Professional Documents
Culture Documents
0LFURVRIW 64/6HUYHU
TM
&RS\ULJKW
2000 by SAP AG. All rights reserved.
Neither this documentation nor any part of it may be copied or reproduced in any form or by any means or
translated into another language, without the prior consent of SAP AG.
SAP AG makes no warranties or representations with respect to the content hereof and specifically disclaims
any implied warranties of merchantability or fitness for any particular purpose. SAP AG assumes no
responsibility for any errors that may appear in this document. The information contained in this document is
subject to change without notice. SAP AG reserves the right to make any such changes without obligation to
notify any person of such revision or changes. SAP AG makes no commitment to keep the information
contained herein up to date.
7UDGHPDUNV
SAP, the SAP logo, R/2, R/3, ABAP, and other SAP-related products mentioned herein are registered or
unregistered trademarks of SAP AG. All other products mentioned in this document are registered or
unregistered trademarks of their respective companies.
Simplification Group
SAP Labs, Inc.
3475 Deer Creek Road
Palo Alto, CA 94304
www.saplabs.com/simple
simplify-r3@sap.com
This book uses EcoFLEX lay-flat binding. With this lay-flat featuredeveloped by
and exclusively available at Johnson Printing Service (JPS)you can open this book
and keep it open without it snapping shut on you. You need not worry about
breaking the spine. EcoFLEX makes books like this one easier to use.
&RQWHQWVDWD*ODQFH
,QWURGXFWLRQ
[[L
&KDSWHU
56\VWHP$GPLQLVWUDWLRQ%DVLFV
&KDSWHU
'LVDVWHU5HFRYHU\
&KDSWHU
%DFNXSDQG5HFRYHU\
&KDSWHU
6FKHGXOHG'DLO\7DVNV
&KDSWHU
6FKHGXOHG:HHNO\7DVNV
&KDSWHU
6FKHGXOHG0RQWKO\7DVNV
&KDSWHU
6FKHGXOHG4XDUWHUO\7DVNV
&KDSWHU
6FKHGXOHG$QQXDO7DVNV
&KDSWHU
0XOWL5ROH7DVNV
,
iii
Contents at a Glance
iv
Release 4.6A/B
'HWDLOHG7DEOHRI&RQWHQWV
$FNQRZOHGJHPHQWV [L[
,QWURGXFWLRQ
[[L
Conventions........................................................................................................... xxvi
Special Icons...................................................................................................... xxvii
&KDSWHU
56\VWHP$GPLQLVWUDWLRQ%DVLFV
Overview............................................................................................................... 12
Roles of an R/3 System Administrator.............................................................. 12
Within R/3 .............................................................................................................. 12
External to R/3....................................................................................................... 13
Traits of an R/3 System Administrator.............................................................. 14
R/3 System Guidelines........................................................................................ 14
Protect the System ................................................................................................ 15
Do Not Be Afraid to Ask for Help........................................................................... 15
Network with Other Customers and Consultants.................................................. 16
Keep It Short and Simple (KISS)........................................................................... 17
Keep Proper Documentation................................................................................. 17
Use Checklists....................................................................................................... 18
Use the Appropriate Tool for the Job .................................................................... 19
Perform Preventive Maintenance.......................................................................... 19
Do Not Change What You Do Not Have To........................................................ 110
Do Not Make System Changes During Critical Periods...................................... 111
Do Not Allow Direct Database Access................................................................ 112
Keep all Non-SAP Activity Off the R/3 Servers................................................... 112
Minimize Single Points of Failure ........................................................................ 113
Corollaries to Murphys Law ............................................................................ 113
Special Definitions ............................................................................................ 114
Database server ................................................................................................... 114
Application server ................................................................................................. 114
Instance ................................................................................................................ 114
System.................................................................................................................. 114
&KDSWHU
'LVDVWHU5HFRYHU\
Overview............................................................................................................... 22
What Is a Disaster? ............................................................................................... 22
Why Plan for a Disaster? .................................................................................... 23
Planning for a Disaster ....................................................................................... 24
Creating a Plan...................................................................................................... 24
What Are the Business Requirements for Disaster Recovery? ............................ 24
Who will provide the requirements?.............................................................................. 24
What are the requirements?......................................................................................... 24
%DFNXSDQG5HFRYHU\
Overview............................................................................................................... 32
Restore ................................................................................................................. 32
Strategy ................................................................................................................. 32
Testing Recovery.................................................................................................... 33
Backup.................................................................................................................. 33
What to Backup and When ................................................................................... 33
Database ................................................................................................................ 33
Transaction Logs .................................................................................................... 35
Operating System Level Files................................................................................. 36
Backup Types........................................................................................................ 36
What Is Backed Up................................................................................................. 37
How the Backup Is Taken....................................................................................... 38
vi
Release 4.6A/B
Performance....................................................................................................... 320
Backup................................................................................................................. 320
Backup Options ................................................................................................... 321
Back Up to Faster Devices ................................................................................... 321
Parallel Backup..................................................................................................... 322
Backing Up to Disks, Then to Tape ...................................................................... 322
6FKHGXOHG'DLO\7DVNV
Overview............................................................................................................... 42
Critical Tasks ....................................................................................................... 43
The R/3 System.................................................................................................... 44
Database............................................................................................................... 46
Operating System................................................................................................ 46
Other ..................................................................................................................... 47
Notes..................................................................................................................... 47
The R/3 System.................................................................................................... 48
Critical Tasks ....................................................................................................... 49
Verify that R/3 Is Running ..................................................................................... 49
Verify that the Backups Ran Successfully ............................................................ 49
Users (Transaction AL08) ................................................................................... 410
OS Monitor (Transaction OS06).......................................................................... 411
Select Background Jobs/Graphical Job Monitor (Transaction SM37/RZ01)...... 411
CCMS Alert Monitor (Transaction RZ20) ............................................................ 411
Users (Transactions SM04) ................................................................................ 411
Lock Entry List (Transaction SM12).................................................................... 412
vii
vii
6FKHGXOHG:HHNO\7DVNV
The R/3 System.................................................................................................... 52
Database............................................................................................................... 53
Operating System................................................................................................ 53
Other ..................................................................................................................... 53
Notes..................................................................................................................... 54
Database Performance (Transaction DB02)......................................................... 54
CCMS Alert Monitor (Transaction RZ20) .............................................................. 54
Spool (Transaction SP01) ..................................................................................... 54
TemSe (Transaction SP12)................................................................................... 55
Transaction STMS (TMS System) ........................................................................ 55
&KDSWHU
6FKHGXOHG0RQWKO\7DVNV
The R/3 System.................................................................................................... 62
Database............................................................................................................... 62
Operating System................................................................................................ 63
Other ..................................................................................................................... 64
Notes..................................................................................................................... 65
Database Performance (Transaction DB02)......................................................... 65
&KDSWHU
6FKHGXOHG4XDUWHUO\7DVNV
The R/3 System.................................................................................................... 72
Database............................................................................................................... 73
Operating System................................................................................................ 73
Other ..................................................................................................................... 74
Notes..................................................................................................................... 74
Edit System Profile Parameters (Transaction RZ10)............................................ 74
Select Background Jobs (Transaction SM37)....................................................... 75
User Maintenance (Transaction SU01)................................................................. 75
&KDSWHU
6FKHGXOHG$QQXDO7DVNV
The R/3 System.................................................................................................... 82
Database............................................................................................................... 83
Operating System................................................................................................ 83
Other ..................................................................................................................... 84
Notes..................................................................................................................... 84
Transaction SA38/SE38 ........................................................................................ 84
Transaction SE03/SCC4 ....................................................................................... 84
Transaction SM01 ................................................................................................. 85
viii
Release 4.6A/B
&KDSWHU
0XOWL5ROH7DVNV
Starting the R/3 System ...................................................................................... 92
Start R/3NT ........................................................................................................ 93
Stopping the R/3 System.................................................................................... 95
Tasks to Be Completed Before Stopping the System........................................... 96
System Message (SM02) ....................................................................................... 96
Check that No Active Users Are on the System (AL08/SM04) .............................. 99
Check for Batch Jobs Running or Scheduled (SM37).......................................... 911
Check for Active Processes on All Systems (SM51)............................................ 915
Check for External Interfaces ............................................................................... 915
ix
ix
Audits.................................................................................................................. 114
Financial Audit..................................................................................................... 114
Security Audit ...................................................................................................... 115
Audit Considerations ........................................................................................... 115
Security Layers.................................................................................................. 116
Access Security ................................................................................................... 117
Physical Security .................................................................................................. 117
Network Security .................................................................................................. 118
Application Security .............................................................................................. 119
Release 4.6A/B
&KDSWHU 'DWDEDVH$GPLQLVWUDWLRQ0LFURVRIW64/6HUYHU
Overview............................................................................................................. 132
Starting and Stopping the Database ............................................................... 132
Starting the Database.......................................................................................... 132
Stopping the Database........................................................................................ 133
Database Performance ..................................................................................... 134
Overview.............................................................................................................. 134
Database Activity (ST04)..................................................................................... 134
Database Allocation (DB02)................................................................................ 137
Scheduling Database Tasks (DB13)................................................................ 139
xi
xi
xii
Release 4.6A/B
xiiixiii
xiv
Release 4.6A/B
xv
xv
xvi
Release 4.6A/B
Other....................................................................................................................... B5
White papers........................................................................................................... B5
SAPNet, Selected Items of Interest ........................................................................ B5
NT ........................................................................................................................B14
Backup.................................................................................................................. B14
Monitor.................................................................................................................. B14
Remote Control .................................................................................................... B15
Scheduler.............................................................................................................. B15
Spool Management .............................................................................................. B15
Other..................................................................................................................... B15
xvii
xvii
xviii
,
Release 4.6A/B
$FNQRZOHGJHPHQWV
The combined experience in SAP and general systems administration of those who contributed to this book
is measured in decades. I hope that I am able to share with you some of their wisdom.
I also wish to express appreciation to the following individuals who provided time, material, expertise, and
resources which helped make the Release 4.6A/B guidebook possible:
Customers and partners: Bill Robichaud, Bridgestone/Firestone; Chad Horwedel, XXX; Doris Steckel,
Agilent/HP; Gary Canez, Motorola; Hanumantha Kasoji, Celanese Acetate; John Blair, Steelcase; Joyce
Courtney, Infineon; Laura Shieh, John Muir Mt Diablo Health System; Kerry Ek, Finteck; Lynne Lollis,
e.coetry/Chaptec; Otis Barr, Ceridian; Paul Wiebe, TransAlta; Richard Doctor, Acuson; Sam Yamakoshi,
Timothy Rogers; Tony Schollum, Ernst & Young; Thomas Beam, NCUA; HP; Udesh Naicker, HP.
SAP AG: Andreas Graesser, Dr. Arnold Niedermaier, Dr. Carsten Thiel, Fabian Troendle, Georg Chlond,
Dr. Gert Rusch, Herbert Stegmueller, Joerg Schmidt, Dr. Meinolf Block, Michael Demuth, Michael Schuster,
Dr. Nicholai Jordt, Otto Boehrer, Rudolf Marquet, Stephen Corbett, Dr. Stefan Fuchs, Thomas Arend,
Thomas Besthorn, Dr. Uwe Hommel, Uwe Inhoff, and Dr. Wulf Kruempelman.
SAP America: Casper Wai-Fu Kan, Daniel Kocsis, Daniel-Benjamin Fig Zaidspiner, Jackie Wang, Lance
Pawlikowski, Maria Gregg, Sue McFarland.
SAP Labs: Dr. Arnold Klingert, Jaideep Adhvaryu, Jody Honghua Yang, John Wu, Kitty Yue, Nihad AlFtayeh, Peter Aeschlimann, Philippe Timothee, Dr. Thomas Brodkorb.
SAP UK: Peter Le Duc.
Contributing authors: Patricia Huang, SAP America; Jerry Forsey, SAP America.
QA testers: Brad Barnes, e.coetry; Claudia Helenius; Jeff Orr, Utilx; Lynne Lollis, e.coetry; Marc Punzalan,
Heat and Control; Patrick McShane, Bramasol.
Documentation and production: Rekha Krishnamurthy, John Kanclier, Kurt Wolf.
xix
xx xx
,QWURGXFWLRQ
&RQWHQWV
What Is This Guidebook About? ...........................................................................xxii
Who Should Read This Book?...............................................................................xxii
How to Use This Guidebook ..................................................................................xxv
Whats New ..............................................................................................................xxv
Special Icons .........................................................................................................xxvii
xxi
Introduction
What Is This Guidebook About?
:KDW,V7KLV*XLGHERRN$ERXW"
3KLORVRSK\
Release 4.6 of the System Administration Made Easy Guidebook continues in the direction of the
4.0 version. The primary focus is the importance of the on-going nature of system
administration. This book is written for an installed system, where all installation tasks have
been completed. Installation and related tasks, which are usually performed once, have not
been included in this guidebook.
2UJDQL]DWLRQ
We have tried to group items and tasks in job role categories, which allows this guidebook
to be a better reference book.
&RQWHQW
Real world practical advice from consultants and customers has been integrated into this
book. Because of this perspective, some of the statements in this book are blunt and direct.
Some of the examples we have used may seem improbable, but facts can be, and are,
stranger than fiction.
Because system administration is such a large area, it is difficult to reduce the volume to
what can be called Made Easy. Although material in this book has been carefully chosen, it
is by no means comprehensive. Certain chapters can be expanded into several books [two
examples are the chapters on disaster recovery (chapter 2) and security (chapter 11)].
:KDW,V1RW3URYLGHG
Although there are chapters on problem solving and basic performance tuning, these
chapters are only introductions to the subjects. This guidebook is not meant to be a trouble
shooting or performance tuning manual. Installation tasks are not presented. We assume
that your SAP consultant has completed these tasks.
:KR6KRXOG5HDG7KLV%RRN"
The target audience for this guidebook is:
xxiixxii
<
<
Introduction
Who Should Read This Book?
Senior consultants, experienced system administrators, and DBAs may find portions of this
guidebook very elementary, but hopefully useful.
3UHUHTXLVLWHV
To help you use this guidebook, and to prevent this guidebook from becoming as thick as
an unabridged dictionary, we defined a baseline for user knowledge and system
configuration. The two sections below (User and System) define this baseline. Review these
sections to determine how you and your system match. This book is also written with
certain assumptions about your knowledge level and the expectation that particular system
requirements have been met.
8VHU
We assume that you have a baseline knowledge of R/3, the operating system, and the
database. If you lack knowledge in any of the following points, we recommend that you
consult the many books and training classes that specifically address your operating system
and database.
You should know how to complete the following tasks at the:
<
<
<
Database level
Properly start and stop the database
Perform a backup of the database
R/3 runs on more than five different versions of UNIX. In many cases, significant
differences exist between these versions. These differences contributed to our decision to
not go into detail at the operating system level.
xxiii
xxiii
Introduction
Who Should Read This Book?
6\VWHP
For an ongoing productive environment, we assume that the:
<
<
The following checklist will help you determine if your system is set up to the baseline
assumptions of this book. If you can log on to your R/3 System, most of these tasks have
already been completed.
+DUGZDUH
<
<
6RIWZDUH
<
<
<
'HVNWRS
For optimal results, we recommend that the minimum screen resolution be set as follows:
<
<
For the system administrator, 1024 768 and a minimum color depth of 256 colors
The Release 4.6 GUI displays better with 64K colors.
xxiv
xxiv
Introduction
How to Use This Guidebook
+RZWR8VH7KLV*XLGHERRN
This guidebook is organized in the following fashion:
<
The first two chapters provide a high-level view of disaster recovery and backup and
recovery.
<
Chapters 4-8 are helpful checklists that help the system administrator complete various
tasks, including daily, weekly, and yearly.
These chapters also provide helpful transaction codes and where in the book these codes
are found.
<
<
The rest of the book covers subjects such as operations, troubleshooting, remote services,
change management, and SAPNet R/3Frontend (formerly known as OSS). The four
appendices cover useful transactions, other resources, SAPNet R/3Frontend notes, and a
discussion on upgrades.
2UJDQL]DWLRQ
All the task procedures are classified in one section and by job roles, where related tasks are
placed together. Regardless of the job schedule, all jobs related to a job role are grouped in
one place.
:KDWV1HZ
This guidebook evolved from the previous versions of this guidebook and incorporates
customer and consultant comments. Send us your comments, so we can make future
versions better meet your needs.
&RQWHQW
The new features of the Release 4.6 guidebook are:
<
<
xxv
xxv
Introduction
Whats New
The procedures to perform regularly-scheduled tasks have been moved to the Roles section.
The unscheduled tasks section from the 4.0B guidebook has become a role-oriented section.
This change accommodates customers who perform scheduled tasks at times other than the
times presented in this guidebook. Therefore, all the task procedures are classified in one
section and by job roles, where related tasks are placed together. Regardless of the job
schedule, all jobs related to a job role are grouped in one place.
&RQYHQWLRQV
In the table below, you will find some of the text conventions used throughout this guide.
Column Title
Column Title
Sans-serif italic
Monospace
Name1 Name2
Menu Bar
Standard Toolbar
Screen Title
Application Toolbar
User menu
SAP standard menu
Workplace Menu
Workplace
Status Bar
Application toolbar:
xxvi
xxvi
Introduction
Special Icons
The screenshots shown in this guide are based on full user authorization (SAP_ALL).
Depending on your authorizations, some of the buttons on your application toolbar may
not be available.
Workplace menu:
Depending on your authorizations, your workplace menu may look different from
screenshots in this guide which are based on SAP_ALL. The User menu and SAP standard
menu buttons provide different views of the workplace menu.
To learn how to build user menus, see Authorizations Made Easy guidebook Release
4.6A/B.
1RWH In this guidebook, we show the technical names of each transaction. To match our
settings, choose Extras Settings and select Show technical names.
6SHFLDO,FRQV
Throughout this guide special icons indicate important messages. Below are brief
explanations of each icon:
Exercise caution when performing this task or step. An explanation of why you should be
careful is included.
This information helps you understand the topic in greater detail. It is not necessary to
know this information to perform the task.
These messages provide helpful hints and shortcuts to make your work faster and easier.
xxvii
xxvii
Introduction
Special Icons
xxviii
xxviii
&KDSWHU 56\VWHP$GPLQLVWUDWLRQ
%DVLFV
&RQWHQWV
Overview ..................................................................................................................12
Roles of an R/3 System Administrator .................................................................12
Traits of an R/3 System Administrator .................................................................14
R/3 System Guidelines ...........................................................................................14
Corollaries to Murphys Law................................................................................113
Special Definitions ................................................................................................114
11
2YHUYLHZ
This chapter is about the roles that a system administrator plays. These roles cross all
functional areas, and the number and intensity of the tasks depends on the size of the
company. In a small company, one person can be the entire system administration
department. In a larger company, however, this person is probably part of a team. The
purpose of this definition is to help clarify the roles of a system administrator. This
chapter is a list of commonly used system administration terms and their definitions.
At the end of this chapter is a list of 14 R/3 System guidelines, which a system administrator
must be aware of while working with the system.
Sample guidelines include:
<
<
Use checklists
<
5ROHVRIDQ56\VWHP$GPLQLVWUDWRU
Depending on the size of the company and available resources, R/3 administrator(s) may
range from one person to several specialized people in several departments.
Factors that affect an R/3 system administrators tasks, staffing, and roles:
<
Company size
<
<
The R/3 system administrator may wear many hats both in or directly related to, R/3 and
indirectly or external to R/3.
:LWKLQ5
<
User administrator
Set up and maintain user accounts
<
12
Security administrator
Create and maintain SAP security profiles
Monitor and manage security access and violations
Release 4.6A/B
<
System administrator
Maintain the systems health
Monitor system performance and logs
<
Transport administrator
Transport changes between systems
Manage change requests
<
Batch scheduler
Create and manage the scheduling of batch jobs
<
Backup operator
Schedule, run, and monitor backup jobs of the SAP database and any required operating
system level files
<
<
Programmer
Apply SAPNet R/3 note fixes to programs
<
<
([WHUQDOWR5
<
<
<
<
<
Desktop support
Supports the users desktop PC
<
Printers
<
Facilities
Manages facilities-related support issues, such as:
Power/utilities
Air conditioning (cooling)
13
7UDLWVRIDQ56\VWHP$GPLQLVWUDWRU
An R/3 system administrator should:
<
<
Be technically competent
When necessary, the company must invest in training for the Basis staff.
You must also take responsibility for your own training and education, whether
your company pays for it or not.
<
Be a team-player
The system administrator will have to work with various functional groups, users, the IS
staff, and others to successfully complete the necessary tasks.
56\VWHP*XLGHOLQHV
When working on an R/3 System:
14
<
<
<
<
<
<
<
<
<
<
<
<
<
Release 4.6A/B
3URWHFWWKH6\VWHP
:KDW
<
<
If the system cannot be recovered after a disaster, your company could be out of
business.
+RZ
<
<
<
'R1RW%H$IUDLGWR$VNIRU+HOS
:K\
<
R/3 is so large and complex that one person cannot be expected to know everything.
If you are unsure which task to complete or how to complete it, you could make a
mistake and cause a larger problem.
<
<
+RZ
<
<
<
Consultants
Also see the section in this chapter that covers networking with other customers and
consultants.
15
1HWZRUNZLWK2WKHU&XVWRPHUVDQG&RQVXOWDQWV
:KDW
Get to know the R/3 Basis and system administrators in other companies.
:K\
<
<
<
The more people you know, the better your chances of finding someone to help you
solve a problem.
:KHQ:KHUHDQG+RZ
Other SAP customers and consultants, especially those in your specialty area
Others using your operating system or database
Where to network:
<
Training classes
<
SAP events
Technical Education Conference (TechEd)
SAPPHIRE
Participate in user groups:
Americas SAP Users Group (ASUG)
Regional SAP users groups
Database user groups, such as those for Microsoft SQL Server, Informix, DB2, or
Oracle
Operating system user groups, such as those for UNIX (the various versions), NT, or
IBM (AIX, AS400, or OS390)
<
<
Participation means getting involved in the organization. The more you participate, the
more people you meet and get to know.
<
<
16
Release 4.6A/B
.HHS,W6KRUWDQG6LPSOH.,66
:K\
<
<
<
Explaining a complex task on the telephone increases the chance that what is said will
not be properly understood and an error will be made. If the error is severe, you may
have a disaster on your hands.
+RZ
<
<
.HHS3URSHU'RFXPHQWDWLRQ
:KDW
<
<
If you violate the KISS principle, complete documentation becomes even more
important.
<
<
If you are sick or unavailable, complete documentation can help someone else do the
job.
<
If changes need to be undone, you will know exactly what needs to be done to complete
this task.
<
17
:KHQ
<
<
Problems, such as hardware failures, error log entries, and security violations, occur.
<
Record everything done to the system, as it is being done, so details are not forgotten.
<
Document items clearly and sufficiently so that, without assistance, a qualified person
can read what you have written and perform the task.
<
Re-read older documentation to see where improvements can be made. Obvious items
get fuzzy over time and are no longer obvious.
<
:KHUH
<
Keep a log (notebook) on each server and record everything that you do on the servers.
<
<
8VH&KHFNOLVWV
:KDW
A checklist lists the steps required to complete a task. Each step requires an
acknowledgement of completion (a check) or an entry (date, time, size, etc.).
:K\
<
Checklists enforce a standardized process and reduce the chance that you will overlook
critical steps.
For example, if you were to use a checklist every time you drive a car, then you would
remember to turn off your headlights when you park your car, or you would not drive
off with your parking brake still set.
<
18
Checklists force you to document events, such as run times, which may later become
important.
Release 4.6A/B
:KHQ
Complex or critical
If a step is missed or done incorrectly, the result could be serious (for example, inability
to restore the database).
<
<
Done infrequently
It is difficult to remember how to do a complicated task that you do only once a year.
+RZ
8VHWKH$SSURSULDWH7RROIRUWKH-RE
Sometimes a low-tech solution is best. Depending on the situation, a paper-and-pencil
solution may work better and be more cost effective than a computerized solution. Paper
and pencil still works during a power failure.
3HUIRUP3UHYHQWLYH0DLQWHQDQFH
:KDW
<
<
It is less disruptive and stressful if you can plan a convenient time to do a task, rather
than have it develop into an emergency situation.
Fix a potential problem before it negatively impacts the system and company
operations.
An extreme situation is that the entire system is down until a particular task is
completed (for example, if the log file space goes down to zero (0), the database will
stop, and then R/3 also stops. Until sufficient file space is cleared, R/3 will not run and
certain business operations, such as shipping, may stop).
:KHQ
<
<
Scheduling tasks to fix a problem should be based on your situation, and when least
disruptive to your users.
+RZ
<
<
<
<
19
'R1RW&KDQJH:KDW<RX'R1RW+DYH7R
:KDW
<
<
:K\
<
Risk
When something changes, there is a chance that something else may break.
<
Cost
Upgrading is expensive in terms of time, resources, and consulting, etc.
:KHQ
<
<
<
<
The new release offers a specific functionality that offers added business value to your
company.
<
+RZ
<
If the change fails or causes problems, make certain you can recover to a before-thechange condition.
<
All changes must be regression tested to make sure that nothing else has been affected
by the change. In other words, everything still works as it is supposed to.
Regression testing of R/3 involves the functional team and users.
<
110
Release 4.6A/B
By the time you reach the production system, you should be comfortable that nothing
will break.
'R1RW0DNH6\VWHP&KDQJHV'XULQJ&ULWLFDO3HULRGV
:KDW
A critical period is when system disruptions could cause severe operational problems.
:K\
If a problem occurs during a critical period, the business maybe severely impacted.
Note the following sequence of events:
1. A system administrator changes a printer in Shipping at the end of the month.
2. R/3 cannot send output to the new printer.
3. The users cannot print shipping documents.
4. The company cannot ship their products.
5. Revenue for the month is reduced.
:KHQ
A critical period is any time where the users and the company may be severely impacted
by a system problem. These periods differ depending on the particular industry or
company. What is a critical period for one company may not be critical for another
company.
The following are real examples of critical periods:
<
At end of the month, when Sales and Shipping are booking and shipping as much as
they can, to maximize revenue for the month
<
At the beginning of the month, when Finance is closing the prior month
<
During the last month of the year, when Sales and Shipping are booking and shipping as
much as they can, to maximize the revenue for the year
<
During the beginning of the year, when Finance is closing the books for the prior year
and getting ready for the financial audit
+RZ
<
<
Plan all potentially disruptive systems-related activities during quiet periods when a
problem will have minimal user impact.
111
'R1RW$OORZ'LUHFW'DWDEDVH$FFHVV
:KDW
Direct database access means allowing a user to run a query or update directly to the
database without going through R/3.
:K\
<
By not going through R/3, there is the risk of corrupting the database.
<
Directly updating the database could put the database out of sync with the R/3 buffers.
+RZ
<
<
When R/3 writes to the database, it could be writing to many different tables.
If a user writes directly to the tables, missing a single table may corrupt the database by
putting the tables out of sync with each other.
With direct database access, a user could accidentally execute an update or delete, rather
than a read.
.HHSDOO1RQ6$3$FWLYLW\2IIWKH56HUYHUV
:KDW
< Do not allow users to directly access (telnet, remote access, etc.) the R/3 server(s).
< Do not use the R/3 server as a general file server.
< Do not run programs that are not directly related to R/3 on an R/3 server.
:K\
<
Security
Not allowing users to have access to the R/3 server reduces the chance of files from
being accidentally deleted or changed.
No access also means that user cannot look at confidential or sensitive information.
<
Performance
Using the production R/3 sever as a file server creates resource contention, where
performance is a primary concern. Programs running on the R/3 servers will contend
for the same resources that R/3 is using, which affects the performance of R/3.
+RZ
112
Release 4.6A/B
0LQLPL]H6LQJOH3RLQWVRI)DLOXUH
:KDW
A single-point failure is when the failure of a single component, task, or activity causes the
system to fail or creates a critical event.
:K\
Each place where a single-point failure could occur increases the chances of a system failure
or other critical event.
For example, if:
<
You only have one tape drive and it fails, you cannot back up your database.
<
You rely on utility line power, and do not have a UPS, the server will crash during a
power failure and possibly corrupt the database.
<
You are the only one who can complete a task, and you are on vacation, the task will not
be completed until you return (or you will be on call while on vacation).
<
On-hand spares
<
Sufficient personnel
<
On-call consultants
<
Cross-training
<
Outsourcing
&RUROODULHVWR0XUSK\V/DZ
Murphys Law states: Whatever can go wrong will go wrong.
The following are some corollaries to Murphys Law:
<
Without telling you, someone will change something in the infrastructure and crash the
system.
<
When the power fails, you find out that the battery in your UPS is dead.
<
<
The one thing that you did not test is where the problem is.
<
Someone will need a network jumper cable, and will remove it from your server.
<
<
<
<
113
<
<
The one time you did not check the backup log will be the time when the backup fails.
<
<
<
What you did not write down, and forgot, is what you need to know.
<
<
<
<
When you need to send an alpha page, a link in the e-mail system will fail.
<
When a disaster strikes, and you need to be found, you will be out of the pager or cell
phone coverage area.
<
When a disaster strikes, and you need to be contacted, the battery in your pager or cell
phone will be dead.
6SHFLDO'HILQLWLRQV
There are terms used in this guidebook that have very specific meanings. To prevent
confusion, they are defined below:
'DWDEDVHVHUYHU
This is where R/3 and the database resides.
The system clock of the database server is the master clock for the R/3 system.
$SSOLFDWLRQVHUYHU
This is where R/3 application runs.
On a two-tiered system, this would be combined on the database server. Application
servers can be dedicated to online users, batch processing or a mix.
,QVWDQFH
An installation of R/3 on a server.
The two types of instances are central, and dialog. More than one instance could exist on a
physical server.
6\VWHP
The complete R/3 installation for a System ID (SID), for example PRD.
A system logically consists of the R/3 central instance and dialog instances for the SID. This
physically consists of the database server and application servers for that SID.
114
Release 4.6A/B
Layers
Physical Devices
R/3 Instance
Presentation
Desktop PCmany
N/A
SAP GUI
Application
Application Server
Dialog
R/3
Central
Database: SQL
Server, DB2,
Informix, ADABAS,
Oracle
N/A many
Database
Database server
only one
A two-tiered configuration combines the application and database layers on a single server.
115
116
Release 4.6A/B
&KDSWHU 'LVDVWHU5HFRYHU\
&RQWHQWV
Overview ..................................................................................................................22
Why Plan for a Disaster?........................................................................................23
Planning for a Disaster...........................................................................................24
Test your Disaster Recovery Procedure ............................................................215
Other Considerations ...........................................................................................216
Minimizing the Chances for a Disaster ...............................................................217
21
2YHUYLHZ
The purpose of this chapter is to help you understand what we feel is the most critical job of
a system administratordisaster recovery.
We included this chapter at the beginning of our guidebook for two reasons:
<
<
:KDW,VD'LVDVWHU"
The goal of disaster recovery is to restore the system so that the company can continue
doing business. A disaster is anything that results in the corruption or loss of the R/3
System.
Examples include:
< Database corruption.
For example when test data is accidentally loaded into the production system.
This happens more often than people realize.
<
<
22
prepare, test, and refine. The plan could fill many volumes. This chapter helps you start
thinking about and planning for disaster recovery.
:K\3ODQIRUD'LVDVWHU"
<
A system administrator should expect and plan for the worst, and then hope for the best.
<
During a disaster recovery, nothing should be done for the first time.
Unpleasant surprises could be fatal to the recovery process.
<
How much lost revenue and cost will be incurred for each hour that the system is down?
<
<
<
How long can the system be down before the company goes out of business?
<
<
<
<
How long will it take before the R/3 System is available for use?
If you plan properly, you will be under less stress, because you know that the system can be
recovered and how long this recovery will take.
If the recovery downtime is unacceptable, management should invest in:
<
<
23
3ODQQLQJIRUD'LVDVWHU
This chapter is not a disaster recovery how to. It is only designed to get you thinking
and working on disaster recovery.
&UHDWLQJD3ODQ
Creating a disaster recovery plan is a major project because:
<
It can take over a year and considerable time to develop, test, and document.
<
If you do not know how to plan for a disaster recovery, get the assistance of an expert. A
bad plan (that will fail) is worse than no plan, because it provides a false sense of security.
:KDW$UHWKH%XVLQHVV5HTXLUHPHQWVIRU'LVDVWHU5HFRYHU\"
Who will provide the requirements?
< Senior management needs to provide global (or strategic) requirements and guidelines.
<
<
<
<
24
([DPSOH
([DPSOH
What: The system cannot be offline for more than three hours.
Why: The cost (an average of $25,000 per hour) is the inability to book sales.
([DPSOH
What: In the event of disaster, such as the loss of the building containing the R/3
data center, the company can only tolerate a two-day downtime.
Why: At that point, permanent customer loss begins.
Other: There must be an alternate method of continuing business.
:KHQ6KRXOGD'LVDVWHU5HFRYHU\3URFHGXUH%HJLQ"
Ask yourself the following questions:
<
<
<
The person must be aware of the effect of the disaster on the companys business and the
critical nature of the recovery.
([SHFWHG'RZQWLPHRU5HFRYHU\7LPH
([SHFWHG'RZQWLPH
Expected downtime is only part of the business cost of disaster recovery. For defined
scenarios, this cost is the expected minimum time before R/3 can be productive again.
Downtime may mean that no orders can be processed and no products shipped.
Management must approve this cost, so it is important that they understand that downtime
are potential business costs.
To help business continue, it is important to find out if there are alternate processes that can
be used while the R/3 System is being recovered.
25
<
A downed system is more expensive during the business day when business activity
would stop than at the end of the business day when everyone has gone home.
<
The duration of acceptable downtime depends on the company and the nature of its
business.
5HFRYHU\7LPH
Unless you test your recovery procedure, the recovery time is only an estimate, or worse, a
guess. Different disaster scenarios have different recovery times, which are based on what
needs to be done to become operational again.
The time to recover must be matched to the business requirements. If this time is greater
than the business requirements, the mismatch needs to be communicated to the appropriate
managers or executives.
Resolving this mismatch involves:
<
<
Changing the business requirements to accept the longer recovery time and accepting
the consequences.
An extreme (but possible) example: A company cannot afford the cost and lost revenue for
the month it would take one person to recover the system. During that time, the competition
would take away customers, payment would be due to vendors, and bills would not be
collected. In this situation, senior management needs to allocate resources to reduce the
recovery time to an acceptable level.
5HFRYHU\*URXSDQG6WDIILQJ5ROHV
There are four key roles in a recovery group. The number of employees performing these
roles will vary depending on your company size. In a smaller company, for example, the
recovery manager and the communication liaison could be the same person. Titles and tasks
will probably differ based on your companys needs.
We defined the following key roles:
<
Recovery manager
Manages the entire technical recovery. All recovery activities and issues should be
coordinated through this person.
<
Communication liaison
Handles user phone calls and keeps top management updated with the recovery status.
One person handling all phone calls allows the group doing the technical recovery to
proceed without interruptions.
26
<
<
To reduce interruption of the recovery staff, we recommend you maintain a status board.
The status board should list key points in the recovery plan and an estimate of when the
system will be recovered and available to use.
<
If the disaster is a major geographical event (like an earthquake), your local staff will be
more concerned with their familiesnot the company.
<
You should expect and plan for these situations. Plan for staff from other geographic sites
to be flown in and participate as disaster recovery team members.
A final staffing role is to plan for at least one staff member to be unavailable. Without this
person, the rest of the department must be able to perform a successful recovery. This issue
may become vital during an actual disaster.
7\SHVRI'LVDVWHU5HFRYHU\
Disaster recovery scenarios can be grouped into two types:
<
Onsite
<
Offsite
2QVLWH
Onsite recovery is disaster recovery done at your site. The infrastructure usually remains
intact. The best case scenario is a recovery done on the original hardware. The worst case
scenario is a recovery done on a backup system.
2IIVLWH
Offsite recovery is disaster recovery done at a disaster recovery site. In this scenario, all
hardware and infrastructure are lost as a result of facility destruction such as a fire, a flood,
or an earthquake. The new servers must be configured from scratch.
A major consideration is that once the original facility has been rebuilt and tested, a second
restore must take place back to the customers original facility. While this second restore can
be planned and scheduled at a convenient time to disrupt as few users as possible. The
timing is just as critical as the disaster. While the system is being recovered, it is down.
27
'LVDVWHU6FHQDULRV
There are an infinite number of disaster scenarios that could occur. It would take an infinite
amount of time to plan for them, and you will never account for all of them. To make this
task manageable, you should plan for at least three and no more than five scenarios. In the
event of a disaster, you would adapt the closest scenario(s) to the actual disaster.
The disaster scenarios are made up of:
<
<
<
7KUHH&RPPRQ'LVDVWHU6FHQDULRV
The following three examples range from a best-to-worst scenario order:
The downtimes in the examples below are only samples. Your downtimes will be different.
You must replace the sample downtimes with the downtimes applicable to your
environment.
$&RUUXSW'DWDEDVH
<
<
<
$+DUGZDUH)DLOXUH
<
28
<
<
$&RPSOHWH/RVVRU'HVWUXFWLRQRIWKH6HUYHU)DFLOLW\
<
<
A complete loss of the facility can result from the following types of disasters:
Fire
Earthquake
Flood
Hurricane
Tornado
Man-made disasters, such as the World Trade Center bombing
Such a disaster requires:
Replacing the facilities
Replacing the infrastructure
Replacing lost hardware
Rebuilding the server and R/3 environment (hardware, operating system, database,
etc.)
Recovering the R/3 database and related files
<
<
Two days to rebuild the NT server (one person); 16 hours actual work time
As the hardware is procured and the server is being rebuilt, an alternate facility is
obtained and an emergency (minimal) network is constructed
One day to integrate into the emergency network
29
<
5HFRYHU\6FULSW
:KDW
<
<
:K\
<
If the primary recovery person is unavailable, a recovery script helps the backup person
complete the recovery.
&UHDWLQJD5HFRYHU\6FULSW
Creating a recovery script requires:
<
<
<
5HFRYHU\3URFHVV
To reduce recovery time, define a process by:
<
<
0DMRU6WHSV
1. During a potential disaster, anticipate a recovery by:
<
Collecting facts
<
<
Recalling the crash kit (see page 211 for more information).
<
210
<
<
<
<
What are the criteria to declare a disaster, and have they been met?
<
&UDVK.LW
:KDW
<
Reinstall R/3
<
:K\
During a disaster, everything that is needed to recover the R/3 environment is contained in
one (or a few) containers. If you have to evacuate the site, you will not have the time to run
around, gathering the items at the last minute, hoping that you get everything you need.
In a major disaster you may not even have that opportunity.
211
:KHQ
When a change is made to a component (hardware or software) on the server, replace the
outdated items in the crash kit with updated items that have been tested.
A periodic review of the crash kit should be performed to determine if items need to be
added or changed. A service contract is a perfect example of an item that requires this type
of review.
:KHUHWR3XWWKH&UDVK.LW
The crash kit should be physically separated from the servers. If it is located in the server
room, and the server room is destroyed, this kit is lost.
Some crash kit storage areas include:
<
<
<
+RZ
The following is an inventory list of some of the major items to put into the crash kit. You
will need to add or delete items for your specific environment. This inventory list is
organized into the following categories:
<
Documentation
<
Software
'RFXPHQWDWLRQ
An inventory of the crash kit should be taken by the person who seals the kit. If the seal is
broken, items may have been removed or changed, making the kit useless in a recovery.
The inventory list below must be signed and dated by the person checking the crash kit. The
following documentation must be included in the crash kit:
212
<
<
<
<
Copies of:
SAP license for all instances
Service agreements (with phone numbers) for all servers
Ensure that maintenance agreements are still valid and check if the agreements expired.
These should be part of a regular schedule task.
<
<
<
A parts list
If the server is destroyed, this list should be in sufficient detail to purchase or lease
replacement hardware. Over time, if original parts are no longer available, an alternate
parts list will have to be prepared. At this point, you might consider upgrading the
equipment.
