SAP System Administration Made Easy

6\VWHP$GPLQLVWUDWLRQ0DGH(DV\
0LFURVRIW 64/6HUYHU
R/3 System Release 4.6A/B
SAP Labs, Inc.

Palo Alto, California
TM
&RS\ULJKW
2000 by SAP AG. All rights reserved.
Neither this documentation nor any part of it may be copied or reproduced in any form or by any means or
translated into another language, without the prior consent of SAP AG.
SAP AG makes no warranties or representations with respect to the content hereof and specifically disclaims
any implied warranties of merchantability or fitness for any particular purpose. SAP AG assumes no
responsibility for any errors that may appear in this document. The information contained in this document is
subject to change without notice. SAP AG reserves the right to make any such changes without obligation to
notify any person of such revision or changes. SAP AG makes no commitment to keep the information
contained herein up to date.
7UDGHPDUNV
SAP, the SAP logo, R/2, R/3, ABAP, and other SAP-related products mentioned herein are registered or
unregistered trademarks of SAP AG. All other products mentioned in this document are registered or
unregistered trademarks of their respective companies.
Simplification Group
SAP Labs, Inc.
3475 Deer Creek Road
Palo Alto, CA 94304
www.saplabs.com/simple
simplify-r3@sap.com
Printed in the United States of America.

ISBN 1-893570-43-6
This book uses EcoFLEX lay-flat binding. With this lay-flat featuredeveloped by
and exclusively available at Johnson Printing Service (JPS)you can open this book
and keep it open without it snapping shut on you. You need not worry about
breaking the spine. EcoFLEX makes books like this one easier to use.
&RQWHQWVDWD*ODQFH
,QWURGXFWLRQ
[[L
&KDSWHU
56\VWHP$GPLQLVWUDWLRQ%DVLFV
&KDSWHU
'LVDVWHU5HFRYHU\
&KDSWHU
%DFNXSDQG5HFRYHU\
&KDSWHU
6FKHGXOHG'DLO\7DVNV
&KDSWHU
6FKHGXOHG:HHNO\7DVNV
&KDSWHU
6FKHGXOHG0RQWKO\7DVNV
&KDSWHU
6FKHGXOHG4XDUWHUO\7DVNV
&KDSWHU
6FKHGXOHG$QQXDO7DVNV
&KDSWHU
0XOWL5ROH7DVNV
&KDSWHU 56\VWHP$GPLQLVWUDWLRQ

&KDSWHU 6HFXULW\$GPLQLVWUDWLRQ
&KDSWHU 8VHU$GPLQLVWUDWLRQ
&KDSWHU 'DWDEDVH$GPLQLVWUDWLRQ0LFURVRIW64/6HUYHU
&KDSWHU 2XWSXW0DQDJHPHQW
&KDSWHU 1HWZRUN266HUYHU$GPLQLVWUDWLRQ
&KDSWHU 2SHUDWLRQV
&KDSWHU &KDQJH0DQDJHPHQW
&KDSWHU 7URXEOHVKRRWLQJ
&KDSWHU 3HUIRUPDQFH
&KDSWHU 6$31HW:HE)URQWHQG
&KDSWHU 6$31HW5)URQWHQG
&KDSWHU 5HPRWH6HUYLFHV
&KDSWHU 6SHFLDO0DLQWHQDQFH
$SSHQGL[$ 8VHIXO7UDQVDFWLRQV $
$SSHQGL[% 8VHIXO5HVRXUFHVDQG3URGXFWV %
$SSHQGL[& 8VHIXO6$31RWHV &
$SSHQGL[' 8SJUDGH'LVFXVVLRQ '
,QGH[
,
System Administration Made Easy
iii
Contents at a Glance
iv
Release 4.6A/B
'HWDLOHG7DEOHRI&RQWHQWV
$FNQRZOHGJHPHQWV [L[
,QWURGXFWLRQ
[[L
What Is This Guidebook About?........................................................................ xxii

Who Should Read This Book?........................................................................... xxii
Prerequisites.......................................................................................................... xxiii
User ........................................................................................................................ xxiii
System.................................................................................................................... xxiv
How to Use This Guidebook .............................................................................. xxv

Organization ............................................................................................................xxv
Whats New .......................................................................................................... xxv

Content ....................................................................................................................xxv
Conventions........................................................................................................... xxvi
Special Icons...................................................................................................... xxvii
&KDSWHU
56\VWHP$GPLQLVWUDWLRQ%DVLFV
Overview............................................................................................................... 12
Roles of an R/3 System Administrator.............................................................. 12
Within R/3 .............................................................................................................. 12
External to R/3....................................................................................................... 13
Traits of an R/3 System Administrator.............................................................. 14
R/3 System Guidelines........................................................................................ 14
Protect the System ................................................................................................ 15
Do Not Be Afraid to Ask for Help........................................................................... 15
Network with Other Customers and Consultants.................................................. 16
Keep It Short and Simple (KISS)........................................................................... 17
Keep Proper Documentation................................................................................. 17
Use Checklists....................................................................................................... 18
Use the Appropriate Tool for the Job .................................................................... 19
Perform Preventive Maintenance.......................................................................... 19
Do Not Change What You Do Not Have To........................................................ 110
Do Not Make System Changes During Critical Periods...................................... 111
Do Not Allow Direct Database Access................................................................ 112
Keep all Non-SAP Activity Off the R/3 Servers................................................... 112
Minimize Single Points of Failure ........................................................................ 113
Corollaries to Murphys Law ............................................................................ 113
Special Definitions ............................................................................................ 114
Database server ................................................................................................... 114
Application server ................................................................................................. 114
Instance ................................................................................................................ 114
System.................................................................................................................. 114
&KDSWHU
'LVDVWHU5HFRYHU\
Detailed Table of Contents
Overview............................................................................................................... 22
What Is a Disaster? ............................................................................................... 22
Why Plan for a Disaster? .................................................................................... 23
Planning for a Disaster ....................................................................................... 24
Creating a Plan...................................................................................................... 24
What Are the Business Requirements for Disaster Recovery? ............................ 24
Who will provide the requirements?.............................................................................. 24
What are the requirements?......................................................................................... 24
When Should a Disaster Recovery Procedure Begin? ......................................... 25

Expected Downtime or Recovery Time................................................................. 25
Expected Downtime................................................................................................ 25
Recovery Time........................................................................................................ 26
Recovery Group and Staffing Roles ..................................................................... 26

Types of Disaster Recovery .................................................................................. 27
Onsite ..................................................................................................................... 27
Offsite ..................................................................................................................... 27
Disaster Scenarios ................................................................................................ 28

Three Common Disaster Scenarios ...................................................................... 28
A Corrupt Database................................................................................................ 28
A Hardware Failure................................................................................................. 28
A Complete Loss or Destruction of the Server Facility........................................... 29
Recovery Script ................................................................................................... 210

Creating a Recovery Script ................................................................................. 210
Recovery Process ............................................................................................... 210
Major Steps........................................................................................................... 210
Crash Kit.............................................................................................................. 211

Business Continuation During Recovery ............................................................ 214
Offsite Disaster Recovery Sites .......................................................................... 215
Integration with your Companys General Disaster Planning ............................. 215
When the R/3 System Returns............................................................................ 215
Test your Disaster Recovery Procedure......................................................... 215
Other Considerations........................................................................................ 216
Other Upstream or Downstream Applications..................................................... 216
Backup Sites........................................................................................................ 217
Minimizing the Chances for a Disaster ........................................................... 217
Minimize Human Error......................................................................................... 217
Minimize Single Points of Failure ........................................................................ 218
Cascade Failures ................................................................................................ 218
&KDSWHU
%DFNXSDQG5HFRYHU\
Overview............................................................................................................... 32
Restore ................................................................................................................. 32
Strategy ................................................................................................................. 32
Testing Recovery.................................................................................................... 33
Backup.................................................................................................................. 33
What to Backup and When ................................................................................... 33
Database ................................................................................................................ 33
Transaction Logs .................................................................................................... 35
Operating System Level Files................................................................................. 36
Backup Types........................................................................................................ 36
What Is Backed Up................................................................................................. 37
How the Backup Is Taken....................................................................................... 38
vi
Release 4.6A/B
When the Backup Is Made ..................................................................................... 39
Backup Strategy Design........................................................................................ 39

Supplementary Backups....................................................................................... 310
General Procedures ............................................................................................ 310

Backup.................................................................................................................. 310
Transaction Log Backup....................................................................................... 310
Verifying Backups ................................................................................................. 310
Monitoring/Controlling........................................................................................... 311
Database Integrity ................................................................................................ 311
Roles and Responsibilities ................................................................................... 311
Design Recommendations .................................................................................. 312

A Strategy Checklist ............................................................................................. 312
Backup Procedures and Policies.......................................................................... 313
Tape Management ............................................................................................. 313

Tracking and Documenting ................................................................................. 313
Labeling ................................................................................................................ 313
Tracking ................................................................................................................ 315
Handling................................................................................................................ 316
Retention Requirements...................................................................................... 317

Recommendations................................................................................................ 318
Storage ................................................................................................................ 318

Offsite ................................................................................................................... 318
Onsite ................................................................................................................... 319
Performance....................................................................................................... 320
Backup................................................................................................................. 320
Backup Options ................................................................................................... 321
Back Up to Faster Devices ................................................................................... 321
Parallel Backup..................................................................................................... 322
Backing Up to Disks, Then to Tape ...................................................................... 322
Recovery ............................................................................................................. 323

Restore Options................................................................................................... 323
Useful SAP Notes .............................................................................................. 324
&KDSWHU
6FKHGXOHG'DLO\7DVNV
Overview............................................................................................................... 42
Critical Tasks ....................................................................................................... 43
The R/3 System.................................................................................................... 44
Database............................................................................................................... 46
Operating System................................................................................................ 46
Other ..................................................................................................................... 47
Notes..................................................................................................................... 47
The R/3 System.................................................................................................... 48
Critical Tasks ....................................................................................................... 49
Verify that R/3 Is Running ..................................................................................... 49
Verify that the Backups Ran Successfully ............................................................ 49
Users (Transaction AL08) ................................................................................... 410
OS Monitor (Transaction OS06).......................................................................... 411
Select Background Jobs/Graphical Job Monitor (Transaction SM37/RZ01)...... 411
CCMS Alert Monitor (Transaction RZ20) ............................................................ 411
Users (Transactions SM04) ................................................................................ 411
Lock Entry List (Transaction SM12).................................................................... 412
vii
vii
Update Records (Transaction SM13) ................................................................. 412

System Log (Transaction SM21)......................................................................... 413
Batch Input (Transaction SM35) ......................................................................... 413
Work Processes (Transactions SM50 and SM51).............................................. 414
Spool (Transaction SP01) ................................................................................... 414
Tune Summary (Transaction ST02).................................................................... 414
Workload Analysis of <SID> (Transaction ST03) ............................................... 414
Database Performance Analysis (Transaction ST04)......................................... 415
ABAP Dump Analysis (Transaction ST22).......................................................... 415
&KDSWHU
6FKHGXOHG:HHNO\7DVNV
The R/3 System.................................................................................................... 52
Database............................................................................................................... 53
Other ..................................................................................................................... 53
Notes..................................................................................................................... 54
Database Performance (Transaction DB02)......................................................... 54
CCMS Alert Monitor (Transaction RZ20) .............................................................. 54
Spool (Transaction SP01) ..................................................................................... 54
TemSe (Transaction SP12)................................................................................... 55
Transaction STMS (TMS System) ........................................................................ 55
&KDSWHU
6FKHGXOHG0RQWKO\7DVNV
The R/3 System.................................................................................................... 62
Database............................................................................................................... 62
Other ..................................................................................................................... 64
Notes..................................................................................................................... 65
Database Performance (Transaction DB02)......................................................... 65
&KDSWHU
6FKHGXOHG4XDUWHUO\7DVNV
The R/3 System.................................................................................................... 72
Database............................................................................................................... 73
Other ..................................................................................................................... 74
Notes..................................................................................................................... 74
Edit System Profile Parameters (Transaction RZ10)............................................ 74
Select Background Jobs (Transaction SM37)....................................................... 75
User Maintenance (Transaction SU01)................................................................. 75
&KDSWHU
6FKHGXOHG$QQXDO7DVNV
The R/3 System.................................................................................................... 82
Database............................................................................................................... 83
Other ..................................................................................................................... 84
Notes..................................................................................................................... 84
Transaction SA38/SE38 ........................................................................................ 84
Transaction SE03/SCC4 ....................................................................................... 84
Transaction SM01 ................................................................................................. 85
viii
Release 4.6A/B
&KDSWHU
0XOWL5ROH7DVNV
Starting the R/3 System ...................................................................................... 92
Start R/3NT ........................................................................................................ 93
Stopping the R/3 System.................................................................................... 95
Tasks to Be Completed Before Stopping the System........................................... 96
System Message (SM02) ....................................................................................... 96
Check that No Active Users Are on the System (AL08/SM04) .............................. 99
Check for Batch Jobs Running or Scheduled (SM37).......................................... 911
Check for Active Processes on All Systems (SM51)............................................ 915
Check for External Interfaces ............................................................................... 915
Stopping R/3........................................................................................................ 916

STOP R/3NT ..................................................................................................... 916

Overview............................................................................................................. 102
Major System Monitoring Tools....................................................................... 102
CCMS Central Alert Monitor (Transaction RZ20) ............................................... 102
Accessing the CCMS Alert Monitor (RZ20).......................................................... 104
Current View and Alert View................................................................................. 105
Switching Between the Current and Alert Views .................................................. 106
Finding an Alert .................................................................................................... 107
Configuring the Batch Job to Collect Historical Data (RZ21) ............................. 1010
View the Alerts.................................................................................................... 1012
Analyze the Alert ................................................................................................ 1013
Acknowledge the Alert........................................................................................ 1014
Provide System Configuration Information (Transaction RZ20)......................... 1015
Maintaining The Alert Thresholds for RZ20........................................................ 1017
Hiding SAP Standard Monitor Sets .................................................................... 1019
Create a New Monitor Set .................................................................................. 1023
Add a Monitor to the Monitor Set........................................................................ 1024
System Administration Assistant (Transaction SSAA)...................................... 1028

Specific Transaction Monitoring Overview .................................................. 1032
Failed Updates (Transaction SM13) ................................................................. 1032
Managing Update Terminates ............................................................................ 1035
User Training ...................................................................................................... 1037
System Log (Transaction SM21)....................................................................... 1038

Locks (Transaction SM12) ................................................................................ 1041
Active Users (Transactions SM04 and AL08)................................................... 1043
Single-Instance System (Transaction SM04) ..................................................... 1044
Multi-Instance System (Transaction AL08) ........................................................ 1045
Work Processes (Transactions SM50 and SM51)............................................ 1046

For a System with Application Servers............................................................... 1046
For a System Without Application Servers......................................................... 1047
ABAP Dump Analysis (Transaction ST22)........................................................ 1048

Simple Selection ................................................................................................. 1049
Free Selection..................................................................................................... 1049
System Message (SM02)................................................................................. 1051

Creating a Message .......................................................................................... 1052
Editing a Message............................................................................................. 1054
ABAP Editor (SE38) .......................................................................................... 1055
For Information About a Program or Report....................................................... 1056
ix
ix

Overview............................................................................................................. 112
What is Security? ................................................................................................ 112
Keeping Unauthorized People out of the System................................................. 112
Keeping People out of Places Where They Should Not Be ................................. 112
Safeguarding the Data from Damage or Loss...................................................... 113
Complying with Legal, Regulatory, and Other Requirements .............................. 113
Audits.................................................................................................................. 114
Financial Audit..................................................................................................... 114
Security Audit ...................................................................................................... 115
Audit Considerations ........................................................................................... 115
Security Layers.................................................................................................. 116
Access Security ................................................................................................... 117
Physical Security .................................................................................................. 117
Network Security .................................................................................................. 118
Application Security .............................................................................................. 119
Operational Security............................................................................................ 119

Data Security ..................................................................................................... 1110
Application or R/3 Security ................................................................................ 1111
Controlling Access to R/3 ................................................................................... 1111
Prevent Multiple User Logins.............................................................................. 1111
Preventing Changes in the Production System ................................................ 1111

Setting the Production System to Not Modifiable (Transactions SE03, SCC4)1113
Client-Independent Changes (Transaction SE03).............................................. 1114
Client-Independent and Client-Dependent Changes (SCC4) ............................ 1115
Verifying that Dangerous Transactions Are Locked ......................................... 1117

To List Locked Transactions............................................................................... 1124
Operational Security ....................................................................................... 1125

Segregation of Duties........................................................................................ 1125
Restricting Access to SAP* or DDIC ................................................................. 1126
Change Management........................................................................................ 1127
Sharing of User IDs ............................................................................................ 1127
Password Issues and Tasks ............................................................................. 1128

Setting Password Standards Using Transaction RZ10 ...................................... 1129
Eliminating Some Easy Passwords .................................................................... 1129
Maintaining a Table of Prohibited Passwords .................................................... 1130
Recording System Passwords............................................................................ 1131
Operating System Level ..................................................................................... 1135
NT ....................................................................................................................... 1135
UNIX ................................................................................................................... 1136
Databases........................................................................................................... 1136
DB2..................................................................................................................... 1136
Informix ............................................................................................................... 1136
Microsoft SQL Server ......................................................................................... 1136
Oracle/UNIX........................................................................................................ 1136
Oracle/NT ........................................................................................................... 1137
Audit Tools....................................................................................................... 1137

Audit Information System (Transaction SECR) ................................................ 1137
Complete Audit ................................................................................................... 1138
User Defined Audit ............................................................................................. 1142
Security Audit Log (SM20) ................................................................................ 1144

Running the Audit Log ........................................................................................ 1146
Setting Security Audit Log Parameters (SM19) ................................................ 1147
Release 4.6A/B
Define Filter Group 1 .......................................................................................... 1149

Define Filter Group 2 .......................................................................................... 1150
User Security Audit Jobs ................................................................................... 1154

Audit Tasks ...................................................................................................... 1157
Review that all Named Users are Valid ............................................................ 1157
Reviewing Profiles for Accuracy and Permission Creep................................... 1158
Overview............................................................................................................. 122
User Groups ........................................................................................................ 122
Profile Generator ................................................................................................. 122
Recommended Policies and Procedures ....................................................... 123
User Administration ............................................................................................. 123
System Administration......................................................................................... 125
New User Setup ................................................................................................. 127
Prerequisites........................................................................................................ 127
General Process or Procedure ............................................................................. 127
The Users Desktop .............................................................................................. 127
Network Functionality ........................................................................................... 127
For Installation of SAP GUI .................................................................................. 127
Recommended Prerequisite for the GUI Installation ............................................ 127
Installing the Frontend SoftwareSAP GUI......................................................... 128

Installing SAP GUI from a File Server .................................................................. 128
How to Install the SAP GUI .................................................................................. 128
Installing SAP GUI from the Presentation CD .................................................... 1214
Adding Additional Systems ............................................................................... 1215

To Add Additional Systems in the SAP Logon ................................................... 1215
Setting Up a New User (SU01) ......................................................................... 1216

Copying an Existing User (SU01)....................................................................... 1216
Creating a New User (SU01).............................................................................. 1221
Maintaining a User (SU01).............................................................................. 1224

Resetting a Password (SU01) ........................................................................ 1226
Locking or Unlocking a User (SU01)............................................................. 1227
User Groups..................................................................................................... 1229
How to Create a User Group (SU01) ................................................................ 1230
Deleting a Users Session (Transaction SM04)............................................ 1232
How to Terminate a User Session .................................................................... 1233
Active Users (Transactions SM04 and AL08)................................................... 1234
Single-Instance System (Transaction SM04) ..................................................... 1235
Multi-Instance System (Transaction AL08) ........................................................ 1236
&KDSWHU 'DWDEDVH$GPLQLVWUDWLRQ0LFURVRIW64/6HUYHU
Overview............................................................................................................. 132
Starting and Stopping the Database ............................................................... 132
Starting the Database.......................................................................................... 132
Stopping the Database........................................................................................ 133
Database Performance ..................................................................................... 134
Overview.............................................................................................................. 134
Database Activity (ST04)..................................................................................... 134
Database Allocation (DB02)................................................................................ 137
Scheduling Database Tasks (DB13)................................................................ 139
xi
xi
Determining the Tape (Label) Necessary for a Backup.................................... 1313

