Академический Документы
Профессиональный Документы
Культура Документы
Copyright
2002 by SAP AG. All rights reserved. Neither this documentation nor any part of it may be copied or reproduced in any form or by any means or translated into another language, without the prior consent of SAP AG.
Disclaimer
SAP AG makes no warranties or representations with respect to the content hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. SAP AG assumes no responsibility for any errors that may appear in this document. The information contained in this document is subject to change without notice. SAP AG reserves the right to make any such changes without obligation to notify any person of such revision or changes. SAP AG makes no commitment to keep the information contained herein up to date.
Trademarks
SAP, the SAP logo, mySAP.com, R/2, R/3, ABAP, mySAP, mySAP.com, and other SAP-related products mentioned herein are registered or unregistered trademarks of SAP AG. All other products mentioned in this document are registered or unregistered trademarks of their respective companies.
Simplification Group SAP Labs, Inc. 3475 Deer Creek Road Palo Alto, CA 94304
www.saplabs.com/simple simplify-r3@sap.com
Printed in the United States of America. ISBN 1-893570-44-4
C O N T E N T S
Introduction
xxiii
What Is This Guidebook About? ..........................................xxiii About This Guide ................................................................ xxv Who Should Read This Book? .................................................................xxv Prerequisites ...........................................................................................xxv User .................................................................................................xxvi System .............................................................................................xxvi How to Use This Guidebook ..............................................xxviii Organization ................................................................................. xxviii Whats New .....................................................................xxviii Content .......................................................................................... xxviii Conventions ....................................................................... xxix Sample R/3 Release 4.6 Screen .............................................................xxx Special Icons ...........................................................................................xxx
iv
Overview ................................................................................4 Roles of a System Administrator ..............................................4 Within the mySAP.com component ............................................................ 5 External to the mySAP.com component ..................................................... 5 System Administrator Traits ....................................................6 System Guidelines ...................................................................6 Protect the System ...................................................................................... 7 Do Not Be Afraid to Ask for Help .............................................................. 7 Network with Other Customers and Consultants ........................................ 8 Keep It Short and Simple (KISS) ................................................................ 8 Keep Proper Documentation ...................................................................... 8 Use Checklists ............................................................................................ 9 Use the Appropriate Tool for the Job ......................................................... 9 Perform Preventive Maintenance ............................................................... 9 Do Not Change What You Do Not Have To ............................................10 Do Not Make System Changes During Critical Periods ...........................11 Do Not Allow Direct Database Access ....................................................11 Keep all Non-SAP Activity Off the mySAP Servers ...................................12 Minimize Single Points of Failure .............................................................12 Special Definitions .................................................................13
17
Overview ..............................................................................18 What Is a Disaster? ...............................................................18 Why Plan for a Disaster? .......................................................18 Planning for a Disaster ..........................................................19 Creating a Plan ........................................................................................19
Contents
What Are the Business Requirements for Disaster Recovery? ...................20 When Should a Disaster Recovery Procedure Begin? ..............................21 Expected Downtime or Recovery Time .....................................................21 Expected Downtime ...........................................................................21 Recovery Time ...................................................................................21 Recovery Group and Staffing Roles .........................................................22 Types of Disaster Recovery ......................................................................23 Onsite ................................................................................................23 Offsite ................................................................................................23 Disaster Scenarios .................................................................23 Three Common Disaster Scenarios ...........................................................24 A Corrupt Database ...........................................................................24 A Hardware Failure ...........................................................................24 A Complete Loss or Destruction of the Server Facility ........................24 Recovery Script ......................................................................25 Creating a Recovery Script ......................................................................26 Recovery Process ...................................................................26 Major Steps .............................................................................................26 Crash Kit ..................................................................................................27 Business Continuation During Recovery ...................................................29 Offsite Disaster Recovery Sites .................................................................30 Integration with your Companys General Disaster Planning ...................30 When the SAP R/3 System Returns .........................................................30 Test your Disaster Recovery Procedure ....................................................30 Other Considerations .............................................................32 Other Upstream or Downstream Applications .........................................32 Backup Sites .............................................................................................32 Minimizing the Chances for a Disaster ....................................32 Minimize Human Error .............................................................................33 Minimize Single Points of Failure .............................................................33 Cascade Failures .....................................................................................34
35
Overview ..............................................................................36 Restore ..................................................................................36 Strategy ...................................................................................................36 Testing Recovery ................................................................................37 Backup ..................................................................................37 What to Backup and When ......................................................................37 Database ...........................................................................................37 Transaction Logs ................................................................................38 Operating System Level Files .............................................................39 Backup Types ...........................................................................................40 What Is Backed Up ............................................................................41
vi
How the Backup Is Taken ...................................................................42 When the Backup Is Made .................................................................43 Backup Strategy Design ...........................................................................44 Supplementary Backups .....................................................................45 General Procedures .................................................................................45 Backup ...............................................................................................45 Transaction Log Backup .....................................................................45 Verifying Backups ..............................................................................45 Database Integrity .............................................................................45 Roles and Responsibilities ..................................................................46 Design Recommendations ........................................................................46 Database ...........................................................................................46 Transaction Logs ................................................................................46 Operating System Level Files .............................................................47 A Strategy Checklist ...........................................................................47 Backup Procedures and Policies .........................................................48 Tape Management .................................................................48 Tracking and Documenting .....................................................................48 Labeling .............................................................................................49 Tracking .............................................................................................51 Handling ............................................................................................51 Retention Requirements ...........................................................................52 Recommendations ..............................................................................53 Tape Retention Period ........................................................................53 Storage ....................................................................................................53 Offsite ................................................................................................53 Onsite ................................................................................................54 Performance ..........................................................................54 Backup .....................................................................................................55 Backup Options .......................................................................................55 Back Up to Faster Devices ..................................................................55 Parallel Backup .................................................................................56 Backing Up to Disks, Then to Tape .....................................................57 Recovery ..................................................................................................57 Restore Options .......................................................................................57 Useful SAP Notes ...................................................................58
Contents
vii
63
Overview ..............................................................................64 Daily ......................................................................................65 Critical Tasks ............................................................................................65 The SAP R/3 System ................................................................................65 Database .................................................................................................67 Operating System ....................................................................................68 Other .......................................................................................................68 Notes .......................................................................................................68 The SAP R/3 System ................................................................................69 Critical Tasks ............................................................................................70 Verify that SAP R/3 Is Running ..........................................................70 Verify that the Backups Ran Successfully ............................................70 Weekly ..................................................................................74 The SAP R/3 System ................................................................................74 Database .................................................................................................74 Operating System ....................................................................................75 Other .......................................................................................................75 Notes .......................................................................................................75 Monthly .................................................................................77 The SAP R/3 System ................................................................................77 Database .................................................................................................77 Operating System ....................................................................................77 Other .......................................................................................................78 Notes .......................................................................................................78 Quarterly ..............................................................................79 The SAP R/3 System ...............................................................................79 Database .................................................................................................80 Operating System ....................................................................................80 Other .......................................................................................................80 Notes .......................................................................................................81 Annual ...................................................................................82 The SAP R/3 System ................................................................................82 Database .................................................................................................83 Operating System ....................................................................................83 Other .......................................................................................................84 Notes .......................................................................................................84
viii
87
Starting the SAP R/3 system ..................................................88 Start SAP R/3NT (SQL Server, Oracle) .................................................88 Stopping the SAP R/3 system .................................................90 Stop SAP R/3 Checklist ............................................................................91 Tasks to Be Completed Before Stopping the System ................................91 System Message (SM02) ...................................................................92 Check that No Active Users Are on the System (AL08/SM04) ..........94 Check for Batch Jobs Running or Scheduled (SM37) .........................95 Check for Active Processes on All Systems (SM51) ...........................99 Check for External Interfaces ...........................................................100 Stopping SAP R/3 .................................................................................100 STOP SAP R/3NT ..........................................................................101
105
Overview ............................................................................106 Major System Monitoring Tools ...........................................106 CCMS Central Alert Monitor (Transaction RZ20) ..................................106 Current View and Alert View ...........................................................109 Maintaining The Alert Thresholds for RZ20 .....................................120 Hiding SAP Standard Monitor Sets ..................................................124 Create a New Monitor Set ...............................................................127 System Administration Assistant (Transaction SSAA) .............................132 Specific Transaction Monitoring Overview ...........................136 Failed Updates (Transaction SM13) ......................................................136 Managing Update Terminates ...............................................................139 User Training ...................................................................................141 System Log (Transaction SM21) ............................................................142 Locks (Transaction SM12) .....................................................................145 Active Users (Transactions SM04 and AL08) ........................................148 Problems ..........................................................................................148 Work Processes (Transactions SM50 and SM51) ..................................150 ABAP Dump Analysis (Transaction ST22) ..............................................152 System Message (SM02) ......................................................155 Editing a Message .................................................................................156 ABAP Editor (SE38) ...............................................................................158 For Information About a Program or Report ....................................159
Contents
ix
163
Overview ............................................................................164 What Is Security? ...................................................................................164 Keeping Unauthorized People Out of the System ............................164 Keeping Users out of Prohibited System Areas ................................165 Safeguarding the Data from Damage or Loss ..................................165 Complying with Legal, Regulatory, and Other Requirements ...........165 Audits ..................................................................................166 Financial Audit .......................................................................................166 Security Audit ........................................................................................167 Audit Considerations ..............................................................................167 Security Layers ....................................................................168 Access Security ......................................................................................168 Physical Security ..............................................................................168 Network Security .............................................................................169 Application Security .........................................................................170 Operational Security .............................................................................170 Data Security .........................................................................................171 Application or SAP R/3 Security ............................................................172 Controlling Access to SAP R/3 .........................................................172 Prevent Multiple User Logins ............................................................172 Preventing Changes in the Production System ........................................172 Setting the Production System to Not Modifiable (Transactions SE03, SCC4) ............................................................................................174 Verifying that Dangerous Transactions Are Locked ...............................178 Operational Security ............................................................186 Segregation of Duties ............................................................................186 Accounts Receivable and Cash Collection .......................................187 Restricting Access to SAP* or DDIC .......................................................187 Change Management ............................................................................188 Sharing of User IDs ..........................................................................188 Password Issues and Tasks .....................................................................189 Setting Password Standards Using Transaction RZ10 ......................189 Eliminating Some Easy Passwords ....................................................189 Maintaining a Table of Prohibited Passwords ..................................190 Recording System Passwords ...........................................................191
Operating System Level ...................................................................194 NT ....................................................................................................194 UNIX ................................................................................................195 Databases ........................................................................................195 DB2 ..................................................................................................195 Informix ...........................................................................................195 Microsoft SQL Server .......................................................................195 Oracle/UNIX ...................................................................................195 Useful SAP Notes for Oracle/UNIX .................................................195 Oracle/NT .......................................................................................196 Audit Tools ...........................................................................196 Audit Information System (Transaction SECR) ........................................196 Security Audit Log (SM20) ....................................................................203 Running the Audit Log ......................................................................204 Setting Security Audit Log Parameters (SM19) ......................................206 User Security Audit Jobs ........................................................................214 Audit Tasks ..........................................................................217 Review that all Named Users are Valid .................................................217 Reviewing Profiles for Accuracy and Permission Creep .........................218
219
Overview ............................................................................220 User Groups ..........................................................................................220 Profile Generator ...................................................................................220 Recommended Policies and Procedures ...............................220 User Administration ...............................................................................221 System Administration ............................................................................222 Special user IDs ...............................................................................222 User passwords ...............................................................................223 Sample SAP R/3 User Change Request Form ..................................224 New User Setup ...................................................................225 Prerequisites ..........................................................................................225 General Process or Procedure .........................................................225 The Users Desktop ..........................................................................225 Network Functionality ......................................................................225 For Installation of SAP GUI ..............................................................225 Installing the Frontend SoftwareSAP GUI ............................................226 Installing SAP GUI from a File Server ..............................................226 Installing SAP GUI from the Presentation CD ...................................231 Adding Additional Systems ....................................................................232 Setting Up a New User (SU01) .............................................................233 Copying an Existing User (SU01) ....................................................233 Creating a New User (SU01) ..........................................................237 Maintaining a User (SU01) ...................................................241
Contents
xi
Resetting a Password (SU01) ...............................................242 Locking or Unlocking a User (SU01) .....................................243 Locking a user ........................................................................................244 Unlocking a user ....................................................................................244 User Groups ........................................................................245 Usage ....................................................................................................245 How to Create a User Group (SU01) ....................................................246 Deleting a Users Session (Transaction SM04) ......................247 Terminate a User Session .......................................................................248 Active Users (Transactions SM04 and AL08) ........................................248 Problems ..........................................................................................249
275
Overview ............................................................................276 Starting and Stopping the Database ....................................276 Database Performance ........................................................278 Overview ...............................................................................................278 Database Activity (ST04) .......................................................................278 Database Allocation (DB02) .................................................................282 Scheduling Database Tasks (DB13) ......................................284
xii
Determining the Tape (Label) Necessary for a Backup ..........................288 Deleting an Entry from the Planning Calendar (DB13) ..........................290 Checking the Database Backup (DB12) ................................291 Initializing Backup Tapes .....................................................293 Database Backups with Microsoft Tools ...............................293 Online Backup Using SQLserver 2000 Enterprise Manager ..............294 Offline Backup Using Windows 2000 Backup ....................................298 Viewing Database Error Logs ...............................................303 SAP R/3 Database Performance Analysis (ST04) ..............................303 Verify Database Consistency ...............................................305 Run Update Statistics ...........................................................305 System Passwords ...............................................................305 SQL server .............................................................................................305
309
Overview ............................................................................310 Scheduling Database Tasks ..................................................310 Initializing the DBA Planning Calendar ..................................................310 Scheduling a DBA Task to Run Regularly ...............................................312 Checking the Status of DBA Tasks ..........................................................313 Changing DBA Tasks .............................................................................315 Backing Up the Database .....................................................317 Requirements for Backing Up the Database ...........................................317 Scheduling Backups of Database Data ..................................................317 Backing Up Logical Log Data .................................................................321 Checking the Database System ............................................321 Viewing the Database Message Log ....................................324 Updating Statistics ...............................................................326 Checking Database Consistency ...........................................327 Checking Database Disk Space ...........................................329 Using SAPDBA .....................................................................333 What is SAPDBA? ..................................................................................333 Getting Started with SAPDBA ................................................................334 Starting and Stopping the Database ......................................................334 Extending a Dbspace ...........................................................337 Further Information .............................................................341
343
Overview ............................................................................344 Starting and Stopping the Database ....................................344 Computing Center Management System (CCMS) ..................349
Contents
xiii
Database Performance Monitor .............................................................350 Database Tables and Indexes Analysis ..................................................353 Scheduling Database Tasks (DB13) ......................................355 Scheduling the DBA task ........................................................................355 Scheduling Predefined Action Patterns ...................................................356 The Database Utility .............................................................360 SAPDBA ...............................................................................363 Checking the Database ........................................................366 Checking the Database System ..............................................................366 Database Verification ............................................................................369 SAPDBA Backup Tasks .........................................................371 Initializing the Backup Tapes ..................................................................371 Initializing the Database Backup (BRBACKUP) Tape .......................371 Initializing the Archive Tape ..................................................................374 Back Up .................................................................................................378 Determining the Tapes Required to Back Up ....................................378 Backing Up the Database ................................................................378 Back Up the Archive Logs ................................................................381 Useful Online Service System Notes .....................................384
387
Overview ............................................................................388 Printer Setup (SPAD) ............................................................388 Check the Spool for Printing Problems (Transaction SP01) ....394 Check that Old Spools are Deleted (SP01) ............................397 Printing the Output (SP01) ...................................................401 Printing the Screen ...............................................................404 Check Spool Consistency (SPAD) ..........................................407 Check TemSe Consistency (SP12) ..........................................409
411
Overview ............................................................................412 Operating System Tasks ......................................................412 System Logs (OS06) ..............................................................................412
xiv
Checking File System Space Usage (RZ20) ...........................................414 Changing the Alert Threshold (RZ20) ....................................................416 Cleaning Out Old Transport Files ..........................................................418 Other Tasks .........................................................................419 Clean the Tape Drive .............................................................................419 Uninterruptible Power Supply ................................................................420 Check the Uninterruptible Power Supply ..........................................420 Check your UPS Shutdown Process ..................................................420 Check Maintenance Contracts ...............................................................421 Review Hardware or a System Monitor Paging System .........................421
425
Overview ............................................................................426 Check that All Application Servers Are Up (Transaction SM51) ... 426 Background (Batch) Jobs .....................................................427 Regularly Scheduled Jobs ......................................................................427 Batch User ID ...................................................................................428 Performance ....................................................................................428 Housekeeping Jobs ..........................................................................428 Others ..............................................................................................428 Performance Factors for Background Jobs .............................................429 Creating and Scheduling a Batch Job (SM36) ......................................431 Background Jobs (SM37) .....................................................439 Checking the Job Log .......................................................................441 Graphical Job Monitor (Transaction RZ01) ...........................................442 Batch Input Jobs, New or Incorrect (SM35) ..........................................443 Operation Modes ................................................................445 Backups ...............................................................................458 Periodic Archival ....................................................................................458 Backup the Database .............................................................................458 Performing a Full Server Backup ............................................................458 Operating System Level Backups .....................................................462 UNIX ................................................................................................462 NT ....................................................................................................462 Checking Consumable Supplies ............................................462 Other Considerations .............................................................................464
465
Contents
xv
Creating an Entry in the Table (SM31) ..................................................466 Deleting an Entry from a Table (SM31) .................................................470 Change Control ....................................................................472 Managing SAP Notes ...........................................................472 Sample Forms ........................................................................................473 General Note Record ......................................................................473 Detailed Online Service System Note Record ..................................474 Note Assistant .....................................................................475 Change Control (Managing Transports) ................................483 Sample Transport Request Form ......................................................485 Transporting Objects ............................................................486 Transports into the Production System ....................................................486 Transporting Objects ..............................................................................486 TMS Method ....................................................................................487 Operating System Method ...............................................................487 Standard Transport Process ...................................................................488 Importing the Entire Import Buffer ....................................................488 Special Transports from SAP ..................................................................489 Releasing a Request (Transport) ............................................................490 TMS Method of Transporting .................................................................495 Adding a Special Transport into the Import Buffer ...........................495 OS Method of Transporting ...................................................................507 Adding a Special Transport Into the Import Buffer ...........................507 Importing the Transport ....................................................................508 Checking the Transport Log (Transaction SE10) ..............................509
515
Overview ............................................................................516 Basic Troubleshooting Techniques ........................................516 Gather Data .....................................................................................516 Analyze the Problem .......................................................................517 Evaluate the Alternatives .................................................................517 Make only One Change at a Time ...................................................517 Document the Changes ....................................................................517 Get the Complete Error Message ..........................................................517 Get the SAP Patch Level .........................................................................518 Determining What Support Packages Have Been Applied .....................520
xvi
523
Overview ............................................................................524 Critical Assumption ................................................................................524 Priority of Evaluation .............................................................................524 General Procedure ..............................................................525 SAP R/3 ...............................................................................525 Workload Analysis of the System (Transaction ST03N) .........................525 Buffers (ST02) ........................................................................................529 Memory Defragmentation .....................................................................530 Database .............................................................................531 Operating System ................................................................531 Operating System Monitor (OS07) .......................................................531 Hardware ............................................................................535 CPU and Disk .........................................................................................535 Memory .................................................................................................535
539
Overview ............................................................................540 Logging on to SAPNet ..........................................................540 Navigation ..........................................................................542 Solving a Problem with SAPNet ...........................................543 Customer Messages ...............................................................................547 Entering Customer Messages .................................................................547 Priority table ....................................................................................547 Component ......................................................................................548 Problem Description .........................................................................548 Viewing Customer Messages .................................................................554 Registering a Developer or Object .......................................559 Registering a Developer ........................................................................560 Enter the Developer Key ..................................................................564 Registering an Object ............................................................................565 Enter the Object Key ........................................................................570 SAP Software Center ...........................................................571 Getting the Latest SPAM version ............................................................573 Connecting to SAPNet ..........................................................582
Contents
xvii
Prerequisites ...........................................................................................582 Opening a Service Connection .............................................585 Order of Access to Systems ...................................................................586
593
Overview ............................................................................594 Retrieving Files from SAP, SAPSERV .....................................594 NT ....................................................................................................595 UNIX ................................................................................................595 Connecting to SAPSERV Using a GUI (NT) ...........................................595 An FTP Client Example ...........................................................................595 Connecting to SAPSERV Using the Command Prompt ............................597 Navigating in SAPSERV ...................................................................597 Connecting at the Command Prompt .....................................................598 Downloading Files .................................................................................600 Partial Organization of SAPSERV ..........................................................602 Unpacking a CAR or SAR File ..........................................................603 Special SAPNet Notes .....................................................................604 EarlyWatch Service ..............................................................605
607
Overview ............................................................................608 Changing System Profile Parameters (Transaction RZ10) .....608 Support Packages ................................................................617 Strategy .................................................................................................617 Applying Support Packages ...................................................................618 Determining What Support Packages Have Been Applied .....................619 Requesting SPAM or a Support Package from SAPNet .........................630 Downloading a Support Package (Hot Package) SAPNet ...........633 Uploading the Support Package from a CD or SAP Service Marketplace ... 634 Support Package Collection CD .......................................................634 SAP Service Marketplace ................................................................635 Updating SPAM .....................................................................................640 Applying the Support Package ..............................................................643 Object Conflicts .....................................................................................649 Regression Testing .................................................................................650 Useful SAP Notes ...................................................................................650 Kernel Upgrade ...................................................................651 Restart Option 1 ..............................................................................653 Restart Option 2 ..............................................................................653
xviii
Client Copy ..........................................................................653 Special Notes ..................................................................................653 Some Useful SAP Notes ...................................................................654 Processing Notes .............................................................................654 Security ............................................................................................655 Creating a Client ....................................................................................655 Copying a Client ....................................................................................658 Copying on the Same System/SID ...................................................658 Copying to a Different System/SID ..................................................662 Post-Client Copy Tasks ...........................................................................664 Deleting a Client ....................................................................................665 Production Refresh Strategies ..............................................668 Database Copy of Production System ....................................................668 Benefits ............................................................................................669 Disadvantages .................................................................................669 Client Copy of the Production System with Data ....................................669 Advantages .....................................................................................669 Disadvantages .................................................................................670 Client Copy of the Production System Without Data ...........................670 Advantages .....................................................................................670 Disadvantages .................................................................................670
Transaction Code Switches ....................................................................673 Transaction Code Table .........................................................................674 Dangerous .......................................................................................674 Performance Impact .........................................................................674
681
Other System Administration Resources ..............................681 SAP Resources .......................................................................................681 Books ..............................................................................................682 CDs ..................................................................................................683 Training Classes ...............................................................................684 Other ...............................................................................................684 White papers ...................................................................................685 SAPNet, Selected Items of Interest ...................................................685 Third-Party Resources .............................................................................686
Contents
xix
SAP R/3 Books Written by SAP Employees .....................................686 SAP R/3 Books Written by Third-Party Authors ................................687 UNIX Books .....................................................................................687 Microsoft Windows NT Books ..........................................................687 OS/400 Books ................................................................................688 Microsoft SQL Server Books ............................................................689 Informix Books .................................................................................689 DB2 Books .......................................................................................689 Oracle Books ...................................................................................690 Books on Other Topics .....................................................................690 Magazines .......................................................................................691 Helpful Third-Party Information ........................................................691 Web Sites ..............................................................................................692 SAP ..................................................................................................692 SAP Affiliates ...................................................................................692 Third-Party ........................................................................................692 Internet News Groups ...........................................................................692 Other Resources ....................................................................................693 Operating System ............................................................................693 Database .........................................................................................693 Other Helpful Products: Contributed by Users ......................694 UNIX ......................................................................................................694 Backup .............................................................................................694 Monitor ............................................................................................694 Scheduler .........................................................................................694 Spool Management .........................................................................695 Other ...............................................................................................695 NT ..........................................................................................................695 Backup .............................................................................................695 Monitor ............................................................................................695 Remote Control ................................................................................695 Scheduler .........................................................................................696 Spool Management .........................................................................696 Other ...............................................................................................696 Common, Both UNIX and NT .................................................................696 Network .................................................................................................697
699
Overview ............................................................................699 SAP Notes ............................................................................700 Operating System Notes ......................................................704 Common to Multiple Operating Systems ................................................704 NT ..........................................................................................................704 UNIX ......................................................................................................706
xx
AS-400 ..................................................................................................706 Database Notes ...................................................................707 MS SQL server .......................................................................................707 DB2 / UDB ............................................................................................709 Informix .................................................................................................710 Oracle ...................................................................................................711
715
Upgrade Discussion .............................................................715 Reasons Not to Upgrade .......................................................................715 When to Upgrade ..................................................................................716 Upgrade Issues ....................................................................716 Other Considerations ...........................................................717 Software Issues ......................................................................................717 Hardware ..............................................................................................717 Performance ..........................................................................................718
719
721
Overview ............................................................................721 Configuring the Batch Job to Collect Historical Data (RZ21) ...........726
Index
731
xxi
Acknowledgements
The combined experience in SAP and general systems administration of those who contributed to this book is measured in decades. I hope that I am able to share with you some of their wisdom. I also wish to express appreciation to the following individuals who provided time, material, expertise, and resources that helped make the Release 4.6C/D guidebook possible:
SAP: Dieter Babutzka, Sari Bearson, Ronald Binford, Dr. Meinolf Block,
Regine Brehm, Dr. Thomas Brodkorb, Eddie Carter, Michael Demuth, Dr. Stefan Fuchs, Andreas Graesser, Christian Graf, Volker Groeschel, Roland Hamm, Christian Hiller, Uwe Inhoff, Indradev Kadidal, Casper Wai-Fu Kann, Steven Kerner, Dr. Wulf Kruempelman, Gisbert Loff, Sue McFarland, Dr. Christoph Nake, Lance Pawlikowski, Benjamin Prusinski, Sriram Raghunathan, Raj Rathnam, Dr. Gert Rusch, Joerg Schmidt, Dr. Carsten Thiel, Jeffrey Thomas, Fabian Troendle, Jackie Wang, Mark Weber, William Willis Jr., Jody Honghua Yang, Kitty Yue.
Authors: Agapius Chan, Jim Chen, Aidan Constable, Sven-Uwe Kusche, Gary Nakayama Documentation, Planning, and Production: Scott Bulloch, Usha Nair,
Noelle Wolf Gary Nakayama, CPA SAP Labs, Inc., 2002
xxii
INTRODUCTION
Introduction
xxiv
Because this design uses a common Basis layer, tasks learned in SAP R/3 system administration can be leveraged for use with other mySAP.com components. Therefore, as long as the mySAP.com component has a Basis layer, you will be able to manage and administer it the same as all other mySAP.com components with a Basis layer. Additionally, there may be administrative tasks specific to the component. Other components do not have a basis layer, such as:
I I I
Internet Transaction Server (ITS) CRM, Communication Station (part of the CRM Mobile Sales component) CRM, Business Application Studio, Development Server (part of the CRM Mobile Sales component)
Because these components do not have a Basis layer, the administration of these components is specific to the component itself. The system administration of these components will not be discussed in this guidebook. While we do not go into the specifics of administering the various components, we will discuss the tasks that are common to them. Except where there is a significant difference in the transaction (screen), enough to cause confusion, we will not make a distinction between a 4.6C transaction and a 4.6D transaction. Because screenshots will come from either a 4.6C or 4.6D system, the appearance of the screens may be different from the system you are on. You may see other visual differences between the screen shots in the guidebook and what you see on your system. In addition to the version difference mentioned above, several other factors will affect how a screen appears to a user, such as:
I I
The level of the support packages that has been applied to the system. The version and patch level of the GUI that is used.
We have tried to group items and tasks in job role categories, which allows this guidebook to be a better reference book.
Introduction
xxv
Real-world practical advice from consultants and customers has been integrated into this book. Because of this perspective, some of the statements in this book are blunt and direct. Some of the examples we have used may seem improbable, but many are based on real situations.
Simplifying system administration tasks for a Made Easy guidebook is not a simple task. The material in this guidebook was carefully chosen, but may not be comprehensive. Installation tasks are not presented. We assume that your SAP consultant has completed these tasks, in keeping with the guidebook philosophy. Although there are chapters on problem solving and basic performance tuning, these chapters only serve to introduce the subjects. This guidebook is not meant to be a trouble shooting or performance-tuning manual.
The customer person or team where: The mySAP Technology administrator is from a small to mid-size company with a small (one to three people) technical team. Each team member in the team has multiple job responsibilities. The system administrator has a basic knowledge of the operating system and database.
Senior consultants, experienced system administrators, and database administrators (DBAs) may find portions of this guidebook elementary, but hopefully useful.
Prerequisites
To help you use this guidebook, we defined a baseline for user knowledge and system configuration. The two sections below (User and System) define this baseline. Review these sections to determine how you and your system match. This book is also written with certain assumptions about your knowledge level and the expectation that particular system requirements have been met.
xxvi
mySAP.com component level: Be able to log on to the mySAP.com component Know how to navigate in the mySAP.com component using menus and transaction codes Some screens do not have menu paths and can only be accessed with transaction codes. Navigating by transaction codes is faster and more efficient than menus.
Operating system level: Be familiar with the file and directory structure Be able to use the command line to navigate and execute programs Set up a printer Perform a backup using standard operating system tools or thirdparty tools Perform basic operating system security Copy and move files Properly start and stop the operating system and server
Database level Properly start and stop the database Perform a backup of the database
System
The mySAP.com components run on over five different versions of UNIX, in addition to NT, OS400 and OS390. In many cases, significant differences exist between the different versions of Unix. These differences contributed to our decision to not go into detail at the operating system level. For an ongoing productive environment, we assume that the:
I I
mySAP.com component is completely and properly installed Infrastructure is set up and functional
Introduction xxvii
I
The following checklist will help you determine if your system is set up to the baseline assumptions of this book. If you can log on to your mySAP component, most of these tasks have already been completed. Questions Is the backup equipment installed and tested? Is the Uninterruptible Power Supply (UPS) installed? Is a server or system monitor available?
Software (general)
Is the mySAP.com component installed according to SAPs recommendation? Is the TMS/CTS configured? Is the TPPARAM file configured? (In Release 4.6, TMS creates a file to be used as the TPPARAM file.) Is the SAProuter configured? Is the OSS1 transaction configured? Is the ABAP workbench configured? Has initial security been configured (default passwords changed)? Are the NT sapmnt share or UNIX NFS sapmnt exports properly configured? Is the online documentation installed? Can users log on to the mySAP.com component from their desktops?
Desktop
For optimal results, we recommend that the minimum screen resolution be set as follows:
I I
For users, 1024 x 768 For the system administrator, 1024 x 768 and a minimum color depth of 256 colors (The Release 4.6 GUI displays better with 64K colors)
xxviii
Part two (chapters 2 and 3) provide a high-level view of disaster recovery and backup and recovery. Chapter 4 contains checklists that help the system administrator complete various tasks on a recurring periodic basis.
Chapter 5 discusses how to stop or start the SAP R/3 system. Chapters 6 through 12 involve the following topics: SAP system administration Security administration User administration Database administration (SQL Server)
The rest of the book covers subjects such as operations, troubleshooting, remote services, change management, and SAP Notes (formerly known as OSS). The four appendices cover useful transactions, other resources, SAP Notes, and a discussion on upgrades.
Organization
All the task procedures are classified in one section by job roles, where related tasks are placed together. Regardless of the job schedule, all jobs related to a job role are grouped in one place.
Whats New
Note
To send us your comments, visit http://www.saplabs.com/sysadmin. This guidebook has evolved from the previous versions of this guidebook to incorporate customer and consultant comments. Send us your comments, so we can ensure that future versions better meet your needs.
Content
The new features of the Release 4.6C/D guidebook are:
I I
Coverage of SAP System Administration with a view of administration for all mySAP components that utilize the Basis 4.6C and 4.6D releases. Multiple Databases Microsoft SQL Server / Windows 2000
Introduction
xxix
New sections on: Information on the Note Assistant (chapter 16 ) Self training/education with the mini-Basis system
Conventions
The table below explains the text conventions used throughout this guide. Text Convention Italic fonts Courier bold Name1 Name2 Description Screen names or on-screen objects (buttons, fields, screen text, etc.) User input; text the user types verbatim Menu selection Name1 is the menu name, and Name2 is an item on the menu Command syntax Replace the information within the angle brackets (< >) with wording specific to your task. We use angle brackets in place of a screen name or other screen text that is derived from steps within an adapted procedure (for example, if you were to choose Sold-to party instead of Ship-to party as shown in the screenshot, your resulting screen names would reflect your selection of Sold-to party). Therefore, we use angle brackets to reflect screen items that may differ from the example screenshots.
xxx
Navigation menu Work area Status bar Application toolbar: The screenshots shown in this guide are based on full user authorization (SAP_ALL). Depending on your authorizations, some of the buttons on your application toolbar may not be available. Navigation menu: Depending on your authorizations, your navigation menu may look different from screenshots in this guide that are based on SAP_ALL. The User menu and SAP standard menu buttons provide different views of the navigation menu. To learn how to build user menus, see the Authorizations Made Easy guidebook, Release 4.6A/B.
Special Icons
Throughout this guide, special icons indicate important messages. Below are brief explanations of each icon: Exercise caution when performing this task or step. An explanation of why you should be careful is included.
Caution
Information within a TechTalk helps you to understand the topic in greater technical detail. You need not know this information to perform the task.
TechTalk
Introduction
xxxi
These messages provide helpful hints and more detailed information to make your work faster and easier.
Tips & Tricks
Note
This information clarifies a statement in the accompanying text.
xxxii
PART ONE
Part Overview
A system administrator has many roles to perform. This section discusses some general duties of system administration and talks about important issues.
C H A P T E R
Overview
This chapter covers the roles that a system administrator performs. These roles cross all functional areas. In a small company, one person can be the entire system administration department. In a larger company, however, a team of administrators is required. The purpose of this definition is to help clarify the roles of a system administrator. This chapter presents a list of commonly used system administration terms and their definitions. At the end of this chapter is a list of fourteen mySAP.com guidelines that a system administrator must be aware of while working with the system. Sample guidelines include:
I I I
Keep it short and simple (KISS) Use checklists Do not allow direct database access
Company size Available resources (the size of the Basis group) Availability of infrastructure support for: Desktop support Database Network Facilities
The system administrator may perform many roles both in or directly related to, the mySAP.com component and indirectly or external to the mySAP.com component.
Duties Supports the users desktop PC Supports the network and desktop printers Manages facilities-related support issues, such as:
I I I
System Guidelines
Some guidelines must be followed when working on a system. These guidelines are explained in more detail in the following sections.
I I I I I I I I
Protect the system Do not be afraid to ask for help Network with other customers and consultants Keep it short and simple (the KISS principle) Keep proper documentation Use checklists Use the appropriate tool for the job Perform preventive maintenance
Do not change what you do not have to Do not make changes to the system during critical periods Do not allow direct database access Keep all non-SAP activity off the SAP servers Minimize single points of failure
Very important to this is a positive, professional attitude on the part of the system administrator. Also, because the system administrator is responsible for the informational backbone of the company, they must maintain a my job is on the line attitude. Mistakes can be costly to the company. Another consideration is protecting the system from threats. These threats can be external, such as hackers, or internal, such as employees who are too curious.
Do not forget to ask the old-timers. Decades ago, the mainframe community may have solved many of the issues and problems you now face. Good places to network include training classes, professional organizations, SAP events (such as the SAP TechEd and Sapphire conferences), and user groups (such as the Americas SAP Users Group (ASUG), regional users groups, database users groups, and operating system users groups). Participation means getting involved in the organization. The more you participate, the more people you meet and get to know.
Hot projects or emergencies tend to take precedence over writing documentation. Do not postpone writing documentation, or the task may never get done. Record everything that is done to the systemas it is being done.
ensure that they are kept up-to-date with system changes. Where necessary, use graphics, flowcharts, and screenshots to clarify and to provide additional information. Make sure that documentation is kept in an easily accessible location. Keep logs (notebooks) on each server, reflecting everything that is done on that server.
Use Checklists
Checklists enforce a standardized process and reduce the chance that you will overlook critical steps. Checklists force you to document events, such as run times, which may later become important. Checklists are especially useful for tasks that are complex or critical. If a step is missed or done incorrectly, the result could be serious (for example, inability to restore the database). If you are performing a task for the first time, or a task that is done infrequently, a checklist will assist you in performing the task correctly. For more information, see chapter 4, Scheduled Tasks on page 63.
You should monitor the various logs and event monitors for potential issues. The database should be regularly checked for integrity and consistency. Maintenance also refers to physical maintenance. Make sure the hardware is kept clean and kept in a cool environment. Additionally, consider when hardware may require upgrading, such as additional disk storage.
10
Test system (a sandbox system) Development system Quality Assurance system Production system
Even if your company does not have all the above-mentioned systems, the key is to maintain the general order. For example, if your company does not have a test system, test the change in the following order:
I I I
By the time you reach the production system, you should be comfortable that nothing will break.
11
Example
A system administrator changes a printer in the Shipping department at the end of the month, but neglects to change the printer setting in SAP R/3. As a result, SAP R/3 cannot send output to the new printer. The users are not able to print shipping documents, which results in the company being unable to ship products. As a result, revenue for the month declines. Other examples include:
I I I I
At end of the month, when Sales and Shipping are booking and shipping as much as they can, to maximize revenue for the month At the beginning of the month, when Finance is closing the prior month During the last month of the year (calendar or fiscal), when Sales and Shipping are booking and shipping as much as they can, to maximize the revenue for the year During the beginning of the year, when Finance is closing the books for the prior year and getting ready for the financial audit
Always coordinate potentially disruptive system events with the users. Different user groups in the company, such as Finance and Order Entry, may have different quiet periods that must be coordinated. Plan all potentially disruptive systems-related activities during quiet periods when a problem will have minimal user impact.
12
Caution
Example
You only have one tape drive and it fails. You cannot back up your database. You rely on utility line power, and do not have a UPS, the server will crash during a power failure and possibly corrupt the database. You are the only one who can complete a task, and you are on vacation, the task will not be completed until you return (or you will be on call while on vacation). To guard against a single-point failure, consider the following options:
I I I I I I I
Systems configured with a built-in backup Redundant equipment, such as dual power supplies On-hand spares Sufficient personnel On-call consultants Cross-training Outsourcing
13
Special Definitions
There are terms used in this guidebook that have very specific meanings. To prevent confusion, they are defined below:
Database server. This server contains the mySAP component and the
database. The database servers system clock is the master clock for the mySAP component.
On a two-tiered system, this server would be combined on the database server. Application servers can be dedicated to online users, batch processing or both.
System. The complete mySAP installation for a System ID (SID), for example
PRD. A system logically consists of the SAP R/3 central instance and dialog instances for the SID. This physically consists of the database server and application servers for that SID. Three-tiered SAP R/3 Configuration Layers Presentation Application Database Physical Devices Desktop PCmany Application Server - many Database server only one SAP R/3 Instance N/A Dialog Central What Runs on Each Layer SAP GUI SAP R/3 Database: SQL Server, DB2, Informix, ADABAS, Oracle
A two-tiered configuration combines the application and database layers on a single server.
14
PART T WO
16
Part Overview
Disaster planning is a necessary and critical part of system administration. Business processes happen daily at a fantastic rate, usually without problems. However, the smallest problem can cause terrific disruption to business, causing a loss of time, money, and resources. Having plans to recover from problems, regardless of their size and complexity, is a good business move. This section covers disaster recovery and backup processes. Chapter 2 covers disaster planning and recovery. We talk about why you need to plan for disasters, what to do to plan, and how to test your disaster recovery plans. Chapter 3 discusses backup and recovery. We talk about what to back up and how often.
C H A P T E R
Disaster Recovery
18
Overview
The purpose of this chapter is to help you understand what we feel is the most critical job of a system administratordisaster recovery. We included this chapter at the beginning of our guidebook for two reasons:
I
This chapter is not a disaster recovery how to. It is only designed to get you thinking and working on disaster recovery.
To emphasize the importance of disaster recovery. Disaster recovery needs to be planned as soon as possible, because it takes time to develop, test, and refine. To emphasize the importance of being prepared for a potential disaster
The earlier you begin planning, the more prepared you will be when a disaster does happen.
What Is a Disaster?
The goal of disaster recovery is to restore the system so that the company can continue doing business. A disaster is anything that results in the corruption or loss of the SAP R/3 system such as database corruption (for example, loading test data into the production system), serious hardware failure, or complete loss of the SAP R/3 system and infrastructure (for example, as a result of natural disaster or a building fire). The ultimate responsibility of a system administrator is to successfully restore SAP R/3 after a disaster. To this end, the administrator should act to prevent the system from ever reaching the situation where disaster recovery is required. Disaster recovery planning is a major project. Depending on your situation and the size and complexity of your company, disaster recovery planning could take more than a year to prepare, test, and refine. The plan could fill many volumes. This chapter helps you start thinking about and planning for disaster recovery.
19
Some questions must be asked that will help to develop your disaster recovery plan:
I I I I I I I I I I
If the SAP R/3 system fails, will business operations stop? How much lost revenue and cost will be incurred during system downtime? Which critical business functions cannot be completed? How will customers be supported? How long can the system be down before the company goes out of business? Who coordinates and manages the disaster recovery? What will the users do while SAP R/3 is down? How long will the system be down? How long will it take before the SAP R/3 system is available for use? What minimum component of the SAP R/3 system must be restored if offsite recovery is required?
If you plan properly, you will be under less stress, because you know that the system can be recovered and how long this recovery will take. If the recovery downtime is unacceptable, management should look at investing in equipment, facilities, and personnel. Another area to explore is High Availability (HA) options. HA means to keep the system or component running continuously for a relatively long period of time. This option can be expensive. There are different degrees of HA, so customers must determine which option is right for them. HA is an advanced topic beyond the scope of this guidebook. If you are interested in this topic, contact an HA vendor.
20
The individual business units must understand that as recovery time decreases, the cost for disaster recovery increases. The units should budget for it, or if the funds come from an administrative or IT budget, the units should support it.
Who is the requestor? What is the requirement? Are other departments or customers affected by this requirement? Why is the requirement necessary? When SAP R/3 is offline, what does (or does not) happen? What is the cost (or lost revenue) of an hour or a day of SAP R/3 downtime?
The justification should be a concrete objective value (such as $20,000 an hour). Define the cost (for example, on an hourly or daily basis) of having the SAP R/3 system down.
Example
No more than one hour of transaction data may be lost. The cost is 1,000 transactions per hour of lost transactions that are entered in SAP R/3 and cannot be recreated from memory. This inability to recreate lost transactions may result in lost sales and upset customers. If the lost orders are those that the customer quickly needs, this situation can be critical.
Example
The system cannot be offline for more than three hours. The cost (an average of $25,000 per hour) is the inability to book sales
Example
In the event of disaster, such as the loss of the building containing the SAP R/3 data center, the company can only tolerate a two-day downtime. At that point, permanent customer loss begins. There must be an alternate method of continuing business.
21
What criteria constitute a disaster? Have these criteria been met? Who needs to be consulted?
The person must be aware of the effect of the disaster on the companys business and the critical nature of the recovery.
The length of time that SAP R/3 is down. The longer the system is down, the longer the catch-up period required when it is brought back up. The transactions from the alternate processes that were in place during the disaster must be applied to the system to make it current. In a high-volume environment, this situation becomes more critical. A downed system is more expensive during the business day, because it causes business activity to stop. Customers who cannot be serviced or supported may be lost to competitors.
I I
The duration of acceptable downtime depends on the company and the nature of its business.
Recovery Time
Unless you test your recovery procedure, the recovery time is only an estimate. Different disaster scenarios have different recovery times, based on operational requirements. Recovery time must be matched to the business requirements. If recovery time exceeds the time set forth by business requirements, the mismatch must be communicated to the appropriate managers or executives.
22
Investing in equipment, processes, and facilities to reduce the recovery time. Changing business requirements to accept the longer recovery time and accepting the consequences.
Example
An extreme (but possible) example: A company cannot afford the cost and lost revenue for the month it would take one person to recover the system. During that time, the competition would take away customers, payment would be due to vendors, and bills would not be collected. In this situation, senior management needs to allocate resources to reduce the recovery time to an acceptable level.
To reduce interruption of the recovery staff, we recommend you maintain a status board. The status board should list key points in the recovery plan and an estimate of when the system will be recovered and available to use.
Recovery manager Manages the entire technical recovery. All recovery activities and issues should be coordinated through this person.
Communication liaison Handles communication (phone calls, email, and so on) with the users and keeps top management updated with the recovery status. One role to handle all user communication allows the group doing the technical recovery to proceed without interruption.
Technical recovery team Does the actual technical recovery. As the recovery progresses, the original plan may have to be modified. This role must manage the changes and coordinate the technical recovery.
Review and certification manager Coordinates and plans the post-recovery testing and certification with users.
A final staffing role is to plan for at least one key staff member to be unavailable. Without this person, the rest of the department must be able to perform a successful recovery. This issue may become vital during an actual disaster.
23
Onsite Offsite
Onsite
Onsite recovery is disaster recovery done at your site. The infrastructure usually remains intact. The best-case scenario is a recovery done on the original hardware. The worst-case scenario is a recovery done on a backup system.
Offsite
Offsite recovery is disaster recovery done at a disaster recovery site. In this scenario, all hardware and infrastructure are lost as a result of facility destruction such as a fire, a flood, or an earthquake. The new servers must be configured from scratch. A major consideration is that once the original facility has been rebuilt and tested, a second restore must take place to the customers original facility. While this second restore can be planned and scheduled at a convenient time to disrupt as few users as possible, the timing is just as critical as the disaster. During system recovery, the system will be down.
Disaster Scenarios
There are many possible disaster scenarios that could occur. It would take an infinite amount of time to plan for them, and you will never account for all of them. To make this task manageable, you should plan for three to five likely scenarios. In the event of disaster, you would adapt the scenario closest to the actual disaster. The disaster scenarios consist of:
I I I
Description of the disaster event High-level plan of major tasks to be performed Estimated downtime
Use the Three Common Disaster Scenarios section below as a starting point. Prepare three to five scenarios that cover a wide range of disasters that would apply to you.
24
Create a high-level plan (are made up of major tasks) for each scenario. Test the planned scenario, by creating different test disasters and determining if and how your scenarios would adapt to an actual disaster. If the test scenarios cannot be adapted, modify or develop more scenarios. Repeat the process.
A Corrupt Database
A corrupt database could result from accidentally loading test data into the production system, or a bad transport into production that results in the failure of the production system. Such a disaster requires the recovery of the SAP R/3 database and related operating system files. The sample downtime is eight hours.
A Hardware Failure
The following types of items may fail: Plan and prepare to use you test (QAS) system as a backup server if the production (PRD) server fails.
I I I
A system processor A drive controller Multiple-drives in a drive array, causing drive array failure
Replacing failed hardware Rebuilding the server (operating system and all programs) Recovering the SAP R/3 database and related files
Five days to procure replacement hardware Two days to rebuild the NT server (one person); 16 hours of actual work time
25
A complete loss of the facility can result from disasters such as fire, earthquake, flood, hurricane, and man-made disasters. Such a disaster requires: Use national vendors with several regional distribution centers and, as a backup, have an out-of-area alternate supplier.
I I I I I
Replacing the facilities Replacing the infrastructure Replacing lost hardware Rebuilding the server and SAP R/3 environment (hardware, operating system, database, and so on) Recovering the SAP R/3 database and related files
At least five days to procure hardware. In a regional disaster, this purchase could take longer if your suppliers were also affected by the disaster. Two days to rebuild the NT server (one person); 16 hours actual work time As the hardware is procured and the server is being rebuilt, an alternate facility is obtained and an emergency (minimal) network is constructed One day to integrate into the emergency network
Recovery Script
A recovery script is a document that provides step-by-step instructions about:
I I I I
The process required to recover SAP R/3 Who will complete each step The expected time for long steps Dependencies between steps
A script helps you to develop and use a proven series of steps to restore SAP R/3 and prevents missing steps. Missing a critical step may require restarting the recovery process from the beginning, which delays the recovery. If the primary recovery person is unavailable, a recovery script helps the backup person complete the recovery.
26
A checklist for each step A document with screenshots to clarify the instructions, if needed Flowcharts, if the flow of steps or activities is critical or confusing
Recovery Process
To reduce recovery time, define a process by completing as many tasks as possible in parallel and adding timetables for each step.
Major Steps
During a potential disaster, anticipate a recovery by:
I I I I I I I
Collecting facts Recalling the latest offsite tapes Recalling the crash kit (for more information, see page Crash Kit). Calling all required personnel These personnel include the internal SAP team, affected key users, infrastructure support, IT, facilities, on-call consultants, and so on Preparing functional organizations (sales, finance, and shipping) for alternate procedures for key business transactions and processes. Also prepare non-SAP systems that interface to and from the SAP system.
