System Administration Made Easy 71

Chapter 7: 8cheduled Ouarterly Tasks

Contents
Checklists ................................................................................................................72
R/3 Tasks .................................................................................................................74
Backups ....................................................................................................................74
Security .....................................................................................................................74
Database Tasks.......................................................................................................78
Performing a Database Test Restore .......................................................................78
Operating System Tasks........................................................................................79
Cleaning Out Old Transport Files .............................................................................79
Other Tasks ...........................................................................................................710
Checking Maintenance Contracts...........................................................................710
Check your UPS Shutdown Process ......................................................................711

Chapter 7: Scheduled Quarterly Tasks

Checklists
Release4.0B
72
Checklists
System: __________
Date: ____/____/____
Admin: _____________________
The R/3 8ystem
Task Transaction Procedure Check off/
initial
Archive quarterly backup Send quarter-end backup tapes to long-term
offsite storage.
SU01User
Maintenance
Review user ID for terminated users that
should be locked or deleted.
SM31Table
Maintenance
Review list of prohibited passwords (Table
USR40).
Security review
RZ10Edit
System
Profile
Review system profile parameters for
password standards.
Review scheduled jobs SM37
Background
Jobs
Review all scheduled jobs to determine if they
are still appropriate.
Database
Task Where Procedure Check off/
initial
Archive quarterly backup Send quarter-end backup tape to long-term
offsite storage.
Review all scheduled jobs Review all scheduled jobs to determine if they
are still appropriate.
Restore database to a test server. Test database recovery
process
Test the restored database.
Chapter 7: Scheduled Quarterly Tasks
Checklists
R/3 System Administration Made Easy
73
Operating 8ystem
Task Where Procedure Check off/
initial
Archive quarterly backup Send quarter-end backup tape to
long-term offsite storage.
Archive old transport files Transport directories;
log, data, cofiles
Archive the old transport files.
Cleanup SAPDBA logs SAPDBA cleanup Maintain init<SID>.dba
Other
Task Where Procedure Check-
off/initial
Check for expiration date. Check maintenance
contacts
Check for usage changes.
Notes
Problem Action Resolution
Chapter 7: Scheduled Quarterly Tasks
R/3 Tasks
Release4.0B
74
R/3 Tasks
Backups
< Make certain you get a usable backup at the quarters end.
< Send quarter-end backup tapes offsite for an extended period.
8ecurity
Review that All Named Users Are Valid
All users who have left the company should have their R/3 access terminated immediately.
By locking or deleting these user IDs, you limit access to only those users who should have
access to R/3. Periodic review assures the task of locking or deleting has been completed.
Proper audit control requires that a user who no longer has a valid business need to access
R/3 should not be allowed to keep that access.
Deleting or locking these user IDs also prevents anyone who had been using the terminated
user ID from accessing the system under that ID.
One of the audit procedures that your external auditors will use is to test whether a person
who does not need to access R/3 has a live user ID.
Reviewing Whether All Named Users Are Valid
Guided Tour
1. In the Command field, enter transaction SU01 and choose Enter
(or choose Tools Administration, then User maintenance Users).
2. Clear the User field.
3. Choose possible entries.
3
Chapter 7: Scheduled Quarterly Tasks
R/3 Tasks
R/3 System Administration Made Easy
75
4. Clear all fields.
5. Choose List Enter.
6. Review the active users.
Verify that the users are indeed
valid users.
7. This screen allows you to view the
Group that the user is in. If
maintained properly, groups are
an aid in determining active users.
In a large company, you should do a
random audit on at least 20 users, to
have a valid sample. The minimum
number should be determined by
your auditors.
For additional information on how to lock a user, see chapter 9, Nonscheduled Tasks User Administration
Tasks.
5
7
4
6
Chapter 7: Scheduled Quarterly Tasks
R/3 Tasks
Release4.0B
76
Eliminating 8ome Easy Passwords
What
There are certain passwords (for example, 123, QWERTY, abc, sex, sap, <your company name>)
that are well known or easy to guess by someone trying to break into the R/3 System. You
can prevent these passwords from being used by loading them into a table (USR40) that the
system checks when the user attempts to save a new password.
Why
A password is the key to enter the system, similar to the key to enter your home. If users
choose easy-to-guess or well-known passwords, security becomes an issue and your system
is potentially at risk.
Your external auditors may check to see if you have a mechanism to secure against users
using easy-to-guess passwords.
How
See chapter 9, the section Maintaining a Table of Prohibited Passwords; then in chapter 10, the
section Table Maintenance Using Transaction SM31.
Chapter 7: Scheduled Quarterly Tasks
R/3 Tasks
R/3 System Administration Made Easy
77
Reviewing Password 8tandards Using Transaction RZ10
What
There are security parameters for the users password (for example, the minimum password
length, the time interval that the user must change their password, and so on).
The following is a list of the most important password parameters:
< Minimum password length: login/min_password_lng