Deleting an Entry from the Planning Calendar (DB13)..................................... 1314
Checking the Database Backup (DB12)........................................................ 1315
Initializing Backup Tapes ............................................................................... 1318
Database Backups with Microsoft Tools ...................................................... 1319
Online Backup Using SQLserver 7.0 Enterprise Manager ............................ 1319
Offline Backup Using NTBackup.................................................................... 1324
Database Error Logs ....................................................................................... 1328
R/3 ST04 ........................................................................................................ 1328
Microsoft SQL Server 7.0 - Enterprise Manager............................................... 1328
Verify Database Consistency......................................................................... 1329
Run Update Statistics ..................................................................................... 1329
System passwords.......................................................................................... 1330
SQL server ........................................................................................................ 1330
Contents ............................................................................................................. 141
Printer Setup (SPAD) ........................................................................................ 142
How to Set Up the Printer in the R/3 System ....................................................... 142
Check the Spool for Printing Problems (Transaction SP01)........................ 149

Check that Old Spools are Deleted (SP01)................................................... 1412
Printing the Output (SP01) ............................................................................. 1415
Printing the Screen ......................................................................................... 1418
Check Spool Consistency (SPAD)................................................................. 1421
Check TemSe Consistency (SP12)................................................................ 1423
&KDSWHU 1HWZRUN266HUYHU$GPLQLVWUDWLRQ
Overview............................................................................................................. 152
Operating System Tasks .................................................................................. 152
Operating System Alert (AL16) ........................................................................... 152
System Logs (OS06) ........................................................................................... 153
NT Event Logs ...................................................................................................... 155
Checking File System Space Usage (RZ20) ...................................................... 156

Changing the Alert Threshold (RZ20) ................................................................. 159
Cleaning Out Old Transport Files...................................................................... 1511
Other Tasks...................................................................................................... 1512
Clean the Tape Drive ........................................................................................ 1512
Uninterruptible Power Supply............................................................................ 1513
Check the Uninterruptible Power Supply............................................................ 1513
Check your UPS Shutdown Process .................................................................. 1513
Check Maintenance Contracts .......................................................................... 1514

Review Hardware or a System Monitor Paging System................................... 1515
&KDSWHU 2SHUDWLRQV
Overview............................................................................................................. 162
Check that All Application Servers Are Up (Transaction SM51).................. 162
Background (Batch) Jobs ................................................................................ 163
Regularly Scheduled Jobs .................................................................................. 164
Performance ......................................................................................................... 164
xii
Release 4.6A/B
Housekeeping Jobs .............................................................................................. 164

Others ................................................................................................................... 165
Performance Factors for Background Jobs ........................................................ 165

Creating and Scheduling a Batch Job (SM36).................................................... 168
Background Jobs (SM37) ............................................................................... 1615
Checking the Job Log......................................................................................... 1617
Using the Job Tree ............................................................................................. 1618
Graphical Job Monitor (Transaction RZ01)....................................................... 1619

Batch Input Jobs, New or Incorrect (SM35) ...................................................... 1620
Operation Modes ............................................................................................. 1621
To Define the Operation Mode (RZ04) ............................................................. 1623
Assign an Instance Definition to an Operation Mode (RZ04) ........................... 1625
The First Time You Generate an Instance Operation Mode .............................. 1625
Adding a New Operation Mode .......................................................................... 1626
Defining Distribution of Work Processes (RZ04) .............................................. 1629

Assigning Operation Modes (SM63) ................................................................. 1632
Backups............................................................................................................ 1636
Periodic Archivals.............................................................................................. 1636
Backup the Database ........................................................................................ 1636
Performing a Full Server Backup ...................................................................... 1636
Checking the Backups (DB12 & DB13) ............................................................ 1638
Database ............................................................................................................ 1638
Operating System Level Backups ...................................................................... 1640
UNIX ................................................................................................................... 1640
NT ....................................................................................................................... 1640
Checking Consumable Supplies ................................................................... 1642

Table Maintenance (Transaction SM31).......................................................... 172
Creating an Entry in the Table (SM31) ............................................................... 172
Deleting an Entry from a Table (SM31) .............................................................. 176
Change Control.................................................................................................. 179
Managing SAP Notes ........................................................................................ 179
Change Control (Managing Transports) ....................................................... 1712
Transporting Objects ...................................................................................... 1715
Transports into the Production System............................................................. 1715
Transporting Objects ......................................................................................... 1715
TMS Method ....................................................................................................... 1716
Operating System Method.................................................................................. 1716
Standard Transport Process ............................................................................. 1717

Importing the Entire Import Buffer ...................................................................... 1718
Special Transports from SAP............................................................................ 1718

Releasing a Request (Transport) ...................................................................... 1719
TMS Method of Transporting ............................................................................ 1724
The Main TMS Screen........................................................................................ 1724
Adding a Special Transport into the Import Buffer ............................................. 1725
Using TMS to Import a Transport Request......................................................... 1727
Check the Transport Log .................................................................................... 1732
OS Method of Transporting............................................................................... 1734

Adding a Special Transport Into the Import Buffer ............................................. 1734
Importing the Transport ...................................................................................... 1734
Checking the Transport Log (Transaction SE10) ............................................... 1735
xiiixiii
Checking the Transport Log ............................................................................... 1736

Overview............................................................................................................. 182
Basic Troubleshooting Techniques ................................................................ 182
Gather Data .......................................................................................................... 182
Analyze the Problem ............................................................................................ 183
Evaluate the Alternatives...................................................................................... 183
Make only One Change at a Time........................................................................ 183
Document the Changes........................................................................................ 183
Get the Complete Error Message ....................................................................... 184

Get the SAP Patch Level..................................................................................... 185
Determining What Support Packages Have Been Applied................................. 186
&KDSWHU 3HUIRUPDQFH
Overview............................................................................................................. 192
Critical Assumption.............................................................................................. 192
Priority of Evaluation ........................................................................................... 193
General Procedure ............................................................................................ 193
R/3 ....................................................................................................................... 194
Workload Analysis of the System (Transaction ST03) ...................................... 194
Buffers (ST02) ..................................................................................................... 198
Memory Defragmentation.................................................................................. 1910
Database........................................................................................................... 1911
Operating System............................................................................................ 1911
Operating System Monitor (OS07).................................................................... 1911
Hardware .......................................................................................................... 1915
CPU and Disk .................................................................................................... 1915
Memory.............................................................................................................. 1915
Overview............................................................................................................. 202
Logging on to SAPNet ...................................................................................... 203
Online Services ................................................................................................. 204
Solving a Problem with SAPNet ...................................................................... 205
Searching for SAP Notes .................................................................................... 205
Customer Messages ........................................................................................... 208
Entering Customer Messages............................................................................. 209
How..................................................................................................................... 2011
Viewing Customer Messages............................................................................ 2013

Viewing Customer Messages ............................................................................. 2014
Registering a Developer or Object ................................................................ 2015

Registering a Developer.................................................................................... 2015
Developer Requests Developer Key .................................................................. 2016
The System Administrator Gets the Access Key................................................ 2016
Registering a Developer ..................................................................................... 2017
Enter the Developer Key .................................................................................... 2018
Deleting a Developer......................................................................................... 2019

Registering an Object........................................................................................ 2019
Developer Requests Object Key ........................................................................ 2020
The System Administrator Gets the Access Key:............................................... 2020
xiv
Release 4.6A/B
Enter the Object Key .......................................................................................... 2023
Delete an Object................................................................................................ 2023

Online Correction Support ............................................................................. 2024
Getting the Latest SPAM version ...................................................................... 2025
Downloading Support Packages ....................................................................... 2027
Specific Support Package-Related Notes .......................................................... 2028
Downloading Suppor Packages ......................................................................... 2030

Overview............................................................................................................. 212
Useful SAP Notes .............................................................................................. 213
Connecting to SAPNetR/3 .............................................................................. 213
Researching a Problem with SAPNet-R/3....................................................... 216
Finding Notes in the SAPNet-R/3........................................................................ 216
Entering Customer Messages (Problems) into SAPNet-R/3 ............................ 2110
Getting Status on Your Message ...................................................................... 2115
Review the Action Log........................................................................................ 2116
Display Long Text............................................................................................... 2117
Reopen ............................................................................................................... 2118
Confirm ............................................................................................................... 2121
Registering a Developer or Object ................................................................ 2122

Registering a Developer.................................................................................... 2122
Developer Requests Developer Key .................................................................. 2123
Enter the Developer Key .................................................................................... 2125
Registering an Object........................................................................................ 2126

Developer Requests Object Key ........................................................................ 2126
Enter the Object Key .......................................................................................... 2129
Opening a Service Connection ...................................................................... 2130

Order of Access to Systems ............................................................................... 2130

Overview............................................................................................................. 222
Retrieving Files from SAP, SAPSERV4........................................................... 222
Connecting to SAPSERV4 Using a GUI (NT)..................................................... 223
An Example of an FTP Client.............................................................................. 224
Connecting to SAPSERV4 Using the Command Prompt ................................... 226
Navigating in SAPSERV4..................................................................................... 226
Connecting at the Command Prompt.................................................................. 226

Downloading Files ............................................................................................... 229
Partial Organization of SAPSERV4................................................................... 2210
Unpacking a CAR File ........................................................................................ 2213
Unpacking a File ................................................................................................. 2213
Special SAPNet Notes ...................................................................................... 2214

EarlyWatch Session ........................................................................................ 2214
Overview............................................................................................................. 232
Changing System Profile Parameters (Transaction RZ10)........................... 232
Support Packages ........................................................................................... 2311
xv
xv
Strategy ............................................................................................................. 2312

High-Level Process of Applying Support Packages ......................................... 2312
Determining What Support Packages Have Been Applied............................... 2313
Getting Information on the Support Package from SAPNetR/3...................... 2315
To View All Notes ............................................................................................... 2317
To View a Specific Note ..................................................................................... 2321
Requesting SPAM or a Support Package from SAPNetR/3........................... 2322

Downloading a Support Package (Hot Package) SAPNetR/3 ...................... 2324
Uploading the Support Package from a CD or SAPNetWeb .......................... 2325

Support Package Collection CD ......................................................................... 2326
SAPNetWeb...................................................................................................... 2326
Updating SPAM................................................................................................. 2329

Applying the Support Package.......................................................................... 2331
Object Conflicts ................................................................................................. 2337
Regression Testing ........................................................................................... 2339
Useful SAPNet R/3 Frontend Notes............................................................... 2339
Kernel Upgrade................................................................................................ 2340
Restart Option 1 ................................................................................................. 2341
Restart Option 2 ................................................................................................. 2341
Client Copy....................................................................................................... 2342

Special Notes...................................................................................................... 2342
Useful SAP Notes ............................................................................................... 2343
Processing Notes ............................................................................................... 2343
Creating a Client................................................................................................ 2344

Copying a Client ................................................................................................ 2347
Copying on the Same System/SID..................................................................... 2347
Copying to a Different System/SID..................................................................... 2350
Post-Client Copy Tasks..................................................................................... 2352

Deleting a Client ................................................................................................ 2352
Delete Client Transaction ................................................................................... 2353
Reviewing the Client Copy Log .......................................................................... 2354
Production Refresh Strategies ...................................................................... 2356

Database Copy of Production System .............................................................. 2357
Benefits............................................................................................................... 2357
Disadvantages .................................................................................................... 2357
Client Copy of the Production System with Data .............................................. 2357

Advantages......................................................................................................... 2357
Disadvantages .................................................................................................... 2357
Client Copy of the Production System Without Data ..................................... 2358

Advantages......................................................................................................... 2358
Disadvantages .................................................................................................... 2358
$SSHQGL[$ 8VHIXO7UDQVDFWLRQV $

Useful Transactions ............................................................................................A2
Transaction Code Switches ..................................................................................A2
Transaction Code Table ........................................................................................A2
$SSHQGL[% 8VHIXO5HVRXUFHVDQG3URGXFWV %
Other System Administration Resources.........................................................B2
SAP Resources .....................................................................................................B2
Books...................................................................................................................... B3
CDs......................................................................................................................... B4
Training Classes ................................................................................................... B4
xvi
Release 4.6A/B
Other....................................................................................................................... B5
White papers........................................................................................................... B5
SAPNet, Selected Items of Interest ........................................................................ B5
Third-Party Resources ..........................................................................................B7

Books:..................................................................................................................... B7
R/3 .......................................................................................................................... B7
UNIX ....................................................................................................................... B8
NT ........................................................................................................................... B8
OS/400.................................................................................................................... B9
Microsoft SQL Server ............................................................................................. B9
Informix ................................................................................................................... B9
DB2....................................................................................................................... B10
Oracle ................................................................................................................... B10
Other Topics ......................................................................................................... B10
Magazines: ........................................................................................................... B11
Helpful Third-Party Information............................................................................. B11
Web Sites ............................................................................................................B11

SAP....................................................................................................................... B11
SAP Affiliated........................................................................................................ B12
Third Party ............................................................................................................ B12
Internet News Groups .........................................................................................B12

Other Resources .................................................................................................B13
Operating System ................................................................................................. B13
Database .............................................................................................................. B13
Other Helpful Products: Contributed by Users..............................................B13

UNIX ....................................................................................................................B14
Backup.................................................................................................................. B14
Monitor.................................................................................................................. B14
Scheduler.............................................................................................................. B14
Spool Management .............................................................................................. B14
Other..................................................................................................................... B14
NT ........................................................................................................................B14
Backup.................................................................................................................. B14
Monitor.................................................................................................................. B14
Remote Control .................................................................................................... B15
Scheduler.............................................................................................................. B15
Spool Management .............................................................................................. B15
Other..................................................................................................................... B15
Common, Both UNIX and NT..............................................................................B15

Network ...............................................................................................................B16
$SSHQGL[& 8VHIXO6$31RWHV &
Overview...............................................................................................................C2
R/3 Notes ..............................................................................................................C2
Operating System Notes.....................................................................................C6
Common to Multiple Operating Systems ..............................................................C6
NT ..........................................................................................................................C6
UNIX ......................................................................................................................C8
AS-400...................................................................................................................C8
Database Notes ...................................................................................................C9
MS SQL server ......................................................................................................C9
DB2 / UDB ...........................................................................................................C11
Informix................................................................................................................C12
Oracle ..................................................................................................................C13
xvii
xvii
$SSHQGL[' 8SJUDGH'LVFXVVLRQ '

Upgrade Discussion............................................................................................D2
Reasons Not to Upgrade.......................................................................................D2
When to Upgrade ..................................................................................................D2
Upgrade Issues....................................................................................................D3
Other Considerations..........................................................................................D3
Software Issues.....................................................................................................D3
Hardware ...............................................................................................................D3
Performance ..........................................................................................................D4
,QGH[
xviii
,
Release 4.6A/B
$FNQRZOHGJHPHQWV
The combined experience in SAP and general systems administration of those who contributed to this book
is measured in decades. I hope that I am able to share with you some of their wisdom.
I also wish to express appreciation to the following individuals who provided time, material, expertise, and
resources which helped make the Release 4.6A/B guidebook possible:
Customers and partners: Bill Robichaud, Bridgestone/Firestone; Chad Horwedel, XXX; Doris Steckel,
Agilent/HP; Gary Canez, Motorola; Hanumantha Kasoji, Celanese Acetate; John Blair, Steelcase; Joyce
Courtney, Infineon; Laura Shieh, John Muir Mt Diablo Health System; Kerry Ek, Finteck; Lynne Lollis,
e.coetry/Chaptec; Otis Barr, Ceridian; Paul Wiebe, TransAlta; Richard Doctor, Acuson; Sam Yamakoshi,
Timothy Rogers; Tony Schollum, Ernst & Young; Thomas Beam, NCUA; HP; Udesh Naicker, HP.
SAP AG: Andreas Graesser, Dr. Arnold Niedermaier, Dr. Carsten Thiel, Fabian Troendle, Georg Chlond,
Dr. Gert Rusch, Herbert Stegmueller, Joerg Schmidt, Dr. Meinolf Block, Michael Demuth, Michael Schuster,
Dr. Nicholai Jordt, Otto Boehrer, Rudolf Marquet, Stephen Corbett, Dr. Stefan Fuchs, Thomas Arend,
Thomas Besthorn, Dr. Uwe Hommel, Uwe Inhoff, and Dr. Wulf Kruempelman.
SAP America: Casper Wai-Fu Kan, Daniel Kocsis, Daniel-Benjamin Fig Zaidspiner, Jackie Wang, Lance
Pawlikowski, Maria Gregg, Sue McFarland.
SAP Labs: Dr. Arnold Klingert, Jaideep Adhvaryu, Jody Honghua Yang, John Wu, Kitty Yue, Nihad AlFtayeh, Peter Aeschlimann, Philippe Timothee, Dr. Thomas Brodkorb.
SAP UK: Peter Le Duc.
Contributing authors: Patricia Huang, SAP America; Jerry Forsey, SAP America.
QA testers: Brad Barnes, e.coetry; Claudia Helenius; Jeff Orr, Utilx; Lynne Lollis, e.coetry; Marc Punzalan,
Heat and Control; Patrick McShane, Bramasol.
Documentation and production: Rekha Krishnamurthy, John Kanclier, Kurt Wolf.
Gary Nakayama, CPA

SAP Labs, Inc., 2000
xix
xx xx
Release 4.6 A/B
,QWURGXFWLRQ
&RQWHQWV
What Is This Guidebook About? ...........................................................................xxii
Who Should Read This Book?...............................................................................xxii
How to Use This Guidebook ..................................................................................xxv
Whats New ..............................................................................................................xxv
Special Icons .........................................................................................................xxvii
xxi
Introduction
What Is This Guidebook About?
:KDW,V7KLV*XLGHERRN$ERXW"
3KLORVRSK\
Release 4.6 of the System Administration Made Easy Guidebook continues in the direction of the
4.0 version. The primary focus is the importance of the on-going nature of system
administration. This book is written for an installed system, where all installation tasks have
been completed. Installation and related tasks, which are usually performed once, have not
been included in this guidebook.
2UJDQL]DWLRQ
We have tried to group items and tasks in job role categories, which allows this guidebook
to be a better reference book.
&RQWHQW
Real world practical advice from consultants and customers has been integrated into this
book. Because of this perspective, some of the statements in this book are blunt and direct.
Some of the examples we have used may seem improbable, but facts can be, and are,
stranger than fiction.
Because system administration is such a large area, it is difficult to reduce the volume to
what can be called Made Easy. Although material in this book has been carefully chosen, it
is by no means comprehensive. Certain chapters can be expanded into several books [two
examples are the chapters on disaster recovery (chapter 2) and security (chapter 11)].
:KDW,V1RW3URYLGHG
Although there are chapters on problem solving and basic performance tuning, these
chapters are only introductions to the subjects. This guidebook is not meant to be a trouble
shooting or performance tuning manual. Installation tasks are not presented. We assume
that your SAP consultant has completed these tasks.
:KR6KRXOG5HDG7KLV%RRN"
The target audience for this guidebook is:
xxiixxii
<
The customer person or team where:

The R/3 administrator is from a small to mid-size company with a small (one to
three people) technical team.
Each team member in the team has multiple job responsibilities.
The system administrator has a basic knowledge of the operating system and
database.
<
The junior consultant
Release 4.6 A/B
Introduction
Who Should Read This Book?
Senior consultants, experienced system administrators, and DBAs may find portions of this
guidebook very elementary, but hopefully useful.
3UHUHTXLVLWHV
To help you use this guidebook, and to prevent this guidebook from becoming as thick as
an unabridged dictionary, we defined a baseline for user knowledge and system
configuration. The two sections below (User and System) define this baseline. Review these
sections to determine how you and your system match. This book is also written with
certain assumptions about your knowledge level and the expectation that particular system
requirements have been met.
8VHU
We assume that you have a baseline knowledge of R/3, the operating system, and the
database. If you lack knowledge in any of the following points, we recommend that you
consult the many books and training classes that specifically address your operating system
and database.
You should know how to complete the following tasks at the:
<
R/3 System level:

Be able to log on to R/3
Know how to navigate in R/3 using menus and transaction codes
There are screens that do not have menu paths and the only way to access them is by
using the transaction codes. In the real world, navigating by transaction codes is
faster and more efficient than menus.
<
Operating system level:

Be familiar with the file and directory structure
Be able to use the command line to navigate and execute programs
Set up a printer
Perform a backup using standard operating system tools or third-party tools
Perform basic operating system security
Copy and move files
Properly start and stop the operating system and server
<
Database level
Properly start and stop the database
Perform a backup of the database
R/3 runs on more than five different versions of UNIX. In many cases, significant
differences exist between these versions. These differences contributed to our decision to
not go into detail at the operating system level.
xxiii
xxiii
Introduction
Who Should Read This Book?
6\VWHP
For an ongoing productive environment, we assume that the:
<
R/3 System is completely and properly installed
<
Infrastructure is set up and functional
The following checklist will help you determine if your system is set up to the baseline
assumptions of this book. If you can log on to your R/3 System, most of these tasks have
already been completed.
+DUGZDUH
Is the backup equipment installed and tested?