<
<
Hardware layout
You need to know which:
Cards go in which slots
Cables go where (connector-by-connector)
Labeling cables and connectors greatly reduces confusion
<
6RIWZDUH
<
Operating system:
Installation kit
Drivers for hardware, such as a Network Interface Card (NIC) or a SCSI
controller, which are not included in the installation kit
Service packs, updates, and patches
213
<
<
<
<
Database:
Installation kit
Service packs, updates, and patches
Recovery scripts, to automate the database recovery
For R/3:
Installation kit
Currently installed kernel
System profile files
tpparam file
saprouttab file
saplogon.ini
Other R/3 integrated programs (for example, a tax package)
Other software for the R/3 installation:
Utilities
Backup
UPS control program
Hardware monitor
FTP client
Remote control program
System monitor
%XVLQHVV&RQWLQXDWLRQ'XULQJ5HFRYHU\
Business continuation during a recovery is an alternate process to continue doing business
while recovering from a disaster. It includes:
<
Cash collection
<
Order processing
<
Product shipping
<
Bill paying
<
Payroll processing
<
:K\
214
<
<
<
+RZ
Manual paper-based
<
2IIVLWH'LVDVWHU5HFRYHU\6LWHV
<
<
<
,QWHJUDWLRQZLWK\RXU&RPSDQ\V*HQHUDO'LVDVWHU3ODQQLQJ
Because there are many dependencies, the R/3 disaster recovery process must be integrated
with your companys general disaster planning. This process includes telephone, network,
product deliveries, mail, etc.
:KHQWKH56\VWHP5HWXUQV
How will the transactions that were handled with the alternate process be entered into R/3
when it is operational?
7HVW\RXU'LVDVWHU5HFRYHU\3URFHGXUH
Unless you test your recovery process, you do not know if you can actually recover
your system.
A test is a simulated disaster recovery which verifies that you can recover the system and
exercise every task outlined in the disaster recovery plan.
<
The information that is clear to the person documenting the procedure may be
unclear to the person reading the procedure.
Older hardware is no longer available
Here, alternate planning is needed. You may have to upgrade your hardware to be
compatible with currently available equipment.
Since many factors affect recovery time, actual recovery times can only be determined by
testing. Once you have actual times (not guesses or estimates), your disaster planning
215
becomes more credible. If the procedure is practiced often, when a disaster occurs, everyone
will know what to do. This way, the chaos of a disaster will be reduced.
+RZ
<
The disaster recovery test should be done at the same site that you expect to recover.
If you have multiple recovery sites, perform a test recovery at each site. The
equipment, facilities, and configuration may be different at each site. Document
all specific items that need to be completed for each site. You do not want
to discover that you cannot recover at a site after a disaster occurs.
<
<
<
<
:KR6KRXOG3DUWLFLSDWH
<
Primary and backup personnel who will do the job during a real disaster recovery
A provision should be made that some of the key personnel are to be unavailable during
a disaster recovery. A test procedure might involve randomly picking a name and
declare that person unavailable to participate. This procedure duplicates a real situation
in which a key person is seriously injured or killed.
<
2WKHU&RQVLGHUDWLRQV
2WKHU8SVWUHDPRU'RZQVWUHDP$SSOLFDWLRQV
For the company to function, other up (or down) stream applications also need to be
recovered with R/3. Some of these applications may be tightly associated with R/3. The
applications should be accounted for and protected in the company-wide disaster recovery
planning.
216
Applications located on only one persons desktop computer must be backed up to a safe
location.
%DFNXS6LWHV
Having a contract with a disaster recovery site does not guarantee that the site will be
available. In a regional disaster, such as an earthquake or flood, many other companies will
be competing for the same commercial disaster sites. In this situation, you may not have a
site to recover to, if others have booked it before you.
The emergency backup site may not have equipment of the same performance level as your
production system. Reduced performance and transaction throughput must be considered.
Examples:
<
<
Only essential business tasks will be done while on the recovery system
0LQLPL]LQJWKH&KDQFHVIRUD'LVDVWHU
There are many ways to minimize chances for a disaster. Some of these ideas seem obvious,
but it is these ideas that are often forgotten.
0LQLPL]H+XPDQ(UURU
Many disasters are caused by human error, such as a mistake or a tired operator. Do not
attempt dangerous tasks when you are tired. If you have to do a dangerous task, get a
second opinion before you start.
<
Dangerous tasks should be scripted and checkpoints included to verify the steps.
Such tasks include:
Deleting the test database
Check that the delete command specifies the Test, not the
Production, database.
Moving a file
Verify that the target file (to be overwritten) is the old, not the new, file.
Formatting a new drive
Verify that the drive to be formatted is the new drive, not an existing drive with data
on it.
217
0LQLPL]H6LQJOH3RLQWVRI)DLOXUH
A single-point failure is when the failure of one component causes the entire system to fail.
To minimize single-point failure:
<
<
<
The backup R/3 server is located in the same data center as the production R/3 server.
If the data center is destroyed, the backup server is also destroyed.
<
&DVFDGH)DLOXUHV
A cascade failure is when one failure triggers additional failures, which increases the
complexity of a problem. The recovery involves the coordinated fixing of many problems.
([DPSOH $&DVFDGH)DLOXUH
1. A power failure in the air conditioning system causes an environmental (air
conditioning) failure in the server room.
2. Without cooling, the temperature in the server room rises above the equipments
acceptable operating temperature.
3. The overheating causes a hardware failure in the server.
4. The hardware failure causes a database corruption.
In addition, overheating can damage many things, such as:
Network equipment
Phone system
Other servers
<
In this case, a system that monitors the air conditioning system or the temperature in the
server room could alert the appropriate employees before the temperature in the server
room becomes too hot.
218
&KDSWHU %DFNXSDQG5HFRYHU\
&RQWHQWV
Overview ..................................................................................................................32
Restore.....................................................................................................................32
Backup .....................................................................................................................33
Tape Management.................................................................................................313
Performance ..........................................................................................................320
Useful SAP Notes..................................................................................................324
31
2YHUYLHZ
The most important aspect of a technical implementation is establishing an effective backup
and recovery strategy. This process entails a restore of all, or part, of the database after
hardware or software errors and a recovery during which the system is updated to a point
just before the failure. There are many situations other than disk failures that may require a
restore and recovery.
Your backup strategy should be as uncomplicated as possible. Complications in backup
strategy can create difficult situations during restoration and recovery. Procedures, problem
identification, and handling must be well documented so all individuals clearly understand
their roles and required tasks. This strategy should also not adversely impact daily business.
This chapter discusses backup and restore of your system. The details of a specific database
are covered in the database administration chapter(s). The information in this chapter will
help you better understand the concepts that enhance your operating environment and
access the methods that best suit your needs.
5HVWRUH
Usually a restore is done to:
<
<
<
(For additional details on the first two items, see chapter 2; and for details on the last item,
see chapter 23.)
The business requirement for speed in a restore is driven by the need to get the system
quickly operational after a disaster. This way, the company can continue to do business.
6WUDWHJ\
Business recovery time is the result of the time needed to:
<
<
<
32
<
<
<
<
<
Budget
Release 4.6A/B
The actual process to restore R/3 and the database will not be covered in this book. This
critical task has specific system dependencies, and we leave it to a specialist to teach. If a
restore must be done, contact a specialist or your Basis consultant. Work with your DBA or
consultant to test and document the restore process for your system. With proper training,
you should be able to do the restore.
If the restore is not done properly and completely, it could fail and must be restarted, or be
missing other files. There may be special data that you must record about your database to
recover it. Work with your specialist to identify and document this data.
7HVWLQJ5HFRYHU\
Since the restore procedure is one of the key issues of the R/3 System, database recovery
must be regularly maintained and tested. See chapter 2, Disaster Recovery.
%DFNXS
Backup is like insurance. You only need a backup if you need to restore your system.
:KDWWR%DFNXSDQG:KHQ
There are three categories of files to backup:
< Database
<
Log files
<
Note; you may need to use different tools to backup all the files. Some tools may only be
able to backup one or two of the three categories of files that need to be backed up. Example,
using the SAP DBA Calendar DB13 for on Microsoft SQL Server, it can backup the database
and the transaction log, but not the operating system files.
'DWDEDVH
:KDW
This is the core of the R/3 system and your data. Without the database backup, you cannot
recover the system.
:KHQ
The frequency of a full database backup determines how many days back in time you must
go to begin the restore:
<
If a daily full backup is done, you will need yesterdays full backup.
Only logs since yesterdays backup need to be applied to bring the system current.
<
If a weekly full backup is done, you will need last weeks full backup.
All the logs for each day (since the full backup) must now be applied to bring the system
current.
33
A daily full backup reduces the number of logs that need to be applied to bring the database
current. This backup reduces the risk of not getting a current database backup because of a
bad (unusable) log file.
If a daily full backup is not done, more logs would need to be applied. This step lengthens
the recovery process time and increases the risk of not being able to recover to the current
time. A point may be reached when it would take too long to restore the logs, because so
many logs need to be applied. For additional safety, we recommend that you do a full
monthly database backup in addition to the full daily backups.
([DPSOH:HHNO\%DFNXS
A restore from last weeks full backup that was done four days ago.
<
<
<
It takes 120 minutes to restore the log file from tape to disk (40 log x 3 minutes per
log).
<
It takes 200 minutes to restore the log files to the database (40 logs x 5 minutes per
log).
<
The total time to do the restore, excluding database files, is 320 minutes (5.3 hours).
([DPSOH:HHNO\%DFNXS
A restore from last nights full backup
<
<
It takes 30 minutes to restore the log file from tape to disk (10 log x 3 minutes per
log).
<
It takes 50 minutes to restore the log files to the database (10 logs x 5 minutes per
log).
The total time to do the restore, excluding database files, is 80 minutes (1.3 hours).
<
As you can see, the weekly backup takes four times longer to recover than a daily
backup.
These examples show that the time it takes to do a log restore depends on how many days
back you have to go to get to the last full backup. Increasing the frequency of the full backup
(with less days between full backups) reduces the recovery time.
Also consider maintaining two backup cycles of the logs on disk to reduce the need to
restore these logs from tape.
34
Release 4.6A/B
7UDQVDFWLRQ/RJV
:KDW
Transaction logs are critical to the database recovery. These logs contain a record of the
changes made to the database, which is used to roll forward (or back) operations. It is
critical to have a complete chain of valid log backups. If you have to restore and one log is
corrupted, you cannot restore past the corrupt log.
Weekly Full Backups
If the system crashes on Thursday, a log on Tuesday is corrupt. You can only recover to
the last good log on Tuesday. Everything after that is lost.
Transaction log is stored in a directory, which must not be allowed to become full. If the
transaction log fills the available filespace, the database will stop, and no further processing
can be done in the database (and consequently) in R/3. It is important to be proactive and
periodically back up the transaction logs. Refer to the chapter specific to your database for
more information.
:KHQ
Transaction volume
<
<
<
If your transaction volume is high, decrease the time interval between log backups. This
reduced time interval decreases the amount of data that could be lost in a potential data
center disaster.
+RZ
35
If you do not have an offsite backup server, back up the transaction log backups to tape
after each log backup and immediately send the tape offsite.
Do not back up the logs to the tape drive in append mode and append multiple
backups on the same tape. If a data center disaster occurs, the tape with all these logs
will be lost.
2SHUDWLQJ6\VWHP/HYHO)LOHV
:KDW
Operating system level files, which must also be backed up, are for:
<
<
R/3 files
Spool files, if stored at the operating system level
(system profile: rspo/store_location = G)
Change management transport files located in /usr/sap/trans
Other R/3 related applications
Interface or add-on products, such as those used for EDI or taxes, that store their
data or configuration outside the R/3 database.
<
The amount of data is small in relation to the R/3 database. Depending on how your system
is used, the above list should only require several hundred megabytes to a few gigabytes of
storage. In addition, some of the data could be static and may not change for months.
:KHQ
The frequency of the operating system level backup depends on the specific application. If
these application files must be kept in sync with the R/3 System, they must be backed up at
the same frequency as the log backup files. An example of this situation is a tax program
that stores its sales tax data in files external to the R/3 database. These files must be in sync
with the sales orders in the system.
A simple and fast method to back up operating system files is to copy all data file directories
to disk on a second server; from the second server, you can back up those files to tape. This
process minimizes file downtime.
Use the sample schedule below to determine your backup frequency:
%DFNXS7\SHV
Backup types is like a three-dimension matrix, where any combination can be used:
36
<
<
<
Release 4.6A/B
:KDW,V%DFNHG8S
<
<
<
Depending on your database and operating system, you may (or may not) have a third
option. A differential backup is a backup of only what has changed since the last full
backup. A full database backup is still required on a periodic basis. The usual
arrangement is; a full backup on the weekend and differential backups during the week.
Differential backup is not supported from within R/3 using DB13, you must use other
tools to perform a differential backup.
Microsoft SQL Server; to do a differential backup you must execute the differential
backup using Microsoft SQL Server tools.
Advantages:
The exposure to a corrupt log backup is reduced. Each differential backup is backing
up all the changes to the database since the last full backup.
Disadvantages:
Like the incremental log backup, a full backup is needed as the starting point.
37
The backup window for a differential is longer than a transaction log backup. It
starts as being short (just after the full backup) and gets longer as more data is
changed.
+RZWKH%DFNXS,V7DNHQ
<
Offline
An offline backup is taken with the database and R/3 System down.
Advantages:
An offline backup is faster than an online backup.
During the backup, there is no issue with data changing in the database.
If the files are backed up at the same time, the related operating system files will be
in sync with the R/3 database.
Disadvantages:
R/3 is unavailable during an offline backup.
Buffers for R/3 and the database are flushed.
This process will impact performance until the buffers are populated.
<
Online
An online backup is taken with the database and R/3 running.
Advantages:
R/3 is available to users during a backup.
This is needed where the system is running and used 24 hours a day and seven days
a week.
The buffers are not flushed.
Since buffers are not flushed, once the backup is complete, there is no impact on
performance.
Disadvantages:
An online backup is slower than an offline backup (a longer backup time).
Backup time is increased because processes such as R/3 are running and competing
for system resources.
Online performance is degraded while the backup is running.
Data may change in the database while it is being backed up.
Therefore, the transaction logs become critical to a successful recovery.
Related operating system level files may be out of sync with the R/3 database.
If you are using online backups, the transaction logs are critical to successfully
recovering the database.
38
Release 4.6A/B
:KHQWKH%DFNXS,V0DGH
<
Scheduled
Scheduled backups are those that are run on a regular schedule, such as daily or weekly.
For normal operations, configure a scheduled backup. Automated backups should use
the DBA Planning Calendar (transaction DB13). This calendar provides the ability to set
up and review backup cycles. It also has the ability to process essential database checks
and update statistics. You can also set up CCMS to process the backup of transaction
logs.
Depending on the operating platform, backups and other processes configured here can
be viewed in the Batch Processing Monitors (transaction SM37). In general, the status of
the backups can be viewed using Backup Logs overview (transaction DB12).
<
On-demand
On-demand backup is done on an ad hoc basis. It is done before a major change to the
system, such as for an R/3 upgrade. Backups that are controlled directly by an operator,
or on-demand, can be performed either by the DBA Planning Calendar (transaction
DB13), at the database, or at operating system level.
Although the DBA Planning Calendar can schedule backups for periodic use, it can also
be used to perform an immediate backup. For an on-demand backup, it is more common
to use tools at the database level such as Enterprise Manager (Microsoft SQL Server) or
SAPDBA (Oracle and Informix).
Regardless of the chosen backup method, you should achieve the following goals:
<
<
<
<
%DFNXS6WUDWHJ\'HVLJQ
SAP provides tools under CCMS-DB Administration in R/3 to assist in implementing your
strategy. The DBA Planning Calendar (transaction DB13) is designed for scheduling backups.
The other tool, the CCMS Monitoring tool (transaction DB12), provides historical
information to review backup statistics and tape management information. At the operating
system or database level, there are additional tools you can use to administer backup and
restores. These tools include SQL Enterprise Manager (Microsoft SQL Server) and SAPDBA
(Oracle and Informix).
To design your backup procedures:
1. Determine the recovery requirements based on an acceptable outage.
It is difficult to define the concept of acceptable outage, because acceptable is
subjective and will vary from company to company. The cost of what is an outage
includes productivity loss, time, money, etc. spent on recovery. This cost should be
evaluated in a manner similar to insurance. (The more coverage you want, the more the
39
insurance will cost.) Therefore, the faster the recovery time requirements, the more
expensive the solution.
2. Determine what hardware, software and process combinations can deliver the desired
solution.
Review the section on performance to decide which method is best. Follow the Keep It
Simple (KISS) rule, but more importantly, make sure your method is reliable.
3. Test your backup procedures by implementing the hardware and reviewing the actual
run times and test results.
Ensure that you get results from all types of backup that could be used in your
environment, not just the ones you think might be used. This information will aid
further evaluation and capacity planning decisions and provide useful comparison
information as needed.
4. Test your recovery procedures by creating various failure situations.
Document all aspects of the recovery including the process, who should perform various
tasks, who should be notified, etc. Remember that a recovery will be needed when you
least expect it so be prepared. Testing is not a one-time event. It should occur regularly,
with additional tests as hardware or software components change.
6XSSOHPHQWDU\%DFNXSV
Supplementary backups are made on special days (month-end, year-end), so that you can
restore the database to a previous state.
*HQHUDO3URFHGXUHV
%DFNXS
The unattended backup is performed based on the backup frequency table. The scheduling
functionality of the R/3 CCMS is used to schedule the backup. In CCMS, the required tapes
can be listed by choosing theVolumes Needed button on the backup scheduling screen. Extra
backups, such as the monthly and yearly backup, should be performed offline.
7UDQVDFWLRQ/RJ%DFNXS
If transaction log backup is performed during normal system operation, there is no user
impact. You can also find the tapes needed by choosing Volumes Needed.
No special archiving is required for offline backup. (Since the backup is performed offline,
the database remains in a consistent state.)
9HULI\LQJ%DFNXSV
Backups must be verified following a regular schedule. Transaction DB13 and other backup
utilities provide buttons such as Verify Backup to perform this task. Unless the backup is
verified, you will not know that you have properly backed up everything onto tape.
310
Release 4.6A/B
([DPSOH
A backup of several files was done, but the append switch was not properly set for
second and later files. Consequently, rather than appending the files one after the other,
for each file, the tape was rewound and the backed up. The end result was that only the
last backed up file was on the tape.
File verify has to be done after all files have been backed up. If it was done after each file, it
would not detect that the previous file was erased.
0RQLWRULQJ&RQWUROOLQJ
For each system, after backing up the database and finishing the archives, all logs must be
printed and placed in the folder.
'DWDEDVH,QWHJULW\
An integrity check of the database must be performed in one retention period to ensure that
no corrupted blocks exist in the database. These blocks may go unrecognized during backup
(see the chapter written for your database for more information).
To avoid backing up a hidden, inconsistent database, the database must be checked at least
once during a retention period.
System
Frequency of DB Checks
DEV
QAS
PRD
Every 2 weeks
Every 2 weeks
Every week
5ROHVDQG5HVSRQVLELOLWLHV
Task
Role
Backup Database
Backup Archives
Verifying Backups
Monitoring/Controlling
Database check
Operator
Operator
Operator/DBA
Operator/DBA
DBA
311
'HVLJQ5HFRPPHQGDWLRQV
<
Database
Assuming the size of your database and backup window permits it, we recommend a
full database backup be taken every day. For databases that are too large for daily full
database backup, a full backup should be taken weekly.
<
Transaction Logs
Backing up the transaction logs is critical. If the filespace is used up, the database will
stop, which stops R/3.
Between 6:00 a.m. and 9:00 p.m., we recommend that you back up these logs at least
every three hours. A company with high transaction volume carries higher risk and
would increase the frequency accordingly, perhaps to every hour. Similarly, if you have
a Shipping department that opens at 3:00 a.m. and a Finance department that closes at
10:00 p.m., you would need to extend the start and end times.
<
$6WUDWHJ\&KHFNOLVW
It is important to set up a proper procedure to back up the valuable system information.
Procedures should be defined as early as possible to prevent possible data loss. Resolve the
following list of backup issues before you go live:
<
<
<
<
<
<
Consider using DBA Planning Calendar (DB13) to schedule transaction log backups
<
<
<
<
Determine tape pool size (tapes needed per day retention + 20 percent)
Allow for growth and special needs.
<
Initialize tapes
<
<
312
<
<
Release 4.6A/B
<
<
<
%DFNXS3URFHGXUHVDQG3ROLFLHV
Backup policies and procedures should be defined as early as possible to prepare for
potential data loss during an implementation.
Some examples of policies and procedures are included below:
<
System Environment
In the three-system landscape, CCMS backs up and restores the software components.
(In the three-system landscape in this guidebook, DEV is a development system, QAS is
a quality assurance system, and PRD is a production system.)
<
Hardware Components
The hardware listed in the table below is to backup and restore the database and
transaction logs:
System Name
Backup Hardware
DEV
QAS
PRD
7DSH0DQDJHPHQW
7UDFNLQJDQG'RFXPHQWLQJ
To easily retrieve tapes from storage, you need to track and document them.
The issues are:
<
Labeling
<
Tracking
<
Handling
<
Retention requirement
/DEHOLQJ
Tapes should be clearly labeled using one of many labeling methods. Three simple methods
are described in the examples below. Two of these methods are used by R/3 and are
important if you use DB13 to schedule your backups. Third-party backup management
software may assign their own tracking number for the labels. In this case, you must use the
label specified by the software.
313
([DPSOH
This five-character naming convention is used by DB13 on Microsoft SQL Server 7.0. (see
SAP note 141118). Microsoft SQL server 6.5 had a different naming convention.
Each label has the following data:
<
<
Type of backup:
L = transaction log
D = database
F = file
G = file group
+ = differential
<
<
RD06S
Sample Label:
([DPSOH
This six-character naming convention is used by SAPDBA and BRBACKUP (Oracle).
Each label has the following data:
<
System ID <SID>
<
What is backed up
B = database
A = log
O = operating system files
<
(This number is a sequential tape number, starting from 1 and is unrelated to the date.)
Sample Label:
PRDB25
PRD (Production db) + B (Brbackup/Database) + 25 (tape number 25)
314
Release 4.6A/B
([DPSOH
This method is more visual, where the length of the label name is less of a limitation.
Each label has the following data:
<
System ID <SID>
<
What is backed up
db = database
tl = transaction log
os = operating system files
<
<
Multiple tape indicator for a single day (can be omitted if only one tape is used)
Sample Label:
PRD-db-06-a
PRD (Production database) + db (database) + 06 (6th day of the month) + a
(tape a, the first tape)
If DB13 is not used, for all of above naming conventions, additional codes can be used to
indicate additional types of files that are backed up.
In addition to the naming schemes, use a different color label for each system. A color
scheme is one more indicator to help identify the tape and reduce confusion.
An example of a color scheme is:
<
PRD = orange
<
<
QAS = green
DEV = white
7UDFNLQJ
Tapes should be logged to track where they are stored, so you can locate them when you
need them.
In addition to tracking and documenting tapes when tape locations change, tapes should be
tracked and documented when they are:
<
Used
<
<
<
To help you track and retrieve the offsite backup, log the:
<
Date of backup
<
Database
<
Tape number
315
<
<
<
<
Date returned
Volume
Label
Purpose
7/15/98
PRDB01
7/15/98
PRDO23
Notes
Storage
Company
Label
Out
Back
Database
X7563
7/15/98
7/30/98
Operating Sys
X7564
7/15/98
8/15/98
+DQGOLQJ
When you transport tape cartridges, carry them in a protected box to minimize damage and
potential data loss if they are accidentally dropped. The box should have foam cutouts for
each tape cartridge you use.
For a small company, an ideal tape collection device is a small or medium-sized plastic tool
box with a foam insert that has cutouts for each tape cartridge. Plastic is used because it is
nonmagnetic.
We recommend that you use two boxes. One box should collect the tapes to be sent offsite,
and a second box should contain the new backup tapes. The second box should be empty
when you finish changing tapes.
When changing tapes, to avoid confusion:
< Handle one tape cartridge at a time
< Follow the same procedure each time
To change tapes:
1. Remove the tape cartridge from the tape drive.
2. Insert it in the collection box.
3. Remove the next tape.
4. After all tapes have been removed, insert the new tapes in the drive in the same manner.
If you are using preinitialized tapes, you must use the correct tape for that day, or the
backup program will reject the tape. The backup program reads the tape header for the
316
Release 4.6A/B
initialization information (which includes the tape label name) and compares it to the next
label in the sequence.
Keep track which tape cartridges:
<
<
<
It is easy to accidentally put the wrong tape cartridge in a drive and destroy the recent
backup or cause the next backup to fail.
When you initialize a tape, some programs write an expiration date on the tape. The tape
cannot be overwritten by that same program before the expiration date. However, it might
be overwritten by another program that ignores the tape header.
The next section discusses the importance of retention requirements.
5HWHQWLRQ5HTXLUHPHQWV
There are legal requirements that determine data retention. Check with your companys
legal department on complying with federal, state, and local data retention requirements.
Complying with these requirements should be discussed with your legal and finance
departments, external auditors, and consultants. The retention requirement should then be
documented.
The practical side of data retention is that you may be unable to realistically restore an old
backup. If the operating system, database, and the R/3 System have each been upgraded
twice since the backup, it is unlikely that the backup can be restored without excessive
costif at all.
Retention is related to your backup cycle. It is important to have several generations of full
backups and all their logs because:
<
If the database is corrupted, you will have to return to the last full backup before the
database corruption.
<
If the last full backup is corrupted, you will have to return to the previous full backup
before the corruption or disaster and roll forward using the backup of the logs from that
backup until the corruption.
How far back you go depends on the level of corruption.
<
Since R/3 is an online real-time system, to recover the database from a full database
backup, you must apply all the logs since that backup. If this is a significant amount of
time, the number of logs could be tremendous. Therefore, the number of logs you may
need to apply is a practical constraint to how far back you can recover.
317
5HFRPPHQGDWLRQV
<
If a full database backup is taken each day, we recommend that you keep at least two
weeks of backups and all the logs for these weeks.
<
If a full database backup is taken weekly, you should go back at least three generations.
<
Regular
Backup
DEV
QAS
PRD
14 days
14 days
31 days
Month-End
Backup
24 months
Quarter-End
Backup
2 years
Year-End
Backup
4 years
Archives
31 days
31 days
31 days
6WRUDJH
2IIVLWH
:KDW
The offsite storage site is a separate facility (building or campus) from the R/3 data center.
:K\
The magnitude of the disaster will determine what is considered adequate protection:
<
Sending tapes to a separate location in the building or another building in the campus
will be sufficient.
If the disaster is confined to the building where the data center is located.
318
Release 4.6A/B
<
Offsite data storage can be at a separate company facility or a commercial data storage
company.
The offsite data storage facility or vendor should have a certified data storage site. Data
tapes have different handling and storage requirements than paper.
Once the backup is complete, send the tapes offsite immediately. If there is a data center
disaster and the backup tapes are destroyed, you can only recover to the last full backup
that you have offsite. For log backups, it is critical to send the tapes offsite immediately. If
not, everything since this backup is lost.
2QVLWH
:KDW
Onsite storage means storing your data in the same facility as your data center.
+RZ
Tape cartridges should be properly stored, following the tape manufacturers storage
requirements.
The most difficult requirement to comply with is magnetic fields. The problem is
determining if there is a strong magnetic field near the tape storage location. A vacuum
cleaner motor or a large electric motor on the opposite side of the wall from where the data
tapes are stored can generate a magnetic field strong enough to damage tapes.
When storing tape cartridges, keep all related tape cartridges together. All the tapes used in
a daily backup should be considered as a set, comprising backups for:
<
Database
<
Logs
<
Tapes and files in a set need to be restored as a set. For example, if operating system files are
not restored with database and log files, the operating system files will not be in sync with
the database and critical information will be missing.
319
3HUIRUPDQFH
The most important performance target is the time required to restore the database. This
determines how long the R/3 system will be down and not available for use. With R/3
down, certain company operations may not occur.
Backup performance is important, especially if the system is global or used 24 hours a day.
When doing a backup, it is important to minimize the impact on users. The key is to reduce
backup time, which in turn reduces the impact on the users.
To increase performance:
1. Identify the bottleneck or device that is limiting the throughput.
2. Eliminate the bottleneck.
Repeat steps 1 and 2 until the performance is adequate or the additional cost is no longer
justified.
This iterative process is subject to cost considerations. Additional performance can always
be purchased, which is almost always a business cost justification exercise.
%DFNXS
All of the backup performance items that follow also apply to restoring the database.
There are three major variables that affect performance:
<
Database size
<
The larger the database, the longer it will take to back up.
Backup window
The backup window is the time allocated for you to take the regular backups of the
system. This window is driven by the need to minimize the impact on users.
An online backup
The backup window for this backup type is defined as the time when there are the
fewest users on the system and is usually done early in the morning.
An offline backup
The backup window for this backup type is defined by when and for how long R/3
can be brought down and is usually done during the weekend.
<
320
Hardware throughput
This variable limits how fast the backup can run and is defined by the slowest link in the
backup chain such as:
Database drive array
I/O channel that is used
Tape drive
Release 4.6A/B
%DFNXS2SWLRQV
Our backup options assume that the backup device is local to the database server. A backup
performed over a network will be affected by network topology, overhead, and traffic.
Rarely is the full capacity of the network available. If a backup is done over the network, it
will decrease performance for other network users. Although technically possible,
performing a backup over a network is beyond the scope of this guidebook.
%DFN8SWR)DVWHU'HYLFHV
All of the backup options attempt to eliminate the bottleneck at the backup device. The
backup device, usually a tape drive, is the throughput-limiting device.
The table below contains capacity and throughput values to help you plan tape drive
selection:
Type
Capacity (GB)
Rate (GB/hr)
(native/compressed)
(native/compressed)
DAT (DDS-2)
4 / 6.8
1.8 / 3.1
DAT (DDS-3)
12 / 20.4
3.6 / 6.1
DLT 4000
20 / 34
5.4 / 9.2
DLT 7000
35 / 60
18 / 30.6
DLT 8000
40/68
21.6/36.7
The compressed capacity values in this table assume the use of hardware compression and
use a more conservative 1.7x ratio, as opposed to the typical 2x compression ratio. The
actual compression ratio and rate depends on the nature of the file and how much it can be
compressed.
A 20 GB database with only 9 GB of data will only require 9 GB of tape space. As the
volume of data in the database increases, so will the tape space requirement. However, if
you are backing up at the operating system level, the entire file is being backed up.
Therefore, you will need to provide tape space for the entire 20 GB database.
As technology advances, and the capacity and throughput of tape drives increases, these
values will become obsolete. We recommend that you investigate what is currently available
at the time of your purchase.
Advantages:
Faster and larger capacity tape drives allow you to back up an entire database on a single
tape cartridge in a reasonable period of time (for example, a two-hour backup of a 60 GB
database to a DLT7000).
321
Disadvantages:
< A backup to a single tape drive is the slowest option.
<
Not all databases and backup tools support tape changers or libraries; make certain that
these tools are compatible before purchasing them. For example, SAPDBA supports tape
changers, but Microsoft SQL Server Enterprise Manager and NT Backup do not.
3DUDOOHO%DFNXS
Backing up to multiple tape drives uses a RAID-0 (stripe) array, in which several tape drives
are written to in parallel. In certain environments, like Oracle, individual tablespaces or files
are simultaneously backed up to separate tape drives. Because you are writing to multiple
tape drives in parallel, total performance is significantly faster than if you were using a
single tape drive.
With sufficient tape drives in parallel, the bottleneck can be shifted from the tape drives to
another component. You must consider the performance of each subsystem when using tape
drives in parallel. This subsystem includes the tape drive(s), controller(s), CPU, and I/O
bus. In many configurations, a controller or bus is the limiting factor.
To restore a parallel backup, all the tapes in the set must be readable. If one tape is bad, the
entire backup set will not be usable. The more tapes you have in a set, the greater the chance
that one tape will be bad.
%DFNLQJ8SWR'LVNV7KHQWR7DSH
Advantages:
< For the database, this option is the fastest.
Under most situations, you can back up to disk faster than to tape.
<
This option allows you to make several identical backup copies (for example, one for
onsite storage and one for offsite storage).
<
Once the backup has been made to disk, R/3 System performance is minimally affected.
Because the tape backup is made from the disk copy, and not the live database, the
backup to tape is not competing with database activity for significant system resources.
<
During an onsite disaster recovery to the same equipment, the recovery can be done
from the on-disk backup.
Disadvantages:
< Significant additional disk space, up to the same amount of space as the database, is
required.
This additional space makes this option the most expensive, especially for a large
database.
<
322
Until the backup to tape is completed, you are vulnerable to a data center disaster.
Release 4.6A/B
<
In a major disaster recovery, you have to first restore the files to disk, then execute the
database recovery from the files on disk.
This process increases the time to recover the system.
There are other options available for a faster backup, such as the various High Availability
options, but these options are beyond the scope of this guidebook.
5HFRYHU\
The performance requirement for a recovery is more critical than for backup. Recovery
performance determines how quickly the system will be available for use and how soon
business can continue. The goal is to restore the database and related files to make the
system quickly available for general use. The longer this restore takes, the greater the impact
on your business.
5HVWRUH2SWLRQV
To increase database restore performance, all of the above database backup options are
valid. The option also exists to restore to a faster disk array with a higher data-write
throughput.
There are different ways to restore to a faster disk array:
<
Dedicated drives
In conjunction with parallel backups, restoring files and tablespaces to individually
dedicated disk drives makes the process faster. Because at any one time, only one
tablespace or file is written to the drive, you do not have head contention writing
another tablespace to the same drive.
<
RAID type
Mirrored stripe (RAID 0+1) is faster than RAID5, but this speed depends on the specific
hardware. In most cases, the task of computing the parity data for the parity drive
(RAID5) takes more time than it would to write all the data twice (RAID 0+1). This
option is expensive because the usable capacity is 50 percent of the total raw capacity
significantly less than RAID5:
RAID 0+1 = [single_drive_capacity (number_of_drives/2)]
RAID5 = [single_drive_capacity (number of drives 1)]
<
<
323
8VHIXO6$31RWHV
SAPNet R/3
Frontend
Note #
Description
0LFURVRIW64/6HUYHU
141118
102467
50990
142731
28667
128126
111372
126808
68059
43499
43491
43486
43484
42293
34432
31073
21568
16513
15465
04754
03807
02425
01042
324
Release 4.6A/B
&KDSWHU 6FKHGXOHG'DLO\7DVNV
&RQWHQWV
Overview ..................................................................................................................42
Critical Tasks...........................................................................................................43
The R/3 System .......................................................................................................44
Database ..................................................................................................................46
Operating System ...................................................................................................46
Other.........................................................................................................................47
Notes ........................................................................................................................47
The R/3 System .......................................................................................................48
Critical Tasks...........................................................................................................49
41
2YHUYLHZ
We have provided sample checklists that you may use and modify depending upon your
specific needs. The checklists provided for your convenience include:
< Critical tasks
42
<
R/3 System
<
Database
<
Operating system
<
Other
<
Notes
Release 4.6A/B
&ULWLFDO7DVNV
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
Chapter Procedure
Check off/Initial
13
Check database
backup.
Database backup
run time.
Check operating
system level
backup
Operating system
backup run time.
43
7KH56\VWHP
Task
Transaction
Chapter
Procedure
SM51 SAP
Servers
16 & 10
RZ20
CCMS
Monitor (4.0)
10
SM50
Process
Overview
SM13
Update
Records
16 & 10
10
Check off/Initial
SM21
System Log
10
44
SM37
Select
Background
jobs
16
SM12 Lock
entry list.
10
Release 4.6A/B
Task
Transaction
Chapter
Procedure
Check off/Initial
SMO4
Users
10
Review for an
unknown or different
user ID and terminal.
This task should be
done several times a
day.
AL08 - Users
SP01 Spool:
Request
Screen
14
SM35 Batch
input: Initial
Screen
16
Check for:
SM50/SM51 Processes
16 & 10
ST22 ABAP
Dump
Analysis
10
STO3
Workload:
Analysis of
<SID>
19
ST02 Tune
Summary
19
45
'DWDEDVH
Task
Where
AL02
Database (DB)
alert
ST04 DB
Performance
Analysis
Chapter Procedure
Check off/Initial
13
2SHUDWLQJ6\VWHP
Task
Transaction
Chapter
AL16 OS
Alerts
15
OS06 OS
Monitor
15
Review operating
system log
NT system log
15
NT system log
15
NT application
log
15
46
Procedure
Check off/Initial
Release 4.6A/B
2WKHU
Task
Where
Chapter
UPS
program log
15
Procedure
Check off/Initial
Review for:
< Events
< UPS self test
< Errors
1RWHV
Problems
Action
Resolution
47
System: __________
Date: ____/____/____
Admin: _____________________
7KH56\VWHP
These tasks are done several times a day.
Task
Transaction
SM13 Update
Records
Chapter
10
Procedure
Check
off/Initial
10
SM37 Select
Background jobs
16
Enter * in User ID
Verify that all critical jobs were
successful.
Review any cancelled jobs.
RZ01 Graphical
job monitor
16
SM04 Users
10
AL08 Users
48
Release 4.6A/B
&ULWLFDO7DVNV
There are a few critical tasks that should be completed every morning. These tasks answer
the following questions:
< Is the R/3 System running?
<
If the answer to either question is no, then the situation must be resolved quickly because:
<
<
If the backups failed, and a disaster occurs, you could lose all the data since your most
recent good backup.
9HULI\WKDW5,V5XQQLQJ
Your first task of the day is to perform a high-level check to see if the R/3 System is
running.
:K\
If the system is not running, your users will be calling to find out what happened and when
the system will be up again.
As a basic level check, if you can connect to the R/3 System, the following questions are
answered:
<
<
+RZ
From a workstation, log on with the SAP GUI. If you can log on, the test is successful.
9HULI\WKDWWKH%DFNXSV5DQ6XFFHVVIXOO\
:KDW
You need to verify that the backups that were supposed to run last night, ran successfully.
Backups of the R/3 database and related nondatabase operating system level files are
essential to recover the R/3 System.
Types of nondatabase files include:
<
<
Data files for third-party applications that do not store their data in the system
Examples of such files are external tax files.
<
Transport files
<
<
49
:K\
If there is a problem with any of the backups, the problem needs to be quickly resolved. If a
database failure occurs that requires a restore, and the last backup failed, you will have to
recover using the last successful backup. If you do not have a good (usable) backup, you
will have to go to an older backup. This process requires applying more logs the further
back you go and increases the time required to restore the database and bring it current.
Once the problem has been fixed, if it does not significantly impact performance, execute an
online backup. Even if it impacts performance, your company may make it policy to run the
online backup. This step gives you a more recent backup.
At the operating system level, some of these files may need to be in sync with the R/3
database. Restoring the R/3 System without these files results in an incomplete (unusable)
restore (for example, external tax files that need to be in sync with the system data or the tax
systems reports will not match the R/3 reports).
:KHQ
These critical tasks need to be done first thing in the morning. If there is a graveyard
operations shift, the backup check should be done once the backup job is complete. The
graveyard shift is the third shift of the day and is typically from 10:00 p.m. to 7:00 a.m.
Any failed backup must be immediately investigated and resolved. Do not maintain a we
will just run the backup again tonight and see if it works attitude. If that backup fails, you
have another day without a backup.
In chapters 48, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
8VHUV7UDQVDFWLRQ$/
:KDW
This transaction displays all the users who are currently logged on to the system. It shows
both the users ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to unfamiliar
terminals. This step may indicate that someoneother than the designated useris using
that user ID. A user is logged on to more than one terminal may indicate that the user ID is
being used or shared by more than one person.
410
Release 4.6A/B
260RQLWRU7UDQVDFWLRQ26
:KDW
The system logs are where the operating system and some applications write event records.
