 database server can be managed in several ways, such as with a command line interface, DB2s GUI tool (DB2 UDB Control Center), and SAP systems. IBMs DB2 Universal Database runs on the following operating system platform:
I I I I

OS390 AS400 Unix Windows NT

Because of this diverse base, and for simplicity, we will use the command line interface in this chapter. The command line interface is always available, and you can telnet to every host, including NT servers that have telnet services installed.

Starting and Stopping the Database


The following tasks show you how to start and stop the database.
Task

Start the database


Note

1.

Start the DB2 instance db2<dbname>:

We will use <sid>, <sapsid> and <dbname> interchangeably when we talk about the name of the SAP database in this administration chapter.

a. b. c.

Open a telnet connection to the database server. Logon as user <dbname>adm (for example 16dadm). Enter db2start.

Chapter 9: Database Administration - IBM DB2 Universal Database

255

2.
Alternately, you can start the SAP component using the startsap command. Using this command, the above steps are performed automatically.

Activate the DB2 database db<sid> (for example, db2 activate db16d).

3.

Your DB2 database is now active, with all buffers allocated and ready for use.
Task

Stop the database

1. 2.

The SAP R/3 system must be stopped before the database is stopped. At the command prompt, enter stopsap r3 to stop the SAP R/3 instance. To shut down the DB2 database <dbname> and stop the DB2 instance db2<dbname>:

a. b. c.

a.Open a telnet connection to the database server. b.Logon as user <dbname>adm (for example, l6dadm). c.Enter db2stop and choose Enter.

DB2 UDB Administration in SAP Systems


Familiarize yourself with this database monitor tool. For more information, see IBMs DB2 UDB System Monitor Guide and Reference available at http://www4.ibm.com/software/data/db2/libra ry/. With Release 4.6C, SAP has implemented an improved database monitor, known as DB6COCKPIT for DB2 UDB servers. This monitor replaces legacy screens and can be called using transaction ST04. Transaction ST04 is a central transaction for all DB2-related tasks. Transaction ST04 simplifies database monitoring for consultants unfamiliar with DB2 UDB. Also, it offers functionality that is not available on other database platforms. Because SAP software is able to run on massive parallel DB2 database servers, the database monitor allows you to monitor multiple database partitions residing on separate physical servers.

Database Performance (ST04)


The transaction ST04 can be used to analyze the following database components:
I I

DB2 Memory and buffer usage DB2 catalog and package cache usage

256

System Administration Made Easy | Release 4.6C/D


I I I I I

DB2 I/O Performance data Locks and Deadlocks Connected Applications SQL Cache Table usage

To manage your database server, you must use the Database Performance transaction (ST04) on a regular basis. You should monitor the buffer pool hit ratio and messages in the DB2 database diagnostic log files.
Task

Note

Monitor database performance


1. 2.
In the Command field, enter transaction ST04 and choose (or from the SAP standard menu, choose Tools Administration Monitor Performance Database ST04 Activity). In the DB2 UDB screen, choose Performance SQL Cache.

The following tabs on the DB2 UDB screen are important:


I

Header Information General information about the DB2 Release, Partition selected and the Start Time of Database Manager. Buffer Pool This tab displays an overview of the buffer pools. A buffer quality over 98% means that buffering of data and indexes is very good.

3.

The Selection Criteria dialog box appears. Enter any necessary information in the fields (for example, to select all statements, in Executions, enter 1).

Chapter 9: Database Administration - IBM DB2 Universal Database

257

4.

Choose OK.

5. 6.

The DB2 UDB screen displays all SQL statements that were executed in the DB2 server. The header information contains the timestamp of the last snapshot. To retrieve a current snapshot, choose REFRESH.

7.

The Selection Criteria dialog box appears. Enter your selections and choose OK.

258

System Administration Made Easy | Release 4.6C/D

8. 9. 10.

The entries in the SQL statement cache display. Select an entry. Choose Explain.

11.

The Display Execution Plan for SQL statement screen displays. If you are missing indexes, you will see operation TBSCAN on tables. This is an indication for performance problems.

Chapter 9: Database Administration - IBM DB2 Universal Database

259

Space Allocation
A mission critical task is the monitoring of the database growth. If your database runs out of space during use, you will experience downtime until the database has been expanded. The database expansion can be performed using the DB2 CLP or the DB2 UDB Control Center.
Task

Determine database space allocation


1. 2.
In the Command field, enter transaction db02 and choose (or from SAP Standard menu, choose Tools Administration Monitor Performance Database Tables/Indexes) The Database Performance: Tables and Indexes displays the tablespace allocated by the database in the following fields:
I I I

Note

The tablespace column displays the tablespace names. The Type column displays the type of tablespace:
I

Total number Total size Total free

DMS: pre-allocated space in a database file (in DB2, this space is known as a container) SMS: pages will be allocated and de-allocated dynamically during runtime using files in a directory

3. 4. 5.

To retrieve current information, choose REFRESH. A dialog box appears to inform you that the process may take a long time. Choose OK. Choose Detailed analysis.

RAW: space managed like DMS, but in a raw device The percent used column is the most important entry. If any value is larger than 95%, you may want to consider the expanding your table space.

260

System Administration Made Easy | Release 4.6C/D

6.

The Database Performance: Tablespaces screen appears.

Backups and Recovery


You can also use transaction ST04 to view this information. This transaction takes you to the Space: Container Configuration screen. In the left frame of the screen, choose Space Tablespaces. (If you are running 4.6D, choose Space Tablespaces Containers to show the space information on a tablespace level.) Important information is contained in the following fields:
I I

Pages total: the number of pages available in a container Accessible: information about the accessibility of the database container. If there is an access problem, you will see NO and the tablespace will be offline.
Task

View backup and recovery information


1.
In the Command field, enter transaction ST04 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor Performance Database ST04 Activity).

Chapter 9: Database Administration - IBM DB2 Universal Database

261

2.

In the left frame, choose Backup and recovery and double-click on Backup overview.

3.

On the Overview of Backup Status screen:

a. b.

Choose Refresh. Choose Overview of all database backup.

262

System Administration Made Easy | Release 4.6C/D

4. 5. 6.

The backup overview displays. The task color indicates the status, read meaning failure, and green meaning success. Select a backup log. Choose Display.

7.

The detailed information on the backup selected is shown.

Chapter 9: Database Administration - IBM DB2 Universal Database

263

8. 9.

Choose

Back. on this screen and the next two screens.

To display information about the DB2 database server logging status, choose Backup and recovery and double-click on Logging Parameters.

10.

For a production SAP system using DB2 UDB, you must ensure that the following two parameters are set:
I I

Log retain enable = RECOVERY User exit enable = ON

264

System Administration Made Easy | Release 4.6C/D

Scheduling Database Administration Tasks (DB13)


This section explains the basics of planning DBA tasks. To schedule a backup task, the backup must be able to run unattended. Your tape drive must have sufficient capacity to back up the database without changing tapes, or you must have multiple tape drives with sufficient total capacity. The DBA Planning Calendar (DB13) is used for scheduling DBA tasks within SAP systems. Using the calendar, the DBA can schedule the following:
I I I I I

Archive log files Reorganization Update Statistics Back up the database Initialize Tapes

Managing and scheduling tasks inside an SAP system is easier than using the command line interface.
Task

Schedule database administration tasks (DB13)


1. 2. 3.
In the Command field, enter transaction DB13 and choose Enter (or from the SAP Standard menu, choose Tools CCMS DB Administration DBA Planning Calendar) The DBA Planning Calendar screen appears. To Plan a DBA Action, select a date on the calendar. Choose Create.

Chapter 9: Database Administration - IBM DB2 Universal Database

265

4.

On the Schedule an Action for <XXXXX> dialog box:

a. b. c.
To use tape devices in parallel, enter the fully qualified device names separated by commas.

In StartTime, enter your starting time (for example, 01:10:00). Under Action, select an action category to perform (for example Archive inactive log files onto device). Choose .

5.

On the Tape Name dialog box, enter the required parameters. Choose

6.

Choose

266

System Administration Made Easy | Release 4.6C/D

7.

The task displays on the selected date. The Action scheduled message displays at the bottom of the screen.

Reviewing the DBA Planning Calendar


The following task shows you how to display the job logs to ensure proper task execution.
Task

Review the DBA Planning Calendar

1. 2.

In the Command field, enter transaction DB13 and choose Enter (or from SAP Standard menu, choose Tools CCMS DB Administration DBA Planning Calendar) Review the scheduled tasks. The color indicates the status:
I I I

Red: Failure Yellow: Warning Green/Blue: Success

3. 4.

If there are more jobs to be displayed, a scroll bar appears. Select a task.

Chapter 9: Database Administration - IBM DB2 Universal Database

267

5.

Choose

Job logs for more information.

6. 7.

Select the task. Choose .

268

System Administration Made Easy | Release 4.6C/D

8.

The Job Log Display screen appears.

Diagnostics
The diagnostics section includes information about possible database problems. To analyze and solve the problem you should review the output of DB2 UDBs diagnostic log file db2diag.log.
Task

Run diagnostics

1. 2.

In the Command field, enter transaction DB13 and choose Enter (or choose Basic Tools Administration Monitor Performance Activity Diagnostics). On the DB2 UDB screen, in the left frame, choose Diagnostics and double-click on DB2 UDB diag log. This process may take some time to run.

Chapter 9: Database Administration - IBM DB2 Universal Database

269

3.

The right frame displays the contents of the db2diag.log file.

Command Line Processor


The DB2 command line processor (DB2 CLP) can be used to administer a DB2 UDB database. The tool is supported on all DB2 platforms. The tool can be used to:
I I I I I I I I

Start and stop the database (see section starting and stopping) Back up the database Back up the database log files Restore the database Check and update the database configuration Check and update the database manager configuration Resize or extend the tablespace containers Other

Most SAP software interfaces to DB2 use the DB2 CLP. If there are problems with the database, you are always in a good position if you know how to use the DB2 CLP.
Task

Start the command line processor

1.

Open a telnet connection to the database server.

270

System Administration Made Easy | Release 4.6C/D

2. 3.
Note

Log on as user <dbname>adm (for example, l6cadm) To start the DB2 CLP, enter db2. Enter connect to l6cadm and press Enter.

4.

You can always enter DB2 commands from a shell prompt by entering the DB2 command prefixed by db2. For example, you can enter db2 connect to <dbname> to connect to your DB2 database. If you need more information about a command you can use the ? token (for example, db2 ? backup shows all options of DB2s BACKUP command).

5.

The connection information is shown.

TechTalk

DB2 UDB distinguishes between DB2 command and SQL statements. A statement is an database operation that will be logged and is recoverable. For example, changes to the structure of the database are made using the db2 alter tablespace statement. During database recovery, these changes are re-applied. A command is issued against the DB2 database server or a database, or other DB2 infrastructure elements. You will find information about DB2 command in the Command Reference. Details on SQL statements are in the SQL Reference. Both of these references are available at http://www-4.ibm.com/software/data/db2/library/.

Chapter 9: Database Administration - IBM DB2 Universal Database

271

Task

Check and update the Database Manager Configuration


1.
To check the Database Manager Configuration from the command line processor, enter the following DB2 command: get database manager configuration or get dbm cfg

2.

To update a parameter in the Database Manager Configuration, enter: update database manager configuration using <parameter> <value> or update dbm cfg using <parameter> <value>

Task

Check and update the Database Configuration


1.
To check the Database Manager Configuration in the command line processor, enter: get database configuration for <dbname> or get db cfg for <dbname>

272

System Administration Made Easy | Release 4.6C/D

2.

To change a parameter, enter: update database configuration for <dbname> using <parameter> <value> or update db cfg for <dbname> using <parameter> <value>

Task

Extending or resizing a tablespace


1.
To extend all containers of a tablespace by a specified number of additional pages, enter the following command in the DB2 CLP: alter tablespace <tablespace name> extend (all <additional pages>)

2.

Alternatively, to specify a new size for the tablespace, you can use the RESIZE command. Enter: alter tablespace <tablespace name> resize (all <new container pagesize>)
Task

Back up a database using DB2 CLP


1.
To back up the database <dbname> using online backup, two tape drives, four backup buffers, and three tablespaces backed up in parallel, enter on one line: db2 backup db <dbname> online

Chapter 9: Database Administration - IBM DB2 Universal Database

273

to <dev1>, <dev2> with 4 buffers parallelism 3

The DB2 UDB Control Center


The DB2 UDB Control Center is a graphical tool for management of DB2 UDB databases. Because it is based on the Java Runtime Environment (JRE), the tool is supported on all platforms. The DB2 UDB Control Center can be used to:
I I I I I I I

Start and stop the database (see section starting and stopping) Back up and restore the database Back up the database log files Check and update the database configuration Check and update the database manager configuration Update passwords for sapr3 and <sid>adm Other

To start the DB2 UDB Control Center, you must follow OS-specific guidelines. For example, on the NT platform, use Start Programs IBM DB2 Control Center. The DB2 UDB Control Center uses a GUI to manage DB2 databases.

274

System Administration Made Easy | Release 4.6C/D

To perform SAP-specific tasks, you must install the SAP Control Center Extensions on top of the DB2 UDB Control Center. The most current information about installing the SAP Control Center Extensions tools can be found in SAP Note 410252.

C H A P T E R

10

10

Database Administration Microsoft SQL Server

276

System Administration Made Easy | Release 4.6C/D

Overview
Microsoft SQL Server is a low maintenance database that also supports very large databases in excess of 1TB in size. This chapter reviews the database administrative tasks that can be accomplished within the SAP R/3 system with associated tasks utilizing the Microsoft administrative tools.

Starting and Stopping the Database


The following tasks show you how to start and stop the database.
Task

Start the database

1. 2.

From the Windows taskbar, choose Start Programs Microsoft SQL Server Service Manager. Choose Start/Continue.

3.

Check that Microsoft SQL Server is started by checking the color and shape of the status icon (the green arrow), and the status message at the bottom of the window.

Chapter 10: Database Administration Microsoft SQL Server

277

4. 5.

Select the Services drop down list and choose SQL Server Agent. Check that Microsoft SQL Server Agent is started by checking the color and shape of the status icon (the green arrow), and the status message at the bottom of the window. If it is at the Stopped status, choose Start/Continue.

Task

Stop the database

1.
Follow the proper procedure to stop SAP R/3.

Verify that SAP R/3 has been stopped. If SAP R/3 has not been stopped, stop SAP R/3 now. From the NT desktop, choose Start Programs Microsoft SQL Server Service Manager. Choose Stop.

2. 3.

4.

Choose Yes.

5.

Choose Yes.

278

System Administration Made Easy | Release 4.6C/D

6.
Do not use NT services or issue command: net stop mssqlserver to stop the SQL server database. This will not properly flush the DB buffers to disk when stopping and may cause database startup problems.

Check that Microsoft SQL Server is stopped by checking the color and shape of the status icon (a red square), and the status message at the bottom.

Database Performance
Overview
The Computing Center Management System (CCMS) has tools available for SAP R/3 administrators to monitor the database for growth, capacity, I/O statistics, and alerts. This section discusses the initial transactions that can help the database administrator.

Database Activity (ST04)


The Database Performance Monitor (transaction ST04) provides a databaseindependent tool to analyze and tune the following components:
I I I I I

Memory and buffer usage Space usage CPU usage SQL requests Detailed SQL items

To manage your system performance, the database must be monitored. An important item is the ability to view the database error log from within SAP R/3. This view saves the extra effort of logging into the database to view this log.

Chapter 10: Database Administration Microsoft SQL Server

279

Task

View database activity


1.
Determine the frequency to reboot the system to clear memory fragmentation. In the Command field, enter transaction ST04 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor Performance Database ST04 - Activity). The SQL Server Performance Analysis screen appears, displaying a summary of database activity pertaining to the database, operating system, CPU, and memory. Microsoft SQL Server allows the analysis of specific attributes pertaining to memory, space, I/O, and quality of table reads and writes. This information can signal adjustments necessary to improve performance of the database.

2.

DB startup
I

Indicates the last time the SQL server was restarted

Memory Usage
I

Procedure cache and data cache hit ratio can reflect memory problems. For optimal usage, these values should approach 99%.

Server Engine/Elapsed
I

Shows how hard the CPU is working on MS SQL Server processes. Pay attention to the ratio of busy time to idle time

SQL Requests
I

Shows how SQL queries are utilizing table access for full table or index scans. A high ratio of full table scans to index scans can indicate performance bottlenecks.

3.

The Database Performance Analysis: SQL Server Database Overview screen is the Detailed analysis menu (option 2D).

a.

This screen is composed of the following three sections: Analyze database activity Analyze exceptional conditions Additional functions

280

System Administration Made Easy | Release 4.6C/D

b.

Areas of common interest are: Server details SQL processes Error logs (see the following screen)

c. Additional functions are links to transactions that will be discussed in later


sections.

4. 5.

The SQL Error Logs Overview screen appears. Select an entry in the Log name column.

Chapter 10: Database Administration Microsoft SQL Server

281

6.
Refer to SAP Note 425763 (German) if error logs are not seen.

Choose

7.

The Display Selected SQL Log screen appears.

282

System Administration Made Easy | Release 4.6C/D

Database Allocation (DB02)


Note

The Database Allocation transaction is used to analyze:


I

This transaction can also be accessed with transaction ST04. Choose Detail analysis menu State on disk.

Database growth Using the growth rate you could project the growth to determine when you may need to get additional disk storage for the database. Database index, consistency, and so on Tables
Task

I I

View database allocation


1. 2.
In the Command field, enter transaction DB02 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor Performance Database DB02-Tables/Indexes). An initial review identifies the database type, name, size, file systems, and totals for database objects.

a.

The following describes some of the information on the screen: Database information indicates space used for data and log information. DB space history takes you to the View database history screen. DB analysis takes you to an analysis menu screen.

b.

To determine attributes for a specific database object, use Detail analysis to make decisions for an individual object.

Chapter 10: Database Administration Microsoft SQL Server

283

3. 4.

This screen is the DB space history display. A spreadsheet allowing analysis based on calendar scenarios exists with the ability to sort on column information. To view by file, choose Files.

5.

You can analyze the physical file information.

6.

The Database Analysis screen appears. The administrator can use the information on this screen to:
I I

Analyze the database for missing indexes, conflicts between ABAP Dictionary and database, and SAP R/3 Kernel integrity Perform a database consistency check

284

System Administration Made Easy | Release 4.6C/D

Analysis can be done for table specific objects to determine the largest tables, and tables that are modified.

Scheduling Database Tasks (DB13)


The DBA Planning Calendar (DB13) is the scheduling tool for DBA tasks in SAP R/3. Using the Calendar, the DBA can schedule many of the DBA tasks that must be performed, such as:
I I I

To schedule a backup task using the DBA Planning Calendar, the backup must be able to run unattended, meaning that you must have one of the following:
I

Database and transaction log backup Differential database backup Check database consistency

A single tape drive with sufficient capacity to back up the database without changing tapes. Multiple tape drives with sufficient total capacity to back up the database without changing tapes.

These tasks can be conveniently managed and scheduled without going to the database. The DBA Planning Calendar works with transaction DB12 (Backup logs). For more information on transaction DB12, see page Checking the Database Backup (DB12).
Task

Schedule database tasks

1.

Enter transaction DB13 and choose Enter (or from the SAP standard menu, choose Tools CCMS DB Administration DB13-DBA Planning Calendar).

Chapter 10: Database Administration Microsoft SQL Server

285

2.

Double-click on the date. If a task exists for that day, this window appears.

3.

On the Actions for <XXXXX> dialog box, choose Insert to add a new task.

4.
The start time is the time on the database server.

In StartTime, enter the time to begin the backup. Under Action, select a task (for example, Full Database Backup).

5.

286

System Administration Made Easy | Release 4.6C/D

6.

Choose Continue.

7. 8.

Select the database to be backed up. In this example, we select all the databases. Choose OK.

9. 10.

Select the backup device (for example, R3DUMP0). Choose OK.

Chapter 10: Database Administration Microsoft SQL Server

287

11.

In the Log backup tape options dialog box, select the following options as appropriate:

a. Unload tape
To eject the tape after the backup is completed

b. Initialize tape
To overwrite existing data, rather than appending to last backup

c. Verify backup
To verify the backup after it has run If you are doing an online backup when transactions are being performed, selecting this option is not useful because the database changes during this time will cause this test to fail.

d. Format tape
To erase the entire tape and write a new tape label This option is selected when using a brand new tape, or a tape that was previously used with a different application, or backing up to disk when same device is loaded.

12. 13.

In Expiration period for backup volumes, enter the number of days to protect the tape. Choose OK.

14.

Choose

288

System Administration Made Easy | Release 4.6C/D

15.

The task will be listed in the day.

Determining the Tape (Label) Necessary for a Backup


Using the correct tape is important. If the wrong tape is used, the backup will fail. For more information on tape labeling, see Tape Management on page 48.
Task

Determine the tape (label) necessary for backup


1.
Double-click on the desired day.

Chapter 10: Database Administration Microsoft SQL Server

289

2. 3.

If more than one entry is shown, select the backup entry. To see what tape (label name) is required for that backup, choose Volumes needed.

4.

The required tape is displayed (for example, CD15S).

290

System Administration Made Easy | Release 4.6C/D

Deleting an Entry from the Planning Calendar (DB13)


Occasionally, you may find entries in the DBA Planning Calendar that are no longer needed. The following task show you how to delete them.
Task

Delete an entry from the Planning Calendar


1.
On the DBA Planning Calendar, double-click on the date.

Note

2. 3.

Select the item to delete. Choose Delete.

You can also choose Change to change the options you originally selected for the job.

4.

Choose Yes.

5.

The item has been deleted.

Chapter 10: Database Administration Microsoft SQL Server

291

6.

Choose

Checking the Database Backup (DB12)


The Backup Logs transaction (transaction DB12) provides backup and restore information, such as:
I I

Log file size and free space in the log file Date and time of last successful restore for: SAP R/3 database Transaction log Master database Msdb database

I I I I I

Backup history Restoration history Backup device list SQL Server jobs Tapes needed for restore

Do not be overly reliant on the tapes needed for restore feature. You must have a method that does not rely on SAP R/3 being available to tell you what tapes you must do a restore of the SAP R/3 system. If there is a severe disaster, and the SAP R/3 system is lost, SAP R/3 is not available for you to look at this report.

It is a convenient collection of backup information. Some of the important backup information such as tape label name is passed to DB12 from DB13. The tapes needed for restore option is important. The only missing information is the run time (duration) of the backup job. This is a problem indicator, when compared to the expected duration of the backup.

292

System Administration Made Easy | Release 4.6C/D

Task

Check the database backup


1. 2. 3.
In the Command field, enter transaction DB12 and choose Enter (or from the SAP standard menu, choose Tools CCMS DB Administration DB12Backup logs). On the CCMS Monitoring Tool DB12 (Backup/Restore Information) screen, review log space information to analyze growth. Review backup information and notice the date and time of success or failures.

Note

The following is a list of the available buttons and their functions: Backup history A spreadsheet summary of each backup is listed. Each backup type can be reviewed with detailed log information available using History info. Restoration history A spreadsheet of detailed restoration information is listed. Backup device list Each logical device name is listed with the appropriate physical device name SQL Server jobs A spreadsheet listing of all scheduled jobs with options for CCMS, Database and History Info is listed. History Info lists the specifics of the job that pertain to success or failure of the job. Tapes needed for restore A listing of the tapes that are needed to restore the various databases. Scroll to the bottom of the screen, for the instructions to restore the database.

Chapter 10: Database Administration Microsoft SQL Server

293

Initializing Backup Tapes


Initializing the tape writes a label on the tape header. This label is the same as the physical label of the tape (for example, CD26S). The tape label and the expiration date are additional safety levels to prevent backing up to the wrong tape, and possibly destroying needed data. When using the DBA Planning Calendar (DB13) for backups, the tape must be properly labeled to execute a backup to tape, because the transaction expects a specific tape to be in the drive. If the tape label does not match the required label, the backup will fail. Initializing and labeling is an option when executing the backup using DB13, SQL Server Enterprise Manager, or NT Backup.

For SQL Server, see SAP Note 141118 for a description of the tape label naming convention used by DB13.

Database Backups with Microsoft Tools


Backing up SAP R/3 on the SQL Server involves backing up the following SAP-specific and database-related directories:
I I I I

If the log is allowed to grow to capacity and use all available file space on the drive, SQL Server will stop. This event is critical, because when SAP R/3 stops, so does the business processes that require SAP R/3 to be running.

\usr\sap \usr\sap\trans <homedirectory> of <sid>adm \<sid>data (might have multiple files) The SAP R/3 database files

\<sid>log The SAP R/3 log file

Additionally, you should back up the following Microsoft SQL Server databases:
I
Note

Master In case of failures or hardware or software disasters, the Master database contains the data necessary to recover the database.

There is no need to backup the \tempdb directory, because it will be rebuilt on server cycling.

MSDB The MSDB database contains the data for the SQL Server job scheduler and the database backup history.

To make the backup process easier, and to reduce errors, we recommend that you backup the entire server and not just specific directories and files.

294

System Administration Made Easy | Release 4.6C/D

Online Backup Using SQLserver 2000 Enterprise Manager


The SQL 2000 Enterprise manager is Microsoft SQL Servers general tool. In conjunction with the SAP R/3 system, it is used to backup the following while SAP R/3 is running:
I I

The SAP R/3 database The SAP R/3 log

If the log is allowed to grow to capacity and use all available file space on the drive, SQL Server will stop. This event is critical, because when SAP R/3 stops, so does the business processes that require SAP R/3 to be running.

To clear the log, the log backup must periodically be done in the initialization mode. You must also backup the following SQL Server databases:
I

Master If there is a hardware or software disaster, the master database contains the data necessary to recover the database.

MSDB The MSDB database contains the data for the SQL Server job scheduler and the database backup history.

An online backup allows you to backup the databases when SAP R/3 and the database are running, to reduce impact to system users.
Task

Backup your databases

1. 2. 3. 4. 5.

On the Windows taskbar, choose Start Programs Microsoft SQL Server Enterprise Manager. In the Enterprise Manager, expand the SQL Server Group under which your server is located. (You may have a different group name.) Expand the server that you want to look at. (You will have a different server name.) Choose Management. Choose Backup.

Chapter 10: Database Administration Microsoft SQL Server

295

6.

On the toolbar, choose Tools Backup Database.

Note
Select Database complete to do a full backup of the database. Select Transaction log to backup only the transaction log.

7. 8. 9.

In Database, choose the dropdown arrow to select the database to backup. Under Backup, select the type of backup to perform (for example, Database complete). Under Destination:

a. b.

Select the media (for example, Disk). Select the device (for example, logdisk1).

Note
To select another device as the destination, choose Add Backup device.

10. 11.

Under Overwrite, select Overwrite existing media. Choose the Options tab.

296

System Administration Made Easy | Release 4.6C/D

12.

Under Options, select:


I I

Verify backup upon completion Backup set will expire

13.

Under Backup set will expire, select one of the following options and complete the entry field:

a. b.

After (a defined number of days), then enter the number of days. On (a specific date), then enter the date.

On the screens below, you have three options:


I I I

Backup without checking the tape label. Backup checking the tape label. Initialize the tape and writing a new tape label, before backing up.

Task
Backup without checking the tape label
This step will overwrite and destroy any data on the tape. Be certain that the correct tape is in the drive.

1.

Leave the following options deselected:


I I

Check media set name and backup set expiration Initialize and label media

Chapter 10: Database Administration Microsoft SQL Server

297

2.

To begin the backup, choose OK.

Task
Check the tape label before backing up

1. 2. 3.

Select Check media set name and backup set expiration. Enter the tape label in Media set name (for example, RD26S). To begin the backup, choose OK. If the label of the tape does not match the name entered in Media set name, the backup will fail.

298

System Administration Made Easy | Release 4.6C/D

Task
Initialize the tape before backing up

1.
This step will relabel, overwrite, and destroy any data on the tape. Be certain that the correct tape is in the drive.

Select Initialize and label media. Enter the tape label name in Media set name (for example, RD26S). Choose OK to begin the backup.

2. 3.

Offline Backup Using Windows 2000 Backup


The offline backup is done when SAP R/3 and the database are down. The offline backup also backs up other files that are needed to restore SAP R/3. Because high-capacity tape drives are now more common, it is simpler and safer to backup the entire server. A full server backup eliminates the possibility of missing an important file during a backup. At a minimum, backing up SAP R/3 on SQL Server involves backing up the following SAP- specific and database-related directories:
I I I I I

For smaller customers, the entire server could be backed up to a single DLT cartridge.

\usr\sap \usr\sap\trans <homedirectory> of <sid>adm \<sid>data \<sid>log (the SAP R/3 database files) (the SAP R/3 log file)

In addition to these directories, you must back up any directories and files for third-party products, interfaces, and so on that store data outside the SAP R/3 database. Because getting all the required files and directories can be difficult, we recommend that you backup the entire server.

Chapter 10: Database Administration Microsoft SQL Server

299

Due to system limitations on the documentation system, the location of the files in this example is presented differently from the recommendations in the SAP installation manual.

The data in the database does not change while the backup is being made, which means that you have a static picture of the database and do not have to deal with the issue of data changing while the backup is being run. With some third-party applications, you cannot back up the files unless they are closed, and this is not possible unless SAP R/3 and the application are shut down. Therefore, an offline backup needs to be done. A full server offline backup also gives you the most complete backup in the event of a catastrophic disaster. One tape contains everything on the server. To do an offline backup, we use Windows 2000 Backup interactively.
Task

Perform an offline backup

1. 2. 3. 4. 5. 6.

Shut down SAP R/3. Shut down the database. Shut down any other applications. Insert the appropriate tape into drive. On the Windows 2000 taskbar, choose Start Programs Accessories System Tools Backup. Choose Backup.

7.

Select the drive and the appropriate directories, (for example, C:) on the server.

300

System Administration Made Easy | Release 4.6C/D

8.

Choose Start Backup.

9.

In the Backup Job Information dialog box:

a. b. c. d.

In Backup description, enter a description. Under If the media , select Replace the data on the media with this backup. In If the media is , enter the same description as in step 8. Choose Advanced.

Chapter 10: Database Administration Microsoft SQL Server

301

10.

In the Advanced Backup Options dialog box:

a. b. c. d.

Select Verify data after backup. If your tape drive supports hardware compression, select If possible, compress space. Under Backup Type, select Normal. Choose OK.

11.

The backup will run. The Selection Information dialog box displays the backup progress.

12. 13.

The Replace Data dialog box appears to verify that the correct tape is in the drive. Even if the tape name you entered in the previous screen matches the tape label, this window will appear. Choose Yes.

302

System Administration Made Easy | Release 4.6C/D

14.

The Backup Progress dialog box displays the backup progress. Depending on the size of the database, the backup may run for a period of time.

15.

When the backup has successfully completed, choose Close.

16.

From the menu bar, choose Job Exit.

Chapter 10: Database Administration Microsoft SQL Server

303

17.

Remove the tape from the tape drive and store properly.

Viewing Database Error Logs


SAP R/3 Database Performance Analysis (ST04)
You can view the database error logs from within SAP R/3 using transaction ST04. For more information on database error logs, see the Database Performance Analysis (ST04) section earlier in this chapter.
Task

Perform database analysis using Microsoft SQL Server 2000 - Enterprise Manager

1.

From the NT desktop, choose Start Programs Microsoft SQL Server Enterprise Manager.

304

System Administration Made Easy | Release 4.6C/D

2.

In the Enterprise Manager:

a. b. c. d.

Expand the SQL Server Group under which your server is located. Expand the server where the SAP R/3 system is installed. Expand Management. Expand the SQL Server Logs.

3. 4.

Select the Current log. You can also look at the six previous error logs. Read the log in the right frame.

Chapter 10: Database Administration Microsoft SQL Server

305

Verify Database Consistency


In a database management system, consistency can be represented from the logical and physical levels. SAP R/3 must ensure a logical consistency when communicating with the SQL Server engine, and SQL Server must ensure a physical consistency for the database. Sometimes a physical inconsistency can occur in the databases internal structures. This problem occurs when SAP R/3 and the database show the same piece of data in different locations.
Note

NOTE: For those coming from SQL Server 7.0 environments, SQL Server 2000 executes the DBCC CHECKDB job much faster than SQL Server 7.0.

SQL Server uses the DBCC CHECKDB command to correct and repair the database to a consistent state. This is executed using:
I I

CCMS Scheduling calendar (transaction DB13) The SQL Server Enterprise Manager

The consistency checks should be done during non-peak hours or when SAP R/3 users are offline.

Run Update Statistics


Database objects statistics help make data access more efficient. The optimizer of the database engine will perform better if the table indexs statistical information is current. This information helps SAP R/3 find an item in the database faster. By default, SQL Server 2000 has automatic statistics turned on. The possibility of manually scheduling update statistics using the CCMS scheduling calendar still exists. This scheduling might be necessary after large data insertions or deletions from a given table (for example, client copy, BDC sessions, and archiving).

System Passwords
SQL server
For additional information, see SAP Note 28893. User IDs to change:
I I

sa sapr3

306

System Administration Made Easy | Release 4.6C/D

Task

Change passwords in SQL Server


1.
During the installation, by default:
ISQL server does not

From the NT desktop, choose Start Programs Microsoft SQL Server 2000 Enterprise Manager. In the SQL server Enterprise Manager:

2.

ask for or set a password for user sa. Once the installation is complete, the system administrator must manually create a password.
I

a. b. c. d.

Expand the SQL Server Group. Expand the server. Expand Security. Choose Logins.

For user sapr3, a default password is created. You must change the password. Beginning with release 4.5, user sapr3 is no longer used by SAP R/3.

These loopholes must be closed manually.

3.

On the right side of the screen, double-click sa (or sapr3, if sapr3 was created).

4.

Choose the General tab.

Chapter 10: Database Administration Microsoft SQL Server

307

5. 6.

In Password, enter a new password. Choose OK.

7. 8.

Reenter the password in Confirm New Password. Choose OK.

9.

For user sapr3, up through release 4.0, in the SQL Server Enterprise Manager Console, choose Tools SQL Query Analyzer.

308

System Administration Made Easy | Release 4.6C/D

10.

Enter the following SQL commands: use <SAPSID> go sap_change_password <OLD_PASSWD>, <NEW_PASSWD>

11.

Choose Execute Query (or choose Query Execute Query).

C H A P T E R

11

11

Database Administration Informix

310

System Administration Made Easy | Release 4.6C/D

Overview
This chapter describes SAP database administration for Informix. You learn about routine administration tasks to help ensure that the database runs smoothly. You can perform database administration tasks for Informix:
I I

In the SAP R/3 system Using SAPDBA

We recommend that you use the SAP R/3 system to schedule tasks for regular execution. However, the database must be up and running for you to use the SAP R/3 system. Certain tasks such as starting and stopping the database server must be performed using SAPDBA, which does not require the database to be running. Additionally, certain tasks such as extending a dbspace can only be performed with SAPDBA.

Scheduling Database Tasks


Many Informix database tasks can be scheduled in the SAP R/3 system using the DBA Planning Calendar. Tasks are automatically executed at userspecified intervals. You must only meet any requirements for the tasks (such as providing tapes for a backup) and check the results.

Example

You can specify a database backup to run every evening at 22:00. You only need schedule the backup once. After that, all you need do is to make sure the tapes are loaded and then check the results the following morning.

Initializing the DBA Planning Calendar


Note

You normally only need run this conversion once after database installation.

Before you can use the DBA Planning Calendar with the Informix backup tool ON-Bar, you must do a one-time conversion.
Task
Initialize the DBA Planning Calendar

1. 2.

In the Command field, enter transaction SE37 and choose In Function module, enter INFDBA_SWITCH_TOOL.

Chapter 11: Database Administration Informix

311

3.

To run the conversion, choose

4.

On the Test Function Module: Initial Screen, to perform the conversion, choose .

5. 6.
If you see DBA Planning Calendar (onarchive), run the conversion again to set the calendar to onbar.

To check the conversion, in the Command field, enter transaction DB13 and choose . The DBA Planning Calendar (onbar) screen appears, indicating that the DBA Planning Calendar is now set to onbar.

312

System Administration Made Easy | Release 4.6C/D

Scheduling a DBA Task to Run Regularly


This section tells you how to schedule a new DBA task to run regularly, for example, weekly.
Task

Schedule a DBA task to run regularly

1. 2. 3.
Note

In the Command field, enter transaction DB13 and choose

Select the day on which you want to run the action (for example, Thu Sep 06). Choose .

The current day, Tue Sep 04 in this example, is shown by default in white.

Note

This date already has a scheduled task at 23:00, WS BU (Inc).

4. 5.
If you want the task executed only once, leave Period empty.

Select the task you want to perform. This example shows a Database configuration check. In StartTime, enter the start time. To have the task executed weekly (for example), in Period, enter 1. Choose .

6. 7.

Chapter 11: Database Administration Informix

313

8. 9.

The new task, 22:00 DB Check, is created on the chosen day and weekly thereafter. A New action added message is displayed at the bottom of the screen.

Checking the Status of DBA Tasks


This section tells you how to check the status of a DBA task using the DBA Planning Calendar. For example, you can use this to check whether a task has completed successfully.
Task

Check the status of DBA tasks


1. 2.
In the Command field, enter transaction DB13 and choose . The tasks are color-coded. For example, tasks marked in red did not complete successfully.

314

System Administration Made Easy | Release 4.6C/D

3.

Double-click the day header to review the completed or scheduled tasks for the day. The example shows a completed task from a previous day, Sun Sep 02.

Note

4.

Select the action you are interested in and choose action log.

Action logs to check the

Some tasks, such as the first one in this example, do not have action logs. In this case, the Logs box is not checked.

Note

5. 6.

The system displays the action log for the Database configuration check. Choose .

The format of the action log varies according to the action.

7.

To display the job log for the task, choose Job Logs. The system displays the job log list.

Chapter 11: Database Administration Informix

315

8.

To see the contents of the log, select the log and choose

9.

This screen shows the contents of the job log.

Changing DBA Tasks


For any task that has not yet been executed, you can change the task parameters or delete the task.
Task

Modify DBA tasks


1. 2. 3.
In the Command field, enter transaction DB13 and choose . On the DBA Planning Calendar (onbar) screen, double-click the day header to review the scheduled tasks for a day, either today or a future day. This example uses Sun Sep 09. To change an action, select the action and choose . This example uses Update optimizer statistics (all tables). State SCHED means that the action is scheduled to run at the StartTime 01:00.

316

System Administration Made Easy | Release 4.6C/D

4.

Select different parameters for the action, then choose

5.

Select different parameters for the action, then choose

Chapter 11: Database Administration Informix

317

Backing Up the Database


This section discusses backing up the Informix database by scheduling backup tasks in the DBA Planning Calendar. The backup tool we use is ONBar. You must back up the following data on your Informix database:
I I

Be sure to back up the data in your Informix database regularly, preferably daily. Otherwise, you risk losing data and endangering your business. Follow the procedures below carefully so that you can recover your database in the event of failure.

Database data that is, mainly data in the dbspaces of the database Logical-log data that is, ongoing transaction data

The following procedures show you how to schedule a weekly whole-system backup plus incremental backups on the remaining days of the week. Finally, we show you how to start a continuous logical-log backup. If your database crashes, you can restore the database using the whole-system backup (which restores the database to a consistent state). You can then roll the database forward to the point of failure using the incremental backups and the logical logs. Write essential information on your tapes, such as the date and time of backup to ease your restore process. Also, keep tapes for the length of your backup cycle (for example, 28 days) before overwriting them.

Tips & Tricks

Requirements for Backing Up the Database


Keep backups for at least 28 days before overwriting them. You can restore the database to the state it was in during the previous 28 days, which might be necessary in the event of an application error. Before you start to back up database data or logical-log data, install and configure a storage manager, such as Informix Storage Manager (ISM). If possible, use separate storage devices for database and logical-log data. Ensure that the storage devices in the ONCONFIG file are not set to /nul (Windows) or /dev/null (UNIX). Make sure that you have the correct tapes mounted on the correct tape devices and that there is enough space available to complete the backup. Perform a physical consistency check from time to time before a whole-system backup.

Scheduling Backups of Database Data


This procedure shows you how to schedule the following database backups in the DBA Planning Calendar:
I I

Whole-system backups once a week (on Saturday in the example) Incremental backups once a day on the remaining six days of the week
Task

Schedule database backups

1. 2.