,QIUDVWUXFWXUH
<
Is the Uninterruptible Power Supply (UPS) installed?
<
Is a server or system monitor available?
6RIWZDUH
<
<
<
Are the following utility software installed (as appropriate)?

Backup program
Hardware monitors
System monitors
UPS control
R/3 System
Is R/3 installed according to SAPs recommendation?
Is the TPPARAM file configured?

(In Release 4.6, TMS creates a file to be used as the TPPARAM file.)
Is the TMS/CTS configured?
Is the SAProuter configured?
Is the OSS1 transaction configured?
Is the ABAP workbench configured?
Has initial security been configured (default passwords changed)?
Are the NT sapmnt share or UNIX NFS sapmnt exports properly configured?
Is the online documentation installed?
Can users log on to R/3 from their desktops?
'HVNWRS
For optimal results, we recommend that the minimum screen resolution be set as follows:
<
For the users, 800 600
<
For the system administrator, 1024 768 and a minimum color depth of 256 colors
The Release 4.6 GUI displays better with 64K colors.
xxiv
xxiv
Release 4.6 A/B
Introduction
How to Use This Guidebook
+RZWR8VH7KLV*XLGHERRN
This guidebook is organized in the following fashion:
<
The first two chapters provide a high-level view of disaster recovery and backup and
recovery.
<
Chapters 4-8 are helpful checklists that help the system administrator complete various
tasks, including daily, weekly, and yearly.
These chapters also provide helpful transaction codes and where in the book these codes
are found.
<
Chapter 9 discusses how to stop or start the R/3 System.
<
Chapters 10-13 involve the following topics:

R/3 administration
Security administration
User administration
Database administration (SQL Server)
The rest of the book covers subjects such as operations, troubleshooting, remote services,
change management, and SAPNet R/3Frontend (formerly known as OSS). The four
appendices cover useful transactions, other resources, SAPNet R/3Frontend notes, and a
discussion on upgrades.
2UJDQL]DWLRQ
All the task procedures are classified in one section and by job roles, where related tasks are
placed together. Regardless of the job schedule, all jobs related to a job role are grouped in
one place.
:KDWV1HZ
This guidebook evolved from the previous versions of this guidebook and incorporates
customer and consultant comments. Send us your comments, so we can make future
versions better meet your needs.
&RQWHQW
The new features of the Release 4.6 guidebook are:
<
System Administration Assistant (transaction SSAA), chapter 10
<
New chapters on:

Security (chapter 11)
Microsoft SQL Server / Windows NT (chapter 13)
Basic problem solving (chapter 17 )
Basic performance tuning (chapter 22)
xxv
xxv
Introduction
Whats New
The procedures to perform regularly-scheduled tasks have been moved to the Roles section.
The unscheduled tasks section from the 4.0B guidebook has become a role-oriented section.
This change accommodates customers who perform scheduled tasks at times other than the
times presented in this guidebook. Therefore, all the task procedures are classified in one
section and by job roles, where related tasks are placed together. Regardless of the job
schedule, all jobs related to a job role are grouped in one place.
&RQYHQWLRQV
In the table below, you will find some of the text conventions used throughout this guide.
Column Title
Column Title
Sans-serif italic
Screen names or on-screen objects (buttons,

fields, screen text, etc.)
Monospace
User input (text the user types verbatim)
Name1 Name2
Menu selection Name1 is the menu name,

and Name2 is the item on the menu
Sample R/3 Release 4.6 Screen
Menu Bar
Standard Toolbar
Screen Title
Application Toolbar
User menu
SAP standard menu
Workplace Menu
Workplace
Status Bar
Application toolbar:
xxvi
xxvi
Release 4.6 A/B
Introduction
Special Icons
The screenshots shown in this guide are based on full user authorization (SAP_ALL).
Depending on your authorizations, some of the buttons on your application toolbar may
not be available.
Workplace menu:
Depending on your authorizations, your workplace menu may look different from
screenshots in this guide which are based on SAP_ALL. The User menu and SAP standard
menu buttons provide different views of the workplace menu.
To learn how to build user menus, see Authorizations Made Easy guidebook Release
4.6A/B.
1RWH In this guidebook, we show the technical names of each transaction. To match our
settings, choose Extras Settings and select Show technical names.
6SHFLDO,FRQV
Throughout this guide special icons indicate important messages. Below are brief
explanations of each icon:
Exercise caution when performing this task or step. An explanation of why you should be
careful is included.
This information helps you understand the topic in greater detail. It is not necessary to
know this information to perform the task.
These messages provide helpful hints and shortcuts to make your work faster and easier.
xxvii
xxvii
Introduction
Special Icons
xxviii
xxviii
Release 4.6 A/B
%DVLFV
&RQWHQWV
Overview ..................................................................................................................12
Roles of an R/3 System Administrator .................................................................12
Traits of an R/3 System Administrator .................................................................14
R/3 System Guidelines ...........................................................................................14
Corollaries to Murphys Law................................................................................113
Special Definitions ................................................................................................114
11
Chapter 1: R/3 System Administration Basics

Overview
2YHUYLHZ
This chapter is about the roles that a system administrator plays. These roles cross all
functional areas, and the number and intensity of the tasks depends on the size of the
company. In a small company, one person can be the entire system administration
department. In a larger company, however, this person is probably part of a team. The
purpose of this definition is to help clarify the roles of a system administrator. This
chapter is a list of commonly used system administration terms and their definitions.
At the end of this chapter is a list of 14 R/3 System guidelines, which a system administrator
must be aware of while working with the system.
Sample guidelines include:
<
Keep it short and simple (KISS)
<
Use checklists
<
Do not allow direct database access
5ROHVRIDQ56\VWHP$GPLQLVWUDWRU
Depending on the size of the company and available resources, R/3 administrator(s) may
range from one person to several specialized people in several departments.
Factors that affect an R/3 system administrators tasks, staffing, and roles:
<
Company size
<
Available resources (the size of the Basis group)
<
Availability of infrastructure support for:

Desktop support
Database
Network
Facilities
The R/3 system administrator may wear many hats both in or directly related to, R/3 and
indirectly or external to R/3.
:LWKLQ5
<
User administrator
Set up and maintain user accounts
<
12
Security administrator
Create and maintain SAP security profiles
Monitor and manage security access and violations
Release 4.6A/B

Roles of an R/3 System Administrator
<
System administrator
Maintain the systems health
Monitor system performance and logs
<
Transport administrator
Transport changes between systems
Manage change requests
<
Batch scheduler
Create and manage the scheduling of batch jobs
<
Backup operator
Schedule, run, and monitor backup jobs of the SAP database and any required operating
system level files
<
Disaster recovery technical manager

Create, test, and execute the SAP disaster recovery plan
<
Programmer
Apply SAPNet R/3 note fixes to programs
<
Data Dictionary (DDIC) manager

Change the Data Dictionary (when applicable)
<
Data Base Administrator (DBA)
([WHUQDOWR5
<
<
<
<
DBA for the specific database on which the system is running

Manage database specific tasks
Maintain the databases health and integrity
Operating system administrator
Manage the operating system access and user IDs
Manage operating system specific tasks
Network administrator
Manage network access and user IDs
Manage network support and maintenance
Server administrator
Manage the servers
<
Desktop support
Supports the users desktop PC
<
Printers
<
Facilities
Manages facilities-related support issues, such as:
Power/utilities
Air conditioning (cooling)
13

Traits of an R/3 System Administrator
Physical server access
7UDLWVRIDQ56\VWHP$GPLQLVWUDWRU
An R/3 system administrator should:
<
Have a proper attitude

Protect and safeguard the system.
The system administrator is the guardian of the system.
Know when to call for help
The ability to know when you need to get help is a strength.
The weakness is not knowing when to get help and getting into trouble.
Be willing to work the hours required to support the system
Certain tasks must be done after hours or on weekends to avoid disrupting normal
business operations.
<
Be technically competent
When necessary, the company must invest in training for the Basis staff.
You must also take responsibility for your own training and education, whether
your company pays for it or not.
<
Be a team-player
The system administrator will have to work with various functional groups, users, the IS
staff, and others to successfully complete the necessary tasks.
56\VWHP*XLGHOLQHV
When working on an R/3 System:
14
<
Protect the system
<
Do not be afraid to ask for help
<
Network with other customers and consultants
<
Keep it short and simple (KISS)
<
<
Keep proper documentation

Use checklists
<
Use the appropriate tool for the job
<
Perform preventive maintenance
<
Do not change what you do not have to
<
Do not make changes to the system during critical periods
<
Do not allow direct database access
<
Keep all non-SAP activity off the SAP servers
<
Minimize single points of failure
Release 4.6A/B

R/3 System Guidelines
3URWHFWWKH6\VWHP
:KDW
Everything you do as a system administrator should be focused on protecting and

maintaining the systems integrity.
:K\
<
If the systems integrity is compromised, incorrect decisions could be made based on

invalid data.
<
If the system cannot be recovered after a disaster, your company could be out of
business.
+RZ
<
The system administrator must have a positive, professional attitude.

If the system administrator has less than this attitude, critical tasks may not be properly
completed (for example, backups may not be taken as scheduled and backup logs may
not be checked, which reduces the chances for a successful recovery).
<
System administrators should maintain a my job is on the line attitude.

This attitude helps to ensure that administrators focus on maintaining the integrity of
the system. The company may not survive if the system crashes and cannot be
recovered.
<
The system must be protected from internal and external sources.

One problem today is employees poking around in the network.
'R1RW%H$IUDLGWR$VNIRU+HOS
:K\
<
R/3 is so large and complex that one person cannot be expected to know everything.
If you are unsure which task to complete or how to complete it, you could make a
mistake and cause a larger problem.
<
Mistakes within the system can be expensive.

Certain things cannot be undone, and once set, are set forever.
<
The only way to learn is to ask.

There are no dumb questionsonly dumb reasons for not asking them.
+RZ
<
SAPNet R/3 notes
<
Various web sites and news groups
<
Consultants
Also see the section in this chapter that covers networking with other customers and
consultants.
15

1HWZRUNZLWK2WKHU&XVWRPHUVDQG&RQVXOWDQWV
:KDW
Get to know the R/3 Basis and system administrators in other companies.
:K\
<
Other customers may be able to provide solutions to your problems.
<
Customers who help each other reduce their consulting expenses.
<
The more people you know, the better your chances of finding someone to help you
solve a problem.
:KHQ:KHUHDQG+RZ
When you have the opportunity, meet:

<
<
Other SAP customers and consultants, especially those in your specialty area
Others using your operating system or database
Where to network:
<
Training classes
<
SAP events
Technical Education Conference (TechEd)
SAPPHIRE
Participate in user groups:
Americas SAP Users Group (ASUG)
Regional SAP users groups
Database user groups, such as those for Microsoft SQL Server, Informix, DB2, or
Oracle
Operating system user groups, such as those for UNIX (the various versions), NT, or
IBM (AIX, AS400, or OS390)
<
<
Participate in professional organizations
Participation means getting involved in the organization. The more you participate, the
more people you meet and get to know.
<
Whenever you attend an event, carry a stack of business cards.

Set the goal of collecting at least ten business cards, of people in your area of specialty.
<
Do not forget to ask the old-timers.

Decades ago, the mainframe community may have solved many of the issues and
problems you now face.
16
Release 4.6A/B

.HHS,W6KRUWDQG6LPSOH.,66
:K\
<
Complex tasks are more likely to fail as situations change.

A process with 27 steps has 27 chances to fail, because complex tasks are difficult to
create, debug, and maintain.
<
It is difficult to train people for complex tasks.
<
Explaining a complex task on the telephone increases the chance that what is said will
not be properly understood and an error will be made. If the error is severe, you may
have a disaster on your hands.
+RZ
<
<
Keep tasks as simple as possible.

Test
.HHS3URSHU'RFXPHQWDWLRQ
:KDW
Document processes, procedures, hardware changes, configuration changes, checks

performed, problems, errors, etc. If in doubt about what to document, write it all down.
:K\
<
As time passes, you will forget the details of a process or problem.

At some point, you may not remember anything about the process or problem. In an
extreme situation, which happens with short-term memory, you can quickly forget the
information in minutes.
<
If you violate the KISS principle, complete documentation becomes even more
important.
<
If the process is complex, complete documentation reduces the chance of errors.
<
If you are sick or unavailable, complete documentation can help someone else do the
job.
<
If changes need to be undone, you will know exactly what needs to be done to complete
this task.
<
Documentation helps train new people.

Employee turnover must be planned for. Proper documentation makes the training and
transition of new employees easier and faster.
17

:KHQ
Documentation must be changed when:

<
Documented items change.

Inaccurate documentation could be dangerous because it describes a process that should
not be followed.
<
Changes are made to the system.
<
Problems, such as hardware failures, error log entries, and security violations, occur.
Hot projects or emergencies tend to take precedence over writing documentation. Do

not postpone writing documentation, or the task may never get done. Record everything
that is done to the systemas it is being done.
+RZ
<
Record everything done to the system, as it is being done, so details are not forgotten.
<
Document items clearly and sufficiently so that, without assistance, a qualified person
can read what you have written and perform the task.
<
Re-read older documentation to see where improvements can be made. Obvious items
get fuzzy over time and are no longer obvious.
<
Use graphics, flowcharts, and screenshots to clarify documentation.
:KHUH
<
Keep a log (notebook) on each server and record everything that you do on the servers.
<
Keep a log for everything done remotely to any of the servers.
<
Keep a log for other related items.
8VH&KHFNOLVWV
:KDW
A checklist lists the steps required to complete a task. Each step requires an
acknowledgement of completion (a check) or an entry (date, time, size, etc.).
:K\
<
Checklists enforce a standardized process and reduce the chance that you will overlook
critical steps.
For example, if you were to use a checklist every time you drive a car, then you would
remember to turn off your headlights when you park your car, or you would not drive
off with your parking brake still set.
<
18
Checklists force you to document events, such as run times, which may later become
important.
Release 4.6A/B

:KHQ
Checklists are especially useful for tasks that are:

<
Complex or critical
If a step is missed or done incorrectly, the result could be serious (for example, inability
to restore the database).
<
Done for the first time
<
Done infrequently
It is difficult to remember how to do a complicated task that you do only once a year.
+RZ
See examples in Scheduled Tasks.
8VHWKH$SSURSULDWH7RROIRUWKH-RE
Sometimes a low-tech solution is best. Depending on the situation, a paper-and-pencil
solution may work better and be more cost effective than a computerized solution. Paper
and pencil still works during a power failure.
3HUIRUP3UHYHQWLYH0DLQWHQDQFH
:KDW
Preventive maintenance is the proactive monitoring and maintenance of the system.

:K\
<
<
It is less disruptive and stressful if you can plan a convenient time to do a task, rather
than have it develop into an emergency situation.
Fix a potential problem before it negatively impacts the system and company
operations.
An extreme situation is that the entire system is down until a particular task is
completed (for example, if the log file space goes down to zero (0), the database will
stop, and then R/3 also stops. Until sufficient file space is cleared, R/3 will not run and
certain business operations, such as shipping, may stop).
:KHQ
<
Checking for problems should be a part of your regular routine.
<
Scheduling tasks to fix a problem should be based on your situation, and when least
disruptive to your users.
+RZ
<
Monitor the various logs and event monitors
<
<
Obtain additional disk storage before you run out of room

Regularly clean the tape drive(s)
<
Check the database for consistency and integrity
19

'R1RW&KDQJH:KDW<RX'R1RW+DYH7R
:KDW
<
If the system works, leave it alone.
<
Do not change something just to upgrade to the latest version.
:K\
<
Risk
When something changes, there is a chance that something else may break.
<
Cost
Upgrading is expensive in terms of time, resources, and consulting, etc.
:KHQ
<
A business need exists.
<
Legal requirements call for an update.

This really is not an option. If you do not keep up you will not be complying with legal
requirements. The associated penalties can be expensive.
<
If the hardware or software release is no longer supported by the vendor.
<
The new release offers a specific functionality that offers added business value to your
company.
<
Fixing a major problem requires an upgrade.

A fix is unavailable in a patch or an advance release.
+RZ
<
If the change fails or causes problems, make certain you can recover to a before-thechange condition.
<
All changes must be regression tested to make sure that nothing else has been affected
by the change. In other words, everything still works as it is supposed to.
Regression testing of R/3 involves the functional team and users.
<
Stage the change and test it in the following order:

1. Test system (a Sandbox system)
2. Development system
3. Quality Assurance system
4. Production system
Even if your company does not have all the above-mentioned systems, the key is to
maintain the general order. For example, if your company does not have a test system,
test the change in the following order:
1. Development
2. Quality Assurance
3. Production
110
Release 4.6A/B

By the time you reach the production system, you should be comfortable that nothing
will break.
'R1RW0DNH6\VWHP&KDQJHV'XULQJ&ULWLFDO3HULRGV
:KDW
A critical period is when system disruptions could cause severe operational problems.
:K\
If a problem occurs during a critical period, the business maybe severely impacted.
Note the following sequence of events:
1. A system administrator changes a printer in Shipping at the end of the month.
2. R/3 cannot send output to the new printer.
3. The users cannot print shipping documents.
4. The company cannot ship their products.
5. Revenue for the month is reduced.
:KHQ
A critical period is any time where the users and the company may be severely impacted
by a system problem. These periods differ depending on the particular industry or
company. What is a critical period for one company may not be critical for another
company.
The following are real examples of critical periods:
<
At end of the month, when Sales and Shipping are booking and shipping as much as
they can, to maximize revenue for the month
<
At the beginning of the month, when Finance is closing the prior month
<
During the last month of the year, when Sales and Shipping are booking and shipping as
much as they can, to maximize the revenue for the year
<
During the beginning of the year, when Finance is closing the books for the prior year
and getting ready for the financial audit
+RZ
<
Always coordinate potentially disruptive system events with the users.