Depending on the operating system, there may be multiple logs.
:K\
There may be indications of a developing problem (for example, a hard drive generating
errors or a failing drive that needs to be replaced).
6HOHFW%DFNJURXQG-REV*UDSKLFDO-RE0RQLWRU7UDQVDFWLRQ
605=
:KDW
Background jobs are batch jobs scheduled to run at specific times during the day.
:K\
If you are running critical jobs, you need to know if the job failed, because there may be
other processes, activities, or tasks that are dependent on these jobs.
&&06$OHUW0RQLWRU7UDQVDFWLRQ5=
:KDW
Transaction RZ20 is a centralized alert monitor and is new with Release 4.0. With this
transaction, you can monitor the servers in your landscape, such as development, QA,
testing, production, etc. You no longer have to individually log into each system to search
for alerts. If there is an alert, the monitor will link to many of the other transactions later in
this chapter.
:K\
An alert indicates a potentially serious problem that should be quickly resolved. If not
contained, these problems could degenerate into a disaster.
8VHUV7UDQVDFWLRQV60
:KDW
These transactions display all the users who are currently logged on to the system and show
the users ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to unfamiliar
terminals, indicating that someoneother than the designated useris using that user ID.
411
A user logged on to more than one terminal indicates that the user ID is being:
<
<
/RFN(QWU\/LVW7UDQVDFWLRQ60
:KDW
A lock is a mechanism that prevents other users from changing the record on which you are
working. An example that illustrates the importance of using this function follows.
([DPSOH
You are changing a customer mailing address. Someone else is changing the customers
telephone number at the same time. You save your change first; then the other person
saves their change. The other persons change overwrites your change, and your change
will be lost.
:K\
There may be old locks still in place from transactions that did not release, or from when the
user was cut off from the network. Unless cleared, these locks prevent access or change to
the record until the system is cycled. The easiest way to locate them is to look for locks from
prior days.
We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter
defines an automatic logout of the user if there is no activity for the set number of minutes.
8SGDWH5HFRUGV7UDQVDFWLRQ60
:KDW
A failed update, or an update terminate, is an update to the failed database. These failed
updates occur when a user entry or transaction is not entered or updated in the database.
The following analogy should help clarify this concept:
1. A secretary gives a file clerk a folder (similar to a save).
2. The file clerk gives the secretary a receipt (similar to the R/3 document number).
3. On the way to the file cabinet, the clerk falls, and gets hurt.
The folder in not put into the cabinet (this is the failed update).
4. The end result is the folder is not in the cabineteven though the secretary has the
receipt.
For performance reasons, the database update is done in asynchronous mode. In this mode,
the user continues to work while the system takes over the update process and waits for the
412
Release 4.6A/B
database update to complete. In synchronous mode, users would have to wait until the
database successfully updated before they could continue to work.
:K\
The users probably received a document number, so they assume that the entry is in the
system; however, if a failed update occurred, the entry is not in the system. In a customer
order, unless the order is reentered, the customers would not get their order and no trace of
it would be found in the system!
6\VWHP/RJ7UDQVDFWLRQ60
:KDW
The system log is the R/3 Systems log of events, errors, problems, and other system
messages.
:K\
The log is important because unexpected or unknown warnings and errors could
indicate a serious problem.
%DWFK,QSXW7UDQVDFWLRQ60
:KDW
This transaction shows jobs that need to be processed or started, and jobs with errors that
need to be resolved.
:K\
This transaction is important because it alerts you to batch input jobs that are:
<
New
These are jobs that are waiting to be processed (for example, a posting from an interface
file). If not processed, the data will not post to the system.
<
Incorrect
These are jobs that have failed due to an error. The danger is that only a portion of the
job may have posted to the system. This increases the potential for data corruption of a
different sort, as only part of the data is in the system.
413
:RUN3URFHVVHV7UDQVDFWLRQV60DQG60
:KDW
These transactions allow users to view the status of work processes and monitor for
problems. Transaction SM51 is a central transaction from which you can select the instance
to monitor. SM51 starts transaction SM50 for each application server. Transaction SM50 is
used for systems without application servers.
:K\
Transaction SM51 is one place to look for jobs or programs that may be hung, (indicated
by long run times). If batch jobs are not running, if all the batch work processes are in use,
transaction SM50 may provide a hint of the problem.
6SRRO7UDQVDFWLRQ63
:KDW
The spool is the R/3 Systems output manager. Data sent to the printer is sent to the R/3
spool and then sent to the operating system to print.
:K\
There may be problems with the printer at the operating system level. These problems need
to be resolved immediately for time-critical print jobs (for example, checks, invoices,
shipping documents, etc.) or there may be an operational impact.
Active spool jobs that have been running for over an hour could indicate a problem with the
operating system spool or the printer.
7XQH6XPPDU\7UDQVDFWLRQ67
:KDW
The buffer tune summary transaction displays the R/3 buffer performance statistics. It is
used to tune buffer parameters of R/3 and, to a lesser degree, the R/3 database and
operating system.
:K\
The buffer is important because significant buffer swapping reduces performance. Look
under Swaps for red entries. Regularly check these entries to establish trends and get a feel
of the buffer behavior.
:RUNORDG$QDO\VLVRI6,'!7UDQVDFWLRQ67
:KDW
414
Release 4.6A/B
+RZ
Check statistics and record trends to get a feel for the systems behavior and performance.
Understanding the system when it is running well helps you determine what changes may
need to be made when it is not.
'DWDEDVH3HUIRUPDQFH$QDO\VLV7UDQVDFWLRQ67
:KDW
<
<
$%$3'XPS$QDO\VLV7UDQVDFWLRQ67
:KDW
An ABAP dump (also known as a short dump) is generated when a report or transaction
terminates as the result of a serious error. The system records the error in the system log
(transaction SM21) and writes a snapshot (dump) of the program termination to a special
table. This transaction can also be called from the system log (transaction SM21).
:K\
You use an ABAP dump to analyze and determine why the error occurred, and take
corrective action.
415
416
Release 4.6A/B
&KDSWHU 6FKHGXOHG:HHNO\7DVNV
&RQWHQWV
The R/3 System .......................................................................................................52
Database ..................................................................................................................53
Operating System ...................................................................................................53
Other.........................................................................................................................53
Notes ........................................................................................................................54
51
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
DB02 DB
Performance:
Database
Allocation
13
DB02 DB
Performance:
Database
Allocation.
13
SP01 - Spool
14
STMS, or TP
17
SP12
SM20
52
Chapter Procedure
Column Title
Release 4.6A/B
'DWDEDVH
Task
Where
Chapter
Procedure
Check off/initial
DBCC
13
13
2SHUDWLQJ6\VWHP
Task
Where
Chapter Procedure
10
Check
off/initial
Files system
2WKHU
Task
Where
System monitor
15
System monitor
15
Test e-mail.
Tape drive
Chapter
Procedure
Check
off/initial
Test paging.
15
53
1RWHV
Problem
Action
Resolution
In chapters 48, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
'DWDEDVH3HUIRUPDQFH7UDQVDFWLRQ'%
:KDW
DB space history
<
DB Analysis
From this screen, you can view database history by dates and times.
&&06$OHUW0RQLWRU7UDQVDFWLRQ5=
:KDW
Transaction RZ20 is a centralized alert monitor and is new with Release 4.0. With this
transaction, you can monitor the servers in your landscape, such as development (DEV),
quality assurance (QAS), testing, production (PRD), etc. You no longer have to individually
log into each system to search for alerts. If there is an alert, the monitor will link to many of
the other transactions later in this chapter.
:K\
An alert indicates a potentially serious problem that should be quickly resolved. If not
contained, these problems could degenerate into a disaster.
6SRRO7UDQVDFWLRQ63
:KDW
The spool is the R/3 Systems output manager. Data sent to the printer is first sent to the
R/3 spool and then to the operating system to print.
54
Release 4.6A/B
:K\
There may be problems with the printer at the operating system level. These problems need
to be resolved immediately for time-critical print jobs (for example, checks, invoices,
shipping documents, etc.) or there may be an operational impact. You should check for
active spool jobs that have been running for over an hour. These long-running jobs could
indicate a problem with the operating system spool or the printer.
7HP6H7UDQVDFWLRQ63
:KDW
The relationship between the object and data in the TemSe may be destroyed as a result of:
<
<
Copying databases
<
<
7UDQVDFWLRQ67067066\VWHP
:KDW
To move objects and configuration between systems or clients in the production pipeline. A
transport starts in DEV, is transported to QAS where it is tested, and is finally moved into
PRD.
55
56
Release 4.6A/B
&KDSWHU 6FKHGXOHG0RQWKO\7DVNV
&RQWHQWV
The R/3 System .......................................................................................................62
Database ..................................................................................................................62
Operating System ...................................................................................................63
Other.........................................................................................................................64
Notes ........................................................................................................................65
61
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
Chapter
Procedure
Check
off/initial
'DWDEDVH
Task
Transaction
DB02DB
Performance:
Tables
62
Chapter Procedure
13
Check off/initial
Release 4.6A/B
2SHUDWLQJ6\VWHP
Task
Backup file server.
Review file system usage.
Where
Chapter
13
Procedure
Check
off/initial
63
2WKHU
Task
Check consumable supplies.
Where
Chapter
16
Procedure
Check off/initial
64
Release 4.6A/B
1RWHV
Problem
Action
Resolution
In chapters 4-8, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
'DWDEDVH3HUIRUPDQFH7UDQVDFWLRQ'%
:KDW
DB space history
<
DB Analysis
From this screen, you can view database history by dates and times.
65
66
Release 4.6A/B
&KDSWHU 6FKHGXOHG4XDUWHUO\7DVNV
&RQWHQWV
The R/3 System .......................................................................................................72
Database ..................................................................................................................73
Operating System ...................................................................................................73
Other.........................................................................................................................74
Notes ........................................................................................................................74
71
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
Chapter Procedure
Security review
72
Check off/Initial
12
SM31Table
Maintenance
19
Review list of
prohibited passwords
(Table USR40).
RZ10Edit
System Profile
20
SM37
Background
Jobs
16
Release 4.6A/B
'DWDEDVH
Task
Where
SM37
Chapter
Procedure
Send quarter-end
backup tape to longterm offsite storage.
16
Review all
scheduled jobs to
determine if they are
still appropriate.
2&3
Restore database to
a test server.
Check
off/Initial
2SHUDWLQJ6\VWHP
Task
Where
Transport
directories; log,
data, cofiles
SAPDBA cleanup
Chapter
Procedure
Send quarter-end
backup tape to longterm offsite storage.
15
Check
off/Initial
Maintain
init<SID>.dba
73
2WKHU
Task
Where
Procedure
Check off/Initial
1RWHV
Problem
Action
Resolution
In chapters 4-8, we have included a list of transactions like the ones below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
(GLW6\VWHP3URILOH3DUDPHWHUV7UDQVDFWLRQ5=
:KDW
There are security parameters for the users password (for example, the minimum password
length, the time interval that the user must change their password, and so on).
The following is a list of the most important password parameters:
74
<
<
<
:K\
Properly assigned parameters will make it more difficult to break into the system.
6HOHFW%DFNJURXQG-REV7UDQVDFWLRQ60
:KDW
Background jobs are batch jobs scheduled to run at specific times during the day.
:K\
If you are running critical jobs, you need to know if the job failed because there may be
other processes, activities, or tasks that are dependent on these jobs.
8VHU0DLQWHQDQFH7UDQVDFWLRQ68
:KDW
The lock/unlock function is part of the logon check, which allows or prevents the user from
logging onto the R/3 System. For terminated users, the users ID should be locked and the
user assigned to the user group term.
:K\
<
Locking a user
If an employee leaves the company, is assigned to a different group, or is on leave, their
R/3 access should be removed. With the lock function, the users ID and security profile
remain on the system but the user cannot log on. This function is ideal for temporary
personnel or consultants where, unless the access is required, the user ID remains
locked.
<
Unlocking a user
If users incorrectly log on more that the allowed number of times, they are automatically
locked out of the system. (An incorrect logon is usually the result of a forgotten
password.) The administrator must unlock the user ID and more than likely reset the
users password.
75
76
Release 4.6A/B
&KDSWHU 6FKHGXOHG$QQXDO7DVNV
&RQWHQWV
The R/3 System .......................................................................................................82
Database ..................................................................................................................83
Operating System ...................................................................................................83
Other.........................................................................................................................84
Notes ........................................................................................................................84
81
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
Chapter
Procedure
11
Check off/Initial
11
SU03 Security
Authorization
Maintenance
11
11
SE03
Workbench
Organizer Tools
11
SCC4
Clients:
Overview
11
82
Release 4.6A/B
Task
Transaction
SM01
Transaction
codes:
Lock/Unlock
Chapter
11
Procedure
Check off/Initial
'DWDEDVH
Task
Where
Chapter
3
Procedure
Check
off/Initial
Send year-end
backup tapes to
long-term offsite
storage.
2SHUDWLQJ6\VWHP
Task
Archive year-end backup
Where
Chapter
3
Procedure
Column
Title
Send year-end
backup tapes to
long-term offsite
storage.
83
2WKHU
Task
Where
Chapter
Procedure
Check
off/Initial
2&3
Restore entire
system to disaster
recovery test system
Test business
resumption
1RWHV
Problem
Action
Resolution
In chapters 48, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
7UDQVDFWLRQ6$6(
:KDW
All users who have left the company should have their R/3 access terminated immediately.
By locking or deleting these user IDs, you limit access to only those users who should have
access to R/3. Periodic review assures the task of locking or deleting has been completed.
:K\
Proper audit control requires that a user who no longer has a valid business need to access
R/3 should not be allowed to keep that access.
Deleting or locking these user IDs also prevents anyone who had been using the terminated
user ID from accessing the system under that ID.
7UDQVDFWLRQ6(6&&
:KDW
There are switches that prevent changes from being made in the system. In the production
system, these should be set to Not modifiable.
84
Release 4.6A/B
The purpose of setting the production system to Not modifiable is to make sure that changes
are made using the development pipeline.
In the development pipeline, changes are:
1. Created in the development system
2. Tested in the development system
3. Transported from the development system to the test system
4. Tested in the test system
5. Transported from the test system to the production system
Using this procedure, changes are properly tested and applied to the systems in the
pipeline.
:K\
Objects should not be modifiable in the quality assurance or production systems. This rule is
to protect the production system from object and configuration changes being made,
without first being tested. By setting the production system to Not modifiable, the integrity of
the pipeline is preserved.
7UDQVDFWLRQ60
:KDW
<
<
:K\
<
If a user accidentally accesses these transactions, they could corrupt or destroy the R/3
System.
Access to dangerous transactions is more critical in the production system than the
development or test systems. This is because of live data and the fact that the companys
operations are dependent on the R/3 System.
<
Certain transactions should be locked in the production system, but not in the
development, test, or training systems.
Standard security normally prevents access to these transactions. However, some
administrators, programmers, consultants, and functional key users could have access to
the transactions depending on the system they are on. In these cases, the transaction lock
provides a second line of defense.
There are over 48,000 English transaction codes in the R/3 System. To make it manageable,
only the critical ones need to be locked. Your functional consultants should supply you with
any additional critical transactions in their modules.
85
86
Release 4.6A/B
&KDSWHU 0XOWL5ROH7DVNV
&RQWHQWV
Starting the R/3 System..........................................................................................92
Stopping the R/3 System........................................................................................95
91
6WDUWLQJWKH56\VWHP
To start the R/3 System in a productive environment:
1. Start the operating system (if required).
2. Check the operating system logs to verify a good start.
3. Start the database.
This step is optional because starting the R/3 System also starts the database.
However, manually starting the database allows you to review the database log before
starting the R/3 System.
<
NT/SQL:
If not automatically started, use the SQL Server Service Manager to start
the database.
<
NT/Oracle:
<
UNIX:
NT:
<
To start the R/3 System, at the restart, wait for 60 seconds before you change the servers
clock. This step makes it easier to read the system log. For example, the last stop entry is
19:26:xx and the first start entry is 19:27:xx, where time is reported as hh:mm:ss.
6. Check the R/3 System log (SM21) to verify a good start.
Problems at this point may require you to cycle (stop and start) the system.
7. Start R/3 on the application instances.
The application servers would be started any time after step 2.
8. Check the R/3 System log.
92
Release 4.6A/B
6WDUW517
1. On the NT desktop, double-click
SAP R3 Management Console.
4a
4b
93
2a
2b
94
Release 4.6A/B
6WRSSLQJWKH56\VWHP
<
When you stop R/3, coordinate and plan this stoppage with all users or their
representatives.
<
6WRS5&KHFNOLVW
Task
Date
Initial
95
7DVNVWR%H&RPSOHWHG%HIRUH6WRSSLQJWKH6\VWHP
<
([DPSOH
An IT person in a company rebooted a server in the middle of the day without telling
anyone. He had a date that evening and did not want to stay late. The CFO said,
Yeah, hell have a date with the unemployment line.
Before stopping the system, there are several checks that need to be made. The purpose
is to determine that there is no activity on the system when the system is stopped.
Certain activities (such as a large posting job), if interrupted, could have some
transactions posted and some not yet posted. Recovery could then become an issue.
If you are the cause of the emergency, be prepared to take the consequences.
An example of an emergency is not monitoring the file system, having it fill up, which
results in stopping R/3.
<
Reschedule or cancel jobs that will be running or starting during the scheduled
shutdown.
Check SM37 for these jobs and cancel or reschedule them to run after the shutdown.
Watch for repeating jobs, such as daily or weekly jobs.
These jobs are not created until the job for the prior period (day, week, etc.) has run.
In other words, a daily job cannot exist several days in advance.
<
<
Emergency or priority shutdowns (for example, file system full, log full, equipment
failure, etc.) are a different matter.
In these instances, you need to shutdown immediately and users need to accommodate
you. There may be littleif anynegotiating.
6\VWHP0HVVDJH60
:KDW
A system message is a popup that users see when they first log on to the R/3 System. This
window appears after a new message has been created or when users move between
screens.
96
Release 4.6A/B
*XLGHG7RXU
Create.
choose
and select the instance
on which the message should
appear.
In Expiry on, enter the messages
expiration date and time.
Choose
4
5
6
.
When referencing the time for the shutdown, always enter the specific time, time zone, and
date (for example, 0230 PDST-MonJun 8,1998). Entering vague information, such as in 15
minutes creates possible confusion as to when and where an event has been scheduled.
Some examples of confusion that may arise include:
<
<
<
<
97
98
Release 4.6A/B
&KHFNWKDW1R$FWLYH8VHUV$UHRQWKH6\VWHP$/60
*XLGHG7RXU
99
910
Release 4.6A/B
&KHFNIRU%DWFK-REV5XQQLQJRU6FKHGXOHG60
Check for any batch jobs that are running or are scheduled to run during the shutdown.
*XLGHG7RXU
7
2
3
and
6
Execute.
911
Change the display to show the planned start date and time.
From the menu bar, on the screen above, choose Settings Display variant Current.
On the field selection screen, move the planned start date and planned start time from the
hidden fields on the right, to the displayed fields on the left.
10. Choose
Start condition.
10
912
Release 4.6A/B
12
13
913
15
914
Release 4.6A/B
&KHFNIRU$FWLYH3URFHVVHVRQ$OO6\VWHPV60
*XLGHG7RXU
.
2
&KHFNIRU([WHUQDO,QWHUIDFHV
External interfaces are interfaces where data is being moved to or from the R/3 System.
Checking for active interfaces depends on the specific interface and how it has been
designed, built, and implemented. The developer or consultant can help you determine if
the interface is active.
915
6WRSSLQJ5
<
When you bring down or stop R/3, coordinate and plan this event with all the R/3 users
or their representatives.
<
Stop R/3 only after all checks have been made and you are certain that there is no activity
on the system.
To stop the R/3 System:
1. If there are application servers in the system, stop the instance on the application
server(s).
2. Stop the instance on the database server.
<
NT/SQL:
<
UNIX:
NT/SQL:
<
NT/Oracle:
<
UNIX:
916
Release 4.6A/B
2a
2b
2b
4b
4a
917
3. Choose Yes.
918
4a
4b
Release 4.6A/B
&KDSWHU 56\VWHP$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................102
Major System Monitoring Tools ..........................................................................102
Specific Transaction Monitoring Overview ......................................................1032
System Message (SM02) ....................................................................................1051
101
2YHUYLHZ
This chapter will help you understand how to monitor your system. It is crucial that a
system administrator gets a quick overview of the system status and is quickly notified of
critical situations. In this chapter, the reader will learn about the following items:
<
<
Major tasks
<
Specific transactions
<
System messages
0DMRU6\VWHP0RQLWRULQJ7RROV
The major tools of system monitoring provide a quick mechanism to monitor your system.
The two major tools, the CCMS Central Alert Monitor and the System Administration
Assistant (SAA), perform two different functions. The CCMS Central Alert Monitor is
primarily an alert monitor. The SAA is a control panel from which you can directly access
the specific monitoring tools and be notified of any alerts. If you have time constraints, these
major tools provide a quick overview of the system status and notify you of critical
situations that warrant your immediate attention.
&&06&HQWUDO$OHUW0RQLWRU7UDQVDFWLRQ5=
:KDW
Transaction RZ20 is a centralized alert monitor. With this transaction, you can monitor the
servers in your landscape, such as development, QA, testing, production, etc. You no longer
have to individually log into each system to search for alerts. If there is an alert, the monitor
will link to many of the other transactions in this guidebook.
You can do many of your system monitoring tasks with the Central Alert Monitor.
To find Alert Monitor documentation, from the menu bar, choose:
1. Help SAP Library.
2. SAP Library Basis Components Computing Center Management System (BC-CCM)
BC-Computing Center Management System
3. BC-Computing Center Management System the Alert Monitor.
The Central Alert Monitor is not a replacement for examining the other checklist tasks.
Certain alerts, such as Microsoft SQL Server and TMS have not yet been integrated into
the Central Alert Monitor.
102
Release 4.6A/B
:K\
An alert indicates a potentially serious problem that should be quickly resolved. If not
contained, these problems could deteriorate into a disaster.
*XLGHG7RXU
103
$FFHVVLQJWKH&&06$OHUW0RQLWRU5=
1. From the CCMS Alert Monitor
screen, we have the display with
only two monitor sets:
< SAP-delivered SAP CCMS
Monitor Templates
< User-created SystemAdmin docu
104
4, 5
Release 4.6A/B
7
8
8a
8b
&XUUHQW9LHZDQG$OHUW9LHZ
The display has two modes:
<
<
Open alerts
This mode shows alerts that have been generated but not yet acknowledged. In this
mode, alerts are collected over time.
105
6ZLWFKLQJ%HWZHHQWKH&XUUHQWDQG$OHUW9LHZV
On the View: Current system status
screen:
1
106
Release 4.6A/B
)LQGLQJDQ$OHUW
From the monitor screen:
1. Look for red node text.
If a node text is highlighted in red,
there is an alert somewhere below
that text.
3
2
107
108
Release 4.6A/B
14
10
12
109
&RQILJXULQJWKH%DWFK-REWR&ROOHFW+LVWRULFDO'DWD5=
The batch job that collects historical data must be running. The default situation is that the job will not run.
But, running this job will add more data to the database and affect database growth. The batch jobs
provide the data for the performance history option above.
Do not run this batch job unless you want performance history data (RZ20).
1010
Release 4.6A/B
5
6
5. Choose Save.
6. Choose
Next step.
3
4
1011
9LHZWKH$OHUWV
1. Choose Display alerts.
1012
Release 4.6A/B
$QDO\]HWKH$OHUW
1. Select the alert.
2. Choose
.
2
1
1013
$FNQRZOHGJHWKH$OHUW
1. From the detail screen, choose
Display alerts.
1
3
2
You still have to perform a task based on the alert. Acknowledging the alert only means
that you received the alert notification.
1014
Release 4.6A/B
3URYLGH6\VWHP&RQILJXUDWLRQ,QIRUPDWLRQ7UDQVDFWLRQ5=
1. Under the SAP CCMS Monitor
Templates, select System
Configuration.
2. Choose
1015
1016
Release 4.6A/B
0DLQWDLQLQJ7KH$OHUW7KUHVKROGVIRU5=
:KDW
The alert threshold is the point where the alert indicator changes color from:
<
<
Green to yellow
Yellow to red
<
Red to yellow
<
Yellow to green
:K\
Each installation is different, so the point at which an alert changes color depends on the
individual installation.
Sample situations where you would want to change the threshold levels when:
<
A high amount of paging is a cause for concern on the production system, but it is
expected on the development system.
<
The only file on a drive may be the database file, which is completely filling the drive.
A filesystem full alert on that particular drive is of no concern, because the database
would have been configured to take up the whole drive.
+RZ
*XLGHG7RXU
2. Select an alert.
3. Choose Properties.
1
1017
Group:
From the menu bar, choose
Edit Properties Use from
MTE class/group.
<
Individual:
From the menu bar, choose
Edit Properties Use for
individual Monitoring Tree
Element (MTE).
6. Choose
1018
Release 4.6A/B
.
9
11
10
+LGLQJ6$36WDQGDUG0RQLWRU6HWV
The monitor sets that are being hidden are not usually needed.
1. On the CCMS alert monitor screen,
from the menu bar, choose
Extras Activate maintenance
function.
1019
5
6
1020
Release 4.6A/B
1021
1022
Release 4.6A/B
&UHDWHD1HZ0RQLWRU6HW
1. On the CCMS alert monitor screen,
from the menu bar, choose
Extras Activate maintenance
function.
5
6
1023
$GGD0RQLWRUWRWKH0RQLWRU6HW
1. From the menu bar, choose
Extras Activate maintenance
function.
1024
Release 4.6A/B
.
3
1025
7
8
11
10
1026
Release 4.6A/B
13
12
15
15
1027
6\VWHP$GPLQLVWUDWLRQ$VVLVWDQW7UDQVDFWLRQ66$$
:KDW
The System Administration Assistant (SAA) was developed as part of the Ready-to-RunR/3 project. The core of the SAA has been brought into standard R/3 and is now available.
The SAA lists all the R/3 administrative tasks and tracks tasks that need to be done. It also
provides documentation on each task and displays critical, and non-critical, alerts.
:K\
It helps the system administrator track work by providing a point of reference for all
relevant system administration transactions.
+RZ
*XLGHG7RXU
1028
Release 4.6A/B
3. Choose
4. Choose
.
4
1029
1030
Release 4.6A/B
11
10
1031
12. Critical
and noncritical
in each task are displayed.
alerts
12
6SHFLILF7UDQVDFWLRQ0RQLWRULQJ2YHUYLHZ
)DLOHG8SGDWHV7UDQVDFWLRQ60
:KDW
An update terminate (or failed update) is an update to the database that failed. These
terminates occur when a user entry or transaction is not entered or updated in the database.
The following example should help clarify this concept:
([DPSOH
1. The accountant gives a file clerk a folder (similar to the save in a transaction).
2. The file clerk gives the accountant a receipt (similar to the R/3 document number).
3. On the way to the file cabinet, the clerk falls and gets hurt.
The folder in not filed in the cabinet (the failed update).
4. The end result is that the folder is not in the cabineteven though the accountant
has the receipt.
This same end result occurs in an update environment, the document is not in the
R/3 Systemeven though the user has a document number.
1032
Release 4.6A/B
For performance reasons, the database update is done in an asynchronous mode. In this
mode, the user continues to work while the system takes over the update process and waits
for the database update to complete.
In a synchronous mode, users would have to wait until the database has successfully
updated before they could continue to work.
:K\
Users assume that when they receive a document number, the entry is in the system. But it
is not. Even if the users received a document number, because of the update terminate, no
trace of it exists in the system.
([DPSOH
Even though a sales order document number is generated, the order does not exist.
Therefore, customers would not receive their order, and no trace of the order would exist
in the system.
:KHQ
<
Late morning
<
<
Early afternoon
Late afternoon
If you have a global operation, your schedule should be adjusted to account for other time
zones and someone in that time zone should participate in the monitoring.
The longer you wait after the update terminate has occurred, the more difficult it is for users
to remember what they did when the update terminate occurred. If you wait too long, the
user will not remember.
When things go wrong, they can really go wrong. For example, in one situation, there were
over 600 update terminates that occurred in a 30-minute period. The system administrators
were not alerted to the problem so prompt action was not taken. Therefore, normal business
transactions continued to be entered and each one was terminated.
On Windows NT, from R/3 Release 3.0F and higher, system log entries are written to the
NT event log. You might consider configuring an event log monitor to page you when an
update terminate occurs. This step reduces the need to constantly check transaction SM13. It
also reduces the exposure between the time the update terminate occurs, when you find out
about it, and when you can get to the user.
The following message appears: You have express mail in you inbox. This message means
that an update terminate has occurred on the users transaction.
1033
*XLGHG7RXU
2
3
1034
Release 4.6A/B
0DQDJLQJ8SGDWH7HUPLQDWHV
1. Double-click on an entry with an
Err status.
1035
1036
Release 4.6A/B
Some of the problems that can occur with an update terminate include:
<
No short dump
In this case, the only clues you have are the:
User ID
Date
Time
Transaction
<
<
<
<
1037
6\VWHP/RJ7UDQVDFWLRQ60
:KDW
The system log is the R/3 Systems log of events, errors, problems, and other system
messages.
:K\
The log is important because unexpected or unknown warnings and errors could
indicate a serious problem.
:KHQ
The ability to properly monitor the system log comes with experience. Over time, you
will become familiar with what log entries normally appear in your system log, and
recognize the unusual ones that need investigation.
*XLGHG7RXU
1038
Release 4.6A/B
1039
1040
Release 4.6A/B
/RFNV7UDQVDFWLRQ60
:KDW
A lock is a mechanism that prevents other users from changing the record on which you
are working. The example below illustrates the importance of using this function.
([DPSOH
You are changing a customer mailing address, while someone is simultaneously changing
the customers telephone number. You first save your change; then the other person saves
his or her change. The other persons change overwrites your change, and your change
will be lost.
:K\
There may be old locks still in place from transactions that did not release, or from when
the user was cut off from the network. Unless cleared, these locks prevent access or change
to the record until the system is cycled. The easiest way to locate these locks is to look for
locks from prior days.
We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter
defines an automatic logout of the user if there is no activity for the set number of minutes.
Setting the auto_logout parameter is recommended for security. It is also an item for which
your external auditors may test. The parameter is a global setting that applies to all users
on the instance. You cannot have different logout times for different groups of users on the
same instance.
The only way to have different logout times for different groups of users is to have specific
groups (for example, Finance) log in to specific instances (for example, the Finance
application server) where this parameter is set in the instance profile of that instance.
1041
*XLGHG7RXU
2
3
1042
Release 4.6A/B
<
<
Transaction SM50
<
Transaction SM51
<
Transaction SM37
<
Transaction SM13
<
<
$FWLYH8VHUV7UDQVDFWLRQV60DQG$/
:KDW
These transactions display all the users who are currently logged on to the system. They
show both the users ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to unfamiliar
terminals. An unfamiliar terminal may indicate that someoneother than the designated
useris using that user ID.
1043
A user logged on to more than one terminal may indicate that the ID is being used:
<
<
If a problem arises, you will not know who created the problem.
This situation makes the problem difficult for you to fix and prevent from happening
again.
<
Prudent security practices do not allow for the sharing of user IDs.
<
Your external auditors may also perform this test to test your security.
Release 4.6 allows you to prevent concurrent sharing of user IDs by activating the
disable_mult_gui_login system profile. We recommend that you activate this parameter.
3UREOHPV
Transaction SM04 may show a user as active, when the user has actually logged off. Because
the user session was not properly closed, the system thinks that the user is still logged on.
This condition can be caused by one of the following:
<
<
Users who turn off their computer without logging off from the R/3 System.
6LQJOH,QVWDQFH6\VWHP7UDQVDFWLRQ60
*XLGHG7RXU
1044
Release 4.6A/B
0XOWL,QVWDQFH6\VWHP7UDQVDFWLRQ$/
If you have several instances in your system, using AL08 is easier, because you can
simultaneously see all users in all instances on the system.
1. In the Command field, enter transaction AL08 and choose Enter
(or from the SAP standard menu, choose Tools CCMS Control/Monitoring
SM66-All work processes.
2. From the menu bar, choose Goto Global users overview.
3. The Current Active Users screen
shows all the instances in your
system.
4. For each instance, a list of the users
logged onto that instance/
application server is also provided.
3
4
3
4
1045
:RUN3URFHVVHV7UDQVDFWLRQV60DQG60
:KDW
Process overview transactions allow users to view the status of work processes and monitor
for problems. Transaction SM51 is a central transaction from which you can select the
instance to monitor. SM51 starts transaction SM50 for each application server, which is used
for a system without application servers.
:K\
Transaction SM51 is one place to look for jobs or programs that may be hung, which
maybe indicated by long run times. If batch jobs are not running, transaction SM50 may
provide a hint of the problem, if all the batch work processes are in use.
)RUD6\VWHPZLWK$SSOLFDWLRQ6HUYHUV
*XLGHG7RXU
.
2
1046
Release 4.6A/B
)RUD6\VWHP:LWKRXW$SSOLFDWLRQ6HUYHUV
*XLGHG7RXU
1047
Column Text
Definitions
No
Ty
PID
Status
Err
CPU
Time
Program
Clie
Client number
User
Table
$%$3'XPS$QDO\VLV7UDQVDFWLRQ67
:KDW
An ABAP dump (also known as a short dump) is generated when a report or transaction
terminates as the result of a serious error. The system records the error in the system log
(transaction SM21) and writes a snapshot (dump) of the program termination to a special
table. This transaction can also be called from the system log (transaction SM21).
:K\
An ABAP dump is used to analyze and determine why the error occurred and take
corrective action.
1048
Release 4.6A/B
*XLGHG7RXU
<
6LPSOH6HOHFWLRQ
2. Under No. of short dumps, if you
see a value other than zero (0) in
Today or Yesterday, dumps have
occurred that need to be
examined.
3. Select Today.
4. Choose
Proceed to step 8.
)UHH6HOHFWLRQ
5. Choose
Selection.
5
1049
7
6
1050
Release 4.6A/B
Despite being called a short dump, ABAP dumps may be more than 75 pages long. We
recommend you save the dump locally and print out only the portion you need.
If the SAP hotline asks for a copy of the short dump, rather than fax the entire dump, it is
easier to e-mail or upload the file (see SAP note 40024).
6\VWHP0HVVDJH60
:KDW
<
:K\
<
To send a broadcast message to everyone on the system (for example, SAP will be down
for scheduled maintenance from 6:00 p.m. PST Friday, October 23 to 12:00 p.m. PST Saturday,
October 24.).
<
To inform the user about the system they are logging on to.
This information is recommended for systems other than the production system, such as
development, test, sandbox, training, etc. (for example, You are logging into QAS, copy of
PRD as of Nov-1-98 at 0100 PST).
1051
&UHDWLQJD0HVVDJH
*XLGHG7RXU
Create.
3
4a
4b
5
6
1052
Release 4.6A/B
To prevent the message from expiring, enter a date several years in the future.
When referencing the time for an event, always enter the specific time, time zone, and date
(for example, 0230 PDST-MonJun 8,1998). Entering vague information (such as in 15
minutes), creates confusion as to when and where an event has been scheduled. Some
examples of confusion that may arise includes:
<
<
<
<
1053
(GLWLQJD0HVVDJH
*XLGHG7RXU
Change.
3
2
5a
5b
5c
6
1054
Release 4.6A/B
$%$3(GLWRU6(
:KDW
An R/3 system administrator will need to execute certain reports and programs to apply a note or in
relation to everyday duties and tasks.
+RZ
.
3
2
1055
7. Choose Back.
)RU,QIRUPDWLRQ$ERXWD3URJUDPRU5HSRUW
1. In the Program, enter RSPO0041.
2. Select Documentation.
3. Choose
Display.
2
3
1056
Release 4.6A/B
1057
1058
Release 4.6A/B
&KDSWHU 6HFXULW\$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................112
Audits .....................................................................................................................114
Security Layers .....................................................................................................116
Operational Security...........................................................................................1125
Audit Tools ..........................................................................................................1137
Audit Tasks..........................................................................................................1157
111
2YHUYLHZ
The purpose of this chapter is to make you aware of your responsibilities as the R/3 system
administrator(s) for security. These responsibilities include:
< Protecting the R/3 System
<
When an audit is performed on an R/3 System, the administrator(s) will be responsible for
responding to the audit findings. This chapter is an attempt to prepare you for these audits.
Each auditing firm has their own audit procedures and may look at many different items, so
we cannot prepare you for everything. However, we will try to prepare you for the core
group of items that all firms normally look at.
This chapter is only an introduction to computer security and its importance. Although an
entire book can be written on this subject, even that would be insufficient. We recommend
that you contact and work with all the parties (external auditors, internal auditors, finance
department, legal department, and others) who might be affected by system security.
:KDWLV6HFXULW\"
Security is more than the R/3 authorization (or keeping undesirables out of the system).
It is concerned with the following issues regarding data:
<
<
<
Security is a broad topic and can be organized in many different ways. Some of the areas
covered include:
<
<
<
<
112
Release 4.6A/B
<
<
6DIHJXDUGLQJWKH'DWDIURP'DPDJHRU/RVV
There are two major sources of damage:
<
<
&RPSO\LQJZLWK/HJDO5HJXODWRU\DQG2WKHU5HTXLUHPHQWV
:KDW
Other reasons for security are defined by laws, contracts and other parties.
Security is a sensitive issue, and it has legal implications. One good example of security is
insider trading. Before defining insider trading, we have to first define insider knowledge or
inside information. Insider knowledge or inside information means you have information,
which is not known or available to the general public. If the information is known to the
general public, it could affect the stock price. Insider trading is using inside information to
buy or sell stock and make a profit or reduce a loss. Even if you do not profit from the sale,
you could be held liable.
113
([DPSOH
In one company, an employees spouse passed on inside information to a relative, who
purchased the stock, then sold the stock at a profit after the earnings announcement.
That relative made a profit by buying the stock before the earnings announcement
(insider trading). The SEC fined the spouse and the relative. The spouse was guilty of
providing insider information to the relative, who then made the profit on the sale of the
stock. Both, therefore, were guilty of insider trading.
([DPSOH
The IS director of a company asked for authorization to log into the production R/3
System. This request raised the concern of the accounting/finance department. Access to
financial information is typically on a need-to-know or need-to-access basis, and the
IS director did not need to access the production R/3 System. Red flags went up when
he started asking about financial performance information (quarterly earnings), well
before this information was made public. He was asking for insider information.
+RZ
$XGLWV
As a system administrator, you will be affected by two audits:
< Security
<
Financial
)LQDQFLDO$XGLW
:KDW
114
Release 4.6A/B
be placed on the data in the R/3 System. Your external auditors will evaluate your system
security to determine what audit tests to perform and how much testing they will have to
do.
:K\
If their evaluation results are not good, they may need to increase the scope of their audit.
This increased scope also increases the cost of the audit, and the extra work could delay the
completion of the audit. In a worst case scenario, they could determine that the security is so
weak that they cannot issue an opinion on the companys financial statements. This
situation is really bad.
Because of the effect on the stock price (down) that this inability to issue an opinion will
probably cause, the chief financial officer (CFO), and likely the president, will be quite
upset. Is your resume updated?
6HFXULW\$XGLW
:KDW
A security audit is performed specifically to test the security of the R/3 environment. This
audit is usually done as a part of the financial audit or to comply with government or other
regulatory agencies. It can also be done by your companys internal audit group.
:K\
As a security audit.
As a part of the financial audit, the CPA will typically do a security audit of R/3 and the
associated systems. The purpose of the security audit is to determine how much reliance can
be placed on the data in the R/3 System. Your external auditors will evaluate your system
security to determine what audit tests to perform and how much testing they will have to
do.