In the Command field, enter transaction DB13 and choose

Select the day on which you want to run whole-system backups.

318

System Administration Made Easy | Release 4.6C/D

3. 4.

Choose

On the Create a New Action dialog box:

a. b. c. d.

Select Whole system backup (serial). In StartTime, enter the time to start (for example, 20:00). In Period, enter a number (for example, 1). This means that the backup is repeated weekly at the same time. Choose to schedule the action.

Note

5.

We recommend that you run incremental backups on the remaining six days of the week, that is, Sunday through Friday. Therefore, you have to perform the remainder of this procedure once for each day.

The new task, 22:00 WS BU L0, is created on the chosen day and weekly thereafter.

6. 7.

Select the day on which you want to run incremental backups. Choose .

Chapter 11: Database Administration Informix

319

8.

On the Create a New Action dialog box:

a. b. c. d.

Select Incremental whole system backup (serial). In StartTime, enter 23:00. In Period, enter 1 (this means that the backup is repeated weekly at the same time). To schedule the action, choose .

9.

On the Database Backup Level dialog box:

a. b.

Select Incremental (level 1). Choose .

320

System Administration Made Easy | Release 4.6C/D

10.

The new task, 23:00 WS BU (Inc), is created on the chosen day and weekly thereafter.

11.

The following screenshot shows how the calendar looks after you have scheduled all the required backups:
I I I

On Sunday through Friday, there is an incremental backup scheduled: 23:00 WS BU (Inc) On Saturday, there is a whole system backup scheduled: 20:00 WS BU L0 All backups are repeated weekly.

Chapter 11: Database Administration Informix

321

Backing Up Logical Log Data


A continuous logical log backup means that the logical-logs are backed up as soon as they fill. When you back up logical log data (in addition to database data), you have the best protection against database failure because this means that you can restore data right up to the point of failure.
Task

Back up logical log data

1. 2.

Using your normal text editor, open the ONCONFIG file, located in the directory %INFORMIXDIR%\etc (Windows) or $INFORMIXDIR/etc (UNIX). Amend the line with ALARMPROGRAM so that it looks as follows:
I I

ALARMPROGRAM = %INFORMIXDIR%\log_full.sh(Windows) ALARMPROGRAM = $INFORMIXDIR/log_full.sh(UNIX)

3. 4.

Restart the database server for the changes to take effect. Make sure that the tape drive always contains a tape with sufficient space to store the logical log data. After you have processed this change, when the database starts, continuous logical log backup is activated. Each logical log is automatically backed up as soon as it fills.

Checking the Database System


We recommend that you run a database check regularly, because it warns you of situations that might cause database operational problems, and allow you to take preventative action. For example, the database check highlights incorrect configuration settings and lack of disk space. These issues might lead to performance problems or even downtime if not corrected promptly.
Task

Schedule a database check

1. 2. 3.

In the Command field, enter transaction DB13 and choose Select the day on which you want to run the database check. Choose .

322

System Administration Made Easy | Release 4.6C/D

4.

On the Create a New Action for <XXXXX> dialog box:

a. b. c. d.

Select Database configuration check. In StartTime, enter 18:00. In Period, enter 1 ( the check is repeated weekly at the same time). Choose .

5.

The new task, 18:00 DB Check, is created on the chosen day and weekly thereafter.

Task

View the results of a database check

1.

In the Command field, enter transaction DB13 and choose

Chapter 11: Database Administration Informix

323

2.

Double-click the entry for the database check that you want to look at. In this example, we look at the entry for 22:00 DB Check on Sun Sep 02.

Note

This entry is highlighted, indicating that an error has occurred.

3. 4. 5.

The log for the database check appears. Drill down to look at details for the marked <Error> or <Warning>. This example shows the error message for the LTAPEDEV parameter, which is set incorrectly.

6.
To find more information if there is a problem with the database, look at the message log. See "Viewing the Database Message Log" below.

Follow the recommendation to fix the problem.

324

System Administration Made Easy | Release 4.6C/D

Viewing the Database Message Log


If there is a problem with the database for example, an alert generated by the database check you can use the database message log to help you solve the problem.
Task

View the database message log


1. 2.
In the Command field, enter transaction ST04 and choose Choose Detail Analysis Menu. .

Chapter 11: Database Administration Informix

325

3.

On the Database Performance Analysis: INFORMIX Database Overview screen, under Analyze exceptional conditions, choose Database Message Log.

4.

On the Database Messages dialog box:

a. b.

Depending on what kind of messages you want to view, select either Only alerts or All messages. Choose Display.

5.

The Database Messages screen appears, displaying details of the database alerts. Scroll down to see the most recent entries.

326

System Administration Made Easy | Release 4.6C/D

Updating Statistics
We recommend you update statistics regularly (for example, weekly) to improve database performance. Up-to-date statistics mean that the query optimizer can choose the best query plan, reducing the time taken by your SAP applications to access data.
Task

Update statistics
1. 2. 3. 4.
In the Command field, enter transaction DB13 and choose Select the day on which you want to run update statistics. Choose . .

On the Create a New Action for <XXXXX> dialog box:

If you want the task executed only once, leave Period empty.

a. b. c. d.

Select Update optimizer statistics (all tables). In the StartTime, enter the time to start the job (for example, 01:00:00). To have the task executed weekly, in Period, enter 1. Choose .

Chapter 11: Database Administration Informix

327

5.

On the Parameters for Update Statistics dialog box:

a. b.

If required, change the parameters. However, the default values are usually acceptable. Choose .

6.

The new task, 01:00 Update sta, is created on the chosen day and weekly thereafter.

Checking Database Consistency


Database consistency should be checked on occasion (for example, once a month) before a full system backup. This check ensures that the backup contains valid data, so it can be reliably used in the event of a restore.

328

System Administration Made Easy | Release 4.6C/D

Task

Check database consistency


1. 2. 3. 4.
In the Command field, enter transaction DB13 and choose . Select the day on which you want to run the consistency check. Choose .

On the Create a New Action for <XXXXX> dialog box:

a. b. c.
If you want the task executed only once, leave Period empty.

Select Physical consistency check. In StartTime, enter the start time (for example, 18:00:00). In Period, enter the period in number of weeks (for example, to execute the task every four weeks, enter 4). Choose .

d.

5.

On the Create a New Action for <XXXXX> dialog box:

a. b.

Select for all tables of database. Choose .

Chapter 11: Database Administration Informix

329

6.

The new task, Cons. Check is scheduled on the chosen day and every four weeks thereafter.

Checking Database Disk Space


By regularly checking database disk space, you ensure that the database does not run out of space. If the database runs out of space, it stops and normal operation cannot continue until you have provided more space.
Task

Check database disk space


1.
In the Command field, enter transaction ST04 and choose .

330

System Administration Made Easy | Release 4.6C/D

2.

On the Database Performance Analysis: INFORMIX Database Overview screen, choose Detail Analysis Menu.

Note

3.

This screen can also be called from transaction DB02.

On the Database Performance Analysis: INFORMIX Database Overview screen, under Additional functions, choose State on disk.

Chapter 11: Database Administration Informix

331

4.

On the Database Performance: Tables screen, under Tables/Indexes, choose Space-critical objects.

332

System Administration Made Easy | Release 4.6C/D

5.
We recommend you to schedule the database check for regular execution in order to identify space problems early. However, if you are loading a large amount of data, or if you suspect a space problem, we recommend you to use this one-off procedure.

The screenshot shows that objects in the psapprot dbspace require more space. If one of these objects needs extending, there is not enough space in the dbspace. In the column Next extent, each object requires 10,240 KB for a new extent. However, there is only 9,230 KB available, as shown in column Freespace in Dbspace, Total.

Note

The database check procedure also alerts you to space problems. Here is a warning from the database check that the psapprot dbspace needs extending. For more information on how to check the database system, see Checking the Database System on page 321.

6.

Be sure to extend the psapprot dbspace as soon as possible. For more information on how to do this, see Extending a Dbspace on page 337.

Chapter 11: Database Administration Informix

333

Using SAPDBA
This section describes how you can use SAPDBA to administer your Informix database. Where possible, we recommend you to perform database administration in the SAP system. This is because you can use the DBA Planning Calendar in the SAP system to schedule many routine tasks such as database backup for automatic execution. In addition, the SAP system offers a modern graphic user interface (GUI) for easy operation.

Tips & Tricks

What is SAPDBA?
SAPDBA is an integrated database administration tool for Informix databases running with SAP systems. You can use it without detailed knowledge of the database and its tools. SAPDBA filters information about the database, showing you only what you need, and uses complex database statements to let you confidently manipulate the data while ensuring security and integrity. SAPDBA offers a character-based menu interface and a command line mode. You can perform the following database administration tasks with SAPDBA:
I I I I I I I I

Use SAPDBA in menu mode, unless you are experienced.

Change server mode (that is, start and stop the database) Administer dbspaces Reorganize the database Check database consistency Update statistics Change logging mode Check the database system View system information Some of the above tasks such as database reorganization require considerable experience. If you are uncertain about these tasks, seek support before attempting to perform them. We do not explain the full functionality of SAPDBA in this documentation.

Caution

334

System Administration Made Easy | Release 4.6C/D

Getting Started with SAPDBA


SAPDBA is set up to run with the users informix and <sid>adm, where <sid> is your system ID in lowercase. For these users, the required environment variables are set during the installation.

Note

Certain advanced SAPDBA functions are not available if you log on as user <sid>adm. For full functionality, log on as user informix.
Task

Start SAPDBA
You can log on to the database server using a remote session for example, with Telnet (UNIX) or pcAnywhere (Windows).

1. 2. 3.

Log on to the database server as user informix (for example, su informix). On the command line, enter sapdba. The SAPDBA start screen appears.

The top of the screen displays useful status information about the database server, such as Server Mode and the number of 'sapr3' User(s) logged on.

Starting and Stopping the Database


The following task shows you how to start and stop the database using sapdba.
Task

Start and stop the database using sapdba

1. 2.

Log on to the database server as the user informix or <sid>adm. To start SAPDBA, enter sapdba.

Chapter 11: Database Administration Informix

335

3. 4.

The SAPDBA start screen appears. In this example, the database server is in OFFLINE mode. Choose Server Mode.

5.

Choose Switch to Online Mode.

336

System Administration Made Easy | Release 4.6C/D

6.

The server switches to online mode.

7. 8. 9. 10. 11.
Before stopping the database, make sure that all users are disconnected. Also be sure to stop the SAP R/3 system. If there are still users connected to the database or the SAP System is still running, SAPDBA warns you with a message

The server is in ONLINE mode. You can now start the SAP System. The screen displays the number of SAP users connected (1 user, the SAPDBA user). You can also see that Logging Mode is turned on. To stop the database server, choose Server Mode. Choose Switch to Offline Mode.

Chapter 11: Database Administration Informix

337

12.

The server switches to offline mode.

Extending a Dbspace
This section describes how to make extra disk space available for database data. The database consists of dbspaces that contain the data. You must make sure that there is always enough space in the dbspaces to extend database objects, such as tables, that are growing due to new data. As they grow, database objects within the dbspaces are extended automatically, but you must extend the dbspaces yourself when required.
Note

You can identify when a dbspace needs extending using either of the following procedures:
I I

Checking disk space, as described in "Checking Database Disk Space" above.

Checking the database system, as described in "Checking the Database System" above. One of the alerts produced by this check indicates when a dbspace is running out of space. You do not need to stop the database server to extend a dbspace.

Task

Extending a dbspace
Note

1. 2.

Log on to the database server as the user informix. To start SAPDBA, enter sapdba.

You cannot extend a dbspace as user <sid>adm.

338

System Administration Made Easy | Release 4.6C/D

3.

Choose Dbspaces.

4.

Choose Add a Chunk.

5. 6. 7.

Choose a. In Dbspace, enter the dbspace name (for example, psapprot). Choose Enter.

Chapter 11: Database Administration Informix

339

8.

Choose s.

9. 10. 11. 12.

Choose a. In Size, enter the size of the new chunk. Choose Enter. Choose Select 'primary' gap to find a physical gap on the device for the new chunk.

13.

Select a gap with enough space for the new chunk (for example, 2).

340

System Administration Made Easy | Release 4.6C/D

14.

Choose Enter.

15. 16.

Choose Execute to add the new chunk. The message tells you that the new chunk has been added to the psapprot dbspace.

Chapter 11: Database Administration Informix

341

17.

Choose o.

Further Information
More information about database administration with Informix can be found at the following web sites:
I I

www.service.sap.com/dbainf www.informix.com/documentation

For support information about Informix with SAP, see service.sap.com/notes. For information on Informix database administration relating to, for example, SAP Release 4.6C, enter the following search criteria and choose Submit:

Release: 46c; Application Area: bc-db-inf; Database: Informix

342

System Administration Made Easy | Release 4.6C/D

C H A P T E R

12

12

Database Administration Oracle Database

344

System Administration Made Easy | Release 4.6C/D

Overview
The Oracle Relational Database has the ability to support large databases. The amount of work involved in managing the Oracle database largely depends on the size and the workload. Despite the complexity of the database, SAP supplies several database administration tools in the standard SAP System package to help you manage the database more easily. The database administration tasks discussed in this chapter are those not covered in other sections.

Note

The SAPDBA discussed in this chapter is documented on Unix platform. The NT version is similar. Press the Enter key each time the program asks you to Press <return> to continue. The database should be started before SAP R/3 is started and the SAP R/3 should be stopped before the database is stopped.

Starting and Stopping the Database


The following tasks show you how to start and stop the database.
Task

Start the database

1.

To start the SAPDBA:

a. b.

Log on as user ora<sid> (for example, su oraarc). At the command prompt, enter sapdba and choose Enter.

Chapter 12: Database Administration Oracle Database

345

2.

On the SAPDBA screen:

a. b.

In Please select, enter a startup or shutdown instance. Choose Enter.

3.

In Please select, enter a and choose Enter.

346

System Administration Made Easy | Release 4.6C/D

4. In Please select, enter a

and choose Enter.

5.

Choose Enter.

6.

The INSTANCE STATUS of open indicates that the database has been started.

Chapter 12: Database Administration Oracle Database

347

7.

In Please select, enter q and choose Enter.

8. To return to the main SAPDBA menu screen, in Please select, enter q


press Enter.
Task

and

Stop the database

1.
To stop SAP R/3, you must log on as user <sid>adm. In this example, enter su arcadm and stopsap to stop SAP R/3. Enter exit to switch back to user ora<sid> to start the SAPDBA administration tool.

Stop SAP R/3. From the main SAPDBA screen, in Please select, enter a and choose Enter.

2.

348

System Administration Made Easy | Release 4.6C/D

3. In Please select, enter b and choose Enter.

4.

In Please select, enter a and choose Enter.

Chapter 12: Database Administration Oracle Database

349

5.

Choose Enter.

6.

The INSTANCE STATUS indicates that it has been shut down.

7. In Please select, enter q and choose Enter.

8. In Please select, enter q and choose Enter to return you to the main SAPDBA
menu screen.

Computing Center Management System (CCMS)


The Computing Center Management System (CCMS) has tools available for SAP R/3 administrators to monitor and maintain the database. This section will discuss the transactions that are available for SAP R/3 administrators to perform database administration from within the SAP R/3 system.

350
Note

System Administration Made Easy | Release 4.6C/D

The database administration tools within CCMS include:


I I I I I I

Some DBA functions can only be performed outside of the SAP R/3 system. In theses cases, you must use an external tool supplied by the database manufacturer or a product recommended or designed by SAP (for example, SAPDBA).

Database Performance Monitoring Database Tables and Indexes (Allocation) The DBA Planning Calendar Backup Status Logs Database Alert Monitor Others

To simplify the administration of the SAP R/3 system, SAP has built in database administration tasks into the CCMS framework. This enables the SAP R/3 administrator to perform routine system tasks from one location from within the SAP R/3 system.

Database Performance Monitor


The Database Performance Monitor (transaction ST04) assists you in monitoring the health of your database server.
Task

Monitor database activity


1. 2.
In the Command field, enter transaction ST04 and choose Enter (or choose Tools CCMS Control/Monitoring Performance Menu Database Activity). The Database Performance Analysis: Oracle Database Overview screen appears.

Chapter 12: Database Administration Oracle Database

351

3.
Data buffer
I

Choose Detail analysis menu.

The data buffer contains the Oracle data blocks in shared memory. On a production system, SAP recommmends that you maintain a data buffer quality of at least 97%.

Shared Pool
I

The shared pool holds several memory structures, such as the data dictionary cache and the shared SQL statements.

Log buffer
I

The log buffer contains information about changes being made to the database before the buffer information is written to the redo log files.

Calls
I

Calls display the number and type of calls that the SAP processes request to the Oracle database.

352

System Administration Made Easy | Release 4.6C/D

4. 5.
Oracle session
I

The Database Performance Analysis: Oracle Database Overview screen appears. Choose Database message log.

This monitor displays information about the various database processes and the SAP R/3 work processes associated to the session.

SQL request
I

This monitor provides an analysis of the shared cursor cache used for performance tuning.

Exclusive lock waits


I

This function analyzes if a process is exclusively holding a lock, causing other processes to lock while waiting for the held resource.

Database message log


I

This log displays the Oracle alert log, alert_<SID>.log.

6.

On the Database Messages dialog box:

a. b.

Select the Only alerts option. Choose Display.

Chapter 12: Database Administration Oracle Database

353

7.

The Database Messages screen appears. The log displays all messages written to the Oracle alert log. To monitor for problems with the database, you can search for the errors that are generated and written to the log. The errors are typically displayed with a referencing Oracle error message number (ORAXXXX).

Database Tables and Indexes Analysis


The database performance monitor performs extensive checks on the database system and stores this information into database statistics tables used for analysis. SAP R/3 administrators can utilize this resource to monitor and analyze the system for potential database problems. Administrators should routinely use the performance monitor for the following tasks:
I I I

Checking for space-critical objects Looking for lost indexes Analyzing database growth
Task

Analyze database allocation


1.
In the Command field, enter transaction DB02 and choose Enter (or choose Tools Administration Monitor Performance Database Tables/Indexes).

354

System Administration Made Easy | Release 4.6C/D

2.

On the Database Performance: Tables and Indexes screen:

a. b.

If the time of the analysis is out of date, you must first refresh the data and call the performance collector to publish new information. Choose Refresh.

Refresh button

3.

On the Refresh Database Statistics dialog box, choose Perform database checks.

4.

To refresh the database statistics, choose Yes. The report RSORAT0D is scheduled to run in the background.

Chapter 12: Database Administration Oracle Database

355

Scheduling Database Tasks (DB13)


The DBA Planning Calendar can be used to schedule and execute certain database administration (DBA) tasks, such as backups, updating statistics for the cost-based optimizer, database system checks, and so on.

Scheduling the DBA task


The following tasks shows you how to schedule a DBA task.
Task

Schedule a DBA task

1. 2.

In the Command field, enter transaction DB13 and choose Enter (or choose Tools CCMS, then DB Administration DBA Planning Calendar). On the DBA Planning Calendar: Maintain screen:

a. b.

Select a date (for example, Monday August 28). Choose Create.

3.

On the Schedule an Action for <XXXXX> dialog box:

a. b.

Select the task you want to perform (for example, Check database). Enter the start time in StartTime.

356

System Administration Made Easy | Release 4.6C/D

c.

Choose

Note

4.

To schedule a backup task, the backup must be able to run unattended. This means that you must have a tape drive with sufficient capacity to back up the database without changing tapes, or multiple tape drives with sufficient total capacity.

The task is created in the day and the Action scheduled message displays in the status bar.

Scheduling Predefined Action Patterns


Note

If you use an external backup solution to manage the backup of the database these predefined action patterns may not apply to your environment.

An action pattern implements a backup strategy and other database administration activities that must be regularly performed. Once you choose a predefined action pattern, the system adds the corresponding activities to the DBA Planning Calendar, and plans the background jobs that will execute the activities. Using a predefined action pattern ensures that you are following the SAP standards for database activities, and also provides an easy alternative to manually setting up the backup schedules.

Chapter 12: Database Administration Oracle Database

357

Task

Schedule a predefined action pattern

1. 2. 3.

In the Command field, enter transaction DB13 and choose Enter (or choose Tools CCMS, then DB Administration DBA Planning Calendar). On the DBA Planning Calendar: Maintain screen, choose Calendar Action Pattern. On the Schedule an Action Pattern dialog box:

a. b.

Select the appropriate backup cycle. Choose Enter.

Task

Review the DBA Planning Calendar

1. 2.

In the Command field, enter transaction DB13 and choose Enter (or choose Tools CCMS, then DB Administration DBA Planning Calendar). On the DBA Planning Calendar screen:

a.

Review the scheduled tasks for the day. The color of the task indicates status: Red Failure Yellow Problem/warning Green Success Purple Started

358

System Administration Made Easy | Release 4.6C/D

b. c. d.

If there are more jobs than can be displayed, a scroll bar appears. Select a task. Choose Job logs.

3.

On the Job Logs screen:

a. b.

Select the job. Choose Display log.

4.

On the Job Log screen:

a. b.

Choose Choose

. .

Chapter 12: Database Administration Oracle Database

359

5.

On the DBA Planning Calendar screen:

a. b.

Select the job. Choose Action logs.

6.

Choose Detail log.

7.

The SAPDBA Detail Log screen displays the detail log for the job. In this example, the log from the DB System Check is displayed.

360

System Administration Made Easy | Release 4.6C/D

The Database Utility


The database utility is the interface between the ABAP Dictionary and the relational database underlying the SAP R/3 system. The database utility allows you to edit database objects that are generated from objects of the ABAP Dictionary. This utility allows the database administrator more flexibility in managing and controlling database-related objects. By including this into the SAP R/3 system, this centralizes maintenance of database objects to within the SAP R/3 system. Storage parameters can be set for database tables using the Database Utility. These parameters affect the way in which tables are handled in the database. As the database grows and the tables are extended, the storage parameters of these tables may need to be modified.
Task

Modify storage parameters

1. 2.

In the Command field, enter transaction SE14 and choose Enter. On the ABAP Dictionary: Database Utility screen:

a. b.

In Obj. name, enter an object name to be modified (for example, S120). This is usually reported from the SAPDBA check report or from analyzing the tables and indexes report. Choose Edit.

Chapter 12: Database Administration Oracle Database

361

3.

On the ABAP Dictionary: Utility for Database Tables screen, to view and modify the storage parameters for this table, choose Storage parameters.

4. 5.

Information about the storage parameters for the table is displayed. Additional information about the indexes that access this table is also displayed. To switch to change mode, choose .

362

System Administration Made Easy | Release 4.6C/D

6. 7.

Modify the parameters, NEXT EXTENT and MAXIMUM EXTENTS as appropriate. Administrators have different policies of how they modify database storage parameters, though as a rule of thumb SAP recommends that you provide enough storage space to allow the object to take no more than 2 extents a month. To apply the changes to the database, choose Apply.

8.

Chapter 12: Database Administration Oracle Database

363

9.

A message appears in the taskbar to confirm that changes were applied to the database.

SAPDBA
Note

SAPDBA is also available for Informix.

SAPDBA is a tool that SAP created to assist the user in managing an Oracle database specifically for an SAP installation. SAPDBA is supported on both UNIX and Windows NT platforms. SAPDBAs uses include:
I I I I I I I

Start and stop the database Back up the database Back up the archive logs Restore the database Reorganize tables Check the database Other

364

System Administration Made Easy | Release 4.6C/D

Database tasks specific to SAP have been implemented in SAPDBA. SAPDBA tasks specific to backups are discussed in Backup on page 37. SAPDBAs parameter file init<SID>.sap is important. This file should be configured as part of the implementation. If things change (such as replacing a tape drive), you may need to modify the file.
Task

Set the parameter file

1.

Open the file init <SID>.sap using a text editor. NT: use sappad <drive>:\orant\database UNIX: use vi /oracle/<sid>/dbs This file contains the system parameters that configure the database.
Note

The init<sid>.ora file is a very important file for the correct functioning of the database and should be frequently backed up.

2. 3.

Edit the parameters as appropriate. You can reference SAP Note 124361 for SAP recommendations for Oracle DB parameters for SAP R/3 release 4.x. Some other parameter files that control the database operation are:
I

init<sid>.dba

These parameters describe the values that are defined for use by the SAPDBA utility.
I

init<sid>.sap

Chapter 12: Database Administration Oracle Database

365

These parameters describe the values that are defined for use by the SAP backup utility.

Task

Start SAPDBA

1. 2. 3.

To start SAPDBA, in a Telnet application, log on as user ora<sid> (for example, su oraarc). At the Command prompt, enter sapdba and press Enter. The main SAPDBA screen appears.

366

System Administration Made Easy | Release 4.6C/D

Checking the Database


There are two database checksdatabase system check and database verification. The database system check performs a system health check, which monitors the following:
I I I I

Space is checked (free space and fragmentation) Oracle alert messages are monitored

init.ora profile parameters are checked


Physical consistency is checked

The database verification checks the Oracle database internal block structure.

Checking the Database System


Ensure that the database is running. Also, update to the latest version of SAPDBA and the related BR files (BRARCHIVE, BRBACKUP, BRCONNECT, BRRESTORE, and BRTOOLS). Note that the checking of the database system can also be scheduled using the DBA Planning Calendar (DB13) to check the database structure.
Task

Check the database

1.

On the main SAPDBA screen, in Please select, enter k and choose Enter.

Chapter 12: Database Administration Oracle Database

367

2.

In Please select, enter a and choose Enter.

3.

A list of database checks to be performed appears. Once you have read the message, choose Enter. This step may occurs many times.

4. 5.

When requested, enter y and choose Enter to start the check process. When requested, choose Enter to continue the check process. This step occurs many times.

6. When the check completes, choose Enter.

368

System Administration Made Easy | Release 4.6C/D

7. To return to the main SAPDBA screen, enter q and choose Enter.

8.

The log from the verification run is found in:

NT: <drive>:\oracle\<sid>\sapcheck UNIX: /oracle/<sid>/sapcheck The filename is in the following format: YYMMDDHHMM.chk

Chapter 12: Database Administration Oracle Database

369

9.

You can view log file in a text editor, such as Notepad in the screenshot below.

Database Verification
Database verification checks the Oracle internal block structure. Ensure that SAP R/3 is stopped and that the database is running.
Task

Verify the database


1.
On the main SAPDBA screen, in Please select, enter k and choose Enter.

370

System Administration Made Easy | Release 4.6C/D

2. In Please select, enter b and choose Enter.

3.

In Please select, enter s and choose Enter.

4.

When the job finishes, press Enter.

5.

Check the verification log. The log from the verification run is found in: NT: <drive>:\oracle\<sid>\sapcheck UNIX: /oracle/<sid>/sapcheck

Chapter 12: Database Administration Oracle Database

371

The filename is in the following format:

YYMMDDHHMM.dbv

6.

The file can be viewed with a text editor, such as Notepad below.

SAPDBA Backup Tasks


SAPDBA is a tool provided by SAP to perform Oracle database administration tasks, such as setting the parameter file, initializing backup tapes, and performing backups of the database and archive logs.

Initializing the Backup Tapes


Initializing the Database Backup (BRBACKUP) Tape
Backup tape initialization can be done using SAPDBA, or using BRBACKUP.
Task

Using SAPDBA to initialize a database backup tape


1. 2.
Log on as user ora<sid> (for example, su - arcadm). At the Command prompt, enter SAPDBA and choose Enter.

372

System Administration Made Easy | Release 4.6C/D

3.

In Please select, enter h and choose Enter.

4.

In Please select, enter a and choose Enter.

5.

In Please select, enter b and choose Enter.

6. 7.

In Please select, enter q and choose Enter. Note the description on the line Backup function showing Initialize BRBACKUP tape.

8. If you only have one tape to initialize, go to step 11. If you have more than
one tape to initialize, in Please select, enter d and choose Enter.

Chapter 12: Database Administration Oracle Database

373

9. Enter the number of tapes to initialize and choose Enter.

10. The number of tapes to initialize should appear on the line d Number of
tapes.

11. In Please select prompt, enter s and choose Enter. 12. When the program prompts Your reply, enter cont to continue.

13.

Press Enter.

Volume name used by BRBACKUP to initialize tape (from init<SID>.sap file)

Initialization completion

374

System Administration Made Easy | Release 4.6C/D

Task

Use BRBACKUP to initialize a database backup tape


1.
To force tape initialization, at the Command prompt, enter brbackup i force n 1 v <volname>

Note

n (Number of tapes parameter) is required to initialize a pool of tapes. v <volname> (Volume name parameter) is optional. Use this option only if you must initialize a tape with a specific volume name (for example, when replacing a damaged tape). If v <volname> is omitted, the command will use the name table in the init<SID>.sap file.

2.
The entry cont is casesensitive.

When the program prompts Your reply, enter cont to continue and choose Enter. When initialization has finished successfully, the message BRBACKUP terminated successfully displays. Remove the tape from the drive and label it matching the specified name.

3. 4.

Initializing the Archive Tape


Archive tape initialization can be done using SAPDBA or using BRARCHIVE.

Chapter 12: Database Administration Oracle Database

375

Task
Initialize an archive tape using SAPDBA

1. 2.

At the Command prompt, enter SAPDBA and choose Enter. In Please select, enter i and choose Enter.

3.

In Please select, enter a (Archive function) and choose Enter.

4.

In Please select, enter k and choose Enter.

376

System Administration Made Easy | Release 4.6C/D

5.

In Please select, enter q and choose Enter.

6. 7.

Note the message to the right of Archive function, showing Initialize BRARCHIVE tape. The number of tape to be initialized can be changed in the same way as BRBACKUP. To change the number of tapes to be initialized:

a. b. 8.

In Please select, enter d and choose Enter. Enter the number of tapes to initialize and choose Enter.

To start BRARCHIVE, in Please select, enter s and choose Enter.

9. 10.

When the initialization finishes, the message BRARCHIVE executed successfully displays. Remove the tape and label it to match the label name.

Chapter 12: Database Administration Oracle Database

377

11.

Choose Enter.

Task
Initialize an archive tape using BRARCHIVE

1. 2.

Log on as user ora<sid> (for example, su oraarc). At the Command prompt enter brarchive i force n 1 v <volname> Initializing parameters are the same as for BRBACKUP. For more information, see Use BRBACKUP to initialize a database backup tape on page 374.

3. 4. 5. 6.

When the program prompts Your reply, enter cont to continue. Choose Enter. When initialization has finished successfully, the message BRBACKUP terminated successfully displays. Remove the tape from the drive and label it matching the initialized label.

378

System Administration Made Easy | Release 4.6C/D

Back Up
To back up both the database and archive logs:
I I I I

Determine the tapes required to do the backup. Gather the required tapes. Load the tape drive with the tapes. Execute the appropriate backup process.

Determining the Tapes Required to Back Up


The following process applies to both database and archive log backups using SAPDBA, BRBACKUP, or BRARCHIVE.
Task
Determine the tapes required to back up

1.

At the command prompt:


I I

For database, enter brbackup q and choose Enter. For archive logs, enter brarchive q and choose Enter.

2.

The volume labels that will be used are displayed (in this example, SAOB04 and SAOB01).
]

Backing Up the Database


For an offline backup, stop SAP R/3. Also, make sure you have the required, initialized and labeled, tape(s) as specified by brbackup q. We will use SAPDBA to perform the backup. SAPDBA executes BRBACKUP to perform the backup. BRBACKUP can be executed directly, which allows it to be executed by a cron job and scheduled.

Chapter 12: Database Administration Oracle Database

379

Task
Back up the database

1. 2. 3.

Log on as user ora<sid> (for example, su oraarc). At the Command prompt, enter SAPDBA and choose Enter. In Please select, enter h and choose Enter.

4.

Verify that Normal backup appears on Backup function.

5.

Review line e (Backup type) to determine what type of backup is configured, online or offline.

380

System Administration Made Easy | Release 4.6C/D

6.

If the type of backup needs to be changed, in Please select, enter e and choose Enter.

7.

From this screen, you have two options:


I I

a (online backup) b (offline backup)

8. 9.

In Please select, enter your option choice (for example, b) and choose Enter. In Please select, enter q (Return) and choose Enter.

10. 11. 12. 13.

In Please select, enter f and choose Enter. Enter the volume name of the taped used to backup the database. If there is more than one tape, separate the name by comma (for example, ARCB01, ARCB02). Choose Enter. In Please select, enter S and choose Enter.

Chapter 12: Database Administration Oracle Database

381

14. 15. 16.

The program prompts you to replace the tape when it needs changing. Replace the tape with the new tape and volume name specified. Enter cont, when the program prompts you to enter cont to continue. Choose Enter.

17.

When the backup has finished successfully, the message BRBACKUP terminated successfully appears.

18. Remove the tape and store properly.

Back Up the Archive Logs


Make sure you initialize and label sufficient tapes, and have the required, initialized and labeled, tapes as specified by brarchive q. We will use SAPDBA to perform the backup. SAPDBA executes BRARCHIVE to perform the backup. BRARCHIVE can be executed directly, which allows it to be executed by a cron job and scheduled.
Task

Back up the archive logs

1.

At the command prompt, enter SAPDBA and choose Enter.

382

System Administration Made Easy | Release 4.6C/D

2.

In Please select, enter i and choose Enter.

3.

To enter some of the parameters of archiving, enter a (Archive function) at the prompt and choose Enter.

4. 5.

Enter the letter for the type of archive log backup you want to do (for example, a). Choose Enter.

Chapter 12: Database Administration Oracle Database

383

6.
We recommend that you make two copies of the Oracle Archive Logs.

Enter q and choose Enter.

7. 8. 9.

Enter e and choose Enter. Enter the volume name of the tape used to backup the archive logs (for example, ARCA01) and choose Enter. Enter s and choose Enter.

10.

When the archive logs have been backed up successfully, the message BRARCHIVE executed successfully appears.

11. Choose Enter.

384

System Administration Made Easy | Release 4.6C/D

Useful Online Service System Notes


Online Service System Note # 68059 43499 43491 43486 43484 42293 34432 33307 31073 21568 16513 15465 04754 03807 02425 01042 01039 109521 Description SAPDBA - option -next with tablespace list All collective notes concerning DBA Tools Collective note: SAPDBA - Command line options Collective note: General SAPDBA Collective note: General DBA SAPDBA - new command line option analyze ORA-00020: max number of processes exceeded Cost-Based - Rule Based Optimizer (ORACLE) SAPDBA - new command lines -next, -analyze SAPDBA: Warning: only one member of online redo File system is fullwhat do I do? SAPDBA - shrinking a tablespace Buffer synchronization in centralized systems Tablespace PSAPROLL, rollback segments too small Function of tablespaces/DBspaces on the database ORACLE TWO_TASK connect failed Problems with ORACLE TWO_TASK linking SAPDBA: Termination of check run on WinNT

PART SIX

Operations Overview

386

System Administration Made Easy | Release 4.6C/D

Part Overview
Operations, as a topic, is composed of various system-related topics that can be loosely called data center operations. Chapter 13 discusses the printing and spooling processes of your SAP system. We talk about setup and management of the SAP printing system. Chapter 14 talks about administration of secondary systems relating to the SAP system, such as the network, operating system, and servers. Chapter 15 covers general system operation. Background jobs are covered here, as well as operational modes and backups. Chapter 16 discusses the management of change. Over time, your system may require patches and fixes. We talk about how to manage them effectively in this chapter.

C H A P T E R

13

13

Output Management

388

System Administration Made Easy | Release 4.6C/D

Overview
This chapter covers the setup and management of the SAP R/3 printing system. To accommodate the open client/server architecture concept, SAP has its own spool system that provides a uniform interface independent of the system platform.

Printer Setup (SPAD)


Before you set up a printer in SAP R/3:
I I I

Set up the printer at the operating system level. Know the printer name. This name is the network name of the printer (for example, FIN3 or \\FINANCE\ACCT2; not HP Laser Jet 5si). Know the type of printer. This information is the manufacturer and model of the printer (for example, HP Laser Jet 5si).
Task

Set up the printer in the SAP R/3 system

1. 2.

In the Command field, enter transaction SPAD and choose Enter (or from the SAP standard menu, choose Tools CCMS Spool SPAD-Spool administration). In the Device/servers tab, choose Output devices.

Chapter 13: Output Management

389

3.

Choose

to switch to change mode.

4.

Choose

5. 6. 7. 8.
The Model and Location fields are important because you cannot use a printer if you do not know its location and its model name. The key is to make your description as precise as possible. If the printer has been moved, remember to update this field.

In Output device, enter a descriptive name for the printer (required). Optionally, in Short name, enter a short name. The system can define it for you. In our example, we will let SAP R/3 define the short name. Choose the Device Attributes tab. On the Device Attributes tab:

a. b. c. d.

In Device type, choose printer (required).

to select the appropriate device type for your

In Spool server, choose to select the appropriate server where your print requests will be processed. In Model, enter the printers make and model. In Location, enter the printers location.

390

System Administration Made Easy | Release 4.6C/D

e.

The message field is used for a temporary message that replaces the Location text. Messages are useful if a printer is offline for repair, for example.

At this point, things can get complicated. In general, use the following local access methods to reduce network problems in the system. For:
I

9.

Choose the HostSpoolAccMethod tab. to select the appropriate access method.

10. In Host spool access method, choose 11.

NT Select C Direct operating system call. UNIX Select L Print locally via LP/LPR

In Host printer, enter the printer name as defined in your network (required).

12.

Select the Output Attributes tab.

Chapter 13: Output Management

391

13.

On the Output Attributes tab:

a. b. c.

In this section, you can specify a cover page (optional). Select Monitor using monitoring architecture. If you have a large number of printers, do not select this option. Choose .

14.

In our example, to let SAP R/3 create the short name, choose Yes.

15.

If we had entered a short name, and there is a name conflict with an existing printer, this conflict message would appear. If this name conflict exists, at this dialog box, choose Yes.

16.

A message indicates that the printer was created.

392

System Administration Made Easy | Release 4.6C/D

17.

Choose the Tray info tab.

Note
Automatic selection means that the correct tray is selected based on the paper format (such as letter). This selection applies only to the paper format, not the type of paper (for example, letter head, invoice, blank, and so on.)

18. 19.

Under Active, select the paper tray to activate it for automatic selection. Under Page format, enter the page format or choose .

Chapter 13: Output Management

393

20.

On the Page Formats dialog box:

a. b.

Select the proper paper format. Scroll down to see the Letter and Legal paper formats. Choose .

21. 22.

Repeat steps 1820 for all printer trays. Choose .

23. 24.

Choose

A message in the status bar indicates that the paper tray information was saved.

394

System Administration Made Easy | Release 4.6C/D

25.

Choose

Note
For frontend printing please see SAP Note 114426.

26. 27.

The new printer (Finance GL) is now in the printer list. To test the printer, from the menu bar, choose Output device print this list.

Check the Spool for Printing Problems (Transaction SP01)


The spool is the SAP R/3 systems output manager. Data is first sent to the SAP R/3 spool and then to the operating system for printing. There may be problems with the printer at the operating system level. These problems must be resolved immediately for time-critical print jobs (for example, checks, invoices, shipping documents, and so on) to avoid operational impact.

Chapter 13: Output Management

395

You should check for active spool jobs that have been running for over an hour. These long-running jobs could indicate a problem with the operating system spool or the printer.

Check the Spool for printing problems

Task

Note
The range of data will depend on your installation. If you generate hundreds or thousands of spools a day, you would choose every day. This data range would be much shorter, possibly only two days.

1. 2.

In the Command field, enter transaction SP01 and choose Enter (or choose SAP standard menu Tools CCMS Spool SP01-Output Controller). On the Output controller: Spool request selection screen:

a. b. c. d.

In Created by, delete any information. In Date created, set the date (for example, a week ago, or to any other date range to check for other problems). In Client, delete any information. Choose

3.

Look for jobs with an error in the Output Status column.

396

System Administration Made Easy | Release 4.6C/D

4.

Double-click on the error.

5. 6.

Select the checkbox next to the error. Choose


.

7. 8.

Review and troubleshoot the error. Choose .

Chapter 13: Output Management

397

9. 10.

Select the error. Choose


.

11.

Use the log to investigate the problem (for example, The printer name is invalid).