Different user groups in the company, such as Finance and Order Entry, may have
different quiet periods that need to be coordinated.
<
Plan all potentially disruptive systems-related activities during quiet periods when a
problem will have minimal user impact.
111

'R1RW$OORZ'LUHFW'DWDEDVH$FFHVV
:KDW
Direct database access means allowing a user to run a query or update directly to the
database without going through R/3.
:K\
<
By not going through R/3, there is the risk of corrupting the database.
<
Directly updating the database could put the database out of sync with the R/3 buffers.
+RZ
<
<
When R/3 writes to the database, it could be writing to many different tables.
If a user writes directly to the tables, missing a single table may corrupt the database by
putting the tables out of sync with each other.
With direct database access, a user could accidentally execute an update or delete, rather
than a read.
.HHSDOO1RQ6$3$FWLYLW\2IIWKH56HUYHUV
:KDW
< Do not allow users to directly access (telnet, remote access, etc.) the R/3 server(s).
< Do not use the R/3 server as a general file server.
< Do not run programs that are not directly related to R/3 on an R/3 server.
:K\
<
Security
Not allowing users to have access to the R/3 server reduces the chance of files from
being accidentally deleted or changed.
No access also means that user cannot look at confidential or sensitive information.
<
Performance
Using the production R/3 sever as a file server creates resource contention, where
performance is a primary concern. Programs running on the R/3 servers will contend
for the same resources that R/3 is using, which affects the performance of R/3.
+RZ
Use other servers to perform functions unrelated to R/3.
112
Release 4.6A/B

Corollaries to Murphys Law
0LQLPL]H6LQJOH3RLQWVRI)DLOXUH
:KDW
A single-point failure is when the failure of a single component, task, or activity causes the
system to fail or creates a critical event.
:K\
Each place where a single-point failure could occur increases the chances of a system failure
or other critical event.
For example, if:
<
You only have one tape drive and it fails, you cannot back up your database.
<
You rely on utility line power, and do not have a UPS, the server will crash during a
power failure and possibly corrupt the database.
<
You are the only one who can complete a task, and you are on vacation, the task will not
be completed until you return (or you will be on call while on vacation).
To guard against a single-point failure, consider the following options:

<
<
Systems configured with a built-in backup

Redundant equipment, such as dual power supplies
<
On-hand spares
<
Sufficient personnel
<
On-call consultants
<
Cross-training
<
Outsourcing
&RUROODULHVWR0XUSK\V/DZ
Murphys Law states: Whatever can go wrong will go wrong.
The following are some corollaries to Murphys Law:
<
Without telling you, someone will change something in the infrastructure and crash the
system.
<
When the power fails, you find out that the battery in your UPS is dead.
<
If you have only one tape drive, it will fail.
<
The one thing that you did not test is where the problem is.
<
Someone will need a network jumper cable, and will remove it from your server.
<
When disaster strikes, you will be out of town or unavailable .
<
Disaster will strike at the worst time.
<
Problems always happen at 2:00 AM.
<
Problems come in clusters.
113

Special Definitions
<
The latest full backup tape will be bad.
<
The one time you did not check the backup log will be the time when the backup fails.
<
<
You will need a tape from the backup that failed.

The computer room will be destroyedalong with all your backup tapes.
<
What you did not write down, and forgot, is what you need to know.
<
User transparent, is not.
<
The Peter Principle will strike.
<
A shortcut is the longest distance between two points.
<
When you need to send an alpha page, a link in the e-mail system will fail.
<
When a disaster strikes, and you need to be found, you will be out of the pager or cell
phone coverage area.
<
When a disaster strikes, and you need to be contacted, the battery in your pager or cell
phone will be dead.
6SHFLDO'HILQLWLRQV
There are terms used in this guidebook that have very specific meanings. To prevent
confusion, they are defined below:
'DWDEDVHVHUYHU
This is where R/3 and the database resides.
The system clock of the database server is the master clock for the R/3 system.
$SSOLFDWLRQVHUYHU
This is where R/3 application runs.
On a two-tiered system, this would be combined on the database server. Application
servers can be dedicated to online users, batch processing or a mix.
,QVWDQFH
An installation of R/3 on a server.
The two types of instances are central, and dialog. More than one instance could exist on a
physical server.
6\VWHP
The complete R/3 installation for a System ID (SID), for example PRD.
A system logically consists of the R/3 central instance and dialog instances for the SID. This
physically consists of the database server and application servers for that SID.
114
Release 4.6A/B

Special Definitions
Three-tiered R/3 Configuration
Layers
Physical Devices
R/3 Instance
What Runs on Each

Layer
Presentation
Desktop PCmany
N/A
SAP GUI
Application
Application Server
Dialog
R/3
Central
Database: SQL
Server, DB2,
Informix, ADABAS,
Oracle
N/A many
Database
Database server
only one
A two-tiered configuration combines the application and database layers on a single server.
115

Special Definitions
116
Release 4.6A/B
&KDSWHU 'LVDVWHU5HFRYHU\
&RQWHQWV
Overview ..................................................................................................................22
Why Plan for a Disaster?........................................................................................23
Planning for a Disaster...........................................................................................24
Test your Disaster Recovery Procedure ............................................................215
Other Considerations ...........................................................................................216
Minimizing the Chances for a Disaster ...............................................................217
21
Chapter 2: Disaster Recovery

Overview
2YHUYLHZ
The purpose of this chapter is to help you understand what we feel is the most critical job of
a system administratordisaster recovery.
We included this chapter at the beginning of our guidebook for two reasons:
<
To emphasize the importance of the subject

Disaster recovery needs to be planned as soon as possible, because it takes time to
develop, test, and refine.
<
To emphasize the importance of being prepared for a potential disaster
Murphys Law says:

Disaster will strike when you are not prepared for it.
The faster you begin planning, the more prepared you will be when a disaster does happen.
This chapter is not a disaster recovery how to. It is only designed to get you thinking
and working on disaster recovery.
:KDW,VD'LVDVWHU"
The goal of disaster recovery is to restore the system so that the company can continue
doing business. A disaster is anything that results in the corruption or loss of the R/3
System.
Examples include:
< Database corruption.
For example when test data is accidentally loaded into the production system.
This happens more often than people realize.
<
A serious hardware failure.
<
A complete loss of the R/3 System and infrastructure.

For example, the destruction of the building due to natural disaster.
The ultimate responsibility of a system administrator is to successfully restore R/3 after a

disaster.
The ultimate consequence of not restoring the system is that your company goes out of
business.
The administrators goal is to prevent the system from ever reaching the situation where the
ultimate responsibility is called upon.
Disaster recovery planning is a major project. Depending on your situation and the size and
complexity of your company, disaster recovery planning could take more than a year to
22
Release 4.6 A/B

Why Plan for a Disaster?
prepare, test, and refine. The plan could fill many volumes. This chapter helps you start
thinking about and planning for disaster recovery.
:K\3ODQIRUD'LVDVWHU"
<
A system administrator should expect and plan for the worst, and then hope for the best.
<
During a disaster recovery, nothing should be done for the first time.
Unpleasant surprises could be fatal to the recovery process.
Here are some of the reasons to develop a disaster recovery plan:

<
Will business operations stop if R/3 fails?
<
How much lost revenue and cost will be incurred for each hour that the system is down?
<
Which critical business functions cannot be completed?
<
How will customers be supported?
<
How long can the system be down before the company goes out of business?
<
Who is coordinating and managing the disaster recovery?
<
<
What will the users do while R/3 is down?

How long will the system be down?
<
How long will it take before the R/3 System is available for use?
If you plan properly, you will be under less stress, because you know that the system can be
recovered and how long this recovery will take.
If the recovery downtime is unacceptable, management should invest in:
<
Equipment, facilities, and personnel
<
High availability (HA) options

HA options can be expensive. There are different degrees of HA, so customers need to
determine which option is right for them.
HA is an advanced topic beyond the scope of this guidebook. If you are interested in this
topic, contact an HA vendor.
23

Planning for a Disaster
3ODQQLQJIRUD'LVDVWHU
This chapter is not a disaster recovery how to. It is only designed to get you thinking
and working on disaster recovery.
&UHDWLQJD3ODQ
Creating a disaster recovery plan is a major project because:
<
It can take over a year and considerable time to develop, test, and document.
<
The documentation may be extensive (literally thousands of pages long).
If you do not know how to plan for a disaster recovery, get the assistance of an expert. A
bad plan (that will fail) is worse than no plan, because it provides a false sense of security.
:KDW$UHWKH%XVLQHVV5HTXLUHPHQWVIRU'LVDVWHU5HFRYHU\"
Who will provide the requirements?
< Senior management needs to provide global (or strategic) requirements and guidelines.
<
The business units needs drive the specific detailed requirements.

These units should understand that as the requirement for the recovery time decreases,
the cost for disaster recovery increases. The units should budget for it, or if the funds
come from an administrative or IT budget, the units should support it.
What are the requirements?

Each requirement should answer the following questions:
<
Who is the requestor?
<
What is the requirement?
<
<
Are other departments or customers affected by this requirement?

Why is the requirement necessary?
When R/3 is offline, what does (or does not) happen?
What is the cost (or lost revenue) of an hour or a day of R/3 downtime?
The justification should be a concrete objective value (such as $20,000 an hour).
Define the cost (per hour, per day, etc.) of having the R/3 System down.
24
Release 4.6 A/B

([DPSOH
What: No more than one hour of transaction data may be lost.

Why: The cost is 1,000 transactions per hour of lost transactions that are entered
in R/3 and cannot be recreated from memory.
This inability to recreate lost transactions may result in lost sales and upset
customers. If the lost orders are those that the customer quickly needs, this
situation can be critical.
([DPSOH
What: The system cannot be offline for more than three hours.
Why: The cost (an average of $25,000 per hour) is the inability to book sales.
([DPSOH
What: In the event of disaster, such as the loss of the building containing the R/3
data center, the company can only tolerate a two-day downtime.
Why: At that point, permanent customer loss begins.
Other: There must be an alternate method of continuing business.
:KHQ6KRXOGD'LVDVWHU5HFRYHU\3URFHGXUH%HJLQ"
Ask yourself the following questions:
<
What criteria constitute a disaster?
<
Have these criteria been met?
<
Who needs to be consulted?
The person must be aware of the effect of the disaster on the companys business and the
critical nature of the recovery.
([SHFWHG'RZQWLPHRU5HFRYHU\7LPH
([SHFWHG'RZQWLPH
Expected downtime is only part of the business cost of disaster recovery. For defined
scenarios, this cost is the expected minimum time before R/3 can be productive again.
Downtime may mean that no orders can be processed and no products shipped.
Management must approve this cost, so it is important that they understand that downtime
are potential business costs.
To help business continue, it is important to find out if there are alternate processes that can
be used while the R/3 System is being recovered.
25

The following costs are involved with downtimes:

<
The length of time that R/3 is down.

The longer the system is down, the longer the catch-up period when it is brought back
up. The transactions from the alternate processes that were in place during the disaster
have to be applied to the system to make it current. This situation is more critical in a
high-volume environment.
<
A downed system is more expensive during the business day when business activity
would stop than at the end of the business day when everyone has gone home.
<
When customers cannot be serviced or supported, they may be lost to a competitor.
The duration of acceptable downtime depends on the company and the nature of its
business.
5HFRYHU\7LPH
Unless you test your recovery procedure, the recovery time is only an estimate, or worse, a
guess. Different disaster scenarios have different recovery times, which are based on what
needs to be done to become operational again.
The time to recover must be matched to the business requirements. If this time is greater
than the business requirements, the mismatch needs to be communicated to the appropriate
managers or executives.
Resolving this mismatch involves:
<
Investing in equipment, processes, and facilities to reduce the recovery time.
<
Changing the business requirements to accept the longer recovery time and accepting
the consequences.
An extreme (but possible) example: A company cannot afford the cost and lost revenue for
the month it would take one person to recover the system. During that time, the competition
would take away customers, payment would be due to vendors, and bills would not be
collected. In this situation, senior management needs to allocate resources to reduce the
recovery time to an acceptable level.
5HFRYHU\*URXSDQG6WDIILQJ5ROHV
There are four key roles in a recovery group. The number of employees performing these
roles will vary depending on your company size. In a smaller company, for example, the
recovery manager and the communication liaison could be the same person. Titles and tasks
will probably differ based on your companys needs.
We defined the following key roles:
<
Recovery manager
Manages the entire technical recovery. All recovery activities and issues should be
coordinated through this person.
<
Communication liaison
Handles user phone calls and keeps top management updated with the recovery status.
One person handling all phone calls allows the group doing the technical recovery to
proceed without interruptions.
26
Release 4.6 A/B

<
Technical recovery team

Does the actual technical recovery. As the recovery progresses, the original plan may
have to be modified. This role must manage the changes and coordinate the technical
recovery.
<
Review and certification manager

Coordinates and plans the post-recovery testing and certification with users.
To reduce interruption of the recovery staff, we recommend you maintain a status board.
The status board should list key points in the recovery plan and an estimate of when the
system will be recovered and available to use.
<
If the disaster is a major geographical event (like an earthquake), your local staff will be
more concerned with their familiesnot the company.
<
Depending on the disaster, key personnel could be injured or killed.
You should expect and plan for these situations. Plan for staff from other geographic sites
to be flown in and participate as disaster recovery team members.
A final staffing role is to plan for at least one staff member to be unavailable. Without this
person, the rest of the department must be able to perform a successful recovery. This issue
may become vital during an actual disaster.
7\SHVRI'LVDVWHU5HFRYHU\
Disaster recovery scenarios can be grouped into two types:
<
Onsite
<
Offsite
2QVLWH
Onsite recovery is disaster recovery done at your site. The infrastructure usually remains
intact. The best case scenario is a recovery done on the original hardware. The worst case
scenario is a recovery done on a backup system.
2IIVLWH
Offsite recovery is disaster recovery done at a disaster recovery site. In this scenario, all
hardware and infrastructure are lost as a result of facility destruction such as a fire, a flood,
or an earthquake. The new servers must be configured from scratch.
A major consideration is that once the original facility has been rebuilt and tested, a second
restore must take place back to the customers original facility. While this second restore can
be planned and scheduled at a convenient time to disrupt as few users as possible. The
timing is just as critical as the disaster. While the system is being recovered, it is down.
27

'LVDVWHU6FHQDULRV
There are an infinite number of disaster scenarios that could occur. It would take an infinite
amount of time to plan for them, and you will never account for all of them. To make this
task manageable, you should plan for at least three and no more than five scenarios. In the
event of a disaster, you would adapt the closest scenario(s) to the actual disaster.
The disaster scenarios are made up of:
<
Description of the disaster event
<
High level plan of major tasks to be performed
<
Estimated time to have the system available to the users
To create your final scenario:

1. Use the Three Common Disaster Scenarios section below as a starting point.
2. Prepare three to five scenarios that cover a wide range of disasters that would apply to
you.
3. Create a high-level plan (are made up of major tasks) for each scenario.
4. Test the planned scenario, by creating different test disasters and determining if (and
how) your scenario(s) would adapt to an actual disaster.
5. If the test scenario(s) cannot be adapted, modify or develop more scenarios
6. Repeat the process.
7KUHH&RPPRQ'LVDVWHU6FHQDULRV
The following three examples range from a best-to-worst scenario order:
The downtimes in the examples below are only samples. Your downtimes will be different.
You must replace the sample downtimes with the downtimes applicable to your
environment.
$&RUUXSW'DWDEDVH
<
<
<
A corrupt database could result from:

Accidentally loading test data into the production system.
A bad transport into production, which results in the failure of the production
system.
Such a disaster requires the recovery of the R/3 database and related operating system
files.
The sample downtime is eight hours.
$+DUGZDUH)DLOXUH
<
28
The following types of items may fail:

A system processor
A drive controller
Release 4.6 A/B

<
<
Multiple-drives in a drive array, so that the drive array fails
Such a disaster scenario requires:

Replacing failed hardware
Rebuilding the server (operating system and all programs)
Recovering the R/3 database and related files
The sample downtime is seven days and comprises:
Five days to procure replacement hardware
Two days to rebuild the NT server (one person); 16 hours of actual work time
$&RPSOHWH/RVVRU'HVWUXFWLRQRIWKH6HUYHU)DFLOLW\
<
The following items can be lost:

Servers
All supporting infrastructure
All documentation and materials in the building
The building
<
A complete loss of the facility can result from the following types of disasters:
Fire
Earthquake
Flood
Hurricane
Tornado
Man-made disasters, such as the World Trade Center bombing
Such a disaster requires:
Replacing the facilities
Replacing the infrastructure
Replacing lost hardware
Rebuilding the server and R/3 environment (hardware, operating system, database,
etc.)
Recovering the R/3 database and related files
<
<
The sample downtime lasts eight days and comprises:

At least five days to procure hardware.
In a regional disaster, this purchase could take longer if your suppliers were also
affected by the disaster.
Use national vendors with several regional distribution centers and, as a backup,
have an out-of-area alternate supplier.
Two days to rebuild the NT server (one person); 16 hours actual work time
As the hardware is procured and the server is being rebuilt, an alternate facility is
obtained and an emergency (minimal) network is constructed
One day to integrate into the emergency network
29

<
Complete loss or destruction requires a recovery back to a new facility.
5HFRYHU\6FULSW
:KDW
A recovery script is a document that provides step-by-step instructions about:

< The process required to recover R/3
<
Who will complete each step
<
The expected time for long steps
<
Dependencies between steps
:K\
A script is necessary because it helps you:

<
Develop and use a proven series of steps to restore R/3
<
Prevent missing steps

Missing a critical step may require restarting the recovery process from the beginning,
which delays the recovery.
If the primary recovery person is unavailable, a recovery script helps the backup person
complete the recovery.
&UHDWLQJD5HFRYHU\6FULSW
Creating a recovery script requires:
<
A checklist for each step
<
A document with screenshots to clarify the instructions, if needed
<
Flowcharts, if the flow of steps or activities is critical or confusing
5HFRYHU\3URFHVV
To reduce recovery time, define a process by:
<
Completing as many tasks as possible in parallel
<
Adding timetables for each step
0DMRU6WHSV
1. During a potential disaster, anticipate a recovery by:
<
Collecting facts
<
Recalling the latest offsite tapes
<
Recalling the crash kit (see page 211 for more information).
<
Calling all required personnel

These personnel include the internal SAP team, affected key
users, infrastructure support, IT, facilities, on-call consultants, etc.
210
Release 4.6 A/B

<
Preparing functional organizations (sales, finance, and shipping) for alternate

procedures for key business transactions and processes.
2. Minimize the effect of the disaster by:

<
Stopping all additional transactions into the system

Waiting too long could worsen the problem
<
Collecting transaction records that have to be manually reentered
3. Begin the planning process by:

<
Analyzing the problem
<
Fitting the disaster to your predefined scenario plans
<
Modifying the plans as needed
4. Define when to initiate a disaster recovery procedure.

<
What are the criteria to declare a disaster, and have they been met?
<
Who will make the final decision to declare a disaster?
5. Declare the disaster.