The audit is also done to test the security of confidential data, such as:
<
Financial information
<
Customer data
<
Product information
<
$XGLW&RQVLGHUDWLRQV
:KDW
Audit considerations are the things that auditors will look at when they do the financial
audit, or a computer security audit.
Some of these considerations are:
<
Physical security
<
Network security
115
<
<
:K\
These tasks are done to support the financial or security audit. Without knowing what the
auditors will look for, you cannot properly prepare yourself, and protect the system.
1RWH This section is not an all-inclusive SAP security audit. It is only to make you
aware of some of the things that could be reviewed as part of a security audit. We
recommend that you work with your auditors before the financial audit, to review your
system and bring it up to acceptable standards for the audit.
6HFXULW\/D\HUV
To make security more manageable, we have chosen to use the security layer model, one of
the many existing security models. It uses the following three major layers of security:
Data
Security
Access
security
116
<
Access security
Physical security
Network security
Application security
<
Operational security
<
Data security
Operational
Security
Release 4.6A/B
$FFHVV6HFXULW\
3K\VLFDO6HFXULW\
:KDW
Physical security controls the physical access to R/3 and network equipment.
Like the graphic on the previous page, to get to the inner circle, an intruder must penetrate
the outer circles as follows:
<
<
<
Into the areas of the building where the users are or where the equipment is located
Finance
MIS
Computer operations
Into the specific equipment rooms within these areas of the building
Server room
Wiring closet
Network room
<
:K\
This layer is probably the most important. If an intruder can physically access your
equipment, all your other security layers can be bypassed.
When this layer is bypassed:
<
<
<
<
Without physical access to the equipment, the intruder must electronically access the system
through the network.
+RZ
The R/3 equipment should be located in a secured room. Access to the room should be only
through a locked door. It is crucial to control who is allowed access to the server room.
If you have electronic card key access, periodically audit the access log for the server room.
The periodic review of the access log may be an item for which auditors will test.
117
1HWZRUN6HFXULW\
:KDW
Network security also has sublayers of security. The goal of this security type is to control
the following types of access to the network:
< External
<
Logon
This type controls on-site and remote access and where on the network users can go
once they gain access.
:K\
If intruders access your network, they could have an electronic link to your computers.
+RZ
Use network security specialists to properly configure the various access points into your
network and, once users are on the network, control their movements.
Some of these points of control are:
<
Outside access
Dial-in access
Internet access
Other remote access methods, such as VPN
<
<
This access method is the actual logon to the network (for example, the NT domain).
Access to portions of the network.
NT domains
A dedicated SAP domain where only the administrators are allowed to directly log
onto.
<
Other domains where users will log onto, trust the SAP domain, but the SAP domain
does not trust other domains.
Router tables
This table can be used to control (by IP address) which users can access the SAP
servers.
118
Release 4.6A/B
$SSOLFDWLRQ6HFXULW\
:KDW
Like the other layers, application security has sublayers of security, which controls:
<
<
The ability to log into the application, such as logging into R/3
Where a user can go in the application
<
<
What a user can do based on the system data in the application [such as the R/3 System
(for example, limiting the user to company 001 and cost center 200)]
R/3 security functions at this layer.
:K\
This layer provides the fine or specific security of what a user can do [for example, read (not
change) accounting data for only cost center 200 in company 001].
+RZ
Profile Generator (transaction PFCG; for more information, see Authorizations Made Easy)
<
<
<
2SHUDWLRQDO6HFXULW\
:KDW
This layer is security at the operational or user level. Because it is primarily procedures and
control, there are few computer or systems issues related at this level.
:K\
These are organizational and people issues, which are always a problem, because people
need to comply with guidelines and rules. The problem is, of course, that some people never
want to comply with guidelines.
+RZ
Segregation of duties
<
<
Password standards
<
Log off when away from the computer, such as during lunch or at the end of day
119
'DWD6HFXULW\
This layer is closely knit to the material in chapter 2, because disaster recovery is an integral
part of data security.
:KDW
<
Backup data
The goal of this security layer is to preserve application data (usually on tape) so that the
system can be recovered.
<
:K\
<
+RZ
<
1110
Release 4.6A/B
<
Intrusion alert
Environmental alerts
Backups
Backup tapes should be sent to a secure, off-site data storage facility.
This step protects the backup data from damage or destruction a disaster.
Tapes at both the off-site backup and the on-site tape storage facilities must be
secured to prevent the theft of the backup tapes.
If the backup tapes were stolen, the data can be restored and hacked. Using database
tools, most R/3 security could be bypassed by directly reading the tables.
$SSOLFDWLRQRU56HFXULW\
&RQWUROOLQJ$FFHVVWR5
Also see the Password section in this chapter.
3UHYHQW0XOWLSOH8VHU/RJLQV
:KDW
This process prevents users from logging onto the system multiple times. Multiple user
logons is when several users are sharing a user ID, or someone is using a users ID without
the users knowledge. Preventing multiple user logons is not allowing more than one R/3
logon from one user ID.
:K\
<
+RZ
3UHYHQWLQJ&KDQJHVLQWKH3URGXFWLRQ6\VWHP
:KDW
The production system should be set to Not modifiable. The locks on the system should be
set so that configuration changes (client-independent and client-dependent) cannot be made
directly into the production system. The purpose for this setting is to ensure that all changes
are completed in a controlled manner.
1111
Configuration changes should not be made directly into the production system. This
restriction maintains the integrity of the production system. If changes are made directly
into the production system, it may break because the change:
<
<
The goal is to protect the production system from changes, without the changes being
properly tested and to preserve the integrity of the pipeline. If changes are made into the
production system, the development and testing pipeline could become out of sync with the
production system. If the pipeline is out of sync, it get difficult to develop and test with any
certainty that things will not be different in the production system.
All changes should be made in the development system and then transported through the
pipeline into production. In this way, all systems get the same changes. A common excuse is
that making changes directly into the production system, takes too long to transport the
fix.
By making changes directly into the production system, you:
<
Create an out of sync landscape, where the change made to the production system is
not the same as the changes made to the development or test systems.
<
([FHSWLRQV
1112
<
<
Release 4.6A/B
6HWWLQJWKH3URGXFWLRQ6\VWHPWR1RW0RGLILDEOH7UDQVDFWLRQV6(6&&
:KDW
There are switches that prevent changes from being made in the system. In the production
system, these switches should be set to Not modifiable. The purpose of this setting in the
production system is to make sure that changes are made using the development pipeline.
With this procedure, changes are properly tested and applied to the systems in the pipeline.
:K\
Objects should not be modifiable in the production system. This rule protects the
production system from object and configuration changes before being tested. By setting the
production system to Not modifiable, before the integrity of the pipeline is preserved.
+RZ
There are two transactions (SE03 and SCC4) that you will use to set the system to Not
modifiable. (These transactions can also be used for other tasks.)
1113
&OLHQW,QGHSHQGHQW&KDQJHV7UDQVDFWLRQ6(
*XLGHG7RXU
1114
Release 4.6A/B
&OLHQW,QGHSHQGHQWDQG&OLHQW'HSHQGHQW&KDQJHV6&&
*XLGHG7RXU
3. To continue, choose
1115
.
5
9. Choose Save.
1116
Release 4.6A/B
9. Choose Save.
9HULI\LQJWKDW'DQJHURXV7UDQVDFWLRQV$UH/RFNHG
:KDW
<
:K\
If users accidentally access these transactions, they could corrupt or destroy the R/3 System.
<
In a production system:
<
Access to dangerous transactions is more critical in the production system than the
development or test systems. This criticality is because of live data and the companys
operational dependency on the R/3 System.
In a developmental system:
Certain transactions should be locked in the production system, but not in the
development, test, or training systems. Standard security normally prevents access to
these transactions, but some administrators, programmers, consultants, and functional
key users could access them depending on which system they are. In these cases, the
transaction lock provides a second line of defense.
1117
There are over 48,000 English transaction codes in the R/3 System. To manage such a large
number of transactions, lock only the critical ones. Your functional consultants should
supply you with any additional critical transactions in their modules.
The table below is organized with input from Basis consultants and users and lists
transactions that we recommend you lock. The transactions are categorized by the following
risk categories:
1118
<
Dangerous
<
Security-related
<
Performance impact
Transaction
Description
Dangerous
Security
F040
Document Archiving
F041
F042
F043
Customer Archiving
F044
Vendor Archiving
F045
Document Archiving
F046
GCE2
GCE3
KA10
KA12
KA16
KA17
KA18
KA20
O001
O002
O016
OBR1
OBZ7
OBZ8
Performance
Release 4.6A/B
Transaction
Description
OBZ9
OD02
OD03
OD04
OIBA
OIBB
OIBP
OMDL
OMDM
OMEH
OMEI
OMG7
OMI6
OML0
OMM0
OMNP
OMSN
OMSO
OMSZ
OMWF
OMWG
OMWK
OOPR
OOSB
OOSP
OOUS
OP15
OP29
OPCA
Dangerous
Security
Performance
1119
1120
Transaction
Description
Dangerous
OPCB
OPCC
OPE9
OPF0
OPF1
OPJ0
OPJ1
OPJ3
OSSZ
OTZ1
OTZ2
OTZ3
OVZ5
OVZ6
OY20
OY21
OY22
OY27
OY28
OY29
OY30
SARA
SCC5
Client delete
SE01
Transport Organizer
SE06
SE09
Workbench Organizer
SE10
Customizing Organizer
SE11
SE13
SE14
Security
Performance
Release 4.6A/B
Transaction
Description
Dangerous
Security
Performance
SE15
SE16
Data Browser
SE17
SE38
ABAP workbench
SM49
External OS commands
SM59
SM69
External OS commands
ST05
SQL trace
SU12
X
X
X
The following table shows dangerous transactions that probably cannot be locked because
they are (or could be) used regularly. These transactions may have other valid reasons for
use in a production systembut because of the potential danger, need to have restricted
access.
Transaction
Description
Dangerous
Security
RZ10
SA38
ABAP Workbench
SM04
User Overview
SM12
System Locks
SM13
Update Terminates
SM30
Table Maintenance
SM31
Table Maintenance
STMS
SU01
User Maintenance
SU02
SU03
Performance
Table TSTCT contains the transaction codes and the name of the transaction. The current
content is over 93,000 entries in the table, with over 48,000 in English.
1121
+RZ
<
<
<
*XLGHG7RXU
1122
Release 4.6A/B
5
6
.
4
6. Choose Back.
Check which transactions you are locking. You could accidentally lock yourself out of a
key transaction, which would prevent you from unlocking this or other transactions.
1123
7R/LVW/RFNHG7UDQVDFWLRQV
1. In the Command field, enter transaction SECR and choose Enter.
2. Select Complete audit.
3. Choose
.
3
2
1124
Release 4.6A/B
2SHUDWLRQDO6HFXULW\
This section describes selected operational security issues.
6HJUHJDWLRQRI'XWLHV
:KDW
There are standard audit guidelines that cover job or task combinations that are considered
risky or that reduce internal controls.
Some of these combinations are:
<
<
<
1125
Your external auditors should help you define these risky combinations. Testing for
segregation of duties is a standard audit procedure.
:K\
The review of segregation of duties should be completed with the various user owners (key
users of each functional area).
Out of necessity, smaller companies must assign multiple functions to a single person. Be
aware of the potential security risks in this situation. If you must combine functions,
combine them in a way that minimizes risks.
5HVWULFWLQJ$FFHVVWR6$3
RU'',&
:KDW
These are system user IDs that have restricted uses for specific purposes.
:K\
There are certain functions that can only be performed by SAP* or DDIC. If an R/3 user
requires similar functionality, they should have a copy of the SAP* profile. These users
should be grouped as super users, with the appropriate security approvals.
The security profile for SAP* is SAP_ALL. This profile is extremely powerful because it
grants the user complete access to the system. For more information, see chapter 12,
Recommended Polices and Procedures: System Administration.
A user with user administration rights cannot change the password to gain access to a user
ID and then change it back to the original password. Passwords are not visible to the
administrators, so they cannot restore the original password if they do not know it. At the
next logon, the owner of the user ID will know that the password has been altered because
they will be unable to log on with their current password.
1126
Release 4.6A/B
+RZ
1. Log on using SAP* and DDIC to determine if someone has changed the password.
2. Periodically change the password for these users in all:
<
Systems
<
This step prevents a person who knows the password from accessing the system.
3. Update the secured password list.
4. Verify that the system profile parameter login/no_automatic_user_sapstar has been
configured, to prevent the use of the automatic user sap*.
If the user ID has been deleted, this step prevents the backdoor usage of user sap*.
&KDQJH0DQDJHPHQW
:KDW
Change management is the process of controlling what changes are made to the system. In
this context, system refers to the entire system environment, not just R/3.
:K\
One aspect of security is to control and know what changes are made to the system.
+RZ
Item of concern:
< Is there a change management procedure for changes being made to the R/3 System?
<
<
Are reviews and approvals required to move changes into the production system?
6KDULQJRI8VHU,'V
:KDW
This process occurs when more than one person uses a single user ID.
:K\
<
If there is a deliberate security breach, there is no way to track the responsible party.
2WKHU
Despite the cautionary statements above, there are a few situations where it is not practical
to have individual user IDs. These situations must be treated individually and with
management and internal audits review and approval.
1127
([DPSOH$:DUHKRXVH
In a warehouse, there is one computer and several employees who use that computer to
post their warehouse transactions such as goods issued, goods received, etc. This process
occurs because the user ID is used to log on, not at the individual transaction level, but
the R/3 System. For each transaction that the warehouse employee access, it is
impractical to log on to R/3, access transaction, and log off from R/3. The alternative is
to have a computer for each warehouse person, although this step may not be
economically justified.
+RZ
<
We recommend that this value be set to 1 to prevent multiple logins under the same user
ID.
3DVVZRUG,VVXHVDQG7DVNV
The password is the users key to accessing R/3. Like the key to your house, safeguarding
this key is important to keep undesirables out. Your company should have a clear and
practical company password policy, which should be distributed to all users informing
them not to use easy-to-guess passwords.
A password policy that is too restrictive or difficult to comply with could defeat the
purpose of this policy. Users will write their passwords down and leave it in an easily seen
place, which means you have lost your security.
1128
Release 4.6A/B
6HWWLQJ3DVVZRUG6WDQGDUGV8VLQJ7UDQVDFWLRQ5=
:KDW
There are security parameters for the users password (for example, the minimum password
length, the time interval that the user must change their password, etc.).
The following is a list of the most important password parameters:
<
<
<
:K\
Properly assigned parameters will make it more difficult to break into the system.
Your external auditors may check to see if you have set the security parameters.
+RZ
To set up password parameters, maintain system profiles with transaction RZ10 (for more
information on this transaction, see chapter 20).
(OLPLQDWLQJ6RPH(DV\3DVVZRUGV
:KDW
There are certain passwords (for example, 123, QWERTY, abc, sex, sap, <your company name>)
that are well known or easy to guess. You can prevent these passwords from being used by
loading them into a table (USR40) that the system checks when the user attempts to save a
new password.
Table USR40 is only a basic level of password security and is maintained manually.
There are third-party password security programs that can be integrated into R/3.
1129
:K\
A password is the key to enter the system, similar to the key you use to enter your home. If
users choose easy-to-guess or well-known passwords, security is compromised and your
system is potentially at risk.
Your external auditors may check to see if you have a mechanism to secure against users
with easy-to-guess passwords.
+RZ
A table of prohibited passwords is a user-defined list of passwords that are prohibited from
being used in the R/3 System. This table is not a substitute for good password policies and
practices by the users. Interaction occurs between a system profile parameter and the table
of prohibited passwords.
If the minimum password length is set to five characters, there is no reason to prohibit
passwords like 123 or SAP, because these passwords would fail the minimum length
test. However, if company security policy requires it, you could include all passwords that
are considered risky in the table.
The following is a list of easily guessed passwords that cannot be put into any table:
<
<your name>
<
<
<
<
<
<
:K\
There are many lists circulating of commonly used user passwords. If one of these
passwords is used, the chances of an unauthorized person accessing a users account
increases.
+RZ
Changes will be made to table USR40 using transaction SM31, the general table maintenance
transaction. (For more information on this transaction, see chapter 19, Change Management:
1130
Release 4.6A/B
Table Maintenance.). This change creates a transport that can then be transported throughout
the landscape.
SAP
GOD
<
ABC
<
QWERTY
<
SEX
<
XYZ
<
PASSWORD
<
123
<
12345*
<
54321*
<
*12345*
<
<
<
<
<competitors names>
<
5HFRUGLQJ6\VWHP3DVVZRUGV
We recommend that you never write down passwords, except for the:
<
<
Many systems, clients, and all the other areas where passwords are required.
<
Need to access the system if the SAP system administrator(s) is not available.
1131
5HFRPPHQGHG3URFHVV
<
<
User IDs that are used or needed to maintain the R/3 System include:
SAP*
DDIC
SAPCPIC (see note 29276)
EarlyWatch (client 066)
All user-created administrative IDs
Any other non-SAP user ID that is required to operate the system, such as for the
operating system, the database, and other related applications.
<
The password list should be updated and replaced whenever passwords are changed.
Two people should prepare the list, change the password, and verify the new password
one user ID at a time. If the recorded password is wrong, those keys are lost, and you may
not be able to log on to the system.
Following are sample password tables:
Server
SID
Client
User ID
Password
SAPR3T
TST
000
SAP*
Newpass
DDIC
Newpass
<SID>ADM
Newpass
SAPCPIC
Newpass
SAP*
Newpass
DDIC
Newpass
<SID>ADM
Newpass
SAPCPIC
Newpass
SAP*
Newpass
<SID>ADM
Newpass
Earlywatch
Newpass
SAP*
Newpass
DDIC
Newpass
001
066
100
1132
Release 4.6A/B
Server
SID
Client
User ID
Password
BATCH1
Newpass
<SID>ADM
Newpass
SAPCPIC
Newpass
All systems should have entries for clients 000 and 001. In addition, the production system
should have an entry for client 066. Clients 000 and 001 are default clients in all systems,
and client 066 is the EarlyWatch client and may not exist in every system.
Where
User ID
Password
NT
Finance/DEVADM
Newpass
Finance/PRDADM
Newpass
sa
Newpass
sapr3
Newpass
root
Newpass
<SID>ADM
Newpass
system
Newpass
SYS
Newpass
OPS$<SID>ADM
Newpass
OPS$SAPSERVICE<SID>
Newpass
SAPR3
Newpass
SQLserver
UNIX
Oracle
1133
*XLGHG7RXU
3
4
1134
Release 4.6A/B
This process must be repeated for every system and client in which the user ID has an entry.
With Central User Management, you can manage users across all systems (for more
information, see Authorizations Made Easy, Release 4.6).
2SHUDWLQJ6\VWHP/HYHO
At the operating system level, the following user IDs should have their passwords changed:
17
In some places, NT is case sensitive (for example, at the initial login screen).
8VHU,'V
<
<SID>ADM
<
SAPService<SID>
6HUYLFHV
<
<
SAP
These services will either use user ID <SID>ADM or SAPService<SID>
SAP<SID>_<instance>
SAPOsCol
SAProuter
Oracle
OracleService<sid>
OracleTNSListener80
The default user that the Oracle services runs under is system
<
SQLserver
MSSQLServer
SQLServerAgent
Informix
INFORMIX-OnLineDynamicServer
INFORMIX-OnLineMessageService
<
DB2
DB2-DB2DA400
1135
81,;
8VHU,'V
<
<sid>adm
<
root
6HUYLFHV
ora<sid>
'DWDEDVHV
For the databases, the following user IDs should have their passwords changed:
'%
NT/DB2 (see SAP note 80292)
,QIRUPL[
See note 15399
0LFURVRIW64/6HUYHU
<
<
sa
<
sapr3
2UDFOH81,;
User IDs:
<
SAPR3
<
SYS
<
SYSTEM
8VHIXO6$31RWHVIRU2UDFOH81,;
1136
SAP Note #
Description (Release)
117736
4.5A
101318
4.0B
086857
4.0A
Release 4.6A/B
Use the program chdbpass to change the passwords. This program automatically updates the
SAPUSER table and enables the user <sapsid>adm to access the database.
2UDFOH17
< system
< sys
< op$<sid>adm
< ops$sapservice<sid>
< sapr3
$XGLW7RROV
$XGLW,QIRUPDWLRQ6\VWHP7UDQVDFWLRQ6(&5
:KDW
The Audit Information System (AIS) is designed for the system and business audits and will
likely be requested to be run by internal or external auditors. It puts into one place many of
the R/3 security tools. The center of the AIS is the Audit report tree. AIS uses standard R/3
reports and transactions to conduct the review and is a standard component in Release 4.6A.
However, you can import the AIS into your system back to Release 3.0D or higher. AIS also
provides an interface to export data to an external auditing system that analyzes financial
statements.
:K\
Auditors examine the results of automated and manual financial and system procedures to
ensure that there is a checks-and-balances infrastructure to prevent fraud, etc. AIS enables
the auditors to test transactions and run reports during the inspection.
+RZ
User defined
1137
&RPSOHWH$XGLW
In the Command field, enter transaction SECR and choose Enter
(or from the SAP standard menu, choose Information Systems SECR-Audit Info System).
1. Select Complete audit.
2. Choose
.
2
1
1138
Release 4.6A/B
6\VWHP$XGLW
2
3
1139
5. Choose Back.
1140
Release 4.6A/B
%XVLQHVV$XGLW
2
3
4
6
5
1141
8VHU'HILQHG$XGLW
You can also conduct a user-defined audit by creating a view or subset of a complete audit.
1. In the Command field, enter transaction SECR and choose Enter
(or from the SAP standard menu, choose Information Systems SECR-Audit Info System)
2. Select User-defined audit.
3. Under User-defined audit, enter a view name (for
example, ZVUE).
4. Choose
4
2
3
6
7
10. Choose
1142
9
10
Release 4.6A/B
12. Choose
Display to check the view of this
structure.
12
13
1143
6HFXULW\$XGLW/RJ60
:KDW
The Security Audit Log records the security-related activities of users in the system. These
activities include successful and failed:
<
<
<
RFC/CPIC logons
<
Changed or deleted:
Authorizations
Authorization profiles
User master records
Changes to the audit configuration
<
The log is created each day, and previous logs are neither deleted nor overwritten. The log
files can become numerous and large, so we recommend that the logs be periodically
archived before being manually purged. An audit analysis report can be generated from the
audit logs. You can analyze a local server, a remote server, or all the servers in an R/3
System.
:K\
Based on certain criteria, the information in the security audit files can be manipulated to
tailor the audit analysis report.
The report assists the administrator:
1144
<
<
Release 4.6A/B
<
<
+RZ
<
The number of audit logs created by the system depend on the following:
<
<
You may choose to set the maximum space for the security audit file in parameter
rsau/max_diskspace/local.
When the limit has been reached, logging will end.
You can define the size of an individual security log file to fit in the chosen archiving
media.
This definition means that the system produces several log files each a day and these
files can be, for example, archived periodically into CDs. The profile parameter is
rsau/max_diskspace/per_file, and the maximum size per file is 2 GB.
1RWH You cannot set both parameters. You have to choose the method by which the
audit files are created.
1145
5XQQLQJWKH$XGLW/RJ
*XLGHG7RXU
This procedure assumes that the audit has been running for some time and that audit logs have been
created.
1. In the Command field, enter transaction SM20 and choose Enter
(or from the SAP standard menu, choose Tools Administration Monitor Security Audit log
SM20-Analysis).
2. Complete the steps below:
a. In From date/time, enter a time and a date (for
example, 13:00).
3
b. Under Audit classes, select:
< Dialog logon
< Transaction start
< Report start
2a
2b
1146
Release 4.6A/B
6HWWLQJ6HFXULW\$XGLW/RJ3DUDPHWHUV60
:KDW
The audit log parameters are the criteria used to write the types of audit messages into the
audit log file. The parameters are grouped into audit profiles that can be activated at the
next system startup (configuration status) or applied on the fly (dynamic configuration).
:K\
Audit profiles need to be first created before audit logs can be written. These profiles limit
the amount and type of data written into the security audit files, which makes the
subsequent security reports more meaningful to the administrator.
+RZ
Decide what to audit and set selection criteria at the database level or dynamically at the
application server level:
<
If the audit configuration is permanently stored at the database level, all application
servers use the identical criteria to save events in the audit log.
The settings take effect at the next application server start.
<
At the application server level, however, dynamic changes can be set to individual
application servers and distributed to the entire system.
The new criteria will remain in effect until the server is brought down.
You can define up to 5 sets of selection criteria or filters. The system parameter,
rsau/selection_slots (that defines the number of filters has a default value of 2). You can
activate an audit in the dynamic configuration using transaction SM19.
1147
*XLGHG7RXU
.
2
1148
Release 4.6A/B
'HILQH)LOWHU*URXS
6. Choose Filter 1.
7. Under Selection criteria, in:
< Client, enter *
< User Names, enter *
8. In Audit classes, select:
< Dialog Logon
< Transaction Start
6
10
7
1149
'HILQH)LOWHU*URXS
11. Choose Filter 2.
This filter traces the reports started by one user.
12. Under Selection criteria:
<
In Client, enter *.
<
11
16
15
13
14
18
17
1150
Release 4.6A/B
20
19
22
21
1151
24
23
.
25
25
1152
Release 4.6A/B
5XQQLQJDQ$XGLWRQD'LIIHUHQW8VHU
*XLGHG7RXU
In this procedure, we will run an audit on a different user and check on all the reports that were started.
1. Under Selection criteria, in:
<
Client, enter *.
<
.
4
1
6. Choose Yes.
1153
8VHU6HFXULW\$XGLW-REV
Many of these reports are included as part of the AIS.
:KDW
RSUSR003
<
RSUSR005
<
RSUSR006
<
RSUSR007
<
RSUSR008
<
RSUSR009
Lists users with critical authorizations, with the option to select the
critical authorizations
<
RSUSR100
Lists change documents for users and shows changes made to a users
security
<
RSUSR101
Lists change documents for profiles and shows changes made to security
profiles
<
RSUSR102
Some of these reports have parameter tables that need to be properly maintained. Review
and analyze these reports based on your knowledge of the company. However, be aware
1154
Release 4.6A/B
that security issues may exist. If you have a small company, these issues cannot be avoided
because one person often must wear many different hats.
:K\
Your external auditors may require some of these reports to be executed as part of the
annual financial audit.
+RZ
<
6$$%$3([HFXWH3URJUDP
1155
6($%$3(GLWRU
.
3
2
1RWHVIRU6SHFLILF5HSRUWV
1156
<
<
Release 4.6A/B
$XGLW7DVNV
5HYLHZWKDWDOO1DPHG8VHUVDUH9DOLG
:KDW
All users who have left the company should have their R/3 access terminated immediately.
By locking or deleting these user IDs, you limit access to only those users who should have
access to R/3. Periodic review assures that the task of locking or deleting has been
completed.
:K\
Proper audit control requires that a user who no longer has a valid business need to access
R/3 should not be allowed to do so.
Deleting or locking these user IDs also prevents anyone who had been using the terminated
user ID from accessing the system with that ID.
One of the audit procedures that your external auditors will use is to test whether a person
who does not need to access R/3 has a live user ID.
+RZ
*XLGHG7RXU
1157
For additional information on how to lock a user, see chapter 12, User Administration.
5HYLHZLQJ3URILOHVIRU$FFXUDF\DQG3HUPLVVLRQ&UHHS
:KDW
Your external auditors may have an audit step to check for permission creep.
+RZ
Individuals
1. Review the security forms for a user
2. Compare these forms to the activity groups and profiles assigned to that user
3. Investigate inconsistencies
1158
Release 4.6A/B
4. Review the activity groups and profiles assigned to the individual for reasonableness.
Reasonableness is defined as, Does it make sense?
5. Review the individual profiles assigned for content and check to see if the profile has
been recently changed.
<
<
<
For additional information on these reports, see the User Security Audit on page 1154.
1159
1160
Release 4.6A/B
&KDSWHU 8VHU$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................122
Recommended Policies and Procedures ...........................................................123
New User Setup.....................................................................................................127
Maintaining a User (SU01)..................................................................................1224
Resetting a Password (SU01) ............................................................................1226
Locking or Unlocking a User (SU01).................................................................1227
User Groups ........................................................................................................1229
Deleting a Users Session (Transaction SM04)................................................1232
121
2YHUYLHZ
User administration is a serious function, not just a necessary administrative task. Security is
at stake each time the system is accessed. Because the companys financial and other
proprietary information is on the system, the administrator is subject to external
requirements from the companys external auditors, regulatory agencies, and others.
Customers should consult with their external auditors for audit-related internal control user
administration requirements. For example, human resources should be consulted if the HR
module is implemented or if personnel data is maintained on the system.
A full discussion on security and user administration is beyond the scope of this guidebook.
For example, manually creating and maintaining security profiles and authorizations is also
not covered. Our discussion is limited to a general introduction and a list of the major
issues related to security. The two sections below affect all aspects of security, which is why
we begin with them.
8VHU*URXSV
User groups are created by an administrator to organize users into logical groups, such as:
<
Basis
<
Finance
<
Shipping
For additional information, refer to the section User Groups on page 1229.
3URILOH*HQHUDWRU
The Profile Generator is a tool used to simplify the creation and maintenance of SAP
security. It reduces (but does not eliminate) the need for specialized security consultants.
The value of the Profile Generator is more significant for smaller companies with limited
resources that cannot afford to have dedicated security administrators. For more
information on the Profile Generator, see the Authorizations Made Easy guidebook.
122
Release 4.6A/B
5HFRPPHQGHG3ROLFLHVDQG3URFHGXUHV
Some of the tasks in this guidebook are aimed at complying with common audit procedures.
Obtaining proper authorization and documentation should be a standard prerequisite for all
user administration actions.
8VHU$GPLQLVWUDWLRQ
User administration tasks comprise the following:
<
In a small company where names are often used as ID, it is common to use the
employees last name and first initial of the first name or the employees first name
and first initial of the last name (for example, doej or johnd, for John Doe).
Clearly identifiable user IDs for temporary employees and consultants (for example,
T123456, C123456).
<
<
123
Group
Responsibility
Human resources
External auditors
IT
Senior management
Policy approval
Employees manager
The users ID should be locked and the user assigned to the user group term for
terminated.
If the users ID is not required as a template:
The activity groups assigned to the user should be deleted.
(use transaction SU01, under the Activity Group tab, delete the activity groups).
The security profiles assigned to the user should be deleted
(use transaction SU01 and under the Task profile and Profile tabs, delete the profiles).
<
Check Background Jobs (transaction SM37) for jobs scheduled under that user ID.
The jobs will fail when the user ID is locked or deleted.
<
If the user leaves one job for another and needs to maintain access for handover, this
handover should be documented.
The duration of the handover access must be defined and the expiration (Valid to) date
entered in the R/3 System.
<
All temporary employees or consultants should have expiration (Valid to) dates on their
user IDs.
Similar to banks, there should be a secret word that users could use to verify their
identity over the phone. This word would be used when the user needs their password
reset or their user ID unlocked. But, realize that others can overhear this secret word
and render it useless.
124
Release 4.6A/B
6\VWHP$GPLQLVWUDWLRQ
<
<
User passwords
Parameters that define and restrict the user password are defined by entries in the
system profiles.
Passwords should be set to periodically expire.
The recommended expiration date is no more than 90 days, but auditors will usually
want this date to be set at 30 days.
Minimum password length of five (5) characters should be set.
User should be locked after three unsuccessful logon attempts.
125
Company ID:
System/Client No.
PRD 300
QAS 200 210 220
DEV 100 110 120
Employee:
Type of Change
Change user
Delete user
Add user
User ID:
Position:
Secret Word:
Request Urgency
High
Requester:
Medium
Requesters position:
Low
Requesters phone:
Employees Job Function (If similar to others in department, name and user ID of a person with similar job function):
Special Access/Functions:
Requester Signoff
Name
Signature
Date Signed
Name
Signature
Date Signed
Name
Signature
Date Signed
Name
Signature
Date Signed
Name
Signature
Date Signed
Name
Signature
Date Signed
Manager Signoff
Owner Signoff
Security
In addition to security approval (above), is a signed copy of computer security and policy statement attached?
W Yes
126
W No
Release 4.6A/B
1HZ8VHU6HWXS
3UHUHTXLVLWHV
*HQHUDO3URFHVVRU3URFHGXUH
Before you set up a new user, have in hand the user add form (with all the required
information and approvals).
7KH8VHUV'HVNWRS
Does the users desktop meet the following criteria:
<
Does the system configuration meet the minimum requirements for SAP?
<
<
Is there sufficient space on the hard disk to install the SAP GUI with sufficient room for
desktop application to run?
For windows, a minimum of 50MB free space should remain after installing SAP GUI. A
practical minimum however, is at least 100MB of free space.
1HWZRUN)XQFWLRQDOLW\
Can the user log on to the network?
From the users computer:
<
Can you ping the SAP application server(s) that the user will be logging onto?
<
If the SAP GUI will be loaded from a file server, can you access the file server from the
users computer where the SAP GUI will be installed?
)RU,QVWDOODWLRQRI6$3*8,
Before you install the SAP GUI, you should have the R/3 server name and the R/3 System
(instance) number (for example, xsysdev and 00). You will need to enter this information
during the installation.
5HFRPPHQGHG3UHUHTXLVLWHIRUWKH*8,,QVWDOODWLRQ
The online documentation should be installed according to the instructions in the SAP
document Installing the Online documentation. The online documentation installation and
access method has changed since Release 3.x.
127
,QVWDOOLQJWKH)URQWHQG6RIWZDUH6$3*8,
The SAP GUI or frontend installation instructions are in the installation guide, Installing SAP
Frontend Software for PCs.
The SAP GUI can be installed from:
<
<
,QVWDOOLQJ6$3*8,IURPD)LOH6HUYHU
The preferred method is to install SAP GUI from a file server because you do not need to
carry the presentation CD around. Also, remote installations can be completed without
shipping out and potentially losing the original CD.
The following is a list of the prerequisites to install SAP GUI from a file server:
<
Copy the SAP GUI load files from the presentation CD to a shared directory on a file
server.
<
+RZWR,QVWDOOWKH6$3*8,
*XLGHG7RXU
1. Map a drive to the shared drive on the network where the presentation CD has been copied.
Select the mapped drive to the
presentation CD software.
In this example, Sim-cd on
Pal100767 (E:).
2. Navigate down to the directory for
the gui.
In this example, Sim-cd on
Pal100767 (E:) 46a-gui
Win32.
1
2
3. Double-click on Setup.exe.
The installation program starts.
128
Release 4.6A/B
4. Choose Next.
7. Choose Next.
129
8. Select SAPgui.
Steps 912 are optional.
9. Click on Desktop Interfaces.
10. Choose Change option.
9
8
10
11
12
1210
Release 4.6A/B
13
14
15
16
1211
17
20
21
1212
Release 4.6A/B
22
25
To add systems to the SAP Logon see section Adding Systems in the SAP Logon.
1213
,QVWDOOLQJ6$3*8,IURPWKH3UHVHQWDWLRQ&'
When the network connection between the SAP GUI files on the network and the user is too
slow to permit installation, install SAP GUI from the presentation CD. A slow connection
could result from a slow modem or a slow network link.
A copy should be made of the original presentation CD and the copy shipped to the user
site. You then maintain control of the original CD and reduce the chance that it might get
lost. The SAP GUI installation files can also be copied to other high-capacity removable
media such as ZIP or optical disk, as appropriate for your company.
The copy of the presentation CD can then be safely sent to the users site. From there, it can
be either loaded onto a local file server for installation or installed directly from the delivery
media. The prerequisites for such an installation is that the user has a CD drive or other
drive compatible with the delivery media (ZIP, optical, etc.) on which the SAP GUI files are
delivered.
To install SAP GUI from a CD:
1. Insert the CD into the drive.
2. In Windows Explorer, choose this drive.
3. Choose Gui Win32.
4. Double-click on Setup.exe.
5. Follow the same procedure as when loading from a file server.
6. Test your connection
7. Log on to the system.
1214
Release 4.6A/B
$GGLQJ$GGLWLRQDO6\VWHPV
*XLGHG7RXU
7R$GG$GGLWLRQDO6\VWHPVLQWKH6$3/RJRQ
1. On the SAP Logon window, choose
New.
7. Choose OK.
1215
6HWWLQJ8SD1HZ8VHU68
The procedural prerequisite is to check that all documentation and authorizations required
to set up a new user are present.
There are two ways to create a new user:
<
<
&RS\LQJDQ([LVWLQJ8VHU68
You can copy from an existing user if you have a good match. The new user will have the
same security profiles as the existing user. This process is the easiest and is the
recommended method for a small company.
Create template users for the various job functions that can be copied to create new
users.
Prerequisite:
A valid user ID to copy is identified on the user setup form.
1216
Release 4.6A/B
*XLGHG7RXU
3
2
1217
10
1218
Release 4.6A/B
17
13
14
15
15
15
16
1219
23
21
to select a 19a
b. Select:
< Output immediately
< Delete after output
19b
22
20
to select a time
1220
Release 4.6A/B
&UHDWLQJD1HZ8VHU68
Sometimes it becomes necessary to create a completely new user. You may need to create a new user when
you do not have another user from which to copy.
*XLGHG7RXU
.
3
10
6
7
8
1221
14
to select a
11
12
13
1222
Release 4.6A/B
20
15
18
to select a
16b
b. Select:
< Output immediately
< Delete after output
17
19
to select a
1223
21
0DLQWDLQLQJD8VHU68
Before maintaining a user, have a properly completed and approved user change form.
:K\
1224
<
<
Release 4.6A/B
*XLGHG7RXU
.
3
1225
5HVHWWLQJD3DVVZRUG68
:K\
The most common reason to reset a password is that users forget their password. In this
situation, the user has probably attempted to log on too many times with an incorrect
password. The user has probably also locked their user ID, which also needs to be unlocked.
Make certain the person who requests their password to be reset is indeed the valid user.
A basic user verification method is to have a telephone with a display so that the displayed
callers phone number can be compared to the users phone number, which is stored in the
system or can be found in the company phone directory.
We recommend that you use a method similar to what banks use where the user has a
secret word that verifies their identity on the phone. This method is not foolproof because
someone can overhear the secret word.
You should maintain a security log of password resets. This log should be periodically
audited to look for potential problems.
*XLGHG7RXU
.
3
2
1226
Release 4.6A/B
Copy.
For security, you can only set an initial value for the users password. Users are then
required to change the password when they log on. You cannot see what the users current
password is, nor can you set a permanent password for the user.
/RFNLQJRU8QORFNLQJD8VHU68
:KDW
The lock/unlock function is part of the logon check, which allows the user to log on (or
prevents the user from logging on) to the R/3 System.
:K\
<
Locking a user
R/3 access should be removed if a user:
Leaves the company
Is assigned to a different group
Is on leave
The lock function allows the user ID and the users security profile remains on the
system but does not allow the user to log on. This function is ideal for temporary
personnel or consultants where the user ID is locked unless they need access.
<
Unlocking a user
Users are automatically locked out of the system if they attempt to incorrectly log on
more than a specified number of times. The administrator must unlock the user ID and
more than likely reset the users password.
Before unlocking a user, determine if the request is valid.
Do not unlock a user who has been manually locked without first finding out why this
was done. There may be an important reason why the user should not access the
system.
1227
Maintain a security log of unlocking users, which should be periodically audited for
potential problems.
*XLGHG7RXU
.
3
1228
Release 4.6A/B
8VHU*URXSV
:KDW
A user group is a logical grouping of users (for example, shipping, order entry, and finance).
The following restrictions apply to user groups:
<
<
<
A user group provides no security until the security system is configured to use user
group security.
Create the group term for terminated users. Lock all users in this group and, for most of
these users, delete the security profiles. This process maintains the user information for
terminated users, and prevents the user ID from being used to log on.
:K\
Provide administrative groups for users so they can be managed in these groups.
<
Apply security.