Check that Old Spools are Deleted (SP01)


The SAP spool is the output manager for SAP R/3. From the SAP spool, the print job goes to the operating systems print spooler or manager. You must check that old spool jobs are being properly cleared by the daily batch job. Depending on how the spool system has been configured, old spools will use database space or file system space. Whether it is database or file system space, these spools are using potentially available space. Look for any errors that may indicate problems in the printing process.

398

System Administration Made Easy | Release 4.6C/D

Check that old spools are deleted


1. 2.
In the Command field, enter transaction SP01 and choose Enter (or from the SAP standard menu, choose Tools CCMS Spool SP01-Output Controller). Clear the following fields:
I I I I

Task

Created by Date created (date) to (date) Client .

3.

Choose

4. 5.

After the system has been operating for some time, check whether old jobs are being purged. Scroll down to find the oldest date. This date should be within the time frame defined for the job that runs RSPO0041 program (see SAP Note 16083). If the spool requests beyond the minimal age are found, the job may not be properly deleting the old jobs and needs to be analyzed.

Chapter 13: Output Management

399
.

6.
Two reasons for failure of the job that runs the RSPO0041 program are: The user ID under which the job is run does not have the proper security authorization to execute the program. The job is routed to an invalid printer. RSPO0041 has been replaced by RSPO1041. See SAP Note 130978.

To view the attributes of a spool request, highlight a request and choose

7. 8.

From this screen, the spool attributes, output, and temporary sequential database (TemSe) attributes can be conveniently accessed. Notice that information on the Number of pages generated, the Recipient, and the Delete date of the spool request are displayed.

9.

Choose the Output attributes tab.

400

System Administration Made Easy | Release 4.6C/D

10.

You can set the priority of the output request. The priority levels are from 19 with 1 being the highest priority.

Note
For more information, see Check Spool Consistency (SPAD) on page 407.

11. 12.

Select the TemSe attributes tab. The name and size of the object as stored in the TemSe database are displayed. This information is useful when there are inconsistencies in the spool and TemSe databases.

Chapter 13: Output Management

401

Printing the Output (SP01)


There are two types of requests:
I I

Spool Output

The spool request contains the printed document that has not been sent to the output device. The output data of this document is partially formatted and stored in the TemSe database. The output request tells SAP R/3 to format the request to a particular device and contains attributes such as target printer, number of copies, and so on. Each time you select the printer icon, an output request is created for the spool request.

Task
Print the contents of a spool request immediately or at another date and time using different parameters

1. 2.

Select a spool request. Choose to print directly. This step creates an output request and prints the contents of the spool request immediately on the printer.

3.

A message appears on the status bar stating that an output request was created.

402

System Administration Made Easy | Release 4.6C/D

4.

The Status column displays the status of the print job. If the output was printed successfully, the status is Compl (complete). Otherwise, a status of Waiting or Error will be displayed.

5.

To print a spool request with a different printer or change the start date and time:

a. b.

Select a spool request. To print with changed parameters, choose .

6.

On the Output controller: Print spool request <XXXXX> screen, you can:
I I I I

Change to another output device Increase the number of copies Change the priority Change the start date and time

In our example, we change the printer to DCBZ.

Chapter 13: Output Management

403

7.

Choose

to print directly.

8. 9.

The system displays a message that an output request was created. Choose .

404

System Administration Made Easy | Release 4.6C/D

10.

Under the Status column, the request is scheduled for printing.

Printing the Screen


You can quickly and easily print the contents of most screens or do a print screen by choosing the printer icon. Using this procedure also generates a spool request and an output request, which can be useful in testing that a new printer was setup correctly. Continue from the prior step or any screen with a printer icon. On some screens, there are two printer icons. The one to choose is usually located just under the menu bar. (When the cursor is passed over this button, Print Ctrl+P appears.)

Task
Print the screen

1.

Choose

Chapter 13: Output Management

405

2.

On the Output Controller: List of Spool Requests screen, you can specify or change the:
I I I I I I I I

Output device Number of copies Pages to print Spool request name Start time Change the priority Number of days you wish to keep the spool request Print format .

3.

In Spool retention per., choose

406

System Administration Made Easy | Release 4.6C/D

4.

In the Spool Retention Period dialog box:

a. b. c.

Selecting Do not delete keeps the spool request indefinitely. Therefore, this request will not be purged by program RSPO0041 that deletes old spools. Choose a spool retention period (for example, Delete after 8 days). Choose Save.

5. 6. 7.

On the Output Controller: List of Spool Requests screen, choose Continue. In the status bar, a message stating that a spool request was created is displayed. Choose .

Chapter 13: Output Management

407

8.

The new output requested now appears.

Check Spool Consistency (SPAD)


A spool consistency check compares data in the spool and output request tables (TSP01 and TSP02), with the entries in the TemSe tables (TST01 and TST03), TSP0E (archive) and TSP02F (frontend print request) tables. It also displays a list of obsolete write locks that should be deleted. If you delete table entries manually from the spool and TemSe tables or delete spool and TemSe objects from the directories, inconsistencies can occur. Other causes of inconsistencies are report and transaction terminations or an incorrectly executed client copy.

Task
Check spool consistency

1.

In the Command field, enter transaction SPAD and choose Enter (or from the SAP standard menu, choose Tools CCMS Spool SPAD-Spool administration).

408

System Administration Made Easy | Release 4.6C/D

2.

Choose the Admin. tab.

3.

Choose Consistency check of spool database.

Chapter 13: Output Management

409

4.

Note
Another report, RSPO1043, can be used for the spool consistency check. It should be scheduled as a periodic batch job (see SAP Note 98065).

The system checks the spool tables and the TemSe tables to make sure that each spool object has corresponding entries in each of the tables.

Check TemSe Consistency (SP12)


A TemSe consistency check compares data in TST01 [Temporary Sequential Database (TemSe) objects] and TST03 (TemSe data) tables. The TemSe contains objects that are temporary such as job logs, spool requests, tests for workflow, batch input logs, and personnel administration temporary data. The report RSTS0020 performs the consistency check. The relationship between the object and data in the TemSe may be destroyed due to the following activities:
I I I I

Restore from backups Copying databases Copying clients using improper tools Deleting clients without first deleting their objects

410

System Administration Made Easy | Release 4.6C/D

Check TemSe Consistency


1. 2.
In the Command field, enter transaction SP12 and choose Enter (or from the SAP standard menu, choose Tools CCMS Spool SP12-TemSe Administration). From the menu bar, choose TemSe database Consistency check.

Task

3.

The TemSe objects and data were checked. If there are inconsistencies:

a. b.

Select the item. Choose Delete Selection.

C H A P T E R

14

14

Network/OS/Server Administration

412

System Administration Made Easy | Release 4.6C/D

Overview
This chapter is about using SAP transactions to get to the operating system log, regardless of the platform.

Operating System Tasks


The following tasks allow you to modify how SAP R/3 interacts with the operating system.

System Logs (OS06)


The system logs contain operating system and application write event records. Depending on the operating system, multiple logs may exist. The logs may contain indications of a developing problem (for example, a hard drive that generates errors may indicate that it is failing and needs to be replaced).
Task

View system logs


1.
In the Command field, enter transaction OS06 and choose Enter (or from the SAP standard menu, choose Tools CCMS Control/Monitoring Performance menu Operating System Local OS06-Activity).

Chapter 14: Network/OS/Server Administration

413

2.

Choose Detail analysis menu.

3.

Choose OS Log.

Configuring the security audit function is a trade-off among the following:


I I

The need to log security events. System resources to track and maintain the log. The more detailed you make the log, the more the system performance will degrade. This degradation is due to the extra processing required to track and log the items. Effort required auditing the log (dependent on the size of the log).

414

System Administration Made Easy | Release 4.6C/D

Note
There may be indications of a developing problem. If the security audit parameters have been properly set, you could detect unauthorized attempts to access files.

4. The Operating System Log screen appears. In this example, the NT event log
appears.

Checking File System Space Usage (RZ20)


The file system should have sufficient free space for normal operations. Over time, various activities will write files that will use up file space. These files must be periodically reviewed and moved or backed up and deleted. A few of the items that consume file space when monitoring file space usage include:
I I I I I I I I I I

Transports Support packages Extract files from the SAP R/3 system Program logs Backup logs Error logs Inbound interface files Third-party programs that store their data outside the SAP R/3 database Trace files Spool files (if stored at the OS level)

In addition to these items, check to see that the house cleaning programs are running properly (see SAP Note 16083).

Chapter 14: Network/OS/Server Administration

415

If your file system fills up, the SAP R/3 system may stop because the database cannot write to a file. If SAP R/3 stops, any business operations that use the system will also stop. For example, note the following sequence of events: 1. The SQL Server transaction log fills up the file system. 2. SQL Server cannot write any more entries into the log. 3. SQL Server will stop. 4. SAP R/3 will stop. Your user will not be able to perform activities such as entering orders or generating shipping documents. To plan for such a situation:
I I

Anticipate and plan for disk space needs. Determine if storage space expansion is needed. If storage space expansion is needed, purchase and installation plans must be made. The expansion should be planned to minimize operational disruption. Determine if file system cleaning is needed. If archiving is required for data files, archive to quality storage media such as an optical disk, CDROM, or other long-term storage media.

You can use the SAP R/3 Alert Monitor or go to the operating system to check file system space usage. In this section, we use the SAP R/3 Alert Monitor, because we can set alert points.

Check file system space usage


1. 2. 3.
In the Command field, enter transaction RZ20 and choose Enter (or from the SAP standard menu, choose Tools CCMS Control/Monitoring RZ20Alert Monitor). Select the node (+) to expand the monitor set. Select the monitor set (for example, Entire System). .

Task

4. Choose

416

System Administration Made Easy | Release 4.6C/D

5. 6.

Drill down to get to the following starting node: <SID>\<host>_<SID>_<Instance> (for example, SA1\pa102058_SA1_00). Drill down to the drives OperatingSystem Filesystems. The drives are color-coded to indicate alert status:
I I I

Green (OK) Yellow (Warning) Red (Critical)

7.

Select a drive (for example, C:) and drill down to see its statistics (Freespace and Percentage_Used). These are statistics at the drive (not directory) level. As you view these statistics, keep your system in mind. For example, on your system, drive H may contain the database that takes up all the space on that drive. Keeping this in mind, you can expect and ignore the warning message, or change the alert threshold for that specific drive. For more information on changing the alert threshold, see the next task.

Changing the Alert Threshold (RZ20)


For more information about the Alert Threshold, see Maintaining The Alert Thresholds for RZ20 on page 120.

Chapter 14: Network/OS/Server Administration

417

Task

Customize alert threshold


1. 2. 3.
Select the node of the drive for which you want to change the threshold (for example, drive C:). Select an alert (for example, Freespace). Choose Properties.

4.

On the Monitoring: Properties and Methods screen:

a. b. c.

To change the values, choose

Under Threshold values, select a threshold change point (for example, Change from GREEN to YELLOW). Enter the new value for when the alert will change color (for example, 500). These threshold values are specific to your system and even to specific drives in your system.

418

System Administration Made Easy | Release 4.6C/D

d.

Choose . A message appears in the status bar indicating that the new properties were saved.

Cleaning Out Old Transport Files


Transport files are used to transport or move SAP objects and customizing changes between clients and systems. If left unchecked, transport files could gradually fill up the file system. If the file system fills, operations may be affected because:
I I I

Outbound SAP R/3 system files may not be created. Transport export may fail. Inbound files may not be created.

In an extreme situation, if you run out of file system space, SAP R/3 may stop, or you may have other failures because SAP R/3 or other applications cannot write to the necessary files. The transport directory check is important because:
I I

After a major implementation where many transports have been created that take up a lot of space Immediately before (or after) performing a database copy, if you do not use a central transport directory, most (if not all) files dated before the copy become irrelevant to the system After installing a large support package

Chapter 14: Network/OS/Server Administration

419

Task

Check the following: Support package directory /usr/sap/trans/EPS/in Transport data directory /usr/sap/trans/data Support package files can be reloaded if needed and can be large (for example, support package 15 for Release 4.6C is over 100 MB).

Perform a transport directory check


1.
Check the following directories under /usr/sap/trans:
I I I

Data Cofiles Log

2. 3. 4.

Sort the directory by date to determine file age. Archive any obsolete files, such as those created before a database refresh or those that have been applied successfully to all target systems. Optionally, archive old transports to a backup media such as tape, optical disc, or CD.

Other Tasks
Clean the Tape Drive
To minimize a backup failure due to a dirty head, clean the tape drive as part of a preventive maintenance program. To keep your tape drive clean:
I

Follow the tape drive manufacturers instructions for your tape drive.

Note

Some drives specify a specific interval of use for cleaning, typically based on hours of use. Adjust your cleaning frequency to account for your usage. Remember, that these are recommendations, not rules. If you consistently have recording errors or head dirty messages, decrease the time between cleanings. If you have to clean your tape drives more or less frequently, this task should be moved to the appropriate interval. Some drives (for example, DLT) do not require regular cleaning. They only need cleaning when the clean head indicator light is activated.
I I

Use the manufacturers approved cleaning cartridge for the tape drive. Use the cleaning cartridge according to the manufacturers instructions.

420

System Administration Made Easy | Release 4.6C/D


I

Between uses, store the cleaning cartridge according to the manufacturers instructions. Keep your server room clean. A dusty or dirty environment will not only make you clean your tape drive more often, but will also coat the inside of the server with dust and cause a cooling problem.

Tips & Tricks

Uninterruptible Power Supply


Check the Uninterruptible Power Supply
The uninterruptible power supply (UPS) that you use should be monitored by a control program. This program, when triggered by a power event, records the event and initiates a shutdown process of the SAP R/3 environment (SAP R/3, database, related applications, and operating system), and finally the server. In addition, most UPSs have a self-test and capacity calibration function. The results of these tests are logged. Specific data logged depends on the program and the UPS. You must review the power events that triggered the UPS control program. While the UPS protects the server, the control program should be recording power events such as power dips, brown outs, power failures, and so on. This recording could help you or the facilities person solve electrical problems in the facility. For example, a pattern of power dips or outages may indicate a problem elsewhere in the building. You must verify that:
I I I

Tips & Tricks

The UPS is functioning The self-tests completed successfully There is sufficient capacity in the batteries The batteries in the UPS must be periodically replaced. If the batteries are low, the capacity test will indicate that the batteries do not have sufficient capacity to shut down the system before failing.

Caution

Review the log for the UPS control program.

Check your UPS Shutdown Process


Verify that your UPS shutdown process works. A shutdown process is an automated script for the UPS to shut down SAP R/3, the database, other applications, the operating system, and the UPS. This check verifies that the entire shutdown process works as planned and documented. When there is a power failure, the SAP R/3 environment should be shut down in an orderly manner. There should be sufficient reserve in the

Chapter 14: Network/OS/Server Administration

421

UPS to reach the end of the shutdown process. Something might have changed since your last test to cause the shutdown process to fail. If this process fails, you must find out why and fix the problem. The stopsap command does not work within all UPS control programs. You must verify that your UPS control program will properly stop SAP R/3 and the database before shutting down the server.

Caution

Check Maintenance Contracts


Many of the servers and related equipment should be under maintenance or service contracts with the manufacturer or distributor.
I I

The production system and critical equipment should be under a premium 24 hour / 7 day (with 2 hour response) support agreement. Less critical equipment can be under a next-business-day support agreement.

If you need support or service and the service contract has expired, the confusion and time to reestablish the service contract could be critical. The support level should be selected based on equipment use. If a piece of equipment becomes critical to the companys operation, its support level should be upgraded to reflect the critical nature of that equipment. Conversely, equipment could become noncritical or be replaced. In this situation, the service contracts could be downgraded or dropped as appropriate.
I I I

Keep a list of service contracts. Include what these contracts are for and the expiration date in the list. Review equipment usage to determine if the support level for equipment should be upgraded, downgraded, or dropped. Review the list for expiration dates each quarter. How long in advance of the expiration date to do this review depends on the time it takes to go through the purchase requisition and approval process in your company. Renew service contracts.

Review Hardware or a System Monitor Paging System


A hardware or system monitor paging system generates alert messages (including e-mail) and pages based on your predefined parameters. Depending on the software, the following can be monitored:
I I

Hardware items (such as servers, routers, and printers) Logs (such as operating system, applications, and database)

422

System Administration Made Easy | Release 4.6C/D

By monitoring the NT event logs, you can monitor events from the SAP system log. This way, critical events such as an Update Terminate can be detected and acted on as soon as they happen.

The following screen is courtesy of TNT Software.

The screenshot above shows that the monitor has three functional windows:
I

Notification Rules This mechanism passes or filters events, and determines what action will be taken on the events that are passed.

Events

These are the events that have been passed to the monitor program. (They got through the filters in Notification Rules.)
I

Monitored device These are the monitored servers and IP devices.

This example, however, has not been configured to pick up and report on SAP events. Initially, there will be a lot of tuning as the system parameters are adjusted. Over time, the need for parameter adjustments will decline. You may must change alert parameters to filter noncritical events and to generate alerts for critical events. The key to remember is that this process is dynamic. Some of these tasks are as follows:
I

Account for new events that have not previously occurred Critical (you must generate a page) Important (you must generate a message (for example, e-mail))

Determine if a previously filtered event now needs to generate an alert

Chapter 14: Network/OS/Server Administration


I

423

Filter out events (both old and new) that should not generate alert messages Filtering is necessary to manage the messages that are reviewed. If too many irrelevant messages get through the filter, it becomes difficult to review the alert message log.

Adjust for personnel changes Other events may require action (for example, shift or duty changes for organizations with several people on-call).

Test that all alert mechanisms are functional The paging/messaging function must be tested regularly. If the monitoring program is unable to send a page, you will not receive the page when a critical alert occurs.

The inability to send a page can be caused by:


I I

Someone changing something in the e-mail or phone system that prevents alert messages from being sent A phone patch cable that has disconnected from the modem

To review the paging system:


I

Review the various monitored logs (such as the NT event logs) to look for events that should generate an alert message (e-mail or page) The monitor program needs to be configured to pick these events up and properly process them.

Review the alert monitor log for alert events that should be filtered out The monitor program needs to be configured to filter or ignore such events.

Test all alert mechanisms, such as pager, e-mail, and so on to make sure that they are functional If you receive regular daily e-mail messages, the e-mail testing is being done for you.

Note
RZ20 can also be configured to generate a page.

424

System Administration Made Easy | Release 4.6C/D

C H A P T E R

15

15

Operations

426

System Administration Made Easy | Release 4.6C/D

Overview
Operations refers to the tasks performed by a computer operations group. These are the tasks that the people in a data centers glass room do. If you do not have a data center, these tasks must be assigned to the appropriate employees. Operations is a crucial part of system administration. While learning to manage operations, readers will learn how to perform:
I I I I

Batch jobs Background jobs Operation modes Backups

Check that All Application Servers Are Up (Transaction SM51)


Transaction SM51 allows you to look at all the servers in your system (for example, the PRD database server and all of its application servers). You do not have to log into each server individually. The ability to look at the servers is important because:
I I

If one of your dialog application servers is not up, the users who usually log on to that application server cannot log on. If the batch application server is down, batch jobs that are specified to run on that server will not run.

Check that all application servers are running


1.
In the Command field, enter transaction SM51 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor System monitoring SM51 - Servers).

Task

Chapter 15: Operations

427

2.

Review the list of instances under Server name. Verify that all instances are listed. If it is listed, it is up and running.

Background (Batch) Jobs


In the SAP R/3 system, a batch job is referred to as a background job. This job runs independently of a user being logged on. There are two kinds of background jobs:
I

Regular These are jobs that are run on a regular schedule.

Ad hoc These are jobs that are run as needed or required.

Background jobs are used for the following reasons:


I I I

Users have the flexibility of scheduling jobs to run when they are out of the office. The program can be run without locking a user session. Jobs that run for a long time would time out if executed online.

Regularly Scheduled Jobs


Regularly scheduled jobs are background jobs that run on a schedule (for example, daily at 11:00 a.m., Sundays at 5:00 a.m., and so on). Regularly schedule jobs are run to:
I I I

Collect performance statistics Populate an information system, such as the Special Ledger Generate a report

428

System Administration Made Easy | Release 4.6C/D


I I I

Generate output for an outbound interface Process an inbound interface Perform housekeeping tasks, such as deleting old spool requests

The job is scheduled like any other background job, but with a few additional considerations.

The reason for special user IDs is to keep scheduled jobs independent of any user. This way, when a user leaves the company, the jobs will not fail when the user ID is locked, shut down, or deleted.

Batch User ID
Create a special user ID to be used only for scheduling batch jobs, such as BATCH1.
I

Consider multiple-batch user IDs when batch jobs are scheduled by or for different organizations or groups. This method has the disadvantage of having to manage multiple accounts. For example: BATCH1 BATCH2 BATCH3 BATCH4 BATCH5 System Jobs Finance Accounts Payable Warehouse Material Planning/Inventory

Performance
For more information on performance, see Performance Factors for Background Jobs on page 429.

Housekeeping Jobs
These background jobs must be run regularly to perform administrative tasks, such as:
I I I

Deleting old spools Deleting old batch jobs Collecting statistics

Program RSPO0041 is sometimes troublesome; see SAP Note 48400. There is a replacement program RSPO1041. See SAP Note 130978.

See SAP Note 16083 for the required SAP housekeeping jobs, and to schedule the spool consistency check, see SAP Note 98065.

Others
Various modules and functions may require their own regularly scheduled jobs. For example, the Special Ledger requires a regular job to copy data from the FI/CO modules and to regenerate sets in Special Ledger. There may be various database and operating system-level housekeeping jobs that also must run.

Chapter 15: Operations

429

Performance Factors for Background Jobs


Background jobs consume a significant amount of system resources. As a result, they could adversely affect online system performance. There are several ways to improve system performance while running background jobs. These methods benefit both online users and other background jobs. To reduce the system impact from background jobs:
I

Run batch jobs on a dedicated batch application instance/server. This step separates the processing requirements of the background job from the processing requirements of online users and of the database. Even with as few as 10 users on a small central instance (no application servers), two batch jobs can significantly slow down the online system response. Therefore, even for a small installation, application servers may need to offload the batch processing from the central instance. The instance profile for this application server would be tuned for background jobs rather than dialog (online) performance (for example, five background work processes and only two dialog work processes). Specifying a target host is problematic. If you specify the target host, load balancing is not performed. There may be the situation where all the batch work processes on the batch application server are in use, and other application servers are idle. However, by specifying that the job is to run on the batch application server, it will not run on any of the other available application servers. This job will wait until a batch work process is available on the specified batch application server.

A general guideline is twice the number of CPUs as the number of background processes.

Make a chart that converts your local time to the local time for all affected global sites. With this chart you can quickly see what the local time is for locations that would be affected by a job (see following example): A corporate master clock (or time) should be defined for a company with operations in multiple time zones. Two common methods are:
I

Schedule background jobs to run during non-peak periods, such as at night or during lunch. If no one is on the system, slow system performance does not matter.

Minimize job contention. Two background jobs are running at the same time and contending for the same files, possibly even the same records. Minimizing this conflict is one reason to coordinate background job scheduling (for example, by not simultaneously running two AR aging reports). In such cases, the reports may finish sooner if they are run sequentially, rather than in parallel.

The time zone where the corporate office is located. For SAP in Walldorf, Germany this is Central European Time (CET). For United Airlines in Chicago, IL, this is Central Standard Time (CST). Coordinated Universal Time (UTC), formerly known as Greenwich Mean Time (GMT). This common time is used by global operations, such as the airlines.

For global operation, consider the local time of your users. For example, scheduling a resource intensive background job to start at 1:00 a.m. PST in California (0900 GMT) corresponds to 10:00 a.m. CET in Germany. This time may be good for Americans who are not working, but it is the middle of the workday morning in Germany. When these jobs run is critical, for tasks such as backing up operating system-level files, because of the following: A backup of these files may require that the file not be changed or used during the backup, or the backup will fail. Programs attempting to change the file will fail because the backup has the file locked.

430

System Administration Made Easy | Release 4.6C/D

The time conversion table (based on a 24-hour clock) below shows selected times around the world. Site The change to and from daylight savings time does not occur on the same day in all countries. During that interim time, the offset time could be different. Time zone Hawaii Calif Denver Chicago Philly London Walldorf Israel Singapore HST PST MST -08 16 17 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 -07 17 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 CST -06 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 EST -05 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 UTC 0 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 CET 01 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 00 03 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 00 01 02 08 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 00 01 02 03 04 05 06 07

Offset -10 from UTC 14 15 16 17 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11

Highlight the column for your local time zone, so that you do not accidentally read the wrong column. Using a 24-hour clock eliminates the common am/pm confusion.

12 13

The Microsoft Excel file for the table above is included on this guides companion disk, which is located inside the back cover of this book. If you use daylight savings time, you must be aware of the days when the time changes:

Chapter 15: Operations


I

431

Daylight savings time starts A one-hour time period will disappear. Jobs scheduled to run in this missing hour may either not run or run as a late job. Any tasks following this change that rely on a job scheduled to run during the missing hour must be reviewed.

Daylight savings time ends This period creates a problem where a one-hour period of time repeats itself. For example, at 3:00 a.m., the clock resets back to 2:00 a.m. This time period will occur twice.

One way to avoid problems when daylight savings time is switched on and off is to use UTC (formerly known as GMT) as your master clock. If you are in a U.S. state that does not use daylight savings time, such as Hawaii, it is not a concern. See the following SAP Notes:
I I

7417 - Changing to daylight savings time and back 102088 - End of daylight savings time: the double hour

Creating and Scheduling a Batch Job (SM36)


Background jobs are used for the following reasons:
I

Avoid playing priority games with the job class. If you make every job a class A job, there is no priority, because every job will be at the same priority level. The recommended method is to assign all jobs to job class C. The exceptions to this recommendation are those jobs that need the priority. This priority increase should be properly justified and can be controlled by SAP authorization concept.

Users have the flexibility of scheduling jobs when they are not in the office. The program can be run without locking a user session. Jobs that run for a long time would time out if run online.

I I

Note
The job class determines the start priority of the job. For example, a class A job would start before a class B job, and a class B job would start before a class C job. Once started, all job classes have equal priority. A class A job will not take processing resources away from a class B job to finish faster. Jobs in the start queue do not affect running jobs. A class A job in the start queue will not replace a currently running class C job. As a prerequisite, a batch job may require that a variant be created to execute the job. Alternately, you can choose Job wizard to go through the above procedures with step by step description.
Tips & Tricks

432

System Administration Made Easy | Release 4.6C/D

Create and schedule a batch job


1. 2.
In the Command field, enter transaction SM36 and choose Enter (or from the SAP standard menu, choose Tools CCMS Jobs SM36-Definition). On the Define Background Job screen:

Task

Using a standard naming convention makes it easier to manage jobs.

a. b. c.

In Job name, enter a job name. In the Job class, enter C. Class C is the standard job class. Choose Start condition.

3.

Choose Date/Time.

Chapter 15: Operations

433

4.
The Schedule start is the date and time on the database server, not the local time.

For Schedule start, in Date and Time, enter the start date and time. On the Start Time dialog box:

5.

a. b. c. d.

In No start after, enter the date and time by which time the program must start. If the program does not start by the specified date and time, then it will not start at all. If you have a job that will run periodically, perform steps 5c6c. If not, choose Immediate and skip to step 7a. Select Periodic job. Choose Period values.

6.

On the Period Values dialog box:

a. Choose the appropriate period button (for example, Daily). b. Choose Check. c. Choose .

434

System Administration Made Easy | Release 4.6C/D

7.

On the Start Time dialog box:

a. Choose b. Choose

Check.

8.

Choose

Step.

Chapter 15: Operations

435

9.

On the Create Step dialog box:

a. b. c.

To schedule an ABAP program, choose ABAP program. In the ABAP program section, in Name, enter the name of the program (for example, rspo0041). Choose Check.

10.

If the program has variants, the ABAP: Variant Directory of Program <XXXXX> dialog box appears. On the dialog box:

a. b.

Select the appropriate variant. Choose .

436

System Administration Made Easy | Release 4.6C/D

11.

Choose

Print specifications.

Chapter 15: Operations

437

12.

On the Background Print Parameters dialog box:

a. b. c.

Enter the printer name or choose

to select the printer.

Select the appropriate Spool control options. Under Print settings, Lines and Columns values are generated by the report.

d. For Format, choose e. Choose


.

to select the value that most closely matches the Lines and Columns value.

438

System Administration Made Easy | Release 4.6C/D

13.

Choose

14.

Choose

15.

A message will appear in the status bar indicating that the batch job has been created.

Chapter 15: Operations

439

16.

Choose

Background Jobs (SM37)


Background jobs are batch jobs scheduled to run at specific times during the day. If you are running critical jobs, you must know if the job failed because there may be other processes, activities, or tasks that depend on these jobs. You should have a list of all the critical jobs that are scheduled to run. For each of these jobs, you should have a list that shows:
I I I I

When the jobs are scheduled to run The expected run time An emergency contact (names and phone numbers) for job failure or problems Restart or problem procedures
Task

View background jobs


1.
In the Command field, enter transaction SM37 and choose Enter (or from the SAP standard menu, choose Tools CCMS Jobs SM37 - Maintenance).

440

System Administration Made Easy | Release 4.6C/D

2.

On the Simple Job Selection screen:

a. b.

In Job name, enter * to get all jobs. In User name, enter one of the following options: * (for all users) User ID that the batch jobs run under (to limit the display to those scheduled under a specific user ID in User name).

c.

Under Job status, select:

Active Finished Canceled

d. e. f. g.

In Fr., enter a start date. In To, enter an end date. In after event, choose Choose and select *.

Execute.

3. 4. 5.

Check for failed or cancelled jobs. Analyze why jobs failed or were cancelled and make the necessary corrections. Check critical jobs such as MRP, check payment jobs, and so on. To do this check, you must know the job name. From this point, you may do one of the following tasks:
I

Check the job log

Chapter 15: Operations


I

441

Get basic job information

Checking the Job Log


You may want to regularly check the job log for job performance and record run times. Deviations from normal run times on a job may indicate a problem requiring further investigation.
Task

Check a job log


1.
On the Job Overview screen:

a. b.

Select the job. Choose

Job log.

442

System Administration Made Easy | Release 4.6C/D

2.

On the Job Log Entries for <XXXXX> screen:

a. b.

Check job performance and record run times (The difference between the Job started and Job finished times). Choose .

Graphical Job Monitor (Transaction RZ01)


The graphical job monitor is useful when coordinating many background jobs because it allows you to see individual job statistics. The graphical job monitor is a visual format where status is indicated by the following colors:
I I

Aborted job (red) Active job (blue)

If a job ran past its expected end time, and other jobs are scheduled to start, the graphical job monitor lets you see the conflict.
Task

View Grapical Job Monitor


1.
In the Command field, enter transaction RZ01 and choose Enter (or from the SAP standard menu, choose Tools CCMS Control/Monitoring RZ01Job Scheduling Monitor).

2. Choose Time unit Hour to get a more usable time scale. 3.


Choose Legend to get a popup legend of the colors or patterns used.

Chapter 15: Operations

443

4.

Choosing Timer ON will update the display every three minutes.

Batch Input Jobs, New or Incorrect (SM35)


This transaction shows jobs that must be processed or started, and jobs with errors that must be resolved. This transaction is important because it alerts you to batch input jobs that are:
I

New These are jobs that are waiting to be processed (for example, a posting from an interface file). If not processed, the data will not post to the system.

Incorrect These are jobs that have failed due to an error. The danger is that only a portion of the job may have posted to the system. This partial posting increases the potential for data corruption of a different sort, because only part of the data is in the system.
Task

View batch input jobs


1.
In the Command field, enter transaction SM35 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor SM35-Batch Input).

444

System Administration Made Easy | Release 4.6C/D

2.

On the Batch Input: Session Overview screen:

a. b.

In From, enter a start date of at least a week ago. Choose .

3. 4. 5.

Choose the New tab. A list of batch input sessions that must be processed appears. Choose the Incorrect tab. A list of incorrect batch input sessions are displayed. Contact the responsible user to notify them or determine why these jobs are in new or incorrect sessions.

Chapter 15: Operations

445

Operation Modes
Operation modes allow the SAP R/3 system configuration to be adapted to different requirements. The configuration is the mix of the number of dialog (online) and batch processes at different times of the day. When switching operation modes, the SAP R/3 work processes are automatically redistributed, without stopping and restarting the instance. Only the work process type changes. For example, a dialog work process can be switched to a background process. The total number of work process remains the same. The new process type is not activated until the process is free, meaning that a process may not switch immediately. Instead, it is set for switching at the earliest possible time. For example, if all background processes to be switched to dialog processes still have jobs running, the processes are individually switched when the jobs are completed. Processing is not interrupted and normal system operation continues uninterrupted during the operation mode switch. Operation mode switches are recorded in the system log. The old process type and the new process type are recorded for each switched work process. A batch job runs on a batch work process until it is completed and does not time-share the work process. Therefore, to increase the number of batch jobs that are processed during a given period, you must increase the number of batch work processes. To achieve this increase, you must also decrease the number of dialog work processes by the same amount. This process is usually done to increase the number of batch sessions available to process batch sessions at night, when most of the online users have gone home and you have many batch jobs to run. During the day, the opposite situation occurs. The number of batch work processes is reduced, and the number of dialog work processes is increased to accommodate the number of online users. For example: Mode Day Night Dialog WP 5 2 Batch WP 2 5

TechTalk

There must always be a minimum of two dialog processes. Do not reduce the value below two. There must be at least two batch work processes on the system. An individual instance, such as a dialog application server, could be configured without a batch work process. But there must be batch work processes to use somewhere on the system, or a task (such as a transport) can fail if it needs a batch work process to execute.

Tips & Tricks

For small clients with little or no batch processing at night, the additional process of configuring and maintaining operation modes may not be necessary. Not using operation modes reduces the level of administration required to maintain the system. However, once configured and running, there is little maintenance required. To set up and use the operations modes: 1. Define the operation mode (RZ04).

446

System Administration Made Easy | Release 4.6C/D

2. Assign the instance definition to an operation mode (RZ04). a. The first time the CCMS: Maintain Operation Modes and Instances screen is opened, there are no operation modes. 3. Define the distribution of work processes for the operation modes (RZ04). This distribution is the mix of dialog and batch work processes. 4. Assign the operation modes (SM63). Define or set the schedule of when the modes will switch and to what mode it will switch.
Task

Define the operation mode


1. 2.
In the Command field, enter transaction RZ04 and choose Enter (or from the SAP standard menu, choose Tools CCMS Configuration RZ04 - OP Modes/instances). Choose .

3.
Make the name and descriptions meaningful, such as day mode and night mode, which makes it easier to select them later.

On the CCMS: Maintain Operation Modes and Instances screen:

a. In the Operation Mode field, enter a name or title description. b. In Description, enter a short description for the mode. c. Choose .

Chapter 15: Operations

447

4. The Operation mode (for example, day) is created.


Productive Operation Modes are for normal SAP R/3 operation. Test Operation Modes are used for systems where development work or testing is being done. Test Operation Mode can be switched manually or by using the timetable.

5.

Repeat the above steps for any additional needed operation modes (for example, afternoon and night).

Task

Assign an instance definition to an operation mode (Initial instance)


1.
In the Command field, enter transaction RZ04 and choose Enter (or from the SAP standard menu, choose Tools CCMS Configuration RZ04 - OP Modes/instances).

448

System Administration Made Easy | Release 4.6C/D

2.

Choose Instances/operation modes.

3.

To generate an instance definition for our host, from the menu bar, choose Settings Based on current status New instances Generate.

4. 5.

The instances are populated. Choose .

Chapter 15: Operations

449

6.

Choose

. If you add another application server later, repeat steps 3 5.

Task

Adding additional operation modes


1. 2.
In the Command field, enter transaction RZ04 and choose Enter (or from the SAP standard menu, choose Tools CCMS Configuration RZ04 - OP Modes/instances). Choose Instances/operation modes.

3.

Choose an operation mode.

450

System Administration Made Easy | Release 4.6C/D

4.

Choose

5.

On the CCMS: Maintain Work Process Distribution dialog box:

a. b.

Choose Other operation mode. Choose to select an operation mode.

6.

Choose the new Operation Mode (for example, morning).

Chapter 15: Operations

451

7.

Choose

8. 9.

At this point, you can also define the work process distribution (see Defining Distribution of Work Processes on page Defining distribution of work processes). Choose .

10.

Under Op Mode, the new operation mode, morning, appears.

452

System Administration Made Easy | Release 4.6C/D

11.

Choose

Task

Defining distribution of work processes


1. 2. 3.
In the Command field, enter transaction RZ04 and choose Enter (or from the SAP standard menu, choose Tools CCMS Configuration RZ04 - OP Modes/instances). Select the operation mode you wish to define (for example, night). Choose Instances/operation modes.

4.

Select an OP Mode (for example, night).

Chapter 15: Operations

453

5.

Choose

6.
Do not change any other field.

Select the Background field.

a.

Use the minus (-) or plus (+) buttons to reduce or increase the number of Background work processes. This step automatically changes the number of Dialog work processes by the opposite amount, to keep total number of work processes the same. In this example, we increased the number of background work processes from 2 to 4. Choose

b. c.

454

System Administration Made Easy | Release 4.6C/D

7.
Remember that there should always be a minimum of:
I I

The changes now appear on this screen. Choose .

8.

Two dialog processes on an instance Two batch work processes on a system

9. 10.

Repeat for all the other operation modes. Choose .

Task

Assign operation modes


1.
In the Command field, enter transaction SM63 and choose Enter (or from the SAP standard menu, choose Tools CCMS Configuration SM63 Operation mode calendar).

Chapter 15: Operations

455

2. Select Normal operation (24hr). 3. Choose


Change.

4. 5. 6.

This screen shows the timetable. The dashed arrow (= =>) indicates the current time. Double-click on the beginning and ending times when the operation mode should be in effect. Choose Assign.

456

System Administration Made Easy | Release 4.6C/D

7. In Op. mode, choose

8. Choose the mode to assign (for example, day). 9. Choose


.

10. Choose

11. The operation mode name is next to the time periods you assigned.

Chapter 15: Operations

457

12. Repeat steps 511 for the other operation mode(s). 13. Choose
.

14.

The message on the status bar indicates that the assigned operation mode is saved.

458

System Administration Made Easy | Release 4.6C/D

15.

When the Operation Mode switches, entries appear in the system log (transaction SM21).

Backups
Periodic Archival
At the end of the quarter, make certain you get a usable backup at the end of the quarter. Also, send quarter-end backup tapes offsite for an extended period. At the end of the year, ensure that you get a usable backup at year-end and send the backup tapes offsite for an extended period. Be aware that you may have two year-end backup dates:
I I I

Your legal and finance departments, external auditors, and others should determine the length of the extended period as appropriate in the company (for more information, see chapter 3).

End of the calendar or fiscal year After the financial books are closed for the year This period may be several months after the end of the fiscal year.

Backup the Database


See the procedures in chapters 3 and 9 through 12 based on the database you are using.

Performing a Full Server Backup


An offline backup of the entire server is done at the operating system level. This process requires that the SAP R/3 system and the database be down so that no files are open.

Chapter 15: Operations

459

Performing an offline backup is necessary for files that cannot be backed up if the SAP R/3 system or the database is active. With this full-server backup, you know you have everything on the server. If you experience major system problems, you will have a defined point from where everything is backed up and from where you can begin a restore. A full-server backup should be performed before and after major changes on the server, such as:
I I I

Installing new software Upgrading installed software Changing hardware

If a change has a catastrophic effect, you must recover the server to its beforethe-change state. To perform a full server backup: In NT, there is a technique where a second instance of the OS is installed in a dual boot configuration. The backup is taken from this second instance. 1. Stop the SAP R/3 system. 2. Stop the database. 3. Stop all SAP services (saposcol, saprouter, sap<sid>-<sysnum>). 4. Execute the backup using your backup program (database and file system). 5. Check backup times and logs. 6. Cycle the server.
Task

Check the backups (DB12 & DB13): Database


1.
In the Command field, enter transaction DB12 and choose Enter (or from the SAP standard menu, choose Tools CCMS DB Administration DB12Backup logs).

460

System Administration Made Easy | Release 4.6C/D

2.