Stopping all additional transactions into the system Collecting transaction records that must be manually reentered
Analyzing the problem Selecting the predefined scenario plans that most closely matches the disaster Modifying the plans as needed
What are the criteria to declare a disaster, and have they been met?
27
Perform the system recovery. Test and sign off on the recovered system. Key users should perform the testing. These users will use a criteria checklist to determine that the system has been satisfactorily recovered. Catch up with transactions that may have been handled by alternate processes during the disaster. Once completed, this step should require an additional sign-off. Notify the users that the system is ready for normal operations. Conduct a post-disaster debriefing session. Use the results from this session to improve your disaster recovery planning.
I I
Crash Kit
A crash kit contains everything needed to rebuild the SAP R/3 servers, reinstall SAP R/3, and recover the SAP R/3 database and related files. This kit must contain everything required to recover your SAP R/3 environment in one or more containers. If you must evacuate the site, you will not have the time to run around, gathering the items at the last minute, hoping that you get everything you need. In a major disaster you may not even have that opportunity. A periodic review of the crash kit should be performed to determine if items must be added or changed. A service contract is a perfect example of an item that requires this type of review. The crash kit should be physically separated from the servers. If it is located in the server room, and the server room is destroyed, the kit may be lost. Some crash kit storage areas include:
I I I
When a change is made to a component (hardware or software) on the server, replace the outdated items in the crash kit with updated items that have been tested.
Commercial offsite data storage Other company sites Another secure section of the building
The person who seals the kit should take an inventory of the crash kit. If the seal is broken, items may have been removed or changed, making the kit useless in a recovery.
The following is an inventory list of some of the major items to put into the crash kit. You must add or delete items for your specific environment. This inventory list is organized into the documentation and software.
Documentation . The inventory list below must be signed and dated by the
I
person checking the crash kit. The following documentation must be included in the crash kit: Disaster recovery script
28
Test and verification script fro functional user groups Installation instructions: Operating system Database SAP R/3 system
Special installation instructions for: Drivers that must be manually installed Programs that must be installed in a specific manner
Ensure that maintenance agreements are still valid and check if the agreements expired. These should be part of a regular schedule task.
Copies of: SAP license for all instances Service agreements (with phone numbers) for all servers
I I I I
Instructions to recall tapes from offsite data storage List of personnel authorized to recall tapes from offsite data storage. This list must correspond to the list maintained by the data storage company. A parts list If the server is destroyed, this list should be in sufficient detail to purchase or lease replacement hardware. Over time, if original parts are no longer available, an alternate parts list must be prepared. At this point, you might consider upgrading the equipment. File system layout Hardware layout You must know which cards go in which slots, and which cables go where (connector-by-connector). Labeling cables and connectors greatly reduces confusion. Phone numbers for: Key users Information services personnel Facilities personnel Other infrastructure personnel Consultants (SAP, network, and so on) SAP hotline Offsite data storage Security department or personnel Service agreement contacts Hardware vendors
I I I
29
Software.
I
Operating system: Installation kit Drivers for hardware, such as a Network Interface Card (NIC) or a SCSI controller, which are not included in the installation kit Service packs, updates, and patches
Database: Installation kit Service packs, updates, and patches Recovery scripts, to automate the database recovery
For SAP R/3: New installation kit of current SAP R/3 release. Not the upgrade kit Currently installed kernel System profile files
I I
Other SAP R/3 integrated programs (for example, a tax package) Other software for the SAP R/3 installation: Utilities Backup UPS control program Hardware monitor FTP client Remote control program System monitor
30
Without an alternate process, your company s business will suffer or stop. Some of the problems you may encounter include:
I I I
Manual paper-based data recording (for example, hand-written purchase orders) Stand alone PC-based products
Your disaster recovery procedure works Something changed, was not documented, or updated Steps require clarification. Information that is clear to the person documenting the procedure may be unclear to the person reading the procedure.
31
Older hardware is no longer available Here, alternate planning is needed. You may have to upgrade your hardware to be compatible with currently available equipment. Because many factors affect recovery time, actual recovery times can only be determined by testing. Once you have actual times (not guesses or estimates), your disaster planning becomes more credible. If the procedure is practiced often, when a disaster occurs, everyone will know what to do. This way, the chaos of a disaster will be reduced.
I I I
Execute your disaster recovery plan on a backup system or at an offsite location. Generate a random disaster scenario. Execute your disaster plan to see if it handles the scenario. A full disaster recovery should be practiced at least once a year. However based on the cost the frequency is a business decision.
The disaster recovery test should be done at the same site that you expect to recover. If you have multiple recovery sites, perform a test recovery at each site. The equipment, facilities, and configuration may be different at each site. Document all specific items that must be completed for each site. You do not want to discover that you cannot recover at a site after a disaster occurs. Other options for sites to test your disaster recovery scenario include: A backup onsite server Another company site At another company where you have a mutual support agreement A company that provides disaster recovery site and services
During the disaster recovery test, someone still must support the real production system.
I
Primary and backup personnel will do the job during a real disaster recovery. A provision should be made that some of the key personnel are to be unavailable during a disaster recovery. A test procedure might involve randomly picking a name and declare that person unavailable to participate. This procedure duplicates a real situation in which a key person is seriously injured or killed. Additionally, personnel at other sites should also participate. Integrate these people into the test, because they may be needed to perform the recovery during an actual disaster. These people will fill in for unavailable personnel.
32
Other Considerations
Other Upstream or Downstream Applications
For the company to function, other upstream or downstream applications also must be recovered with SAP R/3. Some of these applications may be tightly associated with SAP R/3. The applications should be accounted for and protected in the company-wide disaster recovery planning. Applications located on only one persons desktop computer must be backed up to a safe location.
Caution
Backup Sites
The emergency backup site may not have equipment of the same performance level as your production system. Reduced performance and transaction throughout must be considered.
Caution
Having a contract with a disaster recovery site does not guarantee that the site will be available. In a regional disaster, such as an earthquake or flood, many other companies will be competing for the same commercial disaster sites. In this situation, you may not have a site to recover to, if others have booked it before you.
Example
I I
A reduced batch schedule of only critical jobs Only essential business tasks will be done while on the recovery system
33
Caution
Identify conditions where a single-point failure can occur Anticipate what will happen if this component or process fails Eliminate as many of these single points of failure as practical.
The backup SAP R/3 server is located in the same data center as the production SAP R/3 server. If the data center is destroyed, the backup server is also destroyed. All the SAP R/3 servers are on a single electrical circuit. If the circuit breaker opens, everything on that circuit loses power, and all the servers will crash.
34
Cascade Failures
A cascade failure is when one failure triggers additional failures, which increases the complexity of a problem. The recovery involves the coordinated fixing of many problems.
Example
Cascade Failure A power failure in the air conditioning system causes an environmental (air conditioning) failure in the server room. Without cooling, the temperature in the server room rises above the equipments acceptable operating temperature. The overheating causes a hardware failure in the server. The hardware failure causes a database corruption. In addition, overheating can damage many things, such as:
I I I
Fixing one problem may uncover other problems or damaged equipment. Certain items cannot be tested or fixed until other equipment is operational.
In this case, a system that monitors the air conditioning system or the temperature in the server room could alert the appropriate employees before the temperature in the server room becomes too hot.
C H A P T E R
36
Overview
Establishing an effective backup and recovery strategy is the most important aspect of a technical implementation. This process entails a full or partial restore of the database after hardware or software errors and a recovery during which the system is updated to a pre-failure status. Other situations aside from disk failures may require a restore and recovery. Your backup strategy should be as simple as possible. Unnecessary complication in backup strategy creates difficult situations during restoration and recovery. Procedures, problem identification, and handling must be well documented so all individuals clearly understand their roles and required tasks. This strategy should also not adversely impact daily business. This chapter discusses backup and restore of your system. The details of specific databases are covered in the database administration chapters.
Restore
Usually a restore is done to:
I I I
Recover after a disaster (for more information, see When Should a Disaster Recovery Procedure Begin? on page 21.) Test your disaster recovery plan (for more information, see Test your Disaster Recovery Procedure on page 30.) Copy your database to another system (for more information, see Database Copy of Production System on page 668.)
The business requirement for a quick restore is driven by the need to get the system operational quickly after a disaster, so the company can continue to do business.
Strategy
Business recovery time is the result of the time needed to, find the problem, repair the damage, and restore the database. Factors that affect the chosen restore strategy include:
I I I I I
Business cost of downtime to recover Operational schedule Global or local users Number of transactions an hour Budget
37
If the restore is not done properly and completely, it could fail and must be restarted, or be missing other files. You must record special data about your database to recover it. Work with your specialist to identify and document this data.
The actual process to restore SAP R/3 and the database is not covered in this book. This critical task has specific system dependencies, and we leave it to a specialist to teach. If a restore must be done, contact a specialist or your Basis consultant. Work with your DBA or consultant to test and document the restore process for your system. With proper training, you should be able to do the restore.
Testing Recovery
Because the restore procedure is one of the key issues of the SAP R/3 system, database recovery must be regularly tested. For more information, see chapter 2, Disaster Recovery on page 17.
Backup
Backup is like insurance. You only need a backup if you must restore your system.
Note
You may need to use different tools to backup all the files. Some tools may only be able to backup one or two of the three categories of files that must be backed up. For example, the SAP DBA Calendar DB13 for Microsoft SQL Server can backup the database and the transaction log, but not the operating system files.
Database
The database is the core of the SAP R/3 system and your data. Without the database backup, you cannot recover the system. The frequency of a full database backup determines how many days back in time you must go to begin the restore:
I
If a daily full backup is done, you will need yesterdays full backup. Only logs since yesterdays backup must be applied to bring the system current. If a weekly full backup is done, you will need last weeks full backup. All the logs for each day since the full backup must be applied to bring the system current.
A daily full backup reduces the number of logs that must be applied to bring the database current. This backup reduces the risk of not getting a current database backup because of a bad (unusable) log file. SAP recommends a daily backup of the productive database and to store the last 28 backups.
38
If a daily full backup were not done, more logs must be applied. This step lengthens the recovery process time and increases the risk of not being able to recover to the current time. A point may be reached when it may take too long to restore the logs, because of the quantity of logs to be applied. For additional safety, we recommend that you do a full monthly database backup in addition to the full daily backups. However, there must be strong reasons not to backup a productive database on daily basis (for example, the database is too big to back up over night).
Example
Weekly Backup A restore from last weeks full backup that was done four days ago. There are 10 logs per day. A total of 40 logs (10 logs per day 4 days) must be restored. It takes 120 minutes to restore the log file from tape to disk (40 log x 3 minutes per log). It takes 200 minutes to restore the log files to the database (40 logs x 5 minutes per log). The total time to do the restore, excluding database files, is 320 minutes (5.3 hours) Daily Backup A restore from last nights full backup There are a maximum of 10 logs a day. It takes 30 minutes to restore the log file from tape to disk (10 log x 3 minutes per log). It takes 50 minutes to restore the log files to the database (10 logs x 5 minutes per log). The total time to do the restore, excluding database files, is 80 minutes (1.3 hours). As you can see in this example, the weekly backup takes four times longer to recover than the daily backup. These examples show that the time it takes to do a log restore depends on the size of the logs and how many days back you must go to get to the last full backup. With large logs, such as 100MB or more every hour, this quickly becomes impractical. Increasing the frequency of the full backup (with fewer days between full backups) reduces the recovery time. Also consider maintaining two backup cycles of the logs on disk to reduce the need to restore these logs from tape.
Transaction logs are stored in a directory, which must not be allowed to become full. If the transaction log fills the available file space, the database stops, and no further processing can be done in the database and, consequently, in SAP R/3. It is important to be proactive and periodically back up the transaction logs. Refer to the chapter specific to your database for more information.
Transaction Logs
Transaction logs are critical to the database recovery. These logs contain a record of the changes made to the database, which is used to roll forward (or back) operations. It is critical to have a complete chain of valid log backups. If you must restore and one log is corrupted, you cannot restore past the corrupt log.
39
The frequency of the log backups is a business decision based on: Weekly Full Backups A log from Tuesday becomes corrupt. The system crashes two days later on Thursday. You can only recover to the last good log on Tuesday. Everything after that is lost.
I I I I I
Transaction volume Critical periods for the system Amount of data senior management is willing to lose Resources to perform the backups and take them offsite Also see the examples in the database section above.
To back up transaction logs, backup the transaction log to disk. If your transaction volume is high, decrease the time interval between log backups. This reduced time interval decreases the amount of data that could be lost in a potential data center disaster. Copy the backup of the transaction log to an offsite backup file server. Backing up your log information over a network should always be done with verification. This backup file server should ideally be in another building or in another city. A separate location increases the chance that the log files will be preserved if the primary data center (containing the SAP R/3 servers) is destroyed. Back up the transaction log backups of both servers (the SAP R/3 server and the offsite backup file server) to tape each day along with the other operating system-level files. Do not back up the logs to the tape drive in append mode, which will append multiple backups on the same tape. If a data center disaster occurs, the tape with all these logs will be lost. If you do not have an offsite backup server, back up the transaction log backups to tape after each log backup and immediately send the tape offsite.
Operating environment (for example, system and network configuration) SAP R/3 files Spool files, if stored at the operating system level (system profile: rspo/store_location = G) Change management transport files located in /usr/sap/trans
Other SAP R/3 related applications Interface or add-on products, such as those used for EDI or taxes, which store their data or configuration outside the SAP R/3 database
The amount of data is small in relation to the SAP R/3 database. Depending on how your system is used, the above list should only require several hundred megabytes to a few gigabytes of storage. In addition, some of the data may be static and may not change for months. The frequency of the operating system level backup depends on the specific application. If these application files must be kept in sync with the SAP R/3 System, they must be backed up at the same frequency as the log backup files.
40
An example of this situation is a tax program that stores its sales tax data in files external to the SAP R/3 database. These files must be in sync with the sales orders in the system. A simple and fast method to back up operating system files is to copy all data file directories to disk on a second server. From the second server, you can back up those files to tape. This process minimizes file downtime. Use the sample schedule below to determine your backup frequency:
Backup Types
Backup types is like a three-dimension matrix, where any combination can be used:
I I I I
What is backed up: full database vs. incremental of the logs How the backup taken: online vs. offline When the backup is made: scheduled vs. nonscheduled (ad-hoc) The table below shows different backup terminology used by various database system. Full Database Backup Partial Database Backup Offline/Onlin e Tablespace Backup into TSM Incremental Database backup with DB2 UDB v7.2 into TSM Incremental Database backup with DB2 UDB v7.2 into device Incremental Database Backup with DB2 UDB v7.2 with vendor library Differential Database Backup Log Backup
DB2 UDB
Full database Offline/Onlin backup into e Tablespace Device Backup into Device
Full database Offline backup with Tablespace vendor library backup with vendor library
SQL Server
41
Full Database Backup Informix Whole system backup Whole database offline + redo log backup) Whole database online + redo log backup
Partial Database Backup Incremental Database whole system backup backup Whole database offline backup Whole database online backup Partial database offline backup Partial database online backup Incremental database backup
Log Backup
Oracle
What Is Backed Up
What Is Backed Up Backup Type: Full database backup Content: Entire database Advantages The entire database is backed up at once, making the restore of the database easier and faster. Fewer logs must be applied to bring the restored database current. Disadvantages A full database backup takes longer to run than an incremental log backup. Because of the longer backup window, there is more impact on the users while the backup is running.
Backup Type: Incremental backup of the transaction logs Content: A backup of the transaction logs. A full database backup is still required on a periodic basis. The usual arrangement is a full backup on the weekend and incremental backups during the week. Advantages Disadvantages
Much faster than a full database backup. A full backup is needed as a starting point to Because of the smaller backup window, there restore the database. is less impact to the users. To restore the database takes significantly longer and is more complicated than restoring a full backup. The last full database backup must be restored, then all log backups since the full backup are restored. If days have passed between the last full backup and a system crash, many logs may need to be restored. If one log cannot be restored, all the logs after that point cannot be restored.
42
What Is Backed Up Backup Type: Differential backup Content: Depending on your database and operating system, you may have a third option. A differential backup is a backup of only what has changed since the last full backup. A full database backup is still required on a periodic basis. The usual arrangement is a full backup on the weekend and differential backups during the week. Advantages The exposure to a corrupt log backup is reduced. Each differential backup is backing up all the changes to the database since the last full backup. Disadvantages Like the incremental log backup, a full backup is needed as the starting point. The backup window for a differential is longer than a transaction log backup. It starts as being short (just after the full backup) and gets longer as more data is changed.
Note
The definition we use here for offline and online is likely different from what you think. Neither is wrong but view from different point of view, our point of view is the end user.
How the Backup is Taken Backup Type: Offline An offline backup is taken when the SAP system is not available for users. Advantages An offline backup is faster than an online backup. During the backup, there is no issue with data changing in the database. If the files are backed up at the same time, the related operating system files will be in sync with the SAP R/3 database. Disadvantages SAP is unavailable during an offline backup. If SAP is stopped, the SAP buffer is flushed. SAP does not have to be stopped to start an offline backup. If the database is stopped, the database buffer is flushed.
This process will impact performance until During offline backup you have the possibility the buffers are populated. to perform a binary verify operation. However this will double the backup time. SAP does not have to be stopped to start an offline backup. This preserves the SAP buffer. Backup Type: Online If you are using online backups, the transaction logs are critical to successfully recovering the database.
43
Note
The definition we use here for offline and online is likely different from what you think. Neither is wrong but view from different point of view, our point of view is the end user.
How the Backup is Taken An online backup is taken with the database and SAP R/3 running. Advantages SAP R/3 is available to users during a backup. This is needed where the system is running and used 24 hours a day and seven days a week. The buffers are not flushed. Because buffers are not flushed, once the backup is complete, there is no impact on performance after the backup. Disadvantages An online backup is slower than an offline backup (a longer backup time). Backup time is increased because processes such as SAP R/3 are running and competing for system resources. There is additional overhead to record information about the updates being made while the data is being backed up. Online performance is degraded while the backup is running. Data may change in the database while it is being backed up. Therefore, the transaction logs become critical to a successful recovery. Related operating system level files may be out of sync with the SAP R/3 database.
Scheduled. Scheduled backups are those that are run on a regular schedule, such as daily or weekly. For normal operations, configure a scheduled backup. Automated backups should use the DBA Planning Calendar (transaction DB13). This calendar provides the ability to set up and review backup cycles. It also has the ability to process essential database checks and update statistics. You can also set up CCMS to process the backup of transaction logs.
Depending on the operating platform, backups and other processes configured here can be viewed in the Batch Processing Monitors (transaction SM37). In general, the status of the backups can be viewed using Backup Logs overview (transaction DB12).
44
Regardless of the chosen backup method, you should achieve the following goals:
I I I I
Provide a reliable backup that can be restored. Keep the backup strategy simple. Reduce the number of dependencies required for operation. Provide the above items with little or no impact to business units.
Determine the recovery requirements based on an acceptable outage. It is difficult to define the concept of acceptable outage, because acceptable is subjective and will vary from company to company. The cost of what is an outage includes productivity loss, time, money, and so on spent on recovery. This cost should be evaluated in a manner similar to insurance. (The more coverage you want, the more the insurance will cost.) Therefore, the faster the recovery time requirements, the more expensive the solution.
Determine what hardware, software and process combinations can deliver the desired solution. Review the section on performance to decide which method is best. Follow the Keep It Simple rule, but more importantly, make sure your method is reliable.
Test your backup procedures by implementing the hardware and reviewing the actual run times and test results. Ensure that you get results from all types of backup that could be used in your environment, not just the ones you think might be used. This information will aid further evaluation and capacity planning decisions and provide useful comparison information as needed.
I I
Test your recovery procedures by creating various failure situations. Document all aspects of the recovery including the process, who should perform various tasks, who should be notified, and so on. Remember that a recovery will be needed when you least expect it. Testing should occur regularly, with additional tests as hardware or software components change.
45
Supplementary Backups
Supplementary backups are made on special days (month-end, year-end), so that you can restore the database to a previous state.
General Procedures
Backup
The unattended backup is performed based on the backup frequency table. The scheduling functionality of the SAP R/3 CCMS is used to schedule the backup. In CCMS, the required tapes can be listed by choosing the Volumes Needed button on the backup scheduling screen. Extra backups, such as the monthly and yearly backup, should be performed offline.
Verifying Backups
File verification must be done after all files have been backed up. If it were done after each file, it would not detect that the previous file was erased. Backups must be verified following a regular schedule. To do this verify you must perform a restore of the system and test that the restore is good. Unless the backup is verified, you will not know that you have properly backed up everything onto tape.
Example
A backup of several files was done, but the append switch was not properly set for second and later files. Consequently, rather than appending the files one after the other, for each file, the tape was rewound and then backed up. The end result was that only the last backed up file was on the tape.
Database Integrity
An integrity check of the database must be performed in one retention period to ensure that no corrupted blocks exist in the database. These blocks may go unrecognized during backup (see the chapter appropriate to your database for more information).
46
To avoid backing up a hidden, inconsistent database, the database must be checked at least once during a retention period. System DEV QAS PRD Frequency of DB Checks Every 2 weeks Every 2 weeks Every week
Design Recommendations
Database
Assuming the size of your database and backup window permits it, we recommend a full database backup be taken every day. For databases that are too large for daily full database backup, a full backup should be taken weekly.
Transaction Logs
Backing up the transaction logs is critical. If the file space is used up, the database will stop, which stops SAP R/3. Between 6:00 a.m. and 9:00 p.m., we recommend that you back up these logs at least every three hours. This time increment defines the maximum amount of data you are willing to loose. A company with high transaction volume carries higher risk and would increase the frequency accordingly, perhaps to every hour. Similarly, if you have a Shipping department that opens at 3:00 a.m. and a Finance department that closes at 10:00 p.m., you must extend the start and end times.
47
A Strategy Checklist
A proper procedure must be set for backing up valuable system information. Procedures should be defined as early as possible to prevent possible data loss. Resolve the following list of backup issues before you go live:
I I I I I I I I I I I I I
Decide how often to perform complete database backups Decide whether partial or differential backups are necessary Decide when to perform transaction log backups Have the ability to save a days worth of logs on the server Provide ample disk space for the transaction log directory Consider using DBA Planning Calendar (DB13) to schedule transaction log backups Set the appropriate SAP R/3, operating system, and database authorizations Create a volume labeling scheme to ensure smooth operations Decide on a backup retention period Determine tape pool size (tapes needed per day retention + 20 percent) Allow for growth and special needs. Initialize tapes Determine physical tape storage strategy Decide whether to use unattended operations If using unattended operations, decide where (in CCMS or elsewhere).
I I I I I
Document backup procedures in operations manual Train operators in backup procedures Implement a backup strategy Perform a test restore and recovery Define an emergency plan and determine who to contact in case of an emergency
48
System Environment In the three-system landscape, CCMS backs up and restores the software components. (In the three-system landscape example used in this guidebook, DEV is a development system, QAS is a quality assurance system, and PRD is a production system.)
Hardware Components The hardware listed in the table below is to backup and restore the database and transaction logs:
Backup Hardware 1 x DLT 7000 35/70 GB, 1 DDS-3 12/24 1 x DLT 7000 35/70 GB, 1 DDS-3 12/24 2 x DLT 7000 35/70 GB, 2 DDS-3 12/24
Tape Management
Check with your tape vendor to determine maximum tape life. This is normally in cycles. Note that a backup with verify is two cycles; one for the backup and a second for the verify. Tapes should be destroyed after reaching their manufacture rated life span to prevent accidental reuse.
49
Labeling
Tapes should be clearly labeled using one of many labeling methods. Three simple methods are described in the examples below. Two of these methods are used by SAP R/3 and are important if you use DB13 to schedule your backups. Third-party backup management software may assign its own tracking number for the labels. In this case, you must use the label specified by the software.
Example
This five-character naming convention is used by DB13 on Microsoft SQL Server 7.0. (See SAP Note 141118). Microsoft SQL server 6.5 used a different naming convention. Each label has the following data:
I
What is backed up: R = SAP R/3 database or transaction log M = msdb database S = master database C = combination
I I
Parallel or Sequential backup (P or S) Sample Label: CD06S C (Combination) + D (database) + 06 (6th day of the month) + S (sequential)
50
Example
This six-character naming convention is used by SAPDBA and BRBACKUP (Oracle). Each label has the following data:
I I
Sequence number of the tape (This number is a sequential tape number, starting from 1 and is unrelated to the date.) Sample Label: PRDB25 PRD (Production db) + B (Brbackup/Database) + 25 (tape number 25)
Example
This method is more visual, where the length of the label name is less of a limitation. Each label has the following data:
I I
System ID <SID> What is backed up: db = database tl = transaction log os = operating system files
I I
Multiple tape indicator for a single day (can be omitted if only one tape is used) Sample Label: PRD-db-06-a PRD (Production database) + db (database) + 06 (6th day of the month) + a (tape a, the first tape) If DB13 is not used, for all of above naming conventions, additional codes can be used to indicate additional types of files that are backed up. However, in case of BRBACKUP, the label is limited to 8 characters. In addition to the naming schemes, use a different color label for each system. A color scheme is one more indicator to help identify the tape and reduce confusion. An example of a color scheme is:
I I I
51
Tracking
Tapes should be logged to track where they are stored, so you can locate them when you need them. In addition to tracking and documenting tapes when tape locations change, tapes should be tracked and documented when they are:
I I I I
Used Sent to offsite storage Returned from offsite storage Moved to a new location
To help you track and retrieve the offsite backup, log the:
I I I I
Date of backup Database Tape number Tape storage companys number Some storage companies label the cartridges with their own tracking label, so that they can track them internally to their system and facility.
I I I
The table below is an example: Date Volume Label Purpose Database Operating Sys Notes Storage Company Label Out X7563 X7564 Back
Handling
When you transport tape cartridges, carry them in a protected box to minimize damage and potential data loss due to mishandling. The box should have foam cutouts for each tape cartridge you use. We recommend that you use two boxes. One box should collect the tapes to be sent offsite, and a second box should contain the new backup tapes. The second box should be empty when you finish changing tapes. To change tapes:
I I
For a small company, an ideal tape collection device is a small or medium-sized plastic toolbox with a foam insert that has cutouts for each tape cartridge. Plastic is used because it is nonmagnetic.
Remove the tape cartridge from the tape drive. Insert it in the collection box.
52
Keep track which tape cartridges have been used, are to be sent offsite, and are to be loaded in the drives. It is easy to accidentally put the wrong tape cartridge in a drive and destroy the recent backup or cause the next backup to fail.
After all tapes have been removed, insert the new tapes in the drive in the same manner. If you are using preinitialized tapes, you must use the correct tape for that day, or the backup program will reject the tape. The backup program reads the tape header for the initialization information (which includes the tape label name) and compares it to the next label in the sequence. When you initialize a tape, some programs write an expiration date on the tape. That same program cannot overwrite the tape before the expiration date. However, it might be overwritten by another program that ignores the tape header. When changing tapes, to avoid confusion:
I
Tips & Tricks
Handle one tape cartridge at a time Follow the same procedure each time
Retention Requirements
There are legal requirements that determine data retention. Check with your companys legal department for compliance with federal, state, and local data retention requirements. Compliance with these requirements should be discussed with your legal and finance departments, external auditors, and consultants. The retention requirement should then be documented. The practical side of data retention is that you may be unable to realistically restore an old backup. If the operating system, database, and the SAP R/3 system have each been upgraded twice since the backup, it is unlikely that the backup can be restored without excessive costif at all. Retention is related to your backup cycle. It is important to have several generations of full backups and all their logs because:
I I
If the database is corrupted, you must return to the last full backup before the database corruption. If the last full backup is corrupted, you must return to the previous full backup before the corruption or disaster and roll forward using the backup of the logs from that backup until the corruption. How far back you go depends on the level of corruption.
Because SAP R/3 is an online real-time system, to recover the database from a full database backup, you must apply all the logs since that backup. If this is a significant amount of time, the number of logs could be tremendous. Therefore, the number of logs you must apply is a practical constraint to how far back you can recover.
53
Recommendations
System administrators cannot determine tape retention periods on their own. To determine the retention period, administrators must consult the departments that are impacted, such as accounting and legal. There is room for some negotiation, but the administrator must comply with the final decision. As a policy, this decision must be written down. SAPs standard retention period is 28 days.
I I I
If a full database backup is taken each day, we recommend that you keep at least two weeks of backups and all the logs for these weeks. If a full database backup is taken weekly, you should go back at least three generations. Store selected backup sets (month-end, quarter-end, year-end, and so on) for extended periods, as defined by your legal department and auditors.
Storage
Offsite
The offsite storage site is a separate facility (building or campus) from the SAP R/3 data center. Offsite storage safeguards the backups if your facility is destroyed. The magnitude of the disaster will determine what is considered adequate protection:
I I I
Sending tapes to a separate location in the building or another building in the campus will be sufficient. If the disaster is confined to the building where the data center is located. If the disaster is local or regional (for example, a flood or earthquake) adequate protection means sending tapes to a distant location several hundred miles away.
Once the backup is complete, send the tapes offsite immediately. If there is a data center disaster and the backup tapes are destroyed, you can only recover to the last full backup that you have offsite. For log backups, it is critical to send the tapes offsite immediately. If not, everything since this backup is lost.
Offsite data storage can be at a separate company facility or a commercial data storage company. The offsite data storage facility or vendor should have a certified data storage site. Data tapes have different handling and storage requirements than paper.
54
Onsite
Onsite storage means storing your data in the same facility as your data center. Tape cartridges should be properly stored, following the tape manufacturers storage requirements. When storing tape cartridges, keep all related tape cartridges together. All tapes used in a daily backup should be considered as a set, comprising backups for:
I I I
Database Logs Operating system files The most difficult requirement to comply with is magnetic fields. The problem is determining if there is a strong magnetic field near the tape storage location. A vacuum cleaner motor or a large electric motor on the opposite side of the wall from where the data tapes are stored can generate a magnetic field strong enough to damage tapes.
Caution
Tapes and files in a set must be restored as a set. For example, if operating system files are not restored with database and log files, the operating system files will not be in sync with the database and critical information will be missing.
Performance
The most important performance target is the time required to restore the database. This determines how long the SAP R/3 system will be down and not available for use. With SAP R/3 down, certain company operations may not occur. Backup performance is important, especially if the system is global or used 24 hours a day. When doing a backup, it is important to minimize the impact on users. The key is to reduce backup time, which in turn reduces the impact on the users. To increase performance:
I I I
Identify the bottleneck or device that is limiting the throughput. Eliminate the bottleneck. Repeat both steps until the performance is adequate or the additional cost is no longer justified.
This iterative process is subject to cost considerations. Additional performance can always be purchased, which is almost always a business cost justification exercise.
55
Backup
All of the following backup performance items also apply to restoring the database. Three major variables affect performance:
I
Database size The larger the database, the longer it will take to back up.
Note
Beware of the local time in other geographical locations of your company. For example, 1 am PST is 10 am CET.
Backup window The backup window is the time allocated for you to take the regular system backups. This window is driven by the need to minimize impact on the users. An online backup The backup window for this backup type is defined as during nonpeak periods of activity on the system and is usually done early in the morning. An offline backup The backup window for this backup type is defined by when and for how long SAP R/3 can be brought down and is usually done during the weekend.
Hardware throughput This variable limits how fast the backup can run and is defined by the slowest link in the backup chain such as: Database drive array I/O channel that is used Tape drive
Backup Options
Our backup options assume that the backup device is local to the database server. A backup performed over a network will be affected by network topology, overhead, and traffic. Rarely is the full capacity of the network available. If a backup is done over the network, it will decrease network performance for other users. Although performing a backup over a network is technically possible, it is beyond the scope of this guidebook. However, thirdparty products exist that do backup across the network.
56
The table below contains capacity and throughput values to help you plan tape drive selection: Type DAT (DDS-3) DLT 4000 DLT 7000 DLT 8000 Super DLT Capacity (GB) (native/compressed) 12 / 20.4 20 / 34 35 / 60 40/68 110/220 Rate (GB/hr.) (native/compressed) 3.6 / 6.1 5.4 / 9.2 18 / 30.6 21.6/36.7 39.6/79.2
The compressed capacity values in this table assume the use of hardware compression and use a more conservative 1.7x ratio, as opposed to the typical 2x compression ratio. The actual compression ratio and rate depends on the nature of the file and how much it can be compressed. A 20 GB database with only 9 GB of data will only require 9 GB of tape space. The tape space requirement increases as the volume of data in the database increases. However, if you are backing up at the operating system level, the entire file is being backed up. Therefore, you must provide tape space for the entire 20 GB database. As technology advances, and the capacity and throughput of tape drives increases, these values will become obsolete. We recommend that you investigate what is currently available at the time of your purchase. Advantages:
I
Not all databases and backup tools support tape changers or libraries; make certain that these tools are compatible before purchasing them. For example, SAPDBA supports tape changers, but Microsoft SQL Server Enterprise Manager and NT Backup do not.
Faster and larger capacity tape drives allow you to back up an entire database on a single tape cartridge in a reasonable period of time (for example, a two-hour backup of a 60 GB database to a DLT7000).
Disadvantages:
I I
A backup to a single tape drive is the slowest option. Unless an automated changer or library is used, without manually changing the cartridge, you are limited to the maximum capacity of the tape cartridge.
Parallel Backup
Backing up to multiple tape drives uses a RAID-0 (stripe) array, in which several tape drives are written to in parallel. In certain environments, like Oracle, individual tablespaces or files are simultaneously backed up to separate tape drives. Because you are writing to multiple tape drives in parallel, total performance is significantly faster than if you were using a single tape drive.
57
To restore a parallel backup, all the tapes in the set must be readable. If one tape is bad, the entire backup set will not be usable. The more tapes you have in a set, the greater the chance that one tape will be bad.
With a sufficient number of tape drives in parallel, the bottleneck can be shifted from the tape drives to another component. You must consider the performance of each subsystem when using tape drives in parallel. This subsystem includes the tape drives, controllers, CPU, and I/O bus. In many configurations, a controller or bus is the limiting factor.
Recovery
The performance requirement for a recovery is more critical than for backup. Recovery performance determines how quickly the system will be available for use and how soon business can continue. The goal is to restore the database and related files to make the system quickly available for general use. The longer this restore takes, the greater the impact on your business.
Restore Options
To increase database restore performance, all of the above database backup options are valid. You can also restore to a faster disk array with a higher data-write throughput. You can perform a restore to a faster disk array by using:
I
Dedicated drives In conjunction with parallel backups, restoring files and tablespaces to individually dedicated disk drives speeds up the process. At any one time, only one tablespace or file is written to the drive, avoiding head contention writing another tablespace to the same drive.
58
RAID type Mirrored stripe (RAID 0+1) is faster than RAID5, but this speed depends on the specific hardware. In most cases, the task of computing the parity data for the parity drive (RAID5) takes more time than it would to write all the data twice (RAID 0+1). This option is expensive because the usable capacity is 50 percent of the total raw capacitysignificantly less than RAID5: RAID 0+1 = [single_drive_capacity (number_of_drives/2)] RAID5 = [single_drive_capacity (number of drives 1)]
I I
Drives with faster write performance Drive array system with faster write performance
59
SAPNet R/3 Frontend Note # 34432 31073 21568 16513 15465 04754 03807 02425 01042
Description ORA-00020: max number of processes exceeded SAPDBA - new command lines -next, analyze SAPDBA: Warning: only one member of online redo File system is fullwhat do I do? SAPDBA - shrinking a tablespace Buffer synchronization in centralized systems Tablespace PSAPROLL, rollback segments too small Function of tablespaces/DBspaces on the database ORACLE TWO_TASK connect failed
60
PART THREE
Tasks Overview
62
Part Overview
As a system administrator, you have tasks that you must perform to ensure the continued functioning of your system. This section covers scheduled tasks that must be done on a regular basis, as well as adhoc tasks that are done as necessary. Chapter 4 covers regularly-scheduled tasks that occur on a daily, weekly, monthly, quarterly and annual basis. Chapter 5 covers tasks that require more than one employee to complete. Chapter 6 talks about general system administration. Tools and methods to monitor your SAP system are discussed here.
C H A P T E R
Scheduled Tasks
64
Overview
We have provided sample checklists that you may use and modify depending upon your specific needs. The checklists provided for your convenience include:
I I I I I I
Critical tasks SAP R/3 system Database Operating system Other Notes
Please note that just because tasks are listed weekly does not mean you cannot do it daily. The schedule of a task is dependent on the individual installation.
65
Daily
Critical Tasks
System: __________ Date: ____/____/____ Admin: _____________________ Tasks Check that the SAP R/3 system is up Check that daily backups executed without errors. DB12 Backup Logs: Overview 9-12 Transaction Chapter Procedure Log onto the SAP R/3 system Check database backup. Database backup run time. Check operating system level backup Operating system backup run time Check off/Initial
66
Chapter 6
Procedure Set date to one year ago Enter * in the user ID Set to all updates Check for lines with Err.
Check off/Initial
Set date and time to before the last log review. Check for: Errors Warnings Security messages Abends Database problems Any other different event
Enter an asterisk (*) in User ID. Verify that all critical jobs were successful.
Enter an asterisk (*) for the user ID. Check for entries for prior days.
Review for an unknown or different user ID and terminal. This task should be done several times a day.
67
Transaction
Chapter
Procedure Look for spool jobs that have been in process for over an hour. Check for: New jobs Incorrect jobs
Check off/Initial
15
Look for an excessive number of dumps. Look for dumps of an unusual nature.
18
18
Database
Task Transaction Chapter Procedure Check off/Initial
Review error log AL02 for problems. Database (DB) alert ST04 DB Performance Analysis Check tables/space usage DB12 10
9-12
68
Operating System
Task Review system logs for problems Transaction OS06 OS Monitor Chapter 14 Procedure Review operating system logs Check off/Initial
Other
Task Check the uninterruptible power supply (UPS) Transaction UPS program log Chapter 14 Procedure Review for:
I I I
Check off/Initial
Notes
Problems Action Resolution
69
Check off/Initial
Errors Warnings Security messages Abends Database problems Any other different event
70
Transaction
Chapter
Procedure Enter * in User ID Verify that all critical jobs were successful. Review any cancelled jobs.
Check off/Initial
RZ01 Graphical job monitor Check users on system SM04 Users AL08 Users
15
Same as for SM37 Review for an unknown or different user ID and terminal. This task should be done several times a day.
Critical Tasks
Some critical tasks should be completed every morning. These tasks help you determine if the SAP R/3 system is running properly, and if backups executed and completed successfully. If these tasks determine that SAP R/3 is not running properly, or backups did not execute or complete, the situation must be resolved quickly to prevent downtime or data loss.
71
Data files for third-party applications that do not store their data in the system Examples of such files are external tax files. Transport files Inbound and outbound interface files Externally stored print files
Any failed backup must be immediately investigated and resolved. Do not maintain a we will just run the backup again tonight and see if it works attitude. If that backup fails, you have another day without a backup.
Problems with the backups must be quickly resolved. If a database failure occurs that requires a restore, and the last backup failed, you will have to recover using the last successful backup. If you do not have a usable backup, you must use an older backup, and apply transaction logs, which will increase the time required to restore the database and bring it current. Once the problem has been fixed, execute an online backup if it does not significantly impact performance or if policy requires such a backup. At the operating system level, some of these files may need to be in sync with the SAP R/3 database. Restoring the SAP R/3 system without these files results in an unusable restore (for example, external tax files that must be in sync with the system data or the tax systems reports will not match the SAP R/3 reports). These critical tasks must be done first thing in the morning. If there is an operations shift that runs between 10:00 p.m. and 7:00 a.m., the backup check should be done once the backup job is complete. In chapters 4 through 8, we have included a list of transactions like the ones below. This list contains basic information about selected transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist. Transaction Name User Transaction Code AL08/SM04 Description Reason for Use
Displays all users Lets administrators currently logged onto detect erroneous or the system, with user multiple logons ID and terminal name View system logs Lets administrators detect possible OS and hardware problems (such as a failing hard drive) Determine if critical jobs have failed to execute. Other tasks may depend on completion of these jobs.
OS Monitor We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter defines an automatic logout of the user if there is no activity for the set number of minutes.
OS06
SM37/RZ01
72
Description Monitor servers (DEV, QA, Testing, PRD, and so on) in your landscape from one central program Displays a list of locked transactions. Locks prevent other users from changing the record on which you are working.
Reason for Use Alerts are signs of potentially serious problems in need of immediate resolution. Allows the administrator to clear old and unreleased locks
SM12
Update Records
SM13
Allows the administrator to display, process, test, reset, delete and get statistics on updates Analyze system logs
In the event that an update is not processed, the administrator can manage the processing manually. Helps an administrator detect SAP R/3 system problems early Alerts you to new or incorrect batch sessions Allows users to monitor work processes and see if any have failed or are taking too long
System Log
SM21
Batch Input
SM35
Manage batch input sessions View status of work processes (SM50 used for systems without application servers) (SM51 central transaction that starts SM50 for each application server) SAP R/3 system output manager Displays SAP R/3 buffer performance statistics. Assists in tuning SAP R/3 buffer parameters, as well as SAP R/3 database and operating system parameters
Work Processes
SM50/SM51
Spool
SP01
Helps to resolve time-critical print job problems Resolves performance issues relating to significant buffer swapping. Look for red entries in Swaps, and monitor over time to determine any trends.
Tune Summary
ST02
73
Transaction Name
Transaction Code
Reason for Use Understanding the system while it is running well can help you determine changes that may need to be made during problem times. Monitors database growth, capacity, input/output statistics and alerts. Also provides additional information using drilldown, and allows database monitoring without logging into it. Assists in determining why a report or transaction terminated
ST04
ST22
74
Weekly
The SAP R/3 System
System: __________ Date: ____/____/____ Admin: _____________________ Tasks Check database for free space Transaction DB02 DB Performance: Database Allocation DB02 DB Performance: Database Allocation. SP01 - Spool Chapter 9-12 Procedure Record free space Check off/Initial
Monitor and estimate future database growth Check spool for problems and that spool is properly cleared
9-12
13
16
13 7
Database
Task DBCC Transaction Chapter 13 Procedure Check output from DBCC job for errors (SQL Server) Check for successful completion of update stats job Check off/Initial
10
75
Operating System
Task Check file system for adequate space Transaction RZ20 CCMS Alert Files system Chapter 10 Procedure Review space usage and that sufficient free space exists in the file systems Check off/Initial
Other
Task Check system monitoring systems for update Check system monitor alert mechanisms Transaction System monitor Chapter 15 Procedure Review for any events that should be added or deleted Test e-mail Test paging 15 Clean using cleaning cartridge Check off/Initial
System monitor
15
Notes
Problem Action Resolution
In chapters 4 through 8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist.
76
Reason for Use Monitor database space history and perform database analysis Alerts are signs of potentially serious problems in need of immediate resolution. Helps to resolve time-critical print job problems Relationships between object and data in the TemSE can be destroyed as a result of restoring from backups, copying database, copying clients improperly, or deleting client without first deleting their objects) Assists in moving objects and configuration between systems or clients in the production pipeline
RZ20
Monitor servers (DEV, QA, Testing, PRD, and so on) in your landscape from one central program SAP R/3 system output manager Compares data in TemSe (TST01) objects and TemSe (TST03) data tables
Spool
SP01
SP12
TMS System
STMS
77
Monthly
The SAP R/3 System
System: __________
Date: ____/____/____ Admin: _____________________ Task Defragment the memory Transaction Chapter Procedure Cycle the SAP R/3 system Check off/Initial
Database
Task Plot database growth Transaction DB02DB Performance: Tables Chapter 9-12 Procedure Record usage and plot Check off/Initial
Operating System
Task Backup file server Review file system usage Transaction Chapter 14 Procedure Perform full server backup Record file system usage Plot usage Is additional storage space needed? Is house cleaning needed? Check off/Initial
78
Other
Task Check consumable supplies Transaction Chapter Procedure 15 Spare tape cleaning cartridge available for all tape drives (such as DLT, DAT) Spare tape cartridges available for all drive types Spare data cartridges available for removable media devices (such as ZIP, CD-R, and so on) Preprinted forms (such as shipping documents, invoices, and checks) Special supplies, such as magnetic toner cartridge Normal supplies (such as laser printer toner, printer paper, batteries, diskettes, pens, and so on) Check off/Initial
Notes
Problem Action Resolution
In chapters 4 through 8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist. Transaction Name Database Performance Transaction Code DB02 Description Examine database allocation Reason for Use Monitor database space history and perform database analysis
79
Quarterly
The SAP R/3 System
System: __________
Date: ____/____/____ Admin: _____________________ Task Archive quarterly backup Transaction Chapter Procedure Send quarter-end backup tapes to long-term offsite storage SU01User Maintenance 7 Review user ID for terminated users that should be locked or deleted Review list of prohibited passwords (Table USR40) Review system profile parameters for password standards Review all scheduled jobs to determine if they are still appropriate Check off/Initial
Security review
SM31Table Maintenance
16
15
80
Database
Task Archive quarterly backup Transaction Chapter 3 Procedure Send quarterend backup tape to long-term offsite storage. Review all scheduled jobs to determine if they are still appropriate. Restore database to a test server. Test the restored database. Check off/Initial
SM37
15
2&3
Operating System
Task Archive quarterly backup Transaction Chapter 3 Procedure Send quarterend backup tape to long-term offsite storage. Archive the old transport files. Maintain init<SID>.dba Check off/Initial
Other
Task Check maintenance contacts Transaction Chapter Procedure Check for expiration date Check for usage changes Check off/Initial
81
Notes
Problem Action Resolution
In chapters 4 through 8, we have included a list of transactions like the ones below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist. Transaction Name Edit System Profile Parameters Transaction Code RZ10 What Allows the administrator to change security parameters, such as password length, password change period, user lockout, and so on Select and monitor background batch jobs Why Properly assigned parameters make it more difficult to break into the system.
SM37
Determine if critical jobs have failed to execute. Other tasks may depend on completion of these jobs. Administrators can lock and unlock users, preventing or allowing access to the SAP R/3 system as needed.
User Maintenance
SU01
82
Annual
The SAP R/3 System
System: __________ Date: ____/____/____ Admin: _____________________ Task Archive yearend backup Transaction Chapter 3 Procedure Send year-end backup tapes to long-term offsite storage Review users security authorization forms against assigned profiles. Can also be done with report RSUSR100 Audit profiles and authorizations SU02 Security 7 Profile Maintenance SU03 Security Authorization Maintenance Review segregation of duties Audit user IDs SAP* and DDIC 7 Can also run with report RSUSR101 Can also run with report RSUSR102 Check off/Initial
83
Transaction
Chapter
Procedure Run user audit reports. RSUSR003, RSUSR005, RSUSR006, RSUSR007, RSUSR008, RSUSR009, RSUSR100, RSUSR101, RSUSR102 Verify that system is set to Not modifiable Check changeable status for applicable client Check against your list of locked transactions
Check off/Initial
Database
Task Archive yearend backup Transaction Chapter 3 Procedure Send year-end backup tapes to long-term offsite storage Check off/Initial
Operating System
Task Archive yearend backup Transaction Chapter 3 Procedure Send year-end backup tapes to long-term offsite storage Column Title
84
Other
Task Perform disaster recovery. Transaction Chapter 2&3 Procedure Restore entire system to disaster recovery test system Test business resumption Check off/Initial
Notes
Problem Action Resolution
85
In chapters 4 through 8, we have included a list of transactions like the one below. This list contains basic information about the transactions in the checklist. For additional information on these transactions, see the chapter referenced in each checklist. Transaction Name Transaction Code SA38/SE38 SU01 SU02 SU03 Description All users who have left the company should have their SAP R/3 access terminated immediately. By locking or deleting these user IDs, you limit access to only those users who should have access to SAP R/3. Periodic review assures the task of locking or deleting has been completed. Allows the administrator to test and apply changes properly Reason for Use Proper audit control requires that a user who no longer has a valid business need to access SAP R/3 should not be allowed to keep that access. Deleting or locking these user IDs also prevents anyone who had been using the terminated user ID from accessing the system under that ID. Objects should not be modifiable in the quality assurance or production systems. This rule is to protect the production system from object and configuration changes being made, without first being tested. By setting the production system to Not modifiable, the integrity of the pipeline is preserved. Prevents users from damaging the system by running certain transactions
Note
Switches prevent changes from being made in the system. In the production system, these should be set to Not modifiable, to ensure that changes are made using the development pipeline. In the development pipeline, changes are:
I I I
Created in the development system Tested in the development system Transported from the development system to the test system Tested in the test system
SE03/SCC4
I I
Transported from the test system to the production system Using this procedure, changes are properly tested and applied to the systems in the pipeline.