6. Perform the system recovery.
7. Test and sign off on the recovered system.
Key users, who will use a criteria checklist to determine that the system has been
satisfactorily recovered should perform the testing.
8. Catch up with transactions that may have been handled by alternate processes during
the disaster.
Once completed, this step should require an additional sign-off.
9. Notify the users that the system is ready for normal operations.
10. Conduct a postmortem debriefing session.
Use the results from this session to improve your disaster recovery planning.
&UDVK.LW
:KDW
A crash kit contains everything needed to:

<
Rebuild the R/3 servers
<
Reinstall R/3
<
Recover the R/3 database and related files
:K\
During a disaster, everything that is needed to recover the R/3 environment is contained in
one (or a few) containers. If you have to evacuate the site, you will not have the time to run
around, gathering the items at the last minute, hoping that you get everything you need.
In a major disaster you may not even have that opportunity.
211


:KHQ
When a change is made to a component (hardware or software) on the server, replace the
outdated items in the crash kit with updated items that have been tested.
A periodic review of the crash kit should be performed to determine if items need to be
added or changed. A service contract is a perfect example of an item that requires this type
of review.
:KHUHWR3XWWKH&UDVK.LW
The crash kit should be physically separated from the servers. If it is located in the server
room, and the server room is destroyed, this kit is lost.
Some crash kit storage areas include:
<
<
Commercial offsite data storage

Other company sites
<
Another secure section of the building
+RZ
The following is an inventory list of some of the major items to put into the crash kit. You
will need to add or delete items for your specific environment. This inventory list is
organized into the following categories:
<
Documentation
<
Software
'RFXPHQWDWLRQ
An inventory of the crash kit should be taken by the person who seals the kit. If the seal is
broken, items may have been removed or changed, making the kit useless in a recovery.
The inventory list below must be signed and dated by the person checking the crash kit. The
following documentation must be included in the crash kit:
212
<
Disaster recovery script
<
Installation instructions for the:

Operating system
Database
R/3 System
<
Special installation instructions for:

Drivers that have to be manually installed
Programs that must be installed in a specific manner
Release 4.6 A/B

<
Copies of:
SAP license for all instances
Service agreements (with phone numbers) for all servers
Ensure that maintenance agreements are still valid and check if the agreements expired.
These should be part of a regular schedule task.
<
Instructions to recall tapes from offsite data storage
<
List of personnel authorized to recall tapes from offsite data storage

This list must correspond to the list maintained by the data storage company.
<
A parts list
If the server is destroyed, this list should be in sufficient detail to purchase or lease
replacement hardware. Over time, if original parts are no longer available, an alternate
parts list will have to be prepared. At this point, you might consider upgrading the
equipment.
<
File system layout
<
Hardware layout
You need to know which:
Cards go in which slots
Cables go where (connector-by-connector)
Labeling cables and connectors greatly reduces confusion
<
Phone numbers for:

Key users
Information services personnel
Facilities personnel
Other infrastructure personnel
Consultants (SAP, network, etc.)
SAP hotline
Offsite data storage
Security department or personnel
Service agreement contacts
Hardware vendors
6RIWZDUH
<
Operating system:
Installation kit
Drivers for hardware, such as a Network Interface Card (NIC) or a SCSI
controller, which are not included in the installation kit
Service packs, updates, and patches
213

<
<
<
<
Database:
Installation kit
Service packs, updates, and patches
Recovery scripts, to automate the database recovery
For R/3:
Installation kit
Currently installed kernel
System profile files
tpparam file
saprouttab file
saplogon.ini
Other R/3 integrated programs (for example, a tax package)
Other software for the R/3 installation:
Utilities
Backup
UPS control program
Hardware monitor
FTP client
Remote control program
System monitor
%XVLQHVV&RQWLQXDWLRQ'XULQJ5HFRYHU\
Business continuation during a recovery is an alternate process to continue doing business
while recovering from a disaster. It includes:
<
Cash collection
<
Order processing
<
Product shipping
<
Bill paying
<
Payroll processing
<
Alternate locations to continue doing business
:K\
Without an alternate process, your company would be unable to do business.

Some of the problems you would encounter include:
214
<
Orders cannot be entered
<
Product cannot be shipped
<
Money cannot be collected
Release 4.6 A/B

Test your Disaster Recovery Procedure
+RZ
There are many alternate processes, including:

<
Manual paper-based
<
Stand alone PC-based products
2IIVLWH'LVDVWHU5HFRYHU\6LWHV
<
Other company sites
<
Commercial disaster recovery sites
<
Share or rent space from other companies
,QWHJUDWLRQZLWK\RXU&RPSDQ\V*HQHUDO'LVDVWHU3ODQQLQJ
Because there are many dependencies, the R/3 disaster recovery process must be integrated
with your companys general disaster planning. This process includes telephone, network,
product deliveries, mail, etc.
:KHQWKH56\VWHP5HWXUQV
How will the transactions that were handled with the alternate process be entered into R/3
when it is operational?
7HVW\RXU'LVDVWHU5HFRYHU\3URFHGXUH
Unless you test your recovery process, you do not know if you can actually recover
your system.
A test is a simulated disaster recovery which verifies that you can recover the system and
exercise every task outlined in the disaster recovery plan.
<
Test to find out if:

Your disaster recovery procedure works
Something changed, was not documented, or updated
There are steps that need clarification for others
The information that is clear to the person documenting the procedure may be
unclear to the person reading the procedure.
Older hardware is no longer available
Here, alternate planning is needed. You may have to upgrade your hardware to be
compatible with currently available equipment.
Since many factors affect recovery time, actual recovery times can only be determined by
testing. Once you have actual times (not guesses or estimates), your disaster planning
215

Other Considerations
becomes more credible. If the procedure is practiced often, when a disaster occurs, everyone
will know what to do. This way, the chaos of a disaster will be reduced.
+RZ
1. Execute your disaster recovery plan on a backup system or at an offsite location.

2. Generate a random disaster scenario.
3. Execute your disaster plan to see if it handles the scenario.
:KHQ
A full disaster recovery should be practiced at least once a year.

:KHUH
<
The disaster recovery test should be done at the same site that you expect to recover.
If you have multiple recovery sites, perform a test recovery at each site. The
equipment, facilities, and configuration may be different at each site. Document
all specific items that need to be completed for each site. You do not want
to discover that you cannot recover at a site after a disaster occurs.
<
A backup onsite server
<
<
Another company site

At another company where you have a mutual support agreement
<
A company that provides disaster recovery site and services
:KR6KRXOG3DUWLFLSDWH
<
Primary and backup personnel who will do the job during a real disaster recovery
A provision should be made that some of the key personnel are to be unavailable during
a disaster recovery. A test procedure might involve randomly picking a name and
declare that person unavailable to participate. This procedure duplicates a real situation
in which a key person is seriously injured or killed.
<
Personnel at other sites

Integrate these people into the test, since they may be needed to perform the recovery
during an actual disaster. These people will fill in for unavailable personnel.
2WKHU&RQVLGHUDWLRQV
2WKHU8SVWUHDPRU'RZQVWUHDP$SSOLFDWLRQV
For the company to function, other up (or down) stream applications also need to be
recovered with R/3. Some of these applications may be tightly associated with R/3. The
applications should be accounted for and protected in the company-wide disaster recovery
planning.
216
Release 4.6 A/B

Minimizing the Chances for a Disaster
Applications located on only one persons desktop computer must be backed up to a safe
location.
%DFNXS6LWHV
Having a contract with a disaster recovery site does not guarantee that the site will be
available. In a regional disaster, such as an earthquake or flood, many other companies will
be competing for the same commercial disaster sites. In this situation, you may not have a
site to recover to, if others have booked it before you.
The emergency backup site may not have equipment of the same performance level as your
production system. Reduced performance and transaction throughput must be considered.
Examples:
<
A reduced batch schedule of only critical jobs
<
Only essential business tasks will be done while on the recovery system
0LQLPL]LQJWKH&KDQFHVIRUD'LVDVWHU
There are many ways to minimize chances for a disaster. Some of these ideas seem obvious,
but it is these ideas that are often forgotten.
0LQLPL]H+XPDQ(UURU
Many disasters are caused by human error, such as a mistake or a tired operator. Do not
attempt dangerous tasks when you are tired. If you have to do a dangerous task, get a
second opinion before you start.
<
Dangerous tasks should be scripted and checkpoints included to verify the steps.
Such tasks include:
Deleting the test database
Check that the delete command specifies the Test, not the
Production, database.
Moving a file
Verify that the target file (to be overwritten) is the old, not the new, file.
Formatting a new drive
Verify that the drive to be formatted is the new drive, not an existing drive with data
on it.
217

Minimizing the Chances for a Disaster
0LQLPL]H6LQJOH3RLQWVRI)DLOXUH
A single-point failure is when the failure of one component causes the entire system to fail.
To minimize single-point failure:
<
Identify conditions where a single-point failure can occur
<
Anticipate what will happen if this component or process fails
<
Eliminate as many of these single points of failure as practical.

Practical is defined as the level of work involved or cost compared to the level of risk
and failure.
Types of single points of failure include:

<
The backup R/3 server is located in the same data center as the production R/3 server.
If the data center is destroyed, the backup server is also destroyed.
<
All the R/3 servers are on a single electrical circuit.

If the circuit breaker opens, everything on that circuit loses power, and all the servers
will crash.
&DVFDGH)DLOXUHV
A cascade failure is when one failure triggers additional failures, which increases the
complexity of a problem. The recovery involves the coordinated fixing of many problems.
([DPSOH $&DVFDGH)DLOXUH
1. A power failure in the air conditioning system causes an environmental (air
conditioning) failure in the server room.
2. Without cooling, the temperature in the server room rises above the equipments
acceptable operating temperature.
3. The overheating causes a hardware failure in the server.
4. The hardware failure causes a database corruption.
In addition, overheating can damage many things, such as:
Network equipment
Phone system
Other servers
The recovery becomes complex because:

<
Fixing one problem may uncover other problems or damaged equipment.
<
Certain items cannot be tested or fixed until other equipment is operational.
In this case, a system that monitors the air conditioning system or the temperature in the
server room could alert the appropriate employees before the temperature in the server
room becomes too hot.
218
Release 4.6 A/B
&KDSWHU %DFNXSDQG5HFRYHU\
&RQWHQWV
Overview ..................................................................................................................32
Restore.....................................................................................................................32
Backup .....................................................................................................................33
Tape Management.................................................................................................313
Performance ..........................................................................................................320
Useful SAP Notes..................................................................................................324
31
Chapter 3: Backup and Recovery

Overview
2YHUYLHZ
The most important aspect of a technical implementation is establishing an effective backup
and recovery strategy. This process entails a restore of all, or part, of the database after
hardware or software errors and a recovery during which the system is updated to a point
just before the failure. There are many situations other than disk failures that may require a
restore and recovery.
Your backup strategy should be as uncomplicated as possible. Complications in backup
strategy can create difficult situations during restoration and recovery. Procedures, problem
identification, and handling must be well documented so all individuals clearly understand
their roles and required tasks. This strategy should also not adversely impact daily business.
This chapter discusses backup and restore of your system. The details of a specific database
are covered in the database administration chapter(s). The information in this chapter will
help you better understand the concepts that enhance your operating environment and
access the methods that best suit your needs.
5HVWRUH
Usually a restore is done to:
<
Recover after a disaster
<
Test your disaster recovery plan
<
Copy your database to another system
(For additional details on the first two items, see chapter 2; and for details on the last item,
see chapter 23.)
The business requirement for speed in a restore is driven by the need to get the system
quickly operational after a disaster. This way, the company can continue to do business.
6WUDWHJ\
Business recovery time is the result of the time needed to:
<
Find the problem
<
Repair the damage
<
Restore the database
Factors that affect the chosen restore strategy include:
32
<
<
Business cost of downtime to recover

Operational schedule
<
Global or local users
<
Number of transactions an hour
<
Budget
Release 4.6A/B

Backup
The actual process to restore R/3 and the database will not be covered in this book. This
critical task has specific system dependencies, and we leave it to a specialist to teach. If a
restore must be done, contact a specialist or your Basis consultant. Work with your DBA or
consultant to test and document the restore process for your system. With proper training,
you should be able to do the restore.
If the restore is not done properly and completely, it could fail and must be restarted, or be
missing other files. There may be special data that you must record about your database to
recover it. Work with your specialist to identify and document this data.
7HVWLQJ5HFRYHU\
Since the restore procedure is one of the key issues of the R/3 System, database recovery
must be regularly maintained and tested. See chapter 2, Disaster Recovery.
%DFNXS
Backup is like insurance. You only need a backup if you need to restore your system.
:KDWWR%DFNXSDQG:KHQ
There are three categories of files to backup:
< Database
<
Log files
<
Operating system files
Note; you may need to use different tools to backup all the files. Some tools may only be
able to backup one or two of the three categories of files that need to be backed up. Example,
using the SAP DBA Calendar DB13 for on Microsoft SQL Server, it can backup the database
and the transaction log, but not the operating system files.
'DWDEDVH
:KDW
This is the core of the R/3 system and your data. Without the database backup, you cannot
recover the system.
:KHQ
The frequency of a full database backup determines how many days back in time you must
go to begin the restore:
<
If a daily full backup is done, you will need yesterdays full backup.
Only logs since yesterdays backup need to be applied to bring the system current.
<
If a weekly full backup is done, you will need last weeks full backup.
All the logs for each day (since the full backup) must now be applied to bring the system
current.
33

Backup
A daily full backup reduces the number of logs that need to be applied to bring the database
current. This backup reduces the risk of not getting a current database backup because of a
bad (unusable) log file.
If a daily full backup is not done, more logs would need to be applied. This step lengthens
the recovery process time and increases the risk of not being able to recover to the current
time. A point may be reached when it would take too long to restore the logs, because so
many logs need to be applied. For additional safety, we recommend that you do a full
monthly database backup in addition to the full daily backups.
([DPSOH:HHNO\%DFNXS
A restore from last weeks full backup that was done four days ago.
<
There are 10 logs a day.
<
A total of 40 logs (10 logs per day 4 days) need to be restored.
<
It takes 120 minutes to restore the log file from tape to disk (40 log x 3 minutes per
log).
<
It takes 200 minutes to restore the log files to the database (40 logs x 5 minutes per
log).
<
The total time to do the restore, excluding database files, is 320 minutes (5.3 hours).
([DPSOH:HHNO\%DFNXS
A restore from last nights full backup
<
There are maximum of 10 logs a day.
<
It takes 30 minutes to restore the log file from tape to disk (10 log x 3 minutes per
log).
<
It takes 50 minutes to restore the log files to the database (10 logs x 5 minutes per
log).
The total time to do the restore, excluding database files, is 80 minutes (1.3 hours).
<
As you can see, the weekly backup takes four times longer to recover than a daily
backup.
These examples show that the time it takes to do a log restore depends on how many days
back you have to go to get to the last full backup. Increasing the frequency of the full backup
(with less days between full backups) reduces the recovery time.
Also consider maintaining two backup cycles of the logs on disk to reduce the need to
restore these logs from tape.
34
Release 4.6A/B

Backup
7UDQVDFWLRQ/RJV
:KDW
Transaction logs are critical to the database recovery. These logs contain a record of the
changes made to the database, which is used to roll forward (or back) operations. It is
critical to have a complete chain of valid log backups. If you have to restore and one log is
corrupted, you cannot restore past the corrupt log.
Weekly Full Backups
If the system crashes on Thursday, a log on Tuesday is corrupt. You can only recover to
the last good log on Tuesday. Everything after that is lost.
Transaction log is stored in a directory, which must not be allowed to become full. If the
transaction log fills the available filespace, the database will stop, and no further processing
can be done in the database (and consequently) in R/3. It is important to be proactive and
periodically back up the transaction logs. Refer to the chapter specific to your database for
more information.
:KHQ
The frequency of the log backups is a business decision based on:

<
Transaction volume
<
Critical period(s) for the system
<
Amount of data senior management is willing to lose
<
Resources to perform the backups and take them offsite
Also see the examples in the database section above.
If your transaction volume is high, decrease the time interval between log backups. This
reduced time interval decreases the amount of data that could be lost in a potential data
center disaster.
+RZ
To back up transaction logs:

1. Backup the transport log to disk.
2. Copy the backup of the transaction log to an offsite backup file server.
This backup file server should ideally be in another building or in another city. A
separate location increases the chance that the log files will be preserved if the primary
data center (containing the R/3 servers) is destroyed.
3. Back up the backup of the transaction logs on both servers (the R/3 server and the
offsite backup file server) to tape each day along with the other operating system-level
files.
35

Backup
If you do not have an offsite backup server, back up the transaction log backups to tape
after each log backup and immediately send the tape offsite.
Do not back up the logs to the tape drive in append mode and append multiple
backups on the same tape. If a data center disaster occurs, the tape with all these logs
will be lost.
2SHUDWLQJ6\VWHP/HYHO)LOHV
:KDW
Operating system level files, which must also be backed up, are for:
<
Operating environment (for example, system and network configuration)
<
R/3 files
Spool files, if stored at the operating system level
(system profile: rspo/store_location = G)
Change management transport files located in /usr/sap/trans
Other R/3 related applications
Interface or add-on products, such as those used for EDI or taxes, that store their
data or configuration outside the R/3 database.
<
The amount of data is small in relation to the R/3 database. Depending on how your system
is used, the above list should only require several hundred megabytes to a few gigabytes of
storage. In addition, some of the data could be static and may not change for months.
:KHQ
The frequency of the operating system level backup depends on the specific application. If
these application files must be kept in sync with the R/3 System, they must be backed up at
the same frequency as the log backup files. An example of this situation is a tax program
that stores its sales tax data in files external to the R/3 database. These files must be in sync
with the sales orders in the system.
A simple and fast method to back up operating system files is to copy all data file directories
to disk on a second server; from the second server, you can back up those files to tape. This
process minimizes file downtime.
Use the sample schedule below to determine your backup frequency:
%DFNXS7\SHV
Backup types is like a three-dimension matrix, where any combination can be used:
36
<
What is backed up: full database vs incremental of the logs
<
How the backup taken: online vs offline
<
When the backup is made: scheduled vs nonscheduled (ad-hoc)
Release 4.6A/B

Backup
:KDW,V%DFNHG8S
<
Full database backup

A backup of the entire database.
Advantages:
The entire database is backed up at once, making the restore of the database easier
and faster. There are less logs that need to be applied to bring the restored database
current.
Disadvantages:
Takes longer to run than an incremental log backup. Because of the longer backup
window there is more impact on the users while the backup is running.
<
Incremental backup of the transaction logs

A backup of the transaction logs.
A full database backup is still required on a periodic basis. The usual arrangement is; a
full backup on the weekend and incremental backups during the week.
Advantages:
Much faster than a full database backup. Because of the smaller backup window,
there is less impact to the users.
Disadvantages:
A full backup is needed, as a starting point to restore the database.
To restore the database takes significantly longer and is more complicated than
restoring a full backup. The last full database backup must be restored, then all log
backups since the full backup. This can be many logs if for example the system
crashed on Friday, then the logs from Monday through Friday have to be applied.
If one log cannot be restored, all the logs after that point cannot be restored.
Differential backup
<
Depending on your database and operating system, you may (or may not) have a third
option. A differential backup is a backup of only what has changed since the last full
backup. A full database backup is still required on a periodic basis. The usual
arrangement is; a full backup on the weekend and differential backups during the week.
Differential backup is not supported from within R/3 using DB13, you must use other
tools to perform a differential backup.
Microsoft SQL Server; to do a differential backup you must execute the differential
backup using Microsoft SQL Server tools.
Advantages:
The exposure to a corrupt log backup is reduced. Each differential backup is backing
up all the changes to the database since the last full backup.
Disadvantages:
Like the incremental log backup, a full backup is needed as the starting point.
37

Backup
The backup window for a differential is longer than a transaction log backup. It
starts as being short (just after the full backup) and gets longer as more data is
changed.
+RZWKH%DFNXS,V7DNHQ
<
Offline
An offline backup is taken with the database and R/3 System down.
Advantages:
An offline backup is faster than an online backup.
During the backup, there is no issue with data changing in the database.
If the files are backed up at the same time, the related operating system files will be
in sync with the R/3 database.
Disadvantages:
R/3 is unavailable during an offline backup.
Buffers for R/3 and the database are flushed.
This process will impact performance until the buffers are populated.
<
Online
An online backup is taken with the database and R/3 running.
Advantages:
R/3 is available to users during a backup.
This is needed where the system is running and used 24 hours a day and seven days
a week.
The buffers are not flushed.
Since buffers are not flushed, once the backup is complete, there is no impact on
performance.
Disadvantages:
An online backup is slower than an offline backup (a longer backup time).
Backup time is increased because processes such as R/3 are running and competing
for system resources.
Online performance is degraded while the backup is running.
Data may change in the database while it is being backed up.
Therefore, the transaction logs become critical to a successful recovery.
Related operating system level files may be out of sync with the R/3 database.
If you are using online backups, the transaction logs are critical to successfully
recovering the database.
38
Release 4.6A/B