On the CCMS Monitoring Tool - <XXXXX> screen:

a. Record the date and time that appears next to Full R/3 backup. b. If the backup failed, there is no indication on this screen, except that c.
Choose Backup history to get more detail on the backups.

the last successful backup date was not the expected date. You must review DB13 to see the indication that the job failed.

3.

This screen shows the backup. For the backup that ran, you can see the following info:

a. Start date and time. b. DB name c. Media name or tape label d. Position on the backup tape

Chapter 15: Operations

461

Task

Checking the backup using the DBA Planning Calendar


1.
In the Command field, enter transaction DB13 and choose Enter (or from the SAP Standard Menu, choose Tools CCMS DB Administration DB13DBA Planning Calendar).

2. On the DB Administration in the SAP Environment screen: a. Look for the backup job that is listed under each data square. b. If the backup failed, the job will be indicated in red. c. Select the entry for the backup. d. Choose Action logs.

In Release 4.6, red-text jobs could also mean that the job log is unavailable, or the job could still be running.

462

System Administration Made Easy | Release 4.6C/D

3.

The job log from the backup displays.

Operating System Level Backups


Any failed backup must be immediately investigated and resolved. The general process is as follows: 1. Record the usual or expected run time for the backup. 2. Compare the actual backup time to the expected run time for the backup. If the backup takes longer or shorter than this time, there may be a problem that needs to be investigated.

UNIX
For your UNIX-level backup, review the results using the appropriate UNIX backup application.

NT
We assume that you are using the Windows 2000 Backup application. If you are using another program, use that programs documentation to determine its status after backup. Windows 2000 Backup records some log information in the event logs. A more specific log is written to a file as specified when Windows 2000 Backup is run.

Checking Consumable Supplies


Consumable supplies are those that you use regularly, such as:
I

Cleaning cartridges

Chapter 15: Operations


I I I I I I

463

Data cartridges (tape and disk) Laser printer toner Ink cartridges Batteries Forms Envelopes

Within the group of consumable supplies are critical supplies. If these supplies run out, your business operations could be affected or stopped. Examples are preprinted forms with your companys name or other special printing and magnetic toner cartridges. The amount of spare supplies purchased and available on-hand should be enough to accommodate varying usage levels and to allow for time to purchase replacements. Running out of supplies will create an inconvenience, or even an operational problem.

Example

If you run out of the magnetic toner cartridge for the check printer, you will not be able to generate checks out of the system. At this point, either you cannot print checks to pay your vendors, or you have to manually type the checks (if you have blank manual check stock on hand). Special or custom supplies such as the following require special consideration:
I I

Special magnetic ink toner cartridges to print the MICR characters on checks. Not every computer supplier will stock these special cartridges.

Preprinted forms (with company header, instructions, or other custom printing). Due to the customized nature of these items, there is usually a significant lead time to restock these items. If it is a critical item, make sure you have extra stock. To check consumable supplies:
I

Check the expiration date on supplies that are subject to aging. This check applies to supplies currently being used and those in inventory. Check supplies that have time-in-service expiration, such as hours, cycles, and so on. Keep in touch with your purchasing agent and the marketplace. Market conditions may make certain supplies difficult to purchase. In such conditions, the lead time and quantities to be purchased must be increased. For example, at one time, 120-meter DAT tapes cartridges were difficult to find and purchase. Track usage rates and adjust stocking levels and purchasing plans as needed.

Example

I I

Certain DAT tapes are rated for 100 full backups. After that they should be discarded and replaced with new tapes. This usage limit can be entered into the SAPDBA control file for Oracle.

464

System Administration Made Easy | Release 4.6C/D

Other Considerations
Certain supplies may have long lead times for purchase, manufacture, or shipping.

C H A P T E R

16

16

Change Management

466

System Administration Made Easy | Release 4.6C/D

Overview
Change management involves the management of changes to your system, including table maintenance, note application, and transportation of changes from one system to another. The table maintenance section shows you how to make changes directly to SAP tables. The new tool, Note Assistant, shows you how to automatically apply SAP Notes to the system. This chapters also covers methods of transporting changes from one system to another, and discusses how to manage the transport process.

Table Maintenance (Transaction SM31)


If no transaction is available to maintain a table, it can be directly maintained using transaction SM31. Use this method if, and only if, there is no transaction to maintain the table. Directly maintaining a table circumvents all edits and validations in the system.
Caution

When a change is made directly to a table and the table is saved, the change is immediate. There is no undo function.

Creating an Entry in the Table (SM31)


This procedure shows how to create new entries in the Prohibited Password table, USR40.
Task

Create an entry in a table


1.
In the Command field, enter transaction SM31 or SM30 and choose Enter (or from the menu bar, choose System Services Table maintenance Extended table maintenance).

Chapter 16: Change Management

467

2.

In Table Views:

a. b.

Enter the table name (for example, USR40). Choose

Maintain.

3.
Client independent changes will affect all clients on a system, not just the client on which you are working.

If the table you are changing is client-independent, the Information dialog box appears. Choose .

4.

On the Change View <XXXXX>: Overview screen, choose New entries.

5.

In the column (the name depends on the table selected), enter the new entry (for example, password).

468

System Administration Made Easy | Release 4.6C/D

6.

Choose

Note
If the client is not configured to record changes for transport, this dialog box does not appear.

7.

If the Prompt for Workbench request dialog box appears, create a request by choosing .

8.

On the Create Request dialog box:

a. b.

In Short description, enter text that describes what change you are making to the table and why you are making the change. Choose .

Chapter 16: Change Management

469

9.

On the Prompt for Workbench request dialog box:

a. b.

Record the request number. This number is needed to transport the table changes to the other systems. Choose .

10. 11.

The message in the status bar indicates that the entries have been saved. Choose .

12. 13.

The new entry password appears in the table. Choose .

470

System Administration Made Easy | Release 4.6C/D

Deleting an Entry from a Table (SM31)


The following task deletes an entry from table USR40.

Delete an entry from a table.


1. 2.
In the Command field, enter transaction SM31 or SM30 and choose Enter (or from the menu bar, choose System Services Table maintenance Extended table maintenance). On the Maintain Table Views: Initial Screen screen:

Task

a. b.

In Tableview, enter the table name (for example, USR40). Choose

Maintain.

3.
Client-independent changes affect all clients on a system, not just the client you are working in.

If the table is client-independent, the Information dialog box appears. Choose .

Chapter 16: Change Management

471

4.

On the Change View <XXXXX> screen:

a. b. c.

Navigate to the password by scrolling up or down to go through the table or choose Position to go directly to the entry. Select the password to delete (for example, password). Choose .

5. 6.

The message in the status bar indicates that the password was deleted. Choose .

472

System Administration Made Easy | Release 4.6C/D

7.

The message in the status bar indicates the change was saved.

Change Control
Change control is the managing of the changes, modifications and customizing made to your system. This control allows you to be aware of and control what changes are made. These changes must be made in a controlled manner to avoid problems. The process is: The SAP training class BC325 (Software Logistics) covers change management and transports. Also see Software Logistics by Sue McFarland.
I

Managing the changes: SAP Notes that are applied to the system Authorization process for moving the changes from one system to another

I I

Making the changes to the SAP R/3 system Moving the changes from one system to another

Managing SAP Notes


Note
SAP Notes were formerly known as OSS notes. Managing SAP Notes means tracking the notes that you have reviewed and applied. These notes are release- and configuration-specific and may relate to your systems configuration. Some of these notes may actually be specific to individual systems in your environment. Reasons to track SAP Notes applied to your system include:

Chapter 16: Change Management


I

473

If a problem arises, SAP may ask if a specific note has been applied. If you do not have a record of what notes you have applied, then you must manually investigate your system. This process can be difficult and time consuming. When the system is upgraded, for conflict resolution, you must know what notes have been applied. You must know what notes: Are included in the upgrade, so you can go back to SAP standard code May need reapplying because they are not included in the upgrade

I I

Document all SAP Notes applied to your systems, and specify which system and instance to which it is applied. Document all code changes with the SAP Note number that applies. This documentation is especially important if a program is changed by an upgrade or support package. It helps you determine if your code change is included in the upgrade or patch and, therefore, whether the program can revert back to SAP standard. In addition to a high-level tracking table, detailed records should be kept on the individual notes. The record should include the problem to be fixed, objects changed, release in which the note was fixed (important for upgrades), and other applied or recommended notes (see the sample form in Detailed Online Service System Note Record on page 474). Document all SAP Notes that are noted and do not require actual changes to be made to the system (for example, procedural or informational notes). Document SAP Notes that have not been applied to your systems. There may be cases in which you review a note and determine that it does not apply. You should document the reasons. If SAP asks why a specific note was not applied, you will have an answer.

I I

Sample Forms
General Note Record
Note # 12345 36987 Description xxx yyy Noted DEV 11/06/98 2/06/99 QAS 11/15/98 2/13/99 PRD 11/30/98 2/28/99

474

System Administration Made Easy | Release 4.6C/D

Detailed Online Service System Note Record


Note - Applied Note #: Short text: Module: Problem to solve: Objects changed:

Fixed in release: Comments: Other notes applied with this problem: Applied to: System DEV Client 100 110 QAS 200 210 PRD 300 Transport number Date imported or applied Return code Sign-off/Initial

Chapter 16: Change Management

475

Note Assistant
Note Assistant is an add-on installation tool for the quick implementation of specific SAP Notes. It checks for dependencies on any Support Packages, SAP Notes, or modifications that you have already implemented. The tool streamlines the implementation of note-based corrections in a consistent and user-friendly manner. Because it applies code changes in SAP Notes automatically, the Note Assistant helps to reduce errors. The Note Assistant logs all your processing steps automatically. You can display an overview of all the SAP Notes that have been implemented in your system. It also displays the processing status of the SAP Notes and any corrections that have already been made to the source code. You can see at anytime which SAP Notes you have already implemented successfully and which you still must process. The Note Assistant is available for download through the SAPNet-Web. There are minimum preconditions of Support Packages applied for systems with Basis releases before 6.10: Release 4.6D 4.6C 4.6B 4.5B Minimum Precondition SAPKB46D05 (or higher) SAPKB46C15 (or higher) SAPKB46B25 (or higher) SAPKB45B38 (or higher)

For information on how to determine what support packages have been applied, please refer to Special Maintenance Support Packages in chapter 22. Not all available notes have been updated or converted for use with the Note Assistant. To find out more about Note Assistant, see the SAPNet-Web under the Quick Links NOTEASSISTANT. The SAP Service connection must be open through transaction OSS1.
Task
Loading an SAP Note

1.

In the Command field, enter transaction SNOTE.

476

System Administration Made Easy | Release 4.6C/D

2.

Choose

SAP Note Download.

3.

In the Note Assistant Download Note dialog box:

a. b.

In Note number, enter the SAP Note number (for example, 414452). Choose .

4.

On the Note Assistant: Worklist for User <XXXXX> screen:

a. b. c.

The note is shown under the New status. Select the note. Choose

Display SAP Note.

5.

The Implementation status shows whether the Note Assistant can implement the note automatically.

Chapter 16: Change Management

477

6.

Choose

Task
Implementing an SAP Note

1.

Choose

478

System Administration Made Easy | Release 4.6C/D

2.

Choose Yes.

3.

Choose

4.

To create a transport request, choose

5.

On the Create Request dialog box:

a. b.

In Short description, type a short description. Choose


.

Chapter 16: Change Management

479

6.

Choose

7.

Choose

8.

On the Note Assistant: Worklist for User <XXXXX> screen:

a. b. c.

The note is now under In process status and the icon next to the note is changed. Select the note. Choose .

9.

The Implementation status has changed to Implemented completely.

480

System Administration Made Easy | Release 4.6C/D

10.

Choose

Task
Setting processing status of SAP Notes

1. 2.

Select the note that has just been implemented. Choose .

Chapter 16: Change Management

481

3.

In the Set Processing Status for Note <XXXXX> dialog box:

a. b.

Select Completed. Choose .

4.

The note is removed from the screen.

Task
Viewing Log File

1.

Choose

482

System Administration Made Easy | Release 4.6C/D

2.

On the Note Assistant: Note Browser screen:

a. b.

In Note number, enter the note number. Choose .

3.

Choose

Chapter 16: Change Management

483

4.

The log file is shown. You can add your own comments to the log file by choosing .

Change Control (Managing Transports)


Change control is the process of managing changes, modifications and customizing made to the system. Change control also manages the transport of those changes through the pipeline from the development to the test system, and finally to the production system. One of the most important change management tasks involves notifying the appropriate people of the changes and getting their approval. In the past, most application systems were independent, so changes in one system were insulated from the other systems. Because of this independence, users may not be used to consulting with other organizations when making changes to what they consider their systems. Because SAP R/3 is an integrated system, some items may impact many other modules or groups. Ensure that you contact the appropriate people before changing a module that will impact the performance of other modules. If something stops functioning in the production system, business may stop until the problem is resolved. In change control, there is a review and approval process. You should not make a change and apply it to the system without a review and approval of the changes. These changes apply to changes to SAP objects and system configuration.

484

System Administration Made Easy | Release 4.6C/D

The following steps demonstrate a change control process:


I I I

Document all code, configuration, and other changes. Test by developer and functional analyst Get the following signoffs (see sample Transport Request Form on page Sample Transport Request Form) By all functional groups: Review and be aware of changes that might affect their functional areas. If needed, perform additional tests by and with other functional groups, where there is possible interaction from the change. Operations review Review any changes that may affect the operations staff Schedule new jobs Program error or problem procedure

A transport cannot be undone.

Document the program restart procedure. Is it safe for the operator to restart the job, if it fails or hangs?
I I I I

Verify the change in the target system. Change control should also contain a recovery plan that includes: What to do if the import to the production system creates a problem? How to roll back? Will it be possible to roll back? Will a problem require a database restore?

Chapter 16: Change Management Sample Transport Request Form


Request to Transport Transport number: Transport title/description: Objects:

485

SAP Notes applied: (SAP Note form required for each note) Effect on other functional areas: Special transport instructions: Specific order Need quiet time: Yes/No

Request for transport by: Tested by:

Functional area review and approval: FI SD Approved for transport by: Transport details: System QAS Client 200 210 PRD 300 Date Start time End time Return code Sign-off/Initial MM Computer Operations

486

System Administration Made Easy | Release 4.6C/D

Transporting Objects
Transports into the Production System
A transport is the mechanism that the SAP R/3 system uses to move changes:
I I I

Within a system from one client to another client From one system to another system on the same client From one system to another system and from one client to another client

Complete the transport in the production system during a quiet period (for example, Sunday afternoon or evening) when users are not logged on the system. Ideally, a full system backup should be completed before transports are imported. During a transport, objects may be overwritten. If an object is being used in the target system when a transport is performed, the transport may cause inconsistent results or terminate the transaction. In the worst-case scenario, a transport may break the production system and you must restore the system. Transports are only done when necessary (when you have a transport that needs to be moved). You may also have the occasional emergency transport that must be moved at a time other than at your normal weekly transport time.

Transporting Objects
The transport system has been significantly changed in Release 4.x. (It was formerly known as Correction and Transport System.) It is still CTS, but is now called the Change and Transport System. CTS contains the Transport Management System (TMS) and Change and Transport Organizer (CTO). The purpose of transports is to move objects and configuration from one system to another in the production pipeline. This pipeline is defined in a three-system landscape as systems comprising development, quality assurance, and production. A transport starts in the development system, is transported to the quality assurance system where is tested, and finally into the production system. To transport objects, use one of the following methods:
I I

Transports are taught in BC325 (Software Logistics).

Transport Management System (TMS) Operating System (OS)

Chapter 16: Change Management

487

TMS Method
The TMS method uses transaction, STMS, to perform the transports. Benefits:
I I I

The user does not have to go into the operating system to do the transport. The user selects the transport from a GUI to do the import. There is no risk of incorrectly typing the wrong command or transport number. Because the import is done from within SAP R/3, there is no need to physically go down to the server or use a remote connection (for NT) to the server to do the import. The transport route can be specific to clients. With one export, the TMS system is set up to import into several combinations of system and client as defined in the transport route. (This functionality is new in Release 4.6.) Transport requests can be grouped into projects, and the transport request selected and moved by these projects. This grouping reduces the chances of transporting the wrong transport request when there are many activities and projects going on. (This functionality is new in Release 4.6.) Advanced quality assurance prevents transports from being imported into the production system until they are released after successful testing in the quality assurance system. (This functionality is new in Release 4.6.) The import of transport requests can be scheduled. You no longer have to manually import the transport requests or write scripts to do the import. (This functionality is new in Release 4.6.)

Library Basis Components Change and Transport System (BC-CTS) Transport Management System (BC-CTS-TMS).

TMS documentation. The TMS documentation (including configuration) can be found in the SAP R/3 online documentation by choosing Help SAP

Operating System Method


The operating system (OS) method requires you to go down to the OS level to execute the transport program (tp) at the command line. Disadvantages:
I

The user must go into the operating system to do the transport. This action is a security issue in companies that restrict which employees can have this level of access. The import is done from the command line. There is the risk of incorrectly typing and importing the wrong transport.

488

System Administration Made Easy | Release 4.6C/D

Standard Transport Process


This section describes the standard transport process from your development system to your production system. The following steps are part of your companys change management process: A major purpose of the approval process is to give other functional groups notice as to what you are moving. If the move affects any of the functional groups, and they are aware of it, they can take the appropriate action: review, test, and so on. If necessary, your transport is delayed until the affected functional groups are satisfied.
I

Obtain proper authorization to transport the objects. Obtaining this authorization is the responsibility of the person requesting the transport move. The required authorizations and approval process differ based on the company. Some companies require the approval of only one person, while other companies require the approval of numerous people.

Define other necessary transport management related information, such as: Who to contact in case of problems The person doing the transport typically is not a programmer. If there is a problem with the transport, that person will need assistance to determine what failed. What recovery process to follow if the transport fails Who will test the transport in the target system to determine that it works as intended The transport number The source system The target system(s) Relationship to other transports, such as sequence order, and so on

The TMS (normal) import and one of the OS import options, tp import all, will import all transports in the import buffer. The assumption is that all objects released into the import buffer have been tested and approved for transport into the target system. If you use either method, it is important to not release the objects until they have been tested and approved for transport. Up to, and including Release 4.5, in a three-system landscape, once the transport is imported into the quality assurance system, it is added into the production system import buffer, and there is no second release out of the quality assurance system.


I I I I

Use transactions SE01, SE09, or SE10 as necessary to release the transport. First release the task, and then release the request or transport. Import the request into the target system. Check the transport log.

Importing the Entire Import Buffer


If you import the entire import buffer, everything in the buffer will be imported into the target system, regardless of whether all the transports are ready. The problem with importing the entire buffer is that the various transports may be in different stages of testing. Some may be finished, while others may still be in the process of being tested. An import all imports all the objects in the buffer, regardless of whether they are ready to be transported. A new feature in Release 4.6 is the Advance Quality Assurance. This feature requires that requests imported into the quality assurance system must be approved in the quality assurance system to be transported to the production system. This process helps prevent the accidental transport of a request that

Chapter 16: Change Management

489

has not completed quality assurance testing in this system. This change is an important change management enhancement and should be used by everyone with a standard three-system landscape. Before Release 4.6, when a transport was imported into the quality assurance system, it was automatically added to the import buffer of the production system. Therefore, an import all would import everything, regardless of readiness. To manage the import buffer in the:
I I

Source system, do not release the transport until the testing is complete. Production system: Using the TMS method, use preliminary import to select the individual transport to import Using the TMS method, use the project method to manage the transport requests Using the OS method, import the requests (transports) individually Do an import all only when the entire buffer is ready to be imported

Special Transports from SAP


Special manual transports fix specific problems, add features, or add functionality from third-party software vendors. U.S. customers can download the transport files from SAPSERV4. These files are usually a single file that you have to unpack using the CAR program. The downloading and unpacking procedure is described in chapter 22. Get the files from SAP or the delivery media, such as a CD. Two files (sometimes there is a third file) are normally combined as a set (for example, K174511.P30, R174511.P30, and D174511.P30). Copy the files into the appropriate transport directories: Copy files beginning with K into:
I I

NT UNIX

<drive>:\usr\sap\trans\cofiles \\<host>\sapmnt\trans\cofiles

/usr/sap/trans/cofiles

Note
D files do not always exist.

Copy files beginning with R and D into:


I I

NT UNIX

<drive>:\usr\sap\trans\data \\<host>\sapmnt\trans\data usr/sap/trans/data

Add the special transport to the import buffer (process described in Adding a Special Transport into the Import Buffer on page 495).

490

System Administration Made Easy | Release 4.6C/D

Import the transport (process described in Using TMS to import a transport request on page 498 and OS Method of Transporting on page 507).

Releasing a Request (Transport)


To release a request, release all tasks associated with the request and then release the request.

Task
Release a request (transport)

1. 2.

In the Command field, enter transaction SE10 and choose Enter (or from the SAP standard menu, choose Tools Accelerated SAP Customizing SE10 Transport Organizer). On the Transport Organizer screen:

a. b.

In User, enter the user ID of the person who owns the request. Select the following categories: Customizing Workbench

Note
Over time, the released list will be large.

c. d.

To verify the Request status, select Modifiable. As an option, you may deselect Released. Choose

Display.

Chapter 16: Change Management

491

3.

On the Transport Organizer: Requests screen:

a. b.

Select the task to release. Choose .

4.

On the Change Request/task: <XXXXX> screen:

a. b. 5. 6.

Document the content of the transport. Choose .

A message appears on the message line indicating the task was released. Choose .

492

System Administration Made Easy | Release 4.6C/D

Note
All of the tasks associated with a request must be released, before the request can be released.

7.

A message indicates that the task was released into the specified request.

Task
Release the request

1.

On the Transport Organizer: Requests screen:

a. b.

Select the request. Choose .

2.

As the export is running, the In process Requires update line appears.

Chapter 16: Change Management

493

3.

Choose

4. 5. 6.
A return code of 8 or higher is a failed transport.

When the export is finished, the above message changes to a status message. Check the export return code and text message. This screen shows that the export Ended OK and has a return code of 0. Check the test import return code and text message. This screen shows that the import Ended OK and has a return code of 0. The return codes are:
I I I I

0 Successful 4 Warnings occurred 8 Performed with errors 12+ - Transport was terminated
.

7.

Choose

494

System Administration Made Easy | Release 4.6C/D

8.

A message appears indicating that the request was released and exported.

9.

The request is now in the Released section. You can see this request only if you selected to view released requests in step 1 of releasing a task.

If there is a problem, review the transport log. For more information, see the transport log later in this chapter.

Chapter 16: Change Management

495

TMS Method of Transporting


Adding a Special Transport into the Import Buffer
Adding a special transport into the import buffer is usually not done. The release process adds the transport into the appropriate input buffer. This task is only performed for special transports that are downloaded from SAP.

Prerequisite. The transport files have been moved into the appropriate
directories.
Task

Add a special tranport into the import buffer


1. 2.
To access TMSs online documentation, choose:
ISAP Library Basis Components Change and Transport System (BCCTS) Transport Management System(BCCTS-TMS)

In the Command field, enter transaction STMS and choose Enter (or from the SAP standard menu, choose Tools Administration Transports STMSTransport Management System). The Transport Management System (TMS) screen appears. This screen is the transaction that all the following TMS processes will start from.

Transport Management System(BC-CTS-TMS) Under Transport Management System, there are five major topics:
I I I I I

Configuring TMS Performing Transports Approving or Rejecting Requests Transport Workflow Troubleshooting

3. 4.

From the Transport Management System screen, choose

Position cursor on the <SID> of the SAP R/3 system to which you want to add the transport.

496

System Administration Made Easy | Release 4.6C/D

5.

Choose

6.

From the menu bar, choose Extras Other requests Add.

7.

On the Add Transport Request to Import Queue dialog box:

a. b.

Enter the transport number. To continue, choose .

Chapter 16: Change Management

497

8.

Choose Yes.

9.

The progress is shown on the status bar.

10.

The special transport is now in the system buffer.

498

System Administration Made Easy | Release 4.6C/D

Task

Using TMS to import a transport request


1.
From the TMS screen, choose .

2. 3.

Select the <SID> of the system into which the request will be imported. Choose .

4.

From this screen, you have two options:


I

Preliminary Import Selectively import requests one at a time

Chapter 16: Change Management


I

499

Import All Import all the requests in the queue for the selected system

Task

Import a selected request


Be careful to choose the correct icon. The two are similar in appearance.

1.

Choose

500

System Administration Made Easy | Release 4.6C/D

2.

On the Import Transport Request dialog box:

a. b.

In Target client, enter the target client. Select the Execution tab.

3. 4.

Select Execute synchron. Choose the Options tab.

5.

The Options tab allows you to select special import options. These options correspond to the unconditional codes used when transporting at the OS level.

Chapter 16: Change Management

501

6.

Choose

7.

Choose Yes.

8. 9.

Under Remote logon, enter the correct Client number, User and Password. Choose .

502

System Administration Made Easy | Release 4.6C/D

10.

The import process begins and may run for a while. You can monitor the progress of the import by watching the process indicators.

11.

The Request number now appears with a green check, indicating that it was imported as a preliminary import.

Chapter 16: Change Management

503

Task

Import all requests


1.
At this point, all the requests shown in the input buffer will be imported and indicated in the Request column. Choose .

2. 3.

Enter the target client number. Choose the Execution tab.

4.

Select Execute synchron.

504

System Administration Made Easy | Release 4.6C/D

5.

Choose the Options tab.

6.

Choose

7.

Choose Yes.

8.

The import process begins and may run for a while. You can monitor the progress of the import by watching the process indicators.

Chapter 16: Change Management

505

9.

To refresh the screen periodically, choose

10. When completed, the message Import queue is empty appears. 11. Choose
.

Task

Check the transport log


1.
From the TMS screen, choose .

2.

Select the <SID> of the SAP R/3 system for which you want to check the transport log.

506

System Administration Made Easy | Release 4.6C/D

3.

From the menu bar, choose Goto tp system log.

4. 5.

Choose

(or from the menu bar, choose Edit Refresh).

Check the final return code:


I I I I

0 (Successful) 4 (Warning) 8 (Error) 12 (Fatal)-6

Anything other than a 0 or 4 is considered a failed transport.

6.

From the menu bar, choose Goto Transport steps (this was formerly known as alog).

Chapter 16: Change Management

507

7. 8.

From this screen, you can verify the request number and the return code for that request. The return code (indicated in column RC) is the same as in step 5 above.

By using TMS to review the transport logs, the inconsistency encountered in the OS method of viewing the transport log does not occur. The inconsistency is when the tp return code (received when the import is done) does not match the return code in the transport log. The following line would appear in the above screen: Request ALL SID SAS S S RC 0008

OS Method of Transporting
Adding a Special Transport Into the Import Buffer
Adding a special transport into the import buffer is normally not done. This task is only performed for special transports that are downloaded from SAP. The transport files have been moved into the appropriate directories. You must be on the target system. For example, if it is from development (DEV) to test (QAS) system, you must be on QAS.
Task

Add a special transport into the import buffer


1.
Go to the transport program directory:
I

NT:

<drive>:\usr\sap\trans\bin

508

System Administration Made Easy | Release 4.6C/D


I

UNIX:

/usr/sap/trans/bin

2. 3.

Check if file tpparam exists. If no, copy file tp_domain_<sid>.pfl into a new file and rename it tpparam. Load the transport into the import buffer with the following command: tp addtobuffer <transport> <target sid> tp addtobuffer P30K174511 DEV Where:
I I I I

Target system is DEV File is K174511.P30 Transport number is P30K174511 The transport number is derived from the transport file number, where the first three characters are the file extension (P30), and the rest of the name is the base name of the file (K174511).

4.

Import the transport.

Importing the Transport


You must be on the target system. For NT, on the target system, you must have mapped a drive to the shared directory (\sapmnt) on the source system (for example, where drive S: is mapped to \\devsys\sapmnt).
Task

Import the transport


1.
Go to the transport directory. NT: UNIX:

<drive>:\trans\bin /usr/sap/trans/bin

2.

Test your connection to the target system with the following command: tp connect <target sid> tp connect PRD

3.

Enter the transport command. To specify an individual transport, enter: tp import <transport> <target sid> client=<target client> tp import devk900023 PRD client=100 Where the: Transport number is devk900023

Chapter 16: Change Management

509

You may be instructed in an SAP Note or by the SAPNet hotline to use Unconditional codes or U codes. These are special program option switches that the tp program uses during the import process.
I

Target system is PRD Target client number is 100

To import the entire import buffer, enter:

tp import all <target sid> tp import all PRD

4. 5.

Record the start and finish time for the transport on the transport log or the transport form. Check the exit code. If you receive an exit code of 8 or higher, the import failed. You must resolve the problem and reimport the transport. If you get a return code of 8, there is a known condition where this return code does not match the transport log. This condition is described in Checking the Transport Log section below. Check the transport log.

In NT, use QuickSlice, an application included with the NT resource kit, and the CPU activity in the NT Performance Monitor to monitor the import process. After a few times, you will recognize the activity pattern of a transport. In UNIX, use the utilities top or xload to monitor the import process.

6.

Checking the Transport Log (Transaction SE10)


The transport log indicates why a transport failed. The information in this chapter is only a portion of the first half of the process, that is, determining if the transport succeeded or failed. The second half of the process, investigating why the transport failed, is not covered. If the transport involves an object such as an ABAP program or SAPscript layout, you will need the assistance of your programmers to determine why it failed and how to fix it. After the transport is completed, check the transports exit code:
I I

0 = OK 4 = Warning 8 = Error 12 = Severe Error

The transport could still have failed even if you did not receive a failed return code. The final test is to verify in the target system that the transport arrived properly. The developer and functional area owner are responsible for this verification.

I I

If you receive an exit code of 8 or higher, the import failed. You must resolve the problem and re-import the transport.
Task

Check the Transport Log


1.
In the Command field, enter transaction SE10 and choose Enter (or from the SAP standard menu, choose Tools Accelerated SAP Customizing SE10Customizing Organizer).

Note

Note: You must check the transport log from the transaction that released the transport (SE09 or SE10).

510

System Administration Made Easy | Release 4.6C/D

2.

On the Transport Organizer screen:

a. b. c. d.

Under Request type, select Customizing and Workbench Under Request status, deselect Modifiable, and select Released. Enter a date range in the Last changed From and To fields to limit the amount of requests to review. Choose

Display.

3. 4.

Select the request. Choose .

Chapter 16: Change Management

511

5.
A return code of 8 or higher is a failed transport.

On the Import line, check the return message and code:


I I I I

0 Successful 4 Warnings occurred 8 Performed with errors 12+ Transport was terminated
for the line with the warning.

6.

If you see a warning in step 5, choose

You may run into a rare inconsistency between the return code in this log and the return code when you ran the tp import program. This condition occurs when the tp program ends with a return code 8 (Error) and the log above shows a maximum return code of 4 (Warning). This inconsistency is caused by a step in the import that is not associated with the transport number (in the example RW6K9000079). Thus when the log is reviewed, the maximum return code of 4 [(and not 8) (Warning)] appears. However, it is still a failed transport. The TMS method does not have this inconsistency.

7. 8.

Choose

to drill down for additional details.

The status bar indicates how many levels you have drilled down.

512

System Administration Made Easy | Release 4.6C/D

PART SEVEN

Troubleshooting and Performance Overview

514

System Administration Made Easy | Release 4.6C/D

Part Overview
This section discusses basic system troubleshooting and performance issues. In the event that problems do occur, this section gives you general ideas of things to look for. This is a light section and does not replace the specialized books and classes that SAP has for this topic. It is meant to provide the basics to begin working from.

C H A P T E R

17

17

Troubleshooting

516

System Administration Made Easy | Release 4.6C/D

Overview
This chapter is a basic troubleshooting chapter, presenting you with some tools and techniques to help you solve the problem yourself. We do not go into advanced troubleshooting techniques. Troubleshooting is learned by doing; the more experience you have, the better you become. The next chapter is on performance tuning. Performance tuning is specialized troubleshooting. Troubleshooting techniques are also relevant for performance tuning.

Basic Troubleshooting Techniques


The general procedure when working on troubleshooting is not new. It is the standard problem solving procedure that has been in use for years by many professions. Your auto mechanic would follow the same procedure when repairing your car:
I I I I I I I

Gather data Analyze the problem Evaluate the alternatives Make a change Remember to make only one change at a time. Document the changes Evaluate the results

Gather Data
Ask the following questions:
I I I I

What is the problem? What error messages, dumps, or other diagnostic aids are available from the problem? What conditions caused the problem? Is the problem repeatable?

To analyze the problem, use your available tools, such as:


I I I

System Log (SM21) Update Failure (SM13) ABAP Dump (SM22)

Chapter 17: Troubleshooting


I

517

Spool (SP01)

Analyze the Problem


What are the resources you have to help solve the problem:
I I I I

Online documentation Reference books SAP Notes Other customers (this is your network)

If necessary, call consultants or the SAPNet help desk for assistance.

Evaluate the Alternatives


Are there any possibilities or resources you may not have considered?

Make only One Change at a Time


If there is a problem and you made several changes at once, you will not know which change caused or fixed a problem. There are times where several changes must be made to fix a problem. Unless they must be done together, such as related program changes, make the changes separately.

Document the Changes


If a change causes a problem, you must undo the change. To do that you must know what the configuration was before the change and what you did. If the change needs to be applied to multiple systems, you must know exactly what changes to make and how to do it. This process must be repeated exactly the same on all systems.

Get the Complete Error Message


When you get an error message in an SAP R/3 transaction, you need all the information on the error to forward to SAP. To get the complete error message, perform the following task.
Task

Get the complete error message


1.
When an error occurs, the field with the error is highlighted.

518

System Administration Made Easy | Release 4.6C/D

2.

Select the error message.

3. 4.

The error message appears in the dialog box. Record the relevant information from the screen to send to SAP.

Get the SAP Patch Level


This level is the SAP R/3 kernel patch level that is being used.

Chapter 17: Troubleshooting

519

This patch level is needed when submitting problem messages to SAP. It tells the hot line personnel your kernel patch level. Different problems are fixed in different patch levels.

Example

You are on patch level 50 and have a particular problem. The fix to your problem may have been done in patch level 61. This level identifies that the problem is an older kernel that contains the problem. The solution is to upgrade to the current kernel, at least patch level 61.
Task

Get the SAP patch level


1. 2. 3.
In the Command field, enter transaction SM51 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor System monitoring SM51-Servers). Select the central instance (for example, pa102058_SA1_00). Choose Release notes.

4.

Record the Patch level (for our example, we chose Patch level 620).

520

System Administration Made Easy | Release 4.6C/D

Determining What Support Packages Have Been Applied


A support package is an SAP-provided R/3 fix and is similar to an NT Service Pack. As with the SAP Patch level, problems you have may be related to the level of the applied support package.
Task

Display applied support packages


1.
From the menu bar, choose System Status.

2. On the System: Status dialog box, under SAP System data, choose

3. Choose the SupPack tab.

4.

In this example, the following patches have been applied:

Chapter 17: Troubleshooting


I I I I I I I

521

SPAM update 06/29/2001, 4.6C ver 0028. Support Package: ABA sp20 Basis sp16 R/3 sp16 Others listed offscreen Patch Status values are:
N The patch has not yet been applied I Patch has been successfully applied

? Patch application has been aborted

The name of a Support Package is interpreted as follows:


I I

SAPK<component><release><sequence_number> SAPKH46C01 is interpreted as SAPK/H / 46C / 01, and is for SAP R/3 4.6C and is the first Support Package.

522

System Administration Made Easy | Release 4.6C/D

C H A P T E R

18

18

Performance

524

System Administration Made Easy | Release 4.6C/D

Overview
This chapter discusses performance issues in SAP R/3. We provide only general guidelines, not detailed performance tuning instructions. It is not possible in one chapter to provide the breadth and depth of information available in the SAP training class or the Performance Optimization book. For more detailed performance tuning, we recommend the following resources:
I I I

BC315 R/3 Workload Analysis (the SAP Performance Tuning class) SAP R/3 Performance Optimization, by Thomas Schneider, SAPs TCC organization. Performance tuning is specialized troubleshooting. Because you are trying to solve performance issues, all troubleshooting techniques are also relevant.

Rather than using database and operating system-specific details, we will be using SAP R/3 transactions to access relevant database and operating system data where possible. This approach makes the information database and operating system independent.

Critical Assumption
The hardware, operating system, database, and SAP R/3 have been properly installed based upon SAPs recommendations. As with the design of this book, performance tuning must have a starting point. This point is the SAP-recommended configuration for hardware, database, operating system, network, and so on. A real example of a non-recommended configuration is where the operating system, the database, and SAP R/3 has been installed on a single logical drive. In this situation, all the drives in the server were configured in a single RAID5 array and treated as a single, huge drive. This situation created a classic condition known as head contention, where SAP R/3, the database, and the operating system all simultaneously competing for the same disk drive head. This is an example of a problem that is not new. Head contention existed in the early days of computing. The solution now is essentially the same as it was back then, to spread the data over multiple drives.

Priority of Evaluation
The SAP EarlyWatch group has determined that the majority of the performance issues and gains are from within SAP R/3. This gain is followed first by database issues, then operating system, and then hardware. We will primarily discuss SAP R/3 performance issues.

Chapter 18: Performance

525

General Procedure
The general procedure when working on performance issues is not new. It is the standard problem-solving procedure:
I I I I

Gather data Analyze the problem Evaluate the alternatives Make only one change at a time If a problem exists, you will not know which change caused a problem. There are times where several changes must be made to fix a problem. Even so, unless they must be done together, such as related program changes, make the changes one at a time.

Document the changes. If a change causes a problem, you must undo the change. To do that you must know what the configuration was before the change and what you did. If the change needs to be applied to multiple systems, you must know exactly what changes to make, and how to do it. This process must be repeated exactly the same on all systems.

SAP R/3
Note

One of the most common causes of SAP R/3 performance problems is poorly written custom (or modified standard) ABAP programs.

As a prerequisite, SAPOSCOL (SAP OS collector) service must be running. Also, periodic job SAP_COLLECTOR_FOR_PERFMONITOR must be running. Finally, wait at least 1 week to collect sufficient data for statistics to be useful.

Workload Analysis of the System (Transaction ST03N)


Workload analysis is used to determine system performance. You should check statistics and record trends to get a feel for the systems behavior and performance. Understanding the system when it is running well helps you determine what changes may need to be made when it is running poorly.
Task

Analyze system workload


1.
In the Command field, enter transaction ST03N and choose Enter.

526

System Administration Made Easy | Release 4.6C/D

2.

On the Administrator tab, to change to Expert mode, choose

3.

To select a time period to analyze:

a. b.

Choose Detailed analysis Last minutes load. Double-click on pa102058_SA1_00.

Chapter 18: Performance

527

4.

On the Last Minutes Load on <XXXXX> screen:

a. b. c.

Under Analysis Interval, enter the Date and Time period to be analyzed. Under Analysis parameters, enter how many minutes back to analyze. Choose .

5.

The different task types are shown. The task types are:
I I I I I I

AutoABAP Background Buffer synchr. Dialog RFC Spool

6.

Choose a task type.

528

System Administration Made Easy | Release 4.6C/D

7.

Choose

to view performance values for that Task type.

8.
Apply judgment when reviewing statistical values. If you just started the SAP R/3 system, the buffers will be empty and many of the statistics will be unfavorable. Once the buffers are loaded (takes approximately 1 week), values can be properly evaluated.

In the Details dialog box:

a. b.

Examine Average response time per step (ms). If the dialog value is less than 1,000 ms (1 second), the response time meets the target standard response time. For more information on Av. response time, see notes below. Choose .

9. 10.
The SAP R/3 user default for a decimal point is a comma. If your default profile for decimal point (point or comma) is not appropriately set, the display may be misread. For example, rather than 476.5 ms, it would read 476,5 ms.

Under Analysis views, select Transaction profile. Double-click on Standard.

Chapter 18: Performance

529

11. 12. 13.


Analysis of transaction ST03N is covered in BC315 (the Workload Analysis and Tuning class). We recommend you take this class.

Select the column heading Average response time (Res). Choose .

The programs and transactions are now sorted in average response time order.