SM01
86
I I
Adversely impact performance If a user accidentally accesses these transactions, they could corrupt or destroy the SAP R/3 system. Access to dangerous transactions is more critical in the production system than the development or test systems. This is because of live data and the fact that the companys operations are dependent on the SAP R/3 system. Certain transactions should be locked in the production system, but not in the development, test, or training systems. Standard security normally prevents access to these transactions. However, some administrators, programmers, consultants, and functional key users could have access to the transactions depending on the system they are on. In these cases, the transaction lock provides a second line of defense. The SAP R/3 system has over 48,000 English transaction codes. To make it manageable, only the critical ones must be locked. Your functional consultants should supply you with any additional critical transactions in their modules.
C H A P T E R
Multi-Role Tasks
88
1. Start the operating system (if required). 2. Check the operating system logs to verify a good start. 3. Start any application servers. 4. Start the database. 5. Check the database logs to verify a good start. 6. Start SAP R/3 on the central instance. 7. NT/SQL: Use the SAP Management Console. 8. UNIX: At the command prompt, enter startsap r3. 9. Check the R/3 System log (SM21) to verify a good start. 10. Problems at this point may require you to reset the system. 11. Start SAP R/3 on the application instances. 12. Check the R/3 System log. When you start the SAP R/3 system, wait for 60 seconds. This step makes it easier to read the system log. For example, the last stop entry is 19:26:xx and the first start entry is 19:27:xx, where time is reported as hh:mm:ss.
This step is optional because starting the SAP R/3 system also starts the database. However, manually starting the database allows you to review the database log before starting the SAP R/3 system. NT/SQL: If not automatically started, use the SQL Server Service Manager to start the database. NT/Oracle: If not automatically started, use SAPDBA to start the database. UNIX: At the command prompt, enter startsap db.
Start SAP R/3 with Microsoft SQL Server or Oracle on a Windows NT system
1.
89
3.
Tools such as QuickSlice and Perfmon allow you to monitor the activity of the server and know when you can log on to the system.
To start the central instance on the database server, right-click on the database server (for example, pa102058), and choose Start.
4.
When the status indicators for the database server turn green, the database instance has started and SAP R/3 has completed the start process. Wait a few minutes because startup activity is still occurring on the server.
The steps below are applicable only if you have an application server:
Task
1.
90
2. Select the nodes (+) to drill down to the application server (for example,
pal01003). Right-click on the server name and choose Start.
3.
The status indicators for the application server change color to green, indicating that the database instance has started and that SAP R/3 has completed the start process. Wait a few minutes because startup activity is still occurring on the server.
91
Hardware/Software maintenance (planned) Full server backup (planned) When you stop SAP R/3, coordinate and plan this stoppage with all users or their representatives. Stopping a system at your convenience is unprofessional and usually causes considerable operational issues with users who need (and expect) the system to be up and running.
The following tasks must be completed well before the SAP R/3 system is stopped: Coordinate the shutdown with all affected parties, such as Finance, Shipping, Sales, and so on. Reschedule/cancel jobs that would be running or starting during the scheduled shutdown (SM37). Create a system message announcing the planned shutdown (SM02). Send email notification to affected user The following tasks must be completed before the SAP R/3 system is stopped: Check that there are no active users on the system (SM04 and AL08). Check that there are no active background jobs running (SM37). Check for active processes (SM50 and SM51). Check for active external interfaces. To stop the SAP R/3 system: Stop the application server instance(s). Stop the central instance. Stop the database (optional).
92
If you are the cause of the emergency, be prepared to take the consequences. An example of an emergency is not monitoring the file system, having it fill up, which results in stopping SAP R/3.
Before stopping the system, there are several checks that must be made. The purpose is to determine that there is no activity on the system when the system is stopped. Certain activities (such as a large posting job), if interrupted, could have some transactions posted and some not yet posted. Recovery could then become an issue. Reschedule or cancel jobs that will be running or starting during the scheduled shutdown.
I I
Check SM37 for these jobs and cancel or reschedule them to run after the shutdown. Watch for repeating jobs, such as daily or weekly jobs. These jobs are not created until the job for the prior period (such as day or week) has run. In other words, a daily job does not exist several days in advance.
Create a system message announcing the planned shutdown. Emergency or priority shutdowns (for example, file system full, log full, equipment failure, and so on) are a different matter. In these instances, you must shutdown immediately and users must accommodate you. There may be littleif any negotiating.
1. 2.
In the Command field, enter transaction SM02 and choose Enter (or from the navigation menu, choose Tools Administration Administration SM02-System messages). On the System Messages screen, choose
Create.
93
3.
a. b.
When referencing the time for the shutdown, always enter the specific time, time zone, and date (for example, 0230 PDST-MonJun 8,1998). Entering vague information, such as in 15 minutes creates possible confusion as to when and where an event has been scheduled.
In System message text, enter your message. If you are only shutting down one server, you may also enter text in the Server field. To enter this text, choose and select the server on which the message should appear. In Expiry on, enter the messages expiration date and time. Choose
c. d.
4.
The message in the status bar indicates that your message has been saved.
5.
When the user logs on to the SAP R/3 system, they will see a message dialog box similar to the screenshot below.
94
System Administration Made Easy | Release 4.6C/D Check that No Active Users Are on the System (AL08/SM04)
All users should log off of the system before you shut down SAP R/3. You can perform the following two tasks to check if users are still logged on to the system.
Task
Check that no active users are on the system (system without application servers)
1. 2. 3.
In the Command field, enter SM04 and choose Enter (or from the navigation menu, choose Tools Administration Monitor System monitoring SM04-User overview). Contact the users by phone or email and have them log off. If users cannot be contacted, delete their session as described in Deleting a Users Session (Transaction SM04) on page 247.
Task
Check that no active users are on the system (systems with application servers)
1. 2. 3.
In the Command field, enter AL08 and choose Enter (or from the navigation menu, choose Tools CCMS Control/Monitoring Performance menu Exceptions/users Active users AL08-Users global). Scroll down the transaction screen to see all the servers in the system and the users on those servers. Contact the users to have them log off.
95
4.
If the users cannot be contacted, delete their session as described in Deleting a Users Session (Transaction SM04) on page 247. You cannot delete a user from transaction AL08. You must log on to the individual instance and use transaction SM04 to delete the user session.
a. b.
I I I I
In User name, enter *. Under Job status, select the following checkboxes:
96
c. d. e. f.
In Fr., enter a date one year ago from today. In To, enter a date in the future beyond the shutdown period (for example, if the shutdown period is from 07/13/2001 at 23:00 to 07/14/2001 at 23:00, use a To date of 07/15/2001). In or after event, choose Choose and select *.
Execute.
3.
Change the display to show the planned start date and time. From the menu bar, on the screen above, choose Settings Display variant Current (Change Layout in 46D). On the field selection screen, move the scheduled start date and scheduled start time from the hidden fields on the right, to the displayed fields on the left.
Choose a job within the shutdown period to review (for example, SPOOL_CLEANUP). From the menu bar, choose Job Change.
4.
97
5.
Choose
Start condition.
6. 7.
In Scheduled start, change the date to a date after the shutdown. Choose .
8.
98
9.
Choose
10. 11.
A message indicates that the job was saved. Repeat steps 3-10 for each of the other jobs that must be moved.
99
12.
As a final step, repeat the initial job selection to verify that there are no jobs scheduled during the system shutdown.
In the Command field, enter transaction SM51 and choose Enter (or from the navigation menu, choose Tools Administration Monitor System monitoring SM51-Servers). On the SAP Servers screen:
2.
The screen that appears is the transaction SM50 screen for that server.
a. b.
100
3. 4. 5.
Review for activities. Choose and return to the SAP servers transaction (SM51).
When you bring down or stop SAP R/3, coordinate and plan this event with all the SAP R/3 users or their representatives. Stopping a system at your convenience is unprofessional and usually causes considerable operational issues with users who need (and expect) the system to be up and running.
101
1. 2.
From the taskbar, select Start Programs SAP R3 Management Console. Drill down to select an SID (for example, SA1), then a server (for example, pa102058 and pal01003).
Task
1.
Stop the SAP R/3 dialog instance (on the application server).
2. Select the nodes (+) to drill down to the application server (for example,
pal01003).
102
3.
4.
Choose Yes.
5.
When SAP R/3 stops, the status indicators change color to gray.
6.
Stop the SAP R/3 central instance (on the database server).
7. Select the nodes (+) to drill down to the database server (for example,
pa102058).
103
8.
9.
Choose Yes.
10.
When SAP R/3 stops, the status indicators change color to gray.
104
C H A P T E R
106
Overview
This chapter will help you understand how to monitor your system. It is crucial that a system administrator gets a quick overview of the system status and is quickly notified of critical situations. In this chapter, you will learn about:
I I I I
Some Computing Center Management System (CCMS) tools Major tasks Specific transactions System messages
To view Alert Monitor documentation, from the menu bar, choose: Help SAP Library. SAP Library Basis Components Computing Center Management System (BC-CCM) Computing Center Management System (BC-CCM)
The Central Alert Monitor is not a replacement for examining other checklist tasks. Certain alerts, such as Microsoft SQL Server and TMS have not yet been integrated into the Central Alert Monitor.
Computing Center Management System (BC-CCM) CCMS Monitoring The Alert Monitor. An alert indicates a potentially serious problem that should be quickly resolved. If not contained, these problems could deteriorate into a disaster.
107
Task
2.
On the CCMS Monitor Sets screen, we displays only two monitor sets:
I I
Under SAP CCMS Monitor Templates, there are predefined monitors to use as your starting point. These monitor templates cannot be modified. To modify them, copy them into a customer monitor set and modify the monitor there.
3.
Select the node (+) to expand the monitor sets. In this example, we copied the Entire System monitor from the SAP CCMS Monitor Template into SystemAdmin docu. This step allows us to modify the monitor.
108
4.
To load the monitor, select a monitor (for example, Entire system) and choose .
5.
The monitor contains the alerts for a single system/SID. In our example, the application servers pa102058_SA1_00, (central instance) and pa101003_SA1_00, (application server) are displayed.
109
1.
a.
110
2.
Task
Find an alert
1.
a. b.
Look for red node text. If a node text is highlighted in red, an alert will be displayed below that text. Drill down to the bottom node.
111
2.
In our example, the alert node is Percentage Used of the file system on drive H.
a. b.
3.
112
4. 5.
At the bottom of the detail screen are two tables. These tables show the alert values over the last half-hour and last 24 hours. These tables can be of significant value in troubleshooting. To display a graph of a timetable, select the table to use (for example, last 24 hours) and choose .
6. 7.
The graphical display shows how the values changed over a 24-hour period. Choose when you have finished.
113
8.
Choose Performance history. The batch job that collects historical data must be running. The default setting is that the job will not run. Running this job will add more data to the database and affect database growth. For more information, see Configuring the Batch Job to Collect Historical Data (RZ21) on page 726.
9.
If the Determine MTE performance history data screen displays, choose User.
10.
114
11.
Choose
12. 13.
115
Task
1.
2.
The alerts are listed in order of priority (Red at the top and yellow below).
Task
1.
Select an alert.
116
2.
Choose
3.
The specific analysis tool that is started is node-dependent. These tools are individually covered in the remainder of this guidebook. If no tool is assigned, a No method assigned message will appear.
117
Task
1.
From the Monitoring Attributes Detail Data screen, choose Display alerts.
2. 3.
You still must perform a task based on the alert. Acknowledging the alert only means that you received the alert notification.
4.
118
5.
6.
When all alerts and warnings are acknowledged, the alert will change color to green.
119
Task
1. 2.
Under the SAP CCMS Monitor Templates, select System Configuration. Choose .
3.
The various nodes will provide information about clients, database, and your SAP license.
120
4.
RZ20 Configuration. To configure to monitor multiple systems, see the SAP R/3 online documentation: SAP Library Basis Components Computing Center Management System (BCCCM) Computing Center Management system (BC-CCM) Computing Center Management system (BC-CCM) CCMS Monitoring The Alert Monitor The Monitoring Architecture: Concept What is Predefined in the Alert Monitor? In the right frame, choose monitoring multiple R/3 systems.
As shown here, a monitor can be configured to display multiple systems. Note that this monitor has been configured to monitor the following systems: System SAP R/3 SAP R/3 CRM BW SID SA1 DI2 C2B BW2 Basis 46C 46C 46D 46D
Each installation is different, so the point at which an alert changes color depends on the individual installation.
121
Sample situations where you would want to change the threshold levels when:
I I I
A high amount of paging is a cause for concern on the production system, but it is expected on the development system. The only file on a drive may be the database file, which is completely filling the drive. A file system full alert on that particular drive is of no concern, because the database would have been configured to take up the whole drive.
Task
4.
If the displayed values are for a group, an indicator field will appear in the screen. The group indicator means that the values displayed apply to all drives, not just the selected drive.
122
5.
a. b.
Group: From the menu bar, choose Edit Properties Use from MTE class/group. Individual: From the menu bar, choose Edit Properties Use for individual Monitoring Tree Element (MTE).
6.
If you choose group, the Monitoring: Properties and Methods dialog box appears. Choose .
7.
Choose
123
8.
The threshold value field will change color from gray to white.
9. 10. 11.
If the transaction is set to group mode, a message appears in the status bar. Enter new values for when the alerts will change (for example, 98). These threshold values are specific to the alert you indicated. Choose .
124
2. 3. 4.
Expand all the monitor sets. Under Public sets, select a monitor set (for example, SAP Business Communication). Choose .
125
5. 6.
7. 8.
The monitor set will disappear from My favorites and Public sets. The set still exists under SAP. If necessary, this set could be made visible to the public again.
126
9.
Repeat the steps until the only SAP standard set remaining is SAP CCMS Monitor Template.
10.
Once the extra monitor sets have been removed, your screen should look like the screenshot below.
127
2. 3.
4. 5.
Under Monitor set, enter a name for the new monitor set (for example, SysAdmin 2). Select Public (visible for all users).
128
6.
Choose
7. 8.
The new monitor set appears in Public sets and My favorites. To turn off maintenance, from the menu bar, choose Extras Deactivate maintenance function.
9.
129
Task
2. 3.
4. 5.
Expand the monitor design tree. Select the nodes (+) that you want to include in the monitor (for example, Background under both SA1 and DI2).
130
6.
Choose
7. 8.
In Monitor, enter a relevant name for the new monitor (for example background-SA1+DI2). To save the monitor definition, choose .
131
9.
10.
To turn off maintenance, from the menu bar, choose Extras Deactivate maintenance function.
11. 12.
132
13. 14.
Expand the monitor tree. This new monitor shows only the nodes you selected. This monitor tracks background service on two different systems (SA1 + DI2).
133
2.
a. b.
Choose Entire View tab. The Entire View tab is chosen by default. Choose .
3.
Choose
134
4.
From the menu bar, choose View Transaction code/module to display the transaction codes on the right side.
5. 6.
If a task needs to be performed, a red square appears next to it. To execute the task, choose Background Jobs). on that line (for example, R/3: Checking
135
7. 8.
The associated transaction is started. The specific transaction code selected is node-dependent. The task to execute the transaction will be specific to the started transaction. When you have finished, choose .
9. 10.
The list is updated, and a green circle appears next to the task, indicating that it has been performed. To see if there are any alerts in each task, choose List Current Alerts.
136
11.
Critical
and noncritical
Example
The accountant gives a file clerk a folder (similar to saving a transaction). The file clerk gives the accountant a receipt (similar to the SAP R/3 document number). On the way to the file cabinet, the clerk falls and gets hurt. The folder in not filed in the cabinet (the failed update). The end result is that the folder is not in the cabineteven though the accountant has the receipt. This same end result occurs in an update environment, the document is not in the SAP R/3 systemeven though the user has a document number.
137
Users assume that when they receive a document number, the entry has been recorded in the system. However, if the update has terminated, even if the users received a document number, no trace of it exists in the system.
Example
Even though a sales order document number is generated, the order does not exist. Therefore, customers would not receive their order, and no trace of the order would exist in the system. Check the system for failed updates several times a day. The longer you wait after the update terminate has occurred, the more difficult it is for users to remember what they did when the update terminate occurred. Also, prompt action should be taken to prevent having multiple update terminates that must be addressed. During normal business hours, the checks can be distributed:
I I I I
First thing in the morning Late morning Early afternoon Late afternoon
If you have a global operation, your schedule should be adjusted to account for other time zones and someone in that time zone should participate in the monitoring. On Windows NT, from SAP R/3 release 3.0F and higher, system log entries are written to the NT event log. You might consider configuring an event log monitor to page you when an update terminate occurs. This step reduces the need to constantly check transaction SM13. It also reduces the exposure between the time the update terminate occurs, when you find out about it, and when you can get to the user. The following message appears: You have express mail in your inbox. This message means that an update terminate has occurred on the users transaction. Users should be trained to stop when they get this message.
Task
138
2.
a. b. c. d. e.
In Client, enter *. In User, enter *. Under Status, select All. In From date, change the date to a year ago (for example, 07/13/2000). Choose .
3.
In the Status column, look for entries with an Err. These entries are failed updates or update terminates. You may also see other entries listed without the Err status. If you have no failed updates, stop here. If you have failed updates, continue with the next section, Managing Update Terminates.
139
No short dump In this case, the only clues you have are the: User ID Date Time Transaction
Difficulty reading the short dump Short dumps can be difficult to read or understand. Some of the content is only useful to the developer. You may recognize a pattern of characters as a part number, document number, vendor code, and so on. Short dump with little usable information Update terminate occurring downstream from the actual transaction The data in the short dump may be of little value in finding the root of the update terminate. (For example, if the terminate occurred in the FI posting of an SD transaction, you will not know which SD transaction document caused the problem.) Update terminate occurring in a batch job There is no indication of which batch job (by job name) caused the update terminate. SAP is aware of the inability to identify the batch job which was the source of an update terminate.
Task
I I
2.
The Update Modules screen shows the module (Mod.name) and the process (Mod.ID) where the update terminate occurred.
140
3.
4.
141
5.
After choosing ABAP short dump, you will see one of the following screens:
a.
If you have an ABAP dump, you will see the ABAP runtime errors screen.
b.
Do not attempt to reapply the failed update! There are conditions under which this reapplication can lead to corruption of the database. Always advise users to reenter the transaction.
I I
If a short dump does not exist, you will see: The Update Status dialog box The message No ABAP/4 short dump exists which appears either in the inactive Update Modules window or a separate dialog box.
6. 7.
The users must be contacted. The users should check for the missing entry and reprocess the missing transaction.
User Training
When a user receives the following message, You have express mail in your inbox, this usually signals a problem. The user should immediately stop and get assistance to determine what happened. SAP R/3 uses express mail to notify the user of a failed update. It is during this time frame (immediately after the error has occurred) that the user has the best chance of correcting the problem.
142
3.
143
4.
You can get more information on certain entries. In this example, double-click on the short dump.
Before you can recognize the unusual entries, you must become familiar with normal entries.
I
5.
If you select All messages, you will see this screen. Notice that the warning messages on this screen (indicated by the yellow highlight under the column MNo, and the text Perform rollback) did not appear in the previous screen.
Column MNo for the error status Errors are in red and pink, and warnings are in yellow. These entries may have been examined when you did the Alert Monitor (RZ20).
144
6.
To minimize the videoprocessing overhead, many NT servers are configured with a video color depth of 16 colors. On these servers, increase the video color depth to 256 colors to see the alerts in color, or view the log from a computer that has the video set to at least a color depth of 256 colors.
7.
This screen is the short dump. You can access this screen using transaction ST22.
Task
145
2.
3.
Example
You are changing a customer mailing address, while someone is simultaneously changing the customer s telephone number. You first save your change; then the other person saves his or her change. The other persons change overwrites your change, and your change will be lost.
146
We assume that the profile parameter rdisp/gui_auto_logout has been set. This parameter defines an automatic logout of the user if there is no activity for a set number of minutes.
There may be old locks still in place from transactions that did not release, or from when the user was cut off from the network. Unless cleared, these locks prevent access or change to the record until the system is cycled. The easiest way to locate these locks is to look for locks from prior days.
Task
View locks
1. 2. 3. 4.
In the Command field, enter transaction SM12 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor SM12 - Lock Entries). In Client, enter *. In User name, enter *. Choose .
5.
Setting the auto_logout parameter is recommended for security and auditing. The parameter is a global setting that applies to all users on the instance. You cannot have different logout times for different groups of users on the same instance. The only way to have different logout times for different groups of users is to have specific groups (for example, Finance) log in to specific instances (for example, the Finance application server) where this parameter is set in the instance profile of that instance.
In the Time column, look for locks from previous days. The presence of a lock from a previous day could mean that the user was disconnected from the network and the SAP R/3 system.
147
The following process should be followed before deleting a lock: Task Is the user logged onto any of the servers? Transaction Code that Completes this Task Transaction SM04 (without application servers) Transaction AL08 (with application servers) If the user is not on the system, but transaction SM04 shows them on the system, delete their sessions as described in chapter 9, Deleting a User s Session. This step, alone, may clear the lock. Transaction SM50 Transaction SM51 Also see the Processes section later in this chapter. Transaction SM37 Also see the Background Jobs section in this chapter. Transaction SM13 Also see Failed Updates section in this chapter.
Are there are processes running under the user ID? Deleting a lock is a dangerous task. Do not delete a lock without checking first to see if it is being used. If you delete a lock that is in use, you risk corrupting the database. Are there batch jobs running under the user ID? Are there updates in process for that user ID?
6.
Once you know that there is no activity using the users ID:
a. b.
Select the lock entry for deletion. From the menu bar, choose Lock entries Delete.
Double-check the user ID of the entry that you selected to delete. If you delete the wrong lock, you could corrupt the database.
Caution
Clear only one lock entry at a time. Do not use the mass delete option. This option will delete all the locks, not just the ones for the user you have selected.
148
If a problem arises, you will not know who created the problem. This situation makes the problem difficult for you to fix and prevent from happening again. Prudent security practices do not allow for the sharing of user IDs. Your external auditors may also perform this test to test your security.
I I
Release 4.6 allows you to prevent concurrent sharing of user IDs by activating the disable_mult_gui_login system profile. We recommend that you activate this parameter.
A user logged on to more than one terminal may indicate that the ID is being used:
I I
Problems
Transaction SM04 may show a user as active, when the user has actually logged off. Because the user session was not properly closed, the system thinks that the user is still logged on. This condition can be caused by one of the following:
I I
A network failure, which cuts off the user. Users who turn off their computer without logging off from the SAP R/3 system.
Task
If you have several instances in your system, using AL08 is easier, because you can simultaneously see all users in all instances on the system.
149
3.
Choose Sessions.
4. 5.
The Overview of Sessions screen shows what sessions the user has opened. Choose .
Task
2.
150
3.
For each instance, a list of the users logged onto that instance (application server) is also provided.
2.
151
3.
Choose
4.
Task
a. b.
Dialog work processes (DIA) that have long Time values. These values could indicate a problem or a long running step in batch programs, which sometimes start dialog work processes. In the Status column, work processes that say stopped, can sometimes be a problem because a process may have stalled or failed.
152
c.
Column Text No Ty PID Status Err CPU Time Program Clie User Table
Definitions Work process number Type of work process OS PID (Process ID) number Current status of the work process Number of detected errors in the work process Cumulative CPU time that the current process is taking Cumulative wall time that the current process is taking Name of the ABAP program Client number User ID that is using the work process Table that the action is being performed on
153
Task
For a simple selection, Today or Yesterday (proceed to step 2) For a free selection (proceed to step 5)
2. 3. 4.
Under No. of short dumps, if you see a value other than zero (0) in Today or Yesterday, dumps have occurred that must be examined. Select Today. Choose . Proceed to step 8.
5.
Choose
Selection.
6.
154
7.
Choose
8.
Despite being called a short dump, ABAP dumps may be more than 75 pages long. We recommend you save the dump locally and print out only the portion you need. If the SAP hotline asks for a copy of the short dump, e-mail or upload the file (see SAP Note 40024).
9.
155
3. 4.
To prevent the message from expiring, enter a date several years in the future. When referencing the time for an event, always enter the specific time, time zone, and date (for example, 0230 PDST-Tue Jun 26,2001). Entering vague information (such as in 15 minutes), creates confusion as to when and where an event has been scheduled.
In System message text, enter your message. Optionally, you may also enter text in the following fields:
a. b. 5.
156
6.
Choose
7.
The message in the status bar indicates that your message has been saved.
8.
Task
Edit a message
1.
In the Command field, enter transaction SM02 and choose Enter (or from the SAP standard menu, choose Tools Administration Administration SM02-System messages).
157
2.
a. b.
Choose Choose
3. 4.
a. b. c. 5.
Choose
6.
The message in the status bar indicates that your message has been changed.
158
7.
4.
This program has a variant screen where you can indicate whether you want parameters that cannot be substituted to also be listed.
159
5.
Choose
6. 7. 8.
The report runs. In this case, the report displays the profile parameters. Choose .
Task
160
3.
Choose
Display.
4.
PART FOUR
Security Overview
162
Part Overview
This security section is just a small part of the general subject of security. Security is comprised of many components and subjects, enough to more than fill a bookshelf. We have chosen to select but a small portion of the subject that is appropriate for this guidebook. Other security subjects are of particular interest to a mySAP.com installation that are not included in this guidebook, such as Single Sign On, Central User Administration and Network Security. The first two, being SAP products, are mentioned briefly below.
C H A P T E R
Security Administration
164
Overview
The purpose of this chapter is to make you aware of your security responsibilities as the SAP R/3 system administrator. These responsibilities include protecting the SAP R/3 system and preparing for a computer security audit. When an audit is performed on an SAP R/3 system, the administrators are responsible for responding to the audit findings. This chapter prepares you for these audits. However, each auditing firm has its own audit procedures and may look at many different items. Therefore, the information in this chapter tries to prepare you for the core group of items that all firms usually address. For more information, see www.service.sap.com/security. This chapter is only an introduction to computer security and its importance. Although an entire book can be written on this subject, even that would be insufficient. We recommend you contact and work with all parties (external auditors, internal auditors, finance department, legal department, and others) who might be affected by system security.
Caution
What Is Security?
Security is more than the SAP R/3 authorization (or keeping undesirables out of the system). Security is concerned with the following issues regarding data:
I I I
Protecting data from hardware problems Maintaining data integrity Restoring data in the event of a disaster
Keeping unauthorized people out of the system Keeping people out of places that they should not be Safeguarding the data from damage or loss Complying with legal, regulatory, and other requirements
165
Your companys customer list, contacts, and sales volume. A competitor could use this information. Your employees personnel data. Privacy laws protect this type of data. Financial performance data, such as quarterly financial statements. Strict SEC rules govern insider trading (see Complying with Legal, Regulatory, and Other Requirements on page 165 for a definition of insider trading). Items specified in contracts with customers, vendors, or other parties.
Accidental, such as: Loading test data into the production system A hardware failure A fire that destroys the data center A flood, hurricane, earthquake, tornado, or other regional natural disasters
Deliberate, such as: A disgruntled employee who deletes or damages files from the system A hacker who deletes or damages files from the system
166
or sell stock and make a profit or reduce a loss. Even if you yourself do not profit from the sale, you could be held liable. In cases involving insider training, consult your legal department.
Example
In one company, an employees spouse passed on inside information to a relative, who purchased the stock, then sold the stock at a profit after the earnings announcement. That relative made a profit by buying the stock before the earnings announcement (insider trading). The SEC fined the spouse and the relative. The spouse was guilty of providing insider information to the relative, who then made the profit on the sale of the stock. Both, therefore, were guilty of insider trading.
Example
The IS director of a company asked for authorization to log into the production SAP R/3 system. This request raised the concern of the accounting/finance department. Access to financial information is typically on a need-to-know or need-to-access basis, and the IS director did not need to access the production SAP R/3 system. Concerns were raised when he started asking about financial performance information (quarterly earnings), well before this information was made public. He was asking for insider information.
Audits
As a system administrator, two audits affect you:
I I
Financial Audit
A financial audit is a review of your companys financial statements by a Certified Public Accountant (CPA) in the U.S., or the equivalent in other countries. The purpose of the audit is to issue an opinion on the companys financial statements. This opinion essentially states that the financial statement fairly represents the financial position of the company. A financial audit is usually not optional. If your companys stock is traded on the stock market, the Securities and Exchange Commission (SEC) in the U.S., or its equivalent in other countries requires the audit. If your company is private, creditors could require a financial audit.
167
As a part of the financial audit, the CPA typically does a security audit of SAP R/3 and any associated systems. The purpose of the security audit is to determine how much reliance can be placed on the data in the SAP R/3 system. Your external auditors evaluate your system security to determine what audit tests to perform and how much testing they must do. If their evaluation results are not good, they may need to increase the scope of their audit. This increased scope also increases the cost of the audit, and the extra work could delay the completion of the audit. In a worst-case scenario, they could determine that the security is so weak they cannot issue an opinion on the companys financial statements. Because of the negative effect on the stock price that this inability to issue an opinion will probably cause, the chief financial officer (CFO), and likely the president, will be quite upset.
Security Audit
A security audit is performed specifically to test the security of the SAP R/3 environment. This audit is usually done as a part of the financial audit or to comply with government or other regulatory agencies. Your companys internal audit group can also perform a security audit. The audit is done to test the security of confidential data, such as:
I I I I
Financial information Customer data Product information Company personnel data (from the HR module)
Audit Considerations
Audit considerations are what auditors will look at when they do a financial or computer security audit. Some of these considerations are:
I I I
Physical security Network security User administration procedures Adequate segregation of duties Proper training Passwords
Data security Protection from hardware failure; mirrored drives, RAID, fail-over, High Availability (HA), and so on.
168
Note
Backup and recovery procedures Protecting the production system from unauthorized changes Locking dangerous transactions
This section is not an all-inclusive SAP security audit. It is only to make you aware of some of the things that could be reviewed as part of a security audit. We recommend that you work with your auditors before the financial audit, to review your system and bring it up to acceptable standards for the audit.
These tasks support the financial or security audit. Without knowing what the auditors will look for, you cannot properly prepare yourself and protect the system.
Security Layers
To make security more manageable, we have chosen to use the security layer model, one of many existing security models. This model uses the following three major layers of security: Access security
I I I
Operational security
Data security
Access Security
Physical Security
Physical security controls the physical access to SAP R/3 and network equipment. Like the graphic on the previous page, to get to the inner circle, an intruder must penetrate onto the property or site, into the building, and into the areas of the building where the users are or where the equipment is located (such as Finance, MIS, or Computer Operations) or into the specific equipment rooms within these areas of the building (such as the server room, wiring closet, or network room). This layer is probably the most important. If an intruder can physically access your equipment, all other security layers can be bypassed.
169
When physical security is bypassed: If you have electronic card key access, periodically audit the access log for the server room. The periodic review of the access log may be an item for which auditors will test.
I I I I
Equipment can be physically damaged or destroyed The system can be accessed from the operators console (perhaps allowing bypass of strong network security) Equipment can be removed Data could be hacked
Without physical access to the equipment, the intruder must electronically access the system through the network. The SAP R/3 equipment should be located in a secured room. Access to the room should be only through a locked door. It is crucial to control who is allowed access to the server room.
Network Security
Network security also has sub-layers of security. The goal of this security type is to control external access and logon access to the network. Logon access controls on-site and remote access and where on the network users can go once they gain access. If intruders access your network, they could have an electronic link to your computers.
Note
Use network security specialists to properly configure the various access points into your network and, once users are on the network, control their movements. Some of these points of control are:
I
A dedicated SAP domain where only the administrators are allowed to directly log on Other domains where users will log onto, trust the SAP domain, but the SAP domain does not trust other domains
Outside access Dial-in access Internet access Other remote access methods, such as VPN
This access method is the actual logon to the network (for example, the NT domain).
I
This table can be used to control (by IP address) which users can access the SAP servers.
170
Application Security
Like the other layers, application security has sub-layers of security, which control:
I I I I
The ability to log into the application, such as logging into SAP R/3 Where a user can go in the application What a user can do in the application What a user can do based on the system data in the application (such as the SAP R/3 system [for example, limiting the user to company 001 and cost center 200) SAP R/3 security functions at this layer This layer provides the fine or specific security of what a user can do (for example, read [not change] accounting data for only cost center 200 in company 001).
Using SAP R/3 application tools such as: Profile Generator (transaction PFCG; for more information, see the Authorizations Made Easy guidebook) Audit Information System (transaction SECR; see page Audit Information System (Transaction SECR)) Security Audit Log (transaction SM19/SM20; see page Security Audit Log (SM20)) Delete Old Audit Logs (transaction SM18)
Operational Security
This layer is security at the operational or user level. Because it is primarily procedural and control-related, there are few computer or systems issues related at this level. These are organizational and people issues, which can be problematic, because people must comply with guidelines and rules. The problem is, of course, that some people never want to comply with guidelines. Some of the methods of operational control are:
I I I I
Division of duties Preventing sharing of user IDs Password standards Log off when away from the computer, such as during lunch or at the end of day
171
Data Security
This layer is closely tied to the material in chapter 2, because disaster recovery is an integral part of data security. Data security protects:
I
We protect the data on the server from damage or loss. This protection is accomplished in various ways. The goal is to prevent or minimize loss of data in a disaster.
I
Backup data
The goal of this security layer is to preserve application data (usually on tape) so that the system can be recovered. The backup tapes must be stored safely to:
I
Preserve the backup tapes in the event of a disaster Protect the backup tapes from theft
Disaster Recovery
For more information on disaster recovery, see chapter 2. A proactive approach can prevent a problem. To remain proactive:
I I I I
Reduce the chances of losing data. The server is the first place to safeguard your data. Protect backup data from damage or loss. Ensure that, if there is a disaster, the system be completely recovered.
You must prevent or minimize data loss in a disaster. Some of the items below can be referred to as High Availability (HA) items:
RAID arrays for drives Redundant equipment Using reliable equipment and vendors Premium hardware support agreements for the production system
Uninterruptible Power Supplies (UPS) Fire detection and prevention devices Intrusion alert Environmental alerts
Backups
172
This step protects the backup data from damage or destruction a disaster. Tapes at both the off-site backup and the on-site tape storage facilities must be secured to prevent the theft of the backup tapes.
If the backup tapes are stolen, the data can be restored and hacked. Using database tools, most SAP R/3 security could be bypassed by directly reading the tables.
You do not know who created a problem. This situation is an audit security issue.
Set the disable multi-login parameter (login/disable_multi_gui_login) in the system profile. For more information, see Sharing of User IDs on page 188.
Made in the development system Tested in the development system Transported from the development system to the test system Tested in the test system Transported from the test system to the production system
173
This procedure ensures that changes are properly tested and applied to the systems in the pipeline. (A pipeline is the environment where development is moved from the development system to the quality assurance system, and finally to the production system.) Configuration changes should not be made directly into the production system. This restriction maintains the integrity of the production system. If changes are made directly into the production system, it may break because the change was not tested, or is not the same as the one made in the development system. The production system should be protected from changes until the changes are properly tested to preserve the integrity of the pipeline. If changes are made into the production system, the development and testing pipeline may become out of sync with the production system. If the pipeline is out of sync, it is difficult to develop and test with any certainty that things will not be different in the production system. All changes should be made in the development system and then transported through the pipeline into production. In this way, all systems get the same changes. A common excuse is that making changes directly into the production system takes too long to transport the fix. By making changes directly into the production system, you create an out-ofsync landscape, where the change made to the production system do not match changes made to development or test systems. Additionally, you allow emergency transports to occur at any time, with coordination.
Exceptions. Infrequent exceptions occur when no mechanism is available to transport the changes, or an SAP Note requires the direct change.
When a change cannot be transported, the following procedure should be used:
I
Verify that the change cannot be transported. Some objects may use an ABAP program to transport the object. Unlock the system (to make it modifiable). Make the change. Immediately re-lock the system. Make the same changes to all other systems.
I I I I I
174
175
Task
1. In the Command field, enter transaction SCC4 and choose Enter (or from the SAP standard menu, choose Tools Administration Administration Client administration SCC4-Client maintenance).
176
3. To continue, choose
Task
Lock a client (not modifiable)
1. Under Changes and transports for client-dependent objects, select No changes allowed.
177
2. Under Client-independent object changes, choose the dropdown and select No changes to Repository and cross-client Customizing objs. 3. Under Protection: Client copier and comparison tool, choose the dropdown and select Protection level 2: No overwriting, no external availability. 4. Choose
.
Task
Unlock a client (modifiable)
1. Under Changes and transports for client-specific objects, select Automatic recording of changes. 2. Under Client-independent object changes, choose the dropdown and select Changes to Repository and cross-client Customizing allowed. 3. Under Protection: Client copier and comparison tool, choose the dropdown and select Protection level 0: No restriction.
178
179
Dangerous Security-related Performance impact Description Document Archiving Bank Master Data Archiving G/L Accounts Archiving Customer Archiving Vendor Archiving Document Archiving Transaction Figures Archiving Profiles: Initial screen Maintain Authorizations: Object Classes Archive Cost Centers (all) Archive cost centers (plan) Archive cost centers (line items) Archive admin: completely cancelled doc Archive admin: cost centers (all) Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Reset Transaction Data X (delete transaction data) Maintain Users: Initial Screen Profiles: Initial screen X X X X X X Dangerous X X X X X X X X X Security Performance
Transaction F040 F041 F042 F043 F044 F045 F046 GCE2 GCE3 KA10 KA12 KA16 KA18
X X X X
180
Transaction OBZ9 OD02 OD03 OD04 OIBA OIBB OIBP OMDL OMDM OMEH OMEI OMG7 OMI6 OML0 OMM0 OMNP OMSN OMSO OMSZ OMWF OMWG OMWK OOPR
Description Maintain Authorizations: Object Classes Maintain Authorizations: Object Classes Profiles: Initial screen Maintain Users: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Users: Initial Screen Profiles: Initial Screen Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Profiles: Initial Screen
Dangerous
Security X X X X X X X X X X X X X X X X X X X X X X X
Performance
181
Transaction OOSB
Description Change View "User Authorizations": Overview Change View "Authorization Profiles": Overview Maintain Users: Initial Screen Profiles: Initial Screen Maintain Users: Initial Screen Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Profiles: Initial Screen Maintain Users: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Maintain Users: Initial Screen Profiles: Initial Screen Maintain Authorizations: Object Classes Profiles: Initial Screen
Dangerous
Security X
Performance
OOSP
OOUS OP15 OP29 OPCA OPCB OPCC OPE9 OPF0 OPF1 OPJ0 OPJ1 OPJ3 OSSZ OTZ1 OTZ2 OTZ3 OVZ5 OVZ6 OY20 OY21
X X X X X X X X X X X X X X X X X X X X
182
Transaction OY22 OY27 OY28 OY29 OY30 SARA SCC5 SE01 SE06
Description Maintain Users: Initial Screen Maintain Users: Initial Screen Maintain Users: Initial Screen Maintain Users: Initial Screen Maintain Users: Initial Screen Archive Management: Initial Screen Client delete Transport Organizer Post-Installation Methods for Transport Organizer Transport Organizer (Workbench) Transport Organizer (Customizing) Data Dictionary maintenance Dictionary: Technical Settings Utilities for dictionary tables Data Dictionary Information System Data Browser General Table display ABAP workbench
Dangerous
Security X X X X X
Performance
X X
SE09 SE10 SE11 SE13 SE14 SE15 SE16 SE17 SE38 SM49 SM59 SM69 ST05 SU12
X X X
X X X X
External OS commands X Maintain RFC destinations External OS commands X SQL trace Delete All Users X
X X X
183
The following table shows dangerous transactions that probably cannot be locked because they may be used regularly. These transactions may have other valid reasons for use in a production system. However, because of the potential danger, these transactions should have restricted access. Table TSTCT contains the transaction codes and the name of the transaction. The current content is over 98,000 entries in the table (for an English installation), with over 51,000 in English. Transaction RZ10 SA38 SM04 SM12 SM13 SM30 SM31 STMS SU01 SU02 SU03 Description Edit System Profiles ABAP Workbench User Overview System Locks Update Terminates Table Maintenance Table Maintenance Transport Management System User Maintenance Profiles: Initial Screen Maintain Authorizations: Object Classes X X X X X X X X Dangerous X X X Security Performance
Create and maintain a list of the following information: Maintaining the abovementioned information is important, because someone will invariably want to know who locked the transaction and why it was locked.
I I I I
Which transactions were locked? Why are they locked? Who locked them? When were they locked?
Task
Lock a transaction
1. 2.
In the Command field, enter transaction SM01 and choose Enter (or from the SAP standard menu, choose Tools Administration Administration SM01 Transaction Code Administration). Enter the transaction code you want to lock (for example, SE14) in the search field at the bottom of the TCode column.
184
3.
Choose
Check which transactions you are locking. You could accidentally lock yourself out of a key transaction, which would prevent you from unlocking this or other transactions.
4.
a. b. 5. 6.
To lock a transaction, select the checkbox to the left of the transaction. To unlock a transaction, deselect the checkbox to the left of the transaction. . .
Choose Choose
Building security authorizations on the security object S_TCODE under Crossapplication authorization objects can also control access to transactions.
Task
List locked transactions
1. 2.
In the Command field, enter transaction SECR and choose Enter. Select Complete audit.
185
3.
Choose
4. 5.
Expand the following menu path: Audit Information System (AIS) System Audit Development / Customizing Transactions Blocked Transactions. Choose next to Blocked Transactions.
6.
186
7.
Choose
8.
Operational Security
This section describes selected operational security issues.
Segregation of Duties
Standard audit guidelines cover job or task combinations that are considered risky or that reduce internal controls. Some of these combinations are:
I I I
Your external auditors should help you define these risky combinations. Testing for segregation of duties is a standard audit procedure.
Accounts Payable and Check Generation Accounts Receivable and Cash Receipts ABAP development and transport control
187
Caution
The security profile for SAP* is SAP_ALL. This profile is extremely powerful because it grants the user complete access to the system. For more information, see chapter 8, User Administration on page 220.
188
Change Management
Change management is the process of controlling what changes are made to the system. In this context, system refers to the entire system environment, not just SAP R/3. One aspect of security is to control and know what changes are made to the system. Items of concern include:
I I I
Is there a change management procedure for changes being made to the SAP R/3 system? Is a QA testing process in place? Are reviews and approvals required to move changes into the production system?
There is no way to tell who is doing the activity. If there is a training problem, you do not know who needs training. If there is a deliberate security breach, there is no way to track the responsible party.
Other. Despite the cautionary statements above, there are a few situations
where it is not practical to have individual user IDs. These situations must be treated individually and with management and internal audits review and approval.
Example
In a warehouse, several employees use one computer to post their warehouse transactions such as goods issued, goods received, and so on. This process occurs because the user ID is used to log on, not at the individual transaction level, but to the SAP R/3 system. For each transaction that the warehouse employees access, it is impractical to log on to SAP R/3 individually, access the transaction, and then log off from SAP R/3. The alternative is to have a computer for each warehouse person, although this step may not be cost-effective. To prevent a user ID from being shared, the system profile parameter (login/disable_multi_gui_login) can (and should) be set. Parameter values are:
I I
We recommend that this value be set to 1 to prevent multiple logins under the same user ID.
189
To allow specific users to log on multiple times, you can enter their user IDs in the parameter login/multi_login_users separated by commas and no spaces.
A password policy that is too restrictive or difficult to comply with could defeat the purpose of this policy. Users will write their passwords down and leave it in an easily seen place, which means you have lost your security.
Minimum password length: login/min_password_lng A longer password is more difficult to break or guess, so the standard is usually five characters. Password expiration time: login/password_expiration_time This time period is the limit before users must change their password. Auditors usually recommend 30 days. A practical number that customers use is 90 days. Password lockout: login/fails_to_user_lock This parameter locks out users who, after a specified number of times, try to logon with an incorrect password. Users are usually locked out after three failed attempts.
Your external auditors may check to see if you have set the security parameters.
Properly assigned parameters will make it more difficult to break into the system. To set up password parameters, maintain system profiles with transaction RZ10 (for more information on this transaction, see Changing System Profile Parameters (Transaction RZ10) on page 608.)
Table USR40 is only a basic level of password security and is maintained manually. There are third-party password security programs that can be integrated into SAP R/3.
190
A password is the key to enter the system, similar to the key you use to enter your home. If users choose easy-to-guess or well-known passwords, security is compromised and your system is potentially at risk. Your external auditors may check to see if you have a mechanism to secure against users with easy-to-guess passwords.
Tips & Tricks
Your name Your spouses name Your childs name Your pets name Your cars license plate Your drivers license number Your social security number
There are many lists circulating of commonly used user passwords. If one of these passwords is used, the chances of an unauthorized person accessing a users account increases. Changes are made to table USR40 using transaction SM31, the general table maintenance transaction. (For more information on this transaction, see Table Maintenance (Transaction SM31) on page 466.). This change creates a transport that can then be transported throughout the landscape. A few suggestions for table entries are:
I I I I
191
Days of the week (Monday*, Tuesday*, Mon*, Tue*, and so on) Months of the year (January*, February*, Jan*, Feb*, and so on) Your company name Your product names Competitors names Competitors products names
Critical nature of the SAP R/3 system. Many systems, clients, and all the other areas where passwords are required. Need to access the system if the SAP system administrator(s) is not available.
Recommended Process. All passwords for all system IDs should be:
Two people should prepare the list, change the password, and verify the new passwordone user ID at a time. If the recorded password is wrong, those keys are lost, and you may not be able to log on to the system. Recorded Placed in a sealed envelope Put in a company safe (possibly both an onsite and offsite safe) with restricted access. Only a select list of company personnel should have access to this information.
User IDs that are used or needed to maintain the SAP R/3 system include: SAP* DDIC SAPCPIC (see note 29276) EarlyWatch (client 066)
192
All user-created administrative IDs Any other non-SAP user ID that is required to operate the system, such as for the operating system, the database, and other related applications.
The password list should be updated and replaced whenever passwords are changed.
Following are sample password tables: Server SAPR3T SID TST Client 000 User ID SAP* DDIC <SID>ADM SAPCPIC 001 SAP* DDIC <SID>ADM SAPCPIC 066 SAP* <SID>ADM EarlyWatch 100 SAP* DDIC BATCH1 <SID>ADM SAPCPIC Where NT User ID Finance/DEVADM Finance/PRDADM SQLserver sa sapr3 UNIX root <SID>ADM Oracle system SYS Password Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass Password Newpass Newpass Newpass Newpass Newpass Newpass Newpass Newpass
All systems should have entries for clients 000 and 001. In addition, the production system should have an entry for client 066. Clients 000 and 001 are default clients in all systems, and client 066 is the EarlyWatch client and may not exist in every system.
193
Where
Task
1. 2. 3. 4. 5.
In each instance and each client, log on under the user ID to change the password. In Client, enter the client number (for example, 100). In User, enter the user ID you want to change (for example, sap*). In Password, enter the current password. Choose New password.
Be careful when you enter the new password. It is easy to enter the password incorrectly or to make the same error twice (for example, user versus users and the versus teh).
6. 7.
Enter the new password twice in the popup window. Choose . At this point, the logon will proceed as normal.
At this point, if the new password fails, use another administrative user ID to reset the password. This reason is why password changes should be made one user ID at a time.
8. 9.
Record the new password in the password table. Log on using the new password to verify it.
194
This process must be repeated for every system and client in which the user ID has an entry. With Central User Management, you can manage users across all systems (for more information, see Authorizations Made Easy, Release 4.6).
NT
NT is case-sensitive when dealing with passwords.
User IDs.
I I
<SID>ADM SAPService<SID>
Services.
I
SAP These services will either use user ID <SID>ADM or SAPService<SID> SAP<SID>_<instance> SAPOsCol SAProuter
The default user that the Oracle services runs under is system.
I
SQLserver MSSQLServer SQLServerAgent The user ID that they run under is either <SID>ADM or SAPService<SID>
DB2 DB2-DB2DA400
195
User IDs.
I I
<sid>adm root
Services.
I
ora<sid>
Databases
For the databases, the following user IDs should have their passwords changed:
DB2
NT/DB2 (see SAP Note 80292)
Informix
See note 15399.
Oracle/UNIX
User IDs:
I I I
196
Use the program chdbpass to change the passwords. This program automatically updates the SAPUSER table and enables the user <sapsid>adm to access the database.
Oracle/NT
I I I I I
Audit Tools
Audit Information System (Transaction SECR)
The Audit Information System (AIS) is designed for system and business audits. Auditors will likely request to run AIS. AIS collects many of the SAP R/3 security tools, centering around the Audit report tree. AIS is a standard component in Release 4.6A, and uses standard SAP R/3 reports and transactions to conduct the review. However, AIS can be imported into earlier systems, starting with Release 3.0D or higher. AIS also provides an interface to export data to an external auditing system that analyzes financial statements. Auditors examine the results of automated and manual financial and system procedures to ensure that checks and balances exist to prevent fraud. AIS enables the auditors to test transactions and run reports during the inspection. Audits can be conducted in either a complete or user-defined manner.