Backup
:KHQWKH%DFNXS,V0DGH
<
Scheduled
Scheduled backups are those that are run on a regular schedule, such as daily or weekly.
For normal operations, configure a scheduled backup. Automated backups should use
the DBA Planning Calendar (transaction DB13). This calendar provides the ability to set
up and review backup cycles. It also has the ability to process essential database checks
and update statistics. You can also set up CCMS to process the backup of transaction
logs.
Depending on the operating platform, backups and other processes configured here can
be viewed in the Batch Processing Monitors (transaction SM37). In general, the status of
the backups can be viewed using Backup Logs overview (transaction DB12).
<
On-demand
On-demand backup is done on an ad hoc basis. It is done before a major change to the
system, such as for an R/3 upgrade. Backups that are controlled directly by an operator,
or on-demand, can be performed either by the DBA Planning Calendar (transaction
DB13), at the database, or at operating system level.
Although the DBA Planning Calendar can schedule backups for periodic use, it can also
be used to perform an immediate backup. For an on-demand backup, it is more common
to use tools at the database level such as Enterprise Manager (Microsoft SQL Server) or
SAPDBA (Oracle and Informix).
Regardless of the chosen backup method, you should achieve the following goals:
<
Provide a reliable backup that can be restored.
<
Keep the backup simple.
<
Reduce the number of dependencies required for operation.
<
Provide the above items with little or no impact to business units.
%DFNXS6WUDWHJ\'HVLJQ
SAP provides tools under CCMS-DB Administration in R/3 to assist in implementing your
strategy. The DBA Planning Calendar (transaction DB13) is designed for scheduling backups.
The other tool, the CCMS Monitoring tool (transaction DB12), provides historical
information to review backup statistics and tape management information. At the operating
system or database level, there are additional tools you can use to administer backup and
restores. These tools include SQL Enterprise Manager (Microsoft SQL Server) and SAPDBA
(Oracle and Informix).
To design your backup procedures:
1. Determine the recovery requirements based on an acceptable outage.
It is difficult to define the concept of acceptable outage, because acceptable is
subjective and will vary from company to company. The cost of what is an outage
includes productivity loss, time, money, etc. spent on recovery. This cost should be
evaluated in a manner similar to insurance. (The more coverage you want, the more the
39

Backup
insurance will cost.) Therefore, the faster the recovery time requirements, the more
expensive the solution.
2. Determine what hardware, software and process combinations can deliver the desired
solution.
Review the section on performance to decide which method is best. Follow the Keep It
Simple (KISS) rule, but more importantly, make sure your method is reliable.
3. Test your backup procedures by implementing the hardware and reviewing the actual
run times and test results.
Ensure that you get results from all types of backup that could be used in your
environment, not just the ones you think might be used. This information will aid
further evaluation and capacity planning decisions and provide useful comparison
information as needed.
4. Test your recovery procedures by creating various failure situations.
Document all aspects of the recovery including the process, who should perform various
tasks, who should be notified, etc. Remember that a recovery will be needed when you
least expect it so be prepared. Testing is not a one-time event. It should occur regularly,
with additional tests as hardware or software components change.
6XSSOHPHQWDU\%DFNXSV
Supplementary backups are made on special days (month-end, year-end), so that you can
restore the database to a previous state.
*HQHUDO3URFHGXUHV
%DFNXS
The unattended backup is performed based on the backup frequency table. The scheduling
functionality of the R/3 CCMS is used to schedule the backup. In CCMS, the required tapes
can be listed by choosing theVolumes Needed button on the backup scheduling screen. Extra
backups, such as the monthly and yearly backup, should be performed offline.
7UDQVDFWLRQ/RJ%DFNXS
If transaction log backup is performed during normal system operation, there is no user
impact. You can also find the tapes needed by choosing Volumes Needed.
No special archiving is required for offline backup. (Since the backup is performed offline,
the database remains in a consistent state.)
9HULI\LQJ%DFNXSV
Backups must be verified following a regular schedule. Transaction DB13 and other backup
utilities provide buttons such as Verify Backup to perform this task. Unless the backup is
verified, you will not know that you have properly backed up everything onto tape.
310
Release 4.6A/B

Backup
([DPSOH
A backup of several files was done, but the append switch was not properly set for
second and later files. Consequently, rather than appending the files one after the other,
for each file, the tape was rewound and the backed up. The end result was that only the
last backed up file was on the tape.
File verify has to be done after all files have been backed up. If it was done after each file, it
would not detect that the previous file was erased.
0RQLWRULQJ&RQWUROOLQJ
For each system, after backing up the database and finishing the archives, all logs must be
printed and placed in the folder.
'DWDEDVH,QWHJULW\
An integrity check of the database must be performed in one retention period to ensure that
no corrupted blocks exist in the database. These blocks may go unrecognized during backup
(see the chapter written for your database for more information).
To avoid backing up a hidden, inconsistent database, the database must be checked at least
once during a retention period.
System
Frequency of DB Checks
DEV
QAS
PRD
Every 2 weeks
Every 2 weeks
Every week
5ROHVDQG5HVSRQVLELOLWLHV
Task
Role
Backup Database
Backup Archives
Verifying Backups
Monitoring/Controlling
Database check
Operator
Operator
Operator/DBA
Operator/DBA
DBA
311

Backup
'HVLJQ5HFRPPHQGDWLRQV
<
Database
Assuming the size of your database and backup window permits it, we recommend a
full database backup be taken every day. For databases that are too large for daily full
database backup, a full backup should be taken weekly.
<
Transaction Logs
Backing up the transaction logs is critical. If the filespace is used up, the database will
stop, which stops R/3.
Between 6:00 a.m. and 9:00 p.m., we recommend that you back up these logs at least
every three hours. A company with high transaction volume carries higher risk and
would increase the frequency accordingly, perhaps to every hour. Similarly, if you have
a Shipping department that opens at 3:00 a.m. and a Finance department that closes at
10:00 p.m., you would need to extend the start and end times.
<
Operating System Level Files

The frequency of the operating system level backup depends on the application. If these
files must be kept in sync with R/3, they must be backed up with the same frequency
and at the same time as the database and log backups. An option for a non-sync-critical
situation is to back up these operating system level files once a day.
$6WUDWHJ\&KHFNOLVW
It is important to set up a proper procedure to back up the valuable system information.
Procedures should be defined as early as possible to prevent possible data loss. Resolve the
following list of backup issues before you go live:
<
Decide how often to perform complete database backups
<
Decide whether partial or differential backups are necessary
<
Decide when to perform transaction log backups
<
Have the ability to save a days worth of logs on the server.
<
Provide ample disk space for the transaction log directory
<
Consider using DBA Planning Calendar (DB13) to schedule transaction log backups
<
Set the appropriate R/3, operating system, and database authorizations
<
Create a volume labeling scheme to ensure smooth operations
<
Decide on a backup retention period
<
Determine tape pool size (tapes needed per day retention + 20 percent)
Allow for growth and special needs.
<
Initialize tapes
<
Determine physical tape storage strategy
<
Decide whether to use unattended operations

If using unattended operations, decide where (in CCMS or elsewhere).
312
<
Document backup procedures in operations manual
<
Train operators in backup procedures
Release 4.6A/B

Tape Management
<
Implement a backup strategy
<
Perform a test restore and recovery
<
Define an emergency plan and determine who to contact in case of an emergency
%DFNXS3URFHGXUHVDQG3ROLFLHV
Backup policies and procedures should be defined as early as possible to prepare for
potential data loss during an implementation.
Some examples of policies and procedures are included below:
<
System Environment
In the three-system landscape, CCMS backs up and restores the software components.
(In the three-system landscape in this guidebook, DEV is a development system, QAS is
a quality assurance system, and PRD is a production system.)
<
Hardware Components
The hardware listed in the table below is to backup and restore the database and
transaction logs:
System Name
Backup Hardware
DEV
QAS
PRD
1 x DLT 7000 35/70 GB, 1 DDS-3 12/24

1 x DLT 7000 35/70 GB, 1 DDS-3 12/24
2 x DLT 7000 35/70 GB, 2 DDS-3 12/24
7DSH0DQDJHPHQW
7UDFNLQJDQG'RFXPHQWLQJ
To easily retrieve tapes from storage, you need to track and document them.
The issues are:
<
Labeling
<
Tracking
<
Handling
<
Retention requirement
/DEHOLQJ
Tapes should be clearly labeled using one of many labeling methods. Three simple methods
are described in the examples below. Two of these methods are used by R/3 and are
important if you use DB13 to schedule your backups. Third-party backup management
software may assign their own tracking number for the labels. In this case, you must use the
label specified by the software.
313

Tape Management
([DPSOH
This five-character naming convention is used by DB13 on Microsoft SQL Server 7.0. (see
SAP note 141118). Microsoft SQL server 6.5 had a different naming convention.
Each label has the following data:
<
What is backed up:

R = R/3 database or transaction log
M = msdb database
S = master database
C = combination
<
Type of backup:
L = transaction log
D = database
F = file
G = file group
+ = differential
<
Day of the month (01-31)
<
Parallel or Sequential backup (P or S)
RD06S
Sample Label:
R (R/3) + D (database) + 06 (6th day of the month) + S (sequential)

([DPSOH
This six-character naming convention is used by SAPDBA and BRBACKUP (Oracle).
<
System ID <SID>
<
What is backed up
B = database
A = log
O = operating system files
<
Sequence number of the tape
(This number is a sequential tape number, starting from 1 and is unrelated to the date.)
Sample Label:
PRDB25
PRD (Production db) + B (Brbackup/Database) + 25 (tape number 25)
314
Release 4.6A/B

Tape Management
([DPSOH
This method is more visual, where the length of the label name is less of a limitation.
<
System ID <SID>
<
What is backed up
db = database
tl = transaction log
os = operating system files
<
Day of the month
<
Multiple tape indicator for a single day (can be omitted if only one tape is used)
Sample Label:
PRD-db-06-a
PRD (Production database) + db (database) + 06 (6th day of the month) + a
(tape a, the first tape)
If DB13 is not used, for all of above naming conventions, additional codes can be used to
indicate additional types of files that are backed up.
In addition to the naming schemes, use a different color label for each system. A color
scheme is one more indicator to help identify the tape and reduce confusion.
An example of a color scheme is:
<
PRD = orange
<
<
QAS = green
DEV = white
7UDFNLQJ
Tapes should be logged to track where they are stored, so you can locate them when you
need them.
In addition to tracking and documenting tapes when tape locations change, tapes should be
tracked and documented when they are:
<
Used
<
Sent to offsite storage
<
Returned from offsite storage
<
Moved to a new location
To help you track and retrieve the offsite backup, log the:
<
Date of backup
<
Database
<
Tape number
315

Tape Management
<
<
Tape storage companys number

Some storage companies label the cartridges with their own tracking label, so that they
can track them internally to their system and facility.
OS level backup tape number
<
Date sent offsite
<
Date returned
The table below is an example:

Date
Volume
Label
Purpose
7/15/98
PRDB01
7/15/98
PRDO23
Notes
Storage
Company
Label
Out
Back
Database
X7563
7/15/98
7/30/98
Operating Sys
X7564
7/15/98
8/15/98
+DQGOLQJ
When you transport tape cartridges, carry them in a protected box to minimize damage and
potential data loss if they are accidentally dropped. The box should have foam cutouts for
each tape cartridge you use.
For a small company, an ideal tape collection device is a small or medium-sized plastic tool
box with a foam insert that has cutouts for each tape cartridge. Plastic is used because it is
nonmagnetic.
We recommend that you use two boxes. One box should collect the tapes to be sent offsite,
and a second box should contain the new backup tapes. The second box should be empty
when you finish changing tapes.
When changing tapes, to avoid confusion:
< Handle one tape cartridge at a time
< Follow the same procedure each time
To change tapes:
1. Remove the tape cartridge from the tape drive.
2. Insert it in the collection box.
3. Remove the next tape.
4. After all tapes have been removed, insert the new tapes in the drive in the same manner.
If you are using preinitialized tapes, you must use the correct tape for that day, or the
backup program will reject the tape. The backup program reads the tape header for the
316
Release 4.6A/B

Tape Management
initialization information (which includes the tape label name) and compares it to the next
label in the sequence.
Keep track which tape cartridges:
<
Have been used
<
Are to be sent offsite
<
Are to be loaded in the drives
It is easy to accidentally put the wrong tape cartridge in a drive and destroy the recent
backup or cause the next backup to fail.
When you initialize a tape, some programs write an expiration date on the tape. The tape
cannot be overwritten by that same program before the expiration date. However, it might
be overwritten by another program that ignores the tape header.
The next section discusses the importance of retention requirements.
5HWHQWLRQ5HTXLUHPHQWV
There are legal requirements that determine data retention. Check with your companys
legal department on complying with federal, state, and local data retention requirements.
Complying with these requirements should be discussed with your legal and finance
departments, external auditors, and consultants. The retention requirement should then be
documented.
The practical side of data retention is that you may be unable to realistically restore an old
backup. If the operating system, database, and the R/3 System have each been upgraded
twice since the backup, it is unlikely that the backup can be restored without excessive
costif at all.
Retention is related to your backup cycle. It is important to have several generations of full
backups and all their logs because:
<
If the database is corrupted, you will have to return to the last full backup before the
database corruption.
<
If the last full backup is corrupted, you will have to return to the previous full backup
before the corruption or disaster and roll forward using the backup of the logs from that
backup until the corruption.
How far back you go depends on the level of corruption.
<
Since R/3 is an online real-time system, to recover the database from a full database
backup, you must apply all the logs since that backup. If this is a significant amount of
time, the number of logs could be tremendous. Therefore, the number of logs you may
need to apply is a practical constraint to how far back you can recover.
317

Tape Management
5HFRPPHQGDWLRQV
<
If a full database backup is taken each day, we recommend that you keep at least two
weeks of backups and all the logs for these weeks.
<
If a full database backup is taken weekly, you should go back at least three generations.
<
The traditional three generations of backup are:

Grandfather
Father
Son
Store selected backup sets (month-end, quarter-end, year-end, etc.) for extended periods,
as defined by your legal department and auditors.
Tape Retention Period

Even if one tape (backup/archive) is damaged or lost, the tape retention period assures the
ability to recover the database.
System Name
Regular
Backup
DEV
QAS
PRD
14 days
14 days
31 days
Month-End
Backup
24 months
Quarter-End
Backup
2 years
Year-End
Backup
4 years
Archives
31 days
31 days
31 days
System administrators cannot determine tape retention periods on their own.

To determine the retention period, administrators must consult the departments that are
impacted, such as accounting and legal. There is room for some negotiation, but the
administrator must comply with the final decision. As a policy, this decision must be
written down.
6WRUDJH
2IIVLWH
:KDW
The offsite storage site is a separate facility (building or campus) from the R/3 data center.
:K\
An offsite storage safeguards the backups if your facility is destroyed.

:KHUH
The magnitude of the disaster will determine what is considered adequate protection:
<
Sending tapes to a separate location in the building or another building in the campus
will be sufficient.
If the disaster is confined to the building where the data center is located.
318
Release 4.6A/B

Tape Management
<
If the disaster is local or regional (for example, a flood or earthquake) adequate

protection means sending tapes to a distant location several hundred miles away.
Offsite data storage can be at a separate company facility or a commercial data storage
company.
The offsite data storage facility or vendor should have a certified data storage site. Data
tapes have different handling and storage requirements than paper.
Once the backup is complete, send the tapes offsite immediately. If there is a data center
disaster and the backup tapes are destroyed, you can only recover to the last full backup
that you have offsite. For log backups, it is critical to send the tapes offsite immediately. If
not, everything since this backup is lost.
2QVLWH
:KDW
Onsite storage means storing your data in the same facility as your data center.
+RZ
Tape cartridges should be properly stored, following the tape manufacturers storage
requirements.
The most difficult requirement to comply with is magnetic fields. The problem is
determining if there is a strong magnetic field near the tape storage location. A vacuum
cleaner motor or a large electric motor on the opposite side of the wall from where the data
tapes are stored can generate a magnetic field strong enough to damage tapes.
When storing tape cartridges, keep all related tape cartridges together. All the tapes used in
a daily backup should be considered as a set, comprising backups for:
<
Database
<
Logs
<
Operating system files
Tapes and files in a set need to be restored as a set. For example, if operating system files are
not restored with database and log files, the operating system files will not be in sync with
the database and critical information will be missing.
319

Performance
3HUIRUPDQFH
The most important performance target is the time required to restore the database. This
determines how long the R/3 system will be down and not available for use. With R/3
down, certain company operations may not occur.
Backup performance is important, especially if the system is global or used 24 hours a day.
When doing a backup, it is important to minimize the impact on users. The key is to reduce
backup time, which in turn reduces the impact on the users.
To increase performance:
1. Identify the bottleneck or device that is limiting the throughput.
2. Eliminate the bottleneck.
Repeat steps 1 and 2 until the performance is adequate or the additional cost is no longer
justified.
This iterative process is subject to cost considerations. Additional performance can always
be purchased, which is almost always a business cost justification exercise.
%DFNXS
All of the backup performance items that follow also apply to restoring the database.
There are three major variables that affect performance:
<
Database size
<
The larger the database, the longer it will take to back up.
Backup window
The backup window is the time allocated for you to take the regular backups of the
system. This window is driven by the need to minimize the impact on users.
An online backup
The backup window for this backup type is defined as the time when there are the
fewest users on the system and is usually done early in the morning.
An offline backup
The backup window for this backup type is defined by when and for how long R/3
can be brought down and is usually done during the weekend.
<
320
Hardware throughput
This variable limits how fast the backup can run and is defined by the slowest link in the
backup chain such as:
Database drive array
I/O channel that is used
Tape drive
Release 4.6A/B

Performance
%DFNXS2SWLRQV
Our backup options assume that the backup device is local to the database server. A backup
performed over a network will be affected by network topology, overhead, and traffic.
Rarely is the full capacity of the network available. If a backup is done over the network, it
will decrease performance for other network users. Although technically possible,
performing a backup over a network is beyond the scope of this guidebook.
%DFN8SWR)DVWHU'HYLFHV
All of the backup options attempt to eliminate the bottleneck at the backup device. The
backup device, usually a tape drive, is the throughput-limiting device.
The table below contains capacity and throughput values to help you plan tape drive
selection:
Type
Capacity (GB)
Rate (GB/hr)
(native/compressed)
(native/compressed)
DAT (DDS-2)
4 / 6.8
1.8 / 3.1
DAT (DDS-3)
12 / 20.4
3.6 / 6.1
DLT 4000
20 / 34
5.4 / 9.2
DLT 7000
35 / 60
18 / 30.6
DLT 8000
40/68
21.6/36.7
The compressed capacity values in this table assume the use of hardware compression and
use a more conservative 1.7x ratio, as opposed to the typical 2x compression ratio. The
actual compression ratio and rate depends on the nature of the file and how much it can be
compressed.
A 20 GB database with only 9 GB of data will only require 9 GB of tape space. As the
volume of data in the database increases, so will the tape space requirement. However, if
you are backing up at the operating system level, the entire file is being backed up.
Therefore, you will need to provide tape space for the entire 20 GB database.
As technology advances, and the capacity and throughput of tape drives increases, these
values will become obsolete. We recommend that you investigate what is currently available
at the time of your purchase.
Advantages:
Faster and larger capacity tape drives allow you to back up an entire database on a single
tape cartridge in a reasonable period of time (for example, a two-hour backup of a 60 GB
database to a DLT7000).
321