A longer password is more difficult to break or guess.
The standard for many companies is five (5) characters.
< Password expiration time: login/password_expiration_time
This is the length of time before the user must change their password.
The length of time most auditors recommend is thirty (30) days.
The maximum that should be used is ninety (90) days.
< Password lockout: login/fails_to_user_lock
This parameter locks out users after attempting to log in with an invalid password for a
defined number of times.
The standard is to lock a user after three (3) failed attempts.
Why
Properly assigned parameters make it more difficult to break into the system.
Your external auditors may check to see if you have set the security parameters.
How
To set up password parameters, maintain system profiles with transaction RZ10. See
chapter 11, the section Changing System Profile Parameters.
Chapter 7: Scheduled Quarterly Tasks
Database Tasks
Release4.0B
78
Database Tasks
Performing a Database Test Restore
What
A database test restore is a test in which the production database is restored onto another
server to test that the recovery process functions as intended.
Why
Periodically it is prudent to test the restore process to:
< Verify that backup tapes are being created properly.
If you cannot recover the full database using your regular backup tapes, you want to
know about it before you really need to restore the database.
< Find out if changes have been made which need to be accounted for in the disaster
recovery process.
Murphy says: When you need to restore, you will find that a backup tape is not usable.
How
See comments in chapter 3, Backup and Recovery. Because the restore process is a critical task,
you need to work with your consultants on this process.
Chapter 7: Scheduled Quarterly Tasks
Operating System Tasks
R/3 System Administration Made Easy
79
Operating 8ystem Tasks
Cleaning Out Old Transport Files
What
Transport files are used to transport or move SAP objects and customizing changes between
clients and systems.
Why
If left unchecked, transport files could gradually fill up the file system.
Operations may be affected because:
< Outbound R/3 System files may not be able to be created.
< Transport export may fail.
< Inbound files may not be createable.
In an extreme situation, if you run out of tablespace R/3 may stop, or you may have other
failures because R/3 or another application cannot write to the necessary files.
When
The transport directory check is important after a major implementation in which many
transports have been created and take up large amounts of space. Immediately before or
after performing a database copy, most (if not all) files dated prior to the copy will become
irrelevant to the system.
How
To complete a transport directory check:
1. Check the following directories under /usr/sap/trans:
Data
Cofiles
Log
2. Sort the directory by date to determine the age of files.
3. Archive obsolete files.
These are files created before a database refresh or those that have been applied
successfully to all target systems.
4. As an option, archive old transports to a backup media such as tape, optical, or CD.
Chapter 7: Scheduled Quarterly Tasks
Other Tasks
Release4.0B
710
Check both of the following:
< Hot package directory /usr/sap/trans/EPS/in
< Transport data directory /usr/sap/trans/data
Hot package files can be reloaded if needed and can be very large. For example, hot
package 10 for Release 4.0B is over 200MB.
Other Tasks
Checking Maintenance Contracts
What
Many of the servers and related equipment are under maintenance or service contracts with
the manufacturer or distributor.
< The production system and critical equipment should be under a premium
24 hour x 7 day (x 2 hour response) support agreement.
< Less critical equipment can be under a next business day support agreement.
Why
If you need support or service on a piece of equipment and the service contract has expired,
the confusion and time to reestablish the service contract could be critical.
What
Depending on the use of the equipment, the support level should be selected accordingly. If
a piece of equipment becomes critical to the companys operation, its support level should
be upgraded to reflect the critical nature of that equipment.
Conversely, equipment could become noncritical or be replaced. In this situation, the
service contracts should be downgraded or dropped as appropriate.
How
< Keep a list of service contracts.
Include what they are for and the expiration date in the list.
< Review equipment usage to determine if the support level for equipment should be
upgraded, downgraded, or dropped.
< Review the list for expiration dates within a quarter.
This time period depends on the time it takes to go through the purchase requisition and
approval process in your company.
< Renew service contracts.
Chapter 7: Scheduled Quarterly Tasks
Other Tasks
R/3 System Administration Made Easy
711
Check your UP8 8hutdown Process
What
Verify that your uninterruptible power supply (UPS) shutdown process works. A shutdown
process is an automated script for the UPS to shut down R/3, the database, other
applications, the operating system, and then the UPS itself.
Why
The purpose is to verify that the entire shutdown process works as planned and
documented.
When there is a power failure, the R/3 environment should be shut down in an orderly
manner. There should be sufficient reserve in the UPS to reach the end of the shutdown
process.
Something might have changed since your last test to cause the shutdown process to fail.
If it fails, you need to find out why and fix the problem.
The stopsap command does not work within all UPS control programs.
You need to verify that your UPS control program will properly stop R/3 and the database
before shutting down the server.
Like a car battery, UPS batteries wear out over time and must be replaced. If the battery
is worn out, the UPS will not have sufficient power to complete the shutdown process.
Chapter 7: Scheduled Quarterly Tasks
Other Tasks
Release4.0B
712