A few standard functional transactions will exceed the one-second guideline. They include, but are not limited to the following: Type Create Sales Order Change Sales Order Display Sales Order Create Billing Document Create Delivery Maintain Master HR data Transaction VA01 VA02 VA03 VF01 VL01 PA30

Buffers (ST02)
The buffer tune summary transaction displays the SAP R/3 buffer performance statistics. This transaction helps in tuning SAP R/3 buffer parameters. The buffer is important because significant buffer swapping reduces performance. Look under Swaps for red entries. Regularly check these entries to establish trends and get a feel for buffer behavior.

530

System Administration Made Easy | Release 4.6C/D

Task

Display buffer performance statistics


1.
In the Command field, enter transaction ST02 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor Performance Setup/Buffers ST02-Buffers).

2.

The two important things to review on the above screen are:


I

Hit Ratio The target value is 95 percent and higher. Soon after starting the system, this value is typically low, because buffers are empty. The hit ratio will increase as the system is used and the buffers are loaded. It usually takes two hours to a day to load the buffers that are normally used.

Analysis of transaction ST02 is covered in BC315 (the Workload Analysis and Tuning class). We recommend you take this class.

Swaps The target value for the program buffer is less than 1,000. All other buffers have a target of 0. When the necessary data is not in the buffer, the system retrieves the data, but it cannot fit into the buffer because of filling level or fragmentation. Other objects are thrown out of the buffer to make room for the new data, which is called a swap. The swap value is reset to zero (0) when the system is restarted. If swaps exist, increase amount of memory allocated to the buffer. See SAP Note 103747.

Memory Defragmentation
A computers memory for program execution (PXA) behaves similar to a hard disk. As different programs execute, they are loaded into, and later deleted out of, memory. Over time, like a hard disk, the usage of the computers memory becomes fragmented with unused spaces scattered throughout.

Chapter 18: Performance

531

To defragment the PXA buffer, stopping SAP R/3 is sufficient. You do not need to restart the database to preserve the database cache.

At a certain point you may have sufficient free memory (the total of all the unused spaces), but not a contiguous (single) piece of memory large enough to allow certain programs to execute. At that point, those types of programs attempting to run that need contiguous memory will fail because they cannot be loaded into memory. To defragment the systems memory: 1. Stop SAP R/3. This step requires stopping only SAP R/3 on all application and database servers. (For more information, see Starting the SAP R/3 system on page 88. ) 2. Restart SAP R/3. You only need to restart SAP R/3, you do not need to cycle the server.

TechTalk

When SAP R/3 is restarted, the buffers are refreshed. This process means that the first person who accesses the buffered object will have a long response because the system must get the data from the database and load it into the buffer. The second person who accesses the same data will have a normal (quick) response time. This process repeats until all normally used objects are loaded into the buffer, which usually takes up to a day to accomplish. The program buffer is filled without fragmentation with the programs that were in the buffer during shutdown.

Database
See chapters 9 through 12 (Database Administration) for the database-related performance tuning transactions:
I I

Activity - ST04 Tables/Indexes - DB02

Operating System
Operating System Monitor (OS07)
The operating system monitor allows you to view relevant operating system and hardware details. The operating system-related detail shows information such as:
I I

Memory paging Operating system log

532

System Administration Made Easy | Release 4.6C/D

In addition, the following hardware details are available:


I I

CPU utilization Free space on disks

Certain operating system items will impact SAP R/3 performance. To view the Operating System Monitor, ensure that SAPOSCOL service is running.
Task

View the Operating System Monitor


1. 2. 3.
In the Command field, enter transaction OS07 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor Performance Operating System Remote OS07-Activity). Select the appropriate server. Choose .

CPU idle average should be > 20% during working days. Otherwise CPU contention probably exists. Paging:
I

4.

The following screenshot is a snapshot of the CPU, Memory, Swap, and Disk response data.

Unix: paging OUT rates should be less than 300 MB/hr. NT: paging IN rate should be less than 500 MB/hr.

Chapter 18: Performance

533

5.

To analyze, choose Detail analysis menu.

6.

Under Performance database, choose Compare recent days.

534

System Administration Made Easy | Release 4.6C/D

7.

This screen shows recent days value of the server.

8.

This window shows the memory paging and free memory over time.

Chapter 18: Performance

535

9.

This is the Operating System Log.

Hardware
CPU and Disk
Also see Operating System Operating System Monitor (OS07) to get data on:
I I

CPU utilization Free space on disks

Memory
Physical access to the drives is the slowest activity. The hardware item that has the largest effect on SAP R/3 performance is memory. The SAP R/3 system uses memory extensively. By keeping data in buffer, physical access to the drives is reduced. Thus, in general, the more memory you have, the faster SAP R/3 will run.

536

System Administration Made Easy | Release 4.6C/D

PART EIGHT

Miscellanous Topics Overview

538

System Administration Made Easy | Release 4.6C/D

Part Overview
This section discusses the SAP Service Marketplace, SAPs remote services (SAPserv and EarlyWatch) and special maintenance items. The special maintenance items are important tasks which would normally be performed infrequently, but that you may be called upon to perform them.

C H A P T E R

19

19

SAP Service Marketplace

540

System Administration Made Easy | Release 4.6C/D

Overview
SAP Service Marketplace is the Internet access to SAP resources and SAP Service Marketplace (formerly known as SAPNetR/3 and OSS) functions such as:
I I I

Registering developers and objects Searching for SAP Notes Downloading support packages

We recommend that you use SAP Service Marketplace as your primary SAPNet access method. For most companies with an existing (flat fee) internet access line, the cost of the internet access is already paid for. The SAP service connection required for the SAPNet-R/3 transaction (OSS1), if using ISDN, is an additional per-minute cost.

Most of the OSS functions have been migrated to the SAP Service Marketplace. However, not all OSS functions will be migrated. The opening and use of the SAP service connections for EarlyWatch and SAP hotline access to customer systems are available from your SAP R/3 systems Command field, with transaction OSS1. We will demonstrate how to open the service connection in SAPNet-R/3 at the end of this chapter. The prerequisites to use SAP Service Marketplace are:
I I I

An internet connection A browser. SAP Service Marketplace works better with Microsoft Internet Explorer. A valid SAPNet/OSS user ID and password

Note

The SAP Service Marketplace has gone by different names in the past, such as SAPNet, www.sap.com, and service.sap.com. Be aware that the name may change in the future.

Logging on to SAPNet
The following task outlines how to log on to SAPNet.
Task
Log on to SAPNet

1.

In your web browser, in the Address field, enter service.sap.com.

Chapter 19: SAP Service Marketplace

541

2.

Choose Enter Now.

3.

In User Name, enter your OSS/SAPNet user ID. In Password, enter your OSS/SAPNet password.

Note
If this is your first time using the SAP Service Marketplace, you can choose whether to see a standard page or a personalized page. Choose your option and choose the Access now! button. For our example, we are using the standard page.

4.

5.

Choose Quick Links.

542

System Administration Made Easy | Release 4.6C/D

6.

From here you can select the topic you are interested in and go directly there, without having to navigate a menu that would change.

Navigation
This task gives you a basic overview of navigation in SAPNet.

Navigating SAPNet
1.
On the main window of the market place page, choose Support.

Task

2.

The Support main screen appears.

Chapter 19: SAP Service Marketplace

543

3.

Most of the SAPNet functions used by systems administrators are grouped in this screen.

Solving a Problem with SAPNet


Note
SAP Notes were formerly known as OSS Notes. If you have a particular problem or question, you should search:
I I

The online documentation SAP Notes

This large database contains problem notes.

544

System Administration Made Easy | Release 4.6C/D

Search for SAP Notes


1.
Scroll down the Quick Links window to choose NOTES.

Task

2.

The search can be done in one of many different ways:


I

You can use a text search with the following options: AND the note must contain all of the words in the search text field OR the note must contain at least one of the words in the search text field PHRASE the note must contain the words in the exact order specified in the field.

You can also specify the specific: Note Number

Note
You cannot simultaneously specify a Note Number and Search Text.

R/3 Release
Application Area Database

Chapter 19: SAP Service Marketplace

545

3.

On the SAP Notes Search screen, in each of the following fields, enter the following text:

a. In Search Text, enter the text to search for (for example spool system). b. In Search Mode, select all given words (AND). c. In Release, enter the relevant release number (for example 46C). d. In Database, enter a database name. e. Choose Submit.

4.

The results from the criteria are displayed. Each page contains 20 hits.

546

System Administration Made Easy | Release 4.6C/D

5.

Choose the first note.

6. 7.

Review the note. Close this window and return to the SAP Notes list.

Chapter 19: SAP Service Marketplace

547

Customer Messages
If you have searched both the online documentation and SAP Notes and not found the answer to your question or problem, then you should submit a SAPNet message for assistance.

Note
The SAPNet customer message function is not meant to replace consulting. Messages entered into SAPNet are for reporting and getting resolution on SAP problems or bugs. If a message is interpreted as a request for consulting information, it will be returned to you, and you will be advised to seek consulting assistance.

Entering Customer Messages


Include as much information as possible in your message, so the SAPNet Hotline consultants can help you. Indicate where in the online documentation you have searched and which SAP Notes you have reviewed.

Priority table
Assign your message a priority from the following table below: Priority Very High Situation
I I

In your production system, only for system or application shutdown

In your nonproductive system, during a critical project phase An Online Service System/SAPNet consultant reviews these messages within 30 minutes of arrival. If the problem does not fall within the defined description for a very high priority problem, the priority is immediately reduced. Do not assign a message this priority if you cannot be available to receive a call back from SAP. If SAP attempts to call you and you cannot be reached, your message may be downgraded. High When important applications or subprograms fail in function, or for a system shutdown in a nonproductive system. For errors with less serious consequences than the above two cases, where the operation of the productive system is not seriously affected. For minor errors, such as documentation errors, typographical mistakes, and so on

Medium

Low

548

System Administration Made Easy | Release 4.6C/D

Use care when assigning a priority to your message. If the problem does not meet the Very High criteria, assigning the message this priority will not guarantee you a quicker response time.

The following list contains hints that can improve total problem resolution time:

Component
If you know the specific component, assign it. If you do not know it, do not assign to a detailed component level (for example, assign it to level 3, BC-CCM-PRN rather than a level 4, BC-CCMPRN-DVM). The Online Service System Hotline consultant can assign a specific component. If you assign the message to a wrong component, and it is forwarded to the incorrect person, time is lost. It will take that much more time to resolve your problem. Be aware that the cause of the problem may be in an area other than the module you are working on.

Problem Description
Be clear and descriptive. The better the information you provide, the better the results. Information that is clear to you may not be clear to the hotline consultant. Provide enough data so that SAPNet Hotline personnel will not have to ask additional questions before beginning work on your problem.
I I I I I I I I

Examples of complete data includes: If there is an error message, enter it exactly as it appears. Provide the transaction or menu path describing where the error or problem occurred. Indicate if the problem can be duplicated on your test system. Describe the circumstances that created the problem. Describe anything unique about the data entered in the transaction where the problem occurred. List which problem-related SAP Notes that have been reviewed and which notes have been applied. List which actions and research you have already performed.

Keep your system technical information in SAPNet current and correct. This information is used by hotline personnel when they work on your problem.

The following examples are messages in which the SAPNet hotline requires more information before beginning on the problem:
I I

FB01 does not work. The system is slow.

Chapter 19: SAP Service Marketplace

549

Task
Enter customer messages

1.

Scroll down the Quick Links window to choose MESSAGE.

2.

Choose Start Message Wizard.

550

System Administration Made Easy | Release 4.6C/D

3.

On the next screen:

a. b.
I I I

Under Reporter, check that the values in the fields are correct. If it is not, you must use SAPNet-R/3 to correct your user information. In System type, select the type of your system: Development Production Test In Installation, choose the installation that your message is for. In Release, choose the SAP R/3 release of your system from display options. In Add-on, choose the add-on that you are running. In Add-on release, choose the release of the add-on. Choose continue.

c. d. e. f. g.

Chapter 19: SAP Service Marketplace

551

4.

On the next screen:

a. b. c. d.

In Per system (operating system), click the down arrow and choose your operating system. In Database, click the down arrow and choose your database. In Frontend, click the down arrow and choose your frontend. Choose continue.

552

System Administration Made Easy | Release 4.6C/D

5.

On the next screen:

a. b. c. d.

Under Classification, in Priority click the down arrow and choose the appropriate priority for your message. Use the table on page Entering Customer Messages to determine the proper priority level. In Components, entering the fields in order (from 1 to 3), click the down arrow and choose the component for the message. Choose continue.

Chapter 19: SAP Service Marketplace

553

6.

On the next screen:

a. b. c.
To control access to your system and mange how long the service connection is open, request that you be contacted to:
I I

In Language, click the down arrow and choose the language for the message. In Short text, enter a short (one line) problem description. In Long text, enter a complete description of the problem. See Problem Description on page 548. Choose Send to SAP.

d.

Get the password Open the SAP service connection

7.

The message on the top indicates the message is sent to SAP successfully

554

System Administration Made Easy | Release 4.6C/D

Viewing Customer Messages


The response to your message is often in the form of an electronic message, rather than a telephone call. It is, therefore, important to monitor the status of your messages. Make sure your SAP user id has your correct email address and phone number. You may get an email when SAP support response.
Task

View customer messages


1.
On the SAP Service Marketplace screen, on the menu bar, choose Inbox.

2.

Click on the message under Customer messages customer action.

3.

Here you can view the response from SAPNet consultant under Communication. In this example, we must provide the password for the consultant to access the system

Chapter 19: SAP Service Marketplace

555

4.

Scroll down to the bottom and choose Access data.

5.

Choose Create.

6.

Enter system access data such as User-ID and Password in the field.

556

System Administration Made Easy | Release 4.6C/D

7.

Choose Save changes.

8.

In the Customer message wizard window, choose Info for SAP.

Chapter 19: SAP Service Marketplace

557

9. 10.

Scroll down to the bottom and type in any information in the Memo box. Choose Send to SAP.

11.

The message on the top indicates the message is sent to SAP successfully.

558

System Administration Made Easy | Release 4.6C/D

Task

Confirm customer messages


1. 2.
Under Customer message wizard window, scroll down to the bottom. Choose Message is not relevant anymore.

3.

Choose OK.

Chapter 19: SAP Service Marketplace

559

4.

The Status of the message is changed to Confirmed.

Registering a Developer or Object


To modify an SAP object, both the developer and the object that will be modified must be registered with SAP. A developer, once registered for the installation, does not have to register again. Similarly, an SAP object once registered for the installation, does not have to be registered again. It is for this reason that on the registration screen either or both the developer or object access key would be required.
I I I I

Only an SAP-registered developer can make changes to SAP objects. Restricting access to registered developers provides a record of who has made changes to the system. Registering an SAP object provides a record of which SAP objects have been modified by the customer. The assumption is that if you requested an object access key, you will be modifying the object.

See the following sections for registering a developer and an SAP object.

560

System Administration Made Easy | Release 4.6C/D

Registering a Developer
To modify an SAP object, the developer needs to be registered with SAP. Once registered for the installation, the developer does not have to register again. Only an SAP-registered developer can make changes to SAP objects. Restricting access to registered developers provides a record of who has made changes to the system. In the following procedure:
I I I

The developer requests a developer key The system administrator obtains the key The developer enters the key
Task

Developer requests developer key


1.
This screen is seen by the developer when a developer key is required.

a. b.

If the Access key for developers is blank, you must obtain a developer access key. Give the developers User name (2) to the system administrator to get a developer access key.

Chapter 19: SAP Service Marketplace

561

Task

System administrator gets the access key


1.
Scroll down the Quick Links window to choose SSCR.

Note

2.

On the SSCR screen, you can register and get keys for:
I I

From this window you can also find out what developers you have registered.

Developers SAP objects that will be changed

562

System Administration Made Easy | Release 4.6C/D

Task

Register a developer
1.
Choose Registration.

2. 3.

Select Register Developer. If your site has several SAP R/3 installations, select the one for which you wish to perform registrations.

4.

In Developer, enter the developers user ID.

Chapter 19: SAP Service Marketplace

563

5.

Choose Register.

6.

The registration information for the developer is displayed. If the registration date is not todays date and the registration name is not the name of the user who just submitted the request to register a developer, the developer has been previously registered.

7.

Record the Registration key either on paper, or copy and paste into an email. The generated key enables the user to create or change customer objects and change SAP objects. The registration is done only once for each developer.

8.

Send the registration key to the developer.

564

System Administration Made Easy | Release 4.6C/D Enter the Developer Key
The following task must be done in the development system.
Task

Enter the developer key


1.
In the first Access Key field, the developer enters the key received from the system administrator.

Task

Delete a developer
1.
On the same screen that was used to register a developer:

a. b.

In Developer, enter the user ID of the developer to delete. Choose Delete.

Chapter 19: SAP Service Marketplace

565

2.

A message appears on the screen showing the developer was deleted. To check if the deletion is successful, choose Show, which displays a list of developers.

Registering an Object
Registering an SAP object provides a record of which SAP objects have been modified by the customer. The assumption is that if you requested an object access key, you will be modifying the object. If the customer modifies an object and problems arise, resolving the problem may be the customers responsibility. If an object is not modified and problems arise, resolving the problem is SAPs responsibility. In the following procedure:
I I I

The developer requests a developer key The system administrator obtains the key The developer enters the key

566

System Administration Made Easy | Release 4.6C/D

Task

Developer requests object key


1.
This screen is seen by the developer when an object key is required:

a. b. c.

If the object Access key is blank, you must obtain an object access key. Give the three object fields to the system administrator (for example, R3TR, PROG, RSPARAM). All three fields are required to obtain the object key. If you are in a mixed release environment, also give the system administrator the SAP Release for the system.

Chapter 19: SAP Service Marketplace

567

Task

System administrator gets the access key


1.
Scroll down the Quick Links window to choose SSCR.

Note

2.

On the SSCR screen, you can register and get keys for:
I I

From this screen, you can also see what objects you have registered.

Developers SAP objects that will be changed

3.

Choose Registration.

568

System Administration Made Easy | Release 4.6C/D

Task

Register an object
1. 2.
Select Register Object. If your site has several SAP R/3 installations, select the one for which you wish to perform registrations.

3.

TADIR is the table that contains SAP R/3 repository objects. Information must be entered in the following fields:
I I I

Program ID Object Object name

In this example, we wish to change a program (PROG) named RSPO0041. The entry is R3TR / PROG / RSPO0041.

4.

Select Advance correction to apply an SAP Note, and this note is an advance correction.

Chapter 19: SAP Service Marketplace

569

5.

Choose Register.

6.

Registration information for the object is displayed. If the registration date is not todays date and the registration name is not the name of the user who logged onto SAPNet, the object has been previously registered in this installation. Record the Registration key. Return to the Online Services main screen.

7. 8.

570

System Administration Made Easy | Release 4.6C/D Enter the Object Key
The following task must be done in the development system.
Task

Enter the object key


1.
In the second Access key field, the developer enters the object key received from the system administrator.

Task

Delete an object
1.
From the Register Object Screen:

a. b.

In TADIR Object, enter the Program ID/Object/Object name for the object to delete. Choose Delete.

Chapter 19: SAP Service Marketplace

571

2. 3.

Delete information for the object is displayed. To check whether the deletion is successful, choose Show, which displays a list of developers.

SAP Software Center


The SAP Software Center is formerly known as Online Correction Support (OCS). It provides information and tools to retrieve support packages, legal change packages, SPAM updates, and so on.

572

System Administration Made Easy | Release 4.6C/D

Task

Enter the SAP Software Center


1.
Scroll down the Quick Links window to choose SWCENTER.

2.

This screen shows the main page of the software center.

Chapter 19: SAP Service Marketplace

573

Getting the Latest SPAM version


Make sure that you have the latest version of the SAP Patch Manager or SPAM on your SAP R/3 system before you apply any support packages.
Task

Get the latest SPAM version


1.
To get the latest SPAM version, in the right frame, expand Download Support Packages SPAM/SAINT Updates.

574

System Administration Made Easy | Release 4.6C/D

2.

Choose SPAM Updates.

3.

Choose the SPAM update for your release. Use the version (for example, Version 46C/0028) to determine if the SPAM update is a newer version than what you have. The transport number for an SAP R/3 release (example SAPKD00040) does not change.

Chapter 19: SAP Service Marketplace

575

4.

Choose Download.

5. 6.

Select Save this file to disk. Choose OK.

7.

On the Save As dialog box:

a. b.

Specify the directory where you want the update to be saved. Choose Save. The downloading process begins.

576

System Administration Made Easy | Release 4.6C/D

8.

Choose Close.

Task

Download support packages


1.
On the download screen, from the right frame, expand R/3 Support Packages.

Chapter 19: SAP Service Marketplace

577

2.

Select the appropriate release (for example, select R/3 4.6C on the right frame).

3.
Make sure that your system has enough file space to:
I I I

Under the Title column, choose the appropriate support package. The file size column tells you how large the patch file is.

Download the patch Upload the patch into usr/sap/trans/EPS/in Create the transport file in usr/sap/trans/da

4.

From this screen, you have the following options:


I I

Download the support package View the related SAP Notes that apply to the support package

578

System Administration Made Easy | Release 4.6C/D


I

View the objects that are affected by the support package

Task

View notes related to the specific support package


1.
On the Option screen, choose R/3 Note.

Chapter 19: SAP Service Marketplace

579

2.

The listed notes appear. To display a note, choose the note.

3.

You can print the note or save it, using the browser menus.

580

System Administration Made Easy | Release 4.6C/D

Task

Download the support package


1.
On the Option screen, choose Download.

2.

On the File Download dialog box:

a. b.

Select Save this file to disk. Choose OK.

Chapter 19: SAP Service Marketplace

581

3.

On the Save As dialog box:

a. b.

Specify the directory. Choose Save.

4.

The downloading process begins.

5.

After the download has completed, choose Close.

After downloading the support packages (whether SPAM update or support package), there are two ways to upload the support packages into the SAP system:
I I

Upload from frontend Upload from application server

1. Unpack the patch archive file (see Unpacking a CAR file in chapter 22).

582

System Administration Made Easy | Release 4.6C/D

2. Copy the resulting *.ATT and *.PAT files to the /usr/sap/trans/EPS/in subdirectory. Useful SAP Notes 83458 97621 169142 36579 152170 169329 86161 69224 173814 Description OCS Info: Downloading patches from SAPNet OCS Info: Online Correction Support (OCS) Online Correction Support (OCS) Questions and answers on the topic: SSCR Migration of support functions to SAPNetWeb frontend New functions in the SAPNet as of 09/0506/99 Registering developers and objects Access to the SAPNet server via OSS User ID OCS: Known problems with Support Packages Rel. 4.6

Connecting to SAPNet
Prerequisites
If you have an ISDN connection, the telephone bill can become high. ISDN is normally billed by the minute of connect time. Manage the time that you are connected to SAPNet-R/3, or you could get a large phone bill for your SAP service connection. Check with your networking person or company about how your SAP service connection is configured. Some will hold the ISDN connection open even if there is no traffic, which could result in an even larger phone bill. The SAP Service connection must be set up and working, the SAProuter must be installed and configured, and the OSS1 technical settings must be configured. You must have a valid SAPNet/OSS user ID and password for your company
Task

Connect to SAPNet
1.
In the Command field, enter transaction OSS1 and choose Enter.

Chapter 19: SAP Service Marketplace

583

2.
Once you pass this screen, the SAP service connection is open, and the ISDN billing meter is running.

Choose Logon to SAPNet.

3.

On the Select a Group dialog box:

a. b.

Select 1_PUBLIC. Choose Continue.

584

System Administration Made Easy | Release 4.6C/D

4.

On the next screen:

a. b. c. d.

In User, enter your OSS/SAPNet user ID. In Password, enter your password. In Language, enter your language preference (for example, EN for English). The default language is English. Choose .

5.

This screen shows System News. We recommend that you periodically review these headlines to see if any apply to your systems configuration. Choose Continue.

Chapter 19: SAP Service Marketplace

585

6.

The Inbox is the main SAPNetR/3 screen.

Opening a Service Connection


Note
For security reasons:
I

A service connection allows SAPNet/OSS Hotline and EarlyWatch personnel to remotely access your system.
I

The customer opens this connection. SAP cannot access the customers system until the customer opens the connection. The service connection functionality is not available via SAPNet-web.

SAPNet Hotline personnel use the connection to remotely examine and diagnose your system while investigating your question or problem.

586

System Administration Made Easy | Release 4.6C/D


I

EarlyWatch consultants use the connection to remotely review performance and system configuration.

Note
You can only specify the length of time for a connection to remain open, not the start time. To schedule the time when a service connection will open, you must apply SAP Note 170102. This note is valid back to Release 3.1G.

To manage your telephone expense:


Tips & Tricks

Request that SAPNet consultants call to request that the connection be opened at a specific time for a specified duration. Open the connection at the time they request.

Order of Access to Systems


Try to first duplicate the problem in your development or test server, and have SAP access that server first. As a last resort, and only if the problem cannot be duplicated on the development or test server, grant access to the production server. Problem solving may require making an entry into the system to observe the problem. Testing is not an activity that should be done in the production system. Entering test data, even if reversed, could affect operational statistics. If the problem is basis related, an accident could result in a disaster. Review the following SAP Notes for further information: SAP Note 31515 169296 169329 170102 171569 Description Service connections Integrating service connections into maintain system data New functions in the SAPNet as of 09/0506/99 Automatic opening of a service connection Maintaining service connection in system data maintenance

Chapter 19: SAP Service Marketplace

587

Open a service connection


1.
On the main SAPNetR/3 screen, choose Service.

Task

2. 3.

Under Service, choose Service connection. Under Service Connection, choose Service connection.

588

System Administration Made Easy | Release 4.6C/D

4.

Scroll down to find your system. Depending on your installation, this screen will be different.

5. 6.

Select the <SID> of the system to open the connection to (for example, SA1). Choose .

7. 8.

Expand Service selection by clicking the + sign next to it. Under Service selection, select R/3 Support.

Chapter 19: SAP Service Marketplace

589

9.

Choose

10. 11. 12.

To select the user contact, choose Choose Choose . .

13. 14.

The success message is shown in status bar. Under Connections, select the appropriate type of connection. (It is usually R/3 Support).

590

System Administration Made Easy | Release 4.6C/D

15.

Choose

16. 17.
To schedule the time when a service connection will open, you must apply SAP Note 170102. This note is valid back to Release 3.1G.

Enter the duration of the connection (in Days and Hours). Choose .

Chapter 19: SAP Service Marketplace

591

Note
Note: To manually close the connection, select the open connection and choose delete. Choose Yes when prompted for confirm action.

18.

The connection status is shown.

592

System Administration Made Easy | Release 4.6C/D

C H A P T E R

20

20

Remote Services

594

System Administration Made Easy | Release 4.6C/D

Overview
This chapter tells you about SAPSERV and EarlyWatch. The information in this chapter should help the user understand how to:
I I I I

Retrieve files from SAP and SAPSERV Connect to SAPSERV Download files Arrange for an EarlyWatch session

Retrieving Files from SAP, SAPSERV


SAPSERV is a series of servers that contain patches and other downloadable files for customers (for example, the U.S. server is SAPSERV4). The difference between the various SAPSERV servers is the name, the IP address, and the location (see table below). Many of the functions previously available only on SAPSERV are now available on the SAP Service Marketplace. However there are still functions that are only available on SAPSERV.
Location Walldorf Foster City Tokyo Sydney Singapore Host sapserv3 sapserv4 sapserv5 sapserv6 sapserv7 IP Address 147.204.2.5 204.79.199.2 194.39.138.2 194.39.139.16 194.39.134.35 Long Hostname sapserv3.wdf.sap-ag.de sapserv4.sfo.sap-ag.de sapserv5.tyo.sap-ag.de sapserv6.syd.sap-ag.de sapserv7.sin.sap-ag.de

The following types of files are retrieved from SAPSERV: If you cannot connect to SAPSERV, you may not be on the machine where SAProuter is installed. The SAProuters at SAP are configured to only recognize their counterpart SAProuter on the customers side. Therefore, you must connect from the computer where the SAProuter is installed and running.
I I

Updates to the SAP R/3 system kernel. Various patches, such as: SAP R/3 system Database SAP GUI

Miscellaneous downloadable files.

Chapter 20: Remote Services

595

You can connect to, navigate within, and download files from SAPSERV4 using:
I I I

Command prompt Windows FTP GUI client Internet browser

NT
For ease of use and navigation, use an FTP GUI client to access SAPSERV. You must either be physically on the NT server where the SAProuter is installed, or use a remote control program to take over the server where the SAProuter is installed.

UNIX
You must either be physically on the UNIX server where the SAProuter is installed, or telnet to the server where the SAProuter is installed.

Connecting to SAPSERV Using a GUI (NT)


In this guidebook, we use only one of the many available FTP clients. Other FTP clients are listed in the resources section of appendix A. SAP does not endorse any particular product. Also, it is your responsibility to perform compatibility testing to determine if the software you select functions on your system without conflict (for example, without crashing the system). Using an GUI-based FTP client is much easier than using the command prompt. Before attempting a connection to SAPSERV using a GUI, make certain that:
I I I

The SAP service connection to SAPSERV has been established, tested, and is functional An FTP client is installed on the computer where the SAProuter is located The FTP client has been configured with the following parameters: IP address of SAPSERV, 204.79.199.2 Login user ID, FTP User password <your e-mail address> Directory to download files to on the client PC (optional)

An FTP Client Example


The following example of an FTP client is courtesy of Van Dyke Technologies.
Task

Connect to SAPSERV with an FTP client


1.
Start the FTP client program.

596

System Administration Made Easy | Release 4.6C/D

2.

Connect to SAPSERV.

Note

3.

The directory and file that you need will be in the SAP Note or other document that instructs you to get it from SAPSERV.

Navigate down the tree structure to the directory that contains the file(s) you need.

4. 5.

In some directories, you may want to download and read informational files (.message and *.info). Select the file(s) you want to download.

Chapter 20: Remote Services

597

6. *.CAR (program) files must be downloaded in binary format.

Connecting to SAPSERV Using the Command Prompt


Navigating in SAPSERV
SAPSERV is a UNIX server. If you usually use Windows-based systems, UNIX has some important differences:
I

UNIX is a case-sensitive operating system, whereas Windows NT is not. When navigating in SAPSERV or downloading a file, enter the directory or filename exactly as it is displayed (for example, in UNIX, Rel40B is not the same as rel40b). UNIX commands differ from NT commands. For example, in NT, you type dir to get a list of files in a directory. In UNIX, you type ls.

598

System Administration Made Easy | Release 4.6C/D

Important UNIX commands: Command ls cd get bin bye Definition List (similar to dir in NT and DOS) Change directory Get or download a file Switch to binary mode to download programs Log off

Connecting at the Command Prompt


Note

In this example, the file(s) will download to the root directory of the C drive.

Both UNIX and NT use a command prompt window, and the commands entered are the same. The NT command prompt window is shown in the following example.
Task

Connect to an FTP server from a command prompt


1. 2. 3.
The directory you are currently in is the directory into which file will be downloaded. To download the file to a different directory, change to that directory after you open the command prompt window and before you enter the FTP command. Open a Command Prompt window. As an option, you can change to your download directory. Enter ftp 204.79.199.2

4. 5.

Enter ftp at the User prompt. Enter your e-mail address at the Password: prompt.

If your network personnel put sapserv4 into the hosts file or DNS, you can enter ftp sapverv4 after the prompt.

Chapter 20: Remote Services

599

6.
A portion of the SAPSERV directory structure is provided at the end of this chapter to help you navigate within SAPSERV.

From this screen, use the cd command to navigate through the directory structure.The navigation commands are cd and ls.

7.
In NT, to increase the screen buffer size and prevent the text from scrolling off the screen: On the NT desktop, choose My Computer Control Panel Console Layout tab. (In Windows 2000, open the command prompt and place the cursor on the title bar. Right click on the mouse and choose Properties Layout tab.) Under screen buffer size, increase the height to 100.

This is the directory for Release 4.0b HPUX Oracle We recommend that you download and read informational files (.message and *.info). Remember the name file you want to download, because you will enter the filename later. The files indicated are only for example.

8. 9.

600

System Administration Made Easy | Release 4.6C/D

Downloading Files
Make sure that you download patches, kernels, transports, and other files in binary format. Also, many of the files are in *.CAR archives. To unpack these files, use the CAR program (see Unpacking a CAR file on page Unpacking a CAR or SAR File).
Task

Download a file
1.
If the file is a text file, go to step 2. If the file is a binary file (such as a patch, kernel, or a .CAR transport):

a. b. 2. 3.

At the ftp prompt, enter bin. Choose Enter.

To download the file, enter get <filename> (for example, get sapdba_123.CAR). Filenames are case sensitive. Choose Enter.

4. Wait for the download to finish and the ftp prompt to appear.

5.

This screen shows an example of an information file, in this case dw.info (a text file that contains the patch level of the kernel).

Chapter 20: Remote Services

601

6.

Scroll down to view a listing (by patch level) of what is fixed in the kernel patch.

602

System Administration Made Easy | Release 4.6C/D

Partial Organization of SAPSERV


Not all directories on SAPSERV are listed or expanded. For those that are similar (release, database, operating system), only one is expanded in detail. Over time, the directory structure may change or be reorganized. See below for the SAPSERV structure.
general ----------------------------------------------------------for all corrections that generally apply to customers 3rdparty --------------------------------------------database and hardware specific adabas compaq datageneral db2 informix mssql oracle sni (Seimens) frontend patches ----------------------------------patches to the SAPGUI rel31H rel31I rel40A rel40B windows win16 win32 rel45A sapgui -----------------------------------released SAPGUI apple nt 30f 30f_r2 31G 31H 40A pre _release os2 win saplpd (spool) barcode NT WIN LPRINT alphaosf hp NT rm600 rs6000 sun WIN NT rel30F rel31G rel31H rel40A rel40B rel45A rel45B WIN R3server abap note .*-------------------------corrections specific to a note number binaries

Chapter 20: Remote Services

603

NT support i386 UNIX languages Note .*-------------------------specific note numbers patches -----------------------------------R/3 patches, where most of the downloads will be COMMON ------------------Kernel, release-independent pr ograms NT i386 ---this dir has car.exe, sappad.exe, tar.exe OS400 UNIX NT ALPHA I386 ---------------this dir has car.exe, sappad.exe, tar.exe MSSQL rel31H rel31I rel40A rel40B -----------------------Kernel release, OS, hardware, db specific programs NT I386 MSS --------------MS SQLserver ORA --------------Oracle OS400 UNIX AIX DEC HPUX ORA HPUX_SHM RELIANT SOLARIS rel45A

Unpacking a CAR or SAR File


A CAR file is a packaged file similar to a ZIP file. Like a ZIP file, a CAR or file may contain multiple files. SAP delivers transports, patches, and other programs and files in CAR files. To use the contents of these files, you must unpack them using car.exe. As of Release 4.6C, SAP offers a new archiving tool SAPCAR.exe. According to the replacement of CAR, the extension of the archive files delivered by SAP changes from .CAR to .SAR. The command line interface of SAPCAR is downward compatible with the command line interface of CAR. For more information, see SAP Note 212876. Please note that .SAR files can only be unpacked by the SAPCAR program. To get car.exe or SAPCAR.exe: 1. Get car.exe or SAPCAR.exe from SAPSERV (for the latest version):

SAPSERV4/general/R3server/patches/COMMON/NT//<hardware>
If your version of the SAPCAR program is older than six months, replace it with the latest version. Check the following directory: SAPSERV4/general/R3serve r/patches/<rel>/<OS>/<hard ware>

SAPSERV4/general/R3server/patches/COMMON/<OS>/<hardware>
2. From the directory : NT: UNIX:

\usr\sap\<sid>\sys\exe\run\ /usr/sap/<sid>/SYS/exe/run

3. Create an installation directory where you unpack files (for example, d:\sap\unpack). 4. Copy the file car.exe or SAPCAR.exe into this directory.

604

System Administration Made Easy | Release 4.6C/D

Task

Unpacking a file
1.
To reduce confusion: Begin the unpacking session with only the SAPCAR.exe program in the unpacking directory. Handle only one CAR or SAR file at a time. Complete everything for that file before proceeding to the next file. Copy the file to be unpacked into the unpacking directory (for example, sapdba_123.car). Open a command prompt window. Change to the unpacking directory. Execute the unpack command, car xvf <file-name> (for example, car xvf sapdba_123.CAR). The file will be unpacked into the unpacking directory. Move the unpacked files to where you need them. Clean the unpacking directory by deleting all files except the car.exe file.

2. 3. 4.

5. 6. 7.

Special SAPNet Notes


Note # 29372 63786 63845 96885 212876 Function Unpacking CAR archives FAQ Frequently Asked Questions: sapservX Corrections on SAPSERV4 searching for files Downloading a front-end patch from SAPSERVx The new archiving tool SAPCAR

Chapter 20: Remote Services

605

EarlyWatch Service
The underlying concept of EarlyWatch is to prevent problems before they occur or escalate. EarlyWatch diagnoses a systems potential problems and resource bottlenecks so they can be resolved in advance.

During an EarlyWatch session, performance experts log on to your system (into client 066) to monitor its performance, review performance-related configuration settings, and recommend system changes.
Analysis is done in five areas:
I I I I I

SAP R/3 configuration SAP R/3 application Server Workload Database

EarlyWatch applies only to the production system, not the development system. The goal is for satisfactory online performance, not background performance. A system, other than the production system, is difficult to tune to a moderate degree and is almost impossible to tune optimally. This difficulty is because the activity in a development or test environment is not regular or consistent; development activity can vary greatly from week to week. EarlyWatchs primary function is to improve the online performance of the production system. EarlyWatch should be used:
I I

You do not have to do an EarlyWatch session if your system or company conditions have remained the same.

A couple of months after going live After implementing significant changes to your system, such as: New modules Expansion of existing modules Addition of significant numbers of users to the system Hardware upgrade SAP release upgrade

Note
The target response is less than 1 second, which excludes the network delay from the users PC to the SAP R/3 system. This delay is outside the scope and control of SAP.

These and similar items change the workload to the system. This change could render the existing EarlyWatch parameters inapplicable. As your system or company conditions change, we recommend that you request a new EarlyWatch session.
I

After experiencing significant degradation of online performance. This condition should be a steady condition and not an intermittent spike.

To use EarlyWatch: 1. The customer contacts SAP to arrange for an EarlyWatch session at:

606

System Administration Made Easy | Release 4.6C/D


SAP America, Inc. EarlyWatch 600 East Las Colinas Blvd, Ste. 2000 Irving, TX 75039 Tel.: (800) 677-7271 or (972) 868-2094 FAX: (972) 868-2108
2. There are prerequisites to an EarlyWatch session and you will be advised of them. These prerequisites may require technical assistance to apply. 3. The customer opens the SAP service connection to the production system for EarlyWatch. 4. EarlyWatch connects to client 066 on the production system via SAP service connection to gather data and record configuration. Client 066 is reserved exclusively for EarlyWatch. 5. Once the customers system is analyzed, a report is generated and sent to the customer. Recommendations may be at any of three levels: a. SAP R/3 system b. Database c. Operating system 6. The customer reviews the report and recommendations. 7. After the review, apply the recommendations to your system. 8. Monitor your system for signs of problems.

If you have any questions about the report, discuss them with the EarlyWatch analyst. If a recommended change seems drastic or does not make sense, discuss it with the analyst before proceeding. Mistakes have been made. Try to understand the recommendations made by EarlyWatch. As a system administrator, the SAP R/3 system is your responsibility.

C H A P T E R

21

21

Special Maintenance

608

System Administration Made Easy | Release 4.6C/D

Overview
In this chapter, the reader will learn about special maintenance. This topic includes the following:
I I I

Kernel upgrade Client copy Production refresh strategies

Changing System Profile Parameters (Transaction RZ10)


The system profile parameters are what SAP R/3 uses when it starts up. Parameters may define how many of each work process to create, the minimum length of the user password, and so on The parameters are also stored in ASCII profiles on OS level. If a parameter is incorrectly changed, SAP R/3 may not start. Changing system profile parameters should only be done under the instruction of the SAP Hotline, SAP EarlyWatch, or an experienced consultant. Use RZ10 to maintain your profile parameters. Do not modify the files at the operating system level. This process could lead to inconsistency and confusion. The system uses the following three parameters:
I

Start profile This profile defines which SAP R/3 services are started.