Performance
Disadvantages:
< A backup to a single tape drive is the slowest option.
<
Unless an automated changer or library is used, without manually changing the

cartridge, you are limited to the maximum capacity of the tape cartridge.
Not all databases and backup tools support tape changers or libraries; make certain that
these tools are compatible before purchasing them. For example, SAPDBA supports tape
changers, but Microsoft SQL Server Enterprise Manager and NT Backup do not.
3DUDOOHO%DFNXS
Backing up to multiple tape drives uses a RAID-0 (stripe) array, in which several tape drives
are written to in parallel. In certain environments, like Oracle, individual tablespaces or files
are simultaneously backed up to separate tape drives. Because you are writing to multiple
tape drives in parallel, total performance is significantly faster than if you were using a
single tape drive.
With sufficient tape drives in parallel, the bottleneck can be shifted from the tape drives to
another component. You must consider the performance of each subsystem when using tape
drives in parallel. This subsystem includes the tape drive(s), controller(s), CPU, and I/O
bus. In many configurations, a controller or bus is the limiting factor.
To restore a parallel backup, all the tapes in the set must be readable. If one tape is bad, the
entire backup set will not be usable. The more tapes you have in a set, the greater the chance
that one tape will be bad.
%DFNLQJ8SWR'LVNV7KHQWR7DSH
Advantages:
< For the database, this option is the fastest.
Under most situations, you can back up to disk faster than to tape.
<
This option allows you to make several identical backup copies (for example, one for
onsite storage and one for offsite storage).
<
Once the backup has been made to disk, R/3 System performance is minimally affected.
Because the tape backup is made from the disk copy, and not the live database, the
backup to tape is not competing with database activity for significant system resources.
<
During an onsite disaster recovery to the same equipment, the recovery can be done
from the on-disk backup.
Disadvantages:
< Significant additional disk space, up to the same amount of space as the database, is
required.
This additional space makes this option the most expensive, especially for a large
database.
<
322
Until the backup to tape is completed, you are vulnerable to a data center disaster.
Release 4.6A/B

Performance
<
In a major disaster recovery, you have to first restore the files to disk, then execute the
database recovery from the files on disk.
This process increases the time to recover the system.
There are other options available for a faster backup, such as the various High Availability
options, but these options are beyond the scope of this guidebook.
5HFRYHU\
The performance requirement for a recovery is more critical than for backup. Recovery
performance determines how quickly the system will be available for use and how soon
business can continue. The goal is to restore the database and related files to make the
system quickly available for general use. The longer this restore takes, the greater the impact
on your business.
5HVWRUH2SWLRQV
To increase database restore performance, all of the above database backup options are
valid. The option also exists to restore to a faster disk array with a higher data-write
throughput.
There are different ways to restore to a faster disk array:
<
Dedicated drives
In conjunction with parallel backups, restoring files and tablespaces to individually
dedicated disk drives makes the process faster. Because at any one time, only one
tablespace or file is written to the drive, you do not have head contention writing
another tablespace to the same drive.
<
RAID type
Mirrored stripe (RAID 0+1) is faster than RAID5, but this speed depends on the specific
hardware. In most cases, the task of computing the parity data for the parity drive
(RAID5) takes more time than it would to write all the data twice (RAID 0+1). This
option is expensive because the usable capacity is 50 percent of the total raw capacity
significantly less than RAID5:
RAID 0+1 = [single_drive_capacity (number_of_drives/2)]
RAID5 = [single_drive_capacity (number of drives 1)]
<
Drives with faster write performance
<
Drive array system with faster write performance
323

Useful SAP Notes
8VHIXO6$31RWHV
SAPNet R/3
Frontend
Note #
Description
0LFURVRIW64/6HUYHU
141118
New Scheduling calendar in the CCMS (DB13) SQL Server 7
102467
Online documentation for SQL Server with SAP
50990
DB-Backup/Restore of Microsoft SQL Server
142731
DBCC checks for SQL Server 7
28667
Microsoft SQL Specific Profile Parameters
128126
Database Connect for external tools
111372
Standby Database for Microsoft SQL 7.0
126808
Configuration Parameter for Microsoft SQL 7.0

2UDFOH
68059
SAPDBA - option -next with tablespace list
43499
All collective notes concerning DBA Tools
43491
Collective note: SAPDBA Command line options
43486
Collective note: General SAPDBA
43484
Collective note: General DBA
42293
SAPDBA - new command line option analyze
34432
ORA-00020: max number of processes exceeded
31073
SAPDBA - new command lines -next, -analyze
21568
SAPDBA: Warning: only one member of online redo
16513
File system is fullwhat do I do?
15465
SAPDBA - shrinking a tablespace
04754
Buffer synchronization in centralized systems
03807
Tablespace PSAPROLL, rollback segments too small
02425
Function of tablespaces/DBspaces on the database
01042
ORACLE TWO_TASK connect failed
324
Release 4.6A/B
&KDSWHU 6FKHGXOHG'DLO\7DVNV
&RQWHQWV
Overview ..................................................................................................................42
Critical Tasks...........................................................................................................43
The R/3 System .......................................................................................................44
Database ..................................................................................................................46
Operating System ...................................................................................................46
Other.........................................................................................................................47
Notes ........................................................................................................................47
The R/3 System .......................................................................................................48
Critical Tasks...........................................................................................................49
41
Chapter 4: Scheduled Daily Tasks

Overview
2YHUYLHZ
We have provided sample checklists that you may use and modify depending upon your
specific needs. The checklists provided for your convenience include:
< Critical tasks
42
<
R/3 System
<
Database
<
Operating system
<
Other
<
Notes
Release 4.6A/B

Critical Tasks
&ULWLFDO7DVNV
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
Chapter Procedure
Check that the R/3

System is up.
Check that daily
backups executed
without errors.
Check off/Initial
Log onto the R/3

System
DB12 Backup
Logs: Overview
13
Check database
backup.
Database backup
run time.
Check operating
system level
backup
Operating system
backup run time.

43

The R/3 System
7KH56\VWHP
Task
Transaction
Chapter
Procedure
Check that all application servers

are up.
SM51 SAP
Servers
16 & 10
Check that all servers

are up.
Check the CCMS alert monitor

(4.0+).
RZ20
CCMS
Monitor (4.0)
10
Check work processes (started

from SM51).
SM50
Process
Overview
Look for any failed updates

(update terminates).
SM13
Update
Records
16 & 10
10
Check off/Initial
Look for alerts.
All work processes

with a running or a
waiting status
< Set date to one year
ago
< Enter * in the user
ID
< Set to all updates
Check for lines with
Err.
Check system log.
SM21
System Log
10
Set date and time to

before the last log
review.
Check for:
< Errors
< Warnings
< Security messages
< Abends
< Database problems
< Any other different
event
Review for cancelled jobs.
Check for old locks.
44
SM37
Select
Background
jobs
16
SM12 Lock
entry list.
10
Enter an asterisk (*) in

User ID.
Verify that all critical
jobs were successful.
Enter an asterisk (*) for
the user ID.
Release 4.6A/B

The R/3 System
Task
Transaction
Chapter
Procedure
Check off/Initial
Check for entries for

prior days.
Check for users on the system.
SMO4
Users
10
Review for an
unknown or different
user ID and terminal.
This task should be
done several times a
day.
AL08 - Users
Check for spool problems.
SP01 Spool:
Request
Screen
14
Look for spool jobs that

have been in process
for over an hour.
Check job log.
SM35 Batch
input: Initial
Screen
16
Check for:
Check work processes.
SM50/SM51 Processes
16 & 10
Review and resolve dumps.
ST22 ABAP
Dump
Analysis
10
Review workload statistics.
STO3
Workload:
Analysis of
<SID>
19
Review buffer statistics.
ST02 Tune
Summary
19
< New jobs

< Incorrect jobs
Look for an excessive

number of dumps.
Look for dumps of an
unusual nature.
Look for swaps.
45

Database
'DWDEDVH
Task
Where
Review error log for problems.
AL02
Database (DB)
alert
ST04 DB
Performance
Analysis
Chapter Procedure
Check off/Initial
13
2SHUDWLQJ6\VWHP
Task
Transaction
Chapter
Review system logs for

problems.
AL16 OS
Alerts
15
OS06 OS
Monitor
15
Review operating
system log
NT system log
15
Look for any errors or

failures.
NT system log
15
Check for failed logon

attempts to the SAP
servers.
NT application
log
15
Look for errors or

failures.
Review NT system logs for

problems.
46
Procedure
Check off/Initial
Release 4.6A/B

Other
2WKHU
Task
Where
Chapter
Check the uninterruptible power

supply (UPS).
UPS
program log
15
Procedure
Check off/Initial
Review for:
< Events
< UPS self test
< Errors
1RWHV
Problems
Action
Resolution
47

The R/3 System
System: __________
Date: ____/____/____
Admin: _____________________
7KH56\VWHP
These tasks are done several times a day.
Task
Transaction
Look for any failed updates

(update terminates).
SM13 Update
Records
Chapter
10
Procedure
Check
off/Initial
< Set date to one year ago

< Enter * in the user ID
< Set to all updates
Check for lines with Err.
Check System Log
SM21- System Log
10
Set date and time to before the

last log review.
Check for:
< Errors
< Warnings
< Security messages
< Abends
< Database problems
Any other different event
Review for cancelled and

critical jobs
SM37 Select
Background jobs
16
Enter * in User ID
Verify that all critical jobs were
successful.
Review any cancelled jobs.
Check users on system
RZ01 Graphical
job monitor
16
Same as for SM37.
SM04 Users
10
Review for an unknown or

different user ID and terminal.
This task should be done several
times a day.
AL08 Users
48
Release 4.6A/B

Critical Tasks
&ULWLFDO7DVNV
There are a few critical tasks that should be completed every morning. These tasks answer
the following questions:
< Is the R/3 System running?
<
Did the backups execute and complete successfully?
If the answer to either question is no, then the situation must be resolved quickly because:
<
If the R/3 System is down, no work can be done.
<
If the backups failed, and a disaster occurs, you could lose all the data since your most
recent good backup.
9HULI\WKDW5,V5XQQLQJ
Your first task of the day is to perform a high-level check to see if the R/3 System is
running.
:K\
If the system is not running, your users will be calling to find out what happened and when
the system will be up again.
As a basic level check, if you can connect to the R/3 System, the following questions are
answered:
<
Is the R/3 System working?
<
Is the network between you and the R/3 System working?
+RZ
From a workstation, log on with the SAP GUI. If you can log on, the test is successful.
9HULI\WKDWWKH%DFNXSV5DQ6XFFHVVIXOO\
:KDW
You need to verify that the backups that were supposed to run last night, ran successfully.
Backups of the R/3 database and related nondatabase operating system level files are
essential to recover the R/3 System.
Types of nondatabase files include:
<
Database log dumps
<
Data files for third-party applications that do not store their data in the system
Examples of such files are external tax files.
<
Transport files
<
Inbound and outbound interface files
<
Externally stored print files
49

Critical Tasks
:K\
If there is a problem with any of the backups, the problem needs to be quickly resolved. If a
database failure occurs that requires a restore, and the last backup failed, you will have to
recover using the last successful backup. If you do not have a good (usable) backup, you
will have to go to an older backup. This process requires applying more logs the further
back you go and increases the time required to restore the database and bring it current.
Once the problem has been fixed, if it does not significantly impact performance, execute an
online backup. Even if it impacts performance, your company may make it policy to run the
online backup. This step gives you a more recent backup.
At the operating system level, some of these files may need to be in sync with the R/3
database. Restoring the R/3 System without these files results in an incomplete (unusable)
restore (for example, external tax files that need to be in sync with the system data or the tax
systems reports will not match the R/3 reports).
:KHQ
These critical tasks need to be done first thing in the morning. If there is a graveyard
operations shift, the backup check should be done once the backup job is complete. The
graveyard shift is the third shift of the day and is typically from 10:00 p.m. to 7:00 a.m.
Any failed backup must be immediately investigated and resolved. Do not maintain a we
will just run the backup again tonight and see if it works attitude. If that backup fails, you
have another day without a backup.
In chapters 48, we have included a list of transactions like the one below. This list contains
basic information about the transactions in the checklist. For additional information on these
transactions, see the chapter referenced in each checklist.
8VHUV7UDQVDFWLRQ$/
:KDW
This transaction displays all the users who are currently logged on to the system. It shows
both the users ID and terminal name.
:K\
In a smaller company, the administrator can recognize user IDs logged on to unfamiliar
terminals. This step may indicate that someoneother than the designated useris using
that user ID. A user is logged on to more than one terminal may indicate that the user ID is
being used or shared by more than one person.
410
Release 4.6A/B

Critical Tasks
260RQLWRU7UDQVDFWLRQ26
:KDW
The system logs are where the operating system and some applications write event records.
Depending on the operating system, there may be multiple logs.
:K\
There may be indications of a developing problem (for example, a hard drive generating
errors or a failing drive that needs to be replaced).
6HOHFW%DFNJURXQG-REV*UDSKLFDO-RE0RQLWRU7UDQVDFWLRQ
605=
:KDW
Background jobs are batch jobs scheduled to run at specific times during the day.
:K\
If you are running critical jobs, you need to know if the job failed, because there may be
other processes, activities, or tasks that are dependent on these jobs.
&&06$OHUW0RQLWRU7UDQVDFWLRQ5=
:KDW
Transaction RZ20 is a centralized alert monitor and is new with Release 4.0. With this
transaction, you can monitor the servers in your landscape, such as development, QA,
testing, production, etc. You no longer have to individually log into each system to search
for alerts. If there is an alert, the monitor will link to many of the other transactions later in
this chapter.
:K\
An alert indicates a potentially serious problem that should be quickly resolved. If not
contained, these problems could degenerate into a disaster.
8VHUV7UDQVDFWLRQV60
:KDW
These transactions display all the users who are currently logged on to the system and show
the users ID and terminal name.
:K\
terminals, indicating that someoneother than the designated useris using that user ID.
411

Critical Tasks
A user logged on to more than one terminal indicates that the user ID is being:
<
Used by someone else
<
Used or shared by several people
/RFN(QWU\/LVW7UDQVDFWLRQ60
:KDW
A lock is a mechanism that prevents other users from changing the record on which you are
working. An example that illustrates the importance of using this function follows.
([DPSOH
You are changing a customer mailing address. Someone else is changing the customers
telephone number at the same time. You save your change first; then the other person
saves their change. The other persons change overwrites your change, and your change
will be lost.
:K\
There may be old locks still in place from transactions that did not release, or from when the
user was cut off from the network. Unless cleared, these locks prevent access or change to
the record until the system is cycled. The easiest way to locate them is to look for locks from
prior days.
We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter
defines an automatic logout of the user if there is no activity for the set number of minutes.
8SGDWH5HFRUGV7UDQVDFWLRQ60
:KDW
A failed update, or an update terminate, is an update to the failed database. These failed
updates occur when a user entry or transaction is not entered or updated in the database.
The following analogy should help clarify this concept:
1. A secretary gives a file clerk a folder (similar to a save).
2. The file clerk gives the secretary a receipt (similar to the R/3 document number).
3. On the way to the file cabinet, the clerk falls, and gets hurt.
The folder in not put into the cabinet (this is the failed update).
4. The end result is the folder is not in the cabineteven though the secretary has the
receipt.
For performance reasons, the database update is done in asynchronous mode. In this mode,
the user continues to work while the system takes over the update process and waits for the
412
Release 4.6A/B

Critical Tasks
database update to complete. In synchronous mode, users would have to wait until the
database successfully updated before they could continue to work.
:K\
The users probably received a document number, so they assume that the entry is in the
system; however, if a failed update occurred, the entry is not in the system. In a customer
order, unless the order is reentered, the customers would not get their order and no trace of
it would be found in the system!
6\VWHP/RJ7UDQVDFWLRQ60
:KDW
The system log is the R/3 Systems log of events, errors, problems, and other system
messages.
:K\
The log is important because unexpected or unknown warnings and errors could
indicate a serious problem.
%DWFK,QSXW7UDQVDFWLRQ60
:KDW
This transaction shows jobs that need to be processed or started, and jobs with errors that
need to be resolved.
:K\
This transaction is important because it alerts you to batch input jobs that are:
<
New
These are jobs that are waiting to be processed (for example, a posting from an interface
file). If not processed, the data will not post to the system.
<
Incorrect
These are jobs that have failed due to an error. The danger is that only a portion of the
job may have posted to the system. This increases the potential for data corruption of a
different sort, as only part of the data is in the system.
413

Critical Tasks
:RUN3URFHVVHV7UDQVDFWLRQV60DQG60
:KDW
These transactions allow users to view the status of work processes and monitor for
problems. Transaction SM51 is a central transaction from which you can select the instance
to monitor. SM51 starts transaction SM50 for each application server. Transaction SM50 is
used for systems without application servers.
:K\
Transaction SM51 is one place to look for jobs or programs that may be hung, (indicated
by long run times). If batch jobs are not running, if all the batch work processes are in use,
transaction SM50 may provide a hint of the problem.
6SRRO7UDQVDFWLRQ63
:KDW
The spool is the R/3 Systems output manager. Data sent to the printer is sent to the R/3
spool and then sent to the operating system to print.
:K\
There may be problems with the printer at the operating system level. These problems need
to be resolved immediately for time-critical print jobs (for example, checks, invoices,
shipping documents, etc.) or there may be an operational impact.
Active spool jobs that have been running for over an hour could indicate a problem with the
operating system spool or the printer.
7XQH6XPPDU\7UDQVDFWLRQ67
:KDW
The buffer tune summary transaction displays the R/3 buffer performance statistics. It is
used to tune buffer parameters of R/3 and, to a lesser degree, the R/3 database and
operating system.
:K\
The buffer is important because significant buffer swapping reduces performance. Look
under Swaps for red entries. Regularly check these entries to establish trends and get a feel
of the buffer behavior.
:RUNORDG$QDO\VLVRI6,'!7UDQVDFWLRQ67
:KDW
Workload analysis is used to determine system performance.
414
Release 4.6A/B

Critical Tasks
+RZ
Check statistics and record trends to get a feel for the systems behavior and performance.
Understanding the system when it is running well helps you determine what changes may
need to be made when it is not.
'DWDEDVH3HUIRUPDQFH$QDO\VLV7UDQVDFWLRQ67
:KDW
A high-level database performance monitor.

:K\
This transaction provides the ability to:

<
Monitor the database in relation to:

Growth
Capacity
I/O statistics
Alerts
<
Drill down for additional information.
<
Monitor the database without logging on to it.
$%$3'XPS$QDO\VLV7UDQVDFWLRQ67
:KDW
An ABAP dump (also known as a short dump) is generated when a report or transaction
terminates as the result of a serious error. The system records the error in the system log
(transaction SM21) and writes a snapshot (dump) of the program termination to a special
table. This transaction can also be called from the system log (transaction SM21).
:K\
You use an ABAP dump to analyze and determine why the error occurred, and take
corrective action.
415

Critical Tasks
416
Release 4.6A/B
&KDSWHU 6FKHGXOHG:HHNO\7DVNV
&RQWHQWV
The R/3 System .......................................................................................................52
Database ..................................................................................................................53
Other.........................................................................................................................53
Notes ........................................................................................................................54
51
Chapter 5: Scheduled Weekly Tasks

The R/3 System
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
Check database for free space.
DB02 DB
Performance:
Database
Allocation
13
Record free space.
Monitor database growth.
DB02 DB
Performance:
Database
Allocation.
13
Record database space

history.
Check spool for problems and

that spool is properly cleared.
SP01 - Spool
14
Transport into PRD.
STMS, or TP
17
TemSe Consistency check
SP12
Review Security Audit Log.
SM20
52
Chapter Procedure
Column Title
All properly approved

transports imported into
PRD.
Delete inconsistencies.
Release 4.6A/B

Database
'DWDEDVH
Task
Where
Chapter
Procedure
Check off/initial
DBCC
13
Check output from

DBCC job for errors
(SQL Server).
Run MS-SQL server update

statistics.
13
Check for successful

completion of update
stats job.
2SHUDWLQJ6\VWHP
Task
Where
Check file system for adequate

space.
RZ20 CCMS Alert
Chapter Procedure
10
Check
off/initial
Review space usage

and that sufficient
free space exists in
the file systems.
Files system
2WKHU
Task
Where
Check system monitoring systems

for update.
System monitor
15
Review for any

events that should
be added or deleted.
Check system monitor alert

mechanisms.
System monitor
15
Test e-mail.
Clean tape drive.
Tape drive
Chapter
Procedure
Check
off/initial
Test paging.
15
Clean using cleaning

cartridge.
53

Notes
1RWHV
Problem
Action
Resolution
'DWDEDVH3HUIRUPDQFH7UDQVDFWLRQ'%
:KDW
This screen provides a way to examine database allocation.