1229
8VDJH
Definition
TERM
SUPER
TEMPLATE
+RZWR&UHDWHD8VHU*URXS68
*XLGHG7RXU
1230
Release 4.6A/B
7. Choose Save.
5
1231
'HOHWLQJD8VHUV6HVVLRQ7UDQVDFWLRQ60
:KDW
Transaction SM04 may show a user as being active when the user has actually logged off.
This condition is usually caused by a network failure, which cuts off the user, or that the
user has not properly logged off the system. (For example, the user turned the PC off
without logging off the system.)
A user may be on the system and needs to have their session terminated:
<
<
1232
The users session may be hung and terminating the session is the only way to remove
the users session.
The user may have gotten into a one way menu path without an exit or cancel option.
This situation is dangerous, and the only safe option is to terminate the session.
Release 4.6A/B
+RZWR7HUPLQDWHD8VHU6HVVLRQ
*XLGHG7RXU
1. Verify that the user is actually logged off from R/3 and that there is no SAP GUI window minimized
on the desktop. Verification is done by physically checking the users computer.
Verification is important because users may have forgotten that they minimized a
session.
2. In the Command field, enter transaction SM04 and choose Enter
(or from the SAP standard menu, choose Tools Administration Monitor System monitoring
SM04-User overview).
3. Select the user ID that you want to
delete.
4. Choose Sessions.
4
In step 3 above, double-check that the selected user is the one you really want to delete.
It is very easy to select the wrong user.
5. Select the session to be deleted.
6. Choose End session.
It may take a while to actually
delete the session so be patient.
7. Repeat steps 5 and 6 until all
sessions for that user are deleted.
1233
$FWLYH8VHUV7UDQVDFWLRQV60DQG$/
:KDW
These transactions display all the users who are currently logged on to the system. They
show both the users ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to unfamiliar
terminals. This recognition may indicate that someoneother than the designated useris
using that user ID.
A user logged on to more than one terminal indicates that the user ID is being:
<
<
One reason is that if a problem arises, you will not know who created the problem.
This situation makes the problem difficult to fix, prevent, and from re-occurring.
<
<
3UREOHPV
Transaction SM04 may show a user as active, when in fact the user has actually logged off.
Because the user session was not properly closed, the system thinks that the user is still
logged on.
This condition can be caused by the following (among others):
1234
<
A network failure, which cuts off the user from the network or R/3.
<
The user turning off their computer without logging off from the R/3 System.
Release 4.6A/B
6LQJOH,QVWDQFH6\VWHP7UDQVDFWLRQ60
*XLGHG7RXU
1235
0XOWL,QVWDQFH6\VWHP7UDQVDFWLRQ$/
If you have several instances in your system, using AL08 is easier, because you can
simultaneously see all users in all instances.
1. In the Command field, enter transaction AL08 and choose Enter
(or from the SAP standard menu, choose Tools CCMS Control/Monitoring Performance menu
Exceptions/Users Active users ALO8-Users, global).
2. The Current Active Users screen
shows all the instances in your
system and the number of active
users.
3. For each instance, the users logged
into that instance/application server
are listed.
2
1236
Release 4.6A/B
&KDSWHU 'DWDEDVH$GPLQLVWUDWLRQ
0LFURVRIW64/6HUYHU
&RQWHQWV
Overview ................................................................................................................132
Starting and Stopping the Database ...................................................................132
Database Performance .........................................................................................134
Scheduling Database Tasks (DB13)....................................................................139
Checking the Database Backup (DB12)............................................................1315
Initializing Backup Tapes ...................................................................................1318
Database Backups with Microsoft Tools..........................................................1319
Database Error Logs...........................................................................................1328
Verify Database Consistency.............................................................................1329
Run Update Statistics .........................................................................................1329
System passwords .............................................................................................1330
131
2YHUYLHZ
Microsoft SQL Server is a low maintenance database that is increasingly popular with smaller R/3
installations. This chapter will review the database administrative tasks that can be accomplished within
the R/3 System with associated tasks utilizing the Microsoft administrative tools.
6WDUWLQJDQG6WRSSLQJWKH'DWDEDVH
6WDUWLQJWKH'DWDEDVH
1. From the NT desktop, choose Start Programs MS SQL Server 7.0 Service Manager.
2. Choose Start/Continue.
132
Release 4.6A/B
6WRSSLQJWKH'DWDEDVH
1. Verify that R/3 has been stopped.
If R/3 has not been stopped, stop R/3 now.
Follow the proper procedure to stop R/3.
2. From the NT desktop, choose Start Programs MS SQL Server 7.0 Service Manager.
3. Choose Stop.
4. Choose Yes.
133
'DWDEDVH3HUIRUPDQFH
2YHUYLHZ
The CCMS System has tools available for R/3 Administrators to monitor the database for
growth, capacity, I/O statistics, and alerts. This section will discuss the initial transactions
that can help the database administrator.
'DWDEDVH$FWLYLW\67
:KDW
Space usage
<
CPU usage
<
SQL requests
<
:K\
To manage your system performance, the database must be monitored. One of the
important items is the ability to view the database error log from within R/3. This view
saves the extra effort of logging into the database to view this log.
134
Release 4.6A/B
+RZ
*XLGHG7RXU
2d
2a
2a
a. Memory Usage
Procedure cache and Data cache hit
ratio can reflect memory problems.
These values should be greater than 2b
95 percent for optimal memory usage.
b. Server Engine/Elapsed
Shows how hard the CPU has been
working on Microsoft SQL Server
processes. You are interested in the
ratio of busy : idle time.
2c
2c
c. SQL Requests
Allows for snapshots of how SQL
queries are utilizing table access
pertaining to full table or index scans.
A high ratio of full table scans vs. index
scans can indicate performance
bottlenecks.
d. Detail analysis menu
135
3b
3b
3a
3b
136
Release 4.6A/B
'DWDEDVH$OORFDWLRQ'%
:KDW
Database growth
Database index, consistency, etc.
<
Tables
:K\
One critical reason is to monitor database growth. Using the growth rate you could project
the growth to determine when you may need to get additional disk storage for the database.
+RZ
*XLGHG7RXU
2a
2b
2c
2d
137
Perform a database
consistency check.
138
Release 4.6A/B
6FKHGXOLQJ'DWDEDVH7DVNV'%
:KDW
The DBA Planning Calendar (DB13) is the scheduling tool for DBA tasks in R/3. Using the
Calendar, the DBA can schedule many of the DBA tasks that need to be performed, such as:
<
<
Update statistics
<
:K\
These tasks can be conveniently managed and scheduled without going to the database. The
DBA Planning Calendar works with transaction DB12 (Backup logs). For more information on
transaction DB12, see page 1315.
+RZ
To schedule a backup task using the DBA Planning Calendar, the backup must be able to
run unattended, which means that you must have one of the following options:
< A single tape drive with sufficient capacity to back up the database without changing
tapes.
< Multiple tape drives with sufficient total capacity to back up the database without
changing tapes.
139
*XLGHG7RXU
1310
Release 4.6A/B
4
5
10
1311
11. In the Log backup tape options popup window, select the following
options as appropriate:
a. Unload tape
To eject the tape after the
backup is completed.
b. Initialize tape
To overwrite existing data,
rather than appending to last
backup.
c. Verify backup
To verify the backup after it has
run.
If you are doing an online
backup when transactions are
being performed, selecting this
option is not useful because the
database changes during this
13
time will cause this test to fail.
d. Format tape
To erase the entire tape and
write a new tape label.
11a
11b
11c
11d
12
1312
Release 4.6A/B
14
1313
'HOHWLQJDQ(QWU\IURPWKH3ODQQLQJ&DOHQGDU'%
1. On the DBA Planning Calendar,
double-click on the date.
1314
Release 4.6A/B
3a
4. Choose Yes.
&KHFNLQJWKH'DWDEDVH%DFNXS'%
:KDW
The Backup Logs transaction (DB12) provides backup and restore information, such as:
<
<
<
Backup history
<
Restoration history
<
1315
<
<
:K\
*XLGHG7RXU
4a
4b
4c
4d
4e
b. Restoration history
A spreadsheet of detailed
restoration information is
listed.
1316
Release 4.6A/B
4a
1317
4e
,QLWLDOL]LQJ%DFNXS7DSHV
:KDW
Initializing the tape writes a label on the tape header. This label is the same as the physical
label of the tape (for example, CD26S).
:K\
The tape label and the expiration date are additional safety levels to prevent backing up to
the wrong tape, and possibly, destroying needed data. When using the DBA Planning
Calendar (DB13) for backups, the tape must be properly labeled to execute a backup to tape,
because the transaction expects a specific tape to be in the drive. If the tape label does not
match the required label, the backup will fail.
+RZ
Initializing and labeling is an option when executing the backup using DB13, SQL Server
Enterprise Manager, or NT Backup. (For SQL Server, see SAP note 141118 for a description
of the tape label naming convention used by DB13).
1318
Release 4.6A/B
'DWDEDVH%DFNXSVZLWK0LFURVRIW7RROV
Backing up R/3 on SQL Server involves backing up the following SAP-specific and
database-related directories:
< \usr\sap
<
\usr\sap\trans
<
<homedirectory> of <sid>adm
<
\<sid>data
The R/3 database files
<
\<sid>log
The R/3 log file
If the log is allowed to grow to capacity and use all available filespace on the drive, SQL
Server will stop. This event is critical, because when R/3 stops, so does the business
processes that require R/3 to be running.
<
\tempdb
Master
In case of failures or hardware or software disasters, the Master database contains the
data necessary to recover the database.
<
MSDB
The MSDB database contains the data for the SQL Server job scheduler and the database
backup history.
To make the backup process easier, and open to fewer errors, we recommend that you
backup the entire server and not just specific directories and files.
2QOLQH%DFNXS8VLQJ64/VHUYHU(QWHUSULVH0DQDJHU
:KDW
The SQL 7.0 Enterprise manager is Microsoft SQL Servers general tool. Here it is used to
backup the following while R/3 is running:
<
<
If the log is allowed to grow to capacity and use all available filespace on the drive, SQL
Server will stop. This event is critical, because when R/3 stops, so does the business
processes that require R/3 to be running.
1319
<
\tempdb
Master
If there is a hardware or software disaster, the master database contains the data
necessary to recover the database.
<
MSDB
The MSDB database contains the data for the SQL Server job scheduler and the database
backup history.
:K\
An online backup allows you to backup the database(s) when R/3 and the database is
running, so that system users are not impacted.
+RZ
3.
4.
5.
6.
1320
6
2
3
4
5
Release 4.6A/B
7. In Database, choose
database to backup.
to select the
11
10
12
12
12
13
1321
2. Choose OK.
The backup will now begin.
2
1322
Release 4.6A/B
1
2
1
2
1323
2IIOLQH%DFNXS8VLQJ17%DFNXS
:KDW
The offline backup is done when R/3 and the database are down. Here, we also use the
offline backup to also backup other files which are needed to restore R/3. Since high
capacity tape drives are now more common, it is simpler and safer to backup the entire
server. This full server backup eliminates the possibility of not backing up an important file.
For smaller customers, the entire server could be backed up to a single DLT cartridge.
At a minimum, backing up R/3 on SQL Server involves backing up the following SAPspecific and database-related directories:
<
\usr\sap
<
\usr\sap\trans
<
<homedirectory> of <sid>adm
<
\<sid>data
<
\<sid>log
<
\tempdb
In addition to these directories, you must back up any directories and files for third-party
products, interfaces, etc. that store their data outside the R/3 database. Getting all the
required files and directories can be difficult, which is why we recommend that you backup
the entire server.
:K\
The data in the database does not change while the backup is being made, which means that
you have a static picture of the database and do not have to deal with the issue of data
changing while the backup is being run. With some third party applications, you cannot
back up the files unless they are closed, and this is not possible unless R/3 and the
application are shut down. Therefore, an offline backup needs to be done. A full server
offline backup also gives you the most complete backup in the event of a catastrophic
disaster. On one tape, you have everything on the server.
+RZ
Due to system limitations on the documentation system, the location of the files in this
example are presented differently from the recommendations in the SAP installation
manual.
1324
Release 4.6A/B
*XLGHG7RXU
8
9
11
10
13
1325
15
14
16
17
1326
Release 4.6A/B
18
1327
'DWDEDVH(UURU/RJV
567
You can view the database error logs from within R/3 using transaction ST04. For more
information on database error logs, see the Database Performance Analysis (ST04) section
earlier in this chapter.
0LFURVRIW64/6HUYHU(QWHUSULVH0DQDJHU
*XLGHG7RXU
1. From the NT desktop, choose Start Programs Microsoft SQL Server 7.0 Enterprise Manager.
In the Enterprise Manager:
2. Expand the SQL Server Group
under which your server is
located.
3. Expand the server where the R/3
system is installed.
4. Expand Management.
2
3
4
1328
Release 4.6A/B
9HULI\'DWDEDVH&RQVLVWHQF\
:KDW
In a database management system, consistency can be represented from the logical and
physical levels. R/3 must insure a logical consistency when communicating with the SQL
Server engine, and SQL Server must insure a physical consistency for the database.
:K\
Sometimes a physical inconsistency can occur in the databases internal structures. This
problem occurs when R/3 thinks the data is, and where the data actually is, in the
database are different.
+RZ
SQL Server uses the DBCC CHECKDB command to correct and repair the database to a
consistent state. This is executed using:
<
<
The consistency checks should be done during non-peak hours or when R/3 users are
offline. For those coming from SQL Server 6.5 environments, SQL Server 7.0 executes the
DBCC CHECKDB job much faster than SQL Server 6.5.
5XQ8SGDWH6WDWLVWLFV
:KDW
The optimizer of the database engine will perform better if the table indexs statistical
information is current. This information helps R/3 find an item in the database faster.
+RZ
By default, SQL Server 7.0 has automatic statistics turned on. The possibility of manually
scheduling update statistics using the CCMS scheduling calendar still exists. Examples of
when this scheduling might be necessary after large data inserts or deletes from a given
table (for example, client copy, BDC sessions, and archiving).
1329
6\VWHPSDVVZRUGV
64/VHUYHU
For additional information, see SAP note 28893.
User IDs to change:
< sa
< sapr3
During the installation, by default:
< SQL server does not ask for, nor does it set, a password for user sa.
Once the installation is complete, the system administrator must manually create a
password.
< For user sapr3, a password is created, but it is created with a default password.
Therefore, you must change the password. Beginning with release 4.5, user sapr3 is no
longer used by R/3.
These loopholes must be closed manually.
+RZ
*XLGHG7RXU
1. From the NT desktop, choose Start Programs Microsoft SQL Server 7.0 Enterprise Manager.
In the SQL server Enterprise Manager:
2. Expand the SQL Server Group.
3. Expand the server.
4. Expand Security.
5. Choose Logins.
2
1330
Release 4.6A/B
9. Choose Apply.
1331
12
1332
13
Release 4.6A/B
15
14
1333
1334
Release 4.6A/B
&KDSWHU 2XWSXW0DQDJHPHQW
&RQWHQWV
Contents.................................................................................................................141
Printer Setup (SPAD) ............................................................................................142
Check the Spool for Printing Problems (Transaction SP01) ............................149
Check that Old Spools are Deleted (SP01) .......................................................1412
Printing the Output (SP01) .................................................................................1415
Printing the Screen .............................................................................................1418
Check Spool Consistency (SPAD) ....................................................................1421
Check TemSe Consistency (SP12)....................................................................1423
141
3ULQWHU6HWXS63$'
Before you set up a printer:
<
<
<
+RZWR6HW8SWKH3ULQWHULQWKH56\VWHP
*XLGHG7RXU
142
Release 4.6A/B
3. Choose
4. Choose
143
7
8
9
10
11
12
144
Release 4.6A/B
11
13
14
15
<
NT
Select C Direct operating
system call.
UNIX
Select L Print locally via
LP/LPR.
19
16
145
20b
22
21
23
24
146
Release 4.6A/B
.
25
26
27
28
147
29 31
30
148
Release 4.6A/B
&KHFNWKH6SRROIRU3ULQWLQJ3UREOHPV7UDQVDFWLRQ63
:KDW
The spool is the R/3 Systems output manager. Data is first sent to the R/3 spool and then to
the operating system for printing.
:K\
There may be problems with the printer at the operating system level. These problems need
to be resolved immediately for time-critical print jobs (for example, checks, invoices,
shipping documents, etc.) or there may be an operational impact.
You should check for active spool jobs that have been running for over an hour. These longrunning jobs could indicate a problem with the operating system spool or the printer.
*XLGHG7RXU
2
3
4
149
12
1410
Release 4.6A/B
14
13
15
1411
&KHFNWKDW2OG6SRROVDUH'HOHWHG63
:KDW
The SAP spool is the output manager for R/3. From the SAP spool, the print job goes to the
operating systems print spooler or manager. You need to check that old spool jobs are being
properly cleared by the daily batch job.
:K\
<
Depending on how the spool system has been configured, old spools will use database
space or file system space.
Whether it is database or file system space, potentially available space is being used
by these spools.
<
Look for any errors that may indicate problems in the printing process.
*XLGHG7RXU
3. Choose
.
2
1412
Release 4.6A/B
6
6
1413
10
1414
Release 4.6A/B
3ULQWLQJWKH2XWSXW63
:KDW
Spool
<
Output
The spool request contains the printed document which has not been sent to the output
device. The output data of this document is partially formatted and stored in the TemSe
database. The output request tells R/3 to format the request to a particular device and
contains attributes such as target printer, number of copies, etc. Each time you select the
printer icon, an output request is created for the spool request.
:K\
To print the contents of a spool request immediately or at another date and time using
different parameters.
+RZ
to print directly.
1415
2. Choose
to print with changed
parameters.
1
1416
Release 4.6A/B
to print directly.
1417
3ULQWLQJWKH6FUHHQ
:KDW
You can quickly and easily print the contents of most screens or do a print screen by
choosing the printer icon. A spool request and an output request are also generated by using
this procedure.
:K\
This is most useful in testing that a new printer was setup correctly.
1418
Release 4.6A/B
+RZ
Continue from the prior step or any screen with a printer icon:
*XLGHG7RXU
1419
Save.
6. Choose Continue.
1420
Release 4.6A/B
&KHFN6SRRO&RQVLVWHQF\63$'
:KDW
A spool consistency check compares data in the spool and output request tables (TSP01 and
TSP02), with the entries in the TemSe tables (TST01 and TST03), TSP0E (archive) and
TSP02F (frontend print request) tables. It also displays a list of obsolete write locks which
should be deleted.
:K\
If you delete table entries manually from the spool and TemSe tables or delete spool and
TemSe objects from the directories, inconsistencies can occur. Other causes of
inconsistencies are report and transaction terminations or an incorrectly executed client
copy.
1421
*XLGHG7RXU
1422
Release 4.6A/B
1RWH There is another report, RSPO1043, that can be used for the spool consistency check. It should be
scheduled as a periodic batch job (see SAP note 98065).
&KHFN7HP6H&RQVLVWHQF\63
:KDW
The relationship between the object and data in the TemSe may be destroyed due to the
following activities:
< Restore from backups
<
Copying databases
<
<
1423
*XLGHG7RXU
1424
Release 4.6A/B
&KDSWHU 1HWZRUN266HUYHU
$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................152
Operating System Tasks ......................................................................................152
Other Tasks .........................................................................................................1512
151
2YHUYLHZ
This chapter is about using transactions to get to the operating system log, regardless of the
platform.
2SHUDWLQJ6\VWHP7DVNV
2SHUDWLQJ6\VWHP$OHUW$/
*XLGHG7RXU
Use the operating system alert monitor for a quick visual review.
1. In the Command field, enter transaction AL16 and choose Enter
(or from the SAP standard menu, choose Tools CCMS Control/Monitoring Performance menu
Operating System Local Alerts AL16-Operating system).
2. Review this screen for potential
problems.
152
Release 4.6A/B
6\VWHP/RJV26
:KDW
The system logs are where the operating system and some applications write event records.
Depending on the operating system, there may be multiple logs.
:K\
There may be indications of a developing problem (for example, a hard drive that generates
errors may indicate that it is failing and needs to be replaced).
+RZ
*XLGHG7RXU
153
3. Choose OS Log.
154
Release 4.6A/B
17(YHQW/RJV
:KDW
System
Security
<
Application
:K\
There may be indications of a developing problem. If the security audit parameters have
been properly set, you could detect unauthorized attempts to access files.
Configuring the security audit function is a tradeoff among the following:
< The need to log security events.
< System resources to track and maintain the log.
The more detailed you make the log, the more the system performance will degrade.
This degradation is due to the extra processing required to track and log the items.
< Effort required to audit the log (dependent on the size of the log).
*XLGHG7RXU
The following steps show you how to open the NT event logs.
1. On the NT desktop, choose Start Programs Administrative Tools Event Viewer.
2. The following logs can be selected
2
under Log:
< System
< Security
< Application
3. Look for unusual entries.
Monitor these entries regularly to
recognize unfamiliar events such
as errors, failures, or securityrelated entries. These events do
not usually occur.
155
&KHFNLQJ)LOH6\VWHP6SDFH8VDJH5=
:KDW
The file system should have sufficient free space for normal operations. Over time,
various activities will write files that will use up file space. These files need to be
periodically reviewed and moved or backed up and deleted.
A few of the items that consume file space when monitoring file space usage include:
<
Transports
<
Support packages
<
<
Program logs
<
Backup logs
<
Error logs
<
<
Third-party programs that store their data outside the R/3 database
<
Trace files
<
In addition to these items, check to see that the house cleaning programs are running
properly (see SAP note 16083).
:K\
If your file system fills up, the R/3 System may stop because the database cannot write to a
file. If R/3 stops, any business operations that use the system will also stop.
For example, note the following sequence of events:
1. The SQL Server transaction log fills up the file system.
2. SQL Server cannot write anymore entries into the log.
3. SQL Server will stop.
4. R/3 will stop.
Your user will not be able to perform activities such as:
< Enter orders
< Generate shipping documents to ship products
To plan for such a situation:
156
<
<
Release 4.6A/B
<
*XLGHG7RXU
You can use the R/3 Alert Monitor or go to the operating system to check file system space usage. In this
section, we use the R/3 Alert Monitor, because we can set alert points.
1. In the Command field, enter transaction RZ20 and choose Enter
(or from the SAP standard menu, choose Tools CCMS Control/Monitoring RZ20-Alert Monitor).
2. Click the node (+) to expand the
monitor set.
3. Select the monitor set (for
example, SAS for docu).
4. Choose
2
3
157
158
Release 4.6A/B
&KDQJLQJWKH$OHUW7KUHVKROG5=
Also see chapter 10, Maintaining the Alert Thresholds for RZ20.
To customize the points when the
alert indicator changes from green to
yellow, yellow to red, back from red
to yellow, and yellow to green:
1. Click the node of the drive for
which you want to change the
threshold (for example, drive H:).
1
2
159
4. Then:
a. Choose
4b
1510
Release 4.6A/B
&OHDQLQJ2XW2OG7UDQVSRUW)LOHV
:KDW
Transport files are used to transport or move SAP objects and customizing changes between
clients and systems.
:K\
If left unchecked, transport files could gradually fill up the file system.
If the file system fills, operations may be affected because:
<
<
<
In an extreme situation, if you run out of file system space, R/3 may stop, or you may have
other failures because R/3 or other applications cannot write to the necessary files.
:KHQ
After a major implementation where many transports have been created that take up a
lot of space.
<
Immediately before (or after) performing a database copy, if you do not use a central
transport directory, most (if not all) files dated before the copy become irrelevant to the
system.
<
+RZ
Data
<
Cofiles
<
Log
1511
2WKHU7DVNV
&OHDQWKH7DSH'ULYH
To minimize a backup failure due to a dirty head, clean the tape drive as part of a
preventive maintenance program.
To keep your tape drive clean:
<
Follow the tape drive manufacturers instructions for your tape drive.
Some drives specify a specific interval of use for cleaning, typically based on hours of
use. Adjust your cleaning frequency to account for your usage. Remember, that these are
recommendationsnot rules. If you consistently have recording errors or head dirty
messages, then decrease the time between cleanings. If you have to clean your tape
drives more or less frequently, this task should be moved to the appropriate interval.
Some drives (for example, DLT) do not require regular cleaning. They only need
cleaning when the clean head indicator light is activated.
<
Use the manufacturers approved cleaning cartridge for the tape drive.
<
<
Between uses, store the cleaning cartridge according to the manufacturers instructions.
1512
Release 4.6A/B
8QLQWHUUXSWLEOH3RZHU6XSSO\
&KHFNWKH8QLQWHUUXSWLEOH3RZHU6XSSO\
:KDW
The uninterruptible power supply (UPS) that you use should be monitored by a control
program. This program, when triggered by a power event, records the event and initiates a
shutdown process of the R/3 environment (R/3, the database, related applications, and the
operating system), and finally the server. In addition, most UPSs have a self-test and
capacity calibration function. The results of these tests are logged. Specific data logged
depends on the program and the UPS.
:K\
You need to review the power events that triggered the UPS control program.
While the UPS protects the server, the control program should be recording power events
such as power dips, brown outs, power failures, etc. This recording could help you or the
facilities person solve electrical problems in the facility. For example, a pattern of power
dips or outages may indicate a problem elsewhere in the building.
You need to verify that:
<
<
<
The batteries in the UPS must be periodically replaced. If the batteries are low, the capacity
test will indicate that the batteries do not have sufficient capacity to shutdown the system
before failing.
+RZ
Verify that your UPS shutdown process works. A shutdown process is an automated script
for the UPS to shut down R/3, the database, other applications, the operating system, and
the UPS.
:K\
This check verifies that the entire shutdown process works as planned and documented.
When there is a power failure, the R/3 environment should be shut down in an orderly
manner. There should be sufficient reserve in the UPS to reach the end of the shutdown
1513
process. Something might have changed since your last test to cause the shutdown process
to fail. If this process fails, you need to find out why and fix the problem.
The stopsap command does not work within all UPS control programs. You need to
verify that your UPS control program will properly stop R/3 and the database before
shutting down the server.
Like a car battery, UPS batteries wear out over time and must be replaced. If the battery is
worn out, the UPS will not have sufficient power to complete the shutdown process.
&KHFN0DLQWHQDQFH&RQWUDFWV
:KDW
Many of the servers and related equipment are under maintenance or service contracts with
the manufacturer or distributor.
<
The production system and critical equipment should be under a premium 24 hour x 7
day (x 2 hour response) support agreement.
<
:K\
If you need support or service and the service contract has expired, the confusion and time
to reestablish the service contract could be critical.
:KDW
The support level should be selected based on equipment use. If a piece of equipment
becomes critical to the companys operation, its support level should be upgraded to reflect
the critical nature of that equipment. Conversely, equipment could become noncritical or
be replaced. In this situation, the service contracts could be downgraded or dropped as
appropriate.
+RZ
<
<
Review equipment usage to determine if the support level for equipment should be
upgraded, downgraded, or dropped.
<
<
1514
Release 4.6A/B
5HYLHZ+DUGZDUHRUD6\VWHP0RQLWRU3DJLQJ6\VWHP
:KDW
A hardware or system monitor paging system generates alert messages (including e-mail)
and pages based on your predefined parameters. Depending on the software, the following
can be monitored:
<
<
The screenshot above shows that the monitor has three functional windows:
< Notification Rules
<
This mechanism passes or filters events, and determines what action will be taken on the
events that are passed.
Events
<
These are the events that have been passed to the monitor program. (They got through
the filters in Notification Rules.)
Monitored device
1515
You may need to change alert parameters to filter noncritical events and to generate alerts
for critical events. The key to remember is that this process is dynamic. Some of these tasks
are as follows:
<
<
<
Filter out events (both old and new) that should not generate alert messages
<
Filtering is necessary to manage the messages that are reviewed. If too many irrelevant
messages get through the filter, it becomes difficult to review the alert message log.
Adjust for personnel changes
There may be other events that require action (for example, shift or duty changes for
organizations with several people on call).
<
Someone changing something in the e-mail or phone system that prevents alert
messages from being sent.
<
+RZ
Review the various monitored logs (such as the NT event logs) to look for events that
should generate an alert message (e-mail or page).
The monitor program needs to be configured to pick these events up and properly
process them.
<
Review the alert monitor log for alert events that should be filtered out.
The monitor program needs to be configured to filter or ignore such events.
<
Test all alert mechanisms, such as pager, e-mail, etc. to make sure that they are
functional.
If you receive regular daily e-mail messages, then the e-mail testing is being done for
you.
1516
Release 4.6A/B
&KDSWHU 2SHUDWLRQV
&RQWHQWV
Overview ................................................................................................................162
Check that All Application Servers Are Up (Transaction SM51)......................162
Background (Batch) Jobs ....................................................................................163
Background Jobs (SM37)...................................................................................1615
Operation Modes.................................................................................................1621
Backups ...............................................................................................................1636
Checking Consumable Supplies .......................................................................1642
161
2YHUYLHZ
Operations is a generic category that refers to the tasks that would be done by a computer
operations group. These are the tasks that the people in the glass room in a data center
would be doing. If you do not have a data center, these tasks do not disappear; they must be
assigned to the appropriate employees.
This chapter is important because operations is a crucial part of system administration.
While learning to manage operations, readers will learn how to perform:
<
Batch jobs
<
Background jobs
<
Operation modes
<
Backups
&KHFNWKDW$OO$SSOLFDWLRQ6HUYHUV$UH8S7UDQVDFWLRQ
60
:KDW
Transaction SM51 allows you to look at all the servers in your system (for example, the PRD
database server and all of its application servers). You do not have to log into each server
individually.
:K\
162
The batch application server is down, batch jobs that are specified to run on that server
will not run.
Release 4.6A/B
*XLGHG7RXU
In the R/3 System, a batch job is referred to as a background job. This job runs
independently of a user being logged on.
There are two kinds of background jobs:
<
Regular
These are jobs that are run on a regular schedule.
<
Ad hoc
These are jobs that are run as needed or required.
:K\
Users have the flexibility of scheduling jobs when they are out of the office.
<
<
Jobs that run for a long time would time out if executed online.
163
5HJXODUO\6FKHGXOHG-REV
:KDW
Regularly scheduled jobs are background jobs that will run on a schedule (for example,
daily at 11:00 a.m., Sundays at 5:00 a.m., etc.)
:K\
<
<
Generate a report
<
<
<
+RZ
The job is scheduled like any other background job, but with a few additional
considerations:
%DWFK8VHU,'
<
Create a special user ID to be used only for scheduling batch jobs, such as BATCH1.
The reason for special user IDs is to keep scheduled jobs independent of any user. This
way, when a user leaves the company, the jobs will not fail when the user ID is locked,
shut down, or deleted.
<
Consider multiple-batch user IDs when batch jobs are scheduled by or for different
organizations or groups. This method has the disadvantage of having to manage
multiple accounts. For example:
BATCH1
System Jobs
BATCH2
Finance
BATCH3
Accounts Payable
BATCH4
Warehouse
BATCH5
Material Planning/Inventory
3HUIRUPDQFH
For more information on performance, see 165.
+RXVHNHHSLQJ-REV
These background jobs must be run regularly to perform administrative tasks, such as:
164
<
<
<
Collecting statistics
Release 4.6A/B
See SAP note 16083 for the required SAP housekeeping jobs, and to schedule the spool
consistency check, see SAP note 98065.
2WKHUV
Various modules and functions may require their own regularly scheduled jobs. For
example, the Special Ledger requires a regular job to copy data from the FI/CO modules
and to regenerate sets in Special Ledger. There may be various database and operating
system-level housekeeping jobs that also need to run.
3HUIRUPDQFH)DFWRUVIRU%DFNJURXQG-REV
Background jobs consume a significant amount of system resources. As a result, they could
adversely affect online system performance. There are several ways to improve system
performance while running background jobs. These methods benefit both online users and
other background jobs.
To reduce the system impact from background jobs:
< Run batch jobs on a dedicated batch application instance/server.
This step separates the processing requirements of the background job from the
processing requirements of online users and of the database. Even with as little as 10
users on a small central instance (no application servers), two batch jobs can
significantly slow down the online system response. Therefore, even for a small
installation, there may be a need for application servers to offload the batch processing
from the central instance. The instance profile for this application server would be tuned
for background jobs rather than dialog (online) performance (for example, five
background work processes and only two dialog work processes).
Specifying a target host is a double-edged sword. If you specify the target host, load
balancing is not performed. There may be the situation where all the batch work
processes on the batch application server are in use, and other application servers are
idle. However, by specifying that the job is to run on the batch application server, it will
not run on any of the other available application servers. This job will wait until a batch
work process is available on the specified batch application server.
<
Schedule background jobs to run during nonpeak periods, such as at night or during
lunch.
If no one is on the system, slow system performance does not matter.
<
165
reports). In such cases, the reports may finish sooner if they are run sequentially, rather
than in parallel.
<
Make a chart that converts your local time to the local time for all affected global sites. With
this chart you can quickly see what the local time is for locations that would be affected by a
job (see following example):
A corporate master clock (or time) should be defined for a company with operations in
multiple time zones.
Two common methods are:
< The time zone where the corporate office is located.
For SAP in Walldorf, Germany this is Central European Time (CET).
For United Airlines in Chicago, IL, this is Central Standard Time (CST).
< Coordinated Universal Time (UTC), formerly known as Greenwich Mean Time (GMT).
This common time is used by global operations, such as the airlines.
The change to and from daylight savings time does not occur on the same day in all
countries. During that interim time, the offset time could be different.
The time conversion table (based on a 24-hour clock) below shows selected times around the
world.
166
Release 4.6A/B
The Microsoft Excel file for this table is included on this guides companion CD, which is
located inside the back cover of this book.
<
Highlight the column for your local time zone, so you do not accidentally read the
wrong column.
<
If you use daylight savings time, you need to be aware of the days when the time changes:
<
167
<
One way to avoid problems when daylight savings time is switched on and off is to use
UTC (formerly known as GMT) as your master clock. If you are in a U.S. state that does not
use daylight savings time, such as Hawaii, it is not a concern.
See the following SAP notes:
<
<
&UHDWLQJDQG6FKHGXOLQJD%DWFK-RE60
:K\
Users have the flexibility of scheduling jobs when they are not in the office.
<
<
Jobs that run for a long time would time out if run online.
1RWHV
<
<
<
Avoid playing priority games with the job class. If you make every job a class A job,
there is no priority, because every job will be at the same priority level.
The recommended method is to assign all jobs to job class C. The exceptions to this
recommendation are those jobs that need the priority. This priority increase should be
properly justified.
3UHUHTXLVLWH
A batch job may require that a variant be created to execute the job.
168
Release 4.6A/B
*XLGHG7RXU
2
3
Start condition.
5. Choose Date/Time.
5
169
6
7
10
Check.
11
13
12
1610
Release 4.6A/B
14. Choose
Check.
15
14
16. Choose
Step.
16
1611
17
Check.
18
19
20
21
1612
Release 4.6A/B
22. Choose
Print specifications.
22
<
26. Choose
25
26
1613
27
28 30
29
1614
Release 4.6A/B
%DFNJURXQG-REV60
:KDW
Background jobs are batch jobs scheduled to run at specific times during the day.
:K\
If you are running critical jobs, you need to know if the job failed because there may be
other processes, activities, or tasks that depend on these jobs.
+RZ
You should have a list of all the critical jobs that are scheduled to run. For each of these jobs,
you should have a list that shows:
<
<
<
An emergency contact (names and phone numbers) for job failure or problems
<
1615
*XLGHG7RXU
8
2
3
4
and select
Execute.
1616
Release 4.6A/B
&KHFNLQJWKH-RE/RJ
To check a job log:
1. Select the job.
2. Choose
Job log.
1617
8VLQJWKH-RE7UHH
To get basic job information at a
glance using the job tree:
1. Select the job.
2. Choose
<
<
Target server
Job steps
<
4. Choose
5. Choose Back.
1618
Release 4.6A/B
*UDSKLFDO-RE0RQLWRU7UDQVDFWLRQ5=
:KDW
The graphical job monitor is useful when coordinating many background jobs because it
allows you to see individual job statistics.
:K\
The graphical job monitor is a visual format where status is indicated by the following
colors:
<
<
If a job ran past its expected end time, and other jobs are scheduled to start, the graphical job
monitor lets you see the conflict.
*XLGHG7RXU
2
3
4
1619
%DWFK,QSXW-REV1HZRU,QFRUUHFW60
:KDW
This transaction shows jobs that need to be processed or started, and jobs with errors that
need to be resolved.
:K\
This transaction is important because it alerts you to batch input jobs that are:
<
New
These are jobs that are waiting to be processed (for example, a posting from an interface
file). If not processed, the data will not post to the system.
<
Incorrect
These are jobs that have failed due to an error. The danger is that only a portion of the
job may have posted to the system. This partial posting increases the potential for data
corruption of a different sort, since only part of the data is in the system.
*XLGHG7RXU
3. Choose
1620
Release 4.6A/B
New Sessions
<
Incorrect sessions
2SHUDWLRQ0RGHV
:KDW
A batch job runs on a batch work process until it is completed and does not time share the
work process. Therefore, to increase the number of batch jobs that are processed during a
given period, you need to increase the number of batch work processes. To achieve this
1621
increase, you must also decrease the number of dialog (online) work processes by the same
amount.
This process is usually done to increase the number of batch sessions available to process
batch sessions at night, when most of the online users have gone home and you have many
batch jobs to run. During the day the opposite situation occurs. The number of batch work
processes is reduced, and the number of dialog work processes is increased to accommodate
the number of online users.
For example:
Mode
Dialog WP
Batch WP
Day
Night
There should always be a minimum of two dialog processes. Do not reduce the value below
two.
There must be at least two batch work processes on the system. An individual instance,
such as a dialog application server, could be configured without a batch work process. But
there must be batch work processes to use somewhere on the system, or a task (such as a
transport) will fail if it needs a batch work process to execute.
For small clients with little batch processing at night, the additional process of configuring
and maintaining operation modes may not be necessary. Not using operation modes
reduces the level of administration required to maintain the system. Although once
configured and running, there is little maintenance required.
+RZ
1622
Release 4.6A/B
7R'HILQHWKH2SHUDWLRQ0RGH5=
*XLGHG7RXU
3
4
Make the name and descriptions meaningful, such as day mode and night mode, which makes it
easier to select them later.
1623
1624
Release 4.6A/B
$VVLJQDQ,QVWDQFH'HILQLWLRQWRDQ2SHUDWLRQ0RGH5=
*XLGHG7RXU
7KH)LUVW7LPH<RX*HQHUDWHDQ,QVWDQFH2SHUDWLRQ0RGH
The first time the CCMS: Maintain Operation Modes and Instances screen is opened, there are no operation
modes. This process populates the screen.
1. In the Command field, enter transaction RZ04 and choose Enter
(or from the SAP standard menu, choose Tools CCMS Configuration RZ04 - OP Modes/instances).
2. Choose Instances/operation modes.
1625
5. Choose Save.
6. Choose Back.
$GGLQJD1HZ2SHUDWLRQ0RGH
1. In the Command field, enter transaction RZ04 and choose Enter
(or from the SAP standard menu, choose Tools CCMS Configuration RZ04 - OP Modes/instances).
2. Choose Instances/operation modes.
1626
Release 4.6A/B
to select an operation
1627
.
8
10
1628
Release 4.6A/B
12
11
'HILQLQJ'LVWULEXWLRQRI:RUN3URFHVVHV5=
*XLGHG7RXU
1629
.
5
7. Choose Save.
7
1630
Release 4.6A/B
9. Choose Save.
11
10
1631
$VVLJQLQJ2SHUDWLRQ0RGHV60
*XLGHG7RXU
Chan.(Change).
2
3
1632
Release 4.6A/B
6. Choose Assign.
.
7
1633
10. Choose
10
11
1634
Release 4.6A/B
13
14
1635
%DFNXSV
3HULRGLF$UFKLYDOV
At the end of the quarter:
<
Made certain you get a usable backup at the end of the quarter.
<
<
The length of the extended period should be determined by your legal and finance
departments, external auditors, and others as appropriate in the company (for more
information, see discussion in chapter 3).