Default profile This profile defines the setup, which must be the same for all instances in the system.

Instance profile This profile defines the setup of the specific instance, which allows individual application servers to be configured differently for specific tasks and users.

Change a value only for a specific purpose and only with proper knowledge of what is being changed and why it is being changed. Before making changes to the system profiles, make certain that you have a recent, usable copy of the system profile files. This backup is your last line of defense if a profile change is made that results in SAP R/3 not being able to start. NT: \user\sap\<sid>\sys\profile UNIX: /user/sap/<sid>/sys/profile

Tips & Tricks

1.

In the Command field, enter transaction RZ10, and choose Enter (or from the SAP standard menu, choose Tools CCMS Configuration RZ10 - Profile maintenance).

Chapter 21: Special Maintenance

609

2.
The profiles used by the system work in the following order:
I I I

In the Profile field, choose

Start profile Default profile (for all instances in the system) Instance profile (specific to the instance you are on)

3.
Use the instance profile to make the parameters of a specific application server different than the other servers for specific reasons (for example, a batch application server).

Select the instance or default profile as appropriate (for example, the instance profile, SA1 DVEBMGS00 PA102058).

4. Choose

Note
Under Edit profiles, there are three selections:
I

Administration data This selection is not a maintenance mode. It is used to change the name of the file where the profile should be activated. Basic maintenance (maintenance mode) This mode allows you to set the buffers, work processes, and directories in the system profiles. It also allows you to specify the SAP components to be started (for example, message server, application server, SNA gateway, and so on) in startup profiles. This form of maintenance protects most profile parameters from being changed by potentially incorrect settings. Extended maintenance (maintenance mode) This mode allows you to access all system profile parameters or start up profile entries.

610

System Administration Made Easy | Release 4.6C/D

5. 6. 7.

Note the Version number of the instance profile. A later step in this procedure shows the version number has changed. Under Edit profile, select Extended maintenance. Choose

Change.

8. 9.

Select the line above which you want the entry to be inserted (for example, abap/buffersize). Choose

Parameter.

Chapter 21: Special Maintenance

611

10.
The point where you insert the new profile parameter has no effect on the process. But, to make it easier to read, you may want to group or order the parameters (for example, group the logon parameters together). Once you enter the profile parameter, it cannot be easily moved to another location. Therefore, be careful where you choose to insert it.

Choose the Parameter name and choose

11. 12.

The list that appears is long. To find the profile parameter you want to add, scroll down. Select the parameter. For example, login/min_password_lng.

13. Choose

14. 15.

A default value appears in Unsubstituted standard value. In Parameter val, enter the new value (for example, enter 5 to increase the minimum length to five).

612

System Administration Made Easy | Release 4.6C/D

16. 17.

In Comment, document your change by entering a description of why the change was made. The system attaches your user ID and date to your comment. Choose Copy.

18.

This screen shows that the system inserted your user ID and the date and time of the change into the Comment. You can determine who made a profile change and when this change was made.

Chapter 21: Special Maintenance

613

19.

Choose

20. 21.

This screen shows the new parameter login/min_password_lng with a value of 5 inserted above abap/buffersize. Choose Copy.

614

System Administration Made Easy | Release 4.6C/D

22. 23.

The message at the bottom of the screen indicates that the profile was changed. Choose

24. 25.

In Version, note the profiles version number. It will increment later. Choose

Chapter 21: Special Maintenance

615

26.

Choose Yes.

27.

Choose

28.

Choose

Note
Note: If you have operation modes configured, this screen will appear. If this screen does not appear, skip to step 32.

29. Double-click on Yes.

30. Review the check log.

616

System Administration Made Easy | Release 4.6C/D

31. Choose

32.
Use transaction RZ11 to get the details of a specific profile parameter.

Note that the profiles version number has changed.

Chapter 21: Special Maintenance

617

Support Packages
A Support Package is a collection of corrections that address serious errors in the ABAP repository. These corrections affect the Basis and functional areas. Defined rules exist for what kind of fixes should be (and are) included in a Support Package. Some rules are technical while other rules are policy.

Note
Hot Packages are now known as Support Packages. HR Legal Change Patches (LCP) are known as HR Support Packages.

A Support Package is not a cumulative fix for application modules. You must still get and apply the notes for the functional modules. However, because Support Packages contain patches for the various functional areas, some notes may be applied in the Support Package. The Support Package is not supposed to contain functional enhancements, but this is not always the case. The purpose of a Support Package is to fix problems before they become problems. There is a conflict about when Support Packages should be (and are) applied:
I I

To prevent serious problems, SAPs position is that customers should apply all Support Packages as they are released. The position of many customers is that all system changes must be regression tested. This stance, with the frequency of Support Package releases, results in the Support Packages not being applied, because the amount of testing required cannot be done continuously. This customer position is not unique to SAP and has been taken by many customers since the early days of computing.

SAP development is working on ways to make Support Package application easier.

Note
As of Release 4.5, Support Packages have been separated from the HR Support Packages. This separation allows HR Support Packages to be applied quickly for legal compliance. Before Release 4.5, the HR Support Packages contained the Hot Packages. Applying an HR Support Package also meant applying the Hot Package. As of Release 4.6, Support Packages have also been separated into the Basis Support Packages, ABAP (ABA) Support Packages, and SAP R/3 Support Packages.

Strategy
Obtain the notes related to the Support Package, and review what it fixes:
I I

If there is nothing in the Support Package that applies to you, do not apply it. If there is something in the Support Package that applies to you:

618

System Administration Made Easy | Release 4.6C/D

Determine if the entire Support Package (or just the note) must be installed. If the Support Package is to be installed, treat the installation as a mini-upgrade.

The determination of whether the support packages must be applied requires the consultation of the application support team. It is not a Basis decision.
Caution

Applying Support Packages


1. Determine what Support Packages have been applied to your system. 2. Get and review the notes for the Support Packages. 3. Determine if the Support Package should be or needs to be applied. Steps 4 through 9 assume that the Support Package must be applied and are repeated for all Support Packages that are to be applied at the current time. 4. Obtaining the Support Package Depending on the size of the Support Package, it can be obtained three ways: Download it from SAPNetR/3 (formerly OSS). This option is sizelimited, so large Support Packages cannot be downloaded using SAPNetR/3. Download it from the SAP Service Marketplace. Upload it from the Support Package collection on CD. The Support Package collection contains all Support Packages available at that point in time. Download from SAPNet Web Support Package collection on CD Download the Support Package. N/A Request the Support Package collection. Upload the Support Package.

Download from SAPNet R/3 (OSS) Request the Support Package from SAPNetR/3. Download the Support Package.

5. Apply the Support Package (See table below) in the development system (DEV). Do not download the support package for each system. Use the same file that was downloaded for all system. 6. Execute the regression test. 7. When successful, confirm the Support Package.

Chapter 21: Special Maintenance

619

After testing and determining that it is stable on the DEV, repeat steps 7 9 on test system (QA), then production system (PRD). package/task get patch unpack move file upload define queue import

support package, frontend upload support package, app svr upload

x.car x.car

n/a x.ptt, x.att

n/a

upload from define package import front-end queue queue

move to upload from define package import eps\in app svr queue queue directory

SPAM/SAINT upgrade

spam.car x.pat, x.att

move to upload from n/a eps\in app svr directory

import SPAM update

Determining What Support Packages Have Been Applied

Method 1
1.
From the menu bar, choose System Status.

Task

2. On the System Status dialog box, on the right side of this screen, under SAP
System data, choose for additional component information.

620

System Administration Made Easy | Release 4.6C/D

3. Choose the SupPack tab.

4.

In this example, the following patches have been applied:


I I

SPAM/SAINT Update version 28 ABA Support Package for 4.6C

Not Shown on the screen: The Support Package name is interpreted as follows:
I I

R/3 Support Package Basis Support Package

SAPK<component><release ><sequence_number> SAPKA46C03, interpreted as SAPK/A / 46C / 03, is for Release 4.6C and is the third ABAP Support Package.

Patch status values are:


I I I

N The patch has not yet been applied. I Patch has been successfully applied. ? Patch application has been aborted.

Chapter 21: Special Maintenance

621

Method 2
1. 2.
In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance SPAM Support Packages). On the Support Package Manager: Version <XXXXX> screen:

Task

a. Select Applied Support Packages. b. Choose Display.

3. The Support Package Directory: Imported Packages screen appears. a. Important information is shown under Imported Packages:
I I

SPAM/SAINT Update version level Hot Packages / Support Packages applied


In this example, the following patches have been applied:

b.
I I I I I

SPAM/SAINT update version 28 ABA Support Package <n> for 4.6C


Not shown on the screen:

R/3 Support Package Basis Support Package

622

System Administration Made Easy | Release 4.6C/D

Get information on the support package from SAPNet


1. 2. 3. 4.
Connect to SAPNet using transaction OSS1. For more information, see chapter 19, SAP Service Marketplace on page 540. Choose Service. Choose SAP Patch Service. Choose R/3 support packages.

Task

For ABAP and Basis Support packages, choose SAP component support packages.

Chapter 21: Special Maintenance

623

5.

On the List of R/3 support packages screen:

a. b. c.

Search the extended list for your release. Select the node (+) to the left of your release to select it. Choose

6.

From the List of R/3 support packages screen, you can view the:

a. SPAM/SAINT Update
This is the SAP Support Package Manager (formerly Patch Manager). Download and apply the current version before applying any Support Package.

b. R/3 Support Packages

Extra Large indicates that the Support Package may not be downloadable from SAPNet-R/3. In this case you must use the SAP Service Marketplace to download. See Ch.19 Downloading Support Packages.

624

System Administration Made Easy | Release 4.6C/D

7.

To display the notes for a specific Support Package:

a. b.

Select the note. Choose Notes for patch.

8. 9.

To view all notes, select the node (-) to the left of Components. Choose Expand. From this screen, you may view one of the following:
I I

All notes A specific note

Chapter 21: Special Maintenance

625

Task

View all notes


1.
Right-click anywhere on the screen, and select Download list from the popup menu.

626
Note

System Administration Made Easy | Release 4.6C/D

2.

On the Save list in file dialog box:

At present you cannot get this listing from SAP Service Marketplace.

a. b.

Select unconverted. Choose .

3.

In the Transfer Lists to a Local File dialog box:

a. b.

In File name, enter the <drive\path\filename> where you want to save the notes. Choose Transfer.

4.

This screen shows the saved note list as read by a text editor or word processor.

Chapter 21: Special Maintenance

627

5. To create a file of all notes (in case there are too many notes to go through
individually on the screen):

a. Choose Select all. b. Choose List selection.

6.

Choose Download to download the notes to a file.

628

System Administration Made Easy | Release 4.6C/D

7. Choose Do not copy.

8. Choose No. You only want to review the notes, not to register the object for
change. After reviewing the notes, you may decide not to install the Support Package.

Note

9. Enter the path to your local PC and create a name for the file. 10. Choose Transfer.

The duration of the download depends on the number of notes addressed by the Support Package.

Task

View a specific note


1. 2. 3.
Double-click the node (+) to expand an individual branch (for example, BC). Double-click the node (+) for BC-CUS, BC-CUS-TOL and BC-CUS-TOL-ECP. Under BC-CUS-TOL-ECP, select note 0408749.

Chapter 21: Special Maintenance

629

4.

Choose

5.

This screen shows the SAP Note.

630

System Administration Made Easy | Release 4.6C/D

Requesting SPAM or a Support Package from SAPNet


The following task shows you to to request SAP or Support Packages from SAPNet.
Task

Request SPAM/Support Packages from SAPNet

1. 2. 3.

Choose Service. Choose SAP Patch Service. Choose R/3 support packages.

Chapter 21: Special Maintenance

631

4.

From the List of R/3 support Packages screen:

a. b.

Select one of the following: SPAM update R/3 Support Package Choose Request patch.

632

System Administration Made Easy | Release 4.6C/D

5. On the Request Support Package dialog box: a. Select the installation for the patch. b. Enter the <SID> for the system (for example, SA1). c. Choose Continue.

6. The message in the status bar indicates that the patch request has been
generated.

7. The next step is to download the patch (see the next section, Downloading
SPAM or a Support Package).

Chapter 21: Special Maintenance

633

Downloading a Support Package (Hot Package) SAPNet


Always plan to first apply the Support Package on a test server to assure it will not create a problem. Back up the test server before applying the Support Package. The Support Packages must have been requested for the system/<sid> to which you are downloading it.
Task

Download a support package


1. 2. 3.
Log on to client 000, under any user that has the SAP* equivalent authorizations. In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance Support Packages). Choose .

4.

The Electronic Parcel Service Confirm Transmission dialog box allows you to specify which Hot Packages to download. On this dialog box:

a. b.

Select the Support Package (if not already selected). Choose .

634

System Administration Made Easy | Release 4.6C/D

5.

This screen shows the EPS Transmission monitor:

a. Progress bar with the Size [MB] of the Support Package. b. Elapsed Transmission time for the download. c. Remaining time to complete for the download.

6. 7.
Make sure that the directory /usr/sap/trans/EPS/in has enough space to download the Hot Package.

A message Upload successfully indicates that the SPAM or Support Package has transferred to the SAP R/3 system.

Choose

Uploading the Support Package from a CD or SAP Service Marketplace


Large Support Packages (those too large to download from SAPNetR/3) are available through the following two methods:
I I

Support Package Collection CD SAP Service Marketplace

SAP periodically releases a Support Package Collection CD that contains all the released Support Packages up to a certain date.

Support Package Collection CD


Load the CD containing the patches. Log on to the operating system as:
I

NT:

<SID>adm

Chapter 21: Special Maintenance


I

635

UNIX:

<sid>adm

Change to the transport directory.


I I

NT: UNIX:

<drive>:\usr\sap\trans /usr/sap/trans

Unpack the patch archive.


I I

NT: UNIX:

SAPCAR xvf <CD_drive>:\<PATH>\<ARCHIVE>.CAR SAPCAR xvf /<CD_DRIVE>/<PATH>/<ARCHIVE>.CAR

SAP Service Marketplace


Log on to the operating system as:
I I

NT: UNIX:

<SID>adm <sid>adm

Copy the downloaded patch files (example kh46a02.car) into an unpack directory. Unpack the patch file by entering:
I

SAPCAR xvf <patch-file>

Copy the unpacked files from the EPS\in directory to the directory to upload patches:
I I

NT: UNIX:

<drive>:\usr\sap\trans\eps\in /usr/sap/trans/eps/in

The next step is to upload the patch from the operating system into SAP R/3.
Task

Upload the support package


1. 2.
Log on to client 000, under any user that has SAP*-equivalent authorizations. In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance Support Packages).

636

System Administration Made Easy | Release 4.6C/D

3.

From the menu bar, choose Support Package Load packages From application server.

4.

Choose

5. 6.

Check that the Support Packages have successfully uploaded. Choose .

7.

Select All Support Packages.

Chapter 21: Special Maintenance

637

8.

Choose

Display.

9.

The patch is under New Support Packages.

638

System Administration Made Easy | Release 4.6C/D

Task

Upload the support package from the front end (< 20 MB)
1.
From the menu bar, choose Support Package Load packages From front end.

2. 3.

Select the file. Choose Open. The status displays at the bottom of the screen.

Chapter 21: Special Maintenance

639

4.

In 4.6D, the Content of the compressed file <XXXXX> dialog box appears. . Choose

5. 6. 7.

A message on the status bar shows the process is completed successfully. Select New Support Packages. Choose

Display.

8.

The patch is under New Packages.

640

System Administration Made Easy | Release 4.6C/D

9.

Choose

Updating SPAM
To prepare for updating SPAM, the SAP R/3 system should not be active, which means that no users are logged on and no jobs are running. Also, all application servers should be shut down. Make sure that the r3trans and tp programs are updated to the latest version. For more information, see the Kernel Upgrade section. The current SPAM update should have been downloaded from either SAPNet-R/3 or from SAPNetWeb. When using SAPNetWeb, the unpacked SPAM update files (.ATT and .PAT) should have been moved to the /usr/sap/trans/EPS/in subdirectory.
Task

If a SPAM update is available, apply it before any Support Packages. Some Support Package changes require the new SPAM program to properly update the system.

Update SPAM
1. 2.
Log on to client 000, under any user that has SAP*-equivalent authorizations (not SAP*). In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance Support Packages).

Chapter 21: Special Maintenance

641

3. To upload the SPAM update file, from the menu bar, choose Support
Package Import SPAM update.

4. Choose

5. The status of importing is shown on the bottom of the screen.

642

System Administration Made Easy | Release 4.6C/D

6. After applying the SPAM update, SPAM must restart to use the latest
version.

7. Choose

8. Restart the transaction. In the Command field, enter /nSPAM.

9. Note the version number change. 10. Select All Support Packages. 11. Choose
Display.

Chapter 21: Special Maintenance

643

12. You will see the SPAM update under Applied Support Packages.

Applying the Support Package


The SAP R/3 system should not be active, so make sure that no users are logged on and no jobs are running. Also, all application servers should be shut down. Make sure that the r3trans and tp programs are updated to the latest version. For more information, see the Kernel Upgrade section of this chapter. The current SPAM update should have been downloaded from SAPNet and applied. The Support Package should have been downloaded from SAPNet, uploaded from the CD or front end.
Task

Define the patch queue


In a CRM system, enter transaction SP_MANAGER instead of SPAM. If you enter SPAM, go to menu Environment Support Package Manager for BBPCRM. A Performance Assistant window will pop up. You can either close or minimize it after reading it. A wizard window will guide you through the process and call SPAM automatically.

1. 2.

Log on to client 000 under any user that has SAP*-equivalent authorizations (not SAP*). In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance Support Packages).

644

System Administration Made Easy | Release 4.6C/D

3.

Choose

Display/define to define a patch queue.

4.

On the Component Selection dialog box:

a. b.

Select the component to import. In this case, the Support Package is under SAP_ABA. Choose .

5. 6.

Verify that the patch is selected. Choose .

Chapter 21: Special Maintenance

645

Task

Apply the support package


You must read the note. Some patches must be installed together and others separately.

1. 2.

The name of the first support package appears in Patch queue. Choose to apply the patch queue.

3.

Choose

646

System Administration Made Easy | Release 4.6C/D

4.

The status is shown on the bottom of the screen.

Note

5.

Choose

Depending on the size of the Support Package, the queue application process could run for a long time.

Task

Check the Queue Log


1.
Choose .

Chapter 21: Special Maintenance

647

2.

Review the return codes.

a. b.

Select the component to import. In this case, the Support Package is under SAP_ABA. Values greater than 4 indicate a failure. Choose .

3.

At this point, regression testing should be performed on the Support Package. If several Support Packages are going in as a group, one option is to confirm them after applying and then perform the regression testing.
Task

Confirm the queue


1.
Choose . The next Support Package cannot be applied until the previous one is confirmed.

648

System Administration Made Easy | Release 4.6C/D

2.

Check the status bar to see if the patch queue was confirmed.

Task

Verify the package application


1.
On the Support Package Manager screen:

a. b.

Select All Support Packages. Choose

Display.

Chapter 21: Special Maintenance

649

2.

The support packages are found in the Applied Support Packages section.

Object Conflicts
Object conflicts occur when SAP objects (such as programs, tables, and so on) that you modified are included in a Support Package. If an object has been modified by you and is being changed in the Support Package, you could lose your modifications. This problem usually occurs with an advanced correction, where a fix is incorporated in a future release of the SAP R/3 system, and the advanced correction is available before the future release.

Example

If you are on Release 4.0B and experience a problem, your problem has already been fixed in a higher release (for example, Release 5.0). You do not have to wait for the upgrade. The fix is available now for you to make as an advanced correction to your system. Support Packages may not always include this correction. Thus, after applying the package, you may have to reapply the correction. Determine if the change is (or is not) included in the Support Package by:
I I I

Reviewing the code comparison (transaction SPAU) Checking if the advanced correction is from a future release If so, it probably will not be included in the Support Package. Checking if the change is your own modification

If the change is included in the Support Package, return to the SAP standard to simplify future system maintenance. If the change is not included in the Support Package:
I I I

Check to see what needs to be done to reapply the modification. Apply the modification. Test the modification.

650

System Administration Made Easy | Release 4.6C/D

This process is the same as that performed during an upgrade.

Regression Testing
Regression testing is necessary because many objects in many functional areas may be affected by changes from a Support Package. All functional areas must perform regression tests to verify that a Support Package does not create new problems as it fixes old ones. A Support Package is a mini-upgrade, especially if it is large (for example, Release 4.6C R/3 Support Package 10). All existing processes should continue to function as they did before the Support Package was applied. A review of the notes related to a Support Package indicates what specific tests must be performed by the technical and functional team. As during the implementation, the functional teams should have a script of test procedures to test the system. This script could also be used in the regression test.

Useful SAP Notes


SAP Note # 19466 33525 53902 62119 73510 82264 83458 84962 85820 86241 87432 89089 97620 97621 97623 Description Downloading a patch from SAPSERVx Important information about SAP patches < 3.1H Conflicts between Hot Packages/LCPs and Add-ons Obtaining extra large patches Problems during upgrade of patched source releases Important information about SAP patches >= 3.1H OCS Info: Downloading patches from SAPNet Info: SPAM update Patch is not displayed in patch queue HR Legal Change Patches for the HR component Contents of and applying LCPs Configuration of SAP R/3 systems for LCPs OCS Info: Overview of Important OCS Notes OCS Info: Online Correction Support (OCS) Patch types

Chapter 21: Special Maintenance

651

SAP Note # 97630 104664 115372 119738 135041 173814 329242 339927

Description Known problems with patches >= 3.1H Applying patches from CD Patches forwarded by mistake to target system Problems during upgrade with too new Hot Packages Separation LCPs HR / Hot Packages as of Rel. 4.5B Known problems with patches Release 4.6 Import prerequisites for Support Packages in Basis Rel. 4.6D Performance problems with Support Packages

Kernel Upgrade
The kernel upgrade process is the replacing of operating system level files (the kernel files) with updated versions of these files.

You must remember the SAP R/3 release and kernel version you are running. After the kernel is upgraded, apply kernel patches for the upgraded version of the kernel. Do not apply kernel patches for the old version of the kernel. When getting patches, remember that your SAP R/3 release stays the same, regardless of your version of the kernel. On rare occasions, an SAP Note instructs you to apply a fix based on the SAP R/3 release of the system, not the kernel version. All servers in a system (central instance and application servers) must be on the same version of the kernel.

Note

Special notes on the kernel version:


I I I

It is now independent of the SAP R/3 release. The kernel is backward compatible, which means that a user could be running a Release 3.0F with a 3.1I kernel. If you are on a release before 3.1I, review documentation to determine which kernel version is applicable to your release.

Kernel upgrades are normally done to fix bugs or other problems in the kernel. Some kernel upgrades provide enhanced functionality. To upgrade the kernel: 1. Review all applicable documentation:
I I I

Kernel instructions SAP Notes Upgrade manual

2. Always first perform the upgrade on a test server.

652

System Administration Made Easy | Release 4.6C/D

3. Obtain the new kernel from:


I I

SAP Service Marketplace SAPSERV This route is more current than getting the kernel via CD (see chapter 20, Retrieving files from SAP, SAPSERV).

I I

Distribution CD (if provided) The kernel files include:

dw1_nnn.CAR dw2_nnn.CAR
enq_nnn.CAR tp_nnn.CAR r3trans_nnn.CAR

In this filename, nnn is the patch level (for example, dw1_114.CAR.) 4. Unpack the kernel files (see chapter 20, Retrieving files from SAP, SAPSERV for the unpacking procedure). 5. Back up the system at the database and operating system levels. 6. Stop the SAP R/3 system. 7. Stop the SAP services that are using the kernel files (saposcol, saprouter, sap<sid>_<sysnum>). 8. Backup the kernel directory: NT: UNIX:

<drive>:\usr\sap\<sid>\sys\exe\run /usr/sap/<sid>/sys/exe/run

Copy the current kernel files to a backup directory, to be prepared in the event that you must restore back to the old version if a problem occurs with the new version. 9. Copy the new kernel files into the kernel directory This step replaces the old programs with the new programs. 10. Perform any special instructions contained in: Kernel instructions Online Service System notes Upgrade manual

11. Restart. 12. Run transaction SGEN. 13. Test the system. 14. Repeat steps 5 13 for each server in the landscape.

Chapter 21: Special Maintenance Restart Option 1


1. Restart the SAP services that are using the kernel files (saposcol, saprouter, sap<sid>_<sysnum>). 2. Start the SAP R/3 system. 3. Check the SAP R/3 logs. 4. Monitor the system and system logs for problems.

653

Restart Option 2
1. Restart the server. 2. Check all logs for: Operating system Database

3. Start the SAP R/3 system. 4. Check the SAP R/3 logs. 5. Monitor the system and system log for problems.

Client Copy
The client copy function copies client-dependent customizing and data. Client copy allows the copy or transport of the complete customizing environment from a source client to a target client within the same system (instance) or to another system. Client copy is not meant to copy client-independent objects, such as ABAP programs and table structures. If a table is changed to add an additional field, and the added field is then populated with data, the table change is not copied to the target system. Thus, the data in the additional field is not copied.

Tables are selected based on their delivery class.

Special Notes
To access the online help documentation on client copy: Read the current online documentation on client copy. The client copy programs and functionality improve and change significantly with each new release. 1. From the menu bar, choose SAP Library

2. In the left frame, click the node (+) next to SAP Library. 3. Click the node (+) next to Basis Components. 4. From the list that appears, choose Change and Transport System (BCCTS) 5. Choose Client Copy and Transport. 6. In this screen, click the node (+) next to Client Copy and Transport.

654

System Administration Made Easy | Release 4.6C/D

You cannot separate master data from transaction data.

7. Click the node (+) next to Client Copy and you will see the following list of files:
Technical Background Copy Profiles Authorizations Maintaining Clients

Copying Clients Within the Same System


Copying Clients Between Systems Transporting Clients Between Systems Copying Transport Requests Within the Same System Deleting Clients Displaying Copy Logs

The developer of client copy maintains several informational SAP Notes. Do a SAP Note search on component BC-CTS-CCO and search for notes beginning with CC*. As of this guidebook is writing, there over 50 such notes available.

Restarting Client Copy


Error Handling

Some Useful SAP Notes


SAP Note # 7312 13391 24853 47502 67205 69556 70643 84504 118823 191207 Description Create client 066 for EarlyWatch Deleting/resetting a client (up to 3.0F) CC info: Client copy, functionality in 3.0, 4.0 CC-TOPIC: Remote Client copy CC-INFO: Copying large and productive clients CC-TOPIC: Missing tables and data CC-TOPIC: Delete client CC-TOPIC: SM29 transfers data in spite of Cancel CC-ADMIN: Size of a client CC-TOPIC: Client copy and central user admin

During the copy process, do not work in the source client or the target client. The target client is locked for all users except SAP* and DDIC.

Processing Notes
Because large volumes of data are involved, copying a client could take several hours. If you are copying a large productive client, the copy time could take upwards of a day. For client copy of a large client, see SAP Note 67205. Due to the long run time, the probability of an abnormal termination due to external factors is high.

Chapter 21: Special Maintenance

655

At the OS level, log on as <sid>adm to lock the system so users cannot log on during the copy:
Tips & Tricks

cd /usr/sap/trans/bin tp locksys <sid> After the client copy is finished: tp unlocksys <sid>

Caution

A client copy produces a large amount of log activity. If this directory runs out of space, the database will stop. Turn off logging (i.e., activate truncate on checkpoint in MS-SQL, turn off archive mode in Oracle) or monitor the file space in the directory where the log file(s) is located.

Security
To perform a client copy, the user ID of the person doing the copy must have the same authorizations in the source client and in the target client. A system administrator with the same authorizations as user SAP* will have all the required authorizations.

Creating a Client
The following task shows you how to create a client.
Task

Create a client
1.
In the Command field, enter transaction SCC4 and choose Enter (or from the SAP standard menu, choose Tools Administration, then Administration Client admin Client maintenance).

656

System Administration Made Easy | Release 4.6C/D

2.

Choose

3.

Choose

4.

Choose New entries.

Chapter 21: Special Maintenance

657

5.
Do not use clients: 000,001, or 066. These clients are reserved for SAP.

On the New Entries: Details of Added Entries screen:

a. b. c. d. e. f. g. h. i.

In Client, enter the client number (for example, 200) and name (for example, test client for docu). In City, enter the city name (for example, Palo Alto). In Std. Currency, enter the standard currency for the client (for example, USD). In Client role, choose

to select the role for the client.

Under Changes and transports for client-dependent objects, select the appropriate option (for example, Automatic recording of changes). Under Client-independent object changes, choose and select the appropriate option (for example, Changes to Repository and client-ind. Customizing allowed). Under Protection: Client copier and comparison tool, choose and select the appropriate entry (for example, Protection level 0: No restriction). Under Restrictions, if CATTs are allowed to be executed, select Allows CATT processes to be started. Choose .

6.

A message shows on the bottom of the screen.

658

System Administration Made Easy | Release 4.6C/D

7.

Choose

8. 9.

The new client is listed. In later steps, this new client may be referred to as the target client.

SAP* with the default password PASS is a known user ID password. Do not leave the client in this condition for longer than absolutely needed. Once the client copy is complete, verify that the passwords for all system user IDs in the new client are secure.

10.

To log on to the new client, enter SAP* for the user and PASS for the password.

Copying a Client
Copying on the Same System/SID
Be sure you are logged on to the correct target client. If you are on the wrong client, you will destroy that client. To copy a client on the same system/<sid>, do a local client copy.

To log on to the target client, enter sap* for the user ID and pass for the password.

Chapter 21: Special Maintenance

659

Task

Copy a client on the same system


1. 2.
In the Command field, enter transaction SCCL and choose Enter (or from the SAP standard menu, choose Tools Administration, then Administration Client admin Client copy Local copy). On the Client Copy Copy a Client screen:

a. b. c. d.

In Selected profile, choose requirements.

to select a copy profile that matches your

In Source client, enter the source client number (for example, 100). If your user masters will be copied from a specific client, in the Source client user masters field, enter this client number (for example, 100). Choose Schedule as background job.

3. On the Schedule Client Copy in Background screen: a. If you have multiple application servers, in Background server, choose
to select the server on which to run the client copy.

660

System Administration Made Easy | Release 4.6C/D

b. Select the server to run the client copy on. c. Choose .

4. Choose Schedule job.

5. Choose Continue. The scheduling proceeds as in scheduling any other


background job.

6. To begin the copy immediately, select Immediate. 7. Choose


Check.

Chapter 21: Special Maintenance

661

8. Choose

9. In Output device, enter the printer name (for example, dcbd). 10. Choose
.

11. Choose

12. The displayed message indicates the job was successfully scheduled.

662

System Administration Made Easy | Release 4.6C/D

13. Choose

Copying to a Different System/SID


Copying from one system to another using remote client copy uses the RFC interface, therefore, there is no intermediate storage on disk. To copy a client to a different system/<sid>, do a remote client copy. Before you do this, in the target system, the source system needs to be set up in transaction SM59, and the client must have been created.
Task

Copy a client to a different system


1. 2.
Be sure you are logged in to the correct target client. If you are on the wrong client, you will destroy that client. Log in to the target system and client. In the Command field, enter transaction SCC9 and choose Enter (or from the SAP standard menu, choose Tools Administration Administration Client admin Client copy Remote copy). On the Client Copy Copy a Client screen:

3.

a. b. c. d.

In Selected profile, choose requirements.

to select a profile that matches your

In Source destinat., use for a list of available RFC destinations, and choose the source system. Verify the source System name and Source client. Choose Schedule as background job.

Chapter 21: Special Maintenance

663

4.

On the Schedule Client Copy in Background screen:

a. b.

In Background server, choose Choose Schedule job.

to select a background server.

5. Choose Continue.

664

System Administration Made Easy | Release 4.6C/D

6. From this point, schedule the job as you would any other background job.

7. When you have finished scheduling the client copy, this message window
will appear.

Post-Client Copy Tasks


Secure the passwords for SAP* and DDIC in the new client. If you copied the user master, the user IDs and passwords for those users have been copied from the source client. When you create a new client, immediately change the default passwords for user SAP*. The default password is well known and has been posted on the Internet. Always have at least two administrative user IDs for each client, so you do not lock yourself out of the client. SAP* and DDIC should only be used for tasks that require those user IDs be used. A better solution is to create an administrative user ID, which is a copy of the user SAP*.

Chapter 21: Special Maintenance

665

Deleting a Client
To delete a client, there are two options:
I

The Delete Client transaction, SCC5 (recommended) The R3TRANS program (see SAP Note 13391).
Task

Before deleting a client, in the event of a major problem (for example, deleting the wrong client), make certain you have a usable backup of the system.

Delete client transaction


1. 2. 3.
Log on to the client that will be deleted. In the Command field, enter transaction SCC5 and choose Enter (or from the SAP standard menu, choose Tools Administration Administration Client admin Special functions Delete client). On the Delete Client screen:

Be sure you are logged in to the client you want to delete. If you are on the wrong client, you will destroy that client.

a. b. c.

Verify the Client to be deleted (for example, 200). The Client to be deleted field is an unchangeable field and is the client that you log onto. If the client number is incorrect, you are logged onto the wrong client. Select Delete entry from T000. Choose

Background.

4.
Optionally, in Background server, choose to select the server to run the delete job.

Choose Schedule job.

666

System Administration Made Easy | Release 4.6C/D

5.
You can monitor the client copy using transaction SCC3. Status text will be processing Choose the Refresh button until client copy is completed.

Select Continue. From this point, the process is the same as scheduling a background job.

Task

Review the client copy log

1. 2. 3.

Log on to another client. In the Command field, enter transaction SM37 and choose Enter. On the Simple Job Selection screen:

a. In User name, enter the user ID that the client copy job was run under
(for example, SAP*).

b.

Choose

Execute.

Chapter 21: Special Maintenance

667

4.

On the Job Overview screen:

a. b.

Select the client copy entry. Choose

Job log.

5. 6.

Review the log. At the bottom of the log is the message that the job has successfully finished.

668

System Administration Made Easy | Release 4.6C/D

Production Refresh Strategies


Production refresh is where the other systems are refreshed with data from the production system. Refreshing a system from the production system helps:
I I

Because data in the target system is being replaced, refreshing a system is an inherently dangerous.

Get production data into the test environment. Sync the configuration in the test and development systems with the production system. Over time, the configuration of the various systems could drift apart and not match the production system. Prepare for an upgrade You want the test system to mirror the production system, so that the upgrade in the test system mirrors everything you will encounter into in the production system.

After the copy, actual production data exists in the test system. This data poses data security issues that must be addressed by the various data owners. It is more critical if the HR system is installed, because personnel records are sensitive. Financial, sales, and other data may also be company sensitive.

In the recent past, the standard procedure was to create your own test data. One major reason was that disk storage space was expensive. Reasons not to refresh the system include:
I I

Version management history is only stored in the development system (DEV). A refresh will destroy this versioning history. Data storage is expensive Even with cheaper disks, the volume of data more than makes up any savings. With several copies of the entire production database, the total of all the databases could approach 100 gigabytes for a small company to a terabyte or more for a large company.

Data security Data from the production system is actual data. Even if it is old, it could be confidential and sensitive. The development and test systems are, then, subject to the same high level of security as the production system. Created test data is fake and everyone knows that. There is much less issue with data confidentiality or sensitivity.

There are two ways to refresh a system:


I I

Database copy of the production system Client copy of the production client

Database Copy of Production System


Copying the entire production database does a database copy.

Chapter 21: Special Maintenance

669

Benefits
I

The refreshed system will be a duplicate of the production system. Client-independent changes will also be captured and copied to the target system. The copy can be made using standard backup tapes, so there is no impact on the production system. Making a copy also tests your backup and restore process.

Disadvantages
I

All revision history of the refreshed system is lost, which is usually: Acceptable for the test/QA system Not acceptable for the DEV system because version history is lost.

I I I

The target database needs to be as large as the PRD database. After the copy, the target system must be reconfigured. The target system loses its client structure and become a duplicate of the client structure of the PRD system. If the PRD system has one client and the QAS system has three clients, after the database copy, the QAS system will have one client. The other two clients are lost.

Example

Before the database copy:


I I I

PRD 000, 001, 066, 400

QAS 000, 001, 100, 200, 300, 400, 500 After the database copy: QAS 000, 001, 066, 400

QAS has lost 100, 200, 300, 400

Client Copy of the Production System with Data


A client copy is done by performing a client copy of the active client from the PRD system (instead of copying the entire database, like a database copy).

Advantages
I

Unlike a database copy, the target system does not have to be reconfigured.

670

System Administration Made Easy | Release 4.6C/D


I

The target system does not lose its client structure. EXAMPLE: Before the client copy PRD 000, 001, 066, 400 QAS 000, 001, 100, 200, 300, 400, 500 After the client copy QAS 000, 001, 100, 200, 300, 400, 500

Disadvantages
I

A client copy requires that the source and target systems are not used during the copy. Having both systems out of use may not be practical for many companies because the amount of time required to do the copy could be significantly greater than the amount of time (days, perhaps weeks) that the production system can be down. Client-independent objects (programs, table structures, and so on) that have been changed and are not the same in the two systems will not be copied (refer to the sections on Client Copy below).

Client Copy of the Production System Without Data


In this option, only a basic client copy is performed (including customizing), but no master or transactional data, and possibly no user data. All test data is loaded into the new client using the following tools:
I I I

Computer Assisted Test Tools (CATT) Data Transfer Workbench Application Link Enabling (ALE)

Advantages
In addition to the benefits of the client copy above:
I

You can control the data being loaded into the new client. Data can be created to test specific items. You are not subject to the randomness of real data to test specific items. Real data may have the appropriate data to test specific test items. In this case, test data has to be created anyway.

Disadvantages
These are the same as for a client copy with data above.

PART NINE

Appendixes

672

System Administration Made Easy | Release 4.6C/D

A P P E N D I X

A
I

Useful Transactions
System administrators may find the following transactions useful. Although many of the transactions are not discussed in this guidebook, we list them here for your convenience. Many of these transactions are for more advanced functions than targeted in the scope of this guidebook.

Transaction Code Switches


Transaction Code Switch /n<trans code> /o<trans code> Transaction Code /nspad /ospad Description Exit the current transaction and start the new transaction Open a new session and start the new transaction

674

System Administration Made Easy | Release 4.6C/D

Transaction Code Table


The following table contains two columns that require further explanation.

Dangerous
Dangerous transactions are potentially damaging or fatal to the system if executed incorrectly. As a general rule, most Basis transactions are potentially damaging. Access to these transactions should be restricted in all systems. Access to some of these transactions should be even further restricted in the production system.

Caution

Performance Impact
These transactions could have a potentially adverse impact to system performance if executed. Traces and table display are the transactions of concern here. Transaction AL02 Description Database Alert Monitor (not supported for MS SQL Svr 7.0) Operating System Alert Monitor Workload Alert Monitor Current active users (in system) Display operating system file from CCMS Display table buffer (buffer synchronization) ALE administration and monitoring Exclusive waits in Oracle database Database performance; tables and index Parameter changes in database Analysis of table with respect to indexed fields Backup logs Dangerous Performance impact

A table display problem occurs when the query does a full table scan for data. When done on a large table, this query has a serious system performance impact because the system searches every record in the table to find those that meet the search criteria.