Task
1. 2.
In the Command field, enter transaction SECR and choose Enter (or from the SAP standard menu, choose Information Systems SECR-Audit Info System). Select Complete audit.
197
3.
Choose
A complete audit consists of a system audit and business audit. The structure on this screen is Audit_All with a standard view.
4.
198
Task
1.
Under System Audit, click the node (+) next to Repository / Tables.
2. 3.
Click the node (+) next to Table Information. Choose next to Data Dictionary display.
4.
When the transaction executes, the ABAP Dictionary: Initial Screen appears.
199
5.
Choose
Task
1. 2. 3. 4. 5.
Under Business Audit, select the node (+) next to Financial Statement Oriented Audit. Select the node (+) next to Closing (FI-GL). Select the node (+) next to Balance Sheet/ P&L/ Balances. Select the node (+) next to Balance Sheet/ P&L. You can execute different reports to inspect the financial balances. Choose next to Profit and Loss Projection.
6.
On this screen, you can enter criteria for your report then choose
200
7.
Choose
Task
1. 2. 3. 4.
In the Command field, enter transaction SECR and choose Enter (or from the SAP standard menu, choose Information Systems SECR-Audit Info System) Select User-defined audit. Under User-defined audit, enter a view name (for example, ZVUE). Choose .
201
5. 6. 7.
In Name, under New view, enter the name of the view (for example, ZVUE). Under Select using:, select Manual selection. You will select the procedures that will be included in the view. Choose view. . We want to include all the procedures for a system audit in this
8. 9. 10.
11.
The message in the status bar indicates that the generation was successful.
202
12.
Choose
13.
Choose
203
14.
15.
The following screenshot lists all the procedures for the Audit_All structure with a ZVUE view.
Locked transactions or users Changed or deleted authorizations, authorization profiles, and user master records Changes to the audit configuration
204
The log is created each day, and previous logs are not deleted or overwritten. The log files can become numerous and large, so we recommend that the logs be periodically archived before being manually purged. An audit analysis report can be generated from the audit logs. You can analyze a local server, a remote server, or all the servers in an SAP R/3 system. Based on certain criteria, the information in the security audit files can be manipulated to tailor the audit analysis report. The report assists the administrator:
I I I I
Reconstruct or analyze incidents Improve security by recognizing inadequate measures Trace unusual user activities Understand the impact of changes to transactions or users
To start a security audit, you can use transaction SM19 to start recording data into the security log. Alternately, you can set the profile parameter rsau/enable to 1. For more information, see Changing System Profile Parameters (Transaction RZ10) on page 608.
Note
You cannot set both parameters. You have to choose the method by which the audit files are created.
The number of audit logs created by the system depends on certain settings. You may choose to set the maximum space for the security audit file in parameter rsau/max_diskspace/local. When the limit has been reached, logging will end. Alternatively, you can define the size of an individual security log file to fit in the chosen archiving media. This definition means that the system produces several log files each day and these files can be, for example, archived periodically into CDs. The profile parameter is rsau/max_diskspace/per_file, and the maximum size per file is 2 GB.
1. 2. 3. 4.
In the Command field, enter transaction SM20 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor Security Audit log SM20-Analysis). On the Security Audit Log: Local Analysis at <XXXXX> screen: In From date/time, enter a time and a date (for example, 10:00). Under Audit classes, select:
I I
205
Report start
5.
Choose Re-read audit log to read a log for the first time.
6. 7.
The security report is displayed. To view the details of an audit message, select a line and choose .
206
8.
Documentation for the message and technical details are displayed. This screen is useful when displaying negative messages such as failed logins or locked transactions.
207
You can define up to five sets of selection criteria or filters. The system parameter, rsau/selection_slots, defines the number of filters has a default value of 2. You can activate an audit in the dynamic configuration using transaction SM19.
Task
1. 2. 3.
In the Command field, enter transaction SM19 and choose Enter (or from the SAP standard menu, choose Tools Administration Monitor Security Audit log SM19-Configuration). Configuration status refers to the storage of the parameters in the database. Choose .
4. 5.
208
6.
In this screen, you may specify two filter groups and define the types of audit messages that will be written into the log.
Task
1. 2.
a. b.
I I
3.
4.
209
5.
Task
1. 2. 3.
Choose Filter 2. This filter traces the reports started by one user. Under Selection criteria:
a. b.
4. 5. 6.
In Audit Classes, select Report start. Under Events, select Important and critical. Deselect Filter active. This setting allows you to save the filter settings but does not activate them.
210
7.
Choose Detail configurat to drill down the audit class and event class categories.
8. 9.
Under Filter 2, scroll down to Report start. Notice that the category is automatically chosen based on the earlier selection of Event type and Audit class type. Choose .
211
10. 11.
The general categories are cleared indicating that settings were browsed or defined at the detail level. Choose .
12. 13.
A message at the bottom of the screen notifies the user that the profile was successfully saved. Choose .
212
14.
Note
The profile name is now in the Active profile field, and the message in the status bar indicates that the profile will be activated when the application server is restarted. To dynamically change the selection criteria for one or more application servers in a running system, choose the Dynamic configuration (Dynamic configuration) tab.
15.
In this example, the audit has been running for some time (indicated by the current file size greater than zero) before being stopped briefly. The red square indicates that the audit is inactive.
16.
Choose
213
1.
a. b.
2. 3. 4. 5.
Under Audit classes, select Report start. Under Events, select All. Under Filter 1, select Filter active. Choose .
214
6.
Choose Yes.
7.
A green appears in the Stat (Status) column and the message at the bottom of the screen indicates that the configuration was activated.
215
Description
Your external auditors may require some of these reports to be executed as part of the annual financial audit.
Some of these reports have parameter tables that must be properly maintained. Review and analyze these reports based on your knowledge of the company. However, be aware that security issues may exist. If you have a small company, these issues cannot be avoided because one person often must perform multiple tasks. You can use either of the following transactions:
I
1. 2. 3.
In the Command field, enter transaction SA38 and choose Enter. In Program, enter the report name. Choose .
216
Task
1. 2. 3.
In the Command field, enter transaction SE38 and choose Enter. In Program, enter the report name. Choose .
These combinations are maintained on table SUKRI. Dangerous combinations include the following transactions:
RZ02 (with anything) RZ03 (with anything) SE14 (with anything) SU01 (with security, users, and profiles) SU02 (with security, users, and profiles)
217
Audit Tasks
Review that all Named Users are Valid
One of the audit procedures that your external auditors will use is to test whether a person who does not need to access SAP R/3 has a live user ID. All users who have left the company should have their SAP R/3 access terminated immediately. By locking or deleting these user IDs, you limit access to only those users who require SAP R/3 access. Periodic review assures that the task of locking or deleting has been completed. Proper audit control requires that a user who no longer has a valid business need to access SAP R/3 should not be allowed to do so. Deleting or locking these user IDs also prevents anyone who had been using the terminated user ID from accessing the system with that ID.
Task
1. 2.
In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users). Choose .
218
3.
In a large company, you should do a random audit on at least 20 users. Your auditors should determine the minimum number.
Review the active users and verify that these users are valid.
Note
For additional information on how to lock a user, see Locking or Unlocking a User (SU01) on page 243.
For additional information on these reports, see User Security Audit Jobs on page 214.
C H A P T E R
User Administration
220
Overview
User administration is a serious function, not just a necessary administrative task. Security is at stake each time the system is accessed. Because the companys financial and other proprietary information is on the system, the administrator is subject to external requirements from the companys external auditors, regulatory agencies, and others. Customers should consult with their external auditors for audit-related internal control user administration requirements. For example, human resources should be consulted if the HR module is implemented or if personnel data is maintained on the system. A full discussion on security and user administration is beyond the scope of this guidebook. For example, manually creating and maintaining security profiles and authorizations is also not covered. Our discussion is limited to a general introduction and a list of the major issues related to security. The two sections below affect all aspects of security, which is why we begin with them.
User Groups
User groups are created by an administrator to organize users into logical groups, such as:
I I I
Profile Generator
The Profile Generator is a tool used to simplify the creation and maintenance of SAP security. It reduces (but does not eliminate) the need for specialized security consultants. The value of the Profile Generator is more significant for smaller companies with limited resources that cannot afford to have dedicated security administrators. For more information on the Profile Generator, see the Authorizations Made Easy guidebook.
221
User Administration
User administration tasks comprise the following:
I
User ID naming conventions The employees company ID number (for example, e0123456) Last name, first initial, or first name, last initial In a small company where names are often used as ID, it is common to use the employees last name and first initial of the first name or the employees first name and first initial of the last name (for example, doej or johnd, for John Doe). Clearly identifiable user IDs for temporary employees and consultants (for example, T123456, C123456).
Adding or changing a user The users manager should sign a completed user add-or-change form. The form should indicate the required security, job role, and so on, that defines how security is assigned in your company. If security crosses departments or organizations, the affected managers should also give their approval. If the user is not a permanent employee, or if the access is to be for a limited time, the time period and the expiration date should be indicated. The forms should be filed by employee name or ID. A periodic audit should be performed, where all approved authorizations are verified against what was assigned to the user.
Users leaving the company or changing jobs This event is particularly sensitive. The policies and procedures for this event must be developed in advance and be coordinated by many groups. As an example, see the table below. Responsibility Legal or personnel matters Internal control issues related to financial audit Procedures to terminate network access Policy approval Handover or training period for the employees replacement
222
To manage terminated employees: Similar to banks, there should be a secret word that users could use to verify their identity over the phone. This word would be used when the user needs their password reset or their user ID unlocked. But, realize that others can overhear this secret word and render it useless.
I I
The users manager or HR should send a form or e-mail indicating that the employee is leaving. The users ID should be locked and the user assigned to the user group term for terminated. If the users ID is not required as a template: The activity groups assigned to the user should be deleted. (use transaction SU01, under the Activity Group tab, delete the activity groups). The security profiles assigned to the user should be deleted (use transaction SU01 and under the Task profile and Profile tabs, delete the profiles).
For privacy reasons do not use mothers maiden name as this is a common one used by banks.
Check Background Jobs (transaction SM37) for jobs scheduled under that user ID. The jobs will fail when the user ID is locked or deleted.
If the user leaves one job for another and needs to maintain access for handover, this handover should be documented. The duration of the handover access must be defined and the expiration (Valid to) date entered in the SAP R/3 system.
All temporary employees or consultants should have expiration (Valid to) dates on their user IDs.
System Administration
Special user IDs
The security rights of SAP* and DDIC are extensive, dangerous, and pose a security risk. Anyone who requires or requests similar security rights should have an extremely valid reason for the request. Convenience is not a valid reason. The security profiles that serves as the master key are SAP_ALL, and to a lesser degree, SAP_NEW. The two user IDs (SAP* and DDIC) should only be used for tasks that specifically require either of those user IDs. A user who requires similar super user security rights should have a copy of the SAP* user security. The user ID SAP* should never be deleted. Instead:
I I
If the user ID SAP* is deleted, logon and access rights are gained by rights programmed into the SAP R/3 system. The user ID SAP* then gains unknown and uncontrollable security rights. For medium- and large-size companies, granting developers SAP* equivalent security rights in the development and test systems is usually inappropriate. SAP* equivalent security in the production system is a security and audit issue and should be severely limited.
223
User passwords
The user IDs SAP* and DDIC should have their default passwords changed to prevent unauthorized use of these special user IDs. An external audit procedure checks the security of these two user IDs. Parameters that define and restrict the user password are defined by entries in the system profiles.
I I I I
Passwords should be set to periodically expire. The recommended expiration date is no more than 90 days, but auditors will usually want this date to be set at 30 days. Minimum password length of five (5) characters should be set. User should be locked after three unsuccessful logon attempts.
224
Company ID: System/Client No PRD 300 QAS 200 210 220 DEV 100 110 120 Type of Change Change User Delete User Add User Expiration Date (mandatory for temporary employees) Request Urgency High Medium Low
Employees Job Function (If similar to others in department, name and user ID of a person with similar job function):
Special Access/Functions:
Requester Signoff Name Manager Signoff Name Owner Signoff Name Signature Date Signed Signature Date Signed Signature Date Signed
Name
Signature
Date Signed
Signature
Date Signed
Signature
Date Signed
In addition to security approval (above), is a signed copy of computer security and policy statement attached? Yes No
225
Does the system configuration meet the minimum requirements for SAP? Is the display resolution set to a minimum of 800 x 600? Is there sufficient space on the hard disk to install the SAP GUI with sufficient room for desktop application to run?
For Windows, a minimum of 50MB free space should remain after installing SAP GUI. A practical minimum however, is at least 100MB of free space.
Network Functionality
Can the user log on to the network? From the users computer:
I I
Can you ping the SAP application server(s) that the user will be logging onto? If the SAP GUI will be loaded from a file server, can you access the file server from the users computer where the SAP GUI will be installed?
The online documentation should be installed according to the instructions in the SAP document Installing the Online documentation. The online documentation installation and access method has changed since Release 3.x.
226
Copy the SAP GUI load files from the presentation CD to a shared directory on a file server. Have access to the shared directory from the users PC.
Task
1. 2. 3. 4.
Map a drive to the shared drive on the network where the presentation CD has been copied. Select the mapped drive to the presentation CD software (for example, sapguiwin-46d-comp4 on Pa101003 (F:)). Drill down to the directory for the SAP GUI (for example, sapgui-win-46dcomp4 on Pa101003 (F:) GUI Windows Win32). Double-click on setup.exe. The installation program starts.
227
5.
Choose Next.
6. 7.
8.
Choose Next.
9. 10.
Select SAPgui.
228
11.
12. 13.
From this screen, select the components you want (for example, select Graphical Distribution Network). This component is required if system administrators wish to view specific screens. Choose OK.
229
14.
Choose Next.
15. 16.
17.
Choose Next.
18.
This parameter is set within the SAP R/3 system when the online documentation is installed (Release 4.0B+).
230
19.
Choose Next.
20.
a. b. 21.
In Application server, enter your application server name (for example, pa102058). In System number, enter your system number (for example, 00).
Choose Next.
22.
Choose Next.
231
23.
Choose Install.
24.
The SAPSetup window appears to show you how the installation is progressing.
25.
26.
To add systems to the SAP Logon see section Adding Systems in the SAP Logon.
A copy should be made of the original presentation CD and the copy shipped to the user site. You then maintain control of the original CD and reduce the chance of loss. The SAP GUI installation files can also be copied to other high-capacity removable media such as ZIP or optical disk, as appropriate for your company.
1.
232
2.
In Windows Explorer:
a. b. c. 3. 4. 5.
Choose the CD-ROM drive (for example, D:). Choose Gui Win32. Double-click on Setup.exe.
Follow the same procedure as when loading from a file server. Test your connection Log on to the system.
1.
2.
a. b. c. d.
In Description, enter a short description of the system (for example, SA1). In Application Server, enter the name of the server (for example, pa102058). The SAP Router String field is usually blank. In SAP System, select R/3.
233
e. f.
In System Number, enter the system (instance) number for the instance in which you are creating the logon (for example, 00). Choose OK.
3. 4. 5.
The new system appears in the SAP Logon. Test your connection. Log on to the additional system.
234
Task
4.
Follow your companys naming convention for creating user IDs.
a. b.
Note
5. 6. 7. 8. 9.
Your company may have a password policy where a random initial password is to be used. A user group must exist before a user can be assigned to it.
Under the Password section, in Initial password, enter an initial password (for example, initi). Reenter the same password in Repeat password. You may choose system generate a random password. to let the
In User group for authorization check, enter the user group (for example, SUPER) to which the user is to be assigned. Check
In Valid from and Valid to, enter dates to limit the system access duration for users.
235
10.
11.
Entering valid to/from dates is usually required for contractors and other temporary personnel.
a. b.
Enter the users personal information (name, job function, department, and so on). Choose the Defaults tab.
236
12.
A telephone number should be a required entry field. If there is a system problem identified with the user, you must contact that user.
Check that the Logon language is set correctly (for example, EN for English). If the system default language has been set (for example, to English), then this field is only used to enter a default logon language for the individual user (for example, DE for German). Under Output Controller:
13.
a. b.
to select a printer.
14. 15.
The Decimal notation affects how numbers are displayed. Setting it correctly is critical to prevent confusion and mistakes.
Under Decimal notation, select the appropriate notation (for example, Point for United States). Under Date format, select the appropriate date format (for example, MM/DD/YYYY). Choose . The message on the status bar indicates that the user was saved.
16. 17.
237
Sometimes it becomes necessary to create a completely new user. You may need to create a new user when you do not have another user from which to copy.
Task
238
4.
A telephone number should be a required entry field. If there is a system problem identified with the user, you must contact that user.
a. b.
Enter the users personal information (name, job function, and so on). Choose the Logon data tab.
5.
A user group must exist before a user can be assigned to it
Enter an initial password (for example, initi). Reenter the same password in the second field. You may choose to let the system generate a random password. In User group for authorization check, enter the user group (for example, SUPER) to which the user is to be assigned or choose to select a user group. Enter dates in the Valid from and Valid to fields to limit the duration that the users will have access to the system.
6. 7.
239
8.
Entering valid to/from dates is usually required for contractors and other temporary personnel.
9.
As an option, in Logon language, enter the appropriate language code (for example, EN for English). If the system default language has been set (to for example, English), this field is only used to enter a default logon language for the individual user (example, DE for German). Under Output Controller:
10.
a. b.
to select a printer.
11.
The Decimal notation affects how numbers are displayed. Setting it correctly is important to prevent confusion and mistakes.
12. 13.
Under Decimal notation, select the appropriate notation (for example, Point, for United States). Under Date format, select the appropriate date format (for example, MM/DD/YYYY).
240
14.
Choose
15.
16.
Assign security to the user by using the Profile Generator (see the Authorizations Made Easy guidebook).
241
In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users). Enter the user ID (for example, GERDSC) to be maintained. Choose .
3.
242
4.
243
You should maintain a security log of password resets. This log should be periodically audited to look for potential problems. A basic user verification method is to have a telephone with a display so that the displayed callers phone number can be compared to the user s phone number, which is stored in the system or can be found in the company phone directory. We recommend that you use a method similar to what banks use where the user has a secret word that verifies their identity on the phone. However, this method is not foolproof because someone can overhear the secret word.
1. 2. 3.
In the Command field, enter transaction SU01 and choose Enter (or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users). Enter the user ID (for example, GERDSC) to be maintained. Choose .
4.
For security, you can only set an initial value for the users password. Users are then required to change the password when they log on. You cannot see what the users current password is, nor can you set a permanent password for the user.
In the Change Password popup window, enter a new password in New password and reenter this password in Repeat password. You may choose Choose . to let the system regenerate a random password.
5. 6.
244
Locking a user
SAP R/3 access should be removed if a user leaves the company, is assigned to a different group, or is on leave. The lock function allows the user ID and the users security profile remains on the system but does not allow the user to log on. This function is ideal for temporary personnel or consultants where the user ID is locked unless they need access.
Unlocking a user
Users are automatically locked out of the system if they attempt to incorrectly log on more than a specified number of times. The administrator must unlock the user ID and may need to reset the users password.
Task
Before unlocking a user, determine if the request is valid. Do not unlock a user who has been manually locked without first finding out why this was done. There may be an important reason why the user should not access the system.
Unlocking a user
1. 2. 3.
In the Command field, enter transaction SU01 and choose Enter (or choose SAP standard menu Tools Administration User maintenance SU01Users). Enter the user ID (for example, GERDSC) to be maintained. Choose .
Maintain a security log of unlocked users, which should be periodically audited for potential problems.
4.
If the system manager locks a user, always check why. A valid reason may exist for not unlocking a user.
A popup window appears. In this example, an administrator has manually locked the user ID. Choose . In this example, this step will unlock the user.
5.
245
6.
A message at the bottom of the screen indicates that the user has been unlocked (or locked).
User Groups
Create the group term for terminated users. Lock all users in this group and, for most of these users, delete the security profiles. This process maintains the user information for terminated users, and prevents the user ID from being used to log on. A user group is a logical grouping of users, such as shipping, order entry, and finance. The following restrictions apply to user groups:
I I I
A user can belong to only one user group. A user group must be created before users can be assigned to it. A user group provides no security until the security system is configured to use user group security.
The purpose of a user group is to provide administrative groups for users so they can be managed in these groups, and apply security.
Usage
Following are a few recommended special groups: Group TERM Definition Terminated users. This way, user records can be kept in the system for identification.
I I
All users in this group should be locked. If it is not being used as a template, all security profiles should be removed from the user.
SUPER TEMPLATE
Users with SAP* and DDIC equivalent profiles. Template users to be used to create real users.
246
3. 4.
Enter the name of the user group you would like to create (for example, purchasing). Choose .
5. 6.
In Text, enter a description of the user group. Under User Assignment, in User, choose to add users to the group.
247
7.
Choose
8.
248
2. 3. 4.
In step 3 above, doublecheck that the selected user is the one you really want to delete. It is very easy to select the wrong user.
5. 6. 7.
Select the session to be deleted. Choose End session. It may take a while to actually delete the session so be patient. Repeat steps 5 and 6 until all sessions for that user are deleted.
249
User IDs should not be shared for several reasons. If a problem arises, you will not know who created the problem. This situation makes the problem difficult to fix and prevent a reoccurrence. Prudent security practices do not allow for sharing of user IDs. Set the system profile login/disable_multi_gui_login. Your external auditors may also perform this test to test your security.
In a smaller company, the administrator can recognize user IDs logged on to unfamiliar terminals. This recognition may indicate that someoneother than the designated useris using that user ID. A user logged on to more than one terminal indicates that the user ID is being:
I I
Problems
Transaction SM04 may show a user as active, when in fact the user has actually logged off. Because the user session was not properly closed, the system shows the user as still logged on. The following can cause this condition:
I I
A network failure, which cuts off the user from the network or SAP R/3. The user turning off their computer without logging off from the SAP R/3 system.
Task
4.
The Overview of Sessions screen shows what sessions the user has open.
250
5.
Choose
Task
1. 2. 3.
In the Command field, enter transaction AL08 and choose Enter (or from the SAP standard menu, choose Tools CCMS Control/Monitoring Performance menu Exceptions/Users Active users ALO8-Users, global). The Current Active Users screen shows all the instances in your system and the number of active users. For each instance, the users logged into that instance/application server are listed.
PART FIVE
Database Overview
252
Part Overview
In the database section of the System Administration Made Easy Guidebook, we have for the first time included coverage of more than one database. The goal that was envisioned with the reorganization of the 4.0B edition, of covering more than one database in the guidebook is nearing completion. For the 4.6C/D edition we will cover DB2/UDB, Microsoft SQL Server, Informix, and Oracle. The guidebook has been arranged so that the tasks specific to individual databases are located in the database chapters. All other chapters are mostly database-independent. The various mySAP.com components run on several databases. At present, these are IBM DB2/UDB, IBM Informix, Microsoft SQL Server, Oracle, and SAPDB. The tasks that need to be performed on all the databases are the same. How they are done is specific to the individual databases. For example, you must take a backup on all databases, but the method of taking a backup differs for the different databases, similarly with other tasks such as starting and stopping the SAP instance.
C H A P T E R
254
Overview
An IBM DB2 database server can be managed in several ways, such as with a command line interface, DB2s GUI tool (DB2 UDB Control Center), and SAP systems. IBMs DB2 Universal Database runs on the following operating system platform:
I I I I
Because of this diverse base, and for simplicity, we will use the command line interface in this chapter. The command line interface is always available, and you can telnet to every host, including NT servers that have telnet services installed.
1.
We will use <sid>, <sapsid> and <dbname> interchangeably when we talk about the name of the SAP database in this administration chapter.
a. b. c.
Open a telnet connection to the database server. Logon as user <dbname>adm (for example 16dadm). Enter db2start.
255
2.
Alternately, you can start the SAP component using the startsap command. Using this command, the above steps are performed automatically.
Activate the DB2 database db<sid> (for example, db2 activate db16d).
3.
Your DB2 database is now active, with all buffers allocated and ready for use.
Task
1. 2.
The SAP R/3 system must be stopped before the database is stopped. At the command prompt, enter stopsap r3 to stop the SAP R/3 instance. To shut down the DB2 database <dbname> and stop the DB2 instance db2<dbname>:
a. b. c.
a.Open a telnet connection to the database server. b.Logon as user <dbname>adm (for example, l6dadm). c.Enter db2stop and choose Enter.
DB2 Memory and buffer usage DB2 catalog and package cache usage
256
DB2 I/O Performance data Locks and Deadlocks Connected Applications SQL Cache Table usage
To manage your database server, you must use the Database Performance transaction (ST04) on a regular basis. You should monitor the buffer pool hit ratio and messages in the DB2 database diagnostic log files.
Task
Note
Header Information General information about the DB2 Release, Partition selected and the Start Time of Database Manager. Buffer Pool This tab displays an overview of the buffer pools. A buffer quality over 98% means that buffering of data and indexes is very good.
3.
The Selection Criteria dialog box appears. Enter any necessary information in the fields (for example, to select all statements, in Executions, enter 1).
257
4.
Choose OK.
5. 6.
The DB2 UDB screen displays all SQL statements that were executed in the DB2 server. The header information contains the timestamp of the last snapshot. To retrieve a current snapshot, choose REFRESH.
7.
The Selection Criteria dialog box appears. Enter your selections and choose OK.
258
8. 9. 10.
The entries in the SQL statement cache display. Select an entry. Choose Explain.
11.
The Display Execution Plan for SQL statement screen displays. If you are missing indexes, you will see operation TBSCAN on tables. This is an indication for performance problems.
259
Space Allocation
A mission critical task is the monitoring of the database growth. If your database runs out of space during use, you will experience downtime until the database has been expanded. The database expansion can be performed using the DB2 CLP or the DB2 UDB Control Center.
Task
Note
The tablespace column displays the tablespace names. The Type column displays the type of tablespace:
I
DMS: pre-allocated space in a database file (in DB2, this space is known as a container) SMS: pages will be allocated and de-allocated dynamically during runtime using files in a directory
3. 4. 5.
To retrieve current information, choose REFRESH. A dialog box appears to inform you that the process may take a long time. Choose OK. Choose Detailed analysis.
RAW: space managed like DMS, but in a raw device The percent used column is the most important entry. If any value is larger than 95%, you may want to consider the expanding your table space.
260
6.
Pages total: the number of pages available in a container Accessible: information about the accessibility of the database container. If there is an access problem, you will see NO and the tablespace will be offline.
Task
261
2.
In the left frame, choose Backup and recovery and double-click on Backup overview.
3.
a. b.
262
4. 5. 6.
The backup overview displays. The task color indicates the status, read meaning failure, and green meaning success. Select a backup log. Choose Display.
7.
263
8. 9.
Choose
To display information about the DB2 database server logging status, choose Backup and recovery and double-click on Logging Parameters.
10.
For a production SAP system using DB2 UDB, you must ensure that the following two parameters are set:
I I
264
Archive log files Reorganization Update Statistics Back up the database Initialize Tapes
Managing and scheduling tasks inside an SAP system is easier than using the command line interface.
Task
265
4.
a. b. c.
To use tape devices in parallel, enter the fully qualified device names separated by commas.
In StartTime, enter your starting time (for example, 01:10:00). Under Action, select an action category to perform (for example Archive inactive log files onto device). Choose .
5.
On the Tape Name dialog box, enter the required parameters. Choose
6.
Choose
266
7.
The task displays on the selected date. The Action scheduled message displays at the bottom of the screen.
1. 2.
In the Command field, enter transaction DB13 and choose Enter (or from SAP Standard menu, choose Tools CCMS DB Administration DBA Planning Calendar) Review the scheduled tasks. The color indicates the status:
I I I
3. 4.
If there are more jobs to be displayed, a scroll bar appears. Select a task.
267
5.
Choose
6. 7.
268
8.
Diagnostics
The diagnostics section includes information about possible database problems. To analyze and solve the problem you should review the output of DB2 UDBs diagnostic log file db2diag.log.
Task
Run diagnostics
1. 2.
In the Command field, enter transaction DB13 and choose Enter (or choose Basic Tools Administration Monitor Performance Activity Diagnostics). On the DB2 UDB screen, in the left frame, choose Diagnostics and double-click on DB2 UDB diag log. This process may take some time to run.
269
3.
Start and stop the database (see section starting and stopping) Back up the database Back up the database log files Restore the database Check and update the database configuration Check and update the database manager configuration Resize or extend the tablespace containers Other
Most SAP software interfaces to DB2 use the DB2 CLP. If there are problems with the database, you are always in a good position if you know how to use the DB2 CLP.
Task
1.
270
2. 3.
Note
Log on as user <dbname>adm (for example, l6cadm) To start the DB2 CLP, enter db2. Enter connect to l6cadm and press Enter.
4.
You can always enter DB2 commands from a shell prompt by entering the DB2 command prefixed by db2. For example, you can enter db2 connect to <dbname> to connect to your DB2 database. If you need more information about a command you can use the ? token (for example, db2 ? backup shows all options of DB2s BACKUP command).
5.
TechTalk
DB2 UDB distinguishes between DB2 command and SQL statements. A statement is an database operation that will be logged and is recoverable. For example, changes to the structure of the database are made using the db2 alter tablespace statement. During database recovery, these changes are re-applied. A command is issued against the DB2 database server or a database, or other DB2 infrastructure elements. You will find information about DB2 command in the Command Reference. Details on SQL statements are in the SQL Reference. Both of these references are available at http://www-4.ibm.com/software/data/db2/library/.
271
Task
2.
To update a parameter in the Database Manager Configuration, enter: update database manager configuration using <parameter> <value> or update dbm cfg using <parameter> <value>
Task
272
2.
To change a parameter, enter: update database configuration for <dbname> using <parameter> <value> or update db cfg for <dbname> using <parameter> <value>
Task
2.
Alternatively, to specify a new size for the tablespace, you can use the RESIZE command. Enter: alter tablespace <tablespace name> resize (all <new container pagesize>)
Task
273
Start and stop the database (see section starting and stopping) Back up and restore the database Back up the database log files Check and update the database configuration Check and update the database manager configuration Update passwords for sapr3 and <sid>adm Other
To start the DB2 UDB Control Center, you must follow OS-specific guidelines. For example, on the NT platform, use Start Programs IBM DB2 Control Center. The DB2 UDB Control Center uses a GUI to manage DB2 databases.
274
To perform SAP-specific tasks, you must install the SAP Control Center Extensions on top of the DB2 UDB Control Center. The most current information about installing the SAP Control Center Extensions tools can be found in SAP Note 410252.
C H A P T E R
10
10
276
Overview
Microsoft SQL Server is a low maintenance database that also supports very large databases in excess of 1TB in size. This chapter reviews the database administrative tasks that can be accomplished within the SAP R/3 system with associated tasks utilizing the Microsoft administrative tools.
1. 2.
From the Windows taskbar, choose Start Programs Microsoft SQL Server Service Manager. Choose Start/Continue.
3.
Check that Microsoft SQL Server is started by checking the color and shape of the status icon (the green arrow), and the status message at the bottom of the window.
277
4. 5.
Select the Services drop down list and choose SQL Server Agent. Check that Microsoft SQL Server Agent is started by checking the color and shape of the status icon (the green arrow), and the status message at the bottom of the window. If it is at the Stopped status, choose Start/Continue.
Task
1.
Follow the proper procedure to stop SAP R/3.
Verify that SAP R/3 has been stopped. If SAP R/3 has not been stopped, stop SAP R/3 now. From the NT desktop, choose Start Programs Microsoft SQL Server Service Manager. Choose Stop.
2. 3.
4.
Choose Yes.
5.
Choose Yes.
278
6.
Do not use NT services or issue command: net stop mssqlserver to stop the SQL server database. This will not properly flush the DB buffers to disk when stopping and may cause database startup problems.
Check that Microsoft SQL Server is stopped by checking the color and shape of the status icon (a red square), and the status message at the bottom.
Database Performance
Overview
The Computing Center Management System (CCMS) has tools available for SAP R/3 administrators to monitor the database for growth, capacity, I/O statistics, and alerts. This section discusses the initial transactions that can help the database administrator.
Memory and buffer usage Space usage CPU usage SQL requests Detailed SQL items
To manage your system performance, the database must be monitored. An important item is the ability to view the database error log from within SAP R/3. This view saves the extra effort of logging into the database to view this log.
279
Task
2.
DB startup
I
Memory Usage
I
Procedure cache and data cache hit ratio can reflect memory problems. For optimal usage, these values should approach 99%.
Server Engine/Elapsed
I
Shows how hard the CPU is working on MS SQL Server processes. Pay attention to the ratio of busy time to idle time
SQL Requests
I
Shows how SQL queries are utilizing table access for full table or index scans. A high ratio of full table scans to index scans can indicate performance bottlenecks.
3.
The Database Performance Analysis: SQL Server Database Overview screen is the Detailed analysis menu (option 2D).
a.
This screen is composed of the following three sections: Analyze database activity Analyze exceptional conditions Additional functions
280
b.
Areas of common interest are: Server details SQL processes Error logs (see the following screen)
4. 5.
The SQL Error Logs Overview screen appears. Select an entry in the Log name column.
281
6.
Refer to SAP Note 425763 (German) if error logs are not seen.
Choose
7.
282
This transaction can also be accessed with transaction ST04. Choose Detail analysis menu State on disk.
Database growth Using the growth rate you could project the growth to determine when you may need to get additional disk storage for the database. Database index, consistency, and so on Tables
Task
I I
a.
The following describes some of the information on the screen: Database information indicates space used for data and log information. DB space history takes you to the View database history screen. DB analysis takes you to an analysis menu screen.
b.
To determine attributes for a specific database object, use Detail analysis to make decisions for an individual object.
283
3. 4.
This screen is the DB space history display. A spreadsheet allowing analysis based on calendar scenarios exists with the ability to sort on column information. To view by file, choose Files.
5.
6.
The Database Analysis screen appears. The administrator can use the information on this screen to:
I I
Analyze the database for missing indexes, conflicts between ABAP Dictionary and database, and SAP R/3 Kernel integrity Perform a database consistency check
284
Analysis can be done for table specific objects to determine the largest tables, and tables that are modified.
To schedule a backup task using the DBA Planning Calendar, the backup must be able to run unattended, meaning that you must have one of the following:
I
Database and transaction log backup Differential database backup Check database consistency
A single tape drive with sufficient capacity to back up the database without changing tapes. Multiple tape drives with sufficient total capacity to back up the database without changing tapes.
These tasks can be conveniently managed and scheduled without going to the database. The DBA Planning Calendar works with transaction DB12 (Backup logs). For more information on transaction DB12, see page Checking the Database Backup (DB12).
Task
1.
Enter transaction DB13 and choose Enter (or from the SAP standard menu, choose Tools CCMS DB Administration DB13-DBA Planning Calendar).
285
2.
Double-click on the date. If a task exists for that day, this window appears.
3.
On the Actions for <XXXXX> dialog box, choose Insert to add a new task.
4.
The start time is the time on the database server.
In StartTime, enter the time to begin the backup. Under Action, select a task (for example, Full Database Backup).
5.
286
6.
Choose Continue.
7. 8.
Select the database to be backed up. In this example, we select all the databases. Choose OK.
9. 10.
287
11.
In the Log backup tape options dialog box, select the following options as appropriate:
a. Unload tape
To eject the tape after the backup is completed
b. Initialize tape
To overwrite existing data, rather than appending to last backup
c. Verify backup
To verify the backup after it has run If you are doing an online backup when transactions are being performed, selecting this option is not useful because the database changes during this time will cause this test to fail.
d. Format tape
To erase the entire tape and write a new tape label This option is selected when using a brand new tape, or a tape that was previously used with a different application, or backing up to disk when same device is loaded.
12. 13.
In Expiration period for backup volumes, enter the number of days to protect the tape. Choose OK.
14.
Choose
288
15.
289
2. 3.
If more than one entry is shown, select the backup entry. To see what tape (label name) is required for that backup, choose Volumes needed.
4.
290
Note
2. 3.
You can also choose Change to change the options you originally selected for the job.
4.
Choose Yes.
5.
291
6.
Choose
Log file size and free space in the log file Date and time of last successful restore for: SAP R/3 database Transaction log Master database Msdb database
I I I I I
Backup history Restoration history Backup device list SQL Server jobs Tapes needed for restore
Do not be overly reliant on the tapes needed for restore feature. You must have a method that does not rely on SAP R/3 being available to tell you what tapes you must do a restore of the SAP R/3 system. If there is a severe disaster, and the SAP R/3 system is lost, SAP R/3 is not available for you to look at this report.
It is a convenient collection of backup information. Some of the important backup information such as tape label name is passed to DB12 from DB13. The tapes needed for restore option is important. The only missing information is the run time (duration) of the backup job. This is a problem indicator, when compared to the expected duration of the backup.
292
Task
Note
The following is a list of the available buttons and their functions: Backup history A spreadsheet summary of each backup is listed. Each backup type can be reviewed with detailed log information available using History info. Restoration history A spreadsheet of detailed restoration information is listed. Backup device list Each logical device name is listed with the appropriate physical device name SQL Server jobs A spreadsheet listing of all scheduled jobs with options for CCMS, Database and History Info is listed. History Info lists the specifics of the job that pertain to success or failure of the job. Tapes needed for restore A listing of the tapes that are needed to restore the various databases. Scroll to the bottom of the screen, for the instructions to restore the database.
293
For SQL Server, see SAP Note 141118 for a description of the tape label naming convention used by DB13.
If the log is allowed to grow to capacity and use all available file space on the drive, SQL Server will stop. This event is critical, because when SAP R/3 stops, so does the business processes that require SAP R/3 to be running.
\usr\sap \usr\sap\trans <homedirectory> of <sid>adm \<sid>data (might have multiple files) The SAP R/3 database files
Additionally, you should back up the following Microsoft SQL Server databases:
I
Note
Master In case of failures or hardware or software disasters, the Master database contains the data necessary to recover the database.
There is no need to backup the \tempdb directory, because it will be rebuilt on server cycling.
MSDB The MSDB database contains the data for the SQL Server job scheduler and the database backup history.
To make the backup process easier, and to reduce errors, we recommend that you backup the entire server and not just specific directories and files.
294
If the log is allowed to grow to capacity and use all available file space on the drive, SQL Server will stop. This event is critical, because when SAP R/3 stops, so does the business processes that require SAP R/3 to be running.
To clear the log, the log backup must periodically be done in the initialization mode. You must also backup the following SQL Server databases:
I
Master If there is a hardware or software disaster, the master database contains the data necessary to recover the database.
MSDB The MSDB database contains the data for the SQL Server job scheduler and the database backup history.
An online backup allows you to backup the databases when SAP R/3 and the database are running, to reduce impact to system users.
Task
1. 2. 3. 4. 5.
On the Windows taskbar, choose Start Programs Microsoft SQL Server Enterprise Manager. In the Enterprise Manager, expand the SQL Server Group under which your server is located. (You may have a different group name.) Expand the server that you want to look at. (You will have a different server name.) Choose Management. Choose Backup.
295
6.
Note
Select Database complete to do a full backup of the database. Select Transaction log to backup only the transaction log.
7. 8. 9.
In Database, choose the dropdown arrow to select the database to backup. Under Backup, select the type of backup to perform (for example, Database complete). Under Destination:
a. b.
Select the media (for example, Disk). Select the device (for example, logdisk1).
Note
To select another device as the destination, choose Add Backup device.
10. 11.
Under Overwrite, select Overwrite existing media. Choose the Options tab.
296
12.
13.
Under Backup set will expire, select one of the following options and complete the entry field:
a. b.
After (a defined number of days), then enter the number of days. On (a specific date), then enter the date.
Backup without checking the tape label. Backup checking the tape label. Initialize the tape and writing a new tape label, before backing up.
Task
Backup without checking the tape label
This step will overwrite and destroy any data on the tape. Be certain that the correct tape is in the drive.
1.
Check media set name and backup set expiration Initialize and label media
297
2.
Task
Check the tape label before backing up
1. 2. 3.
Select Check media set name and backup set expiration. Enter the tape label in Media set name (for example, RD26S). To begin the backup, choose OK. If the label of the tape does not match the name entered in Media set name, the backup will fail.
298
Task
Initialize the tape before backing up
1.
This step will relabel, overwrite, and destroy any data on the tape. Be certain that the correct tape is in the drive.
Select Initialize and label media. Enter the tape label name in Media set name (for example, RD26S). Choose OK to begin the backup.
2. 3.
For smaller customers, the entire server could be backed up to a single DLT cartridge.
\usr\sap \usr\sap\trans <homedirectory> of <sid>adm \<sid>data \<sid>log (the SAP R/3 database files) (the SAP R/3 log file)
In addition to these directories, you must back up any directories and files for third-party products, interfaces, and so on that store data outside the SAP R/3 database. Because getting all the required files and directories can be difficult, we recommend that you backup the entire server.
299
Due to system limitations on the documentation system, the location of the files in this example is presented differently from the recommendations in the SAP installation manual.
The data in the database does not change while the backup is being made, which means that you have a static picture of the database and do not have to deal with the issue of data changing while the backup is being run. With some third-party applications, you cannot back up the files unless they are closed, and this is not possible unless SAP R/3 and the application are shut down. Therefore, an offline backup needs to be done. A full server offline backup also gives you the most complete backup in the event of a catastrophic disaster. One tape contains everything on the server. To do an offline backup, we use Windows 2000 Backup interactively.
Task
1. 2. 3. 4. 5. 6.
Shut down SAP R/3. Shut down the database. Shut down any other applications. Insert the appropriate tape into drive. On the Windows 2000 taskbar, choose Start Programs Accessories System Tools Backup. Choose Backup.
7.
Select the drive and the appropriate directories, (for example, C:) on the server.
300
8.
9.
a. b. c. d.
In Backup description, enter a description. Under If the media , select Replace the data on the media with this backup. In If the media is , enter the same description as in step 8. Choose Advanced.
301
10.
a. b. c. d.
Select Verify data after backup. If your tape drive supports hardware compression, select If possible, compress space. Under Backup Type, select Normal. Choose OK.
11.
The backup will run. The Selection Information dialog box displays the backup progress.
12. 13.
The Replace Data dialog box appears to verify that the correct tape is in the drive. Even if the tape name you entered in the previous screen matches the tape label, this window will appear. Choose Yes.
302
14.
The Backup Progress dialog box displays the backup progress. Depending on the size of the database, the backup may run for a period of time.
15.
16.
303
17.
Remove the tape from the tape drive and store properly.
Perform database analysis using Microsoft SQL Server 2000 - Enterprise Manager
1.
From the NT desktop, choose Start Programs Microsoft SQL Server Enterprise Manager.
304
2.
a. b. c. d.
Expand the SQL Server Group under which your server is located. Expand the server where the SAP R/3 system is installed. Expand Management. Expand the SQL Server Logs.
3. 4.
Select the Current log. You can also look at the six previous error logs. Read the log in the right frame.
305
NOTE: For those coming from SQL Server 7.0 environments, SQL Server 2000 executes the DBCC CHECKDB job much faster than SQL Server 7.0.
SQL Server uses the DBCC CHECKDB command to correct and repair the database to a consistent state. This is executed using:
I I
CCMS Scheduling calendar (transaction DB13) The SQL Server Enterprise Manager
The consistency checks should be done during non-peak hours or when SAP R/3 users are offline.
System Passwords
SQL server
For additional information, see SAP Note 28893. User IDs to change:
I I
sa sapr3
306
Task
From the NT desktop, choose Start Programs Microsoft SQL Server 2000 Enterprise Manager. In the SQL server Enterprise Manager:
2.
ask for or set a password for user sa. Once the installation is complete, the system administrator must manually create a password.
I
a. b. c. d.
Expand the SQL Server Group. Expand the server. Expand Security. Choose Logins.
For user sapr3, a default password is created. You must change the password. Beginning with release 4.5, user sapr3 is no longer used by SAP R/3.
3.
On the right side of the screen, double-click sa (or sapr3, if sapr3 was created).
4.
307
5. 6.
7. 8.
9.
For user sapr3, up through release 4.0, in the SQL Server Enterprise Manager Console, choose Tools SQL Query Analyzer.
308
10.
Enter the following SQL commands: use <SAPSID> go sap_change_password <OLD_PASSWD>, <NEW_PASSWD>
11.
C H A P T E R
11
11
310
Overview
This chapter describes SAP database administration for Informix. You learn about routine administration tasks to help ensure that the database runs smoothly. You can perform database administration tasks for Informix:
I I
We recommend that you use the SAP R/3 system to schedule tasks for regular execution. However, the database must be up and running for you to use the SAP R/3 system. Certain tasks such as starting and stopping the database server must be performed using SAPDBA, which does not require the database to be running. Additionally, certain tasks such as extending a dbspace can only be performed with SAPDBA.
Example
You can specify a database backup to run every evening at 22:00. You only need schedule the backup once. After that, all you need do is to make sure the tapes are loaded and then check the results the following morning.
You normally only need run this conversion once after database installation.
Before you can use the DBA Planning Calendar with the Informix backup tool ON-Bar, you must do a one-time conversion.
Task
Initialize the DBA Planning Calendar
1. 2.
In the Command field, enter transaction SE37 and choose In Function module, enter INFDBA_SWITCH_TOOL.
311
3.
4.
On the Test Function Module: Initial Screen, to perform the conversion, choose .
5. 6.
If you see DBA Planning Calendar (onarchive), run the conversion again to set the calendar to onbar.
To check the conversion, in the Command field, enter transaction DB13 and choose . The DBA Planning Calendar (onbar) screen appears, indicating that the DBA Planning Calendar is now set to onbar.
312
1. 2. 3.
Note
Select the day on which you want to run the action (for example, Thu Sep 06). Choose .
The current day, Tue Sep 04 in this example, is shown by default in white.
Note
4. 5.
If you want the task executed only once, leave Period empty.
Select the task you want to perform. This example shows a Database configuration check. In StartTime, enter the start time. To have the task executed weekly (for example), in Period, enter 1. Choose .
6. 7.
313
8. 9.
The new task, 22:00 DB Check, is created on the chosen day and weekly thereafter. A New action added message is displayed at the bottom of the screen.
314
3.
Double-click the day header to review the completed or scheduled tasks for the day. The example shows a completed task from a previous day, Sun Sep 02.
Note
4.
Select the action you are interested in and choose action log.
Some tasks, such as the first one in this example, do not have action logs. In this case, the Logs box is not checked.
Note
5. 6.
The system displays the action log for the Database configuration check. Choose .
7.
To display the job log for the task, choose Job Logs. The system displays the job log list.
315
8.
To see the contents of the log, select the log and choose
9.
316
4.
5.
317
Be sure to back up the data in your Informix database regularly, preferably daily. Otherwise, you risk losing data and endangering your business. Follow the procedures below carefully so that you can recover your database in the event of failure.
Database data that is, mainly data in the dbspaces of the database Logical-log data that is, ongoing transaction data
The following procedures show you how to schedule a weekly whole-system backup plus incremental backups on the remaining days of the week. Finally, we show you how to start a continuous logical-log backup. If your database crashes, you can restore the database using the whole-system backup (which restores the database to a consistent state). You can then roll the database forward to the point of failure using the incremental backups and the logical logs. Write essential information on your tapes, such as the date and time of backup to ease your restore process. Also, keep tapes for the length of your backup cycle (for example, 28 days) before overwriting them.
Whole-system backups once a week (on Saturday in the example) Incremental backups once a day on the remaining six days of the week
Task
1. 2.
318
3. 4.
Choose
a. b. c. d.
Select Whole system backup (serial). In StartTime, enter the time to start (for example, 20:00). In Period, enter a number (for example, 1). This means that the backup is repeated weekly at the same time. Choose to schedule the action.
Note
5.
We recommend that you run incremental backups on the remaining six days of the week, that is, Sunday through Friday. Therefore, you have to perform the remainder of this procedure once for each day.
The new task, 22:00 WS BU L0, is created on the chosen day and weekly thereafter.
6. 7.
Select the day on which you want to run incremental backups. Choose .
319
8.
a. b. c. d.
Select Incremental whole system backup (serial). In StartTime, enter 23:00. In Period, enter 1 (this means that the backup is repeated weekly at the same time). To schedule the action, choose .
9.
a. b.
320
10.
The new task, 23:00 WS BU (Inc), is created on the chosen day and weekly thereafter.
11.
The following screenshot shows how the calendar looks after you have scheduled all the required backups:
I I I
On Sunday through Friday, there is an incremental backup scheduled: 23:00 WS BU (Inc) On Saturday, there is a whole system backup scheduled: 20:00 WS BU L0 All backups are repeated weekly.
321
1. 2.
Using your normal text editor, open the ONCONFIG file, located in the directory %INFORMIXDIR%\etc (Windows) or $INFORMIXDIR/etc (UNIX). Amend the line with ALARMPROGRAM so that it looks as follows:
I I
3. 4.