%DFNXSWKH'DWDEDVH
See the procedures in chapter 3, 15, and 17.
3HUIRUPLQJD)XOO6HUYHU%DFNXS
:KDW
An offline backup of the entire server is done at the operating system level. This process
requires that the R/3 System and the database be down so that no files are open.
:K\
Performing an offline backup is necessary for files that cannot be backed up if the R/3
System or the database is active. With this full-server backup, you know you have
everything on the server. If you experience major system problems, you will have a
defined point from where everything is backed up and from where you can begin a restore.
1636
Release 4.6A/B
:KHQ
A full-server backup should be performed before and after major changes on the server,
such as:
<
<
<
Changing hardware
If a change has a catastrophic effect (a disaster), you will need to recover the server to its
before-the-change state.
+RZ
1637
*XLGHG7RXU
5a
5b
5c
5d
b. DB name
c. Media name or tape label
d. Position on the backup tape
1638
Release 4.6A/B
*XLGHG7RXU
1639
2SHUDWLQJ6\VWHP/HYHO%DFNXSV
The general process is as follows:
1. Record the usual or expected run time for the backup.
2. Compare the actual backup time to the expected (usual) run time for the backup.
If the backup takes longer or shorter than this time, there may be a problem that needs
to be investigated.
*XLGHG7RXU
1640
Release 4.6A/B
5HYLHZWKH17%DFNXSORJ
1641
&KHFNLQJ&RQVXPDEOH6XSSOLHV
:KDW
Consumable supplies are those that you use regularly, such as:
<
Cleaning cartridges
<
<
<
<
Ink cartridges
Batteries
<
Forms
<
Envelopes, etc.
Within the group of consumable supplies are critical supplies. If these supplies run out,
your business operations could be affected or stopped. Examples are preprinted forms with
your companys name or other special printing and magnetic toner cartridges. The amount
of spare supplies purchased and available on-hand should be enough to accommodate
varying usage levels and to allow for time to purchase replacements.
:K\
If an item is critical, and you run out of it, business operation may stop.
1642
Release 4.6A/B
([DPSOH
If you run out of the magnetic toner cartridge for the check printer, you will not be able
to generate checks out of the system. At this point, either you cannot print checks to pay
your vendors, or you have to manually type the checks (if you have blank manual check
stock on hand).
Special or custom supplies such as the following require special consideration:
<
Special magnetic ink toner cartridges to print the MICR characters on checks.
Not every computer supplier will stock these special cartridges.
<
If it is a critical item, stock extras, the first spare may be bad or defective.
Murphy says: When you need something immediately, it will be Friday evening and
vendors and stores will be closed.
+RZ
<
Check supplies that have a time in service expiration, such as hours, cycles, etc.
([DPSOH
Certain DAT tapes are rated for 100 full backups. After that they should be discarded
and replaced with new tapes. (This usage limit can be entered into the SAPDBA control
file for Oracle.)
<
Keep in touch with your purchasing agent and the market place.
Market conditions may make certain supplies difficult to purchase. In such conditions,
the lead time and quantities to be purchased need to be increased.
For example, at one time, 120 meter DAT tapes cartridges were difficult to buy, at any
price.
<
Track usage rates and adjust stocking levels and purchasing plans as needed.
1643
2WKHU&RQVLGHUDWLRQV
Certain supplies may have long lead times for purchase, manufacture, or shipping.
Do not make your lack of planning the purchasing agents emergency. If you do this too
often, you will soon use up your favors. Then when you really need help, the purchasing
agent may not be as willing to help you.
1644
Release 4.6A/B
&KDSWHU &KDQJH0DQDJHPHQW
&RQWHQWV
Table Maintenance (Transaction SM31) .............................................................172
Change Control .....................................................................................................179
Managing SAP Notes ............................................................................................179
Change Control (Managing Transports) ...........................................................1712
Transporting Objects..........................................................................................1715
171
7DEOH0DLQWHQDQFH7UDQVDFWLRQ60
If no transaction is available to maintain a table, it can be directly maintained using
transaction SM31.
Use this method if, and only if, there is no transaction to maintain the table. Directly
maintaining a table circumvents all edits and validations in the system.
When a change is made directly to a table and the table is saved, the change is immediate.
There is no undo function.
&UHDWLQJDQ(QWU\LQWKH7DEOH60
*XLGHG7RXU
1RWH This procedure shows how to create new entries in the Prohibited Password table, USR40.
1. In the Command field, enter transaction SM31 or SM30 and choose Enter
(or from the menu bar, choose System Services Table maintenance Extended table maintenance).
2. In Table Views, enter the table
name (for example, USR40).
3. Choose
Maintain.
172
Release 4.6A/B
.
4
173
7. Choose Save.
10
174
Release 4.6A/B
.
11
12
14
13
15
175
'HOHWLQJDQ(QWU\IURPD7DEOH60
*XLGHG7RXU
1. In the Command field, enter transaction SM31 or SM30 and choose Enter
(or from the menu bar, choose System Services Table maintenance Extended table maintenance).
2. Enter the table name (for example,
USR40).
3. Choose
Maintain.
176
Release 4.6A/B
5a
.
6
9. Choose Save.
10. Choose
10
177
11
12
13
.
14
15
178
Release 4.6A/B
&KDQJH&RQWURO
Change control is the managing of the changes, modifications and customizing made to
your system. This control allows you to be aware of and control what changes are made.
These change must be made in a controlled manner, because uncontrolled changes are a
recipe for disaster.
The process is:
<
<
<
The SAP training class BC325 (Software Logistics) covers change management and
transports. Also see Software Logistics by Sue McFarland.
0DQDJLQJ6$31RWHV
:KDW
There are several reasons to track SAP notes that are applied to your system:
<
If a problem arises, SAP may ask if a specific note has been applied.
If you do not have a record of what notes you have applied, then you must manually
investigate your system. This process can be difficult and time consuming.
<
When the system is upgraded, for conflict resolution, you need to know what notes have
been applied.
You must know what notes:
Are included in the upgrade, so you can go back to SAP standard code
May need reapplying because they are not included in the upgrade
179
+RZ
<
Document all SAP notes applied to your system(s), and specify which system and
instance to which it is applied.
<
Document all code changes with the SAP note number that applies.
This documentation is important especially if a program is changed by an upgrade or
support package. It helps you determine if your code change is included in the upgrade
or patch and, therefore, whether the program can revert back to SAP standard.
<
<
Document all SAP notes that are noted and do not require actual changes to be made
to the system (for example, procedural or informational notes).
<
Document SAP notes that have not been applied to your systems.
There may be cases in which you review a note and determine that it does not apply.
You should document the reason(s). If SAP asks why a specific note was not applied,
you will have an answer.
6DPSOH)RUPV
Description
12345
36987
1710
Noted
DEV
QAS
PRD
xxx
11/06/98
11/15/98
11/30/98
yyy
2/06/99
2/13/99
2/28/99
Release 4.6A/B
Note Applied
Note # :
Short text:
Module:
Problem to solve:
Objects changed:
Fixed in release:
Comments:
Other notes
applied with this
problem:
Applied to:
System
Client
DEV
100
Transport number
Date imported or
applied
Return
code
Sign off/Initial
110
QAS
200
210
PRD
300
1711
&KDQJH&RQWURO0DQDJLQJ7UDQVSRUWV
:KDW
Change control is the process of managing changes, modifications and customizing made to
the system and the transport of those changes through the pipeline from the development to
the test system, and finally to the production system. One of the most important change
management tasks involves notifying the appropriate people of the changes and getting
their approvals.
:K\
Because R/3 is an integrated system, there are items that may impact many other modules
or groups. If, for example, a change is made to a module which impacts other modules, and
this change is done without the knowledge of the appropriate people, a process may cease
to function. If something stops functioning in the production system, business may stop
until the problem is resolved.
In the past, most application systems were independent, so changes in one system were
insulated from the other systems. Because of this independence, users may not be used to
consulting with other organizations when making changes to what they consider their
systems.
In change control, there is a review and approval process. You should not make a change
and apply it to the system without a review and approval of the changes. These changes
apply to changes to SAP objects and system configuration.
+RZ
Developer
Functional analyst
3. Get the following signoffs (see sample Transport Request Form on page 14)
By all functional groups:
1712
<
Review and be aware of changes that might affect their functional areas.
<
If needed, perform additional tests by and with other functional groups, where there
is possible interaction from the change.
Release 4.6A/B
Operations review
<
<
<
<
<
1713
Specific order
MM
Computer Operations
SD
Approved for transport by:
Transport details:
System
Client
QAS
200
Date
Start time
End time
Return
code
Sign off/
Initial
210
PRD
1714
300
Release 4.6A/B
7UDQVSRUWLQJ2EMHFWV
7UDQVSRUWVLQWRWKH3URGXFWLRQ6\VWHP
:KDW
<
From one system to another system and from one client to another client
:KHQ
Complete the transport in the production system during a quiet period (for example,
Sunday afternoon or evening) when users are not logged on the system.
Ideally, a full system backup should have been completed before transports are imported.
:K\
During a transport, objects may be overwritten. If an object is being used in the target
system when a transport is performed, the transport may cause inconsistent results or
terminate the transaction. In the worst case scenario, a transport may break the
production system and you will need to restore the system.
+RZ
Transports are only done when necessary (when you have a transport that needs to be
moved). You may also have the occasional emergency transport that must be moved at a
time other than at your normal weekly transport time.
7UDQVSRUWLQJ2EMHFWV
The transport system has been significantly changed in Release 4.x. (It used to be known as
Correction and Transport System.) It is still CTS, but is now called the Change and Transport
System; In CTS are the Transport Management System (TMS) and Change and Transport
Organizer (CTO).
The purpose of transports is to move objects and configuration from one system to another
in the production pipeline. This pipeline is defined in a three-system landscape as systems
comprising development to quality assurance to production. A transport starts in the
development system, is transported to the quality assurance system where is tested, and
finally into the production system.
To transport objects, use one of the following methods:
<
<
1715
7060HWKRG
The TMS method uses a new transaction, STMS, to perform the transports.
Benefits:
< The user does not have to go into the operating system to do the transport.
<
<
Because the import is done from within R/3, there is no need to physically go down to
the server or use a remote connection (for NT) to the server to do the import.
<
<
Transport requests can be grouped into projects, and the transport request selected and
moved by these projects.
This grouping reduces the chances of transporting the wrong transport request when
there are many activities and projects going on. (This functionality is new in Release 4.6.)
<
Advanced quality assurance prevents transports from being imported into the
production system until they are released after successful testing in the quality
assurance system. (This functionality is new in Release 4.6.)
<
706GRFXPHQWDWLRQ
The TMS documentation (including configuration) can be found on the R/3 online
documentation by choosing Help SAP Library Basis Components Change and Transport
System (BC-CTS) BC-Transport Management System.
2SHUDWLQJ6\VWHP0HWKRG
The operating system (OS) method requires you to go down to the OS level to execute the
transport program (tp) at the command line.
Disadvantages:
< The user must go into the operating system to do the transport.
This action is a security issue in companies that restrict which employees can have this
level of access.
<
1716
Release 4.6A/B
6WDQGDUG7UDQVSRUW3URFHVV
This section describes the standard transport process from your development system to
your production system.
The following steps are part of your companys change management process:
1. Obtain proper authorization to transport the objects.
Obtaining this authorization is the responsibility of the person who requests the
transport move. The required authorizations and approval process differ based on the
company. Some companies require the approval of only one person, while other
companies require the approval of numerous people.
A major purpose of the approval process is to give other functional groups a heads up
as to what you are moving.
If the move affects any of the functional groups, and they know about it, they can take
the appropriate action: review, test, etc. If necessary, your transport is delayed until the
affected functional groups are satisfied. This way, there will not be problems related to
your transport.
2. Define other necessary transport management related information, such as:
<
<
<
Who will test the transport in the target system to determine that it works as
intended
<
<
<
<
1717
Production system:
Using the TMS method, use preliminary import to select the individual transport
to import.
Using the TMS method, use the project method to manage the transport requests.
Using the OS method, import the requests (transports) individually.
Do an import all only when the entire buffer is ready to be imported.
6SHFLDO7UDQVSRUWVIURP6$3
Special manual transports fix specific problems, add features, or add functionality from
third-party software vendors. U.S. customers can download the transport files from
SAPSERV4. These files are usually a single file that you have to unpack using the CAR
program. The downloading and unpacking procedure is described in chapter 22.
1. Get the files from SAP or the delivery media, such as a CD.
Two files (sometimes there is a third file) are normally combined as a set (for example,
K174511.P30, R174511.P30, and D174511.P30).
2. Copy the files into the appropriate transport directories:
a. Copy files beginning with K into:
<
NT
<
UNIX
<drive>:\usr\sap\trans\cofiles
\\<host>\sapmnt\trans\cofiles
/usr/sap/trans/cofiles
1718
Release 4.6A/B
<
NT
<drive>:\usr\sap\trans\data
\\<host>\sapmnt\trans\data
<
UNIX
/usr/sap/trans/data
5HOHDVLQJD5HTXHVW7UDQVSRUW
To release a request:
1. Release all tasks associated with the request.
2. Release the request.
*XLGHG7RXU
2
3
Display.
1719
9. Choose Save.
10. A message appears on the message
line indicating the task was released.
11. Choose Back.
10
1720
Release 4.6A/B
12
5HOHDVLQJWKH5HTXHVW
.
2
Choose
.
4
1721
10
7, 8
9
1722
Release 4.6A/B
11
12
,I7KHUH,VD3UREOHP
If there is a problem, review the transport log. For more information, see the transport log later in this
chapter.
1723
7060HWKRGRI7UDQVSRUWLQJ
7KH0DLQ7066FUHHQ
*XLGHG7RXU
1724
Release 4.6A/B
*XLGHG7RXU
Adding a special transport into the import buffer is usually not done. The release process adds the
transport into the appropriate input buffer. This task is only performed for special transports that are
downloaded from SAPSERV4 or received via CD.
3UHUHTXLVLWH
The transport files have been moved into the appropriate directories.
1. From the TMS screen, choose
1725
7. Choose Yes.
1726
Release 4.6A/B
8VLQJ706WR,PSRUWD7UDQVSRUW5HTXHVW
*XLGHG7RXU
1727
,PSRUWD6HOHFWHG5HTXHVW
.
2
1728
Release 4.6A/B
.
3
6. Choose Yes.
1729
,PSRUW$OO5HTXHVWV
.
1
1730
Release 4.6A/B
.
3
5. Choose Yes.
8
6
1731
&KHFNWKH7UDQVSRUW/RJ
*XLGHG7RXU
1732
Release 4.6A/B
4. Choose
(or from the menu bar,
choose Syslog Refresh).
5. Check the final return code:
< 0 (Successful)
6
4
< 4 (Warning)
< 8 (Error)
< 12 (Fatal)-6
Anything other than a 0 or 4 is
considered a failed transport.
6. From the menu bar, choose
GoTo Transport steps (this was
formerly known as alog).
5
By using TMS to review the transport logs, the inconsistency encountered in the OS method of viewing
the transport log does not occur. The inconsistency is when the tp return code (received when the
import is done) does not match the return code in the transport log. The following line would appear in
the above screen:
Request
SID
RC
ALL
SAS
0008
1733
260HWKRGRI7UDQVSRUWLQJ
$GGLQJD6SHFLDO7UDQVSRUW,QWRWKH,PSRUW%XIIHU
Adding a special transport into the import buffer is normally not done. This task is only
performed for special transports that are downloaded from SAPSERV4 or received via CD.
3UHUHTXLVLWH
<
The transport files have been moved into the appropriate directories.
<
NT:
<
UNIX: /usr/sap/trans/bin
<drive>:\usr\sap\trans\bin
2. Load the transport into the import buffer with the following command:
tp addtobuffer <transport> <target sid>
tp addtobuffer P30K174511 DEV
Where the:
<
<
File is K174511.P30
<
<
The transport number is derived from the transport file number, where the first three
characters are the file extension (P30), and the rest of the name is the base name of
the file (K174511).
<
<
For NT, on the target system, you must have mapped a drive to the shared directory
(\sapmnt) on the source system (for example, where drive S: is mapped to
\\devsys\sapmnt).
+RZ
<drive>:\trans\bin
UNIX:
/usr/sap/trans/bin
2. Test your connection to the target system with the following command:
tp connect <target sid>
tp connect prd
1734
Release 4.6A/B
<
You may be instructed in an SAP note or by the SAPNet hotline to use Unconditional codes
or U codes. These are special program option switches that the tp program uses during the
import process.
<
In NT, use QuickSlice, an application included with the NT resource kit, and the CPU
activity in the NT Performance Monitor to monitor the import process. After a few
times, you will recognize the activity pattern of a transport.
<
In UNIX, use the utilities top or xload to monitor the import process.
1. Record the start and finish time for the transport on the transport log or the transport
form.
2. Check the exit code.
If you receive an exit code of 8 or higher, the import failed. You must resolve the
problem and reimport the transport. If you get a return code of 8, there is a known
condition where this return code does not match the transport log. This condition is
described in Checking the Transport Log section below.
3. Check the transport log (see below).
&KHFNLQJWKH7UDQVSRUW/RJ7UDQVDFWLRQ6(
:K\
The information in this chapter is only a portion of the first half of the process, that is,
determining if the transport succeeded or failed. The second half of the process,
investigating why the transport failed, is not covered. If the transport involves an object
such as an ABAP program or SAPscript layout, you will need the assistance of your
programmers to determine why it failed and how to fix it.
1735
0 = OK
<
<
4 = Warning
8 = Error
<
12 = Severe Error
If you receive an exit code of 8 or higher, the import failed. You must resolve the problem
and re-import the transport.
The transport could still have failed even if you did not receive a failed return code. The
final test is to verify in the target system that the transport arrived properly. The developer
and functional area owner are responsible for this verification.
&KHFNLQJWKH7UDQVSRUW/RJ
*XLGHG7RXU
1RWHYou must check the transport log from the transaction that released the transport (SE09 or SE10).
1. In the Command field, enter transaction SE10 and choose Enter
(or from the SAP standard menu, choose Tools Accelerated SAP Customizing
SE10-Customizing Organizer).
2. Under Category, select:
< Customizing
< Workbench
< All clients
3. Under Request status:
< Deselect Modifiable.
< Select Released.
Display.
5
1736
Release 4.6A/B
1737
10. Choose
to drill down for
additional details.
11. The status bar indicates how many
levels you have drilled down.
10
11
You may run into a rare inconsistency between the return code in this log and the return code
when you ran the import program tp. This condition occurs when the tp program ends with a
return code 8 (Error) and the log above shows a maximum return code of 4 (Warning). This
inconsistency is caused by a step in the import that is not associated with the transport number
(in the example RW6K9000079). Thus when the log is reviewed, the maximum return code of 4
[(and not 8) (Warning)] appears. However, it is still a failed transport.
The TMS method does not have this inconsistency.
1738
Release 4.6A/B
&KDSWHU 7URXEOHVKRRWLQJ
&RQWHQWV
Overview ................................................................................................................182
Basic Troubleshooting Techniques ....................................................................182
181
2YHUYLHZ
This chapter is a basic problem solving chapter. We will present you with some of the tools
and techniques to help you solve the problem yourself. We will not be going into advanced
troubleshooting techniques. Troubleshooting is learned by doing; the more experience you
have, the better you become.
The next chapter is on performance tuning. Performance tuning is a specialized
troubleshooting, so troubleshooting techniques are also relevant for performance tuning.
%DVLF7URXEOHVKRRWLQJ7HFKQLTXHV
The general procedure when working on troubleshooting is not new. It is the standard
problem solving procedure that has been in use for years by many professions. Your auto
mechanic would follow the same procedure when repairing your car:
<
Gather data
<
<
<
<
<
*DWKHU'DWD
182
<
<
Release 4.6A/B
$QDO\]HWKH3UREOHP
<
<
What are the resources you have to help solve the problem:
Online documentation
Reference books
SAP notes
Other customers (this is your network)
Call for assistance:
Consultants
SAPNet help desk
(YDOXDWHWKH$OWHUQDWLYHV
0DNHRQO\2QH&KDQJHDWD7LPH
<
If there is a problem, and you made several changes at once, you will not know which
change caused or fixed a problem.
<
There are times where several changes need to be made, to fix a problem.
Unless they must be done together, such as related program changes, make the changes
separately.
'RFXPHQWWKH&KDQJHV
<
<
If the change needs to be applied to multiple systems, you need to know exactly what
changes to make and how to do it. This process must be repeated exactly the same on all
systems.
183
*HWWKH&RPSOHWH(UURU0HVVDJH
*XLGHG7RXU
When you get an error message in an R/3 transaction, you need all the information on the error to forward
to SAP. To get the complete error message, do the following:
1. When an error occurs, the field
with the error is highlighted.
2. Double-click on the error message.
184
Release 4.6A/B
*HWWKH6$33DWFK/HYHO
:KDW
This level is the R/3 kernel patch level that is being used.
:K\
This patch level is needed when submitting problem messages to SAP. It tells the hot line
personnel on what kernel patch level you are. Different problems are fixed in different patch
levels.
([DPSOH
You are on patch level 50 and have a particular problem. The fix to your problem may
have been done in patch level 61. This level identifies that the problem is an older kernel
that contains the problem. The solution is to upgrade to the current kernel, at least patch
level 61.
+RZ
*XLGHG7RXU
185
'HWHUPLQLQJ:KDW6XSSRUW3DFNDJHV+DYH%HHQ$SSOLHG
:KDW
As with the SAP Patch level, problems you have may be related to the level of the applied
support package.
186
Release 4.6A/B
+RZ
*XLGHG7RXU
187
<
188
SAPKH46A01 is interpreted as SAPKH / 46A / 01, and is for Release 4.6A and is the first Support
Package.
Release 4.6A/B
&KDSWHU 3HUIRUPDQFH
&RQWHQWV
Overview ................................................................................................................192
General Procedure ................................................................................................193
R/3...........................................................................................................................194
Database ..............................................................................................................1911
Operating System ...............................................................................................1911
Hardware..............................................................................................................1915
191
2YHUYLHZ
This chapter is an introduction to performance issues in R/3. We provide only general
guidelines, not detailed performance tuning instructions. It is not possible in one chapter, to
provide the breadth and depth of information available in the SAP training class or the
Performance Optimization book. For more detailed performance tuning, we recommend the
following resources:
<
<
SAP R/3 Performance Optimization, by Thomas Schneider, SAPs TCC organization, which
recently published a book on performance optimization.
&ULWLFDO$VVXPSWLRQ
The hardware, operating system, database, and R/3 have been properly installed based
upon SAPs recommendations.
:K\
As with the design of this book, performance tuning has to have a starting point. This point
is the SAP-recommended configuration for hardware, database, operating system, network,
etc.
An extreme example (that did occur with a customer) is where the operating system, the
database, and R/3 has been installed on a single logical drive. In this situation, all the drives
in the server were configured in a single RAID5 array and treated as a single, huge drive.
This situation created a classic condition known as head contention, where R/3, the
database, and the operating system all simultaneously competing for the same disk drive
head.
Head contention is similar to you being asked to do many things at the same time, such as:
<
Cook dinner
<
Read a book
<
<
<
You run around doing a little of each task then going to the next. None of the tasks get done
with any reasonable speed.
192
Release 4.6A/B
This is an example of a problem that is not new. Head contention existed in the early days of
computing. The solution now is essentially the same as it was back then, that is, to spread
the data over multiple drives.
3ULRULW\RI(YDOXDWLRQ
The SAP EarlyWatch group has determined that the majority of the performance issues and
gains are from within R/3. This gain is followed first by database issues, then operating
system, then hardware. Thus we will primarily discuss R/3 performance issues.
*HQHUDO3URFHGXUH
The general procedure when working on performance issues is not new. It is the standard
problem-solving procedure:
<
Gather data
<
<
<
<
193
5
One of the most common reasons for R/3 performance problems is poorly written custom
(or modified standard) ABAP programs.
:RUNORDG$QDO\VLVRIWKH6\VWHP7UDQVDFWLRQ67
:KDW
You should check statistics and record trends to get a feel for the systems behavior and
performance. Understanding the system when it is running well helps you determine what
changes may need to be made when it is running poorly.
*XLGHG7RXU
194
Release 4.6A/B
195
10
Judgment must be applied when reviewing statistical values. If you just started the R/3
System, the buffers will be empty and many of the statistics will be unfavorable. Once the
buffers are loaded, values can be properly evaluated.
In this example, the Av. response time of almost 4 seconds must be evaluated with other
factors in mind.
The R/3 user default for a decimal point is a comma. If your default profile for decimal point,
(point or comma) is not appropriately set, the display may be misread. For example, rather
than 3,888 ms, it would read 3.888 ms. Quite a difference!
196
Release 4.6A/B
12
11
Analysis of transaction ST03 is covered in BC315 (the Workload Analysis and Tuning class).
We recommend you take this class.
13. The programs and transactions are
now sorted in average response
time order.
13
197
A few standard functional transactions will exceed the one-second guideline. They include,
but are not limited to the following:
Type
Transaction
VA01
VA02
VA03
VF01
Create Delivery
VL01
PA30
%XIIHUV67
:KDW
The buffer tune summary transaction displays the R/3 buffer performance statistics. It is
used to tune buffer parameters of R/3 and, to a lesser degree, the R/3 database and
operating system.
:K\
The buffer is important because significant buffer swapping reduces performance. Look
under Swaps for red entries. Regularly check these entries to establish trends and get a feel
for buffer behavior.
198
Release 4.6A/B
*XLGHG7RXU
2a
2b
199
Analysis of transaction ST02 is covered in BC315 (the Workload Analysis and Tuning
class). We recommend you take this class.
0HPRU\'HIUDJPHQWDWLRQ
:KDW
A computers memory behaves similar to a hard disk. As different programs execute, they
are loaded into, and later deleted out of, memory. Over time, like a hard disk, the usage of
the computers memory becomes fragmented with unused spaces scattered throughout.
:K\
At a certain point you may have sufficient free memory (that is, the total of all the unused
spaces), but not a contiguous (single) piece of memory large enough to allow certain
programs to execute. At that point, those types of programs attempting to run that need
contiguous memory will fail because they cannot be loaded into memory.
+RZ
1910
Release 4.6A/B
'DWDEDVH
See chapter 13 (Database Administration Microsoft SQL Server) for the database-related
performance tuning transactions:
< Activity - ST04
<
Tables/Indexes - DB02
2SHUDWLQJ6\VWHP
2SHUDWLQJ6\VWHP0RQLWRU26
:KDW
The operating system monitor allows you to view relevant operating system and hardware
details.
The operating system-related detail, such as:
<
Memory paging
<
CPU utilization
Free space on disks
:K\
1911
+RZ
*XLGHG7RXU
.
3
2
1912
Release 4.6A/B
1913
1914
Release 4.6A/B
+DUGZDUH
&38DQG'LVN
Also see Operating System Operating System Monitor (OS07) to get data on:
<
CPU utilization
<
0HPRU\
The hardware item that has the largest effect on R/3 performance is memory. The R/3
System uses memory extensively. By keeping data in buffer, physical access to the drives is
reduced. Thus, in general, the more memory you have, the faster R/3 will run.
Physical access to the drives is the slowest activity.
1915
1916
Release 4.6A/B
&KDSWHU 6$31HW:HE)URQWHQG
&RQWHQWV
Overview ................................................................................................................202
Logging on to SAPNet ..........................................................................................203
Online Services .....................................................................................................204
Solving a Problem with SAPNet ..........................................................................205
Registering a Developer or Object ....................................................................2015
Online Correction Support.................................................................................2024
201
2YHUYLHZ
SAPNetWeb Frontend (SAPNetweb) is the internet access to SAP resources and SAPNet
R/3 (formerly OSS) functions such as:
< Registering developers and objects
<
<
Most of the OSS functions will be migrated to SAPNet. The entering and retrieving of
customer messages on SAPNet has just become available and is currently in pilot.
However, not all OSS functions will be migrated to SAPNet. The opening and use of the
SAP service connections for Earlywatch and SAP hotline access to customer systems will
remain in OSS or SAPNetR/3.
We recommend that you use SAPNetWeb as your primary SAPNet access method. For
most companies with an existing (flat fee) internet access line, the cost of the internet
access is already paid for. The SAP service connection required for SAPNet-R/3, if using
ISDN, is additional per minute cost.
+RZ
An internet connection
<
A browser
SAPNet works better with Microsoft Internet Explorer.
<
202
Release 4.6A/B
/RJJLQJRQWR6$31HW
*XLGHG7RXU
2
3
203
2QOLQH6HUYLFHV
*XLGHG7RXU
204
Release 4.6A/B
6ROYLQJD3UREOHPZLWK6$31HW
If you have a particular problem or question, you should search:
<
<
6HDUFKLQJIRU6$31RWHV
*XLGHG7RXU
205
<
<
3a
3b
4a
4b
4c
4d
5
206
Release 4.6A/B
6
7
7R6HDUFKIRU1RWHV5HODWHGWR,QVWDOODWLRQ
2
1
207
&XVWRPHU0HVVDJHV
1RWH As this guidebook is going to print, the Customer Message function has just been
released to SAPNet-Web. Since this function is in pilot mode, it may change from the
process described here. At present, you can only create and view messages via SAPNetWeb, modifying messages is only possible via SAPNet-R/3.
If you have searched both the online documentation and SAP notes and not found the
answer to your question or problem, then you should submit a SAPNet message for
assistance.
1RWH The SAPNet customer message function is not meant to replace consulting.
Messages entered into SAPNet are for reporting and getting resolution on SAP problems
or bugs. If a message is interpreted as a request for consulting information, it will be
returned to you, and you will be advised to seek consulting assistance.
208
Release 4.6A/B
(QWHULQJ&XVWRPHU0HVVDJHV
Include as much information as possible in your message, so the SAPNet Hotline
consultants can help you. Indicate where in the online documentation you have searched
and which SAP notes you have reviewed.
3ULRULW\WDEOH
Priority
Situation
Very High
<
<
Medium
For errors with less serious consequences than the above two cases,
where the operation of the productive system is not seriously
affected.
Low
Use care when assigning a priority to your message. If the problem does not meet the Very
High criteria, assigning the message this priority will not guarantee you a quicker response
time.
209
The following list contains hints that can improve total problem resolution time:
&RPSRQHQW
<
<
Be aware that the cause of the problem may be in an area other than the module you are
working on.
3UREOHP'HVFULSWLRQ
<
<
Provide enough data so that SAPNet Hotline personnel will not have to ask additional
questions before beginning work on your problem.
<
2010
Release 4.6A/B
+RZ
*XLGHG7RXU
(QWHULQJ&XVWRPHU0HVVDJHV
2011
< Production
< Test
6. In Installation, choose the installation
that your message is for.
7. In Release, choose the R/3 release of
your system from display options.
5
6
7
8
9
10
11
12
13
2012
14
Release 4.6A/B
15
16
17
21
9LHZLQJ&XVWRPHU0HVVDJHV
The response to your message is often in the form of an electronic message, rather than a
telephone call. It is, therefore, important to monitor the status of your messages.
2013
9LHZLQJ&XVWRPHU0HVVDJHV
1. On the SAPNet screen, on the menu
bar, choose Inbox.
2014
Release 4.6A/B
5HJLVWHULQJD'HYHORSHURU2EMHFW
:KDW
To modify an SAP object, both the developer and the object that will be modified need to be
registered with SAP. A developer, once registered for the installation, does not have to
register again. Similarly, an SAP object once registered for the installation, does not have to
be registered again. It is for this reason that on the registration screen either or both the
developer or object access key would be required.
:K\
<
<
Registering an SAP object provides a record of which SAP objects have been modified
by the customer.
The assumption is that if you requested an object access key, you will be modifying the
object.
+RZ
See the following sections for registering a developer and an SAP object.
5HJLVWHULQJD'HYHORSHU
To modify an SAP object, the developer needs to be registered with SAP. Once registered for
the installation, the developer does not have to register again.
:K\
Only an SAP-registered developer can make changes to SAP objects. Restricting access to
registered developers provides a record of who has made changes to the system.
+RZ
2015
*XLGHG7RXU
'HYHORSHU5HTXHVWV'HYHORSHU.H\
1. This screen is seen by the
developer when a developer key is
required.
a. If the developer Access key is
blank, you need to obtain a
developer access key.
b. Give the developer User name
(2) to the system administrator
to get a developer access key.
b
a
7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\
1. On the Online Services screen, choose SSCR.
2016
Release 4.6A/B
Developers
SAP objects that will be changed
5HJLVWHULQJD'HYHORSHU
1. If your site has several R/3 installations, select
the one for which you wish to perform
registrations.
2. Choose Register Developer.
2
1
2017
(QWHUWKH'HYHORSHU.H\
In the development system:
1. In the developer Access key field,
the developer enters the key
received from the system
administrator.
2018
Release 4.6A/B
'HOHWLQJD'HYHORSHU
On the same screen that was used to
register a developer:
1. In Developer, enter the user ID of the
developer to delete.
2. Select Delete.
3. Choose Register.
4. To check if the deletion is
successful, choose Overview, which
displays a list of developers.
2
3
5HJLVWHULQJDQ2EMHFW
:K\
Registering an SAP object provides a record of which SAP objects have been modified by
the customer. The assumption is that if you requested an object access key, you will be
modifying the object. If the customer modifies an object and problems arise, resolving the
problem may be the customers responsibility. If an object is not modified and problems
arise, resolving the problem is SAPs responsibility.
+RZ
2019
*XLGHG7RXU
'HYHORSHU5HTXHVWV2EMHFW.H\
1. This screen is seen by the
developer when an object key is
required:
a. If the object Access key is blank,
you need to obtain an object
access key.
b. Give the three object fields to
the system administrator (for
example, R3TR, PROG,
RSPARAM).
All three fields are required to
obtain the object key.
b
c
a
7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\
1. On the Online Services screen, choose SSCR.
2020
Release 4.6A/B
Developers
SAP objects that will be changed
5HJLVWHULQJDQ2EMHFW
2
1
2021
4
3
5. Choose Register.
2022
Release 4.6A/B
(QWHUWKH2EMHFW.H\
In the development system:
1. In Access key, the developer would enter the
object key received from the system
administrator.
10
'HOHWHDQ2EMHFW
From the Register Object Screen:
1. In TADIR Object, enter the Program
ID/Object/Object name of the object to
be deleted.
2. Select Delete.
3. Choose Register.
4. To check whether the deletion is
successful, choose Overview, which
displays a list of developers.
2
3
2023
2QOLQH&RUUHFWLRQ6XSSRUW
The SAP Online Correction Support provides information and tools to retrieve support packages such as
hot packages, legal change packages, SPAM updates, etc.
*XLGHG7RXU
2024
Release 4.6A/B
*HWWLQJWKH/DWHVW63$0YHUVLRQ
Make sure that you have the latest version of the
SAP Patch Manager or SPAM on your R/3 System
before you apply any support packages:
1. To get the latest SPAM version, on the
download screen, choose SPAM Updates.
2025
4. Choose Download.
9. Choose OK.
2026
Release 4.6A/B
'RZQORDGLQJ6XSSRUW3DFNDJHV
1. On the download screen, from the left frame,
select R/3 Support Packages.
<
<
2027
<
6SHFLILF6XSSRUW3DFNDJH5HODWHG1RWHV
To look at the notes related to the specific Support
Package:
1. On the Option screen, choose R/3 Notes.
2028
Release 4.6A/B
3
2
2029
'RZQORDGLQJ6XSSRU3DFNDJHV
To download the Support Package:
1. On the option screen, choose Download.
2030
Release 4.6A/B
After downloading the support packages (whether SPAM update or support package), complete the
following steps:
1. Unpack the patch archive file (see Unpacking a CAR file in chapter 22).
2. Transfer the resulting *.ATT and *.PAT files to the /usr/sap/trans/EPS/in subdirectory.
Useful SAP Notes
Description
83458
97621
169142
36579
152170
169329
86161
69224
2031
2032
Release 4.6A/B
&KDSWHU 6$31HW5)URQWHQG
&RQWHQWV
Overview ................................................................................................................212
Useful SAP Notes..................................................................................................213
Connecting to SAPNetR/3 ..................................................................................213
Researching a Problem with SAPNet-R/3...........................................................216
Registering a Developer or Object ....................................................................2122
Opening a Service Connection..........................................................................2130
211
2YHUYLHZ
SAPNetR/3 Frontend [SAPNet-R/3 (formerly OSS)] is a group of services offered by SAP
that is used to:
< Search for solutions to problems
<
<
<
<
Periodically, the SAPNetR/3 user interface changes as the frontend is upgraded. Therefore,
screens may not appear as shown in this book or be the same over time.
In this chapter, you will learn how to:
<
Connect to SAPNetR/3
<
<
<
If you have an ISDN connection, the telephone bill can become high. ISDN is normally
billed by the minute of connect time. Manage the time that you are connected to
SAPNet-R/3, or you could get a large phone bill for your SAP service connection.
Check with your networking person or company about how your SAP service connection
is configured. Some will hold the ISDN connection open even if there is no traffic, which
could result in an even larger phone bill.
3UHUHTXLVLWHV
<
<
212
Release 4.6A/B
8VHIXO6$31RWHV
SAPNet R/3 Note #
Description
32789
33221
&RQQHFWLQJWR6$31HW5
*XLGHG7RXU
3. Select 1_PUBLIC.
4. Choose Continue.
213
.
5
6
214
Release 4.6A/B
215
5HVHDUFKLQJD3UREOHPZLWK6$31HW5
SAPNet-R/3 contains a large database of problem notes. If you have a particular problem or
question, you should first search the online documentation, then search these notes. You can
also access SAP notes through SAPNet-Web.
)LQGLQJ1RWHVLQWKH6$31HW5
*XLGHG7RXU
216
Release 4.6A/B
2. Choose Notes.
3. Choose Find.
4
4a
4a
4a
.
4b
4c
4d
4f
217
<
218
Release 4.6A/B
10
11
12
13
14. Once the file is downloaded to your local computer, you can view and print the file using a text editor
or a word processor.
219
Situation
Very High
<
<
Medium
This priority is for errors with less serious consequences than the
above two cases, where the operation of the productive system is
not seriously affected.
Low
Use care when assigning a priority to your message. If the problem does not meet the Very
High criteria, assigning the message this priority will not guarantee you a quicker response
time.
2110
Release 4.6A/B
The following list contains hints that can improve total problem resolution time:
&RPSRQHQW
<
<
Be aware that the cause of the problem may be in an area other than the module you are
working on.
3UREOHPGHVFULSWLRQ
<
<
Provide enough data so that SAPNet Hotline personnel will not have to ask additional
questions before beginning work on your problem:
<
2111
*XLGHG7RXU
2112
Release 4.6A/B
to make a
Kernel release
<
<
<
Program name
Error message
8
10
11-14
System ID
<
Client number
<
User ID
<
Type of connection
To control access to your system and mange how long the service connection is open, request
that you be contacted to:
< Get the password
< Open the SAP service connection
2113
16
17
18
2114
Release 4.6A/B
*HWWLQJ6WDWXVRQ<RXU0HVVDJH
The response to your message is often in the form of an electronic message rather than a
telephone call. It is, therefore, important to monitor the status of your messages.
*XLGHG7RXU
1a
1b
1c
1d
2
2115
5HYLHZWKH$FWLRQ/RJ
1. Choose Action Log.
2116
Release 4.6A/B
'LVSOD\/RQJ7H[W
1. Choose Long text.
2117
5HRSHQ
1. Choose Reopen.
2118
and select a
2
3
Release 4.6A/B
2119
9. Choose Back.
2120
Release 4.6A/B
&RQILUP
1. Choose Confirm.
2. Choose Yes.
2121
5HJLVWHULQJD'HYHORSHURU2EMHFW
:KDW
To modify an SAP object, both the developer and the object that is to modified needs to be
registered with SAP. A developer, once registered for the installation, does not have to
register again. Similarly, an SAP object once registered for the installation, does not have to
be registered again. It is for this reason that on the registration screen either or both the
developer or object access key would be required.