AL03 AL05 AL08 AL11 AL12 BALE DB01 DB02 DB03 DB05 DB12

Appendix A: Useful Transactions

675

Transaction DB13 DB14 DB20 OSS1 RZ01 RZ02 RZ03 RZ04 RZ06 RZ08 RZ10 RZ11 RZ20 RZ21 SA38 SCAM SCAT SCC1 SCC3 SCC4 SCC5 SCC6 SCC7 SCC8 SCC9 SCCL SCMP SCU3

Description DBA planning calendar DBA logs Generate table statistics Online Service System logon Graphical background job scheduling monitor Network graphical display of instance Server status, alerts, maintain operations mode Maintain operations mode and instance Maintain alert threshold CCMS Alert Monitor Maintain system profiles Display profile parameter attributes Alert Monitor 4.0 Maintain settings for Alert Monitor 4.0 ABAP reporting CATT management Computer Aided Test Tool Client copy transport Client copy log Client copy administration Delete clients Client import Client import post processing Client export Remote client copy Local client copy Table comparison Table history

Dangerous

Performance impact

X X X

X X

676

System Administration Made Easy | Release 4.6C/D

Transaction SE01 SE03 SE06 SE09 SE10 SE11 SE12 SE14 SE15 SE16 SE17 SE38 SECR SEU SFT2 SFT3 SICK SM01 SM02 SM04 SM12 SM13 SM18 SM19 SM20 SM21 SM30 SM31 SM35

Description Transport organizer Workbench organizer: tools Set up workbench organizer Workbench organizer Customizing organizer

Dangerous

Performance impact

Data Dictionary maintenance X Data Dictionary display Utilities for ABAP Dictionary tables Repository Info System Display table content General table display ABAP editor Audit Information System R/3 Repository Browser Maintain public holiday calendar Maintain factory calendar Installation check Lock transactions System messages Overview of users Database locks Update terminates Security Audit: Delete Old Audit Logs Security Audit: Administer Audit Profile (for SM20) System (Security) Audit Log System log Maintain tables (not all tables can use SM30) Maintain tables Batch input monitoring X X X X X X X X X X

Appendix A: Useful Transactions

677

Transaction SM36 SM37 SM39 SM49

Description Schedule background jobs Overview of background jobs Job analysis External operating system commands, execute (see related SM69) Work process overview Instance overview Reset or check number range buffer Error log for asynchronous RFC RFC connection, maintain Operations mode, maintain Event trigger Background processing analysis tool Global work process overview External operating system commands, maintain (see related SM49) Maintain logon groups Display own jobs Maintain number range objects Spool Spool control Display output requests TemSe (temporary sequential objects) contents TemSe administration Spool administration (printer setup) SAP Patch Manager

Dangerous

Performance impact

SM50 SM51 SM56 SM58 SM59 SM63 SM64 SM65 SM66 SM69

SMLG SMX SNRO SP00 SP01 SP02 SP11 SP12 SPAD SPAM

678

System Administration Made Easy | Release 4.6C/D

Transaction SPAU

Description Intersection SAP transport/customer modifications Spool; consistency check Intersection SAP transport/customer modifications, DDIC Spool; installation check SAP system trace Buffer statistics Workload analysis Database performance analysis SQL trace Operating system monitor Application monitor Network monitor Network Alert monitor Table call statistics statistics on table accesses Display developer trace Application monitor Application analysis statistics related to business document volume ABAP dump analysis Oracle: analyze the shared cursor cache Local transaction statistics Transport Management System Performance monitoring menu Customizing Time Zones User maintenance Display users

Dangerous

Performance impact

SPCC SPDD

SPIC ST01 ST02 ST03 ST04 ST05 ST06 ST07 ST08 ST09 ST10 ST11 ST12 ST14

ST22 ST4A STAT STMS STUN STZAC SU01 SU01D

Appendix A: Useful Transactions

679

Transaction SU02 SU03 SU10 SU12 SU2 SU22 SU3 SU53 TU02

Description Maintain authorization profiles Maintain authorizations

Dangerous X X

Performance impact

Mass change to user records X Delete ALL Users Maintain user parameters Authorization object check in transactions Maintain own user parameters Display authorization checked values Parameter changes display active parameters and history of changes X

680

System Administration Made Easy | Release 4.6C/D

A P P E N D I X

B
J

Useful Resources and Products

Other System Administration Resources


The cited references do not represent an all-inclusive listing of resources. SAP training classes, guidebooks, white papers, and web sites are constantly being created and updated.

SAP Resources
SAP books and CDs can be ordered from the SAP online store (www.mysap.com/company/shop) or, for items with an SAP part number, from your SAP account executive. Books with ISBN numbers can be ordered from the SAP online store (www.mysap.com/company/shop) or Amazon (www.amazon.com).

682

System Administration Made Easy | Release 4.6C/D

Books
Title SAP Part Number ISBN Number

Complementary Software Program 50-018-672 Directory R/3 System Getting Started SAP Dictionary R/2 System Release 5.0: EnglishGerman SAP Wrterbuch System R/2 Release 5.0: DeutschEnglish (SAP Dictionary R/2 System Release 5.0: GermanEnglish) Authorizations Made Easy 50-018-896 5000-5296 5000-5295 1-400524-02-4

1-893570-21-5 (3.1G/H) 1-893570-22-3 (4.0B) 1-893570-23-1 (4.5A/B) 1-893570-24-X (4.6A/B)

Data Transfer Made Easy (English) Data Transfer Made Easy (German) Printout Design Made Easy (3.x) SAPscript Made Easy (4.x)

1-893570-04-5 (4.0B/4.5x) 1-893570-05-3 (4.0B/4.5x) 1-893570-12-6 (3.1H) 1-893570-13-4 (4.0B) 1-893570-14-2 (4.6B)

Reporting Made Easy (4.0B) (3-vol set) Fundamentals of Reporting Report Development Tools Commonly Used Reports System Administration Made Easy

1-893570-65-7 (4.0B) 1-893570-60-6 1-893570-61-4 1-893570-62-2 1-893570-41-X (3.1H) 1-893570-42-8 (4.0B) 1-893570-43-6 (4.6A/B)

BW Reporting Made Easy 2.0B/2.1C mySAP Workplace Administration and Tools Online Store Made Easy Guide

1-893570-66-5 3-980773-20-5 1-893570-88-6

Appendix B: Useful Resources and Products

683

CDs

Accelerated SAP (ASAP). Because ASAP is an implementation project Knowledge Products. Knowledge products must be registered and a license installed (similar to saplicense), before they can be used.
Title SAP Order Number

management methodology, production system administration information is available on this CD.

Technical Implementation and Operation Mgt 500-27903 SAP System Management SAP System Monitoring SAP Software Logistics SAP Database Administration MS SQL server SAP Database Administration Oracle SAP Database Administration Informix SAP Database Administration DB2-400 SAP Database Administration Adabas SAP Integration Technologies R/3 Interface Advisor SAP Terminology Database SAP Business Information Warehouse SAP Interface Advisor, Rel 4.5 500-27391 500-25694 500-27393 500-25696 500-27392 500-25695 500-25697 500-29389 500-25698 500-21636 500-30826 500-29281 500-26902

Computer Based Training (CBT). Archiving has CBT available, under SAP
Order Number 500-20297.

SAP R/3 Online Documentation . The SAP R/3 online documentation


contains useful information.

Report Navigator (pre-Release 4.0). See the SAP Simplification Groups


web site, www.saplabs.com/simple for more information.

684

System Administration Made Easy | Release 4.6C/D

Training Classes
In the U.S., call central registration at (888)-777-1SAP(1727) or visit SAP Americas training web site, www.sap.com/usa/trainsupp for the most current class list. Level 1 SAP50 SAP R/3 Basis Technology

Level 3 - Technical Core Competence BC310 BC314 BC317 BC360 BC361 BC370 Level 3 BC340 Going Live Windows NT/Oracle Windows NT/MS SQL Server Windows NT/DB2 UNIX/Oracle UNIX/Informix AS/400-DB2/400

Level 3 - Advanced BC325 BC315 BC505 BC511 BC520 BC525 Software Logistics SAP R/3 Workload Analysis Database Administration - Oracle Database Administration - Informix Database Administration - MS SQL Server Database Administration - DB2/400

Level 3 - Cross-Application BC601 BC615 BC630 CA940 Build and Use SAP Business Workflow Archiving Technology SAP Business Communication SAP R/3 Security Concepts

Other
SAP R/3 Security Guide; see SAP Note 39267 service.sap.com/securityguide

Appendix B: Useful Resources and Products

685

White papers
System Landscape The SAP R/3 System Landscape, System and Client Deployment Strategy white paper can be downloaded from www.saplabs.com/simple.

SAPNet, Selected Items of Interest


Explore SAPNet at service.sap.com to see what is available. The amount of available information is extensive and growing. We selected a few items that we think would be of particular interest to you. Please be aware that SAPNet will change over time.
I

Media Center SAP R/3 Documentation Info Center for C & P SAP Knowledge Shop Media by Type Installation/Upgrade Guides SAP Online Documentation

Service Catalog Remote Services, such as solution optimization, upgrade, euro, archiving, OS/DB migration, and conversion

Education Services SAP Standard Training SAP Industry Solutions Training mySAP.com Components Training

Release Information Release strategy Release notes

Customer data Customer Master Customer Installations Customer Project Information Live Dates License Auditing Services

SAP Software Change Registration (SSCR) Registration Objects registration

686

System Administration Made Easy | Release 4.6C/D

Developer registration Registrations overview by installation

SAP Software Center SAP maintenance SAP Installations Note Assistant Customer Information Download Support Packages Download mySAP.com Workplace Packages Download Kernel/Frontend Patches Download Service Procedures

Third-Party Resources
The following list of books is not all-inclusive. Also, no single book can provide you with all the information you need. You will typically need several books in each category in your library. This listing of books does not constitute an endorsement by SAP. This listing is provided as a starting point for your convenience. We recommend you check with your vendors (hardware, operating system, database, and so on) and the various book sources (both online and in stores) and for additional titles.

SAP R/3 Books Written by SAP Employees


Brand, Hartwig. 1999. SAP R/3 Implementation with ASAP, The Official SAP Guide. Sybex. (Release 4.0) (ISBN: 0-7821-2427-5) *This book is about technical/Basis implementation.* Buck-Emden, Rdiger; and Jrgen Galimow. 1996. SAP R/3 System, A Client/Server Technology. Addison-Wesley. (ISBN: 0-201-40350-1) McFarland, Sue and Susanne Roehrs. 1999. SAP R/3 Software Logistics, The Official SAP Guide. Sybex. (Release 4.0/4.5) (ISBN: 0-7821-2564-6) Schneider, Thomas. 1999. SAP R/3 Performance Optimization: The Official SAP Guide. Sybex. (Release 4.x) (ISBN: 0-7821-2563-8) Will, Liane. 1998. SAP R/3 System Administration: The Official SAP Guide. Sybex. (Release 4.0) (ISBN: 0-7821-2426-7)

Appendix B: Useful Resources and Products

687

SAP R/3 Books Written by Third-Party Authors


Hernandez, Jose. 1999. SAP R/3 Administrators Handbook, Second Edition. Osborne. (Release 4.x) (ISBN: 0-07-135413-1) 1997. The SAP R/3 Handbook. McGraw-Hill. (Release 3.x, Oracle, and UNIX) (ISBN: 0-07-033121-9) Hirao, Joey; and Jim Meade. 1999. SAP R/3 Administration for Dummies. IDG. (Release 3.x) (ISBN: 0-7645-0375-8) Parkinson, Robert; Johan Marneweek. 1999. Basis Administration for SAP. Prima. (Oracle, and UNIX) (ISBN: 0-7615-1887-8) Prince, Dennis. 1998. Supporting SAP R/3. Prima. (ISBN: 0-7615-1750-2) Will, Liane; Christiane Hienger, Frank Strassenburg, and Rocco Himmer. 1998. SAP R/3 Administration Addison-Wesley. (Release 3.x) (ISBN: 0-20192469-2)

UNIX Books
Arick, Martin. 1995. Unix for DOS Users. John Wiley & Sons. (ISBN: 0471049883) Frisch, leen. 1998. Essential Systems Administration: Help for Unix System Administrators. OReilly. (ISBN: 1-56592-127-5) Nemeth, Evi., [et al.]. 1995. Unix System Administration Handbook. Prentice Hall. (ISBN: 0-13-151051-7) Pugh, Kenneth. 1994. Unix for the MS-DOS User. Prentice Hall. (ISBN: 0-13146077-3) Siegert, Andreas. 1996. The AIX Survival Guide. Addison-Wesley. (ISBN: 0-20159388-2)

Microsoft Windows NT Books


Microsoft Corporation. 2001. Microsoft Windows 2000 Server Resource Kit. Microsoft Press. (ISBN: 1-57231-805-8) Minasi, Mark. 2000. Mastering Windows 2000 Server. Sybex. (ISBN 0-78212-7746) Microsoft Corporation. 2001. MCSE Migrating from Microsoft Windows NT 4.0 to Microsoft 2000 with CD-ROM. Microsoft Press. (ISBN 0-73561-239-0) Cox, Philip; Sheldon Thomas. 2000. Windows 2000 Security Handbook. McGraw-Hill. (ISBN 0-07212-433-4)

688

System Administration Made Easy | Release 4.6C/D

Enck, John (Editor). 1998. Windows NT Magazine, Administrators Survival Guide, Volume 1. Duke Communications. (ISBN: 188241988X) Frisch, leen. 1998. Essential Windows NT System Administration. OReilly. (ISBN: 1-56592-274-3) 1998. Windows NT Desktop Reference. OReilly. (ISBN: 1-56592-437-1) Ivens, Kathy. 1998. Windows NT Troubleshooting. Osborne. (ISBN: 1-078824710) Jumes, James; Neil Cooper, [et. al.] (PW Coopers). 1999. Microsoft Windows NT4.0 Security, Audit, and Control. Microsoft Press. (ISBN: 1-57231-818-X) Lambert, Nevin; Manish Patel. 1999. Microsoft Windows NT Security. ZD Press. (ISBN: 1-56276-457-8) Leber, Jody; Jody Schivley, and Robert Denn (Editor). 1998. Windows NT Backup & Restore. OReilly. (ISBN: 1-56592-272-7) McMains, John; and Bob Chronister. 1998. Windows NT Backup & Recovery. Osborne McGraw-Hill. (ISBN: 0-07-882363-3) Jumes, James (Editor); Neil F. Cooper, and Todd M. Feinman. 1998. Microsoft Windows NT 4.0 Security, Audit, and Control (Microsoft Technical Reference). Microsoft Press. (ISBN: 1-57231-818X) Microsoft Corporation. 1996. Microsoft Windows NT Server Resource Kit: for Windows NT Server Version 4.0. Microsoft Press. (ISBN: 1-57231-3447) 1997. Microsoft Windows NT Server Resource Kit Version 4.0, Supplement Two. Microsoft Press. (ISBN: 1-57231-6268) Minasi, Mark. 1997. Mastering Windows NT Server 4, 5th Edition. Sybex. (ISBN 0-7821-2163-2) Pearce, Eric; Robert Denn (Editor), and Beverly Scherf. 1997. Windows NT in a Nutshell: A Desktop Quick Reference for Systems Administrators. OReilly. (ISBN: 1-56592-251-4) Rutstein, Charles. 1997. Windows NT security: A Practical Guide to Securing Windows NT Servers and Workstations, McGraw-Hill (ISBN: 0-07-057833-8) Siyan, Karanjit. 1997. Windows NT Server 4: Professional Reference. New Riders Publishing. (ISBN: 1-56205-805-3) Sutton, Stephen. 1997. Windows NT Security Guide. Addison-Wesley. (ISBN: 0201-41969-6)

OS/400 Books
IBM. 1994. An Implementation Guide for AS/400 Security and Auditing. IBM. (ISBN: 0-73840-573-6) (part# : GG24-4200-00)

Appendix B: Useful Resources and Products

689

IBM. 1998. The System Administrators Companion to AS/400 Availability and Recovery. IBM. (ISBN: 0-73840-038-6) (part# : SG24-2161-00)

Microsoft SQL Server Books


Microsoft Corporation. 2001. Microsoft SQL Server 2000 Resource Kit with CDROM. Microsoft Press. (ISBN 0-73561-266-8) Deluca, S. Adrien. 2001. Microsoft SQL Server 2000 Performance Tuning Technical Reference. Microsoft Press (ISBN 0-73561-270-6) Baird, Sean; Chris Miller, and Michael Hotek. 1998. SQL Server System Administration. Macmillan. (ISBN: 1-562059556) Microsoft Corporation. 1998. Microsoft SQL Server 7.0 System Administration Training Kit. Microsoft Press. (ISBN: 1572318279) Prathak, Paritosh. 1998. Administering SQL Server 7. Osborne McGraw-Hill. (ISBN: 0-07-134168-4) Soukoup, Ron; Kalen Delaney. 2000. Inside Microsoft SQL Server 7.0. Microsoft Press. (ISBN 0-735609985) Spenik, Mark; and Orryn Sledge. 1998. Microsoft SQL Server 7 DBA Survival Guide. Sams. (ISBN: 0-672-31226-3) Talmage, Ron. 1999. Microsoft SQL Server 7 Administrators Guide. Prima. (ISBN: 0-7615-1389-2)

Informix Books
Doe, Charleton. 1997. Informix OnLine Dynamic Server Handbook, 1/e. Prentice Hall. (ISBN: 0-13-605296-7) Informix Software, Inc. 1996. Evolution of the High Performance Database, 1/e. Prentice Hall. (ISBN: 0-13-594730-8) 1996. Informix Performance Tuning, 2/e. Prentice Hall. (ISBN: 0-13-239237-2) Lumbley, Joe. 1999. Informix DBA Survival Guide, Second Edition. Prentice-Hall. (ISBN: 0-13-079623-9) McNally, John (Editor); Glenn Miller, Jim Prajesh, Jose Fortuny, and Robert Donat. 1997. Informix Unleashed. Sams. (ISBN: 0-672-30650-6)

DB2 Books
Bullock, Diane; Jonathan Cook; et al. 1999. DB2 Universal Database and SAP R/3, Version 4. Prentice-Hall. (ISBN: 0-13-082426-7) IBM. 1997. IBM DB2 for AIX and SAP R/3 Administration Guide. IBM. (ISBN: 073840-990-1) (part# : SG24-4871-00)

690

System Administration Made Easy | Release 4.6C/D

Oracle Books
Adkoli, Anand, and Rama Velpuri. 1998. Oracle NT handbook. Osborne. (ISBN: 0-07-211917-9) Ault, Michael. 1997. Oracle8 Administration & Management. Wiley & Sons. (ISBN 0471192341) Corey, Michael., [et al.]. 1997. Oracle8 Tuning. Osborne McGraw-Hill. (ISBN: 0-07-882390-0) Koch, Loney. 1997. Oracle8: The Complete Reference. Osborne McGraw-Hill. (ISBN: 0-07-882396-X) Loney, Kevin. 1997. Oracle8 DBA Handbook. Osborne McGraw-Hill. (ISBN: 007-882406-0) Loney, Kevin; Noorali Sonawalla, and Eyal Aronoff. 1998. Oracle8 Advanced Tuning & Administration. Osborne McGraw-Hill. (ISBN: 0-07-882534-2) Spence, Greg. 1999. SAP R/3 and Oracle Backup and Recovery. Addison Wesley. (ISBN: 0-201-59622-9) Velpuri, Rama; and Anand Adkoli. 1998. Oracle8 Backup & Recovery Handbook. Osborne McGraw-Hill. (ISBN: 0-07-882389-7) 1997. Oracle Troubleshooting. Osborne McGraw-Hill. (ISBN: 0-07-882388-9)

Books on Other Topics


Disaster Recovery
I I I I

Corrigan, Patrick. 1994. LAN: Disaster Prevention and Recovery. Prentice Hall. (ISBN: 0-13-015819-4) Rothstein, Philip. 1995. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates. (ISBN: 0-964164809) Schreider, Tari. 1998. Encyclopedia of Disaster Recovery, Security & Risk Management. Crucible. (ISBN: 0-966272900) Toigo, Jon. 1995. Disaster Recovery Planning. John Wiley & Sons. (ISBN: 0471121754)

Security
I

Russell, Deborah; GT Gangemi Sr. 1992. Computer Security Basics; O'Reilly. (ISBN: 0-937175-71-4)

Scripting
I I I

Perl, www.perl.com Hoffman, Paul. 1997. Perl 5 for Dummies. IDG. (ISBN: 0-7645-0044-9) Schwartz, Randal; Tom Christiansen, and Larry Wall. 1997. Learning Perl, 2nd edition. OReilly. (ISBN: 1-56592-284-0)

Appendix B: Useful Resources and Products


I I I I

691

Schwartz, Randal; Erik Olson, and Tom Christiansen. 1997. Learning Perl on Win32 Systems. OReilly. (ISBN: 1-56592-324-3) Srinivasan, Sriram. 1997. Advanced Perl Programming. OReilly. (ISBN: 156592-220-4) Vromans, John. 1996. Perl 5 Desktop Reference. OReilly. (ISBN: 1-56592-1879) Wall, Larry; Tom Christansen, and Randal Schwartz. 1996. Programming Perl, 2nd edition. OReilly. (ISBN: 1-56592-149-6)

Magazines
sapinfo.net, http://www.sapinfo.net/ Intelligent Enterprise, http://www.intelligenterp.com (formerly known as SAP Technical Journal) SAP Professional Journal, http://www.sappro.com/ SAP insider, http://www.sapinsideronline.com

Helpful Third-Party Information


SAP Service Connection SAP service connection to SAP (rcPack):
I

HS Network Technologies 950 Tower Lane, 12th floor Foster City, CA 94404 USA Tel.: (650)-286-3018, FAX: (650)-287-3372

Business Continuation
I I I I I

Comdisco, www.comdisco.com Disaster Recovery Journal, www.drj.com DRI International, www.dr.org IBM Business Recovery Services SunGard Recovery Services, www.recovery.sungard.com

Organizations
I

Americas SAP Users Group (ASUG), www.asug.com For customers in the Americas, ASUG is the only vehicle to submit requests for upgrades and enhancement to SAP.

692

System Administration Made Easy | Release 4.6C/D

Web Sites
SAP
I I I I I I I I

SAP, www.sap.com mySAP.com, www.mySAP.com SAPNet, service.sap.com Note: you need a SAPNet user ID to access SAPNet SAP America, www.sap.com/usa SAP America, training, www.sap.com/usa/trainsupp SAP Labs, Simplification Group, http://wwwtech.saplabs.com SAP Online Store, www.sap.com/store_index.htm SAP Complementary Software Program, www.sap.com/CSP

SAP Affiliates
Americas SAP Users Group (ASUG), www.asug.com

Third-Party
I I I I I

SAP Fans, www.sapfans.com SAP Club, www.sapclub.com SAP Tools, http://sap.ittoolbox.com ERP site, www.erpsupersite.com ERP central, www.erpcentral.com

Internet News Groups


I

SAP-related comp.soft-sys.business.sap

Other comp.client-server

Operating Systems UNIX comp.os.unix comp.unix.*

Appendix B: Useful Resources and Products

693

NT comp.ms-windows.nt.*

Databases - Oracle comp.databases.oracle.*

Databases - DB2 comp.databases.ibm-db2

Databases - Informix comp.databases.informix

Databases - MS SQL server microsoft.public.sqlserver.* comp.databases.ms-sqlserver

Other Resources
Operating System
I

UNIX Compaq Unix, www.tru64unix.compaq.com HP UX, www.hp.com/products1/unixservers/ IBM AIX, http://www-1.ibm.com/servers/aix/os/index.html Fujitsu Siemens Reliant, www.fujitsusiemens.com/servers/rm/rm_us/reliant.htm Sun Solaris, www.sun.com/solaris

NT Microsoft, www.microsoft.com/ntserver Microsoft TechNet, www.microsoft.com/technet

Database
I

Oracle Oracle, www.oracle.com

SQL server Microsoft, www.microsoft.com/sql/default.asp

Informix Informix, www-4.ibm.com/software/data/informix

694

System Administration Made Easy | Release 4.6C/D


I

DB2 IBM, www-4.ibm.com/software/data/

Other Helpful Products: Contributed by Users


In an NT environment, if a particular task is mission-critical, use a dedicated system to perform that task. A dedicated system eliminates much of the potential for conflict. The products listed here have been recommended by users and consultants and are provided as a starting point for your research. A listing of these products does not constitute an endorsement by SAP. The following list is not all-inclusive. These products have different features and prices, which meet different requirements. It is your responsibility to test their compatibility with your requirements and needs, and to select the product that is appropriate to your installation. For products that have been certified by SAP to work with SAP R/3, see Complementary Software Program at www.sap.com/CSP. As a precaution, you should test all third-party software for compatibility and stability on a test system before installing them in a production environment. There are cases where a program many conflict with another program or the hardware and crash the system. Testing software applies to both the server and workstation that the system administrator uses.

Caution

UNIX
Backup
I

Networker, Legato, www.legato.com

Monitor
I

Performance monitor Stopwatch, Envive, www.envive.com

System monitor OpenView, HP, www.openview.hp.com

Scheduler
I I

AutoSys, Computer Associates, ww.cai.com Maestro, Tivoli, www.tivoli.com

Appendix B: Useful Resources and Products

695

Spool Management
I

Dazel for R/3, Dazel, www.dazel.com

Other
I

Messaging: TopCall, Topcall Intl., www.topcall.com

NT

Backup
I I I

ARCserve, Computer Associates, www.cai.com/arcserveit OmniBack II, HP, www.openview.hp.com Ultraback, BEI Corp, www.ultrabac.com

Monitor
I

Log monitor ELM, TNT software, www.tntsoftware.com Provision Network Monitor (formerly AlertPage), Computer Associates www.platinum.com/products/provis/po/nmon_pv.htm

System monitor LANDesk Server Manager, Intel, www.intel.com/network/products/landesk/ NetIQ, NetIQ, www.netiq.com OpenView ManageX, HP, www.openview.hp.com RoboMon, Heroix, www.robomon.com

Remote Control
I I I I I

Compaq Carbon Copy 32, Compaq, www.compaq.com/services/carboncopy LapLink for Windows NT, Traveling software, www.travsoft.com pcANYWHERE32, Symantec, www.symantec.com/pca Remote Desktop 32, Network Associates, www.nai.com Timbuktu Pro 32, Netopia, www.netopia.com

696

System Administration Made Easy | Release 4.6C/D

Scheduler
I I I I I

Auto Task 2000, Cypress Technologies, www.cypressnet.com Event Control Server, Vinzant, www.vinsoft.com Launch Pad, Cypress Technologies, www.cypressnet.com crondSys, # ifdef Software, www.ifdef.com Schedule Wizard 98 (shareware)

Spool Management
I

Dazel for R/3, Dazel, www.dazel.com

Other
I

Anti-virus See SAP Note 106267 for known problems with certain anti-virus programs. InocuLAN, CA, www.cheyenne.com Norton AntiVirus, Symantec, www.symantec.com NT shield, Network Associates, www.nai.com

FTP client AbsoluteFTP, Van Dyke Technologies, www.vandyke.com CuteFTP, GlobalSCAPE, www.cuteftp.com WS_FTP, Ipswitch, Inc., www.ipswitch.com

NT monitor Quick slice, NT Resource Kit

Time sync TimeServ, NT Resource Kit

Common, Both UNIX and NT


I

UPS control Powerchute, APC, www.apcc.com

Scripting Perl, www.perl.com

Time sync Network Time Protocol, www.eecis.udel.edu/~ntp

Appendix B: Useful Resources and Products

697

Network
I

Network Analyser Sniffer, Network Associates, www.nai.com

698

System Administration Made Easy | Release 4.6C/D

A P P E N D I X

C
K

Useful SAP Notes

Overview
Note
SAP Notes were formerly known as OSS notes. The Online Service System (OSS) is now known as SAPNet. The SAP Notes are grouped by major area:
I I I

SAP R/3 Operating System Database

Within each group, the notes are grouped by category. These notes are the ones that we found important or useful during this books creation. More notes exist for each group. We encourage you to explore the SAP Notes to see what other notes would be of interest or importance to you. Over time, some of these notes may become obsolete and get removed.

700

System Administration Made Easy | Release 4.6C/D

SAP Notes
Category SAP Note # 11886 15466 21559 31557 42074 45580 86985 Batch Batch Batch Batch Batch Batch Batch Batch Batch CCMS Client Client Client Client Client copy Client copy Client copy Client copy Client copy Client copy Config 06604 11728 16083 18307 24092 31503 36280 37104 70639 71364 07312 13391 35952 40672 4010 24853 47502 69556 70643 84504 21636 Description Central syslog cut off Customer name range Examination of SAPgui problems The multi-client concept of SAP R/3 overview Using the SAP R/3 dispatcher monitor dpmon How are syslog files deleted? Release of SAP Releases for SAP add-ons (IS) Deleting job logs at the operating system level Background jobs with low priority Standard jobs, reorganization jobs Batch input logs and reorganization Distribution of background jobs on application servers FAQ: Background jobs Background work processes reserved for job class A Error analysis: Background processing system How are batch jobs scheduled Collective note: monitoring ST04, DB02, ST10, ST03 (30c-31h) Create client 066 for EarlyWatch Deleting/resetting a client (up to 3.0f) Client deleted, space still filled in database System changeability and client control Tables missing after client copy CC info: Client copy, functionality in 3.0, 4.0 CC-TOPIC: Remote Client copy CC-TOPIC: Missing tables and data CC-TOPIC: Delete client CC-TOPIC: SM29 transfers data in spite of cancel RAM extension: Which changes to profile?

Appendix C: Useful SAP Notes

701

Category Config Config Config Config Ops mode Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches patches Patches Patches

SAP Note # 31395 33576 39412 44695 16845 19466 29372 33525 37617 53902 63786 63845 73510 74545 79376 80117 82264 85820 86241 87432 89089 96885 97621 97623 97630 104664 119738 169142

Description System parameters: Defined where? Displayed how? Memory management (as of 3.0c, Unix and NT) How many work processes to configure? Memory management (as of 3.0c, AS400) Operation mode switch without background processes Downloading a patch from SAPSERVx Unpacking CAR archives Important information about SAP patches < 3.1H Online Correction Support (OCS) Conflicts between Hot Packages / LCPs and Add-Ons FAQ Frequently Asked Questions: sapservX Corrections on SAPSERVx searching for files Problems during upgrade of patched source release Problems when unpacking CAR archives Installation of the 3.1H kernel Admin functions in Online Service System Important information about SAP patches >= 3.1H Patch is not displayed in patch queue HR Legal Change Patches for the HR component Contents of and applying LCPs Configuration of SAP R/3 systems for LCPs Downloading a front-end patch from SAPSERVx OCS Info: Online Correction Support (OCS) Patch types Known problems with patches >= 3.1H OCS info: applying patches from CD Problems during upgrade with too new hot packages Online Correction Support (OCS)

702

System Administration Made Easy | Release 4.6C/D

Category Patches Patches Problems Problems SAPNet SAPNet SAPNet

SAP Note # 173814 212876 15374 16513 15641 22235 26740

Description OCS: Known problems with Support Packages Rel. 4.6 The new archiving tool SAPCAR Checklist: Performance analysis File system is full what do I do Print/download in Online Service System OSS1: What to do if SAP R/3 does not run? Online Service System registration form, North America (for customers without existing Online Service System accounts) Search procedure for notes and messages in Online Service System Service connections The priority of your Online Service System message is changed OSS Quick reference sheet Easy to use guide for transaction OSS1 (SAPSERV4) Transferring customer files to sapservX via FTP Information required for registration keys User maintenance and creation in Online Service System for customer Access to the SAPNet server with Online Service System user id Inbox BIBO in OSS/O01 New customer messages in Online Service System Confirmation of Online Service System registration Changing/Deleting Online Service System users and installations Access to Online Service System services via the internet Change to Online Service System user data Integrating service connections into maintain system data New functions in the SAPNet as of 09-05-06/99

SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet

29501 31515 32411 32789 33221 40024 40866 45027 69224 69378 74313 75002 75686 80618 81908 169296 169329

Appendix C: Useful SAP Notes

703

Category SAPNet SAPNet SAProuter SAProuter SAProuter Security Security Security Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Start/stop

SAP Note # 170102 171569 30289 30374 87388 23611 39267 48018 02510 03255 06427 08462 09876 10551 10743 10755 11070 12550 18706 23389 25941 26009 27831 29666 30187 48914 64333 64337 64628 78401 00387

Description Automatic opening of a service connection Maintaining service connection in system data maintenance SAProuter documentation SAProuter installation Download SAProuter by FTP from sapserv# FAQ concerning SAP R/3 security SAP R/3 Security Guide Data security in SAP R/3 Printer off: What happens to the data? Spool log with bad print control Sxxxx How do you transport a printer definition Performance problems spool output Cannot read my hostname Table TST03 (tablespace PSAPPROTD) size increasing Name of PC longer than 8 characters Long name for routing computer Space requirements of TemSe and spooler Problems with remotely connected printers (WAN) Tuning the spooler Transporting printer definitions SAP R/3 does not find host name SAP R/3 does not print, first steps Priority of output requests? Authorizations for spool requests Viewing completed print data for output device. Output requests are partially delayed Change default value for spool retention period Transport output devices (printer) Using network printers from SAP R/3 Download a list from SAP spool Problems when starting up a DB

704

System Administration Made Easy | Release 4.6C/D

Category Start/stop TMS/CTS TMS/CTS TMS/CTS

SAP Note # 17108 5668 11599 13807

Description Shared memory still present, startup fails Transporting report writer objects Reversing transports (not possible to do) Analyzing Correction & Transport System problems

Operating System Notes


Common to Multiple Operating Systems
Category SAP Note # 80266 28781 Description Installation of NT application servers in a UNIX environment Central transport directory NT/UNIX

NT
Category SAP Note # 28665 89510 Backup Config Config Config Config Config Config Config Config Config 71440 22240 28392 31559 31563 33772 65761 68544 74810 75354 Description Central syslog under NT Installation notes for pcANYWHERE Problems when restoring DLT tapes with NTBackup Windows NT Control Panel settings Two systems on one NT machine Setting environment variables for NT kernel Setting environment variables for NT kernel The correct configuration of Dr.Watson Configuration problems under Windows NT Memory management under Windows NT Notes on SAP services and NT registry Multiple SAP instances on NT

Appendix C: Useful SAP Notes

705

Category Config Eventlog Patches Patches Perfmon Perfmon Problems Problems Problems Problems Problems Problems Problems Problems Problems Problems SAProuter Security Service pack Service pack Start/stop Start/stop TMS/CTS TMS/CTS Virus

SAP Note # 88416 72616 29372 74545 102390 110529 10616 21790 44803 49776 51781 53211 70572 100972 122288 129813 41054 36462 30478 85582 32182 35388 28781 62739 106267

Description Zero Administration Memory Management as of 4.0A/NT Syslog messages in the NT event log Unpacking .car archives Problems when unpacking CAR archives Use of NT performance monitor Professional use of the NT performance monitor Saposcol or collector not running WinNT: problems with notepad.exe Connection reset by peer Evaluating Dr.Watson log file Problems with SAPPAD Win NT appears to hang, SAP service problems SAP R/3 background problems on Win NT Help for analyzing a Win NT blue screen Win 3.51/4.0 no longer responds (hangs) NT: Problems due to address space fragmentation SAProuter as a service Note for Oracle security on WinNT Service Packs on Windows NT High memory requests under NT 4.0 SP 3 fail Windows NT: Event log message when starting SAP R/3 Problems on STOP/START of SAP R/3 via NT scheduler Central transport directory NT/UNIX Configuring a central transport host Problems with certain anti-virus software

706

System Administration Made Easy | Release 4.6C/D

UNIX
Category SAP Note # 21960 28781 80266 AIX AIX Digital Digital Digital HPUX HPUX HPUX HPUX HPUX HPUX HPUX SUN SUN SUN SUN SUN 48689 64885 72984 39698 136653 06599 41596 64884 99224 99527 101229 143527 64887 71479 101883 172524 182552 Description Two instances/systems on one UNIX computer Central transport directory NT/UNIX Installation of NT application servers in a UNIX environment IBM service, fixes and patches SAP R/3 relevant operating system patches for AIX Release of Digital UNIX 4.0B for Oracle cpio generated when restoring sparse files Performance problems on Digital UNIX 4.0D and 4.0E Sudden performance decrease, in UNIX too HP-UX: problem solving using HP-UX patches SAP R/3 relevant OS patches for HP-UX HP-UX Operating System patches Problems with MC Service Guard Informix: HPUX 10.20 patches End of support for HP-UX 10.20, HP-UX 10.10, HP-UX 10.01 SAP R/3 relevant operating system patches for Solaris Solaris recommended patches SAP R/3 relevant patches for Solaris 2.6 Time stamp is incorrect Y2K patches for SOLARIS

AS-400
Category Config Copy CTS Patches Performance Performance SAP Note # 44695 49023 37987 60856 49201 107104 Description Memory management as of 3.0C, AS/400 Client copy Importing transports OSS1 and hot packages Performance settings 4.0B kernel performance

Appendix C: Useful SAP Notes

707

Category Problem Problem Problem Problem SAProuter

SAP Note # 125705 154599 162580 163022 65600

Description SAP R/3 hangs in STARTSAP SAP R/3 cannot be started/shmget fails Roll memory leak & SYSTEM_CORE_DUMPED Work process terminate abnormally SAProuter

Database Notes
MS SQL server
Category SAP Note # 62849 28667 67320 85846 95901 126131 159171 163315 201075 302312 7.0 7.0 7.0 7.0 7.0 7.0 conv 7.0 conv 7.0 conv 7.0 conv 82035 95600 138392 153802 160178 92410 104392 107471 107483 Description news, compilation of notes This note is important for SQL server installations. MS SQL Server specific profile parameters Basic knowledge of MS SQL Server Released operating systems SAP R/3 4.0x/4.5x MS SQL Server SAP R/3 on MS SQL Server release strategy Installing add-on on MS-SQL svr 3.x Recompilation of Stored Procedures MS SQL 6.5 end of support Additions upgrading to 4.6C ... MSSQL Server Additions to upgrade to 4.6D MSSQL Server Improvements for MS SQL Server 7.0 Installation of SAP R/3 on SQL Server 7.0 SQL Server 7 and Vertex database Deleting transaction log files in MSSQL 7 MSSQL 4.6A minimum corrections DB conversion from MS SQL 6.5 to 7.0 Additional info: conversion 6.5/7.0 MS SQL Server Special SQL Server 7.0 conversion methods SQL Server 7.0: conversion on Alpha

708

System Administration Made Easy | Release 4.6C/D

Category 7.0 conv 7.0 conv 2000 2000 2000 Backup Backup Backup Backup Backup Backup Backup Backup Backup CCMS CCMS Client copy Config Config Config Config Config HA Kernel Maint Maint Performance Performance Performance Problems Problems Problems

SAP Note # 129122 130689 209596 327494 377430 37152 44449 48585 50990 68818 70300 151603 153763 166588 139945 141118 85443 67071 70517 80102 97066 126808 111372 77012 67437 142731 38657 61340 76052 67297 79262 79883

Description Conversion SQL Server 6.5/7.0 consultant companies Conversion of multiple SAP R/3 systems from 6.5 to 7.0 Setting up Microsoft SQL Server 2000 Configuration Parameters for SQL Server 2000 SQL Server 2000 installation CD of SAP SQL Server backup to a dump file Backup strategies with MS SQL Server Database copy DB Backup/Restore of Microsoft SQL Server Error in SQL Server backup/restore Backup/restore (compilation of notes) Copying a SQL Server 7.0 database Sub-optimal tape backup performance File backup with SQL server 7.0 SAP database monitor for MS SQL Server New scheduling calendar in the CCMS (DB13) SQL Server Client copy Moving database devices Restructuring a SQL Server installation Device management for MS SQL Server Running two SAP R/3 systems on one sever Configuration parameter for SQL Server 7.0 Stand-by database for MS SQL Server Spool, batch enhancements in kernel DBCC checks DBCC checks for SQL server 7.0 Slow performance of SAP R/3 on MS SQL Server Update statistics on MS SQL Server system tables Update statistics on database tables Error 1105 trans/db log full Incorrect database and log size in DB02 and ST04 Incorrect database freespace alert displayed

Appendix C: Useful SAP Notes

709

Category Problems Problems Problems Problems Problems Problems Problems Problems Problems Problems Recovery Recovery Recovery Recovery Security Security Service pack Service pack Service packs Service packs

SAP Note # 81692 87027 87029 111291 129190 150495 155402 166861 168408 425763 50745 70161 82699 94213 28893 116225 62988 66365 159069 159268

Description Suspect database Fill level database logs Fill level of the database and log Analysis and avoidance of deadlocks Problems with Performance Monitor and SQL Server 7.0 Deadlocks with MS SQL 7 Analysis of hanging situations Analysis of DB13 problems R3load process dies directly during a start No error log generated when an instance profile is missing (This note is in German) Database restore for SQL Server SQL error 916 and 4001 after restore Rebuild master database Point-in-time-recovery fails Changing password of users sapr3 Password change for database user sapr3 Service Packs for MS SQL Server Windows NT service packs (problems caused by) SQL Server 7.0 service pack 1 install terminates Service Pack installation on MS SQL server 7.0