Restart the database server for the changes to take effect. Make sure that the tape drive always contains a tape with sufficient space to store the logical log data. After you have processed this change, when the database starts, continuous logical log backup is activated. Each logical log is automatically backed up as soon as it fills.
1. 2. 3.
In the Command field, enter transaction DB13 and choose Select the day on which you want to run the database check. Choose .
322
4.
a. b. c. d.
Select Database configuration check. In StartTime, enter 18:00. In Period, enter 1 ( the check is repeated weekly at the same time). Choose .
5.
The new task, 18:00 DB Check, is created on the chosen day and weekly thereafter.
Task
1.
323
2.
Double-click the entry for the database check that you want to look at. In this example, we look at the entry for 22:00 DB Check on Sun Sep 02.
Note
3. 4. 5.
The log for the database check appears. Drill down to look at details for the marked <Error> or <Warning>. This example shows the error message for the LTAPEDEV parameter, which is set incorrectly.
6.
To find more information if there is a problem with the database, look at the message log. See "Viewing the Database Message Log" below.
324
325
3.
On the Database Performance Analysis: INFORMIX Database Overview screen, under Analyze exceptional conditions, choose Database Message Log.
4.
a. b.
Depending on what kind of messages you want to view, select either Only alerts or All messages. Choose Display.
5.
The Database Messages screen appears, displaying details of the database alerts. Scroll down to see the most recent entries.
326
Updating Statistics
We recommend you update statistics regularly (for example, weekly) to improve database performance. Up-to-date statistics mean that the query optimizer can choose the best query plan, reducing the time taken by your SAP applications to access data.
Task
Update statistics
1. 2. 3. 4.
In the Command field, enter transaction DB13 and choose Select the day on which you want to run update statistics. Choose . .
If you want the task executed only once, leave Period empty.
a. b. c. d.
Select Update optimizer statistics (all tables). In the StartTime, enter the time to start the job (for example, 01:00:00). To have the task executed weekly, in Period, enter 1. Choose .
327
5.
a. b.
If required, change the parameters. However, the default values are usually acceptable. Choose .
6.
The new task, 01:00 Update sta, is created on the chosen day and weekly thereafter.
328
Task
a. b. c.
If you want the task executed only once, leave Period empty.
Select Physical consistency check. In StartTime, enter the start time (for example, 18:00:00). In Period, enter the period in number of weeks (for example, to execute the task every four weeks, enter 4). Choose .
d.
5.
a. b.
329
6.
The new task, Cons. Check is scheduled on the chosen day and every four weeks thereafter.
330
2.
On the Database Performance Analysis: INFORMIX Database Overview screen, choose Detail Analysis Menu.
Note
3.
On the Database Performance Analysis: INFORMIX Database Overview screen, under Additional functions, choose State on disk.
331
4.
On the Database Performance: Tables screen, under Tables/Indexes, choose Space-critical objects.
332
5.
We recommend you to schedule the database check for regular execution in order to identify space problems early. However, if you are loading a large amount of data, or if you suspect a space problem, we recommend you to use this one-off procedure.
The screenshot shows that objects in the psapprot dbspace require more space. If one of these objects needs extending, there is not enough space in the dbspace. In the column Next extent, each object requires 10,240 KB for a new extent. However, there is only 9,230 KB available, as shown in column Freespace in Dbspace, Total.
Note
The database check procedure also alerts you to space problems. Here is a warning from the database check that the psapprot dbspace needs extending. For more information on how to check the database system, see Checking the Database System on page 321.
6.
Be sure to extend the psapprot dbspace as soon as possible. For more information on how to do this, see Extending a Dbspace on page 337.
333
Using SAPDBA
This section describes how you can use SAPDBA to administer your Informix database. Where possible, we recommend you to perform database administration in the SAP system. This is because you can use the DBA Planning Calendar in the SAP system to schedule many routine tasks such as database backup for automatic execution. In addition, the SAP system offers a modern graphic user interface (GUI) for easy operation.
What is SAPDBA?
SAPDBA is an integrated database administration tool for Informix databases running with SAP systems. You can use it without detailed knowledge of the database and its tools. SAPDBA filters information about the database, showing you only what you need, and uses complex database statements to let you confidently manipulate the data while ensuring security and integrity. SAPDBA offers a character-based menu interface and a command line mode. You can perform the following database administration tasks with SAPDBA:
I I I I I I I I
Change server mode (that is, start and stop the database) Administer dbspaces Reorganize the database Check database consistency Update statistics Change logging mode Check the database system View system information Some of the above tasks such as database reorganization require considerable experience. If you are uncertain about these tasks, seek support before attempting to perform them. We do not explain the full functionality of SAPDBA in this documentation.
Caution
334
Note
Certain advanced SAPDBA functions are not available if you log on as user <sid>adm. For full functionality, log on as user informix.
Task
Start SAPDBA
You can log on to the database server using a remote session for example, with Telnet (UNIX) or pcAnywhere (Windows).
1. 2. 3.
Log on to the database server as user informix (for example, su informix). On the command line, enter sapdba. The SAPDBA start screen appears.
The top of the screen displays useful status information about the database server, such as Server Mode and the number of 'sapr3' User(s) logged on.
1. 2.
Log on to the database server as the user informix or <sid>adm. To start SAPDBA, enter sapdba.
335
3. 4.
The SAPDBA start screen appears. In this example, the database server is in OFFLINE mode. Choose Server Mode.
5.
336
6.
7. 8. 9. 10. 11.
Before stopping the database, make sure that all users are disconnected. Also be sure to stop the SAP R/3 system. If there are still users connected to the database or the SAP System is still running, SAPDBA warns you with a message
The server is in ONLINE mode. You can now start the SAP System. The screen displays the number of SAP users connected (1 user, the SAPDBA user). You can also see that Logging Mode is turned on. To stop the database server, choose Server Mode. Choose Switch to Offline Mode.
337
12.
Extending a Dbspace
This section describes how to make extra disk space available for database data. The database consists of dbspaces that contain the data. You must make sure that there is always enough space in the dbspaces to extend database objects, such as tables, that are growing due to new data. As they grow, database objects within the dbspaces are extended automatically, but you must extend the dbspaces yourself when required.
Note
You can identify when a dbspace needs extending using either of the following procedures:
I I
Checking the database system, as described in "Checking the Database System" above. One of the alerts produced by this check indicates when a dbspace is running out of space. You do not need to stop the database server to extend a dbspace.
Task
Extending a dbspace
Note
1. 2.
Log on to the database server as the user informix. To start SAPDBA, enter sapdba.
338
3.
Choose Dbspaces.
4.
5. 6. 7.
Choose a. In Dbspace, enter the dbspace name (for example, psapprot). Choose Enter.
339
8.
Choose s.
Choose a. In Size, enter the size of the new chunk. Choose Enter. Choose Select 'primary' gap to find a physical gap on the device for the new chunk.
13.
Select a gap with enough space for the new chunk (for example, 2).
340
14.
Choose Enter.
15. 16.
Choose Execute to add the new chunk. The message tells you that the new chunk has been added to the psapprot dbspace.
341
17.
Choose o.
Further Information
More information about database administration with Informix can be found at the following web sites:
I I
www.service.sap.com/dbainf www.informix.com/documentation
For support information about Informix with SAP, see service.sap.com/notes. For information on Informix database administration relating to, for example, SAP Release 4.6C, enter the following search criteria and choose Submit:
342
C H A P T E R
12
12
344
Overview
The Oracle Relational Database has the ability to support large databases. The amount of work involved in managing the Oracle database largely depends on the size and the workload. Despite the complexity of the database, SAP supplies several database administration tools in the standard SAP System package to help you manage the database more easily. The database administration tasks discussed in this chapter are those not covered in other sections.
Note
The SAPDBA discussed in this chapter is documented on Unix platform. The NT version is similar. Press the Enter key each time the program asks you to Press <return> to continue. The database should be started before SAP R/3 is started and the SAP R/3 should be stopped before the database is stopped.
1.
a. b.
Log on as user ora<sid> (for example, su oraarc). At the command prompt, enter sapdba and choose Enter.
345
2.
a. b.
3.
346
5.
Choose Enter.
6.
The INSTANCE STATUS of open indicates that the database has been started.
347
7.
and
1.
To stop SAP R/3, you must log on as user <sid>adm. In this example, enter su arcadm and stopsap to stop SAP R/3. Enter exit to switch back to user ora<sid> to start the SAPDBA administration tool.
Stop SAP R/3. From the main SAPDBA screen, in Please select, enter a and choose Enter.
2.
348
4.
349
5.
Choose Enter.
6.
8. In Please select, enter q and choose Enter to return you to the main SAPDBA
menu screen.
350
Note
Some DBA functions can only be performed outside of the SAP R/3 system. In theses cases, you must use an external tool supplied by the database manufacturer or a product recommended or designed by SAP (for example, SAPDBA).
Database Performance Monitoring Database Tables and Indexes (Allocation) The DBA Planning Calendar Backup Status Logs Database Alert Monitor Others
To simplify the administration of the SAP R/3 system, SAP has built in database administration tasks into the CCMS framework. This enables the SAP R/3 administrator to perform routine system tasks from one location from within the SAP R/3 system.
351
3.
Data buffer
I
The data buffer contains the Oracle data blocks in shared memory. On a production system, SAP recommmends that you maintain a data buffer quality of at least 97%.
Shared Pool
I
The shared pool holds several memory structures, such as the data dictionary cache and the shared SQL statements.
Log buffer
I
The log buffer contains information about changes being made to the database before the buffer information is written to the redo log files.
Calls
I
Calls display the number and type of calls that the SAP processes request to the Oracle database.
352
4. 5.
Oracle session
I
The Database Performance Analysis: Oracle Database Overview screen appears. Choose Database message log.
This monitor displays information about the various database processes and the SAP R/3 work processes associated to the session.
SQL request
I
This monitor provides an analysis of the shared cursor cache used for performance tuning.
This function analyzes if a process is exclusively holding a lock, causing other processes to lock while waiting for the held resource.
6.
a. b.
353
7.
The Database Messages screen appears. The log displays all messages written to the Oracle alert log. To monitor for problems with the database, you can search for the errors that are generated and written to the log. The errors are typically displayed with a referencing Oracle error message number (ORAXXXX).
Checking for space-critical objects Looking for lost indexes Analyzing database growth
Task
354
2.
a. b.
If the time of the analysis is out of date, you must first refresh the data and call the performance collector to publish new information. Choose Refresh.
Refresh button
3.
On the Refresh Database Statistics dialog box, choose Perform database checks.
4.
To refresh the database statistics, choose Yes. The report RSORAT0D is scheduled to run in the background.
355
1. 2.
In the Command field, enter transaction DB13 and choose Enter (or choose Tools CCMS, then DB Administration DBA Planning Calendar). On the DBA Planning Calendar: Maintain screen:
a. b.
3.
a. b.
Select the task you want to perform (for example, Check database). Enter the start time in StartTime.
356
c.
Choose
Note
4.
To schedule a backup task, the backup must be able to run unattended. This means that you must have a tape drive with sufficient capacity to back up the database without changing tapes, or multiple tape drives with sufficient total capacity.
The task is created in the day and the Action scheduled message displays in the status bar.
If you use an external backup solution to manage the backup of the database these predefined action patterns may not apply to your environment.
An action pattern implements a backup strategy and other database administration activities that must be regularly performed. Once you choose a predefined action pattern, the system adds the corresponding activities to the DBA Planning Calendar, and plans the background jobs that will execute the activities. Using a predefined action pattern ensures that you are following the SAP standards for database activities, and also provides an easy alternative to manually setting up the backup schedules.
357
Task
1. 2. 3.
In the Command field, enter transaction DB13 and choose Enter (or choose Tools CCMS, then DB Administration DBA Planning Calendar). On the DBA Planning Calendar: Maintain screen, choose Calendar Action Pattern. On the Schedule an Action Pattern dialog box:
a. b.
Task
1. 2.
In the Command field, enter transaction DB13 and choose Enter (or choose Tools CCMS, then DB Administration DBA Planning Calendar). On the DBA Planning Calendar screen:
a.
Review the scheduled tasks for the day. The color of the task indicates status: Red Failure Yellow Problem/warning Green Success Purple Started
358
b. c. d.
If there are more jobs than can be displayed, a scroll bar appears. Select a task. Choose Job logs.
3.
a. b.
4.
a. b.
Choose Choose
. .
359
5.
a. b.
6.
7.
The SAPDBA Detail Log screen displays the detail log for the job. In this example, the log from the DB System Check is displayed.
360
1. 2.
In the Command field, enter transaction SE14 and choose Enter. On the ABAP Dictionary: Database Utility screen:
a. b.
In Obj. name, enter an object name to be modified (for example, S120). This is usually reported from the SAPDBA check report or from analyzing the tables and indexes report. Choose Edit.
361
3.
On the ABAP Dictionary: Utility for Database Tables screen, to view and modify the storage parameters for this table, choose Storage parameters.
4. 5.
Information about the storage parameters for the table is displayed. Additional information about the indexes that access this table is also displayed. To switch to change mode, choose .
362
6. 7.
Modify the parameters, NEXT EXTENT and MAXIMUM EXTENTS as appropriate. Administrators have different policies of how they modify database storage parameters, though as a rule of thumb SAP recommends that you provide enough storage space to allow the object to take no more than 2 extents a month. To apply the changes to the database, choose Apply.
8.
363
9.
A message appears in the taskbar to confirm that changes were applied to the database.
SAPDBA
Note
SAPDBA is a tool that SAP created to assist the user in managing an Oracle database specifically for an SAP installation. SAPDBA is supported on both UNIX and Windows NT platforms. SAPDBAs uses include:
I I I I I I I
Start and stop the database Back up the database Back up the archive logs Restore the database Reorganize tables Check the database Other
364
Database tasks specific to SAP have been implemented in SAPDBA. SAPDBA tasks specific to backups are discussed in Backup on page 37. SAPDBAs parameter file init<SID>.sap is important. This file should be configured as part of the implementation. If things change (such as replacing a tape drive), you may need to modify the file.
Task
1.
Open the file init <SID>.sap using a text editor. NT: use sappad <drive>:\orant\database UNIX: use vi /oracle/<sid>/dbs This file contains the system parameters that configure the database.
Note
The init<sid>.ora file is a very important file for the correct functioning of the database and should be frequently backed up.
2. 3.
Edit the parameters as appropriate. You can reference SAP Note 124361 for SAP recommendations for Oracle DB parameters for SAP R/3 release 4.x. Some other parameter files that control the database operation are:
I
init<sid>.dba
These parameters describe the values that are defined for use by the SAPDBA utility.
I
init<sid>.sap
365
These parameters describe the values that are defined for use by the SAP backup utility.
Task
Start SAPDBA
1. 2. 3.
To start SAPDBA, in a Telnet application, log on as user ora<sid> (for example, su oraarc). At the Command prompt, enter sapdba and press Enter. The main SAPDBA screen appears.
366
Space is checked (free space and fragmentation) Oracle alert messages are monitored
The database verification checks the Oracle database internal block structure.
1.
On the main SAPDBA screen, in Please select, enter k and choose Enter.
367
2.
3.
A list of database checks to be performed appears. Once you have read the message, choose Enter. This step may occurs many times.
4. 5.
When requested, enter y and choose Enter to start the check process. When requested, choose Enter to continue the check process. This step occurs many times.
368
8.
NT: <drive>:\oracle\<sid>\sapcheck UNIX: /oracle/<sid>/sapcheck The filename is in the following format: YYMMDDHHMM.chk
369
9.
You can view log file in a text editor, such as Notepad in the screenshot below.
Database Verification
Database verification checks the Oracle internal block structure. Ensure that SAP R/3 is stopped and that the database is running.
Task
370
3.
4.
5.
Check the verification log. The log from the verification run is found in: NT: <drive>:\oracle\<sid>\sapcheck UNIX: /oracle/<sid>/sapcheck
371
YYMMDDHHMM.dbv
6.
The file can be viewed with a text editor, such as Notepad below.
372
3.
4.
5.
6. 7.
In Please select, enter q and choose Enter. Note the description on the line Backup function showing Initialize BRBACKUP tape.
8. If you only have one tape to initialize, go to step 11. If you have more than
one tape to initialize, in Please select, enter d and choose Enter.
373
10. The number of tapes to initialize should appear on the line d Number of
tapes.
11. In Please select prompt, enter s and choose Enter. 12. When the program prompts Your reply, enter cont to continue.
13.
Press Enter.
Initialization completion
374
Task
Note
n (Number of tapes parameter) is required to initialize a pool of tapes. v <volname> (Volume name parameter) is optional. Use this option only if you must initialize a tape with a specific volume name (for example, when replacing a damaged tape). If v <volname> is omitted, the command will use the name table in the init<SID>.sap file.
2.
The entry cont is casesensitive.
When the program prompts Your reply, enter cont to continue and choose Enter. When initialization has finished successfully, the message BRBACKUP terminated successfully displays. Remove the tape from the drive and label it matching the specified name.
3. 4.
375
Task
Initialize an archive tape using SAPDBA
1. 2.
At the Command prompt, enter SAPDBA and choose Enter. In Please select, enter i and choose Enter.
3.
4.
376
5.
6. 7.
Note the message to the right of Archive function, showing Initialize BRARCHIVE tape. The number of tape to be initialized can be changed in the same way as BRBACKUP. To change the number of tapes to be initialized:
a. b. 8.
In Please select, enter d and choose Enter. Enter the number of tapes to initialize and choose Enter.
9. 10.
When the initialization finishes, the message BRARCHIVE executed successfully displays. Remove the tape and label it to match the label name.
377
11.
Choose Enter.
Task
Initialize an archive tape using BRARCHIVE
1. 2.
Log on as user ora<sid> (for example, su oraarc). At the Command prompt enter brarchive i force n 1 v <volname> Initializing parameters are the same as for BRBACKUP. For more information, see Use BRBACKUP to initialize a database backup tape on page 374.
3. 4. 5. 6.
When the program prompts Your reply, enter cont to continue. Choose Enter. When initialization has finished successfully, the message BRBACKUP terminated successfully displays. Remove the tape from the drive and label it matching the initialized label.
378
Back Up
To back up both the database and archive logs:
I I I I
Determine the tapes required to do the backup. Gather the required tapes. Load the tape drive with the tapes. Execute the appropriate backup process.
1.
For database, enter brbackup q and choose Enter. For archive logs, enter brarchive q and choose Enter.
2.
The volume labels that will be used are displayed (in this example, SAOB04 and SAOB01).
]
379
Task
Back up the database
1. 2. 3.
Log on as user ora<sid> (for example, su oraarc). At the Command prompt, enter SAPDBA and choose Enter. In Please select, enter h and choose Enter.
4.
5.
Review line e (Backup type) to determine what type of backup is configured, online or offline.
380
6.
If the type of backup needs to be changed, in Please select, enter e and choose Enter.
7.
8. 9.
In Please select, enter your option choice (for example, b) and choose Enter. In Please select, enter q (Return) and choose Enter.
In Please select, enter f and choose Enter. Enter the volume name of the taped used to backup the database. If there is more than one tape, separate the name by comma (for example, ARCB01, ARCB02). Choose Enter. In Please select, enter S and choose Enter.
381
The program prompts you to replace the tape when it needs changing. Replace the tape with the new tape and volume name specified. Enter cont, when the program prompts you to enter cont to continue. Choose Enter.
17.
When the backup has finished successfully, the message BRBACKUP terminated successfully appears.
1.
382
2.
3.
To enter some of the parameters of archiving, enter a (Archive function) at the prompt and choose Enter.
4. 5.
Enter the letter for the type of archive log backup you want to do (for example, a). Choose Enter.
383
6.
We recommend that you make two copies of the Oracle Archive Logs.
7. 8. 9.
Enter e and choose Enter. Enter the volume name of the tape used to backup the archive logs (for example, ARCA01) and choose Enter. Enter s and choose Enter.
10.
When the archive logs have been backed up successfully, the message BRARCHIVE executed successfully appears.
384
PART SIX
Operations Overview
386
Part Overview
Operations, as a topic, is composed of various system-related topics that can be loosely called data center operations. Chapter 13 discusses the printing and spooling processes of your SAP system. We talk about setup and management of the SAP printing system. Chapter 14 talks about administration of secondary systems relating to the SAP system, such as the network, operating system, and servers. Chapter 15 covers general system operation. Background jobs are covered here, as well as operational modes and backups. Chapter 16 discusses the management of change. Over time, your system may require patches and fixes. We talk about how to manage them effectively in this chapter.
C H A P T E R
13
13
Output Management
388
Overview
This chapter covers the setup and management of the SAP R/3 printing system. To accommodate the open client/server architecture concept, SAP has its own spool system that provides a uniform interface independent of the system platform.
Set up the printer at the operating system level. Know the printer name. This name is the network name of the printer (for example, FIN3 or \\FINANCE\ACCT2; not HP Laser Jet 5si). Know the type of printer. This information is the manufacturer and model of the printer (for example, HP Laser Jet 5si).
Task
1. 2.
In the Command field, enter transaction SPAD and choose Enter (or from the SAP standard menu, choose Tools CCMS Spool SPAD-Spool administration). In the Device/servers tab, choose Output devices.
389
3.
Choose
4.
Choose
5. 6. 7. 8.
The Model and Location fields are important because you cannot use a printer if you do not know its location and its model name. The key is to make your description as precise as possible. If the printer has been moved, remember to update this field.
In Output device, enter a descriptive name for the printer (required). Optionally, in Short name, enter a short name. The system can define it for you. In our example, we will let SAP R/3 define the short name. Choose the Device Attributes tab. On the Device Attributes tab:
a. b. c. d.
In Spool server, choose to select the appropriate server where your print requests will be processed. In Model, enter the printers make and model. In Location, enter the printers location.
390
e.
The message field is used for a temporary message that replaces the Location text. Messages are useful if a printer is offline for repair, for example.
At this point, things can get complicated. In general, use the following local access methods to reduce network problems in the system. For:
I
9.
NT Select C Direct operating system call. UNIX Select L Print locally via LP/LPR
In Host printer, enter the printer name as defined in your network (required).
12.
391
13.
a. b. c.
In this section, you can specify a cover page (optional). Select Monitor using monitoring architecture. If you have a large number of printers, do not select this option. Choose .
14.
In our example, to let SAP R/3 create the short name, choose Yes.
15.
If we had entered a short name, and there is a name conflict with an existing printer, this conflict message would appear. If this name conflict exists, at this dialog box, choose Yes.
16.
392
17.
Note
Automatic selection means that the correct tray is selected based on the paper format (such as letter). This selection applies only to the paper format, not the type of paper (for example, letter head, invoice, blank, and so on.)
18. 19.
Under Active, select the paper tray to activate it for automatic selection. Under Page format, enter the page format or choose .
393
20.
a. b.
Select the proper paper format. Scroll down to see the Letter and Legal paper formats. Choose .
21. 22.
23. 24.
Choose
A message in the status bar indicates that the paper tray information was saved.
394
25.
Choose
Note
For frontend printing please see SAP Note 114426.
26. 27.
The new printer (Finance GL) is now in the printer list. To test the printer, from the menu bar, choose Output device print this list.
395
You should check for active spool jobs that have been running for over an hour. These long-running jobs could indicate a problem with the operating system spool or the printer.
Task
Note
The range of data will depend on your installation. If you generate hundreds or thousands of spools a day, you would choose every day. This data range would be much shorter, possibly only two days.
1. 2.
In the Command field, enter transaction SP01 and choose Enter (or choose SAP standard menu Tools CCMS Spool SP01-Output Controller). On the Output controller: Spool request selection screen:
a. b. c. d.
In Created by, delete any information. In Date created, set the date (for example, a week ago, or to any other date range to check for other problems). In Client, delete any information. Choose
3.
396
4.
5. 6.
7. 8.
397
9. 10.
11.
Use the log to investigate the problem (for example, The printer name is invalid).
398
Task
3.
Choose
4. 5.
After the system has been operating for some time, check whether old jobs are being purged. Scroll down to find the oldest date. This date should be within the time frame defined for the job that runs RSPO0041 program (see SAP Note 16083). If the spool requests beyond the minimal age are found, the job may not be properly deleting the old jobs and needs to be analyzed.
399
.
6.
Two reasons for failure of the job that runs the RSPO0041 program are: The user ID under which the job is run does not have the proper security authorization to execute the program. The job is routed to an invalid printer. RSPO0041 has been replaced by RSPO1041. See SAP Note 130978.
7. 8.
From this screen, the spool attributes, output, and temporary sequential database (TemSe) attributes can be conveniently accessed. Notice that information on the Number of pages generated, the Recipient, and the Delete date of the spool request are displayed.
9.
400
10.
You can set the priority of the output request. The priority levels are from 19 with 1 being the highest priority.
Note
For more information, see Check Spool Consistency (SPAD) on page 407.
11. 12.
Select the TemSe attributes tab. The name and size of the object as stored in the TemSe database are displayed. This information is useful when there are inconsistencies in the spool and TemSe databases.
401
Spool Output
The spool request contains the printed document that has not been sent to the output device. The output data of this document is partially formatted and stored in the TemSe database. The output request tells SAP R/3 to format the request to a particular device and contains attributes such as target printer, number of copies, and so on. Each time you select the printer icon, an output request is created for the spool request.
Task
Print the contents of a spool request immediately or at another date and time using different parameters
1. 2.
Select a spool request. Choose to print directly. This step creates an output request and prints the contents of the spool request immediately on the printer.
3.
A message appears on the status bar stating that an output request was created.
402
4.
The Status column displays the status of the print job. If the output was printed successfully, the status is Compl (complete). Otherwise, a status of Waiting or Error will be displayed.
5.
To print a spool request with a different printer or change the start date and time:
a. b.
6.
On the Output controller: Print spool request <XXXXX> screen, you can:
I I I I
Change to another output device Increase the number of copies Change the priority Change the start date and time
403
7.
Choose
to print directly.
8. 9.
The system displays a message that an output request was created. Choose .
404
10.
Task
Print the screen
1.
Choose
405
2.
On the Output Controller: List of Spool Requests screen, you can specify or change the:
I I I I I I I I
Output device Number of copies Pages to print Spool request name Start time Change the priority Number of days you wish to keep the spool request Print format .
3.
406
4.
a. b. c.
Selecting Do not delete keeps the spool request indefinitely. Therefore, this request will not be purged by program RSPO0041 that deletes old spools. Choose a spool retention period (for example, Delete after 8 days). Choose Save.
5. 6. 7.
On the Output Controller: List of Spool Requests screen, choose Continue. In the status bar, a message stating that a spool request was created is displayed. Choose .
407
8.
Task
Check spool consistency
1.
In the Command field, enter transaction SPAD and choose Enter (or from the SAP standard menu, choose Tools CCMS Spool SPAD-Spool administration).
408
2.
3.
409
4.
Note
Another report, RSPO1043, can be used for the spool consistency check. It should be scheduled as a periodic batch job (see SAP Note 98065).
The system checks the spool tables and the TemSe tables to make sure that each spool object has corresponding entries in each of the tables.
Restore from backups Copying databases Copying clients using improper tools Deleting clients without first deleting their objects
410
Task
3.
The TemSe objects and data were checked. If there are inconsistencies:
a. b.
C H A P T E R
14
14
Network/OS/Server Administration
412
Overview
This chapter is about using SAP transactions to get to the operating system log, regardless of the platform.
413
2.
3.
Choose OS Log.
The need to log security events. System resources to track and maintain the log. The more detailed you make the log, the more the system performance will degrade. This degradation is due to the extra processing required to track and log the items. Effort required auditing the log (dependent on the size of the log).
414
Note
There may be indications of a developing problem. If the security audit parameters have been properly set, you could detect unauthorized attempts to access files.
4. The Operating System Log screen appears. In this example, the NT event log
appears.
Transports Support packages Extract files from the SAP R/3 system Program logs Backup logs Error logs Inbound interface files Third-party programs that store their data outside the SAP R/3 database Trace files Spool files (if stored at the OS level)
In addition to these items, check to see that the house cleaning programs are running properly (see SAP Note 16083).
415
If your file system fills up, the SAP R/3 system may stop because the database cannot write to a file. If SAP R/3 stops, any business operations that use the system will also stop. For example, note the following sequence of events: 1. The SQL Server transaction log fills up the file system. 2. SQL Server cannot write any more entries into the log. 3. SQL Server will stop. 4. SAP R/3 will stop. Your user will not be able to perform activities such as entering orders or generating shipping documents. To plan for such a situation:
I I
Anticipate and plan for disk space needs. Determine if storage space expansion is needed. If storage space expansion is needed, purchase and installation plans must be made. The expansion should be planned to minimize operational disruption. Determine if file system cleaning is needed. If archiving is required for data files, archive to quality storage media such as an optical disk, CDROM, or other long-term storage media.
You can use the SAP R/3 Alert Monitor or go to the operating system to check file system space usage. In this section, we use the SAP R/3 Alert Monitor, because we can set alert points.
Task
4. Choose
416
5. 6.
Drill down to get to the following starting node: <SID>\<host>_<SID>_<Instance> (for example, SA1\pa102058_SA1_00). Drill down to the drives OperatingSystem Filesystems. The drives are color-coded to indicate alert status:
I I I
7.
Select a drive (for example, C:) and drill down to see its statistics (Freespace and Percentage_Used). These are statistics at the drive (not directory) level. As you view these statistics, keep your system in mind. For example, on your system, drive H may contain the database that takes up all the space on that drive. Keeping this in mind, you can expect and ignore the warning message, or change the alert threshold for that specific drive. For more information on changing the alert threshold, see the next task.
417
Task
4.
a. b. c.
Under Threshold values, select a threshold change point (for example, Change from GREEN to YELLOW). Enter the new value for when the alert will change color (for example, 500). These threshold values are specific to your system and even to specific drives in your system.
418
d.
Choose . A message appears in the status bar indicating that the new properties were saved.
Outbound SAP R/3 system files may not be created. Transport export may fail. Inbound files may not be created.
In an extreme situation, if you run out of file system space, SAP R/3 may stop, or you may have other failures because SAP R/3 or other applications cannot write to the necessary files. The transport directory check is important because:
I I
After a major implementation where many transports have been created that take up a lot of space Immediately before (or after) performing a database copy, if you do not use a central transport directory, most (if not all) files dated before the copy become irrelevant to the system After installing a large support package
419
Task
Check the following: Support package directory /usr/sap/trans/EPS/in Transport data directory /usr/sap/trans/data Support package files can be reloaded if needed and can be large (for example, support package 15 for Release 4.6C is over 100 MB).
2. 3. 4.
Sort the directory by date to determine file age. Archive any obsolete files, such as those created before a database refresh or those that have been applied successfully to all target systems. Optionally, archive old transports to a backup media such as tape, optical disc, or CD.
Other Tasks
Clean the Tape Drive
To minimize a backup failure due to a dirty head, clean the tape drive as part of a preventive maintenance program. To keep your tape drive clean:
I
Follow the tape drive manufacturers instructions for your tape drive.
Note
Some drives specify a specific interval of use for cleaning, typically based on hours of use. Adjust your cleaning frequency to account for your usage. Remember, that these are recommendations, not rules. If you consistently have recording errors or head dirty messages, decrease the time between cleanings. If you have to clean your tape drives more or less frequently, this task should be moved to the appropriate interval. Some drives (for example, DLT) do not require regular cleaning. They only need cleaning when the clean head indicator light is activated.
I I
Use the manufacturers approved cleaning cartridge for the tape drive. Use the cleaning cartridge according to the manufacturers instructions.
420
Between uses, store the cleaning cartridge according to the manufacturers instructions. Keep your server room clean. A dusty or dirty environment will not only make you clean your tape drive more often, but will also coat the inside of the server with dust and cause a cooling problem.
The UPS is functioning The self-tests completed successfully There is sufficient capacity in the batteries The batteries in the UPS must be periodically replaced. If the batteries are low, the capacity test will indicate that the batteries do not have sufficient capacity to shut down the system before failing.
Caution
421
UPS to reach the end of the shutdown process. Something might have changed since your last test to cause the shutdown process to fail. If this process fails, you must find out why and fix the problem. The stopsap command does not work within all UPS control programs. You must verify that your UPS control program will properly stop SAP R/3 and the database before shutting down the server.
Caution
The production system and critical equipment should be under a premium 24 hour / 7 day (with 2 hour response) support agreement. Less critical equipment can be under a next-business-day support agreement.
If you need support or service and the service contract has expired, the confusion and time to reestablish the service contract could be critical. The support level should be selected based on equipment use. If a piece of equipment becomes critical to the companys operation, its support level should be upgraded to reflect the critical nature of that equipment. Conversely, equipment could become noncritical or be replaced. In this situation, the service contracts could be downgraded or dropped as appropriate.
I I I
Keep a list of service contracts. Include what these contracts are for and the expiration date in the list. Review equipment usage to determine if the support level for equipment should be upgraded, downgraded, or dropped. Review the list for expiration dates each quarter. How long in advance of the expiration date to do this review depends on the time it takes to go through the purchase requisition and approval process in your company. Renew service contracts.
Hardware items (such as servers, routers, and printers) Logs (such as operating system, applications, and database)
422
By monitoring the NT event logs, you can monitor events from the SAP system log. This way, critical events such as an Update Terminate can be detected and acted on as soon as they happen.
The screenshot above shows that the monitor has three functional windows:
I
Notification Rules This mechanism passes or filters events, and determines what action will be taken on the events that are passed.
Events
These are the events that have been passed to the monitor program. (They got through the filters in Notification Rules.)
I
This example, however, has not been configured to pick up and report on SAP events. Initially, there will be a lot of tuning as the system parameters are adjusted. Over time, the need for parameter adjustments will decline. You may must change alert parameters to filter noncritical events and to generate alerts for critical events. The key to remember is that this process is dynamic. Some of these tasks are as follows:
I
Account for new events that have not previously occurred Critical (you must generate a page) Important (you must generate a message (for example, e-mail))
423
Filter out events (both old and new) that should not generate alert messages Filtering is necessary to manage the messages that are reviewed. If too many irrelevant messages get through the filter, it becomes difficult to review the alert message log.
Adjust for personnel changes Other events may require action (for example, shift or duty changes for organizations with several people on-call).
Test that all alert mechanisms are functional The paging/messaging function must be tested regularly. If the monitoring program is unable to send a page, you will not receive the page when a critical alert occurs.
Someone changing something in the e-mail or phone system that prevents alert messages from being sent A phone patch cable that has disconnected from the modem
Review the various monitored logs (such as the NT event logs) to look for events that should generate an alert message (e-mail or page) The monitor program needs to be configured to pick these events up and properly process them.
Review the alert monitor log for alert events that should be filtered out The monitor program needs to be configured to filter or ignore such events.
Test all alert mechanisms, such as pager, e-mail, and so on to make sure that they are functional If you receive regular daily e-mail messages, the e-mail testing is being done for you.
Note
RZ20 can also be configured to generate a page.
424
C H A P T E R
15
15
Operations
426
Overview
Operations refers to the tasks performed by a computer operations group. These are the tasks that the people in a data centers glass room do. If you do not have a data center, these tasks must be assigned to the appropriate employees. Operations is a crucial part of system administration. While learning to manage operations, readers will learn how to perform:
I I I I
If one of your dialog application servers is not up, the users who usually log on to that application server cannot log on. If the batch application server is down, batch jobs that are specified to run on that server will not run.
Task
427
2.
Review the list of instances under Server name. Verify that all instances are listed. If it is listed, it is up and running.
Users have the flexibility of scheduling jobs to run when they are out of the office. The program can be run without locking a user session. Jobs that run for a long time would time out if executed online.
Collect performance statistics Populate an information system, such as the Special Ledger Generate a report
428
Generate output for an outbound interface Process an inbound interface Perform housekeeping tasks, such as deleting old spool requests
The job is scheduled like any other background job, but with a few additional considerations.
The reason for special user IDs is to keep scheduled jobs independent of any user. This way, when a user leaves the company, the jobs will not fail when the user ID is locked, shut down, or deleted.
Batch User ID
Create a special user ID to be used only for scheduling batch jobs, such as BATCH1.
I
Consider multiple-batch user IDs when batch jobs are scheduled by or for different organizations or groups. This method has the disadvantage of having to manage multiple accounts. For example: BATCH1 BATCH2 BATCH3 BATCH4 BATCH5 System Jobs Finance Accounts Payable Warehouse Material Planning/Inventory
Performance
For more information on performance, see Performance Factors for Background Jobs on page 429.
Housekeeping Jobs
These background jobs must be run regularly to perform administrative tasks, such as:
I I I
Program RSPO0041 is sometimes troublesome; see SAP Note 48400. There is a replacement program RSPO1041. See SAP Note 130978.
See SAP Note 16083 for the required SAP housekeeping jobs, and to schedule the spool consistency check, see SAP Note 98065.
Others
Various modules and functions may require their own regularly scheduled jobs. For example, the Special Ledger requires a regular job to copy data from the FI/CO modules and to regenerate sets in Special Ledger. There may be various database and operating system-level housekeeping jobs that also must run.
429
Run batch jobs on a dedicated batch application instance/server. This step separates the processing requirements of the background job from the processing requirements of online users and of the database. Even with as few as 10 users on a small central instance (no application servers), two batch jobs can significantly slow down the online system response. Therefore, even for a small installation, application servers may need to offload the batch processing from the central instance. The instance profile for this application server would be tuned for background jobs rather than dialog (online) performance (for example, five background work processes and only two dialog work processes). Specifying a target host is problematic. If you specify the target host, load balancing is not performed. There may be the situation where all the batch work processes on the batch application server are in use, and other application servers are idle. However, by specifying that the job is to run on the batch application server, it will not run on any of the other available application servers. This job will wait until a batch work process is available on the specified batch application server.
A general guideline is twice the number of CPUs as the number of background processes.
Make a chart that converts your local time to the local time for all affected global sites. With this chart you can quickly see what the local time is for locations that would be affected by a job (see following example): A corporate master clock (or time) should be defined for a company with operations in multiple time zones. Two common methods are:
I
Schedule background jobs to run during non-peak periods, such as at night or during lunch. If no one is on the system, slow system performance does not matter.
Minimize job contention. Two background jobs are running at the same time and contending for the same files, possibly even the same records. Minimizing this conflict is one reason to coordinate background job scheduling (for example, by not simultaneously running two AR aging reports). In such cases, the reports may finish sooner if they are run sequentially, rather than in parallel.
The time zone where the corporate office is located. For SAP in Walldorf, Germany this is Central European Time (CET). For United Airlines in Chicago, IL, this is Central Standard Time (CST). Coordinated Universal Time (UTC), formerly known as Greenwich Mean Time (GMT). This common time is used by global operations, such as the airlines.
For global operation, consider the local time of your users. For example, scheduling a resource intensive background job to start at 1:00 a.m. PST in California (0900 GMT) corresponds to 10:00 a.m. CET in Germany. This time may be good for Americans who are not working, but it is the middle of the workday morning in Germany. When these jobs run is critical, for tasks such as backing up operating system-level files, because of the following: A backup of these files may require that the file not be changed or used during the backup, or the backup will fail. Programs attempting to change the file will fail because the backup has the file locked.
430
The time conversion table (based on a 24-hour clock) below shows selected times around the world. Site The change to and from daylight savings time does not occur on the same day in all countries. During that interim time, the offset time could be different. Time zone Hawaii Calif Denver Chicago Philly London Walldorf Israel Singapore HST PST MST -08 16 17 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 -07 17 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 CST -06 18 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 EST -05 19 20 21 22 23 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 UTC 0 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 CET 01 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 00 03 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 00 01 02 08 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 00 01 02 03 04 05 06 07
Highlight the column for your local time zone, so that you do not accidentally read the wrong column. Using a 24-hour clock eliminates the common am/pm confusion.
12 13
The Microsoft Excel file for the table above is included on this guides companion disk, which is located inside the back cover of this book. If you use daylight savings time, you must be aware of the days when the time changes:
431
Daylight savings time starts A one-hour time period will disappear. Jobs scheduled to run in this missing hour may either not run or run as a late job. Any tasks following this change that rely on a job scheduled to run during the missing hour must be reviewed.
Daylight savings time ends This period creates a problem where a one-hour period of time repeats itself. For example, at 3:00 a.m., the clock resets back to 2:00 a.m. This time period will occur twice.
One way to avoid problems when daylight savings time is switched on and off is to use UTC (formerly known as GMT) as your master clock. If you are in a U.S. state that does not use daylight savings time, such as Hawaii, it is not a concern. See the following SAP Notes:
I I
7417 - Changing to daylight savings time and back 102088 - End of daylight savings time: the double hour
Avoid playing priority games with the job class. If you make every job a class A job, there is no priority, because every job will be at the same priority level. The recommended method is to assign all jobs to job class C. The exceptions to this recommendation are those jobs that need the priority. This priority increase should be properly justified and can be controlled by SAP authorization concept.
Users have the flexibility of scheduling jobs when they are not in the office. The program can be run without locking a user session. Jobs that run for a long time would time out if run online.
I I
Note
The job class determines the start priority of the job. For example, a class A job would start before a class B job, and a class B job would start before a class C job. Once started, all job classes have equal priority. A class A job will not take processing resources away from a class B job to finish faster. Jobs in the start queue do not affect running jobs. A class A job in the start queue will not replace a currently running class C job. As a prerequisite, a batch job may require that a variant be created to execute the job. Alternately, you can choose Job wizard to go through the above procedures with step by step description.
Tips & Tricks
432
Task
a. b. c.
In Job name, enter a job name. In the Job class, enter C. Class C is the standard job class. Choose Start condition.
3.
Choose Date/Time.
433
4.
The Schedule start is the date and time on the database server, not the local time.
For Schedule start, in Date and Time, enter the start date and time. On the Start Time dialog box:
5.
a. b. c. d.
In No start after, enter the date and time by which time the program must start. If the program does not start by the specified date and time, then it will not start at all. If you have a job that will run periodically, perform steps 5c6c. If not, choose Immediate and skip to step 7a. Select Periodic job. Choose Period values.
6.
a. Choose the appropriate period button (for example, Daily). b. Choose Check. c. Choose .
434
7.
a. Choose b. Choose
Check.
8.
Choose
Step.
435
9.
a. b. c.
To schedule an ABAP program, choose ABAP program. In the ABAP program section, in Name, enter the name of the program (for example, rspo0041). Choose Check.
10.
If the program has variants, the ABAP: Variant Directory of Program <XXXXX> dialog box appears. On the dialog box:
a. b.
436
11.
Choose
Print specifications.
437
12.
a. b. c.
Select the appropriate Spool control options. Under Print settings, Lines and Columns values are generated by the report.
to select the value that most closely matches the Lines and Columns value.
438
13.
Choose
14.
Choose
15.
A message will appear in the status bar indicating that the batch job has been created.
439
16.
Choose
When the jobs are scheduled to run The expected run time An emergency contact (names and phone numbers) for job failure or problems Restart or problem procedures
Task
440
2.
a. b.
In Job name, enter * to get all jobs. In User name, enter one of the following options: * (for all users) User ID that the batch jobs run under (to limit the display to those scheduled under a specific user ID in User name).
c.
d. e. f. g.
In Fr., enter a start date. In To, enter an end date. In after event, choose Choose and select *.
Execute.
3. 4. 5.
Check for failed or cancelled jobs. Analyze why jobs failed or were cancelled and make the necessary corrections. Check critical jobs such as MRP, check payment jobs, and so on. To do this check, you must know the job name. From this point, you may do one of the following tasks:
I
441
a. b.
Job log.
442
2.
a. b.
Check job performance and record run times (The difference between the Job started and Job finished times). Choose .
If a job ran past its expected end time, and other jobs are scheduled to start, the graphical job monitor lets you see the conflict.
Task
443
4.
New These are jobs that are waiting to be processed (for example, a posting from an interface file). If not processed, the data will not post to the system.
Incorrect These are jobs that have failed due to an error. The danger is that only a portion of the job may have posted to the system. This partial posting increases the potential for data corruption of a different sort, because only part of the data is in the system.
Task
444
2.
a. b.
3. 4. 5.
Choose the New tab. A list of batch input sessions that must be processed appears. Choose the Incorrect tab. A list of incorrect batch input sessions are displayed. Contact the responsible user to notify them or determine why these jobs are in new or incorrect sessions.
445
Operation Modes
Operation modes allow the SAP R/3 system configuration to be adapted to different requirements. The configuration is the mix of the number of dialog (online) and batch processes at different times of the day. When switching operation modes, the SAP R/3 work processes are automatically redistributed, without stopping and restarting the instance. Only the work process type changes. For example, a dialog work process can be switched to a background process. The total number of work process remains the same. The new process type is not activated until the process is free, meaning that a process may not switch immediately. Instead, it is set for switching at the earliest possible time. For example, if all background processes to be switched to dialog processes still have jobs running, the processes are individually switched when the jobs are completed. Processing is not interrupted and normal system operation continues uninterrupted during the operation mode switch. Operation mode switches are recorded in the system log. The old process type and the new process type are recorded for each switched work process. A batch job runs on a batch work process until it is completed and does not time-share the work process. Therefore, to increase the number of batch jobs that are processed during a given period, you must increase the number of batch work processes. To achieve this increase, you must also decrease the number of dialog work processes by the same amount. This process is usually done to increase the number of batch sessions available to process batch sessions at night, when most of the online users have gone home and you have many batch jobs to run. During the day, the opposite situation occurs. The number of batch work processes is reduced, and the number of dialog work processes is increased to accommodate the number of online users. For example: Mode Day Night Dialog WP 5 2 Batch WP 2 5
TechTalk
There must always be a minimum of two dialog processes. Do not reduce the value below two. There must be at least two batch work processes on the system. An individual instance, such as a dialog application server, could be configured without a batch work process. But there must be batch work processes to use somewhere on the system, or a task (such as a transport) can fail if it needs a batch work process to execute.
For small clients with little or no batch processing at night, the additional process of configuring and maintaining operation modes may not be necessary. Not using operation modes reduces the level of administration required to maintain the system. However, once configured and running, there is little maintenance required. To set up and use the operations modes: 1. Define the operation mode (RZ04).
446
2. Assign the instance definition to an operation mode (RZ04). a. The first time the CCMS: Maintain Operation Modes and Instances screen is opened, there are no operation modes. 3. Define the distribution of work processes for the operation modes (RZ04). This distribution is the mix of dialog and batch work processes. 4. Assign the operation modes (SM63). Define or set the schedule of when the modes will switch and to what mode it will switch.
Task
3.
Make the name and descriptions meaningful, such as day mode and night mode, which makes it easier to select them later.
a. In the Operation Mode field, enter a name or title description. b. In Description, enter a short description for the mode. c. Choose .
447
5.
Repeat the above steps for any additional needed operation modes (for example, afternoon and night).
Task
448
2.
3.
To generate an instance definition for our host, from the menu bar, choose Settings Based on current status New instances Generate.
4. 5.
449
6.
Choose
Task
3.
450
4.
Choose
5.
a. b.
6.
451
7.
Choose
8. 9.
At this point, you can also define the work process distribution (see Defining Distribution of Work Processes on page Defining distribution of work processes). Choose .
10.
452
11.
Choose
Task
4.
453
5.
Choose
6.
Do not change any other field.
a.
Use the minus (-) or plus (+) buttons to reduce or increase the number of Background work processes. This step automatically changes the number of Dialog work processes by the opposite amount, to keep total number of work processes the same. In this example, we increased the number of background work processes from 2 to 4. Choose
b. c.
454
7.
Remember that there should always be a minimum of:
I I
8.
9. 10.
Task
455
4. 5. 6.
This screen shows the timetable. The dashed arrow (= =>) indicates the current time. Double-click on the beginning and ending times when the operation mode should be in effect. Choose Assign.
456
10. Choose
11. The operation mode name is next to the time periods you assigned.
457
12. Repeat steps 511 for the other operation mode(s). 13. Choose
.
14.
The message on the status bar indicates that the assigned operation mode is saved.
458
15.
When the Operation Mode switches, entries appear in the system log (transaction SM21).
Backups
Periodic Archival
At the end of the quarter, make certain you get a usable backup at the end of the quarter. Also, send quarter-end backup tapes offsite for an extended period. At the end of the year, ensure that you get a usable backup at year-end and send the backup tapes offsite for an extended period. Be aware that you may have two year-end backup dates:
I I I
Your legal and finance departments, external auditors, and others should determine the length of the extended period as appropriate in the company (for more information, see chapter 3).
End of the calendar or fiscal year After the financial books are closed for the year This period may be several months after the end of the fiscal year.
459
Performing an offline backup is necessary for files that cannot be backed up if the SAP R/3 system or the database is active. With this full-server backup, you know you have everything on the server. If you experience major system problems, you will have a defined point from where everything is backed up and from where you can begin a restore. A full-server backup should be performed before and after major changes on the server, such as:
I I I
If a change has a catastrophic effect, you must recover the server to its beforethe-change state. To perform a full server backup: In NT, there is a technique where a second instance of the OS is installed in a dual boot configuration. The backup is taken from this second instance. 1. Stop the SAP R/3 system. 2. Stop the database. 3. Stop all SAP services (saposcol, saprouter, sap<sid>-<sysnum>). 4. Execute the backup using your backup program (database and file system). 5. Check backup times and logs. 6. Cycle the server.