:K\
Only an SAP-registered developer can make changes to SAP objects. Restricting access to
registered developers provides a record of who has made changes to the system.
Registering an SAP object provides a record of which SAP objects have been modified by
the customer. The assumption is that if you requested an object access key, you will be
modifying the object.
+RZ
See the following sections for registering a developer and registering an SAP object.
5HJLVWHULQJD'HYHORSHU
To modify an SAP object, the developer needs to be registered with SAP. A developer, once
registered for the installation, does not have to register again.
:K\
Only an SAP-registered developer can make changes to SAP objects. Restricting access to
registered developers provides a record of who has made changes to the system.
+RZ
2122
Release 4.6A/B
*XLGHG7RXU
'HYHORSHU5HTXHVWV'HYHORSHU.H\
1. This screen is seen by the
developer when a developer key is
required.
a. If the developer Access key is
blank, you need to obtain a
developer access key.
b
a
7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\
1. From the main SAPNetR/3
screen, choose Registration.
2123
.
3
6. Choose Register.
2124
Release 4.6A/B
(QWHUWKH'HYHORSHU.H\
In the development system:
1. In the User name Access key field,
the developer enters the key
received from the system
administrator.
The easiest way to enter the developer key is to use copy and paste. This function can
be done either:
<
<
Into an intermediate file using a text editor, such as Notepad (NT) or vi (UNIX)
2125
5HJLVWHULQJDQ2EMHFW
:K\
Registering an SAP object provides a record of which SAP objects have been modified by
the customer. The assumption is that if you requested an object access key, you will be
modifying the object. If the customer modifies an object and problems arise, resolving the
problem may be the customers responsibility. If an object is not modified and problems
arise, resolving the problem is SAPs responsibility.
+RZ
*XLGHG7RXU
b
c
a
2126
Release 4.6A/B
7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\
1. On the main SAPNetR/3 screen,
choose Registration.
2127
.
3
5
6
7
2128
Release 4.6A/B
(QWHUWKH2EMHFW.H\
The developer completes this step:
1. In Access key, the developer enters
the object key received from the
system administrator.
The easiest way to enter the developer key is to use the copy and paste function. Copy
and paste can be done either from screen to screen or into an intermediate file using a
text editor, such as Notepad (NT) or vi (UNIX).
2129
2SHQLQJD6HUYLFH&RQQHFWLRQ
:KDW
<
SAPNet Hotline personnel use the connection to remotely examine and diagnose your
system while investigating your question or problem.
<
EarlyWatch consultants use the connection to remotely review performance and system
configuration.
1RWHYou can only specify the length of time for a connection to remain open, not the
start time.
To schedule the time when a service connection will open, you must apply SAP note
170102. This note is valid back to Release 3.1G.
To manage your telephone expense:
1. Request that SAPNet consultants call to request that the connection be opened at a
specific time for a specified duration.
2. Open the connection at the time they request.
2UGHURI$FFHVVWR6\VWHPV
<
Try to first duplicate the problem in your development or test server, and have SAP
access that server first.
<
As a last resort, and only if the problem cannot be duplicated on the development or test
server, grant access to the production server.
:K\
Problem solving may require making an entry into the system to observe the problem.
Testing is not an activity that should be done in the production system. Entering test data,
even if reversed, could affect operational statistics. If the problem is basis related, an
accident could result in a disaster. The Service Connection function has changed in
September 1999.
2130
Release 4.6A/B
SAP Note
Description
31515
Service connections
169296
169329
170102
171569
*XLGHG7RXU
2131
2
3
2132
Release 4.6A/B
.
6
.
8
2133
.
9
.
11
10
12
13
2134
Release 4.6A/B
To schedule the time when a service connection will open, you must apply SAP note 170102.
This note is valid back to Release 3.1G.
14
2135
2136
Release 4.6A/B
&KDSWHU 5HPRWH6HUYLFHV
&RQWHQWV
Overview ................................................................................................................222
Retrieving Files from SAP, SAPSERV4 ..............................................................222
EarlyWatch Session............................................................................................2214
221
2YHUYLHZ
In this chapter, readers will learn about SAPSERV4 and EarlyWatch. The information in this
chapter should help the user understand how to:
< Retrieve files from SAP and SAPSERV4
<
Connect to SAPSERV4
<
Download files
<
5HWULHYLQJ)LOHVIURP6$36$36(59
:KDW
SAPSERV is a series of servers that contain patches and other downloadable files for
customers. In this guidebook, we specifically discuss the U.S. server, SAPSERV4. The
difference between the various SAPSERV servers is the name, the IP address, and the
location (see table below). At present, we are not aware of any plans to move this
functionality to SAPNetWeb.
Location
Host
IP Address
Long Hostname
Walldorf
sapserv3
147.204.2.5
sapserv3.wdf.sap-ag.de
Foster City
sapserv4
204.79.199.2
sapserv4.sfo.sap-ag.de
Tokyo
sapserv5
194.39.138.2
sapserv5.tyo.sap-ag.de
Sydney
sapserv6
194.39.139.16
sapserv6.syd.sap-ag.de
Singapore
sapserv7
194.39.134.35
sapserv7.sin.sap-ag.de
:K\
222
<
<
<
Release 4.6A/B
:KHUH
If you cannot connect to SAPSERV4, you may not be on the machine where SAProuter is
installed.
The SAProuters at SAP are configured to only recognize their counterpart SAProuter on the
customers side. Therefore, you must connect from the computer where the SAProuter is
installed and running.
17
81,;
<
+RZ
You can connect to, navigate within, and download files from SAPSERV4 using:
<
Command prompt
<
<
Internet browser
For ease of use and navigation, use an FTP GUI client to access SAPSERV.
&RQQHFWLQJWR6$36(598VLQJD*8,17
Using an FTP GUI client is much easier than using the command prompt.
In this guidebook, we use only one of the many available FTP clients. Other FTP clients are
listed in the resources section of appendix A. SAP does not endorse any particular product.
Also, it is your responsibility to perform compatibility testing to determine if the software
you select functions on your system without conflict (for example, without crashing the
system).
223
3UHUHTXLVLWHV
The SAP service connection to SAPSERV4 has been established, tested, and is functional.
<
<
The FTP client has been configured with the following parameters:
IP address of SAPSERV4, 204.79.199.2
Login user ID, FTP
User password <your e-mail address>
Directory to download files to on the client PC (optional)
$Q([DPSOHRIDQ)73&OLHQW
*XLGHG7RXU
224
Release 4.6A/B
225
&RQQHFWLQJWR6$36(598VLQJWKH&RPPDQG3URPSW
1DYLJDWLQJLQ6$36(59
SAPSERV4 is a UNIX server.
<
<
&RQQHFWLQJDWWKH&RPPDQG3URPSW
*XLGHG7RXU
Both UNIX and NT use a command prompt window, and the commands entered are the same. The NT
command prompt window is shown in the following example.
The directory you are currently in is the directory into which file will be downloaded. To
download the file to a different directory, change to that directory after you open the
command prompt window and before you enter the FTP command.
226
Release 4.6A/B
4
5
In NT, to increase the screen buffer size and prevent the text from scrolling off the screen:
1. On the NT desktop, choose My Computer Control Panel Console Layout tab.
2. Under screen buffer size, increase the height to 100.
227
228
Release 4.6A/B
'RZQORDGLQJ)LOHV
< Download patches, kernels, transports, and other files in binary format.
< Many of the files are in *.CAR archives.
Use the CAR program to unpack these files (see Unpacking a CAR file on page 2213).
*XLGHG7RXU
1
2
4
229
3DUWLDO2UJDQL]DWLRQRI6$36(59
Not all directories on SAPSERV4 are listed or expanded. For those that are similar (release, database,
operating system), only one is expanded in detail. Over time, the directory structure may change or be
reorganized. See below for the SAPSERV4 structure.
2210
Release 4.6A/B
2211
R3server
abap
note.*
binaries
NT
support
i386
UNIX
languages
Note.*-------------------------specific note numbers
patches -----------------------------------R/3 patches, where most of the downloads will be
COMMON ------------------Kernel, release-independent programs
NT
i386 ---this dir has car.exe, sappad.exe, tar.exe
OS400
UNIX
NT
ALPHA
I386 ---------------this dir has car.exe, sappad.exe, tar.exe
MSSQL
rel31H
rel31I
rel40A
rel40B -----------------------Kernel release, OS, hardware, db specific programs
NT
I386
MSS --------------MS SQLserver
ORA --------------Oracle
OS400
UNIX
AIX
DEC
HPUX
ORA
HPUX_SHM
RELIANT
SOLARIS
rel45A
2212
Release 4.6A/B
8QSDFNLQJD&$5)LOH
:KDW
A CAR file is a packaged file similar to a zip file. Like a zip file, a CAR file may contain
more than one file. SAP delivers transports, patches, and other programs and files in CAR
files. To use the contents of these files, you must unpack them using car.exe.
3UHUHTXLVLWHV
1. Get car.exe from SAPSERV4 (for the latest version) or from the directory
NT:
\usr\sap\<sid>\sys\exe\run\
UNIX:
/usr/sap/<sid>/SYS/exe/run
If your version of the CAR program is older than six months, replace it with the latest
version.
2. Create an unpacking directory where you unpack files (for example, d:\sap\unpack).
3. Copy the file car.exe into this directory.
8QSDFNLQJD)LOH
*XLGHG7RXU
To reduce confusion:
<
Begin the unpacking session with only the car.exe program in the unpacking
directory.
<
1. Copy the file to be unpacked into the unpacking directory (for example, sapdba_64.car).
2. Open a command prompt window.
3. Change to the unpacking directory.
2213
6SHFLDO6$31HW1RWHV
Note #
Function
29372
63786
63845
96885
(DUO\:DWFK6HVVLRQ
:KDW
The underlying concept of EarlyWatch is to prevent problems before they occur or escalate.
EarlyWatch diagnoses a systems potential problems and resource bottlenecks so they can
be resolved in advance.
During an EarlyWatch session, performance experts log on to your system (into client 066)
to monitor its performance, review its performance-related configuration settings, and
recommend changes to your system.
Analysis is done in five areas:
<
R/3 configuration
<
R/3 application
<
Server
<
Workload
<
Database
EarlyWatch applies only to the production system, not the development system. The goal is
for satisfactory online performance, not background performance. A system, other than the
2214
Release 4.6A/B
<
<
You do not have to do an EarlyWatch session if your system or company conditions have
remained the same.
<
1RWH The target response is less than 1 second, which excludes the network delay
from the users PC to the R/3 System. This delay is outside the scope and control of SAP.
+RZ
2215
5. Once the customers system is analyzed, a report is generated and sent to the customer.
Recommendations may be at any of three levels:
<
<
R/3 System
Database
<
Operating system
2216
Release 4.6A/B
&KDSWHU 6SHFLDO0DLQWHQDQFH
&RQWHQWV
Overview ................................................................................................................232
Changing System Profile Parameters (Transaction RZ10) ...............................232
Support Packages...............................................................................................2311
Kernel Upgrade ...................................................................................................2340
Client Copy ..........................................................................................................2342
Production Refresh Strategies ..........................................................................2356
231
2YHUYLHZ
In this chapter, the reader will learn about special maintenance. This topic includes the
following:
< Kernel upgrade
<
Client copy
<
&KDQJLQJ6\VWHP3URILOH3DUDPHWHUV7UDQVDFWLRQ5=
:KDW
The system profile parameters are what R/3 uses when it starts up. Parameters may define
how many of each work process to create, the minimum length of the user password, etc.
The system uses the following three parameters:
< Start
This parameter defines which R/3 services are started.
< Default
This parameter defines the profile for all instances in the system.
<
Instance
This parameter defines the profile for the specific instance, which allows individual
application servers to be configured differently for specific tasks and users.
:K\
Change a value only for a specific purpose and only with proper knowledge of what is
being changed and why it is being changed.
<
<
<
Before making changes to the system profiles, make certain that you have a recent, usable
copy of the system profile files. This backup is your last line of defense if a profile change is
made that results in R/3 not being able to start.
232
Release 4.6A/B
*XLGHG7RXU
.
3
Start profile
<
<
233
Use the instance profile to make the parameters of a specific application server different
than the other servers for specific reasons (for example, a batch application server).
Under Edit profiles, there are three selections:
<
Administration data
<
This selection is not a maintenance mode. It is used to change the name of the file where
the profile should be activated.
Basic maintenance (maintenance mode)
This mode allows you to set the buffers, work processes, and directories in the system
profiles. It also allows you to specify the SAP components to be started (for example,
message server, application server, SNA gateway, etc.) in start up profiles. This form of
maintenance protects most profile parameters from being changed by potentially
incorrect settings.
<
Change.
6
7
234
Release 4.6A/B
Parameter..
The point where you insert the new profile parameter has no effect on the process.
But, to make it easier to read, you may want to group or order the parameters (for
example, group the logon parameters together).
Once you enter the profile parameter, it cannot be easily moved to another location.
Therefore, be careful where you choose to insert it.
10. Click in the Parameter name and
choose
10
235
.
12
17
15
16
236
Release 4.6A/B
19
18
21
20
237
23
22
25
26
238
Release 4.6A/B
27. Choose
27
28. Choose
28
239
31
32
2310
Release 4.6A/B
6XSSRUW3DFNDJHV
:KDW
1RWH
< Hot Packages are now known as R/3 Support Packages
< Legal Change Patches (LCP) are known as R/3 HR Support Packages
A Support Package is a collection of corrections that address serious errors in the ABAP
repository. These corrections affect the Basis and functional areas. There are defined rules
about what kind of fixes should be (and are) included in a Support Package. Some rules are
technical while other rules are policy.
A Support Package is not a cumulative fix for application modules. You must still get and
apply the notes for the functional modules. However, since Support Packages contain
patches for the various functional areas, some of the notes may be applied in the Support
Package. The Support Package is not supposed to contain functional enhancements, but this
is not always the case.
:K\
The purpose of a Support Package is to fix problems before they become problems.
:KHQ
There is a conflict about when Hot Packages should be (and are) applied:
<
To prevent serious problems, SAPs position is that customers should apply all Support
Packages as they are released..
<
The position of many customers is that all system changes must be regression tested.
This stance, with the frequency of Support Package releases, results in the Support
Packages not being applied.
The reason is that the amount of testing required cannot be done continuously
This customer position is not unique to SAP and has been taken by many customers
since the early days of computing.
1RWH As of Release 4.5, Hot Packages have been separated from the HR Legal Change
Patch (HR LCP). This separation allows LCPs to be applied quickly, to be in legal
compliance, and not applying Support Packages before they are scheduled to be applied.
Before Release 4.5, the LCP contained the Hot Packages; applying a LCP also meant
applying the Hot Package.
2311
6WUDWHJ\
Obtain the notes related to the Support Package, and review what it fixes:
<
If there is nothing in the Support Package that applies to you, do not apply it.
<
+LJK/HYHO3URFHVVRI$SSO\LQJ6XSSRUW3DFNDJHV
Applying Support Packages
1. Determine what Support Packages have been applied to your system.
2. Get and review the notes for the Support Package(s).
3. Determine if the Support Package should be or needs to be applied.
Steps 4 through 9 assume that the Support Package is to be applied and are repeated
for all Support Packages that are to be applied at the current time.
4. Obtaining the Support Package
Depending on the size of the Support Package, it can be obtained three ways:
< Download it from the SAPNetR/3 (formerly OSS).
This option is size limited, so large Support Packages cannot be downloaded via
SAPNetR/3.
< Download it from SAPNetWeb.
< Upload it from the Support Package collection on CD.
The Support Package collection contains all Support Packages available at that
point in time.
Download from SAPNet R/3
(OSS)
5. Download the
Support Package.
6. N/A
2312
Release 4.6A/B
'HWHUPLQLQJ:KDW6XSSRUW3DFNDJHV+DYH%HHQ$SSOLHG
*XLGHG7RXU
0HWKRG
2313
Display.
2314
Release 4.6A/B
*HWWLQJ,QIRUPDWLRQRQWKH6XSSRUW3DFNDJHIURP6$31HW5
*XLGHG7RXU
1. Choose Service.
2. Choose SAP Patch Service.
3. Choose R/3 support packages.
1
2
3
2315
10
b. Hot Packages
Extra Large indicates that the Hot
Package may not be
downloadable.
7. To display the notes for a specific
Support Package, select it, then
choose Notes for patch.
2316
a
b
Release 4.6A/B
7R9LHZ$OO1RWHV
1. Right-click anywhere on the
screen.
2. Select Download list from the
popup menu (not shown).
2317
3. Select unconverted.
4. Choose
2318
Release 4.6A/B
2319
10
11
1RWH The duration of the download depends on the number of notes addressed by the Support
Package. It could take 20 minutes (or more) to download the notes for a large Support Package.
12. Enter the path to your local PC
and create a name for the file.
12
2320
Release 4.6A/B
7R9LHZD6SHFLILF1RWH
1. Double-click the node (+) to
expand an individual branch (for
example, BC).
2. Double-click the node (+) for BCCCM, BC-CCM-PRN and BC-CCMPRN-SPO.
2321
5HTXHVWLQJ63$0RUD6XSSRUW3DFNDJHIURP6$31HW5
*XLGHG7RXU
1. Choose Service.
2. Choose SAP Patch Service.
3. Choose R/3 support packages.
1
2
3
2322
Release 4.6A/B
2323
Always plan to first apply the Support Package on a test server to assure it will not
create a problem.
<
3UHUHTXLVLWH
The Support Package(es) must have been requested for the system/<sid> to which you are
downloading it.
*XLGHG7RXU
1. Log on to client 000, under any user that has the SAP* equivalent authorizations.
2. In the Command field, enter transaction SPAM and choose Enter
(or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance
SPAM-Patches).
3. Choose
.
5
2324
Release 4.6A/B
7. Choose Back.
Make sure that the directory /usr/sap/trans/EPS/in has enough space to download the Hot
Package.
8SORDGLQJWKH6XSSRUW3DFNDJHIURPD&'RU6$31HW:HE
Large Support Packages (those too large to download from the SAPNetR/3) are available
via the following two methods:
<
<
SAPNetWeb
SAP periodically releases a Support Package Collection CD, which contains all the released
Support Packages up to a certain date.
2325
6XSSRUW3DFNDJH&ROOHFWLRQ&'
1. Load the CD containing the patches.
2. Log on to the operating system as:
<
NT:
<
UNIX: <sid>adm
<SID>adm
NT:
<
UNIX: /usr/sap/trans
<drive>:\usr\sap\trans
NT:
<
6$31HW:HE
1. Log on to the operating system as:
<
NT:
<
UNIX: <sid>adm
<SID>adm
2. Copy the downloaded patch files (example kh46a02.car) into an unpack directory.
3. Unpack the patch file by entering:
car xvf <patch-file>
4. Copy the unpacked files from the EPS\in directory to the directory to upload patches:
2326
<
NT:
<
UNIX: /usr/sap/trans/eps/in
<drive>:\usr\sap\trans\eps\in
Release 4.6A/B
*XLGHG7RXU
The next step is to upload the patch from the operating system into R/3.
1. Log on to client 000, under any user that has SAP*-equivalent authorizations.
2. In the Command field, enter transaction SPAM and choose Enter
(or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance
SPAM-Patches).
3. From the menu bar, choose
Patch Upload.
4. Choose
2327
Display.
7
6
2328
Release 4.6A/B
8SGDWLQJ63$0
3UHUHTXLVLWHV
<
The R/3 System should not be active, which means that no:
Users are logged on
Jobs are running
<
<
The current SPAM update should have been downloaded from either SAPNet-R/3 or
from SAPNetWeb.
When using SAPNetWeb, the unpacked SPAM update files (.ATT and .PAT) should
have been moved to the /usr/sap/trans/EPS/in subdirectory.
<
If a SPAM update is available, apply it before any Support Packages. Some Support
Package changes require the new SPAM program to properly update the system.
*XLGHG7RXU
Log on to client 000, under any user that has SAP*-equivalent authorizations (not SAP*).
1. In the Command field, enter transaction SPAM and choose Enter
(or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance
SPAM-Patches).
2. To upload the SPAM update file,
from the menu bar, choose Patch
2
Import SPAM update.
2329
3. Choose
4. Choose
Disp.
8
9
2330
Release 4.6A/B
10
$SSO\LQJWKH6XSSRUW3DFNDJH
3UHUHTXLVLWHV
<
<
<
The current SPAM update should have been downloaded from SAPNet and applied.
<
<
2331
*XLGHG7RXU
1. Log on to client 000 under any user that has SAP*-equivalent authorizations (not SAP*).
2. In the Command field, enter transaction SPAM and choose Enter
(or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance
SPAM-Patches).
$GGLQJWKH+RW3DFNDJHWRWKH3DWFK4XHXH
.
4
.
6
2332
Release 4.6A/B
'HILQHWKH3DWFK4XHXH
1. Choose
Display/define to define a
patch queue.
.
2
2333
$SSO\LQJWKH+RW3DFNDJH
3. Choose
4. Choose
1RWH Depending on the size of the Hot Package, the patch application process could run for a long
time.
2334
Release 4.6A/B
&KHFNWKH3DWFK/RJ
1. Choose
3. Choose Back.
2
2335
&RQILUPWKH3DWFK
1. Choose
2336
Release 4.6A/B
9HULI\WKH3DWFK$SSOLFDWLRQ
Display.
1
2
2EMHFW&RQIOLFWV
:KDW
Object conflicts occur when SAP objects (such as programs, tables, etc.) that you modified
are included in a Support Package.
:K\
If an object has been modified by you and is being changed in the Support Package, you
could lose your modifications. This problem usually occurs with an advanced correction,
where a fix is incorporated in a future release of the R/3 System, and the advanced
correction is available before the future release.
2337
([DPSOH
If you are on Release 4.0B and experience a problem. Your problem has already been
fixed in a higher release (for example, Release 5.0).
You do not have to wait for the upgrade. The fix is available now for you to make as an
advanced correction to your system. Support Packages may not always include this
correction. Thus, after applying the package, you may have to reapply the correction.
+RZ
<
Determine if the change is (or is not) included in the Support Package by:
Reviewing the code comparison (transaction SPAU)
Checking if the advanced correction is from a future release
If so, it probably will not be included in the Support Package.
Checking if the change is your own modification
<
If the change is included in the Support Package, return to the SAP standard, which will
simplify future system maintenance.
<
2338
Release 4.6A/B
5HJUHVVLRQ7HVWLQJ
Regression testing is necessary because many objects in many functional areas may be
affected by changes from a Hot Package. All functional areas must perform regression tests
to verify that a Hot Package does not create new problems as it fixes old ones. A Hot
Package is a mini-upgrade, especially if it is large (for example, Release 4.0B, Hot Package
10).
All existing processes should continue to function as they did before the Hot Package was
applied. A review of the notes related to a Hot Package indicates what specific tests need to
be performed by the technical and functional team. As during the implementation, the
functional teams should have a script of test procedures to test the system. This script could
also be used in the regression test.
8VHIXO6$31HW5)URQWHQG1RWHV
SAP Note #
Description
19466
33525
53902
62119
73510
82264
83458
84962
85820
86241
87432
89089
97620
97621
97623
Patch types
97630
104664
119738
173814
2339
.HUQHO8SJUDGH
:KDW
The kernel upgrade process is the replacing of operating system level files (the kernel files)
with updated versions of these files.
<
You must remember the R/3 release and kernel version you are running. After the kernel
is upgraded, apply kernel patches for the upgraded version of the kernel. Do not apply
kernel patches for the old version of the kernel.
When getting which patches, remember that your R/3 release stays the same, regardless of
which version your kernel changes to. On rare occasions, a SAP note instructs you to apply
a fix based on the R/3 release of the system; not the kernel version.
All servers in a system must be on the same version of the kernel.
:K\
Kernel upgrades are normally done to fix bugs or other problems in the kernel. Some
kernel upgrades provide enhanced functionality.
+RZ
Kernel instructions
<
SAP notes
<
Upgrade manual
2340
<
SAPSERV4
<
This route is more current than getting the kernel via CD (see chapter 13, Retrieving
files from SAP, SAPSERV4).
Distribution CD (if provided)
Release 4.6A/B
<
4. Unpack the kernel files (see chapter 13, Retrieving files from SAP, SAPSERV4 for the
unpacking procedure).
5. Back up the system at the database and operating system levels.
6. Stop the R/3 System.
7. Stop the SAP services that are using the kernel files (NT).
8. Backup the kernel directory
NT:
<drive>:\usr\sap\<sid>\sys\exe\run
UNIX:
/usr/sap/<sid>/sys/exe/run
Copy the current kernel files to a backup directory, to be prepared in the event that you
need to restore back to the old version if a problem occurs with the new version.
9. Copy the new kernel files into the kernel directory
This replaces the old programs with the new programs.
10. Perform any special instructions contained in:
<
Kernel instructions
<
<
11. Restart.
5HVWDUW2SWLRQ
1. Restart the SAP services that are using the kernel files (NT).
2. Start the R/3 System
3. Check the R/3 logs.
4. Monitor the system and system logs for problems.
5HVWDUW2SWLRQ
1. Restart the server.
2. Check all logs for:
<
Operating system
<
Database
2341
&OLHQW&RS\
:KDW
The client copy function copies client-dependent customizing and data. Client copy allows
the copy or transport of the complete customizing environment from a source client to a
target client within the same system (instance) or to another system.
Tables are selected based on their delivery class.
Client copy is not meant to copy client-independent objects, such as ABAP programs and
table structures. If a table is changed to add an additional field, and the added field is then
populated with data, the table change is not copied to the target system. Thus, the data in
the additional field is not copied.
6SHFLDO1RWHV
Read the current online documentation on client copy. The client copy programs and
functionality improve and change significantly with each new release.
To access the online help documentation on client copy:
1. From the menu bar, choose SAP Library
2. In the left frame, click the node (+) next to SAP Library.
3. Click the node (+) next to Basis Components.
4. From the list that appears, choose Change and Transport System (BC-CTS)
5. Choose Client Copy and Transport.
6. In this screen, click the node (+) next to Client Copy and Transport.
7. Click the node (+) next to Client Copy and you will see the following list of files:
< Technical Background
< Copy profiles
< Authorizations
< Maintaining clients
< Copying clients within the Same System
< Copying Clients Between Systems
< Transporting Clients Between Systems
< Copying Transport Request within the Same System
< Deleting Clients
< Displaying Copy Logs
2342
Release 4.6A/B
<
<
The developer of client copy maintains several informational SAP notes. Do a SAP note
search on component BC-CTS-CCO and search for notes beginning with CC*.
8VHIXO6$31RWHV
SAP Note #
Description
7312
13391
24853
47502
69556
70643
84504
3URFHVVLQJ1RWHV
During the copy process, do not work in the source client or the target client. The target
client is locked for all users except SAP* and DDIC.
Since large volumes of data are involved, copying a client could take several hours. If you
are copying a large productive client, the copy time could take upwards of a day. For client
copy of a large client, see SAP note 67205. Due to the long run time, the probability of an
abnormal termination due to external factors is high.
A client copy produces a large amount of log activity. If this directory runs out of space,
the database will stop. Turn off logging (i.e., truncate on checkpoint) or monitor the
filespace in the directory where the log file(s) is located.
2343
6HFXULW\
To perform a client copy, the user ID of the person doing the copy must have the same authorizations in
the source client and in the target client. A system administrator with the same authorizations as user SAP*
will have all the required authorizations.
&UHDWLQJD&OLHQW
*XLGHG7RXU
3. Choose
2344
Release 4.6A/B
13
5
6
7
8
10
to select the
11
12
2345
Customizing allowed.
11. Under Protection: Client copier and
comparison tool, choose and select
the appropriate entry.
In this screen, we selected
Protection level 0: No restriction.
12. Under Restrictions, if CATTs are
allowed to be executed, select
Allows CATT processes to be started.
13. Choose Save.
14. The new client is listed.
In later steps, this new client may
be referred to as the target
client.
14
15. To log on to the new client, enter SAP* for the user and PASS for the password.
SAP* with the default password PASS is a known user ID password. Do not leave the
client in this condition for longer than absolutely needed. Once the client copy is
complete, verify that the passwords for all system user IDs in the new client are secure.
2346
Release 4.6A/B
&RS\LQJD&OLHQW
*XLGHG7RXU
&RS\LQJRQWKH6DPH6\VWHP6,'
To copy a client on the same system/<sid>, do a local client copy.
1. To log on to the target client, enter sap* for the user ID and pass for the password.
Be sure you are logged on to the correct target client. If you are on the wrong client, you
will destroy that client.
2. In the Command field, enter transaction SCCL and choose Enter
(or from the SAP standard menu, choose Tools Administration, then Administration Client admin
Client copy Local copy).
to
3. In Selected profile, choose
select a copy profile that matches
your requirements.
4. In Source client, enter the source
client number (for example, 001).
5. If your user masters will be copied
from a specific client, in the Source
client user masters field, enter this
client number (for example, 001).
6
3
4
5
2347
8
9
10
11
2348
Release 4.6A/B
12
Check.
13
14
15
16
2349
17. Choose
17
18
19
&RS\LQJWRD'LIIHUHQW6\VWHP6,'
To copy a client to a different system/<sid>, do a remote client copy.
3UHUHTXLVLWH
*XLGHG7RXU
2350
Release 4.6A/B
3
4
to
8. Choose Continue.
2351
3RVW&OLHQW&RS\7DVNV
<
<
Secure the passwords for SAP* and DDIC in the new client.
If you copied the user master, the user IDs and passwords for those users have been
copied from the source client. When you create a new client, immediately change the
default passwords for user SAP*. The default password is well known and has been
posted on the Internet.
Always have at least two administrative user IDs for each client, so you do not lock
yourself out of the client.
SAP* and DDIC should only be used for tasks that require those user IDs be used. A
better solution is to create an administrative user ID, which is a copy of the user SAP*.
'HOHWLQJD&OLHQW
To delete a client, there are two options:
<
<
2352
Release 4.6A/B
Before deleting a client, in the event of a major problem (for example, deleting the wrong
client), make certain you have a usable backup of the system.
'HOHWH&OLHQW7UDQVDFWLRQ
*XLGHG7RXU
5
3
4
Background.
to
6. In Background server, choose
select the server to run the delete
job.
7. Choose Schedule job.
2353
8. Select Continue.
From this point, the process is the
same as scheduling a background
job.
5HYLHZLQJWKH&OLHQW&RS\/RJ
1. Log on to another client.
2
2354
4
3
Execute.
Release 4.6A/B
Job log.
6
2355
3URGXFWLRQ5HIUHVK6WUDWHJLHV
Because data in the target system is being replaced, refreshing a system is an inherently
dangerous.
:KDW
Production refresh is where the other systems are refreshed with data from the production
system.
After the copy, actual production data exists in the test system. This data poses data
security issues which must be addressed by the various data owners. It is more critical if
the HR system is installed, because personnel records are sensitive. Financial, sales, and
other data may also be company sensitive.
:K\
<
:K\1RW
In the recent past, the standard procedure was to create your own test data. One major
reason was that disk storage space was expensive. Here are some are reasons for not to
refresh the system:
2356
<
<
Data security
Data from the production system is real.
Even if it is old, it could be confidential and sensitive. The development and test
systems are, then, subject to the same high level of security as the production system.
Created test data is fake and everyone knows that.
There is much less issue with data confidentiality or sensitivity.
Release 4.6A/B
+RZ
<
'DWDEDVH&RS\RI3URGXFWLRQ6\VWHP
A database copy is done by copying the entire production database.
%HQHILWV
<
<
The copy can be made using standard backup tapes, so there is no impact on the
production system.
Making a copy also tests your backup and restore process.
'LVDGYDQWDJHV
<
<
<
<
The target system loses its client structure and become a duplicate of the client structure
of the PRD system.
If the PRD system has one client and the QAS system has three clients, after the database
copy, the QAS system will have one client. The other two clients are lost.
&OLHQW&RS\RIWKH3URGXFWLRQ6\VWHPZLWK'DWD
A client copy is done by performing a client copy of the active client from the PRD system
(instead of copying the entire database, like a database copy).
$GYDQWDJHV
<
Unlike a database copy, the target system does not have to be reconfigured.
<
'LVDGYDQWDJHV
<
A client copy requires that the source and target systems are not in use during the copy.
Having both systems out of use may not be a practical action for many companies
because the amount of time required to do the copy could be significantly greater than
the amount of time that the production system can be down.
<
If there are any client-independent objects (programs, table structures, etc.) that have
been changed and are not the same in the two systems, these objects will not be copied
(refer to the sections on Client Copy below).
2357
&OLHQW&RS\RIWKH3URGXFWLRQ6\VWHP:LWKRXW'DWD
In this option, only a basic client copy is performed (including customizing), but no master
or transactional data, and possibly no user data.
All test data is loaded into the new client using the following tools:
<
<
$GYDQWDJHV
In addition to the benefits of the client copy above:
<
You can control the data being loaded into the new client.
Data can be created to test specific items.
You are not subject to the randomness of real data to test specific items.
Real data may (or may not) have the appropriate data to test specific test items.
In this case, test data has to be created anyway.
'LVDGYDQWDJHV
These are the same as for a client copy with data above.
2358
Release 4.6A/B
$SSHQGL[$8VHIXO7UDQVDFWLRQV
&RQWHQWV
Useful Transactions............................................................................................... A2
A1
8VHIXO7UDQVDFWLRQV
System administrators may find the following transactions useful. Although many of the
transactions are not discussed in this guidebook, we are listing them for your convenience.
Many of these transactions are for more advanced functions than targeted in the scope of
this guidebook.
7UDQVDFWLRQ&RGH6ZLWFKHV
/n<trans code>
/nspad
/o<trans code>
/ospad
7UDQVDFWLRQ&RGH7DEOH
The following are definitions of two of the column headers.
< Dangerous
These transactions are potentially damaging or fatal to the system if executed
incorrectly.
As a general rule, most of the Basis transactions are potentially damaging. Access to
these transactions should be restricted in all systems. Access to some of these
transactions should be even further restricted in the production system.
<
Performance Impact
These transactions could have a potentially adverse impact to system performance if
executed. Traces and table display are the transactions of concern here.
The problem with a table display occurs when the query does a full table scan for data.
When done on a large table, this query has serious impact on performance because the
system searches every record in the table to find those that meet the search criteria.
A2
Release 4.6A/B
Transaction
Description
AL02
AL03
AL05
AL08
AL11
AL12
BALE
DB01
DB02
DB03
DB05
DB12
Backup logs
DB13
DB14
DBA logs
DB20
OSS1
RZ01
RZ02
RZ03
RZ04
RZ06
RZ08
RZ10
RZ11
RZ20
RZ21
SA38
ABAP reporting
SCAM
CATT management
Dangerous
Performance
impact
A3
Transaction
Description
SCAT
SCC1
SCC3
SCC4
SCC5
Delete clients
SCC6
Client import
SCC7
SCC8
Client export
SCC9
SCCL
SCMP
Table comparison
SCU3
Table history
SE01
Transport organizer
SE03
SE06
SE09
Workbench organizer
SE10
Customizing organizer
SE11
SE12
SE14
SE15
SE16
SE17
SE38
ABAP editor
SECR
SEU
SFT2
SFT3
SICK
Installation check
A4
Dangerous
Performance
impact
X
X
Release 4.6A/B
Transaction
Description
SM01
Lock transactions
SM02
System messages
SM04
Overview of users
SM12
Database locks
SM13
Update terminates
SM18
SM19
SM20
SM21
System log
SM30
SM31
Maintain tables
SM35
SM36
SM37
SM39
Job analysis
SM49
SM50
SM51
Instance overview
SM56
SM58
SM59
SM63
SM64
Event trigger
SM65
SM66
SM69
SMLG
Dangerous
Performance
impact
A5
Transaction
Description
SMX
SNRO
SP00
Spool
SP01
Spool control
SP02
SP11
SP12
TemSe administration
SPAD
SPAM
SPAU
SPCC
SPDD
SPIC
ST01
ST02
Buffer statistics
ST03
Workload analysis
ST04
ST05
SQL trace
ST06
ST07
Application monitor
ST08
Network monitor
ST09
ST10
ST11
ST12
Application monitor
ST14
ST22
A6
Dangerous
Performance
impact
Release 4.6A/B
Transaction
Description
ST4A
STAT
STMS
STUN
STZAC
SU01
User maintenance
SU01D
Display users
SU02
SU03
Maintain authorizations
SU10
SU12
SU2
SU22
SU3
SU53
TU02
Dangerous
Performance
impact
A7
A8
Release 4.6A/B
$SSHQGL[%8VHIXO5HVRXUFHVDQG3URGXFWV
&RQWHQWV
Other System Administration Resources............................................................ B2
Other Helpful Products: Contributed by Users................................................. B13
B1
2WKHU6\VWHP$GPLQLVWUDWLRQ5HVRXUFHV
The references cited by no means represent an all inclusive listing of resources because SAP
training classes, guidebooks, white papers, and internet sites are constantly being created
and updated.
6$35HVRXUFHV
SAP books and CDs can be ordered from the SAP online store (http://shop.sap.com) or for
items with an SAP part number, from your SAP account executive. Books with ISBN
numbers can be ordered from Fatbrain (www.fatbrain.com/sap), Amazon (www.amazon.com)
or Barnes & Noble (www.bn.com).
B2
Release 4.6A/B
%RRNV
Title
50-018-672
50-018-896
5000-5296
5000-5295
ISBN Number
1-893570-21-5 (3.1G/H)
500-23994
1-893570-22-3 (4.0B)
1-893570-23-1 (4.5A/B)
1-893570-24-X (4.6A/B)
500-32525
1-893570-04-5 (4.0B/4.5x)
1-893570-05-3 (4.0B/4.5x)
500-22337
1-893570-12-6 (3.1H)
500-32527
1-893570-13-4 (4.0B)
ISBN:
1-893570-14-2 (4.6B)
1-893570-65-7 (4.0B)
Fundamentals of Reporting
1-893570-60-6
1-893570-61-4
1-893570-62-2
1-893570-41-X (3.1H)
500-32525
1-893570-42-8 (4.0B)
1-893570-43-6 (4.6A/B)
B3
&'V
< Accelerated SAP (ASAP)
While ASAP is an implementation project management methodology, production
system administration information is available on this CD.
< Knowledge Products
Knowledge products must be registered and a license installed (similar to saplicense),
before they can be used.
Technical Implementation and Operation Mgt
500-27903
SAP System Management
500-27391
SAP System Monitoring
500-25694
SAP Software Logistics
500-27393
SAP Database Administration MS SQL server
500-25696
SAP Database Administration Oracle
500-27392
SAP Database Administration Informix
500-25695
SAP Database Administration DB2-400
500-25697
SAP Database Administration Adabas
500-29389
SAP Integration Technologies
500-25698
R/3 Interface Advisor
500-21636
< SAP Terminology Database
500-30826
< SAP Business Information Warehouse
500-29281
< SAP Interface Advisor, Rel 4.5
500-26902
< Computer Based Training (CBT)
Archiving CBT
500-20297
< R/3 Online Documentation
< Report Navigator (pre-Release 4.0)
See SAP Simplification Groups web site, www.saplabs.com/simple
7UDLQLQJ&ODVVHV
In the U.S., call central registration at (888)-777-1SAP(1727) or visit SAP Americas training
web site, www.sap.com/usa/trainsupp for the most current class list.
/HYHO
B4
<
<
<
<
BC360 UNIX/Oracle
<
BC361 UNIX/Informix
Release 4.6A/B
<
BC370 AS/400-DB2/400
/HYHO
<
<
<
<
<
<
<
/HYHO&URVV$SSOLFDWLRQ
<
<
<
<
2WKHU
< R/3 Security Guide; see SAP note 39267
www.sapnet.sap.com/securityguide
:KLWHSDSHUV
< System Landscape
The R/3 System Landscape, System and Client Deployment Strategy can be
downloaded from www.saplabs.com/simple.