DB2 / UDB
Category SAP Note # 80625 85842 410252 Copy Performance Performance Performance Performance 111206 92795 97014 122599 107123 Description Released operating systems SAP R/3 3.x/4.x DB2 for OS/390 Released operating systems SAP R/3 4.0x DB2/CS Installing the latest 4.6D DB2 UDB Admin Tools 390: Homogeneous System Copy 390: R3trans performance improvements 390: R3trans performance improvement 390: Performance of the update 400: Performance improvement on the database server

710

System Administration Made Easy | Release 4.6C/D

Category Problems Problems Problems Problems Problems Problems Problems Problems Restore Restore Security

SAP Note # 54028 84270 97449 98306 141527 149292 151085 163356 78332 163731 80292

Description 400: Overflow in SQL package. SQL0904, SQL0901 390: Deadlocks on TPFBA and TPFID 390: Unspecified core dumps with HPDT UDP 390: Tablespace name not set 390: Generation of matchcode objects fail UDB: DB2adut1 displays no journals CS: Some work process end with SQL1403 390: Signal 11 during DDIC operations CS: Database crash/core in restore from ADSM CS: Restore Terminates with SQL0973 Security DB2 with SAP R/3 under NT

Informix
Category SAP Note # 93264 53746 62340 64001 71776 85840 93868 AIX Backup Backup CCMS Config Config Config Document HPUX HPUX Maint 102204 11462 167878 66322 12825 41360 141054 154895 41596 101229 22941 Description Informix: Important News Use of correct Informix versions INFCFGCHECK: Download and First steps INFCFGCHECK: Detailed messages of single checks INFCFGCHECK: Automate database checks Released operating systems SAP R/3 4.0x Informix BC511 Instructors contributions AIX 4.3 patches necessary with Informix Informix: Copying and renaming an SAP R/3 database Informix: Copying and renaming an SAP R/3 database CCMS Database administration (DB13) Installation of two SAP R/3 systems on one host Database configuration via onconfig parameter Informix environment parameter for 7.3x Ordering additional Informix documentation HP-UX Problem solving using HP-UX patches Informix: HPUX 10.20 patches Reorganization of table and dbspaces

Appendix C: Useful SAP Notes

711

Category Maint NT Performance Performance Performance Problems SOLARIS Y2K

SAP Note # 29155 126175 38307 156766 184760 31171 48338 187183

Description Consistency check of an Informix database Service Pack 4 on NT4.0 with Informix IDS 7.X Reducing shared memory consumption Performance problems with Informix 7.3x Update Statistics: SAPDBA Rel.>=4.6A old strategy DB start/stop brings warnings Problem solution through SOLARIS/SUN patches Downloading the ON-Archive Y2K patch

Oracle
Category SAP Note # 85838 112325 01039 01042 96397 125242 128221 AIX BR BR BR BR BR CBO CBO CBO CCMS Config Config Config 51396 02239 12593 13550 43494 43499 93098 93256 127715 85609 03809 09705 94801 Description Released operating systems SAP R/3 4.0x Oracle End of Cust Care Support Oracle 7.3.* Problems with ORACLE TWO_TASK linking ORACLE TWO_TASK connect failed OS06: Unable to open file os_sys.log Do not alter MAXEXTENTS on dictionary tables Increased memory consumption with Oracle 8 Kernel extensions on AIX SMP computer cpio with BRBACKUP and BRARCHIVE BRBACKUP on several different tape drives Using BRBACKUP and BRARCHIVE Collective note: BRBACKUP, BRARCHIVE, BRRESTORE Collective notes concerning DBA tools Changes to the upgrade to 4.0 CBO Oracle CBO: changes for installation of 4.0 CBO: Optimal parameters for performance Offline backup via CCMS/DB13 not possible Changing the size of the redo log files Mirroring the ONLINE REDO LOG FILES Environment variables for Windows NT

712

System Administration Made Easy | Release 4.6C/D

Category HPUX Patches Patches Performance Performance Performance Performance Problems Problems Recovery Recovery Recovery Recovery Reorg Reorg Reorg SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA Security Start/stop SUN SUN SUN Tablespaces

SAP Note # 92788 127395 181195 33868 72638 102042 114716 33735 38006 03804 04157 04160 04161 12921 40521 43487 12621 15465 19193 29348 42293 43486 43490 43491 44395 44595 36462 02775 44361 116453 183292 02425

Description HP-UX/Oracle: hanging LGWR Current patch set for Oracle release 8.0.5 Current patch set for Oracle release 8.1.5 Performance problems NT 3.51 / Oracle / TCP/IP Performance problems with SQL*Net V2 System hang on AIX SMP computers under high load Performance problems Oracle 8.0.4/all entries Archiver stuck in Windows NT Ora-1631 max extents reached. Which table? Restoring from a full backup General flowchart for Oracle recovery Tape management for recovery Complete recovery Reorganization of SYSTEM tablespace Reorganization (external tools) Collective note: SAPDBA reorganization SAPDBA speeding up reorganization SAPDBA shrinking a tablespace SAPDBA size and reorg of table space PSAPTEMP SAPDBA reorganization of single table; PSAPTEMP SAPDBA new command line option analyze Collective note: General SAPDBA Collective note: SAPDBA Recovery Collective note: SAPDBA command line options SAPDBA: missing indexes after reorg run SAPDBA: general procedure for reorganizations Note for Oracle security on WinNT Oracle cannot be started Sun Solaris: database does not start after patch Backup via DB13 on Solaris Oracle 7.3.3 Oracle crash because of kernel AIO bug on Sun Function of tablespaces/Dbspaces on the database

Appendix C: Useful SAP Notes

713

Category Tablespaces Tablespaces Tablespaces Upgrade Upgrade Upgrade Upgrade Y2K

SAP Note # 03807 09321 39650 89691 98507 111922 126137 172380

Description Tablespace PSAPROLL, rollback segments too small Next-extents in ORACLE system tables are too large Maximum number of extents per tablespace Additional info: migrating to Oracle 8.0.3 Additional info: migrating to Oracle 8.0.4 NT/Oracle >= 7.3.3.4 necessary Additions Oracle upgrade to 8.0.5 UNIX 64 bit Oracle Y2K bugs and fixes

714

System Administration Made Easy | Release 4.6C/D

A P P E N D I X

D
L

Upgrade Discussion

Upgrade Discussion
An upgrade is an update to your SAP R/3 system. The question of whether to upgrade your system to a new release depends on many complex factors. Most importantly, the decision to upgrade should be based on business need. Some of these factors are outlined below:
I

Desired functionality in new release This can be found in the release note for the specific release.

I I

Problem fixes and resolutions The need to be on a supported release

Reasons Not to Upgrade


Some reasons not to upgrade include the following:
I I

Costthe following items could increase the cost of your upgrade. You must: Upgrade the database and operating system (if required) Purchase and install additional hardware (if required)

716

System Administration Made Easy | Release 4.6C/D


I I I

Test to find problems with the upgrade Upgrade the SAPgui on the users computers Find the time to do all the above

Disruption for users, especially if there is no functional enhancement for them. Diversion of resources (Company resources that could be applied to other tasks would be assigned to upgrading the SAP R/3 system.) Desire to be on the latest release (While desirable for a personal resume, this reason is not a valid business reason to upgrade your system.)

When to Upgrade
In deciding to upgrade your system, ask yourself the following questions:
I I I

Have the reasons for upgrading or not upgrading been analyzed? Has the business need criteria been met? If you installed any Industry Solution (IS), are IS patches available for the new release? If the patches are not available, you cannot upgrade.

Upgrade Issues
An upgrade can be more complex than a new implementation because:
I

There is real data on the system that is being upgraded. If the upgrade fails, the companys operations could be affected and business could stop. This failure would require you to recover the database (refer to the section on disaster recovery). The system is unavailable for users during a portion of the upgrade process. The technical downtime is six to twelve hours. In addition, many other tasks are performed around the backup that could increase this downtime significantly. System downtime could significantly impact the operations of the business during this period. Upgrade changes could require changing configuration, testing, training, and documentation.

Appendix D: Upgrade Discussion


I

717

Changes require regression testing: Do business processes function as they did before? Does custom code need to be changed due to changes from the upgrade?

Other Considerations
Software Issues
The following software has to be compatible with the SAP R/3 release you plan to upgrade to:
I I I

Database Operating system Third-party applications that compliment the SAP R/3 system (for example, external tax packages, job schedulers, system monitors, spool managers, and so on)

Hardware
The upgrade requires free working space on disks to run.
I I

The amount of space required differs with operating system and database. Some of the space is released after the upgrade; other space is permanently used.

As each release adds functionality, the required disk space, processing power and memory required generally tends to increase. A system configuration that was adequate for one release may be inadequate for a later release. This is especially apparent when jumping release levels; example upgrading from 3.1H to 4.6B. The following table is compiled from SAP Notes: SAP Release 3.1H to 4.0B 4.0B to 4.5B 4.5B to 4.6A 4.5B to 4.6B 4.5B to 4.6C CPU increase % 30 20 10 20 10 Memory increase % 30 20 30 10 30

718

System Administration Made Easy | Release 4.6C/D

Performance
Upgrade performance is difficult to predict. Performance is sensitive to a variety of variables, some of which can have significant impact. Therefore, an upgrade of the test system should be done to determine timing values for your configuration. The following are a few of the factors that affect the performance of an upgrade:
I I

Database and operating system Hardware Processor (number of processors and speed of each) Memory (amount available) Drive array Performance factor (especially for writes) Configuration (minimize or eliminate drive or channel contention) Other I/O hardware (minimize or eliminate data channel contention)

I I I I

Data volume for changes to tables that contain data For more information, see:

http://wwwtech.saplabs.com/sysadmin to download the SAP R/3 Upgrade Guide service.sap.com/upgrade

A P P E N D I X

E
M

Training / Learning

Training / Learning
Mini-Basis system
For the Basis System Administrator, new tools will make your ability to learn easier. One of the most exciting is the mini-Basis system:
I

The mini-basis system is a Basis-only system that will provide you a platform to learn the various system administration functions in a safe environment. What we mean by this is the following: There are only Basis transactions in the system. Functional applications (i.e. FI, CO, SD, and so on) are not part of the system. This restriction allows the system to be installed in significantly less disk space than a full SAP R/3 system. The safe environment comes by your ability to install it on a workstation or PC, so anything you do on the mini-basis system does not affect any of your live systems. In this way doing anything dangerous or destructive will not damage a live system.

As of this writing, there are two versions of the mini-basis system:


I

NT/SQLserver 4.6D

720

System Administration Made Easy | Release 4.6C/D


I

Linux/SAPDB 4.6B

As they require much less hardware to install than a full SAP R/3 installation, they can even be installed on a suitably equipped workstation. For demonstration purposes, the NT version has been installed on a notebook computer. For more information on the mini basis systems please see the appropriate web pages:
I

NT/SQLserver 4.6D www.sap.com/technology/minisap

Linux/SAPDB 4.6B service.sap.com/linux

They can both be ordered from the SAP shop at www.mysap.com/company/shop.

A P P E N D I X

F
N

Monitoring Multiple SAP R/3 Systems

Overview
With CCMS, you now can monitor multiple SAP R/3 systems from a single alert monitor. To do this you must first have established a RFC connection to a remote SAP R/3 system that you wish to monitor remotely. Therefore this appendix is divided into two parts:
I I

Defining an RFC connection to a Remote SAP R/3 System Monitoring an Additional SAP R/3 System
Task

Define an RFC connection to a remote SAP R/3 system


1.
In the Command field, enter transaction SM59 and choose Enter.

722

System Administration Made Easy | Release 4.6C/D

2.

On the Display and maintain RFC destinations screen:

a. b.

Expand the R/3 connections tree. If there is not a RFC connection that you want to monitor, choose Create.

3.

On the RFC Destination screen:

a. b. c.

Under RFC destination, enter a name for the RFC connection, (for example, hspal008). Under Connection type, enter the type of connection, (for example, 3 for SAP R/3 system). Under Description, enter the identifying text, (for example, Connection to DC2 system).

Appendix F: Monitoring Multiple SAP R/3 Systems

723

d. e.

Under Logon, enter the user logon data (such as Client, User, and Password) that has authorization for the alert monitor and for system administration in the target system. Choose .

724

System Administration Made Easy | Release 4.6C/D

4.
To find out the name of the message server, log onto the target system and call Transaction RZ03. The message server is the SAP R/3 instance with the M in the Services column.

On the RFC Destination <XXXXX> screen:

a. b. c.

Under Target host, enter the host name of the message server, (for example, hspal008.pal.sap-ag.de). Choose Choose . A message is shown in the status bar. .

Appendix F: Monitoring Multiple SAP R/3 Systems

725

5.

The new RFC connection is shown under R/3 connections.

Task

Monitor an additional SAP R/3 system


1. 2.
In the Command field, enter transaction RZ21 and choose Enter. Choose Technical infrastructure Create remote monitoring entry.

726

System Administration Made Easy | Release 4.6C/D

3.

On the Monitoring: Registering New Contexts screen:

a. b. c.

Under Target system ID, enter the name of the SAP R/3 system to be monitored, (for example, DC2). Under for data coll., choose SAP R/3 system. Choose . to select the RFC connection to the remote

4.

A success message is shown in the status bar.

Configuring the Batch Job to Collect Historical Data (RZ21)


The batch job that collects historical data must be running. As a default, the job will not run. Running this job will add more data to the database and affect database growth. The batch jobs provide the data for the performance history option above.
Task

Do not run this batch job unless you want performance history data (RZ20).

Configure the batch job to collect historical data


1.
In the Command field, enter transaction RZ21 and choose Enter (or from the SAP standard menu, choose Tools CCMS Configuration RZ21-Alert Monitor).

Appendix F: Monitoring Multiple SAP R/3 Systems

727

2.

From the menu bar, choose Technical infrastructure Performance Database Define Background Job.

3. 4. 5.

This user is the user ID that was used to log in. Enter the date and time to run the job. The job will run every day. Choose .

728

System Administration Made Easy | Release 4.6C/D

6.

Choose

7.

Choose the Step2-Reorganizing database tab.

8. 9.

Enter the date and time to run the job. The job will run every week. Choose .

Appendix F: Monitoring Multiple SAP R/3 Systems

729

10.

Choose

11.

Choose

12.

In SAP R/3 release 4.6D, the system displays an additional selection tab. Repeat steps 8 and 9 to complete the configuration.

730

System Administration Made Easy | Release 4.6C/D

13.

Choose

14.

The Status is now set to Released.

I N D E X

Index

A
ABAP dump analysis definition 152 free selection 153 in general 152 performing 67, 73 simple selection 153 editor 158, 159, 216 execute 83, 215 Active processes 99 Active users 148 Adding additional systems in general 232 SAP logon 232 Administration basics R/3 system 3 Administrator access key 561, 567 guidelines 7 requirements of 6 roles external to R/3 5 factors that determine 4 within R/3 5 Advanced quality assurance 488

AIS 196 Alert monitor acknowledge alerts 117 adding a monitor 129 alert threshold 416 analyze alerts 115 checking 65, 72, 75, 76 create new monitor set 127 finding alerts 110 hiding SAP standard monitor sets 124 in general 106 maintaining thresholds 120 views 109, 115 Alerts acknowledge 117 analyze 115 current 109 database 67 finding 110 maintaining thresholds 120 messages 421 open 109 paging system review 423 parameters 422 threshold, changing 416 views 109, 115 Annual tasks

732

System Administration Made Easy | Release 4.6C/D

checklists 82 database 83 notes 84 operating system 83 other 84 Application server definition 13 in general 89, 426 Audit Information System (AIS) business 199 complete 196 in general 196 system 198 user defined 200 Audits business 199 check for validity 217 complete 196 considerations 167 different users 213 financial 166 in general 166 information system 196 security 167, 186 security logs filter group 1 208 filter group 2 209 in general 203 parameters 206 running 204 specific reports 216 system 198 tasks 217 tools 196 user defined 200 user security jobs 214

B
Background jobs batch 427 creating 431 housekeeing 428 incorrect 443 new 443 others 428

performance 428, 429 regularly scheduled jobs 427 scheduling 431 select 66, 70, 71, 79, 81, 439 user ID 428 Backup archive logs 381 checking 459 checking tape label 297 checklist, strategy 47 database 37, 46, 171, 293, 378, 458 dedicated drives 57 design strategy 44 determine the number of tapes required 378 determining correct tape label for 288 differential 42 frequency 37 full 458 IBM DB2 Universal Database 260 in general 35, 37, 458 incremental 41 Informix 317 initializing tapes 293, 298, 371 Microsoft SQL server 291 NTBackup 462 offline 42, 298, 458 on-demand 43 online 42, 294 operating system level 39, 47, 462 overview 36 performance database restore options 57 disk to tape 57 factors affecting 55 faster devices 55 in general 54 options 55 parallel backup 56 recovery 57 periodic archivals 458 procedures database check 45 in general 45 preparation 48 verifying backups 45 RAID systems 58 scheduled 43

Index

733

strategy 36 supplementary 45 tape management handling tapes 51 in general 48 labeling tapes 49 number to backup 378 retention requirements 52 tracking and documenting tapes 48, 51 tape storage in general 53 offsite 53 onsite 54 transaction logs 38, 45, 46 types 40 UNIX level 462 using command line processor (DB2 CLP) 272 verification 70 without checking tape label 296 Batch input 67, 72, 443 Batch jobs 95, 427, 429, 443, 445 Books IBM DB2 689 Informix 689 Microsoft SQL Server 689 NT 687 Oracle 690 OS/400 688 other topics 690 SAP 682, 686 third-party authors 687 UNIX 687 BRARCHIVE 377 BRBACKUP 374 Buffers definition 529 hit ratio 530 importing 488 performance 529 special transport, adding into import buffer 495, 507 swaps 530 tune summary 67, 72, 529

C
CAR files 603 Cascade failures, minimizing 34 CCMS alert monitor 65 CDs 683 Central instance stopping 102 Central processing unit (CPU) 535 Central User Administration (CUA) 162 Change and transport system (CTS) 486 Change control in general 472 managing transports 483 Checking the database 366 Checklists annual tasks 82 database 83 notes 84 operating system 83 other 84 backup strategy 47 daily tasks critical 65, 70 database 67 notes 68 operating system 68 other 68 R/3 System 65, 69 locked transactions 183 monthly tasks 77 database 77 notes 78 operating system 77 other 78 quarterly tasks 79 database 80 notes 81 operating system 80 other 80 stopping R/3 91 weekly tasks 74 database 74 notes 75 operating system 75 other 75

734

System Administration Made Easy | Release 4.6C/D

Cleaning tape drive 419 Client copy copy to different system/SID 662 copy to same system/SID 658 creating a client 655 deleting a client 665 log 666 overview 653 post-client copy tasks 664 processing notes 654 production system 669, 670 SAP Notes 654 security 655 target client 658 Client-dependent changes 175 Client-independent changes 174, 175 Command Line Processor (DB2 CLP) 269 Consumable supplies check 462 other considerations 464 Contracts, maintenance 421 Crash kit in general 27 inventory list documentation 27 software 29 location 27 Critical tasks daily 70 operating system level backups 462 verify backups 70 verify R/3 is running 70 CTS 486

D
Daily tasks checklists critical 65, 70 database 67 notes 68 operating system 68 other 68 R/3 System 65, 69 Dangerous transactions in general 86, 178

recommended lock table 178 restricted access table 183 Data security 171 Database (DB) administration 275 backup 37, 46, 291, 458 checking backup 45 checklists daily tasks 67 consistency check 74 passwords 195 performance analysis 73, 76, 78, 531 server definition 13 starting 88 stopping 100 stopping an instance 100 TemSe 74 Database administration (DBA) 275 IBM DB2 Universal Database 253 Informix 309 Microsoft SQL Server 275 Dates entering 96 DB2See IBM DB2 Universal Database 253 DBA Scheduling 355 DBCC 74 DDIC in general 222 restricting access 187 Defragmentation, memory 530 Deleting user session 247 Deleting users 85 Disaster definition 18 minimizing opportunities cascade failures 34 human error 33 in general 32 single points of failure 33 Disaster recovery applications, up or downstream 32 backup sites 32 business continuation 29 business requirements in general 20 performance 36

Index

735

crash kit 27 disaster, minimizing 32 downtime 21 high availability (HA) options 19 integration 30 offsite 30 other considerations 32 planning 18, 19 recovery groups 22 process 26 scripts 25, 26, 29 time 21 reintegration to R/3 30 scenarios corrupt database 24 hardware failure 24 in general 23, 24 loss or destruction of server facility 24 staffing 22 testing 30 types offsite 23 onsite 23 when to begin 21 Downstream applications 32

Free space 414 Frontend software 226

G
Graphical job monitor 70, 442 Guidebook how to use xxviii new features xxviii organization of xxviii prerequisites xxv target audience xxv Guidelines 6

H
Hardware central processing unit (CPU) 535 disk 535 in general 535 memory 535 review 421 Head contention 524 Help 6 High availability (HA) options 19, 171 Hit ratio 530 Hot packages 617 Housekeeing jobs 428 Human error, minimizing 33

E
EarlyWatch session 605, 608 External interfaces 100

I
IBM DB2 Universal Database administration in SAP systems 253, 255 backups and recovery 260 books 689 command line processor (DB2 CLP) backing up 272 overview 269 resizing tablespace 272 starting 269 update database configurations 271 update manager configurations 271 control center 273 diagnostics 268

F
Failed updates 66 File space archiving 415 expansion 415 old transport files 418 usage 414 File, retrieval 594 Forms Detailed Online Service System Note Record 474 General Note Record 473 R/3 User Change Request 224 Sample Transport Request 485

736

System Administration Made Easy | Release 4.6C/D

overview 254 performance 255 review planning calendar 266 SAP Notes 709 scheduling tasks 264 space allocation 259 starting 254 stopping 255 Informix backing up logical-log 321 overview 317 requirements 317 scheduling 317 checking the database consistency 327 overview 321 reviewing results 322 scheduling 321 DBA planning calendar changing tasks 315 checking status 313 initializing 310 scheduling tasks 312 disk space 329 extending Dbspace 337 further information 341 overview 310 SAP Notes 710 SAPDBA 333 scheduling database tasks 310 starting and stopping 334 updating statistics 326 viewing message log 324 Initializing archive tapes 374 Insider trading 165 Instance definition 13 operation mode 447 stopping 100 Internet news groups 692

Kernel upgrade overview 651 restart options 653 KISS 8

L
Lock entry list 66, 72 Locking checklist 183 client modifiable 177 permanent 176 dangerous transactions table 178 logon 243 prohibited password table 190 restricted dangerous transactions table 183 service connection 585 transaction codes 83 transactions, dangerous 178 users 85, 189 Locks definition 145 deleting 147 in general 145, 172

M
Maintenance basic 609 contracts 421 extended 609 overview 608 special 607 table 466 user 79, 241 Management, change change control 472 in general 188, 465 managing transports 483, 486 note assistant 475 SAP Notes 472 standard transport process 488 table maintenance 466 transportation methods 495 Memory

K
Keep it short and simple (KISS) 8, 44

Index

737

defragmentation 530 hardware 535 Microsoft SQL server backup checking results 291 checking tape label 297 determining correct tape label 288 initializing tapes 293, 298 offline 298 online 294 with Microsoft tools 293 without checking tape label 296 database activity 278 database allocation 282 deleting planning calendar entry 290 Enterprise Manager 303 error logs 303 overview 275, 276 passwords 305 performance 278 performance monitor 278 run update statistics 305 SAP Notes 707 scheduling tasks 284 starting 88, 276 statistics update 74 stopping 100, 276, 277 verify consistency 305 Mini-basis system 719 Modes 445 Monthly tasks checklists database 77 notes 78 operating system 77 other 78 R/3 system 77 Multi-role tasks checklist, stopping R/3 91 mySAP components xxiii

O
Online Correction Support (OCS) 571 Online Service System notes 384 Operating system SAP Notes 704 Operating system (OS) administration 411 alert threshold 416 checklists annual tasks 83 daily tasks 68 monthly tasks 77 quarterly tasks 80 weekly tasks 75 file space archiving 415 file space expansion 415 file space usage 414 full server backup 458 monitor 68, 71, 531 NT event log 422, 423 old transport files 418 passwords 194 system logs 412 tasks 412 transporting method 507 transporting objects 487 Operational security in general 170, 186 management change 188 passwords 189 sharing of user IDs 188 Operations application server check 426 background jobs 427 consumable supplies 462 definition 426 distribution of work processes 452 graphical job monitor 442 in general 425 modes adding new 449 assigning 454 definition 446 generate instance 447 in general 445

N
Network administartion 411 New user setup 225 Note assistant 475

738

System Administration Made Easy | Release 4.6C/D

other considerations 464 system backup 458 Oracle SAP Notes 711 OSS notes 472 Output management in general 387 output printing 401 printer setup 388 printing screen 404 spool check consistency 407 deletion, for 397 printing problems 394 TemSe check 409

P
Paging system 421 Passwords 189 changing 193 database 195 eliminating easy 189 expiration time 189 in general 189 length 189 lockout 189 maintaining table of prohibited 190, 466 Microsoft SQL server 305 operating system level 194 recording 191 resetting 242 sample tables 192 security parameters 189 standards 189 system administration 222, 223 Patch application verification 648 confirmation 647 level 518 logs 646 Performance background jobs 428 backup database restore options 57 factors affecting 55

faster devices 55 in general 54 options 55 parallel backup 56 recovery 57 to disks then tapes 57 buffers 529 critical assumption 524 database 531 defining an RFC connection 721 evaluation priority 524 hardware 535 IBM DB2 Universal Database 255 in general 523, 525, 719 memory 535 memory defragmentation 530 Microsoft SQL server 278 monitoring multiple systems 721 R/3 525 resources 524 training 719 workload analysis 525 Permission creep 218 Policies backup frequency 37 supplementary backups 45 system adminstration 222 user administration 220 Prerequisites xxv user xxvi Printer setup checking the spool 394 in general 388 Procedures backup database check 45 in general 45 roles and responsibilities 46 verifying backups 45 system administration 222 user administration 220 Production refresh strategies client copy with data 669 client copy without data 670 database copy of production system 668 overview 668 Production system

Index

739

not modifiable 174 preventing changes 85 Products CDs 683 contributed by users 694 Profile Generator 220 Profile parameters, system administration data 609 editing 79, 608 maintenance basic 609 extended 609 PXA See Memory 530

Q
Quarterly tasks checklists database 80 notes 81 operating system 80 other 80 R/3 system 79 QuickSlice 509

R
R/3 Alert Monitor 415 R/3 System 88 active processes 99 administration 105 administration basics 3 annual tasks 82 batch jobs 95 checking for users 94 with application servers 94 checklists daily tasks 65, 69 stopping R/3 91 definition 13 external interfaces 100 guidelines 6 monthly tasks 77 performance 523, 719, 721 printer setup 388

quarterly tasks 79 security 172 starting 88 status verification 70 stopping 90, 91, 100, 101 three-tiered configuration 13 weekly tasks 74 R/3 system administrator 4 Records update 72 Recovery 17 Recovery scripts business continuation 29 creating 26 definition 25 Regression testing 650 Remote services CAR files 603 downloading files 600 EarlyWatch 605 overview 593 SAPSERV 594 Resources internet news groups 692 magazines 691 other 693 SAP 681 third-party information 686, 691 web site 692 Restore reasons for 36 strategy 36 testing 37 Return codes, transport 511

S
SAA See System Administration Assistant (SAA) 106 SAP database administration 80 SAP GUI adding additional systems 232 installing file server, from 226 prerequisites 225 presentation CD, from 231

740

System Administration Made Easy | Release 4.6C/D

software 226 SAP Notes database IBM DB2 Universal Database 709 Informix 710 Microsoft SQL server 707 Oracle 711 for further informationl 586 implementing 477 loading 475 log file 481 managing 472 note assistant 475 operating system 704 AS-400 706 multiple system 704 NT 704 UNIX 706 OSS notes 472 processing status 480 searching 544 special 604 useful 58, 582, 650, 654, 699 viewing 625, 628 SAP online store 681 SAP products and resources 681 SAP Service Marketplace 539 SAP Software Center 571 SAP* 222 restricting access 187 SAPCAR.exe 603 SAPDBA backup 371 cleanup 80 Computing Center Management (CCMS) 349 definition 333, 363 getting started 334 starting 88, 334 stopping 100, 334 to administer Informix 333 using 375 SAPNet 685 connecting to R/3 system 582 customer messages 547 component 548 confirming 558 entering 547, 549

prioritizing 547 problem description 548 viewing 554 developer deletion 564 developer key request 560 key entry 564 object key request 566 registration 559, 560, 562 logging on 540 notes 650 object deletion 570 key entry 570 registration 559, 565 prerequisites 582 problem solving 543 SAP Software Center 571 service connection 585 SAProuter 594 SAPSERV 594 connect using a GUI 595 connect using command prompt 597 navigating 597 partial organization 602 retrieving files 594 server specifics 594 SAR files 603 Scenarios, disaster corrupt database 24 hardware failure 24 in general 23, 24 loss or destruction of server facility 24 Scheduling 63 DBA planning calendar 312, 357 IBM DB2 tasks 264 Informix tasks 310 Microsoft SQL tasks 284 Screen resolution optimal setting xxvii Security 163 access 168 application 170 audit log filter group 1 208 filter group 2 209 in general 203

Index

741

parameters 206 review 74 running 204 authorization maintenance 82 auto logout 146 backups 171 change management 188 client copy 655 controlling access 172 data 171 DDIC 187 definition 164 different user audit 213 electronic card key access 169 facility related items 171 high availability (HA) options 171 issues not covered in guidebook 162 layers 168 multiple user logins, prevent 172 network 169 operational 170, 186 overview 161 passwords 189 changing 193 database 195 eliminating easy 189 expiration time 189 in general 189 length 189 lockout 189 maintaining table of probibited 190 operating system level 194 parameters 189 recording 191 sample tables 192 standards 189 permission creep 218 physical 168 production system changes, preventing 172 profile generator 220 profile maintenance 82 R/3 172 router tables 169 SAP* 187 security reports 214 segregation of duties 186 sensitive data 165

sharing of user IDs 148, 188, 249 user audit jobs 214 Security administration 163 audits 166 considerations 167 financial 166 security 167 data protection 165 insider trading 165 other requirements 165 See IBM DB2 Universal Database 253 See Performance 523, 719, 721 See System administration 105 Server administration 411 application 89 Service connection 585 Session delete user 247 terminate 248 Short dump See ABAP, dump analysis 152 Single points of failure, minimizing 12, 33 Single-Sign On (SSO) 162 Software R/3 System xxvii users logging on xxvii Software, Prerequisite utility software installation xxvii Spool consistency check 407 deleting old 397 in general 72, 76 printing problems 67, 74, 394 Starting R/3 88 Stopping R/3 90, 91, 100, 101 Super users DDIC 222 SAP* 222 Supplies checking consumable 462 other considerations 464 Support Package Manager (SPAM) application server upload 581 download 576, 580 frontend upload 581 notes 578

742

System Administration Made Easy | Release 4.6C/D

Support packages applying 643, 645 downloading from SAPNet 633 getting information from SAPNet 622 high level application 618 in general 520, 617 notes view all 625 view specific 628 object conflicts 649 overview 617 patch application verification 648 confirmation 647 log 646 regression testing 650 strategy 617 updating SPAM 640 uploading from CD 634 from web 635 front end 638 in general 634 Swaps 530 System xxvi, 4 assumptions xxvi audits 198 backup 458 change management 188 confirmation information 119 logs 72 display remote system logs 144 in general 142, 412 NT 422, 423 R/3 66, 69, 88, 422 messages creating 92, 155 defining 92, 155 editing 156 in general 155 monitor 421 monitoring tools 106 multi-instance 149 preventing changes 85 profile parameters 79, 608 R/3 definition 13 single instance 148, 249

with application servers 150 without application servers 151 System administration 222 DDIC 222 in general 105 passwords 222, 223 SAP* 222 System Administration Assistant (SAA) 106, 132 System administrator 4 System guidelines changes, making 10, 11 checklists 9 database access 11 documentation 8 help 7 in general 6 networking 8 non-SAP activity 12 preventive maintenance 9 protecting the system 7 single points of failure 12 System performance See Performance 523, 719, 721 System, Prerequisite software xxvii

T
Table maintenance deleting entry 470 in general 466 review 79 table entry, create 466 USR40 190 Tape drive, cleaning 419 Target audience xxv customer person xxv SAP R/3 administrator xxv team xxv the junior consultant xxv the system administrator xxv Tasks check maintenance contracts 421 check uninterruptible power supply (UPS) 420 cleaning tape drive 419 multi-role 87

Index

743

operating system (OS) 412 post-client copy 664 review hardware or system monitor paging system 421 scheduled 63 scheduling IBM DB2 database 264 scheduling Microsoft SQL database 284 Temporary Sequential (TemSe) consistency check 74, 76 Temporary Sequential (TemSe) consistency check 409 TemSe 74 Time daylight savings, end 431 daylight savings, start 431 master clock 429 zone conversion table 430 TMS 76, 487 tp import all 488 Training classes 684 Transaction AL02 67 AL08 66, 70, 71, 91, 94, 147, 148, 149, 248, 250 DB02 74, 76, 77, 78, 259, 282, 531 DB12 44, 65, 260, 284, 291, 292, 459 DB13 43, 44, 47, 49, 264, 266, 268, 284, 293, 305, 311, 312, 315, 317, 321, 322, 326, 328, 355, 360, 459, 461 OS06 68, 71, 412 OS07 531, 532 OSS1 582 PA30 529 RZ01 70, 71, 442 RZ04 445, 446, 447, 449, 452 RZ10 79, 189, 608 RZ11 616 RZ20 65, 72, 75, 76, 106, 107, 119, 120, 143, 414, 415, 416 RZ21 726 SA38 83, 85, 215 SCC4 83, 85, 174, 175, 655 SCC5 665 SCC9 662 SCCL 659 SE01 488 SE03 83, 85, 174 SE09 488, 509 SE10 488, 490, 509

SE37 310 SE38 83, 85, 158, 215, 216 SECR 184, 196, 200 SM01 83, 85, 183 SM02 70, 91, 92, 155, 156 SM04 66, 71, 91, 94, 147, 148, 247, 248, 249 SM12 66, 72, 145, 146 SM13 66, 69, 72, 81, 136, 137, 147, 190, 516 SM19 206, 207 SM20 74, 203, 204 SM21 66, 69, 72, 88, 142, 152, 516 SM22 516 SM30 466, 470 SM31 79, 466, 470 SM33 71 SM35 67, 72, 443 SM36 431, 432 SM37 66, 70, 79, 80, 81, 91, 92, 95, 147, 222, 439, 666 SM50 65, 72, 91, 99, 147, 150, 151 SM51 65, 72, 91, 99, 147, 150, 426, 519 SM63 446, 454 SP01 67, 72, 74, 76, 394, 395, 397, 398, 401, 517 SP12 74, 409, 410 SPAD 388, 407 SPAM 621, 630, 633, 635, 640, 643 SSAA 132 ST02 67, 72, 529, 530 ST03 67, 73, 525, 529, 725 ST04 67, 73, 255, 278, 279, 303, 324, 329, 531 ST22 67, 73, 144, 152, 153 ST59 721 STMS 74, 76, 495 SU01 79, 81, 217, 222, 233, 234, 237, 241, 243, 244, 246 SU02 82 SU03 82 TP 74 VA01 529 VA02 529 VA03 529 VF01 529 VL01 529 Transaction logs, backup 38, 46 Transactions code switches 673 code tables 674

744

System Administration Made Easy | Release 4.6C/D

dangerous 674 in general 86, 178 recommended lock table 178 restricted access table 183 locked, listing 184 monitoring 136 performance impact 674 useful 673 Transport files cleaning out old 418 directory check 419 Transport Management System (TMS) documentation 487 import all requests 503 selected requests 499 transport request 498 in general 76 main screen 495 method 487, 495, 498 transport log 505 Transporting objects importing all requests 503 buffer 488 in general 508 selected requests 499 transport request using TMS 498 in general 486 managing transports 483 operating system (OS) method 487, 507 problem, if occurs 494 production system 486 releasing requests 490, 492 special transports 489, 495, 507 standard process 488 TMS documentation 487 main screen 495 method 487, 495, 498 transport log 505, 509 Troubleshooting analyze problems 517 basic techniques 516 document changes 517 error messages 517 evaluate alternatives 517

gathering data 516 in general 515 making changes 517 SAP patch level 518 support packages 520 Tune summary 67

U
Uninterruptible power supply (UPS) check 420 shutdown process 420 Unlocking logon 243 password resetting 242 service connection 585 transaction codes 83 Update terminates in general 136 looking for 66, 69 managing 139 problems with short dumps 139 user training 141 Upgrade hardware issues 717 performance 718 software issues 717 when not to 715 when to 716 Uploading support packages from CD 634 from web 635 in general 634 Upstream applications 32 User assumptions xxvi database level xxvi operating system level xxvi system xxvi the R/3 System level xxvi User administration 105, 219 active users 248 adding users 221 Central User Administratio (CUA) 162 change request form 224 changing jobs, users 221

Index

745

changing users 221 deleting user session 247 ID naming 221 in general 219 leaving, users 221 maintaining user 79, 241 new user setup 225 password resetting 242 policies and procedures 220 terminated employees 222 terminating session 248 user groups 220 Users 66 active 148 AL08 66, 70, 71, 94 check for validity 217 groups creating 246 in general 220, 245 recommendations 245 IDs 148, 188, 249 locking 85, 243 maintenance 79, 81, 241 new user setup copying an existing user 233 creating new user 237 in general 225, 233 installing SAP GUI 226 prerequisites 225 password resetting 242 Single-Sign On (SSO) 162 SM04 66, 70, 71, 94 SU01 79 super-users 222 unlocking 243 update terminates 141 Users,active 248

other 75 R/3 system 74 Work processes checking 65, 72 defining distribution 452 in general 150 with application servers 150 without application servers 151 Workbench organizer tools 83 Workload analysis 67, 73, 525

W
Web sites 692 Weekly tasks checklists database 74 notes 75 operating system 75

746

System Administration Made Easy | Release 4.6C/D

IF A TAX COMPLIANCE SYSTEM WORKS, BUT DOESNT WORK WITH YOUR SYSTEM, DOES IT STILL WORK?
Unfortunately, not every tax compliance solution is guaranteed to work well with your system. Vertex integrations, however, not only work with your system, but theyre also certified by SAP. And that provides a level of comfort and peace of mind that others cant. These integrations also allow you to be up and running faster and easier. And by automating the compliance process, youll save time so you can focus on more important things, such as strategic tax planning. We cant alleviate all your stress, but this is definitely a start. To find out more and to receive a free SAP Toolkit, visit www.vertexinc.com/sap.asp.

www.vertexinc.com
2001 Vertex Inc.

SALES AND USE TAX PROPERTY TAX PAYROLL TAX TELECOMMUNICATIONS TAX

BEST PRACTICES FOR mySAP.com


Hit the ground running with a prepackaged implementation and built-in competitive business expertise. Visit us at: http://www.sap.com/bestpractices or at http://service.sap.com/bestpractices.

2001 SAP AG; SAP is a registered trademark of SAP AG in Germany and several other countries.

BETTER IMPLEMENTATIONS USE SAP MADE EASY GUIDEBOOKS!


Written for SAP customers and consultants, the SAP Made Easy guidebooks show a clear, task-oriented approach to implementing your SAP solution, allowing you to cut costs and jumpstart your implementation. Whether you are a novice or experienced user, Made Easy guidebooks provide the step-by-step procedures and reference information you need. Available at www.sap.com/shop.
Authorizations Made Easy System Administration Made Easy R/3 Reporting Made Easy SAP BW Reporting Made Easy SAPscript Made Easy Data Transfer Made Easy Preconfigured Client Guide Online Store Made Easy

Check out www.saplabs.com/simple to learn more about the SAP Made Easy guidebooks and other implementation accelerators.

THE BEST-RUN E-BUSINESSES RUN SAP