Task
460
2.
a. Record the date and time that appears next to Full R/3 backup. b. If the backup failed, there is no indication on this screen, except that c.
Choose Backup history to get more detail on the backups.
the last successful backup date was not the expected date. You must review DB13 to see the indication that the job failed.
3.
This screen shows the backup. For the backup that ran, you can see the following info:
a. Start date and time. b. DB name c. Media name or tape label d. Position on the backup tape
461
Task
2. On the DB Administration in the SAP Environment screen: a. Look for the backup job that is listed under each data square. b. If the backup failed, the job will be indicated in red. c. Select the entry for the backup. d. Choose Action logs.
In Release 4.6, red-text jobs could also mean that the job log is unavailable, or the job could still be running.
462
3.
UNIX
For your UNIX-level backup, review the results using the appropriate UNIX backup application.
NT
We assume that you are using the Windows 2000 Backup application. If you are using another program, use that programs documentation to determine its status after backup. Windows 2000 Backup records some log information in the event logs. A more specific log is written to a file as specified when Windows 2000 Backup is run.
Cleaning cartridges
463
Data cartridges (tape and disk) Laser printer toner Ink cartridges Batteries Forms Envelopes
Within the group of consumable supplies are critical supplies. If these supplies run out, your business operations could be affected or stopped. Examples are preprinted forms with your companys name or other special printing and magnetic toner cartridges. The amount of spare supplies purchased and available on-hand should be enough to accommodate varying usage levels and to allow for time to purchase replacements. Running out of supplies will create an inconvenience, or even an operational problem.
Example
If you run out of the magnetic toner cartridge for the check printer, you will not be able to generate checks out of the system. At this point, either you cannot print checks to pay your vendors, or you have to manually type the checks (if you have blank manual check stock on hand). Special or custom supplies such as the following require special consideration:
I I
Special magnetic ink toner cartridges to print the MICR characters on checks. Not every computer supplier will stock these special cartridges.
Preprinted forms (with company header, instructions, or other custom printing). Due to the customized nature of these items, there is usually a significant lead time to restock these items. If it is a critical item, make sure you have extra stock. To check consumable supplies:
I
Check the expiration date on supplies that are subject to aging. This check applies to supplies currently being used and those in inventory. Check supplies that have time-in-service expiration, such as hours, cycles, and so on. Keep in touch with your purchasing agent and the marketplace. Market conditions may make certain supplies difficult to purchase. In such conditions, the lead time and quantities to be purchased must be increased. For example, at one time, 120-meter DAT tapes cartridges were difficult to find and purchase. Track usage rates and adjust stocking levels and purchasing plans as needed.
Example
I I
Certain DAT tapes are rated for 100 full backups. After that they should be discarded and replaced with new tapes. This usage limit can be entered into the SAPDBA control file for Oracle.
464
Other Considerations
Certain supplies may have long lead times for purchase, manufacture, or shipping.
C H A P T E R
16
16
Change Management
466
Overview
Change management involves the management of changes to your system, including table maintenance, note application, and transportation of changes from one system to another. The table maintenance section shows you how to make changes directly to SAP tables. The new tool, Note Assistant, shows you how to automatically apply SAP Notes to the system. This chapters also covers methods of transporting changes from one system to another, and discusses how to manage the transport process.
When a change is made directly to a table and the table is saved, the change is immediate. There is no undo function.
467
2.
In Table Views:
a. b.
Maintain.
3.
Client independent changes will affect all clients on a system, not just the client on which you are working.
If the table you are changing is client-independent, the Information dialog box appears. Choose .
4.
5.
In the column (the name depends on the table selected), enter the new entry (for example, password).
468
6.
Choose
Note
If the client is not configured to record changes for transport, this dialog box does not appear.
7.
If the Prompt for Workbench request dialog box appears, create a request by choosing .
8.
a. b.
In Short description, enter text that describes what change you are making to the table and why you are making the change. Choose .
469
9.
a. b.
Record the request number. This number is needed to transport the table changes to the other systems. Choose .
10. 11.
The message in the status bar indicates that the entries have been saved. Choose .
12. 13.
470
Task
a. b.
Maintain.
3.
Client-independent changes affect all clients on a system, not just the client you are working in.
471
4.
a. b. c.
Navigate to the password by scrolling up or down to go through the table or choose Position to go directly to the entry. Select the password to delete (for example, password). Choose .
5. 6.
The message in the status bar indicates that the password was deleted. Choose .
472
7.
The message in the status bar indicates the change was saved.
Change Control
Change control is the managing of the changes, modifications and customizing made to your system. This control allows you to be aware of and control what changes are made. These changes must be made in a controlled manner to avoid problems. The process is: The SAP training class BC325 (Software Logistics) covers change management and transports. Also see Software Logistics by Sue McFarland.
I
Managing the changes: SAP Notes that are applied to the system Authorization process for moving the changes from one system to another
I I
Making the changes to the SAP R/3 system Moving the changes from one system to another
473
If a problem arises, SAP may ask if a specific note has been applied. If you do not have a record of what notes you have applied, then you must manually investigate your system. This process can be difficult and time consuming. When the system is upgraded, for conflict resolution, you must know what notes have been applied. You must know what notes: Are included in the upgrade, so you can go back to SAP standard code May need reapplying because they are not included in the upgrade
I I
Document all SAP Notes applied to your systems, and specify which system and instance to which it is applied. Document all code changes with the SAP Note number that applies. This documentation is especially important if a program is changed by an upgrade or support package. It helps you determine if your code change is included in the upgrade or patch and, therefore, whether the program can revert back to SAP standard. In addition to a high-level tracking table, detailed records should be kept on the individual notes. The record should include the problem to be fixed, objects changed, release in which the note was fixed (important for upgrades), and other applied or recommended notes (see the sample form in Detailed Online Service System Note Record on page 474). Document all SAP Notes that are noted and do not require actual changes to be made to the system (for example, procedural or informational notes). Document SAP Notes that have not been applied to your systems. There may be cases in which you review a note and determine that it does not apply. You should document the reasons. If SAP asks why a specific note was not applied, you will have an answer.
I I
Sample Forms
General Note Record
Note # 12345 36987 Description xxx yyy Noted DEV 11/06/98 2/06/99 QAS 11/15/98 2/13/99 PRD 11/30/98 2/28/99
474
Fixed in release: Comments: Other notes applied with this problem: Applied to: System DEV Client 100 110 QAS 200 210 PRD 300 Transport number Date imported or applied Return code Sign-off/Initial
475
Note Assistant
Note Assistant is an add-on installation tool for the quick implementation of specific SAP Notes. It checks for dependencies on any Support Packages, SAP Notes, or modifications that you have already implemented. The tool streamlines the implementation of note-based corrections in a consistent and user-friendly manner. Because it applies code changes in SAP Notes automatically, the Note Assistant helps to reduce errors. The Note Assistant logs all your processing steps automatically. You can display an overview of all the SAP Notes that have been implemented in your system. It also displays the processing status of the SAP Notes and any corrections that have already been made to the source code. You can see at anytime which SAP Notes you have already implemented successfully and which you still must process. The Note Assistant is available for download through the SAPNet-Web. There are minimum preconditions of Support Packages applied for systems with Basis releases before 6.10: Release 4.6D 4.6C 4.6B 4.5B Minimum Precondition SAPKB46D05 (or higher) SAPKB46C15 (or higher) SAPKB46B25 (or higher) SAPKB45B38 (or higher)
For information on how to determine what support packages have been applied, please refer to Special Maintenance Support Packages in chapter 22. Not all available notes have been updated or converted for use with the Note Assistant. To find out more about Note Assistant, see the SAPNet-Web under the Quick Links NOTEASSISTANT. The SAP Service connection must be open through transaction OSS1.
Task
Loading an SAP Note
1.
476
2.
Choose
3.
a. b.
In Note number, enter the SAP Note number (for example, 414452). Choose .
4.
a. b. c.
The note is shown under the New status. Select the note. Choose
5.
The Implementation status shows whether the Note Assistant can implement the note automatically.
477
6.
Choose
Task
Implementing an SAP Note
1.
Choose
478
2.
Choose Yes.
3.
Choose
4.
5.
a. b.
479
6.
Choose
7.
Choose
8.
a. b. c.
The note is now under In process status and the icon next to the note is changed. Select the note. Choose .
9.
480
10.
Choose
Task
Setting processing status of SAP Notes
1. 2.
481
3.
a. b.
4.
Task
Viewing Log File
1.
Choose
482
2.
a. b.
3.
Choose
483
4.
The log file is shown. You can add your own comments to the log file by choosing .
484
Document all code, configuration, and other changes. Test by developer and functional analyst Get the following signoffs (see sample Transport Request Form on page Sample Transport Request Form) By all functional groups: Review and be aware of changes that might affect their functional areas. If needed, perform additional tests by and with other functional groups, where there is possible interaction from the change. Operations review Review any changes that may affect the operations staff Schedule new jobs Program error or problem procedure
Document the program restart procedure. Is it safe for the operator to restart the job, if it fails or hangs?
I I I I
Verify the change in the target system. Change control should also contain a recovery plan that includes: What to do if the import to the production system creates a problem? How to roll back? Will it be possible to roll back? Will a problem require a database restore?
485
SAP Notes applied: (SAP Note form required for each note) Effect on other functional areas: Special transport instructions: Specific order Need quiet time: Yes/No
Functional area review and approval: FI SD Approved for transport by: Transport details: System QAS Client 200 210 PRD 300 Date Start time End time Return code Sign-off/Initial MM Computer Operations
486
Transporting Objects
Transports into the Production System
A transport is the mechanism that the SAP R/3 system uses to move changes:
I I I
Within a system from one client to another client From one system to another system on the same client From one system to another system and from one client to another client
Complete the transport in the production system during a quiet period (for example, Sunday afternoon or evening) when users are not logged on the system. Ideally, a full system backup should be completed before transports are imported. During a transport, objects may be overwritten. If an object is being used in the target system when a transport is performed, the transport may cause inconsistent results or terminate the transaction. In the worst-case scenario, a transport may break the production system and you must restore the system. Transports are only done when necessary (when you have a transport that needs to be moved). You may also have the occasional emergency transport that must be moved at a time other than at your normal weekly transport time.
Transporting Objects
The transport system has been significantly changed in Release 4.x. (It was formerly known as Correction and Transport System.) It is still CTS, but is now called the Change and Transport System. CTS contains the Transport Management System (TMS) and Change and Transport Organizer (CTO). The purpose of transports is to move objects and configuration from one system to another in the production pipeline. This pipeline is defined in a three-system landscape as systems comprising development, quality assurance, and production. A transport starts in the development system, is transported to the quality assurance system where is tested, and finally into the production system. To transport objects, use one of the following methods:
I I
487
TMS Method
The TMS method uses transaction, STMS, to perform the transports. Benefits:
I I I
The user does not have to go into the operating system to do the transport. The user selects the transport from a GUI to do the import. There is no risk of incorrectly typing the wrong command or transport number. Because the import is done from within SAP R/3, there is no need to physically go down to the server or use a remote connection (for NT) to the server to do the import. The transport route can be specific to clients. With one export, the TMS system is set up to import into several combinations of system and client as defined in the transport route. (This functionality is new in Release 4.6.) Transport requests can be grouped into projects, and the transport request selected and moved by these projects. This grouping reduces the chances of transporting the wrong transport request when there are many activities and projects going on. (This functionality is new in Release 4.6.) Advanced quality assurance prevents transports from being imported into the production system until they are released after successful testing in the quality assurance system. (This functionality is new in Release 4.6.) The import of transport requests can be scheduled. You no longer have to manually import the transport requests or write scripts to do the import. (This functionality is new in Release 4.6.)
Library Basis Components Change and Transport System (BC-CTS) Transport Management System (BC-CTS-TMS).
TMS documentation. The TMS documentation (including configuration) can be found in the SAP R/3 online documentation by choosing Help SAP
The user must go into the operating system to do the transport. This action is a security issue in companies that restrict which employees can have this level of access. The import is done from the command line. There is the risk of incorrectly typing and importing the wrong transport.
488
Obtain proper authorization to transport the objects. Obtaining this authorization is the responsibility of the person requesting the transport move. The required authorizations and approval process differ based on the company. Some companies require the approval of only one person, while other companies require the approval of numerous people.
Define other necessary transport management related information, such as: Who to contact in case of problems The person doing the transport typically is not a programmer. If there is a problem with the transport, that person will need assistance to determine what failed. What recovery process to follow if the transport fails Who will test the transport in the target system to determine that it works as intended The transport number The source system The target system(s) Relationship to other transports, such as sequence order, and so on
The TMS (normal) import and one of the OS import options, tp import all, will import all transports in the import buffer. The assumption is that all objects released into the import buffer have been tested and approved for transport into the target system. If you use either method, it is important to not release the objects until they have been tested and approved for transport. Up to, and including Release 4.5, in a three-system landscape, once the transport is imported into the quality assurance system, it is added into the production system import buffer, and there is no second release out of the quality assurance system.
I I I I
Use transactions SE01, SE09, or SE10 as necessary to release the transport. First release the task, and then release the request or transport. Import the request into the target system. Check the transport log.
489
has not completed quality assurance testing in this system. This change is an important change management enhancement and should be used by everyone with a standard three-system landscape. Before Release 4.6, when a transport was imported into the quality assurance system, it was automatically added to the import buffer of the production system. Therefore, an import all would import everything, regardless of readiness. To manage the import buffer in the:
I I
Source system, do not release the transport until the testing is complete. Production system: Using the TMS method, use preliminary import to select the individual transport to import Using the TMS method, use the project method to manage the transport requests Using the OS method, import the requests (transports) individually Do an import all only when the entire buffer is ready to be imported
NT UNIX
<drive>:\usr\sap\trans\cofiles \\<host>\sapmnt\trans\cofiles
/usr/sap/trans/cofiles
Note
D files do not always exist.
NT UNIX
Add the special transport to the import buffer (process described in Adding a Special Transport into the Import Buffer on page 495).
490
Import the transport (process described in Using TMS to import a transport request on page 498 and OS Method of Transporting on page 507).
Task
Release a request (transport)
1. 2.
In the Command field, enter transaction SE10 and choose Enter (or from the SAP standard menu, choose Tools Accelerated SAP Customizing SE10 Transport Organizer). On the Transport Organizer screen:
a. b.
In User, enter the user ID of the person who owns the request. Select the following categories: Customizing Workbench
Note
Over time, the released list will be large.
c. d.
To verify the Request status, select Modifiable. As an option, you may deselect Released. Choose
Display.
491
3.
a. b.
4.
a. b. 5. 6.
A message appears on the message line indicating the task was released. Choose .
492
Note
All of the tasks associated with a request must be released, before the request can be released.
7.
A message indicates that the task was released into the specified request.
Task
Release the request
1.
a. b.
2.
493
3.
Choose
4. 5. 6.
A return code of 8 or higher is a failed transport.
When the export is finished, the above message changes to a status message. Check the export return code and text message. This screen shows that the export Ended OK and has a return code of 0. Check the test import return code and text message. This screen shows that the import Ended OK and has a return code of 0. The return codes are:
I I I I
0 Successful 4 Warnings occurred 8 Performed with errors 12+ - Transport was terminated
.
7.
Choose
494
8.
A message appears indicating that the request was released and exported.
9.
The request is now in the Released section. You can see this request only if you selected to view released requests in step 1 of releasing a task.
If there is a problem, review the transport log. For more information, see the transport log later in this chapter.
495
Prerequisite. The transport files have been moved into the appropriate
directories.
Task
In the Command field, enter transaction STMS and choose Enter (or from the SAP standard menu, choose Tools Administration Transports STMSTransport Management System). The Transport Management System (TMS) screen appears. This screen is the transaction that all the following TMS processes will start from.
Transport Management System(BC-CTS-TMS) Under Transport Management System, there are five major topics:
I I I I I
Configuring TMS Performing Transports Approving or Rejecting Requests Transport Workflow Troubleshooting
3. 4.
Position cursor on the <SID> of the SAP R/3 system to which you want to add the transport.
496
5.
Choose
6.
7.
a. b.
497
8.
Choose Yes.
9.
10.
498
Task
2. 3.
Select the <SID> of the system into which the request will be imported. Choose .
4.
499
Import All Import all the requests in the queue for the selected system
Task
1.
Choose
500
2.
a. b.
In Target client, enter the target client. Select the Execution tab.
3. 4.
5.
The Options tab allows you to select special import options. These options correspond to the unconditional codes used when transporting at the OS level.
501
6.
Choose
7.
Choose Yes.
8. 9.
Under Remote logon, enter the correct Client number, User and Password. Choose .
502
10.
The import process begins and may run for a while. You can monitor the progress of the import by watching the process indicators.
11.
The Request number now appears with a green check, indicating that it was imported as a preliminary import.
503
Task
2. 3.
4.
504
5.
6.
Choose
7.
Choose Yes.
8.
The import process begins and may run for a while. You can monitor the progress of the import by watching the process indicators.
505
9.
10. When completed, the message Import queue is empty appears. 11. Choose
.
Task
2.
Select the <SID> of the SAP R/3 system for which you want to check the transport log.
506
3.
4. 5.
Choose
6.
From the menu bar, choose Goto Transport steps (this was formerly known as alog).
507
7. 8.
From this screen, you can verify the request number and the return code for that request. The return code (indicated in column RC) is the same as in step 5 above.
By using TMS to review the transport logs, the inconsistency encountered in the OS method of viewing the transport log does not occur. The inconsistency is when the tp return code (received when the import is done) does not match the return code in the transport log. The following line would appear in the above screen: Request ALL SID SAS S S RC 0008
OS Method of Transporting
Adding a Special Transport Into the Import Buffer
Adding a special transport into the import buffer is normally not done. This task is only performed for special transports that are downloaded from SAP. The transport files have been moved into the appropriate directories. You must be on the target system. For example, if it is from development (DEV) to test (QAS) system, you must be on QAS.
Task
NT:
<drive>:\usr\sap\trans\bin
508
UNIX:
/usr/sap/trans/bin
2. 3.
Check if file tpparam exists. If no, copy file tp_domain_<sid>.pfl into a new file and rename it tpparam. Load the transport into the import buffer with the following command: tp addtobuffer <transport> <target sid> tp addtobuffer P30K174511 DEV Where:
I I I I
Target system is DEV File is K174511.P30 Transport number is P30K174511 The transport number is derived from the transport file number, where the first three characters are the file extension (P30), and the rest of the name is the base name of the file (K174511).
4.
<drive>:\trans\bin /usr/sap/trans/bin
2.
Test your connection to the target system with the following command: tp connect <target sid> tp connect PRD
3.
Enter the transport command. To specify an individual transport, enter: tp import <transport> <target sid> client=<target client> tp import devk900023 PRD client=100 Where the: Transport number is devk900023
509
You may be instructed in an SAP Note or by the SAPNet hotline to use Unconditional codes or U codes. These are special program option switches that the tp program uses during the import process.
I
4. 5.
Record the start and finish time for the transport on the transport log or the transport form. Check the exit code. If you receive an exit code of 8 or higher, the import failed. You must resolve the problem and reimport the transport. If you get a return code of 8, there is a known condition where this return code does not match the transport log. This condition is described in Checking the Transport Log section below. Check the transport log.
In NT, use QuickSlice, an application included with the NT resource kit, and the CPU activity in the NT Performance Monitor to monitor the import process. After a few times, you will recognize the activity pattern of a transport. In UNIX, use the utilities top or xload to monitor the import process.
6.
The transport could still have failed even if you did not receive a failed return code. The final test is to verify in the target system that the transport arrived properly. The developer and functional area owner are responsible for this verification.
I I
If you receive an exit code of 8 or higher, the import failed. You must resolve the problem and re-import the transport.
Task
Note
Note: You must check the transport log from the transaction that released the transport (SE09 or SE10).
510
2.
a. b. c. d.
Under Request type, select Customizing and Workbench Under Request status, deselect Modifiable, and select Released. Enter a date range in the Last changed From and To fields to limit the amount of requests to review. Choose
Display.
3. 4.
511
5.
A return code of 8 or higher is a failed transport.
0 Successful 4 Warnings occurred 8 Performed with errors 12+ Transport was terminated
for the line with the warning.
6.
You may run into a rare inconsistency between the return code in this log and the return code when you ran the tp import program. This condition occurs when the tp program ends with a return code 8 (Error) and the log above shows a maximum return code of 4 (Warning). This inconsistency is caused by a step in the import that is not associated with the transport number (in the example RW6K9000079). Thus when the log is reviewed, the maximum return code of 4 [(and not 8) (Warning)] appears. However, it is still a failed transport. The TMS method does not have this inconsistency.
7. 8.
Choose
The status bar indicates how many levels you have drilled down.
512
PART SEVEN
514
Part Overview
This section discusses basic system troubleshooting and performance issues. In the event that problems do occur, this section gives you general ideas of things to look for. This is a light section and does not replace the specialized books and classes that SAP has for this topic. It is meant to provide the basics to begin working from.
C H A P T E R
17
17
Troubleshooting
516
Overview
This chapter is a basic troubleshooting chapter, presenting you with some tools and techniques to help you solve the problem yourself. We do not go into advanced troubleshooting techniques. Troubleshooting is learned by doing; the more experience you have, the better you become. The next chapter is on performance tuning. Performance tuning is specialized troubleshooting. Troubleshooting techniques are also relevant for performance tuning.
Gather data Analyze the problem Evaluate the alternatives Make a change Remember to make only one change at a time. Document the changes Evaluate the results
Gather Data
Ask the following questions:
I I I I
What is the problem? What error messages, dumps, or other diagnostic aids are available from the problem? What conditions caused the problem? Is the problem repeatable?
517
Spool (SP01)
Online documentation Reference books SAP Notes Other customers (this is your network)
518
2.
3. 4.
The error message appears in the dialog box. Record the relevant information from the screen to send to SAP.
519
This patch level is needed when submitting problem messages to SAP. It tells the hot line personnel your kernel patch level. Different problems are fixed in different patch levels.
Example
You are on patch level 50 and have a particular problem. The fix to your problem may have been done in patch level 61. This level identifies that the problem is an older kernel that contains the problem. The solution is to upgrade to the current kernel, at least patch level 61.
Task
4.
Record the Patch level (for our example, we chose Patch level 620).
520
2. On the System: Status dialog box, under SAP System data, choose
4.
521
SPAM update 06/29/2001, 4.6C ver 0028. Support Package: ABA sp20 Basis sp16 R/3 sp16 Others listed offscreen Patch Status values are:
N The patch has not yet been applied I Patch has been successfully applied
SAPK<component><release><sequence_number> SAPKH46C01 is interpreted as SAPK/H / 46C / 01, and is for SAP R/3 4.6C and is the first Support Package.
522
C H A P T E R
18
18
Performance
524
Overview
This chapter discusses performance issues in SAP R/3. We provide only general guidelines, not detailed performance tuning instructions. It is not possible in one chapter to provide the breadth and depth of information available in the SAP training class or the Performance Optimization book. For more detailed performance tuning, we recommend the following resources:
I I I
BC315 R/3 Workload Analysis (the SAP Performance Tuning class) SAP R/3 Performance Optimization, by Thomas Schneider, SAPs TCC organization. Performance tuning is specialized troubleshooting. Because you are trying to solve performance issues, all troubleshooting techniques are also relevant.
Rather than using database and operating system-specific details, we will be using SAP R/3 transactions to access relevant database and operating system data where possible. This approach makes the information database and operating system independent.
Critical Assumption
The hardware, operating system, database, and SAP R/3 have been properly installed based upon SAPs recommendations. As with the design of this book, performance tuning must have a starting point. This point is the SAP-recommended configuration for hardware, database, operating system, network, and so on. A real example of a non-recommended configuration is where the operating system, the database, and SAP R/3 has been installed on a single logical drive. In this situation, all the drives in the server were configured in a single RAID5 array and treated as a single, huge drive. This situation created a classic condition known as head contention, where SAP R/3, the database, and the operating system all simultaneously competing for the same disk drive head. This is an example of a problem that is not new. Head contention existed in the early days of computing. The solution now is essentially the same as it was back then, to spread the data over multiple drives.
Priority of Evaluation
The SAP EarlyWatch group has determined that the majority of the performance issues and gains are from within SAP R/3. This gain is followed first by database issues, then operating system, and then hardware. We will primarily discuss SAP R/3 performance issues.
525
General Procedure
The general procedure when working on performance issues is not new. It is the standard problem-solving procedure:
I I I I
Gather data Analyze the problem Evaluate the alternatives Make only one change at a time If a problem exists, you will not know which change caused a problem. There are times where several changes must be made to fix a problem. Even so, unless they must be done together, such as related program changes, make the changes one at a time.
Document the changes. If a change causes a problem, you must undo the change. To do that you must know what the configuration was before the change and what you did. If the change needs to be applied to multiple systems, you must know exactly what changes to make, and how to do it. This process must be repeated exactly the same on all systems.
SAP R/3
Note
One of the most common causes of SAP R/3 performance problems is poorly written custom (or modified standard) ABAP programs.
As a prerequisite, SAPOSCOL (SAP OS collector) service must be running. Also, periodic job SAP_COLLECTOR_FOR_PERFMONITOR must be running. Finally, wait at least 1 week to collect sufficient data for statistics to be useful.
526
2.
3.
a. b.
527
4.
a. b. c.
Under Analysis Interval, enter the Date and Time period to be analyzed. Under Analysis parameters, enter how many minutes back to analyze. Choose .
5.
The different task types are shown. The task types are:
I I I I I I
6.
528
7.
Choose
8.
Apply judgment when reviewing statistical values. If you just started the SAP R/3 system, the buffers will be empty and many of the statistics will be unfavorable. Once the buffers are loaded (takes approximately 1 week), values can be properly evaluated.
a. b.
Examine Average response time per step (ms). If the dialog value is less than 1,000 ms (1 second), the response time meets the target standard response time. For more information on Av. response time, see notes below. Choose .
9. 10.
The SAP R/3 user default for a decimal point is a comma. If your default profile for decimal point (point or comma) is not appropriately set, the display may be misread. For example, rather than 476.5 ms, it would read 476,5 ms.
529
The programs and transactions are now sorted in average response time order.
A few standard functional transactions will exceed the one-second guideline. They include, but are not limited to the following: Type Create Sales Order Change Sales Order Display Sales Order Create Billing Document Create Delivery Maintain Master HR data Transaction VA01 VA02 VA03 VF01 VL01 PA30
Buffers (ST02)
The buffer tune summary transaction displays the SAP R/3 buffer performance statistics. This transaction helps in tuning SAP R/3 buffer parameters. The buffer is important because significant buffer swapping reduces performance. Look under Swaps for red entries. Regularly check these entries to establish trends and get a feel for buffer behavior.
530
Task
2.
Hit Ratio The target value is 95 percent and higher. Soon after starting the system, this value is typically low, because buffers are empty. The hit ratio will increase as the system is used and the buffers are loaded. It usually takes two hours to a day to load the buffers that are normally used.
Analysis of transaction ST02 is covered in BC315 (the Workload Analysis and Tuning class). We recommend you take this class.
Swaps The target value for the program buffer is less than 1,000. All other buffers have a target of 0. When the necessary data is not in the buffer, the system retrieves the data, but it cannot fit into the buffer because of filling level or fragmentation. Other objects are thrown out of the buffer to make room for the new data, which is called a swap. The swap value is reset to zero (0) when the system is restarted. If swaps exist, increase amount of memory allocated to the buffer. See SAP Note 103747.
Memory Defragmentation
A computers memory for program execution (PXA) behaves similar to a hard disk. As different programs execute, they are loaded into, and later deleted out of, memory. Over time, like a hard disk, the usage of the computers memory becomes fragmented with unused spaces scattered throughout.
531
To defragment the PXA buffer, stopping SAP R/3 is sufficient. You do not need to restart the database to preserve the database cache.
At a certain point you may have sufficient free memory (the total of all the unused spaces), but not a contiguous (single) piece of memory large enough to allow certain programs to execute. At that point, those types of programs attempting to run that need contiguous memory will fail because they cannot be loaded into memory. To defragment the systems memory: 1. Stop SAP R/3. This step requires stopping only SAP R/3 on all application and database servers. (For more information, see Starting the SAP R/3 system on page 88. ) 2. Restart SAP R/3. You only need to restart SAP R/3, you do not need to cycle the server.
TechTalk
When SAP R/3 is restarted, the buffers are refreshed. This process means that the first person who accesses the buffered object will have a long response because the system must get the data from the database and load it into the buffer. The second person who accesses the same data will have a normal (quick) response time. This process repeats until all normally used objects are loaded into the buffer, which usually takes up to a day to accomplish. The program buffer is filled without fragmentation with the programs that were in the buffer during shutdown.
Database
See chapters 9 through 12 (Database Administration) for the database-related performance tuning transactions:
I I
Operating System
Operating System Monitor (OS07)
The operating system monitor allows you to view relevant operating system and hardware details. The operating system-related detail shows information such as:
I I
532
Certain operating system items will impact SAP R/3 performance. To view the Operating System Monitor, ensure that SAPOSCOL service is running.
Task
CPU idle average should be > 20% during working days. Otherwise CPU contention probably exists. Paging:
I
4.
The following screenshot is a snapshot of the CPU, Memory, Swap, and Disk response data.
Unix: paging OUT rates should be less than 300 MB/hr. NT: paging IN rate should be less than 500 MB/hr.
533
5.
6.
534
7.
8.
This window shows the memory paging and free memory over time.
535
9.
Hardware
CPU and Disk
Also see Operating System Operating System Monitor (OS07) to get data on:
I I
Memory
Physical access to the drives is the slowest activity. The hardware item that has the largest effect on SAP R/3 performance is memory. The SAP R/3 system uses memory extensively. By keeping data in buffer, physical access to the drives is reduced. Thus, in general, the more memory you have, the faster SAP R/3 will run.
536
PART EIGHT
538
Part Overview
This section discusses the SAP Service Marketplace, SAPs remote services (SAPserv and EarlyWatch) and special maintenance items. The special maintenance items are important tasks which would normally be performed infrequently, but that you may be called upon to perform them.
C H A P T E R
19
19
540
Overview
SAP Service Marketplace is the Internet access to SAP resources and SAP Service Marketplace (formerly known as SAPNetR/3 and OSS) functions such as:
I I I
Registering developers and objects Searching for SAP Notes Downloading support packages
We recommend that you use SAP Service Marketplace as your primary SAPNet access method. For most companies with an existing (flat fee) internet access line, the cost of the internet access is already paid for. The SAP service connection required for the SAPNet-R/3 transaction (OSS1), if using ISDN, is an additional per-minute cost.
Most of the OSS functions have been migrated to the SAP Service Marketplace. However, not all OSS functions will be migrated. The opening and use of the SAP service connections for EarlyWatch and SAP hotline access to customer systems are available from your SAP R/3 systems Command field, with transaction OSS1. We will demonstrate how to open the service connection in SAPNet-R/3 at the end of this chapter. The prerequisites to use SAP Service Marketplace are:
I I I
An internet connection A browser. SAP Service Marketplace works better with Microsoft Internet Explorer. A valid SAPNet/OSS user ID and password
Note
The SAP Service Marketplace has gone by different names in the past, such as SAPNet, www.sap.com, and service.sap.com. Be aware that the name may change in the future.
Logging on to SAPNet
The following task outlines how to log on to SAPNet.
Task
Log on to SAPNet
1.
541
2.
3.
In User Name, enter your OSS/SAPNet user ID. In Password, enter your OSS/SAPNet password.
Note
If this is your first time using the SAP Service Marketplace, you can choose whether to see a standard page or a personalized page. Choose your option and choose the Access now! button. For our example, we are using the standard page.
4.
5.
542
6.
From here you can select the topic you are interested in and go directly there, without having to navigate a menu that would change.
Navigation
This task gives you a basic overview of navigation in SAPNet.
Navigating SAPNet
1.
On the main window of the market place page, choose Support.
Task
2.
543
3.
Most of the SAPNet functions used by systems administrators are grouped in this screen.
544
Task
2.
You can use a text search with the following options: AND the note must contain all of the words in the search text field OR the note must contain at least one of the words in the search text field PHRASE the note must contain the words in the exact order specified in the field.
Note
You cannot simultaneously specify a Note Number and Search Text.
R/3 Release
Application Area Database
545
3.
On the SAP Notes Search screen, in each of the following fields, enter the following text:
a. In Search Text, enter the text to search for (for example spool system). b. In Search Mode, select all given words (AND). c. In Release, enter the relevant release number (for example 46C). d. In Database, enter a database name. e. Choose Submit.
4.
The results from the criteria are displayed. Each page contains 20 hits.
546
5.
6. 7.
Review the note. Close this window and return to the SAP Notes list.
547
Customer Messages
If you have searched both the online documentation and SAP Notes and not found the answer to your question or problem, then you should submit a SAPNet message for assistance.
Note
The SAPNet customer message function is not meant to replace consulting. Messages entered into SAPNet are for reporting and getting resolution on SAP problems or bugs. If a message is interpreted as a request for consulting information, it will be returned to you, and you will be advised to seek consulting assistance.
Priority table
Assign your message a priority from the following table below: Priority Very High Situation
I I
In your nonproductive system, during a critical project phase An Online Service System/SAPNet consultant reviews these messages within 30 minutes of arrival. If the problem does not fall within the defined description for a very high priority problem, the priority is immediately reduced. Do not assign a message this priority if you cannot be available to receive a call back from SAP. If SAP attempts to call you and you cannot be reached, your message may be downgraded. High When important applications or subprograms fail in function, or for a system shutdown in a nonproductive system. For errors with less serious consequences than the above two cases, where the operation of the productive system is not seriously affected. For minor errors, such as documentation errors, typographical mistakes, and so on
Medium
Low
548
Use care when assigning a priority to your message. If the problem does not meet the Very High criteria, assigning the message this priority will not guarantee you a quicker response time.
The following list contains hints that can improve total problem resolution time:
Component
If you know the specific component, assign it. If you do not know it, do not assign to a detailed component level (for example, assign it to level 3, BC-CCM-PRN rather than a level 4, BC-CCMPRN-DVM). The Online Service System Hotline consultant can assign a specific component. If you assign the message to a wrong component, and it is forwarded to the incorrect person, time is lost. It will take that much more time to resolve your problem. Be aware that the cause of the problem may be in an area other than the module you are working on.
Problem Description
Be clear and descriptive. The better the information you provide, the better the results. Information that is clear to you may not be clear to the hotline consultant. Provide enough data so that SAPNet Hotline personnel will not have to ask additional questions before beginning work on your problem.
I I I I I I I I
Examples of complete data includes: If there is an error message, enter it exactly as it appears. Provide the transaction or menu path describing where the error or problem occurred. Indicate if the problem can be duplicated on your test system. Describe the circumstances that created the problem. Describe anything unique about the data entered in the transaction where the problem occurred. List which problem-related SAP Notes that have been reviewed and which notes have been applied. List which actions and research you have already performed.
Keep your system technical information in SAPNet current and correct. This information is used by hotline personnel when they work on your problem.
The following examples are messages in which the SAPNet hotline requires more information before beginning on the problem:
I I
549
Task
Enter customer messages
1.
2.
550
3.
a. b.
I I I
Under Reporter, check that the values in the fields are correct. If it is not, you must use SAPNet-R/3 to correct your user information. In System type, select the type of your system: Development Production Test In Installation, choose the installation that your message is for. In Release, choose the SAP R/3 release of your system from display options. In Add-on, choose the add-on that you are running. In Add-on release, choose the release of the add-on. Choose continue.
c. d. e. f. g.
551
4.
a. b. c. d.
In Per system (operating system), click the down arrow and choose your operating system. In Database, click the down arrow and choose your database. In Frontend, click the down arrow and choose your frontend. Choose continue.
552
5.
a. b. c. d.
Under Classification, in Priority click the down arrow and choose the appropriate priority for your message. Use the table on page Entering Customer Messages to determine the proper priority level. In Components, entering the fields in order (from 1 to 3), click the down arrow and choose the component for the message. Choose continue.
553
6.
a. b. c.
To control access to your system and mange how long the service connection is open, request that you be contacted to:
I I
In Language, click the down arrow and choose the language for the message. In Short text, enter a short (one line) problem description. In Long text, enter a complete description of the problem. See Problem Description on page 548. Choose Send to SAP.
d.
7.
The message on the top indicates the message is sent to SAP successfully
554
2.
3.
Here you can view the response from SAPNet consultant under Communication. In this example, we must provide the password for the consultant to access the system
555
4.
5.
Choose Create.
6.
Enter system access data such as User-ID and Password in the field.
556
7.
8.
557
9. 10.
Scroll down to the bottom and type in any information in the Memo box. Choose Send to SAP.
11.
The message on the top indicates the message is sent to SAP successfully.
558
Task
3.
Choose OK.
559
4.
Only an SAP-registered developer can make changes to SAP objects. Restricting access to registered developers provides a record of who has made changes to the system. Registering an SAP object provides a record of which SAP objects have been modified by the customer. The assumption is that if you requested an object access key, you will be modifying the object.
See the following sections for registering a developer and an SAP object.
560
Registering a Developer
To modify an SAP object, the developer needs to be registered with SAP. Once registered for the installation, the developer does not have to register again. Only an SAP-registered developer can make changes to SAP objects. Restricting access to registered developers provides a record of who has made changes to the system. In the following procedure:
I I I
The developer requests a developer key The system administrator obtains the key The developer enters the key
Task
a. b.
If the Access key for developers is blank, you must obtain a developer access key. Give the developers User name (2) to the system administrator to get a developer access key.
561
Task
Note
2.
On the SSCR screen, you can register and get keys for:
I I
From this window you can also find out what developers you have registered.
562
Task
Register a developer
1.
Choose Registration.
2. 3.
Select Register Developer. If your site has several SAP R/3 installations, select the one for which you wish to perform registrations.
4.
563
5.
Choose Register.
6.
The registration information for the developer is displayed. If the registration date is not todays date and the registration name is not the name of the user who just submitted the request to register a developer, the developer has been previously registered.
7.
Record the Registration key either on paper, or copy and paste into an email. The generated key enables the user to create or change customer objects and change SAP objects. The registration is done only once for each developer.
8.
564
System Administration Made Easy | Release 4.6C/D Enter the Developer Key
The following task must be done in the development system.
Task
Task
Delete a developer
1.
On the same screen that was used to register a developer:
a. b.
565
2.
A message appears on the screen showing the developer was deleted. To check if the deletion is successful, choose Show, which displays a list of developers.
Registering an Object
Registering an SAP object provides a record of which SAP objects have been modified by the customer. The assumption is that if you requested an object access key, you will be modifying the object. If the customer modifies an object and problems arise, resolving the problem may be the customers responsibility. If an object is not modified and problems arise, resolving the problem is SAPs responsibility. In the following procedure:
I I I
The developer requests a developer key The system administrator obtains the key The developer enters the key
566
Task
a. b. c.
If the object Access key is blank, you must obtain an object access key. Give the three object fields to the system administrator (for example, R3TR, PROG, RSPARAM). All three fields are required to obtain the object key. If you are in a mixed release environment, also give the system administrator the SAP Release for the system.
567
Task
Note
2.
On the SSCR screen, you can register and get keys for:
I I
From this screen, you can also see what objects you have registered.
3.
Choose Registration.
568
Task
Register an object
1. 2.
Select Register Object. If your site has several SAP R/3 installations, select the one for which you wish to perform registrations.
3.
TADIR is the table that contains SAP R/3 repository objects. Information must be entered in the following fields:
I I I
In this example, we wish to change a program (PROG) named RSPO0041. The entry is R3TR / PROG / RSPO0041.
4.
Select Advance correction to apply an SAP Note, and this note is an advance correction.
569
5.
Choose Register.
6.
Registration information for the object is displayed. If the registration date is not todays date and the registration name is not the name of the user who logged onto SAPNet, the object has been previously registered in this installation. Record the Registration key. Return to the Online Services main screen.
7. 8.
570
System Administration Made Easy | Release 4.6C/D Enter the Object Key
The following task must be done in the development system.
Task
Task
Delete an object
1.
From the Register Object Screen:
a. b.
In TADIR Object, enter the Program ID/Object/Object name for the object to delete. Choose Delete.
571
2. 3.
Delete information for the object is displayed. To check whether the deletion is successful, choose Show, which displays a list of developers.
572
Task
2.
573
574
2.
3.
Choose the SPAM update for your release. Use the version (for example, Version 46C/0028) to determine if the SPAM update is a newer version than what you have. The transport number for an SAP R/3 release (example SAPKD00040) does not change.
575
4.
Choose Download.
5. 6.
7.
a. b.
Specify the directory where you want the update to be saved. Choose Save. The downloading process begins.
576
8.
Choose Close.
Task
577
2.
Select the appropriate release (for example, select R/3 4.6C on the right frame).
3.
Make sure that your system has enough file space to:
I I I
Under the Title column, choose the appropriate support package. The file size column tells you how large the patch file is.
Download the patch Upload the patch into usr/sap/trans/EPS/in Create the transport file in usr/sap/trans/da
4.
Download the support package View the related SAP Notes that apply to the support package
578
Task
579
2.
3.
You can print the note or save it, using the browser menus.
580
Task
2.
a. b.
581
3.
a. b.
4.
5.
After downloading the support packages (whether SPAM update or support package), there are two ways to upload the support packages into the SAP system:
I I
1. Unpack the patch archive file (see Unpacking a CAR file in chapter 22).
582
2. Copy the resulting *.ATT and *.PAT files to the /usr/sap/trans/EPS/in subdirectory. Useful SAP Notes 83458 97621 169142 36579 152170 169329 86161 69224 173814 Description OCS Info: Downloading patches from SAPNet OCS Info: Online Correction Support (OCS) Online Correction Support (OCS) Questions and answers on the topic: SSCR Migration of support functions to SAPNetWeb frontend New functions in the SAPNet as of 09/0506/99 Registering developers and objects Access to the SAPNet server via OSS User ID OCS: Known problems with Support Packages Rel. 4.6
Connecting to SAPNet
Prerequisites
If you have an ISDN connection, the telephone bill can become high. ISDN is normally billed by the minute of connect time. Manage the time that you are connected to SAPNet-R/3, or you could get a large phone bill for your SAP service connection. Check with your networking person or company about how your SAP service connection is configured. Some will hold the ISDN connection open even if there is no traffic, which could result in an even larger phone bill. The SAP Service connection must be set up and working, the SAProuter must be installed and configured, and the OSS1 technical settings must be configured. You must have a valid SAPNet/OSS user ID and password for your company
Task
Connect to SAPNet
1.
In the Command field, enter transaction OSS1 and choose Enter.
583
2.
Once you pass this screen, the SAP service connection is open, and the ISDN billing meter is running.
3.
a. b.
584
4.
a. b. c. d.
In User, enter your OSS/SAPNet user ID. In Password, enter your password. In Language, enter your language preference (for example, EN for English). The default language is English. Choose .
5.
This screen shows System News. We recommend that you periodically review these headlines to see if any apply to your systems configuration. Choose Continue.
585
6.
A service connection allows SAPNet/OSS Hotline and EarlyWatch personnel to remotely access your system.
I
The customer opens this connection. SAP cannot access the customers system until the customer opens the connection. The service connection functionality is not available via SAPNet-web.
SAPNet Hotline personnel use the connection to remotely examine and diagnose your system while investigating your question or problem.
586
EarlyWatch consultants use the connection to remotely review performance and system configuration.
Note
You can only specify the length of time for a connection to remain open, not the start time. To schedule the time when a service connection will open, you must apply SAP Note 170102. This note is valid back to Release 3.1G.
Request that SAPNet consultants call to request that the connection be opened at a specific time for a specified duration. Open the connection at the time they request.
587
Task
2. 3.
Under Service, choose Service connection. Under Service Connection, choose Service connection.
588
4.
Scroll down to find your system. Depending on your installation, this screen will be different.
5. 6.
Select the <SID> of the system to open the connection to (for example, SA1). Choose .
7. 8.
Expand Service selection by clicking the + sign next to it. Under Service selection, select R/3 Support.
589
9.
Choose
13. 14.
The success message is shown in status bar. Under Connections, select the appropriate type of connection. (It is usually R/3 Support).
590
15.
Choose
16. 17.
To schedule the time when a service connection will open, you must apply SAP Note 170102. This note is valid back to Release 3.1G.
Enter the duration of the connection (in Days and Hours). Choose .
591
Note
Note: To manually close the connection, select the open connection and choose delete. Choose Yes when prompted for confirm action.
18.
592
C H A P T E R
20
20
Remote Services
594
Overview
This chapter tells you about SAPSERV and EarlyWatch. The information in this chapter should help the user understand how to:
I I I I
Retrieve files from SAP and SAPSERV Connect to SAPSERV Download files Arrange for an EarlyWatch session
The following types of files are retrieved from SAPSERV: If you cannot connect to SAPSERV, you may not be on the machine where SAProuter is installed. The SAProuters at SAP are configured to only recognize their counterpart SAProuter on the customers side. Therefore, you must connect from the computer where the SAProuter is installed and running.
I I
Updates to the SAP R/3 system kernel. Various patches, such as: SAP R/3 system Database SAP GUI
595
You can connect to, navigate within, and download files from SAPSERV4 using:
I I I
NT
For ease of use and navigation, use an FTP GUI client to access SAPSERV. You must either be physically on the NT server where the SAProuter is installed, or use a remote control program to take over the server where the SAProuter is installed.
UNIX
You must either be physically on the UNIX server where the SAProuter is installed, or telnet to the server where the SAProuter is installed.
The SAP service connection to SAPSERV has been established, tested, and is functional An FTP client is installed on the computer where the SAProuter is located The FTP client has been configured with the following parameters: IP address of SAPSERV, 204.79.199.2 Login user ID, FTP User password <your e-mail address> Directory to download files to on the client PC (optional)
596
2.
Connect to SAPSERV.
Note
3.
The directory and file that you need will be in the SAP Note or other document that instructs you to get it from SAPSERV.
Navigate down the tree structure to the directory that contains the file(s) you need.
4. 5.
In some directories, you may want to download and read informational files (.message and *.info). Select the file(s) you want to download.
597
UNIX is a case-sensitive operating system, whereas Windows NT is not. When navigating in SAPSERV or downloading a file, enter the directory or filename exactly as it is displayed (for example, in UNIX, Rel40B is not the same as rel40b). UNIX commands differ from NT commands. For example, in NT, you type dir to get a list of files in a directory. In UNIX, you type ls.
598
Important UNIX commands: Command ls cd get bin bye Definition List (similar to dir in NT and DOS) Change directory Get or download a file Switch to binary mode to download programs Log off
In this example, the file(s) will download to the root directory of the C drive.
Both UNIX and NT use a command prompt window, and the commands entered are the same. The NT command prompt window is shown in the following example.
Task
4. 5.
Enter ftp at the User prompt. Enter your e-mail address at the Password: prompt.
If your network personnel put sapserv4 into the hosts file or DNS, you can enter ftp sapverv4 after the prompt.
599
6.
A portion of the SAPSERV directory structure is provided at the end of this chapter to help you navigate within SAPSERV.
From this screen, use the cd command to navigate through the directory structure.The navigation commands are cd and ls.
7.
In NT, to increase the screen buffer size and prevent the text from scrolling off the screen: On the NT desktop, choose My Computer Control Panel Console Layout tab. (In Windows 2000, open the command prompt and place the cursor on the title bar. Right click on the mouse and choose Properties Layout tab.) Under screen buffer size, increase the height to 100.
This is the directory for Release 4.0b HPUX Oracle We recommend that you download and read informational files (.message and *.info). Remember the name file you want to download, because you will enter the filename later. The files indicated are only for example.
8. 9.
600
Downloading Files
Make sure that you download patches, kernels, transports, and other files in binary format. Also, many of the files are in *.CAR archives. To unpack these files, use the CAR program (see Unpacking a CAR file on page Unpacking a CAR or SAR File).
Task
Download a file
1.
If the file is a text file, go to step 2. If the file is a binary file (such as a patch, kernel, or a .CAR transport):
a. b. 2. 3.
To download the file, enter get <filename> (for example, get sapdba_123.CAR). Filenames are case sensitive. Choose Enter.
4. Wait for the download to finish and the ftp prompt to appear.
5.
This screen shows an example of an information file, in this case dw.info (a text file that contains the patch level of the kernel).
601
6.
Scroll down to view a listing (by patch level) of what is fixed in the kernel patch.