6$31HW6HOHFWHG,WHPVRI,QWHUHVW
Explore SAPNet at www.sapnet.sap.com, to see what is available. The amount of
information that is obtainable is extensive and is growing.
We selected a few items that we think would be of particular interest to you in the
abbreviated tree structure that follows. Please be aware that SAPNet will change over time
and the specific path to an item may change.
1HZV (YHQWV
<
Press Release
<
<
<
Media Library
SAP Knowledge Store
Media by Type
R/3 Online Documentation
B5
6HUYLFHV
<
Consulting Services
Individual Consulting Services, such as remote consulting, going live check, going live
functional upgrade, EarlyWatch, remote upgrade, conversion services, OS/DB
migration service, remote Euro conversion service, and remote archiving
<
<
<
B6
Education Services
Advanced Training Solution
SAP Standard Training
R/3 Knowledge Products
Computer Based Training
SAP TechNet, including software logistics, system management, system monitoring,
technical SD/CO/PP, DB Admin Oracle/Informix/MS SQL Server, ABAP
Development Workbench, data archiving, etc.
SAP Team SAP Support Services
Release Information
Release strategy
Release notes
SAP Methodology & Tools
ASAP
Ready to Run R/3
Sizing
Interface Advisor
Outsourcing
Legacy System Migration Workbench
Online Services
Installation/Upgrades
License keys
Installation/Upgrade guides
Sizing
Customer data
User Administration
Modifications
SSCR (SAP Software Change Registration)
Object registration
Developer registration
SAP Online Correction Support
Download
SPAM
Release 4.6A/B
<
7KLUG3DUW\5HVRXUFHV
The following list of books is not all inclusive. There are good books that are not listed here.
Also, no one book will provide you with all the information you need. You will typically
need several books in each category in your library.
A listing of these books does not constitute an endorsement by SAP. This listing is provided,
as a starting point, for your convenience. We recommend you check with your vendors
(hardware, operating system, database, and other) and the various book sources (both
online and in stores) and for additional titles.
%RRNV
5
%\6$3
Brand, Hartwig. 1999. SAP R/3 Implementation with ASAP, The Official SAP Guide. Sybex.
(Release 4.0) (ISBN: 0-7821-2427-5)
*This book is about technical/Basis implementation.*
Buck-Emden, Rdiger; and Jrgen Galimow. 1996. SAP R/3 System, A Client/Server
Technology. Addison-Wesley. (ISBN: 0-201-40350-1)
McFarland, Sue and Susanne Roehrs. 1999. SAP R/3 Software Logistics, The Official SAP Guide.
Sybex. (Release 4.0/4.5) (ISBN: 0-7821-2564-6)
Schneider, Thomas. 1999. SAP R/3 Performance Optimization: The Official SAP Guide. Sybex.
(Release 4.x) (ISBN: 0-7821-2563-8)
Will, Liane. 1998. SAP R/3 System Administration: The Official SAP Guide. Sybex. (Release 4.0)
(ISBN: 0-7821-2426-7)
7KLUG3DUW\$XWKRUV
Hernandez, Jose. 1999. SAP R/3 Administrators Handbook, Second Edition. Osborne.
(Release 4.x) (ISBN: 0-07-135413-1)
1997. The SAP R/3 Handbook. McGraw-Hill. (Release 3.x, Oracle, and UNIX)
(ISBN: 0-07-033121-9)
Hirao, Joey; and Jim Meade. 1999. SAP R/3 Administration for Dummies. IDG. (Release 3.x)
(ISBN: 0-7645-0375-8)
Parkinson, Robert; Johan Marneweek. 1999. Basis Administration for SAP. Prima.
(Oracle, and UNIX) (ISBN: 0-7615-1887-8)
Prince, Dennis. 1998. Supporting SAP R/3. Prima. (ISBN: 0-7615-1750-2)
B7
Will, Liane; Christiane Hienger, Frank Strassenburg, and Rocco Himmer. 1998. SAP R/3
Administration Addison-Wesley. (Release 3.x) (ISBN: 0-201-92469-2)
81,;
Arick, Martin. 1995. Unix for DOS Users. John Wiley & Sons. (ISBN: 0471049883)
Frisch, leen. 1998. Essential Systems Administration: Help for Unix System Administrators.
OReilly. (ISBN: 1-56592-127-5)
Nemeth, Evi., [et al.]. 1995. Unix System Administration Handbook. Prentice Hall.
(ISBN: 0-13-151051-7)
Pugh, Kenneth. 1994. Unix for the MS-DOS User. Prentice Hall. (ISBN: 0-13-146077-3)
Siegert, Andreas. 1996. The AIX Survival Guide. Addison-Wesley. (ISBN: 0-201-59388-2)
17
Enck, John (Editor). 1998. Windows NT Magazine, Administrators Survival Guide, Volume 1.
Duke Communications. (ISBN: 188241988X)
Frisch, leen. 1998. Essential Windows NT System Administration. OReilly.
(ISBN: 1-56592-274-3)
Leber, Jody; Jody Schivley, and Robert Denn (Editor). 1998. Windows NT Backup & Restore.
OReilly. (ISBN: 1-56592-272-7)
McMains, John; and Bob Chronister. 1998. Windows NT Backup & Recovery. Osborne
McGraw-Hill. (ISBN: 0-07-882363-3)
Jumes, James (Editor);Neil F. Cooper, and Todd M. Feinman. 1998. Microsoft Windows NT 4.0
Security, Audit, and Control (Microsoft Technical Reference). Microsoft Press.
(ISBN: 1-57231-818X)
Microsoft Corporation. 1996. Microsoft Windows NT Server Resource Kit: for Windows NT
Server Verison 4.0. Microsoft Press. (ISBN: 1-57231-3447)
1997. Microsoft Windows NT Server Resource Kit Verison 4.0, Supplement Two. Microsoft
Press. (ISBN: 1-57231-6268)
1994. Windows NT 3.5 Guidelines for Security, Audit, and Control. Microsoft Press.
(ISBN: 1-55615-814-9)
Minasi, Mark. 1997. Mastering Windows NT Server 4, 5th Edition. Sybex. (ISBN 0-7821-2163-2)
B8
Release 4.6A/B
Pearce, Eric; Robert Denn (Editor), and Beverly Scherf. 1997. Windows NT in a Nutshell: A
Desktop Quick Reference for Systems Administrators. OReilly. (ISBN: 1-56592-251-4)
Rutstein, Charles. 1997. Windows NT security: A Practical Guide to Securing Windows NT
Servers and Workstations , McGraw-Hill (ISBN: 0-07-057833-8)
Siyan, Karanjit. 1997. Windows NT Server 4: Professional Reference. New Riders Publishing.
(ISBN: 1-56205-805-3)
26
IBM. 1994. An Implementation Guide for AS/400 Security and Auditing. IBM. (ISBN: 0-73840-573-6)
(part# : GG24-4200-00)
IBM. 1998. The System Administrators Companion to AS/400 Availability and Recovery. IBM.
(ISBN: 0-73840-038-6) (part# : SG24-2161-00)
0LFURVRIW64/6HUYHU
Baird, Sean; Chris Miller, and Michael Hotek. 1998. SQL Server System Administration.
Macmillan. (ISBN: 1-562059556)
Dalton, Patrick. 1997. SQL Black Book (v6.5). Coriolis Group Books. (ISBN: 1-57610-149-5)
Microsoft Corporation. 1998. Microsoft SQL Server 7.0 System Administration Training Kit.
Microsoft Press. (ISBN: 1572318279)
Prathak, Paritosh. 1998. Administering SQL Server 7. Osborne McGraw-Hill.
(ISBN: 0-07-134168-4)
Rankins, Ray., [et al.]. 1998. SQL server 6.5 unleashed (3rd edition). Sams. (ISBN: 0-672-31190-9)
Soukoup, Ron; Kalen Delaney. 1999. Inside Microsoft SQL Server 7.0. Microsoft Press.
(ISBN 0-735605173)
Spenik, Mark; and Orryn Sledge. 1998. Microsoft SQL Server 7 DBA Survival Guide. Sams.
(ISBN: 0-672-31226-3)
1996. Microsoft SQL Server 6.5 DBA Survival Guide. Sams. (ISBN: 0-672-30959-9)
Talmage, Ron. 1999. Microsoft SQL Server 7 Administrators Guide. Prima. (ISBN: 0-7615-1389-2)
,QIRUPL[
Doe, Charleton. 1997. Informix OnLine Dynamic Server Handbook, 1/e. Prentice Hall.
(ISBN: 0-13-605296-7)
Informix Software, Inc. 1996. Evolution of the High Performance Database, 1/e. Prentice Hall.
(ISBN: 0-13-594730-8)
McNally, John (Editor); Glenn Miller, Jim Prajesh, Jose Fortuny, and Robert Donat. 1997.
Informix Unleashed. Sams. (ISBN: 0-672-30650-6)
B9
'%
Bullock, Diane; Jonathan Cook; et al. 1999. DB2 Universal Database and SAP R/3, Version 4.
Prentice-Hall. (ISBN: 0-13-082426-7)
IBM. 1997. IBM DB2 for AIX and SAP R/3 Administration Guide. IBM. (ISBN: 0-73840-990-1)
(part# : SG24-4871-00)
2UDFOH
Adkoli, Anand, and Rama Velpuri. 1998. Oracle NT handbook. Osborne. (ISBN: 0-07-211917-9)
Ault, Michael. 1997. Oracle8 Administration & Management. Wiley & Sons. (ISBN 0471192341)
Corey, Michael., [et al.]. 1997. Oracle8 Tuning. Osborne McGraw-Hill. (ISBN: 0-07-882390-0)
Koch, Loney. 1997. Oracle8: The Complete Reference. Osborne McGraw-Hill.
(ISBN: 0-07-882396-X)
Loney, Kevin. 1997. Oracle8 DBA Handbook. Osborne McGraw-Hill. (ISBN: 0-07-882406-0)
Loney, Kevin; Noorali Sonawalla, and Eyal Aronoff. 1998. Oracle8 Advanced Tuning &
Administration. Osborne McGraw-Hill. (ISBN: 0-07-882534-2)
Spence, Greg. 1999. SAP R/3 and Oracle Backup and Recovery. Addison Wesley.
(ISBN: 0-201-59622-9)
Velpuri, Rama; and Anand Adkoli. 1998. Oracle8 Backup & Recovery Handbook. Osborne
McGraw-Hill. (ISBN: 0-07-882389-7)
1997. Oracle Troubleshooting. Osborne McGraw-Hill. (ISBN: 0-07-882388-9)
2WKHU7RSLFV
< Disaster Recovery
Corrigan, Patrick. 1994. LAN: Disaster Prevention and Recovery. Prentice Hall.
(ISBN: 0-13-015819-4)
<
Rothstein, Philip. 1995. Disaster Recovery Testing: Exercising Your Contingency Plan.
Rothstein Associates. (ISBN: 0-964164809)
Schreider, Tari. 1998. Encyclopedia of Disaster Recovery, Security & Risk Management.
Crucible. (ISBN: 0-966272900)
Toigo, Jon. 1995. Disaster Recovery Planning. John Wiley & Sons. (ISBN: 0-471121754)
Security
Russell, Deborah; GT Gangemi Sr. 1992. Computer Security Basics; OReilly.
(ISBN: 0-937175-71-4)
<
B10
Scripting
Perl, www.perl.com
Hoffman, Paul. 1997. Perl 5 for Dummies. IDG. (ISBN: 0-7645-0044-9)
Schwartz, Randal; Tom Christiansen, and Larry Wall. 1997. Learning Perl, 2nd edition.
OReilly. (ISBN: 1-56592-284-0)
Schwartz, Randal; Erik Olson, and Tom Christiansen. 1997. Learning Perl on Win32
Systems. OReilly. (ISBN: 1-56592-324-3)
Srinivasan, Sriram. 1997. Advanced Perl Programming. OReilly. (ISBN: 1-56592-220-4)
Release 4.6A/B
0DJD]LQHV
SAP Info: The Magazine of the SAP Group, www.press@sap-ag.de
SAP Technical Journal, www.saptechjournal.com
+HOSIXO7KLUG3DUW\,QIRUPDWLRQ
6$36HUYLFH&RQQHFWLRQ
<
Comdisco, www.comdisco.com
<
<
<
<
2UJDQL]DWLRQV
<
:HE6LWHV
6$3
< SAP, www.sap.com
< mySAP.com, www.mySAP.com
< SAPNet, www.sapnet.sap.com
Note: you need a SAPNet user ID to access SAPNet
< SAP America, www.sap.com/usa
< SAP America, training, www.sap.com/usa/trainsupp
< SAP Labs, Simplification Group, www.saplabs.com/simple
< SAP Online Store, www.sap.com/store_index.htm
< SAP Complementary Software Program, www.sap.com/CSP
B11
6$3$IILOLDWHG
Americas SAP Users Group (ASUG), www.asug.com
7KLUG3DUW\
< SAP Fans, www.sapfans.com
< SAP Club, www.sapclub.com
< SAP Assist, www.sapassist.com
< ERP site, www.erpsupersite.com
< ERP central, www.erpcentral.com
,QWHUQHW1HZV*URXSV
<
<
<
<
B12
SAP-related
comp.soft-sys.business.sap
Other
comp.client-server
Operating Systems
UNIX
comp.os.unix
comp.unix.*
NT
comp.ms-windows.nt.*
Databases
Oracle
comp.databases.oracle.*
DB2
comp.databases.ibm-db2
Informix
comp.databases.informix
MS SQL server
microsoft.public.sqlserver.*
comp.databases.ms-sqlserver
Release 4.6A/B
2WKHU5HVRXUFHV
2SHUDWLQJ6\VWHP
< UNIX
Digital Unix, www.unix.digital.com
HP UX, www.datacentersolutions.hp.com/2_2_index.html
IBM AIX, www.austin.ibm.com/software/aix_os.html
Siemens Reliant, www.siemens.com/servers/rm/rm_us/reliant.htm
Sun Solaris, www.sun.com/solaris
< NT
Microsoft, www.microsoft.com/ntserver
Microsoft TechNet, www.microsoft.com/technet
'DWDEDVH
< Oracle
Oracle, www.oracle.com
< SQL server
Microsoft, www.microsoft.com/sql
< Informix
Informix, www.informix.com
< DB2
IBM, www.software.ibm.com/data/
2WKHU+HOSIXO3URGXFWV&RQWULEXWHGE\8VHUV
The products listed here have been recommended by users and consultants and are
provided as a starting point for your research.
A listing of these products does not constitute an endorsement by SAP.
The following list is not all inclusive. These products have different features and prices,
which meet different requirements. It is your responsibility to test their compatibility with
your requirements and needs, and to select the product that is appropriate to your
installation. For products which have been certified by SAP to work with R/3, see
Complementary Software Program at www.sap.com/CSP.
As a precaution, you should test all third-party software for compatibility and stability on a
test system before installing them in a production environment. There are cases where a
program many conflict with another program(s) or the hardware, and crashes the system.
Testing software applies to both the server and workstation that the system administrator
uses.
B13
81,;
%DFNXS
< Networker, Legato, www.legato.com
< OmniBack II, HP, www.hp.com/solutions/storage
0RQLWRU
< Performance monitor
Stopwatch, Envive, www.envive.com
< System monitor
OpenView, HP, www.openview.hp.com
6FKHGXOHU
< AutoSys, Platinum, www.platinum.com
< Maestro, Tivoli, www.tivoli.com
6SRRO0DQDJHPHQW
< Dazel for R/3, Dazel, www.dazel.com
2WKHU
< Messaging:
TopCall, Topcall Intl., www.topcall.com
17
%DFNXS
< ARCserve, Computer Associates, www.cai.com/arcserveit
< Backup Exec, Seagate, www.seagatesoftware.com
< OmniBack II, HP, www.openview.hp.com
< Ultraback, BEI Corp, www.ultrabac.com
0RQLWRU
< Log monitor
ELM, TNT software, www.tntsoftware.com
Provision Network Monitor (formerly AlertPage), Computer Associates
www.platinum.com/products/provis/po/nmon_pv.htm
< System monitor
LANDesk Server Manager, Intel, www.intel.com/network/products
NetIQ, NetIQ, www.netiq.com
B14
Release 4.6A/B
5HPRWH&RQWURO
< Compaq Carbon Copy 32, Compaq,
www.compaq.com/products/networking/software/carboncopy
< LapLink for Windows NT, Traveling software, www.travsoft.com
< pcANYWHERE32, Symantec, www.symantec.com/pca
< Remote Desktop 32, Network Associates, www.nai.com
< Timbuktu Pro 32, Netopia, www.netopia.com
6FKHGXOHU
< Auto Task 2000, Cypress Technologies, www.cypressnet.com
< Event Control Server, Vinzant, www.vinsoft.com
< Launch Pad, Cypress Technologies, www.cypressnet.com
< crondSys, # ifdef Software, www.ifdef.com
< Schedule Wizard 98 (shareware)
6SRRO0DQDJHPHQW
< Dazel for R/3, Dazel, www.dazel.com
2WKHU
< Anti-virus
See SAP note 106267 for known problems with certain anti-virus programs.
InocuLAN, CA, www.cheyenne.com
Norton AntiVirus, Symantec, www.symantec.com
NT shield, Network Associates, www.nai.com
< FTP client
AbsoluteFTP, Van Dyke Technologies, www.vandyke.com
CuteFTP, GlobalSCAPE, www.cuteftp.com
WS_FTP, Ipswitch, Inc., www.ipswitch.com
< NT monitor
Quick slice, NT Resource Kit
< Time sync
TimeServ, NT Resource Kit
&RPPRQ%RWK81,;DQG17
<
<
UPS control
Powerchute, APC, www.apcc.com
Scripting
Perl, www.perl.com
B15
<
Time sync
Network Time Protcol, www.eecis.udel.edu/~ntp
<
Network Analyser
Sniffer, Network Associates, www.nai.com
1HWZRUN
B16
Release 4.6A/B
$SSHQGL[&8VHIXO6$31RWHV
&RQWHQWV
Overview ................................................................................................................. C2
R/3 Notes................................................................................................................. C2
Operating System Notes ....................................................................................... C6
Database Notes ...................................................................................................... C9
C1
2YHUYLHZ
The SAP notes are grouped by major area:
<
R/3
<
Operating System
<
Database
Within each group, the notes are grouped by category. As we assembled this book, these are
the notes we found important or useful. Many more notes exist for each group, many of
which are also important. You are encouraged to explore the SAP notes to see what other
notes would be of interest or importance to you.
Over time, some of these notes may become obsolete and get removed.
* SAP Notes used to be known as OSS notes.
** The Online Service System (OSS) is now known as SAPNet.
51RWHV
Category
C2
SAP Note #
Description
11886
15466
21559
31557
42074
45580
86985
Batch
06604
Batch
11728
Batch
16083
Batch
18307
Batch
24092
Batch
31503
Batch
36280
Batch
37104
Release 4.6A/B
Category
SAP Note #
Description
Batch
70639
CCMS
71364
Client
07312
Client
13391
Client
35952
Client
40672
Client copy
4010
Client copy
24853
Client copy
47502
Client copy
69556
Client copy
70643
Client copy
84504
Config
21636
Config
31395
Config
33576
Config
39412
Config
44695
Ops mode
16845
Patches
19466
Patches
29372
Patches
33525
Patches
37617
Patches
53902
Patches
63786
Patches
63845
Patches
73510
Patches
74545
Patches
79376
Patches
80117
Patches
82264
C3
C4
Category
SAP Note #
Description
Patches
85820
Patches
86241
Patches
87432
Patches
89089
Patches
96885
Patches
97621
Patches
97623
Patch types
Patches
97630
patches
104664
Patches
119738
Patches
169142
Patches
173814
Problems
15374
Problems
16513
SAPNet
15641
SAPNet
22235
SAPNet
26740
SAPNet
29501
SAPNet
31515
Service connections
SAPNet
32411
SAPNet
32789
SAPNet
33221
SAPNet
40024
SAPNet
40866
SAPNet
45027
SAPNet
69224
SAPNet
69378
SAPNet
74313
Release 4.6A/B
Category
SAP Note #
Description
SAPNet
75002
SAPNet
75686
SAPNet
80618
SAPNet
81908
SAPNet
169296
SAPNet
169329
SAPNet
170102
SAPNet
171569
SAProuter
30289
SAProuter documentation
SAProuter
30374
SAProuter installation
SAProuter
87388
Security
23611
Security
39267
Security
48018
Spool
02510
Spool
03255
Spool
06427
Spool
08462
Spool
09876
Spool
10551
Spool
10743
Spool
10755
Spool
11070
Spool
12550
Spool
18706
Spool
23389
Spool
25941
Spool
26009
Spool
27831
Spool
29666
C5
Category
SAP Note #
Description
Spool
30187
Spool
48914
Spool
64333
Spool
64337
Spool
64628
Spool
78401
Start/stop
00387
Start/stop
17108
TMS/CTS
5668
TMS/CTS
11599
TMS/CTS
13807
2SHUDWLQJ6\VWHP1RWHV
&RPPRQWR0XOWLSOH2SHUDWLQJ6\VWHPV
Category
SAP Note #
Description
80266
28781
SAP Note #
Description
28665
89510
Backup
71440
Config
22240
Config
28392
Config
31559
Config
31563
Config
33772
17
Category
C6
Release 4.6A/B
Category
SAP Note #
Description
Config
65761
Config
68544
Config
74810
Config
75354
Config
88416
Eventlog
72616
Patches
29372
Patches
74545
Perfmon
102390
Perfmon
110529
Problems
10616
Problems
21790
Problems
44803
Problems
49776
Problems
51781
Problems
53211
Problems
70572
Problems
100972
Problems
122288
Problems
129813
SAProuter
41054
SAProuter as a service
Security
36462
Service pack
30478
Service pack
85582
Start/stop
32182
Start/stop
35388
TMS/CTS
28781
TMS/CTS
62739
Virus
106267
C7
81,;
Category
SAP Note #
Description
21960
28781
80266
AIX
48689
AIX
64885
Digital
72984
Digital
39698
Digital
136653
HPUX
06599
HPUX
41596
HPUX
64884
HPUX
99224
HPUX
99527
HPUX
101229
HPUX
143527
SUN
64887
SUN
71479
SUN
101883
SUN
172524
SUN
182552
Category
SAP Note #
Description
Config
44695
Copy
49023
Client copy
CTS
37987
Importing transports
Patches
60856
Performance
49201
Performance settings
$6
C8
Release 4.6A/B
Category
SAP Note #
Description
Performance
107104
Problem
125705
Problem
154599
Problem
162580
Problem
163022
SAProuter
65600
SAProuter
'DWDEDVH1RWHV
0664/VHUYHU
Category
SAP Note #
Description
62849
28667
67320
85846
95901
126131
159171
163315
7.0
82035
7.0
95600
7.0
138392
7.0
153802
7.0
160178
7.0 conv
92410
7.0 conv
104392
7.0 conv
107471
7.0 conv
107483
C9
C10
Category
SAP Note #
Description
7.0 conv
129122
7.0 conv
130689
Backup
37152
Backup
44449
Backup
48585
Database copy
Backup
50990
Backup
68818
Backup
70300
Backup
151603
Backup
153763
Backup
166588
CCMS
36637
CCMS
77434
CCMS
139945
CCMS
141118
Client copy
85443
Client copy
Config
67071
Config
70517
Config
80102
Config
97066
Config
126808
HA
111372
Kernel
77012
Maint
67437
DBCC checks
Maint
142731
Performance
38657
Performance
61340
Performance
76052
Problems
67297
Problems
79262
Release 4.6A/B
Category
SAP Note #
Description
Problems
79883
Problems
81692
Suspect database
Problems
87027
Problems
87029
Problems
111291
Problems
129190
Problems
150495
Problems
155402
Problems
166861
Problems
168408
Recovery
50745
Recovery
70161
Recovery
82699
Recovery
94213
Point-in-time-recovery fails
Security
28893
Security
116225
Service pack
62988
Service pack
66365
Service packs
159069
Service packs
159268
SAP Note #
Description
80625
85842
Copy
111206
Performance
92795
Performance
97014
Performance
122599
'%8'%
Category
C11
Category
SAP Note #
Description
Performance
107123
Problems
54028
Problems
84270
Problems
97449
Problems
98306
Problems
141527
Problems
149292
Problems
151085
Problems
163356
Restore
78332
Restore
163731
Security
80292
SAP Note #
Description
93264
53746
62340
64001
71776
85840
93868
AIX
102204
Backup
11462
Backup
167878
CCMS
66322
Config
12825
Config
41360
Config
141054
,QIRUPL[
Category
C12
Release 4.6A/B
Category
SAP Note #
Description
Document
154895
HPUX
41596
HPUX
101229
Maint
22941
Maint
29155
NT
126175
Performance
38307
Performance
156766
Performance
184760
Problems
31171
SOLARIS
48338
Y2K
187183
SAP Note #
Description
85838
112325
01039
01042
96397
125242
128221
AIX
51396
BR
02239
BR
12593
BR
13550
BR
43494
BR
43499
CBO
93098
2UDFOH
Category
C13
C14
Category
SAP Note #
Description
CBO
93256
CBO
127715
CCMS
85609
Config
03809
Config
09705
Config
94801
HPUX
92788
Patches
127395
Patches
181195
Performance
33868
Performance
72638
Performance
102042
Performance
114716
Problems
33735
Problems
38006
Recovery
03804
Recovery
04157
Recovery
04160
Recovery
04161
Complete recovery
Reorg
12921
Reorg
40521
Reorg
43487
SAPDBA
12621
SAPDBA
15465
SAPDBA
19193
SAPDBA
29348
SAPDBA
42293
SAPDBA
43486
SAPDBA
43490
SAPDBA
43491
Release 4.6A/B
Category
SAP Note #
Description
SAPDBA
44395
SAPDBA
44595
Security
36462
Start/stop
02775
SUN
44361
SUN
116453
SUN
183292
Tablespaces
02425
Tablespaces
03807
Tablespaces
09321
Tablespaces
39650
Upgrade
89691
Upgrade
98507
Upgrade
111922
Upgrade
126137
Y2K
172380
C15
C16
Release 4.6A/B
$SSHQGL['8SJUDGH'LVFXVVLRQ
&RQWHQWV
Upgrade Discussion .............................................................................................. D2
Upgrade Issues ...................................................................................................... D3
Other Considerations ............................................................................................ D3
D1
8SJUDGH'LVFXVVLRQ
:KDW
The question of whether to upgrade your system to a new release depends on many
complex factors. Most importantly, the decision to upgrade should be based on business
need. Some of these factors are outlined below:
<
<
<
5HDVRQV1RWWR8SJUDGH
Some reasons not to upgrade include the following:
<
<
<
Diversion of resources (Company resources that could be applied to other tasks would
be assigned to upgrading the R/3 System.)
<
Desire to be on the latest release (While desirable for a personal resume, this reason is
not a valid business reason to upgrade your system.)
:KHQWR8SJUDGH
In deciding to upgrade your system, ask yourself the following questions:
<
Have the reasons for upgrading and not upgrading been analyzed?
<
<
If you installed any Industry Solution (IS), are IS patches available for the new
release?
If the patches are not available, you cannot upgrade.
D2
Release 4.6A/B
8SJUDGH,VVXHV
An upgrade can be more complex than a new implementation because:
<
<
The system is unavailable for users during a portion of the upgrade process.
The technical downtime is 612 hours. In addition, many other tasks are performed
around the backup that could increase this downtime significantly. System downtime
could significantly impact the operations of the business during this period.
<
<
2WKHU&RQVLGHUDWLRQV
6RIWZDUH,VVXHV
The following software has to be compatible with the R/3 release you plan to upgrade to:
<
Database
<
Operating system
<
Third-party applications that compliment the R/3 System (for example, external tax
packages, job schedulers, system monitors, spool managers, etc.)
+DUGZDUH
<
<
As each release adds functionality, the required disk space, processing power and
memory required generally tends to increase.
A system configuration that was adequate for one release may be inadequate for a later
release. This is especially apparent when jumping release levels; example upgrading
from 3.1H to 4.6B. The following table is compiled from SAP notes:
D3
SAP Release
CPU increase %
Memory increase %
3.1H to 4.0B
30
30
4.0B to 4.5B
20
20
4.5B to 4.6A
10
30
3HUIRUPDQFH
Upgrade performance is difficult to predict. Performance is sensitive to a variety of
variables, some of which can have significant impact. Therefore, an upgrade of the test
system should be done to determine timing values for your configuration.
The following are a few of the factors that affect the performance of an upgrade:
D4
<
<
Hardware
Processor (number of processors and speed of each)
Memory (amount available)
Drive array
Performance factor (especially for writes)
Configuration (minimize or eliminate drive or channel contention)
Other I/O hardware (minimize or eliminate data channel contention)
<
Release 4.6A/B
,QGH[
A
ABAP
dump analysis
free selection, 1049
in general, 415, 1048
performing, 45
simple selection, 1049
dump definition, 415, 1048
editor, 1055, 1056, 1156
execute, 82, 1155
Administrator
access key, 2016, 2020, 2123, 2127
guidelines. See System guidelines
requirements of, 14
roles
external to R/3, 13
factors that determine, 12
within R/3, 12
Alerts
acknowledge, 1014
analyze, 1013
database, 46
finding, 107
maintaining thresholds, 1017
messages, 1515
operating system, 46
parameters, 1516
threshold, changing, 159
views, 105, 1012
Audits
business, 1141
check for validity, 1157
complete, 1138
considerations, 115
different users, 1153
financial, 114
in general, 114
information system. See Audit Information System
(AIS)
security, 115, 1125
security logs
filter group 1, 1149
filter group 2, 1150
in general, 1144
parameters, 1147
running, 1146
specific reports, 1156
system, 1139
tasks, 1157
tools, 1137
user defined, 1142
user security jobs, 1154
B
Background jobs
batch, 163
creating, 168
housekeeing, 164
incorrect, 1620
new, 1620
I1
Index
others, 165
performance, 164
performance factors, 165
regularly scheduled jobs, 164
scheduling, 168
select, 44, 48, 411, 72, 75, 1615
user ID, 164
Backup
archive procedures and policies, 313
checking, 1638
checklist, strategy, 312
database, 33, 312, 1315, 1319, 1636, 1638
dedicated drives, 323
design strategy, 39
differential, 37
frequency, 33
full, 37, 1636
in general, 31, 33, 1636
incremental, 37
initalizing tapes, 1318
NTBackup, 1640, 1641
offline, 38, 1324, 1636
on-demand, 39
online, 38, 1319
operating system level, 36, 312, 1640
performance
database restore options, 323
factors affecting, 320
faster devices, 321
in general, 320
options, 321
parallel backup, 322
recovery, 323
periodic archivals, 1636
procedures
archiving, 310
database check, 311
in general, 310
monitoring/controlling, 311
verifying backups, 310
scheduled, 39
sites, 218
storage
in general, 318
offsite, 318
onsite, 319
strategy, 32
supplementary, 310
tape label, 1313
tape management
handling tapes, 316
in general, 313
labeling tapes, 313
retention requirements, 317
I2
C
CAR files, 2213
Cascade failures, minimizing, 219
CCMS alert monitor. See Alert monitor
Central instance, 93
Change control
in general, 179
managing transports, 1712
Checklists
annual tasks
database, 83
notes, 84
operating system, 83
other, 84
backup strategy, 312
daily tasks
database, 46
notes, 47
operating system, 46
other, 47
R/3 System, 44, 48
monthly tasks
database, 62
notes, 65
operating system, 63
other, 64
quarterly tasks
database, 73
notes, 74
operating system, 73
other, 74
stopping R/3, 95
Release 4.6A/B
Index
weekly tasks
database, 53
notes, 54
operating system, 53
other, 53
Critical tasks
daily tasks, 49
database, 1638
operating system level backups, 1640
verify backups, 49
verify R/3 is running, 49
D
Daily tasks
checklists
database, 46
notes, 47
operating system, 46
other, 47
R/3 System, 44, 48
Dangerous transactions
in general, 85, 1117
recommended lock table, 1118
Database (DB)
administration. See Database administration (DBA)
alert, 46
backup, 33, 312, 1315, 1636
checking backup, 311, 1638
checklists
annual tasks, 83
daily tasks, 46
monthly tasks, 62
quarterly tasks, 73
weekly tasks, 53
passwords, 1136
performance, 54, 65, 134, 1911
performance analysis, 46, 415
performance tables, 52, 62
server, 114, 93
TemSe. See Temporary Sequential (TemSe)
Disaster recovery
applications, up or downstream, 217
I3
Index
H
Hardware
central processing unit, 1915
disk, 1915
in general, 1915
memory, 1915
review, 1515
I
Insider trading, 113
Instance
definition, 114
operation mode, 1625
K
Keep it short and simple (KISS), 17, 310
Kernel upgrade, 2340
KISS. See Keep it short and simple (KISS)
E
EarlyWatch session, 2214
External interfaces, 915
F
Failed updates. See Update terminates
File space
old transport files, 1511
usage, 156
Forms
Detailed Online Service System Note Record, 1711
General Note Record, 1710
R/3 User Change Request, 126
Sample Transport Request, 1714
L
LCP. See R/3 HR Support Packages
Legal change patches (LCP). See R/3 HR Support
Packages
Lock entry list, 44, 412
Locking
client
modifiable, 1117
permanent, 1116
dangerous transactions table, 1118, 1121
logon, 1227
prohibited password table, 1130
service connection, 2130
transaction codes, 83
transactions, dangerous, 1117
users, 75, 84, 1129
Locks
definition, 412, 1041
deleting, 1042, 1043
in general, 1041, 1111
I4
Release 4.6A/B
Index
M
Maintenance
basic, 234
contracts, 1514
extended, 234
special, 231
table. See Table maintenance
user, 72, 75, 1224
Management, change
change control, 179
in general, 1127, 171
Memory
defragmentation, 1910
hardware, 1915
N
New user setup. See Users, new user setup
NTBackup, 1324
O
Operating system (OS)
alert threshold, 159
alerts, 46, 152
checklists
annual tasks, 83
daily tasks, 46
monthly tasks, 63
quarterly tasks, 73
weekly tasks, 53
file space usage, 156
full server backup, 1636
monitor, 46, 411, 1911
NT event log, 155, 1515, 1516
old transport files, 1511
system logs, 153
tasks, 152
transporting method, 1734
Transporting objects, 1716
Operational security
Operations
consumable supplies, 1642
critical supplies, 1642
in general, 161
modes
adding new, 1626
assigning, 1632
assigning instance definition, 1625
define, 1623
generate instance, 1625
in general, 1621
other considerations, 1644
work processes defining distribution, 1629
P
Paging system, 1515
Passwords. See also Security, passwords
changing, 1134
database, 1136
database administration, 1330
eliminating easy, 1129
expiration time, 74, 1129
in general, 1128
length, 74, 1129
lockout, 74, 1129
maintaining table of prohibited, 1130, 172
operating system level, 1135
purpose, 75
recording, 1131
resetting, 1226
sample tables, 1132
security parameters, 74, 1129
standards, 1129
system administration, 125
Patch
application verification, 2337
confirmation, 2336
level, 185
I5
Index
logs, 2335
queue, 2332, 2333
extended, 234
Performance
background jobs, 164
backup
database restore options, 323
factors affecting, 320
faster devices, 321
in general, 320
options, 321
parallel backup, 322
recovery, 323
to disks then tapes, 322
buffers, 414, 198
critical assumption, 192
database, 54, 65, 134, 1911
evaluation priority, 193
in general, 191, 193
memory defragmentation, 1910
R/3, 194
workload analysis, 414
Printer setup
in general, 142
Procedures
backup
archiving, 310
database check, 311
in general, 310
monitoring/controlling, 311
roles and responsibilities, 311
verifying backups, 310
system administration, 125
user administration, 123
Production system
not modifiable, 1113
preventing changes, 84
I6
Q
Quarterly tasks checklists
database, 73
notes, 74
operating system, 73
other, 74
R
R/3 HR Support Packages, 2311
R/3 System. See also System
active processes, 915
administration. See System administration; User
administration
batch jobs. See Batch jobs
checking for users, 99
with application servers, 910
without application servers, 99
checklists
daily tasks, 44, 48
stopping R/3, 95
definition, 114
external interfaces, 915
guidelines. See System guidelines
performance. See Performance
starting, 92
stopping, 95, 916
Release 4.6A/B
Index
Restore
reasons for, 32
strategy, 32
testing, 33
S
SAA. See System Administration Assistant (SAA)
SAP GUI
adding additional systems, 1215
installing
file server, from, 128
presentation CD, from, 1214
software, 128
SAPSERV, 222
SAPSERV4, 222, 223. See also Remote services,
SAPSERV4
Scenarios, disaster
corrupt database, 28
hardware failure, 28
in general, 28
loss or destruction of server facility, 29
Scheduling
database tasks, 139
I7
Index
Server
application, 94
database, 93
Supplies
checking consumable, 1642
critical, 1642
other considerations, 1644
Support Packages
adding to patch queue, 2332
applying, 2331, 2334
applying, high-level process of, 2312
determining which applied, 2313
downloading
SAPNet R/3 Frontend, from, 2324
in general, 186, 2311
information, getting from SAPNet R/3 Frontend, 23
15
notes
view all, 2317
view specific, 2321
I8
Swaps, 199
System. See also R/3 System
audits, 1139
backup. See Backup
confirmation information, 1015
logs
in general, 413, 1038, 153
NT, 46, 155, 1515, 1516
R/3, 44, 48, 415, 92, 1515
messages
creating, 96, 1052
defining, 96
editing, 1054
in general, 1051
monitor, 1515
monitoring tools, 102
multi-instance, 1045, 1236
preventing changes, 84
profile parameters, 232. See Profile parameters,
system
R/3 definition, 114
single-instance, 1235
Release 4.6A/B
Index
recordation, 17
single points of failure, 113
T
Table maintenance
deleting entry, 176
in general, 172
review, 72
table entry, create, 172
TMS
documentation, 1716
import
all requests, 1730
selected requests, 1728
transport request, 1727
main screen, 1724
method, 1716, 1724
system, 55
tp, 1717
Training classes, B4
Transaction
AL02, 46
AL08, 45, 48, 410, 95, 99, 910, 1043, 1045, 12
34, 1236
AL16, 46, 152
DB02, 52, 54, 62, 65, 137
DB12, 39, 43, 139, 1315, 1316, 1638
DB13, 39, 312, 139, 1310, 1318, 1329, 1638, 1639
OS06, 46, 411, 153
OS07, 1911, 1912
OSS1, 213
PA30, 198
I9
Index
VA03, 198
VF01, 198
VL01, 198
Transport files
Transporting objects
importing
all requests, 1730
buffer, 1718
in general, 1734
selected requests, 1728
transport request using TMS, 1727
in general, 1715
log, 1732, 1735, 1736
managing transports, 1712
operating system (OS) method, 1716, 1734
problem, if occurs, 1723
production system, 1715
releasing requests, 1719, 1721
special transports, 1718, , 1734
standard process, 1717
TMS
documentation, 1716
main screen, 1724
method, 1716, 1724
1725
Troubleshooting
basic techniques
document changes, 183
error messages, 184
evaluate alternatives, 183
gather data, 182
in general, 182
making changes, 183
problem, analyze, 183
SAP patch level, 185
Support Packages, 186
in general, 181
U
Uninterruptible power supply (UPS)
Unlocking
10
I10
Update terminates
in general, 412, 1032
looking for, 44, 48
managing, 1035
problems with short dumps, 1037
user training, 1037
check, 1513
program log, 47
shutdown process, 1513
logon, 1227
password resetting, 1226
service connection, 2130
transaction codes, 83
users, 75
W
Web sites, B11
Weekly tasks checklists
database, 53
Release 4.6A/B
Index
notes, 54
operating system, 53
other, 53
Work processes
checking, 44, 45
defining distribution, 1629
I11
11
Index
12
I12
Release 4.6A/B