602
603
NT support i386 UNIX languages Note .*-------------------------specific note numbers patches -----------------------------------R/3 patches, where most of the downloads will be COMMON ------------------Kernel, release-independent pr ograms NT i386 ---this dir has car.exe, sappad.exe, tar.exe OS400 UNIX NT ALPHA I386 ---------------this dir has car.exe, sappad.exe, tar.exe MSSQL rel31H rel31I rel40A rel40B -----------------------Kernel release, OS, hardware, db specific programs NT I386 MSS --------------MS SQLserver ORA --------------Oracle OS400 UNIX AIX DEC HPUX ORA HPUX_SHM RELIANT SOLARIS rel45A
SAPSERV4/general/R3server/patches/COMMON/NT//<hardware>
If your version of the SAPCAR program is older than six months, replace it with the latest version. Check the following directory: SAPSERV4/general/R3serve r/patches/<rel>/<OS>/<hard ware>
SAPSERV4/general/R3server/patches/COMMON/<OS>/<hardware>
2. From the directory : NT: UNIX:
\usr\sap\<sid>\sys\exe\run\ /usr/sap/<sid>/SYS/exe/run
3. Create an installation directory where you unpack files (for example, d:\sap\unpack). 4. Copy the file car.exe or SAPCAR.exe into this directory.
604
Task
Unpacking a file
1.
To reduce confusion: Begin the unpacking session with only the SAPCAR.exe program in the unpacking directory. Handle only one CAR or SAR file at a time. Complete everything for that file before proceeding to the next file. Copy the file to be unpacked into the unpacking directory (for example, sapdba_123.car). Open a command prompt window. Change to the unpacking directory. Execute the unpack command, car xvf <file-name> (for example, car xvf sapdba_123.CAR). The file will be unpacked into the unpacking directory. Move the unpacked files to where you need them. Clean the unpacking directory by deleting all files except the car.exe file.
2. 3. 4.
5. 6. 7.
605
EarlyWatch Service
The underlying concept of EarlyWatch is to prevent problems before they occur or escalate. EarlyWatch diagnoses a systems potential problems and resource bottlenecks so they can be resolved in advance.
During an EarlyWatch session, performance experts log on to your system (into client 066) to monitor its performance, review performance-related configuration settings, and recommend system changes.
Analysis is done in five areas:
I I I I I
EarlyWatch applies only to the production system, not the development system. The goal is for satisfactory online performance, not background performance. A system, other than the production system, is difficult to tune to a moderate degree and is almost impossible to tune optimally. This difficulty is because the activity in a development or test environment is not regular or consistent; development activity can vary greatly from week to week. EarlyWatchs primary function is to improve the online performance of the production system. EarlyWatch should be used:
I I
You do not have to do an EarlyWatch session if your system or company conditions have remained the same.
A couple of months after going live After implementing significant changes to your system, such as: New modules Expansion of existing modules Addition of significant numbers of users to the system Hardware upgrade SAP release upgrade
Note
The target response is less than 1 second, which excludes the network delay from the users PC to the SAP R/3 system. This delay is outside the scope and control of SAP.
These and similar items change the workload to the system. This change could render the existing EarlyWatch parameters inapplicable. As your system or company conditions change, we recommend that you request a new EarlyWatch session.
I
After experiencing significant degradation of online performance. This condition should be a steady condition and not an intermittent spike.
To use EarlyWatch: 1. The customer contacts SAP to arrange for an EarlyWatch session at:
606
If you have any questions about the report, discuss them with the EarlyWatch analyst. If a recommended change seems drastic or does not make sense, discuss it with the analyst before proceeding. Mistakes have been made. Try to understand the recommendations made by EarlyWatch. As a system administrator, the SAP R/3 system is your responsibility.
C H A P T E R
21
21
Special Maintenance
608
Overview
In this chapter, the reader will learn about special maintenance. This topic includes the following:
I I I
Start profile This profile defines which SAP R/3 services are started.
Default profile This profile defines the setup, which must be the same for all instances in the system.
Instance profile This profile defines the setup of the specific instance, which allows individual application servers to be configured differently for specific tasks and users.
Change a value only for a specific purpose and only with proper knowledge of what is being changed and why it is being changed. Before making changes to the system profiles, make certain that you have a recent, usable copy of the system profile files. This backup is your last line of defense if a profile change is made that results in SAP R/3 not being able to start. NT: \user\sap\<sid>\sys\profile UNIX: /user/sap/<sid>/sys/profile
1.
In the Command field, enter transaction RZ10, and choose Enter (or from the SAP standard menu, choose Tools CCMS Configuration RZ10 - Profile maintenance).
609
2.
The profiles used by the system work in the following order:
I I I
Start profile Default profile (for all instances in the system) Instance profile (specific to the instance you are on)
3.
Use the instance profile to make the parameters of a specific application server different than the other servers for specific reasons (for example, a batch application server).
Select the instance or default profile as appropriate (for example, the instance profile, SA1 DVEBMGS00 PA102058).
4. Choose
Note
Under Edit profiles, there are three selections:
I
Administration data This selection is not a maintenance mode. It is used to change the name of the file where the profile should be activated. Basic maintenance (maintenance mode) This mode allows you to set the buffers, work processes, and directories in the system profiles. It also allows you to specify the SAP components to be started (for example, message server, application server, SNA gateway, and so on) in startup profiles. This form of maintenance protects most profile parameters from being changed by potentially incorrect settings. Extended maintenance (maintenance mode) This mode allows you to access all system profile parameters or start up profile entries.
610
5. 6. 7.
Note the Version number of the instance profile. A later step in this procedure shows the version number has changed. Under Edit profile, select Extended maintenance. Choose
Change.
8. 9.
Select the line above which you want the entry to be inserted (for example, abap/buffersize). Choose
Parameter.
611
10.
The point where you insert the new profile parameter has no effect on the process. But, to make it easier to read, you may want to group or order the parameters (for example, group the logon parameters together). Once you enter the profile parameter, it cannot be easily moved to another location. Therefore, be careful where you choose to insert it.
11. 12.
The list that appears is long. To find the profile parameter you want to add, scroll down. Select the parameter. For example, login/min_password_lng.
13. Choose
14. 15.
A default value appears in Unsubstituted standard value. In Parameter val, enter the new value (for example, enter 5 to increase the minimum length to five).
612
16. 17.
In Comment, document your change by entering a description of why the change was made. The system attaches your user ID and date to your comment. Choose Copy.
18.
This screen shows that the system inserted your user ID and the date and time of the change into the Comment. You can determine who made a profile change and when this change was made.
613
19.
Choose
20. 21.
This screen shows the new parameter login/min_password_lng with a value of 5 inserted above abap/buffersize. Choose Copy.
614
22. 23.
The message at the bottom of the screen indicates that the profile was changed. Choose
24. 25.
In Version, note the profiles version number. It will increment later. Choose
615
26.
Choose Yes.
27.
Choose
28.
Choose
Note
Note: If you have operation modes configured, this screen will appear. If this screen does not appear, skip to step 32.
616
31. Choose
32.
Use transaction RZ11 to get the details of a specific profile parameter.
617
Support Packages
A Support Package is a collection of corrections that address serious errors in the ABAP repository. These corrections affect the Basis and functional areas. Defined rules exist for what kind of fixes should be (and are) included in a Support Package. Some rules are technical while other rules are policy.
Note
Hot Packages are now known as Support Packages. HR Legal Change Patches (LCP) are known as HR Support Packages.
A Support Package is not a cumulative fix for application modules. You must still get and apply the notes for the functional modules. However, because Support Packages contain patches for the various functional areas, some notes may be applied in the Support Package. The Support Package is not supposed to contain functional enhancements, but this is not always the case. The purpose of a Support Package is to fix problems before they become problems. There is a conflict about when Support Packages should be (and are) applied:
I I
To prevent serious problems, SAPs position is that customers should apply all Support Packages as they are released. The position of many customers is that all system changes must be regression tested. This stance, with the frequency of Support Package releases, results in the Support Packages not being applied, because the amount of testing required cannot be done continuously. This customer position is not unique to SAP and has been taken by many customers since the early days of computing.
Note
As of Release 4.5, Support Packages have been separated from the HR Support Packages. This separation allows HR Support Packages to be applied quickly for legal compliance. Before Release 4.5, the HR Support Packages contained the Hot Packages. Applying an HR Support Package also meant applying the Hot Package. As of Release 4.6, Support Packages have also been separated into the Basis Support Packages, ABAP (ABA) Support Packages, and SAP R/3 Support Packages.
Strategy
Obtain the notes related to the Support Package, and review what it fixes:
I I
If there is nothing in the Support Package that applies to you, do not apply it. If there is something in the Support Package that applies to you:
618
Determine if the entire Support Package (or just the note) must be installed. If the Support Package is to be installed, treat the installation as a mini-upgrade.
The determination of whether the support packages must be applied requires the consultation of the application support team. It is not a Basis decision.
Caution
Download from SAPNet R/3 (OSS) Request the Support Package from SAPNetR/3. Download the Support Package.
5. Apply the Support Package (See table below) in the development system (DEV). Do not download the support package for each system. Use the same file that was downloaded for all system. 6. Execute the regression test. 7. When successful, confirm the Support Package.
619
After testing and determining that it is stable on the DEV, repeat steps 7 9 on test system (QA), then production system (PRD). package/task get patch unpack move file upload define queue import
x.car x.car
n/a
move to upload from define package import eps\in app svr queue queue directory
SPAM/SAINT upgrade
Method 1
1.
From the menu bar, choose System Status.
Task
2. On the System Status dialog box, on the right side of this screen, under SAP
System data, choose for additional component information.
620
4.
Not Shown on the screen: The Support Package name is interpreted as follows:
I I
SAPK<component><release ><sequence_number> SAPKA46C03, interpreted as SAPK/A / 46C / 03, is for Release 4.6C and is the third ABAP Support Package.
N The patch has not yet been applied. I Patch has been successfully applied. ? Patch application has been aborted.
621
Method 2
1. 2.
In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance SPAM Support Packages). On the Support Package Manager: Version <XXXXX> screen:
Task
3. The Support Package Directory: Imported Packages screen appears. a. Important information is shown under Imported Packages:
I I
b.
I I I I I
622
Task
For ABAP and Basis Support packages, choose SAP component support packages.
623
5.
a. b. c.
Search the extended list for your release. Select the node (+) to the left of your release to select it. Choose
6.
From the List of R/3 support packages screen, you can view the:
a. SPAM/SAINT Update
This is the SAP Support Package Manager (formerly Patch Manager). Download and apply the current version before applying any Support Package.
Extra Large indicates that the Support Package may not be downloadable from SAPNet-R/3. In this case you must use the SAP Service Marketplace to download. See Ch.19 Downloading Support Packages.
624
7.
a. b.
8. 9.
To view all notes, select the node (-) to the left of Components. Choose Expand. From this screen, you may view one of the following:
I I
625
Task
626
Note
2.
At present you cannot get this listing from SAP Service Marketplace.
a. b.
3.
a. b.
In File name, enter the <drive\path\filename> where you want to save the notes. Choose Transfer.
4.
This screen shows the saved note list as read by a text editor or word processor.
627
5. To create a file of all notes (in case there are too many notes to go through
individually on the screen):
6.
628
8. Choose No. You only want to review the notes, not to register the object for
change. After reviewing the notes, you may decide not to install the Support Package.
Note
9. Enter the path to your local PC and create a name for the file. 10. Choose Transfer.
The duration of the download depends on the number of notes addressed by the Support Package.
Task
629
4.
Choose
5.
630
1. 2. 3.
Choose Service. Choose SAP Patch Service. Choose R/3 support packages.
631
4.
a. b.
Select one of the following: SPAM update R/3 Support Package Choose Request patch.
632
5. On the Request Support Package dialog box: a. Select the installation for the patch. b. Enter the <SID> for the system (for example, SA1). c. Choose Continue.
6. The message in the status bar indicates that the patch request has been
generated.
7. The next step is to download the patch (see the next section, Downloading
SPAM or a Support Package).
633
4.
The Electronic Parcel Service Confirm Transmission dialog box allows you to specify which Hot Packages to download. On this dialog box:
a. b.
634
5.
a. Progress bar with the Size [MB] of the Support Package. b. Elapsed Transmission time for the download. c. Remaining time to complete for the download.
6. 7.
Make sure that the directory /usr/sap/trans/EPS/in has enough space to download the Hot Package.
A message Upload successfully indicates that the SPAM or Support Package has transferred to the SAP R/3 system.
Choose
SAP periodically releases a Support Package Collection CD that contains all the released Support Packages up to a certain date.
NT:
<SID>adm
635
UNIX:
<sid>adm
NT: UNIX:
<drive>:\usr\sap\trans /usr/sap/trans
NT: UNIX:
NT: UNIX:
<SID>adm <sid>adm
Copy the downloaded patch files (example kh46a02.car) into an unpack directory. Unpack the patch file by entering:
I
Copy the unpacked files from the EPS\in directory to the directory to upload patches:
I I
NT: UNIX:
<drive>:\usr\sap\trans\eps\in /usr/sap/trans/eps/in
The next step is to upload the patch from the operating system into SAP R/3.
Task
636
3.
From the menu bar, choose Support Package Load packages From application server.
4.
Choose
5. 6.
7.
637
8.
Choose
Display.
9.
638
Task
Upload the support package from the front end (< 20 MB)
1.
From the menu bar, choose Support Package Load packages From front end.
2. 3.
Select the file. Choose Open. The status displays at the bottom of the screen.
639
4.
In 4.6D, the Content of the compressed file <XXXXX> dialog box appears. . Choose
5. 6. 7.
A message on the status bar shows the process is completed successfully. Select New Support Packages. Choose
Display.
8.
640
9.
Choose
Updating SPAM
To prepare for updating SPAM, the SAP R/3 system should not be active, which means that no users are logged on and no jobs are running. Also, all application servers should be shut down. Make sure that the r3trans and tp programs are updated to the latest version. For more information, see the Kernel Upgrade section. The current SPAM update should have been downloaded from either SAPNet-R/3 or from SAPNetWeb. When using SAPNetWeb, the unpacked SPAM update files (.ATT and .PAT) should have been moved to the /usr/sap/trans/EPS/in subdirectory.
Task
If a SPAM update is available, apply it before any Support Packages. Some Support Package changes require the new SPAM program to properly update the system.
Update SPAM
1. 2.
Log on to client 000, under any user that has SAP*-equivalent authorizations (not SAP*). In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance Support Packages).
641
3. To upload the SPAM update file, from the menu bar, choose Support
Package Import SPAM update.
4. Choose
642
6. After applying the SPAM update, SPAM must restart to use the latest
version.
7. Choose
9. Note the version number change. 10. Select All Support Packages. 11. Choose
Display.
643
12. You will see the SPAM update under Applied Support Packages.
1. 2.
Log on to client 000 under any user that has SAP*-equivalent authorizations (not SAP*). In the Command field, enter transaction SPAM and choose Enter (or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance Support Packages).
644
3.
Choose
4.
a. b.
Select the component to import. In this case, the Support Package is under SAP_ABA. Choose .
5. 6.
645
Task
1. 2.
The name of the first support package appears in Patch queue. Choose to apply the patch queue.
3.
Choose
646
4.
Note
5.
Choose
Depending on the size of the Support Package, the queue application process could run for a long time.
Task
647
2.
a. b.
Select the component to import. In this case, the Support Package is under SAP_ABA. Values greater than 4 indicate a failure. Choose .
3.
At this point, regression testing should be performed on the Support Package. If several Support Packages are going in as a group, one option is to confirm them after applying and then perform the regression testing.
Task
648
2.
Check the status bar to see if the patch queue was confirmed.
Task
a. b.
Display.
649
2.
The support packages are found in the Applied Support Packages section.
Object Conflicts
Object conflicts occur when SAP objects (such as programs, tables, and so on) that you modified are included in a Support Package. If an object has been modified by you and is being changed in the Support Package, you could lose your modifications. This problem usually occurs with an advanced correction, where a fix is incorporated in a future release of the SAP R/3 system, and the advanced correction is available before the future release.
Example
If you are on Release 4.0B and experience a problem, your problem has already been fixed in a higher release (for example, Release 5.0). You do not have to wait for the upgrade. The fix is available now for you to make as an advanced correction to your system. Support Packages may not always include this correction. Thus, after applying the package, you may have to reapply the correction. Determine if the change is (or is not) included in the Support Package by:
I I I
Reviewing the code comparison (transaction SPAU) Checking if the advanced correction is from a future release If so, it probably will not be included in the Support Package. Checking if the change is your own modification
If the change is included in the Support Package, return to the SAP standard to simplify future system maintenance. If the change is not included in the Support Package:
I I I
Check to see what needs to be done to reapply the modification. Apply the modification. Test the modification.
650
Regression Testing
Regression testing is necessary because many objects in many functional areas may be affected by changes from a Support Package. All functional areas must perform regression tests to verify that a Support Package does not create new problems as it fixes old ones. A Support Package is a mini-upgrade, especially if it is large (for example, Release 4.6C R/3 Support Package 10). All existing processes should continue to function as they did before the Support Package was applied. A review of the notes related to a Support Package indicates what specific tests must be performed by the technical and functional team. As during the implementation, the functional teams should have a script of test procedures to test the system. This script could also be used in the regression test.
651
SAP Note # 97630 104664 115372 119738 135041 173814 329242 339927
Description Known problems with patches >= 3.1H Applying patches from CD Patches forwarded by mistake to target system Problems during upgrade with too new Hot Packages Separation LCPs HR / Hot Packages as of Rel. 4.5B Known problems with patches Release 4.6 Import prerequisites for Support Packages in Basis Rel. 4.6D Performance problems with Support Packages
Kernel Upgrade
The kernel upgrade process is the replacing of operating system level files (the kernel files) with updated versions of these files.
You must remember the SAP R/3 release and kernel version you are running. After the kernel is upgraded, apply kernel patches for the upgraded version of the kernel. Do not apply kernel patches for the old version of the kernel. When getting patches, remember that your SAP R/3 release stays the same, regardless of your version of the kernel. On rare occasions, an SAP Note instructs you to apply a fix based on the SAP R/3 release of the system, not the kernel version. All servers in a system (central instance and application servers) must be on the same version of the kernel.
Note
It is now independent of the SAP R/3 release. The kernel is backward compatible, which means that a user could be running a Release 3.0F with a 3.1I kernel. If you are on a release before 3.1I, review documentation to determine which kernel version is applicable to your release.
Kernel upgrades are normally done to fix bugs or other problems in the kernel. Some kernel upgrades provide enhanced functionality. To upgrade the kernel: 1. Review all applicable documentation:
I I I
652
SAP Service Marketplace SAPSERV This route is more current than getting the kernel via CD (see chapter 20, Retrieving files from SAP, SAPSERV).
I I
dw1_nnn.CAR dw2_nnn.CAR
enq_nnn.CAR tp_nnn.CAR r3trans_nnn.CAR
In this filename, nnn is the patch level (for example, dw1_114.CAR.) 4. Unpack the kernel files (see chapter 20, Retrieving files from SAP, SAPSERV for the unpacking procedure). 5. Back up the system at the database and operating system levels. 6. Stop the SAP R/3 system. 7. Stop the SAP services that are using the kernel files (saposcol, saprouter, sap<sid>_<sysnum>). 8. Backup the kernel directory: NT: UNIX:
<drive>:\usr\sap\<sid>\sys\exe\run /usr/sap/<sid>/sys/exe/run
Copy the current kernel files to a backup directory, to be prepared in the event that you must restore back to the old version if a problem occurs with the new version. 9. Copy the new kernel files into the kernel directory This step replaces the old programs with the new programs. 10. Perform any special instructions contained in: Kernel instructions Online Service System notes Upgrade manual
11. Restart. 12. Run transaction SGEN. 13. Test the system. 14. Repeat steps 5 13 for each server in the landscape.
653
Restart Option 2
1. Restart the server. 2. Check all logs for: Operating system Database
3. Start the SAP R/3 system. 4. Check the SAP R/3 logs. 5. Monitor the system and system log for problems.
Client Copy
The client copy function copies client-dependent customizing and data. Client copy allows the copy or transport of the complete customizing environment from a source client to a target client within the same system (instance) or to another system. Client copy is not meant to copy client-independent objects, such as ABAP programs and table structures. If a table is changed to add an additional field, and the added field is then populated with data, the table change is not copied to the target system. Thus, the data in the additional field is not copied.
Special Notes
To access the online help documentation on client copy: Read the current online documentation on client copy. The client copy programs and functionality improve and change significantly with each new release. 1. From the menu bar, choose SAP Library
2. In the left frame, click the node (+) next to SAP Library. 3. Click the node (+) next to Basis Components. 4. From the list that appears, choose Change and Transport System (BCCTS) 5. Choose Client Copy and Transport. 6. In this screen, click the node (+) next to Client Copy and Transport.
654
7. Click the node (+) next to Client Copy and you will see the following list of files:
Technical Background Copy Profiles Authorizations Maintaining Clients
The developer of client copy maintains several informational SAP Notes. Do a SAP Note search on component BC-CTS-CCO and search for notes beginning with CC*. As of this guidebook is writing, there over 50 such notes available.
During the copy process, do not work in the source client or the target client. The target client is locked for all users except SAP* and DDIC.
Processing Notes
Because large volumes of data are involved, copying a client could take several hours. If you are copying a large productive client, the copy time could take upwards of a day. For client copy of a large client, see SAP Note 67205. Due to the long run time, the probability of an abnormal termination due to external factors is high.
655
At the OS level, log on as <sid>adm to lock the system so users cannot log on during the copy:
Tips & Tricks
cd /usr/sap/trans/bin tp locksys <sid> After the client copy is finished: tp unlocksys <sid>
Caution
A client copy produces a large amount of log activity. If this directory runs out of space, the database will stop. Turn off logging (i.e., activate truncate on checkpoint in MS-SQL, turn off archive mode in Oracle) or monitor the file space in the directory where the log file(s) is located.
Security
To perform a client copy, the user ID of the person doing the copy must have the same authorizations in the source client and in the target client. A system administrator with the same authorizations as user SAP* will have all the required authorizations.
Creating a Client
The following task shows you how to create a client.
Task
Create a client
1.
In the Command field, enter transaction SCC4 and choose Enter (or from the SAP standard menu, choose Tools Administration, then Administration Client admin Client maintenance).
656
2.
Choose
3.
Choose
4.
657
5.
Do not use clients: 000,001, or 066. These clients are reserved for SAP.
a. b. c. d. e. f. g. h. i.
In Client, enter the client number (for example, 200) and name (for example, test client for docu). In City, enter the city name (for example, Palo Alto). In Std. Currency, enter the standard currency for the client (for example, USD). In Client role, choose
Under Changes and transports for client-dependent objects, select the appropriate option (for example, Automatic recording of changes). Under Client-independent object changes, choose and select the appropriate option (for example, Changes to Repository and client-ind. Customizing allowed). Under Protection: Client copier and comparison tool, choose and select the appropriate entry (for example, Protection level 0: No restriction). Under Restrictions, if CATTs are allowed to be executed, select Allows CATT processes to be started. Choose .
6.
658
7.
Choose
8. 9.
The new client is listed. In later steps, this new client may be referred to as the target client.
SAP* with the default password PASS is a known user ID password. Do not leave the client in this condition for longer than absolutely needed. Once the client copy is complete, verify that the passwords for all system user IDs in the new client are secure.
10.
To log on to the new client, enter SAP* for the user and PASS for the password.
Copying a Client
Copying on the Same System/SID
Be sure you are logged on to the correct target client. If you are on the wrong client, you will destroy that client. To copy a client on the same system/<sid>, do a local client copy.
To log on to the target client, enter sap* for the user ID and pass for the password.
659
Task
a. b. c. d.
In Source client, enter the source client number (for example, 100). If your user masters will be copied from a specific client, in the Source client user masters field, enter this client number (for example, 100). Choose Schedule as background job.
3. On the Schedule Client Copy in Background screen: a. If you have multiple application servers, in Background server, choose
to select the server on which to run the client copy.
660
661
8. Choose
9. In Output device, enter the printer name (for example, dcbd). 10. Choose
.
11. Choose
12. The displayed message indicates the job was successfully scheduled.
662
13. Choose
3.
a. b. c. d.
In Source destinat., use for a list of available RFC destinations, and choose the source system. Verify the source System name and Source client. Choose Schedule as background job.
663
4.
a. b.
5. Choose Continue.
664
6. From this point, schedule the job as you would any other background job.
7. When you have finished scheduling the client copy, this message window
will appear.
665
Deleting a Client
To delete a client, there are two options:
I
The Delete Client transaction, SCC5 (recommended) The R3TRANS program (see SAP Note 13391).
Task
Before deleting a client, in the event of a major problem (for example, deleting the wrong client), make certain you have a usable backup of the system.
Be sure you are logged in to the client you want to delete. If you are on the wrong client, you will destroy that client.
a. b. c.
Verify the Client to be deleted (for example, 200). The Client to be deleted field is an unchangeable field and is the client that you log onto. If the client number is incorrect, you are logged onto the wrong client. Select Delete entry from T000. Choose
Background.
4.
Optionally, in Background server, choose to select the server to run the delete job.
666
5.
You can monitor the client copy using transaction SCC3. Status text will be processing Choose the Refresh button until client copy is completed.
Select Continue. From this point, the process is the same as scheduling a background job.
Task
1. 2. 3.
Log on to another client. In the Command field, enter transaction SM37 and choose Enter. On the Simple Job Selection screen:
a. In User name, enter the user ID that the client copy job was run under
(for example, SAP*).
b.
Choose
Execute.
667
4.
a. b.
Job log.
5. 6.
Review the log. At the bottom of the log is the message that the job has successfully finished.
668
Because data in the target system is being replaced, refreshing a system is an inherently dangerous.
Get production data into the test environment. Sync the configuration in the test and development systems with the production system. Over time, the configuration of the various systems could drift apart and not match the production system. Prepare for an upgrade You want the test system to mirror the production system, so that the upgrade in the test system mirrors everything you will encounter into in the production system.
After the copy, actual production data exists in the test system. This data poses data security issues that must be addressed by the various data owners. It is more critical if the HR system is installed, because personnel records are sensitive. Financial, sales, and other data may also be company sensitive.
In the recent past, the standard procedure was to create your own test data. One major reason was that disk storage space was expensive. Reasons not to refresh the system include:
I I
Version management history is only stored in the development system (DEV). A refresh will destroy this versioning history. Data storage is expensive Even with cheaper disks, the volume of data more than makes up any savings. With several copies of the entire production database, the total of all the databases could approach 100 gigabytes for a small company to a terabyte or more for a large company.
Data security Data from the production system is actual data. Even if it is old, it could be confidential and sensitive. The development and test systems are, then, subject to the same high level of security as the production system. Created test data is fake and everyone knows that. There is much less issue with data confidentiality or sensitivity.
Database copy of the production system Client copy of the production client
669
Benefits
I
The refreshed system will be a duplicate of the production system. Client-independent changes will also be captured and copied to the target system. The copy can be made using standard backup tapes, so there is no impact on the production system. Making a copy also tests your backup and restore process.
Disadvantages
I
All revision history of the refreshed system is lost, which is usually: Acceptable for the test/QA system Not acceptable for the DEV system because version history is lost.
I I I
The target database needs to be as large as the PRD database. After the copy, the target system must be reconfigured. The target system loses its client structure and become a duplicate of the client structure of the PRD system. If the PRD system has one client and the QAS system has three clients, after the database copy, the QAS system will have one client. The other two clients are lost.
Example
QAS 000, 001, 100, 200, 300, 400, 500 After the database copy: QAS 000, 001, 066, 400
Advantages
I
Unlike a database copy, the target system does not have to be reconfigured.
670
The target system does not lose its client structure. EXAMPLE: Before the client copy PRD 000, 001, 066, 400 QAS 000, 001, 100, 200, 300, 400, 500 After the client copy QAS 000, 001, 100, 200, 300, 400, 500
Disadvantages
I
A client copy requires that the source and target systems are not used during the copy. Having both systems out of use may not be practical for many companies because the amount of time required to do the copy could be significantly greater than the amount of time (days, perhaps weeks) that the production system can be down. Client-independent objects (programs, table structures, and so on) that have been changed and are not the same in the two systems will not be copied (refer to the sections on Client Copy below).
Computer Assisted Test Tools (CATT) Data Transfer Workbench Application Link Enabling (ALE)
Advantages
In addition to the benefits of the client copy above:
I
You can control the data being loaded into the new client. Data can be created to test specific items. You are not subject to the randomness of real data to test specific items. Real data may have the appropriate data to test specific test items. In this case, test data has to be created anyway.
Disadvantages
These are the same as for a client copy with data above.
PART NINE
Appendixes
672
A P P E N D I X
A
I
Useful Transactions
System administrators may find the following transactions useful. Although many of the transactions are not discussed in this guidebook, we list them here for your convenience. Many of these transactions are for more advanced functions than targeted in the scope of this guidebook.
674
Dangerous
Dangerous transactions are potentially damaging or fatal to the system if executed incorrectly. As a general rule, most Basis transactions are potentially damaging. Access to these transactions should be restricted in all systems. Access to some of these transactions should be even further restricted in the production system.
Caution
Performance Impact
These transactions could have a potentially adverse impact to system performance if executed. Traces and table display are the transactions of concern here. Transaction AL02 Description Database Alert Monitor (not supported for MS SQL Svr 7.0) Operating System Alert Monitor Workload Alert Monitor Current active users (in system) Display operating system file from CCMS Display table buffer (buffer synchronization) ALE administration and monitoring Exclusive waits in Oracle database Database performance; tables and index Parameter changes in database Analysis of table with respect to indexed fields Backup logs Dangerous Performance impact
A table display problem occurs when the query does a full table scan for data. When done on a large table, this query has a serious system performance impact because the system searches every record in the table to find those that meet the search criteria.
AL03 AL05 AL08 AL11 AL12 BALE DB01 DB02 DB03 DB05 DB12
675
Transaction DB13 DB14 DB20 OSS1 RZ01 RZ02 RZ03 RZ04 RZ06 RZ08 RZ10 RZ11 RZ20 RZ21 SA38 SCAM SCAT SCC1 SCC3 SCC4 SCC5 SCC6 SCC7 SCC8 SCC9 SCCL SCMP SCU3
Description DBA planning calendar DBA logs Generate table statistics Online Service System logon Graphical background job scheduling monitor Network graphical display of instance Server status, alerts, maintain operations mode Maintain operations mode and instance Maintain alert threshold CCMS Alert Monitor Maintain system profiles Display profile parameter attributes Alert Monitor 4.0 Maintain settings for Alert Monitor 4.0 ABAP reporting CATT management Computer Aided Test Tool Client copy transport Client copy log Client copy administration Delete clients Client import Client import post processing Client export Remote client copy Local client copy Table comparison Table history
Dangerous
Performance impact
X X X
X X
676
Transaction SE01 SE03 SE06 SE09 SE10 SE11 SE12 SE14 SE15 SE16 SE17 SE38 SECR SEU SFT2 SFT3 SICK SM01 SM02 SM04 SM12 SM13 SM18 SM19 SM20 SM21 SM30 SM31 SM35
Description Transport organizer Workbench organizer: tools Set up workbench organizer Workbench organizer Customizing organizer
Dangerous
Performance impact
Data Dictionary maintenance X Data Dictionary display Utilities for ABAP Dictionary tables Repository Info System Display table content General table display ABAP editor Audit Information System R/3 Repository Browser Maintain public holiday calendar Maintain factory calendar Installation check Lock transactions System messages Overview of users Database locks Update terminates Security Audit: Delete Old Audit Logs Security Audit: Administer Audit Profile (for SM20) System (Security) Audit Log System log Maintain tables (not all tables can use SM30) Maintain tables Batch input monitoring X X X X X X X X X X
677
Description Schedule background jobs Overview of background jobs Job analysis External operating system commands, execute (see related SM69) Work process overview Instance overview Reset or check number range buffer Error log for asynchronous RFC RFC connection, maintain Operations mode, maintain Event trigger Background processing analysis tool Global work process overview External operating system commands, maintain (see related SM49) Maintain logon groups Display own jobs Maintain number range objects Spool Spool control Display output requests TemSe (temporary sequential objects) contents TemSe administration Spool administration (printer setup) SAP Patch Manager
Dangerous
Performance impact
SM50 SM51 SM56 SM58 SM59 SM63 SM64 SM65 SM66 SM69
SMLG SMX SNRO SP00 SP01 SP02 SP11 SP12 SPAD SPAM
678
Transaction SPAU
Description Intersection SAP transport/customer modifications Spool; consistency check Intersection SAP transport/customer modifications, DDIC Spool; installation check SAP system trace Buffer statistics Workload analysis Database performance analysis SQL trace Operating system monitor Application monitor Network monitor Network Alert monitor Table call statistics statistics on table accesses Display developer trace Application monitor Application analysis statistics related to business document volume ABAP dump analysis Oracle: analyze the shared cursor cache Local transaction statistics Transport Management System Performance monitoring menu Customizing Time Zones User maintenance Display users
Dangerous
Performance impact
SPCC SPDD
SPIC ST01 ST02 ST03 ST04 ST05 ST06 ST07 ST08 ST09 ST10 ST11 ST12 ST14
679
Transaction SU02 SU03 SU10 SU12 SU2 SU22 SU3 SU53 TU02
Dangerous X X
Performance impact
Mass change to user records X Delete ALL Users Maintain user parameters Authorization object check in transactions Maintain own user parameters Display authorization checked values Parameter changes display active parameters and history of changes X
680
A P P E N D I X
B
J
SAP Resources
SAP books and CDs can be ordered from the SAP online store (www.mysap.com/company/shop) or, for items with an SAP part number, from your SAP account executive. Books with ISBN numbers can be ordered from the SAP online store (www.mysap.com/company/shop) or Amazon (www.amazon.com).
682
Books
Title SAP Part Number ISBN Number
Complementary Software Program 50-018-672 Directory R/3 System Getting Started SAP Dictionary R/2 System Release 5.0: EnglishGerman SAP Wrterbuch System R/2 Release 5.0: DeutschEnglish (SAP Dictionary R/2 System Release 5.0: GermanEnglish) Authorizations Made Easy 50-018-896 5000-5296 5000-5295 1-400524-02-4
Data Transfer Made Easy (English) Data Transfer Made Easy (German) Printout Design Made Easy (3.x) SAPscript Made Easy (4.x)
1-893570-04-5 (4.0B/4.5x) 1-893570-05-3 (4.0B/4.5x) 1-893570-12-6 (3.1H) 1-893570-13-4 (4.0B) 1-893570-14-2 (4.6B)
Reporting Made Easy (4.0B) (3-vol set) Fundamentals of Reporting Report Development Tools Commonly Used Reports System Administration Made Easy
1-893570-65-7 (4.0B) 1-893570-60-6 1-893570-61-4 1-893570-62-2 1-893570-41-X (3.1H) 1-893570-42-8 (4.0B) 1-893570-43-6 (4.6A/B)
BW Reporting Made Easy 2.0B/2.1C mySAP Workplace Administration and Tools Online Store Made Easy Guide
683
CDs
Accelerated SAP (ASAP). Because ASAP is an implementation project Knowledge Products. Knowledge products must be registered and a license installed (similar to saplicense), before they can be used.
Title SAP Order Number
Technical Implementation and Operation Mgt 500-27903 SAP System Management SAP System Monitoring SAP Software Logistics SAP Database Administration MS SQL server SAP Database Administration Oracle SAP Database Administration Informix SAP Database Administration DB2-400 SAP Database Administration Adabas SAP Integration Technologies R/3 Interface Advisor SAP Terminology Database SAP Business Information Warehouse SAP Interface Advisor, Rel 4.5 500-27391 500-25694 500-27393 500-25696 500-27392 500-25695 500-25697 500-29389 500-25698 500-21636 500-30826 500-29281 500-26902
Computer Based Training (CBT). Archiving has CBT available, under SAP
Order Number 500-20297.
684
Training Classes
In the U.S., call central registration at (888)-777-1SAP(1727) or visit SAP Americas training web site, www.sap.com/usa/trainsupp for the most current class list. Level 1 SAP50 SAP R/3 Basis Technology
Level 3 - Technical Core Competence BC310 BC314 BC317 BC360 BC361 BC370 Level 3 BC340 Going Live Windows NT/Oracle Windows NT/MS SQL Server Windows NT/DB2 UNIX/Oracle UNIX/Informix AS/400-DB2/400
Level 3 - Advanced BC325 BC315 BC505 BC511 BC520 BC525 Software Logistics SAP R/3 Workload Analysis Database Administration - Oracle Database Administration - Informix Database Administration - MS SQL Server Database Administration - DB2/400
Level 3 - Cross-Application BC601 BC615 BC630 CA940 Build and Use SAP Business Workflow Archiving Technology SAP Business Communication SAP R/3 Security Concepts
Other
SAP R/3 Security Guide; see SAP Note 39267 service.sap.com/securityguide
685
White papers
System Landscape The SAP R/3 System Landscape, System and Client Deployment Strategy white paper can be downloaded from www.saplabs.com/simple.
Media Center SAP R/3 Documentation Info Center for C & P SAP Knowledge Shop Media by Type Installation/Upgrade Guides SAP Online Documentation
Service Catalog Remote Services, such as solution optimization, upgrade, euro, archiving, OS/DB migration, and conversion
Education Services SAP Standard Training SAP Industry Solutions Training mySAP.com Components Training
Customer data Customer Master Customer Installations Customer Project Information Live Dates License Auditing Services
686
SAP Software Center SAP maintenance SAP Installations Note Assistant Customer Information Download Support Packages Download mySAP.com Workplace Packages Download Kernel/Frontend Patches Download Service Procedures
Third-Party Resources
The following list of books is not all-inclusive. Also, no single book can provide you with all the information you need. You will typically need several books in each category in your library. This listing of books does not constitute an endorsement by SAP. This listing is provided as a starting point for your convenience. We recommend you check with your vendors (hardware, operating system, database, and so on) and the various book sources (both online and in stores) and for additional titles.
687
UNIX Books
Arick, Martin. 1995. Unix for DOS Users. John Wiley & Sons. (ISBN: 0471049883) Frisch, leen. 1998. Essential Systems Administration: Help for Unix System Administrators. OReilly. (ISBN: 1-56592-127-5) Nemeth, Evi., [et al.]. 1995. Unix System Administration Handbook. Prentice Hall. (ISBN: 0-13-151051-7) Pugh, Kenneth. 1994. Unix for the MS-DOS User. Prentice Hall. (ISBN: 0-13146077-3) Siegert, Andreas. 1996. The AIX Survival Guide. Addison-Wesley. (ISBN: 0-20159388-2)
688
Enck, John (Editor). 1998. Windows NT Magazine, Administrators Survival Guide, Volume 1. Duke Communications. (ISBN: 188241988X) Frisch, leen. 1998. Essential Windows NT System Administration. OReilly. (ISBN: 1-56592-274-3) 1998. Windows NT Desktop Reference. OReilly. (ISBN: 1-56592-437-1) Ivens, Kathy. 1998. Windows NT Troubleshooting. Osborne. (ISBN: 1-078824710) Jumes, James; Neil Cooper, [et. al.] (PW Coopers). 1999. Microsoft Windows NT4.0 Security, Audit, and Control. Microsoft Press. (ISBN: 1-57231-818-X) Lambert, Nevin; Manish Patel. 1999. Microsoft Windows NT Security. ZD Press. (ISBN: 1-56276-457-8) Leber, Jody; Jody Schivley, and Robert Denn (Editor). 1998. Windows NT Backup & Restore. OReilly. (ISBN: 1-56592-272-7) McMains, John; and Bob Chronister. 1998. Windows NT Backup & Recovery. Osborne McGraw-Hill. (ISBN: 0-07-882363-3) Jumes, James (Editor); Neil F. Cooper, and Todd M. Feinman. 1998. Microsoft Windows NT 4.0 Security, Audit, and Control (Microsoft Technical Reference). Microsoft Press. (ISBN: 1-57231-818X) Microsoft Corporation. 1996. Microsoft Windows NT Server Resource Kit: for Windows NT Server Version 4.0. Microsoft Press. (ISBN: 1-57231-3447) 1997. Microsoft Windows NT Server Resource Kit Version 4.0, Supplement Two. Microsoft Press. (ISBN: 1-57231-6268) Minasi, Mark. 1997. Mastering Windows NT Server 4, 5th Edition. Sybex. (ISBN 0-7821-2163-2) Pearce, Eric; Robert Denn (Editor), and Beverly Scherf. 1997. Windows NT in a Nutshell: A Desktop Quick Reference for Systems Administrators. OReilly. (ISBN: 1-56592-251-4) Rutstein, Charles. 1997. Windows NT security: A Practical Guide to Securing Windows NT Servers and Workstations, McGraw-Hill (ISBN: 0-07-057833-8) Siyan, Karanjit. 1997. Windows NT Server 4: Professional Reference. New Riders Publishing. (ISBN: 1-56205-805-3) Sutton, Stephen. 1997. Windows NT Security Guide. Addison-Wesley. (ISBN: 0201-41969-6)
OS/400 Books
IBM. 1994. An Implementation Guide for AS/400 Security and Auditing. IBM. (ISBN: 0-73840-573-6) (part# : GG24-4200-00)
689
IBM. 1998. The System Administrators Companion to AS/400 Availability and Recovery. IBM. (ISBN: 0-73840-038-6) (part# : SG24-2161-00)
Informix Books
Doe, Charleton. 1997. Informix OnLine Dynamic Server Handbook, 1/e. Prentice Hall. (ISBN: 0-13-605296-7) Informix Software, Inc. 1996. Evolution of the High Performance Database, 1/e. Prentice Hall. (ISBN: 0-13-594730-8) 1996. Informix Performance Tuning, 2/e. Prentice Hall. (ISBN: 0-13-239237-2) Lumbley, Joe. 1999. Informix DBA Survival Guide, Second Edition. Prentice-Hall. (ISBN: 0-13-079623-9) McNally, John (Editor); Glenn Miller, Jim Prajesh, Jose Fortuny, and Robert Donat. 1997. Informix Unleashed. Sams. (ISBN: 0-672-30650-6)
DB2 Books
Bullock, Diane; Jonathan Cook; et al. 1999. DB2 Universal Database and SAP R/3, Version 4. Prentice-Hall. (ISBN: 0-13-082426-7) IBM. 1997. IBM DB2 for AIX and SAP R/3 Administration Guide. IBM. (ISBN: 073840-990-1) (part# : SG24-4871-00)
690
Oracle Books
Adkoli, Anand, and Rama Velpuri. 1998. Oracle NT handbook. Osborne. (ISBN: 0-07-211917-9) Ault, Michael. 1997. Oracle8 Administration & Management. Wiley & Sons. (ISBN 0471192341) Corey, Michael., [et al.]. 1997. Oracle8 Tuning. Osborne McGraw-Hill. (ISBN: 0-07-882390-0) Koch, Loney. 1997. Oracle8: The Complete Reference. Osborne McGraw-Hill. (ISBN: 0-07-882396-X) Loney, Kevin. 1997. Oracle8 DBA Handbook. Osborne McGraw-Hill. (ISBN: 007-882406-0) Loney, Kevin; Noorali Sonawalla, and Eyal Aronoff. 1998. Oracle8 Advanced Tuning & Administration. Osborne McGraw-Hill. (ISBN: 0-07-882534-2) Spence, Greg. 1999. SAP R/3 and Oracle Backup and Recovery. Addison Wesley. (ISBN: 0-201-59622-9) Velpuri, Rama; and Anand Adkoli. 1998. Oracle8 Backup & Recovery Handbook. Osborne McGraw-Hill. (ISBN: 0-07-882389-7) 1997. Oracle Troubleshooting. Osborne McGraw-Hill. (ISBN: 0-07-882388-9)
Corrigan, Patrick. 1994. LAN: Disaster Prevention and Recovery. Prentice Hall. (ISBN: 0-13-015819-4) Rothstein, Philip. 1995. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates. (ISBN: 0-964164809) Schreider, Tari. 1998. Encyclopedia of Disaster Recovery, Security & Risk Management. Crucible. (ISBN: 0-966272900) Toigo, Jon. 1995. Disaster Recovery Planning. John Wiley & Sons. (ISBN: 0471121754)
Security
I
Russell, Deborah; GT Gangemi Sr. 1992. Computer Security Basics; O'Reilly. (ISBN: 0-937175-71-4)
Scripting
I I I
Perl, www.perl.com Hoffman, Paul. 1997. Perl 5 for Dummies. IDG. (ISBN: 0-7645-0044-9) Schwartz, Randal; Tom Christiansen, and Larry Wall. 1997. Learning Perl, 2nd edition. OReilly. (ISBN: 1-56592-284-0)
691
Schwartz, Randal; Erik Olson, and Tom Christiansen. 1997. Learning Perl on Win32 Systems. OReilly. (ISBN: 1-56592-324-3) Srinivasan, Sriram. 1997. Advanced Perl Programming. OReilly. (ISBN: 156592-220-4) Vromans, John. 1996. Perl 5 Desktop Reference. OReilly. (ISBN: 1-56592-1879) Wall, Larry; Tom Christansen, and Randal Schwartz. 1996. Programming Perl, 2nd edition. OReilly. (ISBN: 1-56592-149-6)
Magazines
sapinfo.net, http://www.sapinfo.net/ Intelligent Enterprise, http://www.intelligenterp.com (formerly known as SAP Technical Journal) SAP Professional Journal, http://www.sappro.com/ SAP insider, http://www.sapinsideronline.com
HS Network Technologies 950 Tower Lane, 12th floor Foster City, CA 94404 USA Tel.: (650)-286-3018, FAX: (650)-287-3372
Business Continuation
I I I I I
Comdisco, www.comdisco.com Disaster Recovery Journal, www.drj.com DRI International, www.dr.org IBM Business Recovery Services SunGard Recovery Services, www.recovery.sungard.com
Organizations
I
Americas SAP Users Group (ASUG), www.asug.com For customers in the Americas, ASUG is the only vehicle to submit requests for upgrades and enhancement to SAP.
692
Web Sites
SAP
I I I I I I I I
SAP, www.sap.com mySAP.com, www.mySAP.com SAPNet, service.sap.com Note: you need a SAPNet user ID to access SAPNet SAP America, www.sap.com/usa SAP America, training, www.sap.com/usa/trainsupp SAP Labs, Simplification Group, http://wwwtech.saplabs.com SAP Online Store, www.sap.com/store_index.htm SAP Complementary Software Program, www.sap.com/CSP
SAP Affiliates
Americas SAP Users Group (ASUG), www.asug.com
Third-Party
I I I I I
SAP Fans, www.sapfans.com SAP Club, www.sapclub.com SAP Tools, http://sap.ittoolbox.com ERP site, www.erpsupersite.com ERP central, www.erpcentral.com
SAP-related comp.soft-sys.business.sap
Other comp.client-server
693
NT comp.ms-windows.nt.*
Other Resources
Operating System
I
UNIX Compaq Unix, www.tru64unix.compaq.com HP UX, www.hp.com/products1/unixservers/ IBM AIX, http://www-1.ibm.com/servers/aix/os/index.html Fujitsu Siemens Reliant, www.fujitsusiemens.com/servers/rm/rm_us/reliant.htm Sun Solaris, www.sun.com/solaris
Database
I
694
Caution
UNIX
Backup
I
Monitor
I
Scheduler
I I
695
Spool Management
I
Other
I
NT
Backup
I I I
ARCserve, Computer Associates, www.cai.com/arcserveit OmniBack II, HP, www.openview.hp.com Ultraback, BEI Corp, www.ultrabac.com
Monitor
I
Log monitor ELM, TNT software, www.tntsoftware.com Provision Network Monitor (formerly AlertPage), Computer Associates www.platinum.com/products/provis/po/nmon_pv.htm
System monitor LANDesk Server Manager, Intel, www.intel.com/network/products/landesk/ NetIQ, NetIQ, www.netiq.com OpenView ManageX, HP, www.openview.hp.com RoboMon, Heroix, www.robomon.com
Remote Control
I I I I I
Compaq Carbon Copy 32, Compaq, www.compaq.com/services/carboncopy LapLink for Windows NT, Traveling software, www.travsoft.com pcANYWHERE32, Symantec, www.symantec.com/pca Remote Desktop 32, Network Associates, www.nai.com Timbuktu Pro 32, Netopia, www.netopia.com
696
Scheduler
I I I I I
Auto Task 2000, Cypress Technologies, www.cypressnet.com Event Control Server, Vinzant, www.vinsoft.com Launch Pad, Cypress Technologies, www.cypressnet.com crondSys, # ifdef Software, www.ifdef.com Schedule Wizard 98 (shareware)
Spool Management
I
Other
I
Anti-virus See SAP Note 106267 for known problems with certain anti-virus programs. InocuLAN, CA, www.cheyenne.com Norton AntiVirus, Symantec, www.symantec.com NT shield, Network Associates, www.nai.com
FTP client AbsoluteFTP, Van Dyke Technologies, www.vandyke.com CuteFTP, GlobalSCAPE, www.cuteftp.com WS_FTP, Ipswitch, Inc., www.ipswitch.com
697
Network
I
698
A P P E N D I X
C
K
Overview
Note
SAP Notes were formerly known as OSS notes. The Online Service System (OSS) is now known as SAPNet. The SAP Notes are grouped by major area:
I I I
Within each group, the notes are grouped by category. These notes are the ones that we found important or useful during this books creation. More notes exist for each group. We encourage you to explore the SAP Notes to see what other notes would be of interest or importance to you. Over time, some of these notes may become obsolete and get removed.
700
SAP Notes
Category SAP Note # 11886 15466 21559 31557 42074 45580 86985 Batch Batch Batch Batch Batch Batch Batch Batch Batch CCMS Client Client Client Client Client copy Client copy Client copy Client copy Client copy Client copy Config 06604 11728 16083 18307 24092 31503 36280 37104 70639 71364 07312 13391 35952 40672 4010 24853 47502 69556 70643 84504 21636 Description Central syslog cut off Customer name range Examination of SAPgui problems The multi-client concept of SAP R/3 overview Using the SAP R/3 dispatcher monitor dpmon How are syslog files deleted? Release of SAP Releases for SAP add-ons (IS) Deleting job logs at the operating system level Background jobs with low priority Standard jobs, reorganization jobs Batch input logs and reorganization Distribution of background jobs on application servers FAQ: Background jobs Background work processes reserved for job class A Error analysis: Background processing system How are batch jobs scheduled Collective note: monitoring ST04, DB02, ST10, ST03 (30c-31h) Create client 066 for EarlyWatch Deleting/resetting a client (up to 3.0f) Client deleted, space still filled in database System changeability and client control Tables missing after client copy CC info: Client copy, functionality in 3.0, 4.0 CC-TOPIC: Remote Client copy CC-TOPIC: Missing tables and data CC-TOPIC: Delete client CC-TOPIC: SM29 transfers data in spite of cancel RAM extension: Which changes to profile?
701
Category Config Config Config Config Ops mode Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches Patches patches Patches Patches
SAP Note # 31395 33576 39412 44695 16845 19466 29372 33525 37617 53902 63786 63845 73510 74545 79376 80117 82264 85820 86241 87432 89089 96885 97621 97623 97630 104664 119738 169142
Description System parameters: Defined where? Displayed how? Memory management (as of 3.0c, Unix and NT) How many work processes to configure? Memory management (as of 3.0c, AS400) Operation mode switch without background processes Downloading a patch from SAPSERVx Unpacking CAR archives Important information about SAP patches < 3.1H Online Correction Support (OCS) Conflicts between Hot Packages / LCPs and Add-Ons FAQ Frequently Asked Questions: sapservX Corrections on SAPSERVx searching for files Problems during upgrade of patched source release Problems when unpacking CAR archives Installation of the 3.1H kernel Admin functions in Online Service System Important information about SAP patches >= 3.1H Patch is not displayed in patch queue HR Legal Change Patches for the HR component Contents of and applying LCPs Configuration of SAP R/3 systems for LCPs Downloading a front-end patch from SAPSERVx OCS Info: Online Correction Support (OCS) Patch types Known problems with patches >= 3.1H OCS info: applying patches from CD Problems during upgrade with too new hot packages Online Correction Support (OCS)
702
Description OCS: Known problems with Support Packages Rel. 4.6 The new archiving tool SAPCAR Checklist: Performance analysis File system is full what do I do Print/download in Online Service System OSS1: What to do if SAP R/3 does not run? Online Service System registration form, North America (for customers without existing Online Service System accounts) Search procedure for notes and messages in Online Service System Service connections The priority of your Online Service System message is changed OSS Quick reference sheet Easy to use guide for transaction OSS1 (SAPSERV4) Transferring customer files to sapservX via FTP Information required for registration keys User maintenance and creation in Online Service System for customer Access to the SAPNet server with Online Service System user id Inbox BIBO in OSS/O01 New customer messages in Online Service System Confirmation of Online Service System registration Changing/Deleting Online Service System users and installations Access to Online Service System services via the internet Change to Online Service System user data Integrating service connections into maintain system data New functions in the SAPNet as of 09-05-06/99
SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet SAPNet
29501 31515 32411 32789 33221 40024 40866 45027 69224 69378 74313 75002 75686 80618 81908 169296 169329
703
Category SAPNet SAPNet SAProuter SAProuter SAProuter Security Security Security Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Spool Start/stop
SAP Note # 170102 171569 30289 30374 87388 23611 39267 48018 02510 03255 06427 08462 09876 10551 10743 10755 11070 12550 18706 23389 25941 26009 27831 29666 30187 48914 64333 64337 64628 78401 00387
Description Automatic opening of a service connection Maintaining service connection in system data maintenance SAProuter documentation SAProuter installation Download SAProuter by FTP from sapserv# FAQ concerning SAP R/3 security SAP R/3 Security Guide Data security in SAP R/3 Printer off: What happens to the data? Spool log with bad print control Sxxxx How do you transport a printer definition Performance problems spool output Cannot read my hostname Table TST03 (tablespace PSAPPROTD) size increasing Name of PC longer than 8 characters Long name for routing computer Space requirements of TemSe and spooler Problems with remotely connected printers (WAN) Tuning the spooler Transporting printer definitions SAP R/3 does not find host name SAP R/3 does not print, first steps Priority of output requests? Authorizations for spool requests Viewing completed print data for output device. Output requests are partially delayed Change default value for spool retention period Transport output devices (printer) Using network printers from SAP R/3 Download a list from SAP spool Problems when starting up a DB
704
Description Shared memory still present, startup fails Transporting report writer objects Reversing transports (not possible to do) Analyzing Correction & Transport System problems
NT
Category SAP Note # 28665 89510 Backup Config Config Config Config Config Config Config Config Config 71440 22240 28392 31559 31563 33772 65761 68544 74810 75354 Description Central syslog under NT Installation notes for pcANYWHERE Problems when restoring DLT tapes with NTBackup Windows NT Control Panel settings Two systems on one NT machine Setting environment variables for NT kernel Setting environment variables for NT kernel The correct configuration of Dr.Watson Configuration problems under Windows NT Memory management under Windows NT Notes on SAP services and NT registry Multiple SAP instances on NT
705
Category Config Eventlog Patches Patches Perfmon Perfmon Problems Problems Problems Problems Problems Problems Problems Problems Problems Problems SAProuter Security Service pack Service pack Start/stop Start/stop TMS/CTS TMS/CTS Virus
SAP Note # 88416 72616 29372 74545 102390 110529 10616 21790 44803 49776 51781 53211 70572 100972 122288 129813 41054 36462 30478 85582 32182 35388 28781 62739 106267
Description Zero Administration Memory Management as of 4.0A/NT Syslog messages in the NT event log Unpacking .car archives Problems when unpacking CAR archives Use of NT performance monitor Professional use of the NT performance monitor Saposcol or collector not running WinNT: problems with notepad.exe Connection reset by peer Evaluating Dr.Watson log file Problems with SAPPAD Win NT appears to hang, SAP service problems SAP R/3 background problems on Win NT Help for analyzing a Win NT blue screen Win 3.51/4.0 no longer responds (hangs) NT: Problems due to address space fragmentation SAProuter as a service Note for Oracle security on WinNT Service Packs on Windows NT High memory requests under NT 4.0 SP 3 fail Windows NT: Event log message when starting SAP R/3 Problems on STOP/START of SAP R/3 via NT scheduler Central transport directory NT/UNIX Configuring a central transport host Problems with certain anti-virus software
706
UNIX
Category SAP Note # 21960 28781 80266 AIX AIX Digital Digital Digital HPUX HPUX HPUX HPUX HPUX HPUX HPUX SUN SUN SUN SUN SUN 48689 64885 72984 39698 136653 06599 41596 64884 99224 99527 101229 143527 64887 71479 101883 172524 182552 Description Two instances/systems on one UNIX computer Central transport directory NT/UNIX Installation of NT application servers in a UNIX environment IBM service, fixes and patches SAP R/3 relevant operating system patches for AIX Release of Digital UNIX 4.0B for Oracle cpio generated when restoring sparse files Performance problems on Digital UNIX 4.0D and 4.0E Sudden performance decrease, in UNIX too HP-UX: problem solving using HP-UX patches SAP R/3 relevant OS patches for HP-UX HP-UX Operating System patches Problems with MC Service Guard Informix: HPUX 10.20 patches End of support for HP-UX 10.20, HP-UX 10.10, HP-UX 10.01 SAP R/3 relevant operating system patches for Solaris Solaris recommended patches SAP R/3 relevant patches for Solaris 2.6 Time stamp is incorrect Y2K patches for SOLARIS
AS-400
Category Config Copy CTS Patches Performance Performance SAP Note # 44695 49023 37987 60856 49201 107104 Description Memory management as of 3.0C, AS/400 Client copy Importing transports OSS1 and hot packages Performance settings 4.0B kernel performance
707
Description SAP R/3 hangs in STARTSAP SAP R/3 cannot be started/shmget fails Roll memory leak & SYSTEM_CORE_DUMPED Work process terminate abnormally SAProuter
Database Notes
MS SQL server
Category SAP Note # 62849 28667 67320 85846 95901 126131 159171 163315 201075 302312 7.0 7.0 7.0 7.0 7.0 7.0 conv 7.0 conv 7.0 conv 7.0 conv 82035 95600 138392 153802 160178 92410 104392 107471 107483 Description news, compilation of notes This note is important for SQL server installations. MS SQL Server specific profile parameters Basic knowledge of MS SQL Server Released operating systems SAP R/3 4.0x/4.5x MS SQL Server SAP R/3 on MS SQL Server release strategy Installing add-on on MS-SQL svr 3.x Recompilation of Stored Procedures MS SQL 6.5 end of support Additions upgrading to 4.6C ... MSSQL Server Additions to upgrade to 4.6D MSSQL Server Improvements for MS SQL Server 7.0 Installation of SAP R/3 on SQL Server 7.0 SQL Server 7 and Vertex database Deleting transaction log files in MSSQL 7 MSSQL 4.6A minimum corrections DB conversion from MS SQL 6.5 to 7.0 Additional info: conversion 6.5/7.0 MS SQL Server Special SQL Server 7.0 conversion methods SQL Server 7.0: conversion on Alpha
708
Category 7.0 conv 7.0 conv 2000 2000 2000 Backup Backup Backup Backup Backup Backup Backup Backup Backup CCMS CCMS Client copy Config Config Config Config Config HA Kernel Maint Maint Performance Performance Performance Problems Problems Problems
SAP Note # 129122 130689 209596 327494 377430 37152 44449 48585 50990 68818 70300 151603 153763 166588 139945 141118 85443 67071 70517 80102 97066 126808 111372 77012 67437 142731 38657 61340 76052 67297 79262 79883
Description Conversion SQL Server 6.5/7.0 consultant companies Conversion of multiple SAP R/3 systems from 6.5 to 7.0 Setting up Microsoft SQL Server 2000 Configuration Parameters for SQL Server 2000 SQL Server 2000 installation CD of SAP SQL Server backup to a dump file Backup strategies with MS SQL Server Database copy DB Backup/Restore of Microsoft SQL Server Error in SQL Server backup/restore Backup/restore (compilation of notes) Copying a SQL Server 7.0 database Sub-optimal tape backup performance File backup with SQL server 7.0 SAP database monitor for MS SQL Server New scheduling calendar in the CCMS (DB13) SQL Server Client copy Moving database devices Restructuring a SQL Server installation Device management for MS SQL Server Running two SAP R/3 systems on one sever Configuration parameter for SQL Server 7.0 Stand-by database for MS SQL Server Spool, batch enhancements in kernel DBCC checks DBCC checks for SQL server 7.0 Slow performance of SAP R/3 on MS SQL Server Update statistics on MS SQL Server system tables Update statistics on database tables Error 1105 trans/db log full Incorrect database and log size in DB02 and ST04 Incorrect database freespace alert displayed
709
Category Problems Problems Problems Problems Problems Problems Problems Problems Problems Problems Recovery Recovery Recovery Recovery Security Security Service pack Service pack Service packs Service packs
SAP Note # 81692 87027 87029 111291 129190 150495 155402 166861 168408 425763 50745 70161 82699 94213 28893 116225 62988 66365 159069 159268
Description Suspect database Fill level database logs Fill level of the database and log Analysis and avoidance of deadlocks Problems with Performance Monitor and SQL Server 7.0 Deadlocks with MS SQL 7 Analysis of hanging situations Analysis of DB13 problems R3load process dies directly during a start No error log generated when an instance profile is missing (This note is in German) Database restore for SQL Server SQL error 916 and 4001 after restore Rebuild master database Point-in-time-recovery fails Changing password of users sapr3 Password change for database user sapr3 Service Packs for MS SQL Server Windows NT service packs (problems caused by) SQL Server 7.0 service pack 1 install terminates Service Pack installation on MS SQL server 7.0
DB2 / UDB
Category SAP Note # 80625 85842 410252 Copy Performance Performance Performance Performance 111206 92795 97014 122599 107123 Description Released operating systems SAP R/3 3.x/4.x DB2 for OS/390 Released operating systems SAP R/3 4.0x DB2/CS Installing the latest 4.6D DB2 UDB Admin Tools 390: Homogeneous System Copy 390: R3trans performance improvements 390: R3trans performance improvement 390: Performance of the update 400: Performance improvement on the database server
710
Category Problems Problems Problems Problems Problems Problems Problems Problems Restore Restore Security
SAP Note # 54028 84270 97449 98306 141527 149292 151085 163356 78332 163731 80292
Description 400: Overflow in SQL package. SQL0904, SQL0901 390: Deadlocks on TPFBA and TPFID 390: Unspecified core dumps with HPDT UDP 390: Tablespace name not set 390: Generation of matchcode objects fail UDB: DB2adut1 displays no journals CS: Some work process end with SQL1403 390: Signal 11 during DDIC operations CS: Database crash/core in restore from ADSM CS: Restore Terminates with SQL0973 Security DB2 with SAP R/3 under NT
Informix
Category SAP Note # 93264 53746 62340 64001 71776 85840 93868 AIX Backup Backup CCMS Config Config Config Document HPUX HPUX Maint 102204 11462 167878 66322 12825 41360 141054 154895 41596 101229 22941 Description Informix: Important News Use of correct Informix versions INFCFGCHECK: Download and First steps INFCFGCHECK: Detailed messages of single checks INFCFGCHECK: Automate database checks Released operating systems SAP R/3 4.0x Informix BC511 Instructors contributions AIX 4.3 patches necessary with Informix Informix: Copying and renaming an SAP R/3 database Informix: Copying and renaming an SAP R/3 database CCMS Database administration (DB13) Installation of two SAP R/3 systems on one host Database configuration via onconfig parameter Informix environment parameter for 7.3x Ordering additional Informix documentation HP-UX Problem solving using HP-UX patches Informix: HPUX 10.20 patches Reorganization of table and dbspaces
711
SAP Note # 29155 126175 38307 156766 184760 31171 48338 187183
Description Consistency check of an Informix database Service Pack 4 on NT4.0 with Informix IDS 7.X Reducing shared memory consumption Performance problems with Informix 7.3x Update Statistics: SAPDBA Rel.>=4.6A old strategy DB start/stop brings warnings Problem solution through SOLARIS/SUN patches Downloading the ON-Archive Y2K patch
Oracle
Category SAP Note # 85838 112325 01039 01042 96397 125242 128221 AIX BR BR BR BR BR CBO CBO CBO CCMS Config Config Config 51396 02239 12593 13550 43494 43499 93098 93256 127715 85609 03809 09705 94801 Description Released operating systems SAP R/3 4.0x Oracle End of Cust Care Support Oracle 7.3.* Problems with ORACLE TWO_TASK linking ORACLE TWO_TASK connect failed OS06: Unable to open file os_sys.log Do not alter MAXEXTENTS on dictionary tables Increased memory consumption with Oracle 8 Kernel extensions on AIX SMP computer cpio with BRBACKUP and BRARCHIVE BRBACKUP on several different tape drives Using BRBACKUP and BRARCHIVE Collective note: BRBACKUP, BRARCHIVE, BRRESTORE Collective notes concerning DBA tools Changes to the upgrade to 4.0 CBO Oracle CBO: changes for installation of 4.0 CBO: Optimal parameters for performance Offline backup via CCMS/DB13 not possible Changing the size of the redo log files Mirroring the ONLINE REDO LOG FILES Environment variables for Windows NT
712
Category HPUX Patches Patches Performance Performance Performance Performance Problems Problems Recovery Recovery Recovery Recovery Reorg Reorg Reorg SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA SAPDBA Security Start/stop SUN SUN SUN Tablespaces
SAP Note # 92788 127395 181195 33868 72638 102042 114716 33735 38006 03804 04157 04160 04161 12921 40521 43487 12621 15465 19193 29348 42293 43486 43490 43491 44395 44595 36462 02775 44361 116453 183292 02425
Description HP-UX/Oracle: hanging LGWR Current patch set for Oracle release 8.0.5 Current patch set for Oracle release 8.1.5 Performance problems NT 3.51 / Oracle / TCP/IP Performance problems with SQL*Net V2 System hang on AIX SMP computers under high load Performance problems Oracle 8.0.4/all entries Archiver stuck in Windows NT Ora-1631 max extents reached. Which table? Restoring from a full backup General flowchart for Oracle recovery Tape management for recovery Complete recovery Reorganization of SYSTEM tablespace Reorganization (external tools) Collective note: SAPDBA reorganization SAPDBA speeding up reorganization SAPDBA shrinking a tablespace SAPDBA size and reorg of table space PSAPTEMP SAPDBA reorganization of single table; PSAPTEMP SAPDBA new command line option analyze Collective note: General SAPDBA Collective note: SAPDBA Recovery Collective note: SAPDBA command line options SAPDBA: missing indexes after reorg run SAPDBA: general procedure for reorganizations Note for Oracle security on WinNT Oracle cannot be started Sun Solaris: database does not start after patch Backup via DB13 on Solaris Oracle 7.3.3 Oracle crash because of kernel AIO bug on Sun Function of tablespaces/Dbspaces on the database
713
SAP Note # 03807 09321 39650 89691 98507 111922 126137 172380
Description Tablespace PSAPROLL, rollback segments too small Next-extents in ORACLE system tables are too large Maximum number of extents per tablespace Additional info: migrating to Oracle 8.0.3 Additional info: migrating to Oracle 8.0.4 NT/Oracle >= 7.3.3.4 necessary Additions Oracle upgrade to 8.0.5 UNIX 64 bit Oracle Y2K bugs and fixes
714
A P P E N D I X
D
L
Upgrade Discussion
Upgrade Discussion
An upgrade is an update to your SAP R/3 system. The question of whether to upgrade your system to a new release depends on many complex factors. Most importantly, the decision to upgrade should be based on business need. Some of these factors are outlined below:
I
Desired functionality in new release This can be found in the release note for the specific release.
I I
Costthe following items could increase the cost of your upgrade. You must: Upgrade the database and operating system (if required) Purchase and install additional hardware (if required)
716
I I I
Test to find problems with the upgrade Upgrade the SAPgui on the users computers Find the time to do all the above
Disruption for users, especially if there is no functional enhancement for them. Diversion of resources (Company resources that could be applied to other tasks would be assigned to upgrading the SAP R/3 system.) Desire to be on the latest release (While desirable for a personal resume, this reason is not a valid business reason to upgrade your system.)
When to Upgrade
In deciding to upgrade your system, ask yourself the following questions:
I I I
Have the reasons for upgrading or not upgrading been analyzed? Has the business need criteria been met? If you installed any Industry Solution (IS), are IS patches available for the new release? If the patches are not available, you cannot upgrade.
Upgrade Issues
An upgrade can be more complex than a new implementation because:
I
There is real data on the system that is being upgraded. If the upgrade fails, the companys operations could be affected and business could stop. This failure would require you to recover the database (refer to the section on disaster recovery). The system is unavailable for users during a portion of the upgrade process. The technical downtime is six to twelve hours. In addition, many other tasks are performed around the backup that could increase this downtime significantly. System downtime could significantly impact the operations of the business during this period. Upgrade changes could require changing configuration, testing, training, and documentation.
717
Changes require regression testing: Do business processes function as they did before? Does custom code need to be changed due to changes from the upgrade?
Other Considerations
Software Issues
The following software has to be compatible with the SAP R/3 release you plan to upgrade to:
I I I
Database Operating system Third-party applications that compliment the SAP R/3 system (for example, external tax packages, job schedulers, system monitors, spool managers, and so on)
Hardware
The upgrade requires free working space on disks to run.
I I
The amount of space required differs with operating system and database. Some of the space is released after the upgrade; other space is permanently used.
As each release adds functionality, the required disk space, processing power and memory required generally tends to increase. A system configuration that was adequate for one release may be inadequate for a later release. This is especially apparent when jumping release levels; example upgrading from 3.1H to 4.6B. The following table is compiled from SAP Notes: SAP Release 3.1H to 4.0B 4.0B to 4.5B 4.5B to 4.6A 4.5B to 4.6B 4.5B to 4.6C CPU increase % 30 20 10 20 10 Memory increase % 30 20 30 10 30
718
Performance
Upgrade performance is difficult to predict. Performance is sensitive to a variety of variables, some of which can have significant impact. Therefore, an upgrade of the test system should be done to determine timing values for your configuration. The following are a few of the factors that affect the performance of an upgrade:
I I
Database and operating system Hardware Processor (number of processors and speed of each) Memory (amount available) Drive array Performance factor (especially for writes) Configuration (minimize or eliminate drive or channel contention) Other I/O hardware (minimize or eliminate data channel contention)
I I I I
Data volume for changes to tables that contain data For more information, see:
A P P E N D I X
E
M
Training / Learning
Training / Learning
Mini-Basis system
For the Basis System Administrator, new tools will make your ability to learn easier. One of the most exciting is the mini-Basis system:
I
The mini-basis system is a Basis-only system that will provide you a platform to learn the various system administration functions in a safe environment. What we mean by this is the following: There are only Basis transactions in the system. Functional applications (i.e. FI, CO, SD, and so on) are not part of the system. This restriction allows the system to be installed in significantly less disk space than a full SAP R/3 system. The safe environment comes by your ability to install it on a workstation or PC, so anything you do on the mini-basis system does not affect any of your live systems. In this way doing anything dangerous or destructive will not damage a live system.
NT/SQLserver 4.6D
720
Linux/SAPDB 4.6B
As they require much less hardware to install than a full SAP R/3 installation, they can even be installed on a suitably equipped workstation. For demonstration purposes, the NT version has been installed on a notebook computer. For more information on the mini basis systems please see the appropriate web pages:
I
A P P E N D I X
F
N
Overview
With CCMS, you now can monitor multiple SAP R/3 systems from a single alert monitor. To do this you must first have established a RFC connection to a remote SAP R/3 system that you wish to monitor remotely. Therefore this appendix is divided into two parts:
I I
Defining an RFC connection to a Remote SAP R/3 System Monitoring an Additional SAP R/3 System
Task
722
2.
a. b.
Expand the R/3 connections tree. If there is not a RFC connection that you want to monitor, choose Create.
3.
a. b. c.
Under RFC destination, enter a name for the RFC connection, (for example, hspal008). Under Connection type, enter the type of connection, (for example, 3 for SAP R/3 system). Under Description, enter the identifying text, (for example, Connection to DC2 system).
723
d. e.
Under Logon, enter the user logon data (such as Client, User, and Password) that has authorization for the alert monitor and for system administration in the target system. Choose .
724
4.
To find out the name of the message server, log onto the target system and call Transaction RZ03. The message server is the SAP R/3 instance with the M in the Services column.
a. b. c.
Under Target host, enter the host name of the message server, (for example, hspal008.pal.sap-ag.de). Choose Choose . A message is shown in the status bar. .
725
5.
Task
726
3.
a. b. c.
Under Target system ID, enter the name of the SAP R/3 system to be monitored, (for example, DC2). Under for data coll., choose SAP R/3 system. Choose . to select the RFC connection to the remote
4.
Do not run this batch job unless you want performance history data (RZ20).
727
2.
From the menu bar, choose Technical infrastructure Performance Database Define Background Job.
3. 4. 5.
This user is the user ID that was used to log in. Enter the date and time to run the job. The job will run every day. Choose .
728
6.
Choose
7.
8. 9.
Enter the date and time to run the job. The job will run every week. Choose .
729
10.
Choose
11.
Choose
12.
In SAP R/3 release 4.6D, the system displays an additional selection tab. Repeat steps 8 and 9 to complete the configuration.
730
13.
Choose
14.
I N D E X
Index
A
ABAP dump analysis definition 152 free selection 153 in general 152 performing 67, 73 simple selection 153 editor 158, 159, 216 execute 83, 215 Active processes 99 Active users 148 Adding additional systems in general 232 SAP logon 232 Administration basics R/3 system 3 Administrator access key 561, 567 guidelines 7 requirements of 6 roles external to R/3 5 factors that determine 4 within R/3 5 Advanced quality assurance 488
AIS 196 Alert monitor acknowledge alerts 117 adding a monitor 129 alert threshold 416 analyze alerts 115 checking 65, 72, 75, 76 create new monitor set 127 finding alerts 110 hiding SAP standard monitor sets 124 in general 106 maintaining thresholds 120 views 109, 115 Alerts acknowledge 117 analyze 115 current 109 database 67 finding 110 maintaining thresholds 120 messages 421 open 109 paging system review 423 parameters 422 threshold, changing 416 views 109, 115 Annual tasks
732
checklists 82 database 83 notes 84 operating system 83 other 84 Application server definition 13 in general 89, 426 Audit Information System (AIS) business 199 complete 196 in general 196 system 198 user defined 200 Audits business 199 check for validity 217 complete 196 considerations 167 different users 213 financial 166 in general 166 information system 196 security 167, 186 security logs filter group 1 208 filter group 2 209 in general 203 parameters 206 running 204 specific reports 216 system 198 tasks 217 tools 196 user defined 200 user security jobs 214
B
Background jobs batch 427 creating 431 housekeeing 428 incorrect 443 new 443 others 428
performance 428, 429 regularly scheduled jobs 427 scheduling 431 select 66, 70, 71, 79, 81, 439 user ID 428 Backup archive logs 381 checking 459 checking tape label 297 checklist, strategy 47 database 37, 46, 171, 293, 378, 458 dedicated drives 57 design strategy 44 determine the number of tapes required 378 determining correct tape label for 288 differential 42 frequency 37 full 458 IBM DB2 Universal Database 260 in general 35, 37, 458 incremental 41 Informix 317 initializing tapes 293, 298, 371 Microsoft SQL server 291 NTBackup 462 offline 42, 298, 458 on-demand 43 online 42, 294 operating system level 39, 47, 462 overview 36 performance database restore options 57 disk to tape 57 factors affecting 55 faster devices 55 in general 54 options 55 parallel backup 56 recovery 57 periodic archivals 458 procedures database check 45 in general 45 preparation 48 verifying backups 45 RAID systems 58 scheduled 43
Index
733
strategy 36 supplementary 45 tape management handling tapes 51 in general 48 labeling tapes 49 number to backup 378 retention requirements 52 tracking and documenting tapes 48, 51 tape storage in general 53 offsite 53 onsite 54 transaction logs 38, 45, 46 types 40 UNIX level 462 using command line processor (DB2 CLP) 272 verification 70 without checking tape label 296 Batch input 67, 72, 443 Batch jobs 95, 427, 429, 443, 445 Books IBM DB2 689 Informix 689 Microsoft SQL Server 689 NT 687 Oracle 690 OS/400 688 other topics 690 SAP 682, 686 third-party authors 687 UNIX 687 BRARCHIVE 377 BRBACKUP 374 Buffers definition 529 hit ratio 530 importing 488 performance 529 special transport, adding into import buffer 495, 507 swaps 530 tune summary 67, 72, 529
C
CAR files 603 Cascade failures, minimizing 34 CCMS alert monitor 65 CDs 683 Central instance stopping 102 Central processing unit (CPU) 535 Central User Administration (CUA) 162 Change and transport system (CTS) 486 Change control in general 472 managing transports 483 Checking the database 366 Checklists annual tasks 82 database 83 notes 84 operating system 83 other 84 backup strategy 47 daily tasks critical 65, 70 database 67 notes 68 operating system 68 other 68 R/3 System 65, 69 locked transactions 183 monthly tasks 77 database 77 notes 78 operating system 77 other 78 quarterly tasks 79 database 80 notes 81 operating system 80 other 80 stopping R/3 91 weekly tasks 74 database 74 notes 75 operating system 75 other 75
734
Cleaning tape drive 419 Client copy copy to different system/SID 662 copy to same system/SID 658 creating a client 655 deleting a client 665 log 666 overview 653 post-client copy tasks 664 processing notes 654 production system 669, 670 SAP Notes 654 security 655 target client 658 Client-dependent changes 175 Client-independent changes 174, 175 Command Line Processor (DB2 CLP) 269 Consumable supplies check 462 other considerations 464 Contracts, maintenance 421 Crash kit in general 27 inventory list documentation 27 software 29 location 27 Critical tasks daily 70 operating system level backups 462 verify backups 70 verify R/3 is running 70 CTS 486
D
Daily tasks checklists critical 65, 70 database 67 notes 68 operating system 68 other 68 R/3 System 65, 69 Dangerous transactions in general 86, 178
recommended lock table 178 restricted access table 183 Data security 171 Database (DB) administration 275 backup 37, 46, 291, 458 checking backup 45 checklists daily tasks 67 consistency check 74 passwords 195 performance analysis 73, 76, 78, 531 server definition 13 starting 88 stopping 100 stopping an instance 100 TemSe 74 Database administration (DBA) 275 IBM DB2 Universal Database 253 Informix 309 Microsoft SQL Server 275 Dates entering 96 DB2See IBM DB2 Universal Database 253 DBA Scheduling 355 DBCC 74 DDIC in general 222 restricting access 187 Defragmentation, memory 530 Deleting user session 247 Deleting users 85 Disaster definition 18 minimizing opportunities cascade failures 34 human error 33 in general 32 single points of failure 33 Disaster recovery applications, up or downstream 32 backup sites 32 business continuation 29 business requirements in general 20 performance 36
Index
735
crash kit 27 disaster, minimizing 32 downtime 21 high availability (HA) options 19 integration 30 offsite 30 other considerations 32 planning 18, 19 recovery groups 22 process 26 scripts 25, 26, 29 time 21 reintegration to R/3 30 scenarios corrupt database 24 hardware failure 24 in general 23, 24 loss or destruction of server facility 24 staffing 22 testing 30 types offsite 23 onsite 23 when to begin 21 Downstream applications 32
G
Graphical job monitor 70, 442 Guidebook how to use xxviii new features xxviii organization of xxviii prerequisites xxv target audience xxv Guidelines 6
H
Hardware central processing unit (CPU) 535 disk 535 in general 535 memory 535 review 421 Head contention 524 Help 6 High availability (HA) options 19, 171 Hit ratio 530 Hot packages 617 Housekeeing jobs 428 Human error, minimizing 33
E
EarlyWatch session 605, 608 External interfaces 100
I
IBM DB2 Universal Database administration in SAP systems 253, 255 backups and recovery 260 books 689 command line processor (DB2 CLP) backing up 272 overview 269 resizing tablespace 272 starting 269 update database configurations 271 update manager configurations 271 control center 273 diagnostics 268
F
Failed updates 66 File space archiving 415 expansion 415 old transport files 418 usage 414 File, retrieval 594 Forms Detailed Online Service System Note Record 474 General Note Record 473 R/3 User Change Request 224 Sample Transport Request 485
736
overview 254 performance 255 review planning calendar 266 SAP Notes 709 scheduling tasks 264 space allocation 259 starting 254 stopping 255 Informix backing up logical-log 321 overview 317 requirements 317 scheduling 317 checking the database consistency 327 overview 321 reviewing results 322 scheduling 321 DBA planning calendar changing tasks 315 checking status 313 initializing 310 scheduling tasks 312 disk space 329 extending Dbspace 337 further information 341 overview 310 SAP Notes 710 SAPDBA 333 scheduling database tasks 310 starting and stopping 334 updating statistics 326 viewing message log 324 Initializing archive tapes 374 Insider trading 165 Instance definition 13 operation mode 447 stopping 100 Internet news groups 692
L
Lock entry list 66, 72 Locking checklist 183 client modifiable 177 permanent 176 dangerous transactions table 178 logon 243 prohibited password table 190 restricted dangerous transactions table 183 service connection 585 transaction codes 83 transactions, dangerous 178 users 85, 189 Locks definition 145 deleting 147 in general 145, 172
M
Maintenance basic 609 contracts 421 extended 609 overview 608 special 607 table 466 user 79, 241 Management, change change control 472 in general 188, 465 managing transports 483, 486 note assistant 475 SAP Notes 472 standard transport process 488 table maintenance 466 transportation methods 495 Memory
K
Keep it short and simple (KISS) 8, 44
Index
737
defragmentation 530 hardware 535 Microsoft SQL server backup checking results 291 checking tape label 297 determining correct tape label 288 initializing tapes 293, 298 offline 298 online 294 with Microsoft tools 293 without checking tape label 296 database activity 278 database allocation 282 deleting planning calendar entry 290 Enterprise Manager 303 error logs 303 overview 275, 276 passwords 305 performance 278 performance monitor 278 run update statistics 305 SAP Notes 707 scheduling tasks 284 starting 88, 276 statistics update 74 stopping 100, 276, 277 verify consistency 305 Mini-basis system 719 Modes 445 Monthly tasks checklists database 77 notes 78 operating system 77 other 78 R/3 system 77 Multi-role tasks checklist, stopping R/3 91 mySAP components xxiii
O
Online Correction Support (OCS) 571 Online Service System notes 384 Operating system SAP Notes 704 Operating system (OS) administration 411 alert threshold 416 checklists annual tasks 83 daily tasks 68 monthly tasks 77 quarterly tasks 80 weekly tasks 75 file space archiving 415 file space expansion 415 file space usage 414 full server backup 458 monitor 68, 71, 531 NT event log 422, 423 old transport files 418 passwords 194 system logs 412 tasks 412 transporting method 507 transporting objects 487 Operational security in general 170, 186 management change 188 passwords 189 sharing of user IDs 188 Operations application server check 426 background jobs 427 consumable supplies 462 definition 426 distribution of work processes 452 graphical job monitor 442 in general 425 modes adding new 449 assigning 454 definition 446 generate instance 447 in general 445
N
Network administartion 411 New user setup 225 Note assistant 475
738
other considerations 464 system backup 458 Oracle SAP Notes 711 OSS notes 472 Output management in general 387 output printing 401 printer setup 388 printing screen 404 spool check consistency 407 deletion, for 397 printing problems 394 TemSe check 409
P
Paging system 421 Passwords 189 changing 193 database 195 eliminating easy 189 expiration time 189 in general 189 length 189 lockout 189 maintaining table of prohibited 190, 466 Microsoft SQL server 305 operating system level 194 recording 191 resetting 242 sample tables 192 security parameters 189 standards 189 system administration 222, 223 Patch application verification 648 confirmation 647 level 518 logs 646 Performance background jobs 428 backup database restore options 57 factors affecting 55
faster devices 55 in general 54 options 55 parallel backup 56 recovery 57 to disks then tapes 57 buffers 529 critical assumption 524 database 531 defining an RFC connection 721 evaluation priority 524 hardware 535 IBM DB2 Universal Database 255 in general 523, 525, 719 memory 535 memory defragmentation 530 Microsoft SQL server 278 monitoring multiple systems 721 R/3 525 resources 524 training 719 workload analysis 525 Permission creep 218 Policies backup frequency 37 supplementary backups 45 system adminstration 222 user administration 220 Prerequisites xxv user xxvi Printer setup checking the spool 394 in general 388 Procedures backup database check 45 in general 45 roles and responsibilities 46 verifying backups 45 system administration 222 user administration 220 Production refresh strategies client copy with data 669 client copy without data 670 database copy of production system 668 overview 668 Production system
Index
739
not modifiable 174 preventing changes 85 Products CDs 683 contributed by users 694 Profile Generator 220 Profile parameters, system administration data 609 editing 79, 608 maintenance basic 609 extended 609 PXA See Memory 530
Q
Quarterly tasks checklists database 80 notes 81 operating system 80 other 80 R/3 system 79 QuickSlice 509
R
R/3 Alert Monitor 415 R/3 System 88 active processes 99 administration 105 administration basics 3 annual tasks 82 batch jobs 95 checking for users 94 with application servers 94 checklists daily tasks 65, 69 stopping R/3 91 definition 13 external interfaces 100 guidelines 6 monthly tasks 77 performance 523, 719, 721 printer setup 388
quarterly tasks 79 security 172 starting 88 status verification 70 stopping 90, 91, 100, 101 three-tiered configuration 13 weekly tasks 74 R/3 system administrator 4 Records update 72 Recovery 17 Recovery scripts business continuation 29 creating 26 definition 25 Regression testing 650 Remote services CAR files 603 downloading files 600 EarlyWatch 605 overview 593 SAPSERV 594 Resources internet news groups 692 magazines 691 other 693 SAP 681 third-party information 686, 691 web site 692 Restore reasons for 36 strategy 36 testing 37 Return codes, transport 511
S
SAA See System Administration Assistant (SAA) 106 SAP database administration 80 SAP GUI adding additional systems 232 installing file server, from 226 prerequisites 225 presentation CD, from 231
740
software 226 SAP Notes database IBM DB2 Universal Database 709 Informix 710 Microsoft SQL server 707 Oracle 711 for further informationl 586 implementing 477 loading 475 log file 481 managing 472 note assistant 475 operating system 704 AS-400 706 multiple system 704 NT 704 UNIX 706 OSS notes 472 processing status 480 searching 544 special 604 useful 58, 582, 650, 654, 699 viewing 625, 628 SAP online store 681 SAP products and resources 681 SAP Service Marketplace 539 SAP Software Center 571 SAP* 222 restricting access 187 SAPCAR.exe 603 SAPDBA backup 371 cleanup 80 Computing Center Management (CCMS) 349 definition 333, 363 getting started 334 starting 88, 334 stopping 100, 334 to administer Informix 333 using 375 SAPNet 685 connecting to R/3 system 582 customer messages 547 component 548 confirming 558 entering 547, 549
prioritizing 547 problem description 548 viewing 554 developer deletion 564 developer key request 560 key entry 564 object key request 566 registration 559, 560, 562 logging on 540 notes 650 object deletion 570 key entry 570 registration 559, 565 prerequisites 582 problem solving 543 SAP Software Center 571 service connection 585 SAProuter 594 SAPSERV 594 connect using a GUI 595 connect using command prompt 597 navigating 597 partial organization 602 retrieving files 594 server specifics 594 SAR files 603 Scenarios, disaster corrupt database 24 hardware failure 24 in general 23, 24 loss or destruction of server facility 24 Scheduling 63 DBA planning calendar 312, 357 IBM DB2 tasks 264 Informix tasks 310 Microsoft SQL tasks 284 Screen resolution optimal setting xxvii Security 163 access 168 application 170 audit log filter group 1 208 filter group 2 209 in general 203
Index
741
parameters 206 review 74 running 204 authorization maintenance 82 auto logout 146 backups 171 change management 188 client copy 655 controlling access 172 data 171 DDIC 187 definition 164 different user audit 213 electronic card key access 169 facility related items 171 high availability (HA) options 171 issues not covered in guidebook 162 layers 168 multiple user logins, prevent 172 network 169 operational 170, 186 overview 161 passwords 189 changing 193 database 195 eliminating easy 189 expiration time 189 in general 189 length 189 lockout 189 maintaining table of probibited 190 operating system level 194 parameters 189 recording 191 sample tables 192 standards 189 permission creep 218 physical 168 production system changes, preventing 172 profile generator 220 profile maintenance 82 R/3 172 router tables 169 SAP* 187 security reports 214 segregation of duties 186 sensitive data 165
sharing of user IDs 148, 188, 249 user audit jobs 214 Security administration 163 audits 166 considerations 167 financial 166 security 167 data protection 165 insider trading 165 other requirements 165 See IBM DB2 Universal Database 253 See Performance 523, 719, 721 See System administration 105 Server administration 411 application 89 Service connection 585 Session delete user 247 terminate 248 Short dump See ABAP, dump analysis 152 Single points of failure, minimizing 12, 33 Single-Sign On (SSO) 162 Software R/3 System xxvii users logging on xxvii Software, Prerequisite utility software installation xxvii Spool consistency check 407 deleting old 397 in general 72, 76 printing problems 67, 74, 394 Starting R/3 88 Stopping R/3 90, 91, 100, 101 Super users DDIC 222 SAP* 222 Supplies checking consumable 462 other considerations 464 Support Package Manager (SPAM) application server upload 581 download 576, 580 frontend upload 581 notes 578
742
Support packages applying 643, 645 downloading from SAPNet 633 getting information from SAPNet 622 high level application 618 in general 520, 617 notes view all 625 view specific 628 object conflicts 649 overview 617 patch application verification 648 confirmation 647 log 646 regression testing 650 strategy 617 updating SPAM 640 uploading from CD 634 from web 635 front end 638 in general 634 Swaps 530 System xxvi, 4 assumptions xxvi audits 198 backup 458 change management 188 confirmation information 119 logs 72 display remote system logs 144 in general 142, 412 NT 422, 423 R/3 66, 69, 88, 422 messages creating 92, 155 defining 92, 155 editing 156 in general 155 monitor 421 monitoring tools 106 multi-instance 149 preventing changes 85 profile parameters 79, 608 R/3 definition 13 single instance 148, 249
with application servers 150 without application servers 151 System administration 222 DDIC 222 in general 105 passwords 222, 223 SAP* 222 System Administration Assistant (SAA) 106, 132 System administrator 4 System guidelines changes, making 10, 11 checklists 9 database access 11 documentation 8 help 7 in general 6 networking 8 non-SAP activity 12 preventive maintenance 9 protecting the system 7 single points of failure 12 System performance See Performance 523, 719, 721 System, Prerequisite software xxvii
T
Table maintenance deleting entry 470 in general 466 review 79 table entry, create 466 USR40 190 Tape drive, cleaning 419 Target audience xxv customer person xxv SAP R/3 administrator xxv team xxv the junior consultant xxv the system administrator xxv Tasks check maintenance contracts 421 check uninterruptible power supply (UPS) 420 cleaning tape drive 419 multi-role 87
Index
743
operating system (OS) 412 post-client copy 664 review hardware or system monitor paging system 421 scheduled 63 scheduling IBM DB2 database 264 scheduling Microsoft SQL database 284 Temporary Sequential (TemSe) consistency check 74, 76 Temporary Sequential (TemSe) consistency check 409 TemSe 74 Time daylight savings, end 431 daylight savings, start 431 master clock 429 zone conversion table 430 TMS 76, 487 tp import all 488 Training classes 684 Transaction AL02 67 AL08 66, 70, 71, 91, 94, 147, 148, 149, 248, 250 DB02 74, 76, 77, 78, 259, 282, 531 DB12 44, 65, 260, 284, 291, 292, 459 DB13 43, 44, 47, 49, 264, 266, 268, 284, 293, 305, 311, 312, 315, 317, 321, 322, 326, 328, 355, 360, 459, 461 OS06 68, 71, 412 OS07 531, 532 OSS1 582 PA30 529 RZ01 70, 71, 442 RZ04 445, 446, 447, 449, 452 RZ10 79, 189, 608 RZ11 616 RZ20 65, 72, 75, 76, 106, 107, 119, 120, 143, 414, 415, 416 RZ21 726 SA38 83, 85, 215 SCC4 83, 85, 174, 175, 655 SCC5 665 SCC9 662 SCCL 659 SE01 488 SE03 83, 85, 174 SE09 488, 509 SE10 488, 490, 509
SE37 310 SE38 83, 85, 158, 215, 216 SECR 184, 196, 200 SM01 83, 85, 183 SM02 70, 91, 92, 155, 156 SM04 66, 71, 91, 94, 147, 148, 247, 248, 249 SM12 66, 72, 145, 146 SM13 66, 69, 72, 81, 136, 137, 147, 190, 516 SM19 206, 207 SM20 74, 203, 204 SM21 66, 69, 72, 88, 142, 152, 516 SM22 516 SM30 466, 470 SM31 79, 466, 470 SM33 71 SM35 67, 72, 443 SM36 431, 432 SM37 66, 70, 79, 80, 81, 91, 92, 95, 147, 222, 439, 666 SM50 65, 72, 91, 99, 147, 150, 151 SM51 65, 72, 91, 99, 147, 150, 426, 519 SM63 446, 454 SP01 67, 72, 74, 76, 394, 395, 397, 398, 401, 517 SP12 74, 409, 410 SPAD 388, 407 SPAM 621, 630, 633, 635, 640, 643 SSAA 132 ST02 67, 72, 529, 530 ST03 67, 73, 525, 529, 725 ST04 67, 73, 255, 278, 279, 303, 324, 329, 531 ST22 67, 73, 144, 152, 153 ST59 721 STMS 74, 76, 495 SU01 79, 81, 217, 222, 233, 234, 237, 241, 243, 244, 246 SU02 82 SU03 82 TP 74 VA01 529 VA02 529 VA03 529 VF01 529 VL01 529 Transaction logs, backup 38, 46 Transactions code switches 673 code tables 674
744
dangerous 674 in general 86, 178 recommended lock table 178 restricted access table 183 locked, listing 184 monitoring 136 performance impact 674 useful 673 Transport files cleaning out old 418 directory check 419 Transport Management System (TMS) documentation 487 import all requests 503 selected requests 499 transport request 498 in general 76 main screen 495 method 487, 495, 498 transport log 505 Transporting objects importing all requests 503 buffer 488 in general 508 selected requests 499 transport request using TMS 498 in general 486 managing transports 483 operating system (OS) method 487, 507 problem, if occurs 494 production system 486 releasing requests 490, 492 special transports 489, 495, 507 standard process 488 TMS documentation 487 main screen 495 method 487, 495, 498 transport log 505, 509 Troubleshooting analyze problems 517 basic techniques 516 document changes 517 error messages 517 evaluate alternatives 517
gathering data 516 in general 515 making changes 517 SAP patch level 518 support packages 520 Tune summary 67
U
Uninterruptible power supply (UPS) check 420 shutdown process 420 Unlocking logon 243 password resetting 242 service connection 585 transaction codes 83 Update terminates in general 136 looking for 66, 69 managing 139 problems with short dumps 139 user training 141 Upgrade hardware issues 717 performance 718 software issues 717 when not to 715 when to 716 Uploading support packages from CD 634 from web 635 in general 634 Upstream applications 32 User assumptions xxvi database level xxvi operating system level xxvi system xxvi the R/3 System level xxvi User administration 105, 219 active users 248 adding users 221 Central User Administratio (CUA) 162 change request form 224 changing jobs, users 221
Index
745
changing users 221 deleting user session 247 ID naming 221 in general 219 leaving, users 221 maintaining user 79, 241 new user setup 225 password resetting 242 policies and procedures 220 terminated employees 222 terminating session 248 user groups 220 Users 66 active 148 AL08 66, 70, 71, 94 check for validity 217 groups creating 246 in general 220, 245 recommendations 245 IDs 148, 188, 249 locking 85, 243 maintenance 79, 81, 241 new user setup copying an existing user 233 creating new user 237 in general 225, 233 installing SAP GUI 226 prerequisites 225 password resetting 242 Single-Sign On (SSO) 162 SM04 66, 70, 71, 94 SU01 79 super-users 222 unlocking 243 update terminates 141 Users,active 248
other 75 R/3 system 74 Work processes checking 65, 72 defining distribution 452 in general 150 with application servers 150 without application servers 151 Workbench organizer tools 83 Workload analysis 67, 73, 525
W
Web sites 692 Weekly tasks checklists database 74 notes 75 operating system 75
746
IF A TAX COMPLIANCE SYSTEM WORKS, BUT DOESNT WORK WITH YOUR SYSTEM, DOES IT STILL WORK?
Unfortunately, not every tax compliance solution is guaranteed to work well with your system. Vertex integrations, however, not only work with your system, but theyre also certified by SAP. And that provides a level of comfort and peace of mind that others cant. These integrations also allow you to be up and running faster and easier. And by automating the compliance process, youll save time so you can focus on more important things, such as strategic tax planning. We cant alleviate all your stress, but this is definitely a start. To find out more and to receive a free SAP Toolkit, visit www.vertexinc.com/sap.asp.
www.vertexinc.com
2001 Vertex Inc.
SALES AND USE TAX PROPERTY TAX PAYROLL TAX TELECOMMUNICATIONS TAX
2001 SAP AG; SAP is a registered trademark of SAP AG in Germany and several other countries.
Check out www.saplabs.com/simple to learn more about the SAP Made Easy guidebooks and other implementation accelerators.