:K\
This transaction allows you to monitor items such as:

<
DB space history
<
DB Analysis
From this screen, you can view database history by dates and times.
&&06$OHUW0RQLWRU7UDQVDFWLRQ5=
:KDW
Transaction RZ20 is a centralized alert monitor and is new with Release 4.0. With this
transaction, you can monitor the servers in your landscape, such as development (DEV),
quality assurance (QAS), testing, production (PRD), etc. You no longer have to individually
log into each system to search for alerts. If there is an alert, the monitor will link to many of
the other transactions later in this chapter.
:K\
contained, these problems could degenerate into a disaster.
6SRRO7UDQVDFWLRQ63
:KDW
The spool is the R/3 Systems output manager. Data sent to the printer is first sent to the
R/3 spool and then to the operating system to print.
54
Release 4.6A/B

Notes
:K\
shipping documents, etc.) or there may be an operational impact. You should check for
active spool jobs that have been running for over an hour. These long-running jobs could
indicate a problem with the operating system spool or the printer.
7HP6H7UDQVDFWLRQ63
:KDW
A TemSe (Temporary Sequential) database consistency check compares data in TST01

(TemSe objects) and TST03 (TemSe data) tables. TemSe contains temporary objects such as
job logs, spool requests, tests for workflow, batch input logs, and personnel administration
temporary data. Report RSTS0020 performs the consistency check.
:K\
The relationship between the object and data in the TemSe may be destroyed as a result of:
<
Restore from backups
<
Copying databases
<
Copying clients using improper tools
<
Deleting clients without first deleting their objects
7UDQVDFWLRQ67067066\VWHP
:KDW
This transaction helps you perform transports.

:K\
To move objects and configuration between systems or clients in the production pipeline. A
transport starts in DEV, is transported to QAS where it is tested, and is finally moved into
PRD.
55

Notes
56
Release 4.6A/B
&KDSWHU 6FKHGXOHG0RQWKO\7DVNV
&RQWHQWV
The R/3 System .......................................................................................................62
Database ..................................................................................................................62
Other.........................................................................................................................64
Notes ........................................................................................................................65
61
Chapter 6: Scheduled Monthly Tasks

The R/3 System
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
Chapter
Defragment the memory
Procedure
Check
off/initial
Cycle the R/3

System.
'DWDEDVH
Task
Transaction
Plot database growth.
DB02DB
Performance:
Tables
62
Chapter Procedure
13
Check off/initial
Record usage and plot.
Release 4.6A/B

Operating System
2SHUDWLQJ6\VWHP
Task
Backup file server.
Review file system usage.
Where
Chapter
13
Procedure
Check
off/initial
Perform a full server

backup.
Record file system
usage. Plot usage.
Is additional storage
space needed?
Is house cleaning
needed?
63

Other
2WKHU
Task
Check consumable supplies.
Where
Chapter
16
Procedure
Check off/initial
Spare tape cleaning

cartridge available for
all tape drives.
< DAT
< DLT
Spare tape cartridges
available for all drive
types.
< DAT
DLT
Spare data cartridges
available for removable
media devices:
< Zip
< MO (MagnetoOptical)
< CD (Recordable)
Preprinted forms:
< Shipping
documents
< Invoices
< Checks
Special supplies, such
as magnetic toner
cartridge.
Normal supplies:
< Laser printer toner
< Paper (for printers)
< Batteries
< Diskettes
< Pens, and so on
64
Release 4.6A/B

Notes
1RWHV
Problem
Action
Resolution
In chapters 4-8, we have included a list of transactions like the one below. This list contains
'DWDEDVH3HUIRUPDQFH7UDQVDFWLRQ'%
:KDW
This screen provides a way to examine database allocation.

:K\
This transaction allows you to monitor items such as:

<
DB space history
<
DB Analysis
From this screen, you can view database history by dates and times.
65

Notes
66
Release 4.6A/B
&KDSWHU 6FKHGXOHG4XDUWHUO\7DVNV
&RQWHQWV
The R/3 System .......................................................................................................72
Database ..................................................................................................................73
Other.........................................................................................................................74
Notes ........................................................................................................................74
71
Chapter 7: Scheduled Quarterly Tasks

The R/3 System
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
Chapter Procedure
Archive quarterly backup
Security review
Review scheduled jobs
72
Check off/Initial
Send quarter-end backup

tapes to long-term offsite
storage.
SU01User
Maintenance
12
Review user ID for

terminated users that
should be locked or
deleted.
SM31Table
Maintenance
19
Review list of
prohibited passwords
(Table USR40).
RZ10Edit
System Profile
20
Review system profile

parameters for password
standards.
SM37
Background
Jobs
16
Review all scheduled

jobs to determine if they
are still appropriate.
Release 4.6A/B

Database
'DWDEDVH
Task
Where
Review all scheduled jobs
SM37
Test database recovery process
Chapter
Procedure
Send quarter-end
backup tape to longterm offsite storage.
16
Review all
scheduled jobs to
determine if they are
still appropriate.
2&3
Restore database to
a test server.
Check
off/Initial
Test the restored

database.
2SHUDWLQJ6\VWHP
Task
Where
Archive old transport files.
Transport
directories; log,
data, cofiles
Cleanup SAPDBA logs (Oracle)
SAPDBA cleanup
Chapter
Procedure
Send quarter-end
backup tape to longterm offsite storage.
15
Archive the old

transport files.
Check
off/Initial
Maintain
init<SID>.dba
73

Other
2WKHU
Task
Where
Procedure
Check maintenance contacts
Check off/Initial
Check for expiration

date.
Check for usage
changes.
1RWHV
Problem
Action
Resolution
In chapters 4-8, we have included a list of transactions like the ones below. This list contains
(GLW6\VWHP3URILOH3DUDPHWHUV7UDQVDFWLRQ5=
:KDW
There are security parameters for the users password (for example, the minimum password
length, the time interval that the user must change their password, and so on).
The following is a list of the most important password parameters:
74
<
Minimum password length: login/min_password_lng

A longer password is more difficult to break or guess.
The standard for many companies is five (5) characters.
<
Password expiration time: login/password_expiration_time

This is the length of time before the user must change their password.
The length of time that auditors recommend is thirty (30) days.
The maximum that should be used is ninety (90) days.
<
Password lockout: login/fails_to_user_lock

This parameter locks out users after attempting to log in with an invalid password for a
defined number of times.
The standard is to lock a user after three (3) failed attempts.
Release 4.6A/B

Notes
:K\
Properly assigned parameters will make it more difficult to break into the system.
6HOHFW%DFNJURXQG-REV7UDQVDFWLRQ60
:KDW
:K\
If you are running critical jobs, you need to know if the job failed because there may be
other processes, activities, or tasks that are dependent on these jobs.
8VHU0DLQWHQDQFH7UDQVDFWLRQ68
:KDW
The lock/unlock function is part of the logon check, which allows or prevents the user from
logging onto the R/3 System. For terminated users, the users ID should be locked and the
user assigned to the user group term.
:K\
<
Locking a user
If an employee leaves the company, is assigned to a different group, or is on leave, their
R/3 access should be removed. With the lock function, the users ID and security profile
remain on the system but the user cannot log on. This function is ideal for temporary
personnel or consultants where, unless the access is required, the user ID remains
locked.
<
Unlocking a user
If users incorrectly log on more that the allowed number of times, they are automatically
locked out of the system. (An incorrect logon is usually the result of a forgotten
password.) The administrator must unlock the user ID and more than likely reset the
users password.
75

Notes
76
Release 4.6A/B
&KDSWHU 6FKHGXOHG$QQXDO7DVNV
&RQWHQWV
The R/3 System .......................................................................................................82
Database ..................................................................................................................83
Other.........................................................................................................................84
Notes ........................................................................................................................84
81
Chapter 8: Scheduled Annual Tasks

The R/3 System
7KH56\VWHP
System: __________
Date: ____/____/____
Admin: _____________________
Task
Transaction
Chapter
Procedure
Archive year-end backup.
Send year-end backup

tapes to long-term
offsite storage.
Audit user security.
11
Review users security

authorization forms
against assigned
profiles.
Check off/Initial
Can also be done with

report RSUSR100
SU02 Security
Profile
Maintenance
11
With report RSUSR101
SU03 Security
Authorization
Maintenance
11
With report RSUSR102
Run SAP user audit reports.
SA38 (or SE38)

Execute
ABAP program
11
Run user audit reports.
Check that the system is set to

Not modifiable.
SE03
Workbench
Organizer Tools
11
Verify that system is set

to Not modifiable.
SCC4
Clients:
Overview
11
Check changeable status

for applicable client
Audit profiles and

authorizations.
Review segregation of duties.
Audit user IDs SAP* and

DDIC.
82
Release 4.6A/B

Database
Task
Transaction
Check locked transactions
SM01
Transaction
codes:
Lock/Unlock
Chapter
11
Procedure
Check off/Initial
Check against your list

of locked transactions.
'DWDEDVH
Task
Where
Archive year-end backup
Chapter
3
Procedure
Check
off/Initial
Send year-end
backup tapes to
long-term offsite
storage.
2SHUDWLQJ6\VWHP
Task
Archive year-end backup
Where
Chapter
3
Procedure
Column
Title
Send year-end
backup tapes to
long-term offsite
storage.
83

Other
2WKHU
Task
Where
Perform disaster recovery.
Chapter
Procedure
Check
off/Initial
2&3
Restore entire
system to disaster
recovery test system
Test business
resumption
1RWHV
Problem
Action
Resolution
7UDQVDFWLRQ6$6(
:KDW
All users who have left the company should have their R/3 access terminated immediately.
By locking or deleting these user IDs, you limit access to only those users who should have
access to R/3. Periodic review assures the task of locking or deleting has been completed.
:K\
Proper audit control requires that a user who no longer has a valid business need to access
R/3 should not be allowed to keep that access.
Deleting or locking these user IDs also prevents anyone who had been using the terminated
user ID from accessing the system under that ID.
7UDQVDFWLRQ6(6&&
:KDW
There are switches that prevent changes from being made in the system. In the production
system, these should be set to Not modifiable.
84
Release 4.6A/B

Notes
The purpose of setting the production system to Not modifiable is to make sure that changes
are made using the development pipeline.
In the development pipeline, changes are:
1. Created in the development system
2. Tested in the development system
3. Transported from the development system to the test system
4. Tested in the test system
5. Transported from the test system to the production system
Using this procedure, changes are properly tested and applied to the systems in the
pipeline.
:K\
Objects should not be modifiable in the quality assurance or production systems. This rule is
to protect the production system from object and configuration changes being made,
without first being tested. By setting the production system to Not modifiable, the integrity of
the pipeline is preserved.
7UDQVDFWLRQ60
:KDW
Dangerous transactions are transactions that could do the following:

<
Damage or corrupt the system
<
Present a security risk
<
Adversely impact performance
:K\
<
If a user accidentally accesses these transactions, they could corrupt or destroy the R/3
System.
Access to dangerous transactions is more critical in the production system than the
development or test systems. This is because of live data and the fact that the companys
operations are dependent on the R/3 System.
<
Certain transactions should be locked in the production system, but not in the
development, test, or training systems.
Standard security normally prevents access to these transactions. However, some
administrators, programmers, consultants, and functional key users could have access to
the transactions depending on the system they are on. In these cases, the transaction lock
provides a second line of defense.
There are over 48,000 English transaction codes in the R/3 System. To make it manageable,
only the critical ones need to be locked. Your functional consultants should supply you with
any additional critical transactions in their modules.
85

Notes
86
Release 4.6A/B
&KDSWHU 0XOWL5ROH7DVNV
&RQWHQWV
Starting the R/3 System..........................................................................................92
Stopping the R/3 System........................................................................................95
91
Chapter 9: Multi-Role Tasks

Starting the R/3 System
6WDUWLQJWKH56\VWHP
To start the R/3 System in a productive environment:
1. Start the operating system (if required).
2. Check the operating system logs to verify a good start.
3. Start the database.
This step is optional because starting the R/3 System also starts the database.
However, manually starting the database allows you to review the database log before
starting the R/3 System.
<
NT/SQL:
If not automatically started, use the SQL Server Service Manager to start
the database.
<
NT/Oracle:
If not automatically started, use SAPDBA to start the database.
<
UNIX:
At the command prompt, enter startsap db.
4. Check the database logs to verify a good start.

5. Start R/3 on the central instance.
<
NT:
<
UNIX: At the command prompt, enter startsap r3.
Use the SAP Management Console.
To start the R/3 System, at the restart, wait for 60 seconds before you change the servers
clock. This step makes it easier to read the system log. For example, the last stop entry is
19:26:xx and the first start entry is 19:27:xx, where time is reported as hh:mm:ss.
6. Check the R/3 System log (SM21) to verify a good start.
Problems at this point may require you to cycle (stop and start) the system.
7. Start R/3 on the application instances.
The application servers would be started any time after step 2.
8. Check the R/3 System log.
92
Release 4.6A/B

6WDUW517
1. On the NT desktop, double-click
SAP R3 Management Console.
2. Click on the nodes (+) to drill down

to the <servers>.
Start the Central Instance (on the
database server).
3. Right click on the <database server>

(for example, pa100767), and
choose Start.
4. The following two items indicate

that the database instance has
started and that R/3 has completed
the start process:
a. The status indicators for the
database server change color to
green.
4a
4b
b. The Status for both processes

indicates Running.
Wait a few minutes because startup
activity is still occurring on the
server.
Tools such as QuickSlice and Perfmon allow you to monitor the activity of the server and
know when it is OK to logon to the system.
93

The steps below are applicable only if

you have an application server:
Start the dialog instance (on the
application server).
to the <application server> (for
example, pal002840), and choose
Start.
2. The following two items indicate

that the database instance has
started and that R/3 has completed
the start process:
a. The status indicators for the
application server change color
to green.
b. The Status for the process
indicates Running.
2a
2b
3. Wait a few minutes because startup

activity is still occurring on the
server.
94
Release 4.6A/B

Stopping the R/3 System
6WRSSLQJWKH56\VWHP
<
When you stop R/3, coordinate and plan this stoppage with all users or their
representatives.
<
Stopping a system at your convenience is unprofessional and usually causes

considerable operational issues with users who need (and expect) the system to be up
and running.
6WRS5&KHFNOLVW
Task
Date
Initial
The following tasks must be completed well before the R/3

System is stopped:
Coordinate the shutdown with all affected parties, such as:
< Finance
< Shipping
< Sales
< Other
Reschedule/cancel jobs that would be running or starting
during the scheduled shutdown (SM37).
Create a system message announcing the planned shutdown
(SM02).
The following tasks must be completed before the R/3
System is stopped:
Check that there are no active users on the system (SM04 and
AL08).
Check that there are no active background jobs running
(SM37).
Check for active processes (SM50 and SM51).
Check for active external interfaces.
To stop the R/3 System:
Stop the application server instance(s).
Stop the central instance.
Stop the database (optional).
95

7DVNVWR%H&RPSOHWHG%HIRUH6WRSSLQJWKH6\VWHP
<
Coordinate the shutdown with all effected parties.

If an organization has planned to do something and expects the system to be
operational, they may or may not be able to reschedule. You may have to reschedule
your shutdown around them and shutdowns are usually negotiated activities.
([DPSOH
An IT person in a company rebooted a server in the middle of the day without telling
anyone. He had a date that evening and did not want to stay late. The CFO said,
Yeah, hell have a date with the unemployment line.
Before stopping the system, there are several checks that need to be made. The purpose
is to determine that there is no activity on the system when the system is stopped.
Certain activities (such as a large posting job), if interrupted, could have some
transactions posted and some not yet posted. Recovery could then become an issue.
If you are the cause of the emergency, be prepared to take the consequences.
An example of an emergency is not monitoring the file system, having it fill up, which
results in stopping R/3.
<
Reschedule or cancel jobs that will be running or starting during the scheduled
shutdown.
Check SM37 for these jobs and cancel or reschedule them to run after the shutdown.
Watch for repeating jobs, such as daily or weekly jobs.
These jobs are not created until the job for the prior period (day, week, etc.) has run.
In other words, a daily job cannot exist several days in advance.
<
Create a system message announcing the planned shutdown.
<
Emergency or priority shutdowns (for example, file system full, log full, equipment
failure, etc.) are a different matter.
In these instances, you need to shutdown immediately and users need to accommodate
you. There may be littleif anynegotiating.
6\VWHP0HVVDJH60
:KDW
A system message is a popup that users see when they first log on to the R/3 System. This
window appears after a new message has been created or when users move between
screens.
96
Release 4.6A/B

*XLGHG7RXU
In the Command field, enter transaction SM02 and choose Enter

(or from the SAP standard menu, choose Tools Administration Administration
SM02-System messages).
Choose
Create.
In System message text, enter your

message.
If you are only shutting down one
server, you may also enter text in
the Server field. To enter this text,
choose
and select the instance
on which the message should
appear.
In Expiry on, enter the messages
expiration date and time.
Choose
4
5
6
.
When referencing the time for the shutdown, always enter the specific time, time zone, and
date (for example, 0230 PDST-MonJun 8,1998). Entering vague information, such as in 15
minutes creates possible confusion as to when and where an event has been scheduled.
Some examples of confusion that may arise include:
<
15 minutes (from when?)
<
0230 (where? Corporate offices or where the user is?)
<
6:00 (a.m. or p.m.?)
<
Monday (of which week?)
97

The message in the status bar

indicates that your message has
been saved.
This screen shows the message as

the user would see it.
98
Release 4.6A/B

&KHFNWKDW1R$FWLYH8VHUV$UHRQWKH6\VWHP$/60
*XLGHG7RXU
For a system without application servers:

1. In the Command field, enter SM04 and choose Enter
(or from the SAP standard menu, choose Tools Administration Monitor System monitoring
SM04-User overview).
2. Contact the users and have them
log off.
3. If users cannot be contacted, delete
their session as described in
chapter 12, Deleting a Users
Session.
99

For systems with application servers:

1. In the Command field, enter AL08 and choose Enter
(or from the SAP standard menu, choose Tools CCMS Control/Monitoring Performance menu
Exceptions/users Active users AL08-Users global).
2. Scroll down the transaction screen
to see all the servers in the system
and the users on those servers.
3. Contact the users to have them log
off.
4. If the users cannot be contacted,
delete their session as described in
chapter 12, Deleting a Users
Session.
You cannot delete a user from
transaction AL08. You must log
into the individual instance and
use transaction SM04 to delete the
user session.
910
Release 4.6A/B

&KHFNIRU%DWFK-REV5XQQLQJRU6FKHGXOHG60
Check for any batch jobs that are running or are scheduled to run during the shutdown.
*XLGHG7RXU
1. In the Command field, enter SM37 and choose Enter

(or from the SAP standard menu, choose Tools CCMS Jobs SM37-Maintenace).
2. Enter * in User name.
3. Under Job status, select the
following:
< Planned
< Released
< Ready
< Active
4. Change the Fr (from) date back a
year.
5. Change the To date to a date
beyond the shutdown period.
6. In or after event, choose
select *.
7. Choose
7
2
3
and
6
Execute.
911

8. Choose a job to review

(for example, GARY-TEST).
9. From the menu bar, choose Job

Change.
Change the display to show the planned start date and time.
From the menu bar, on the screen above, choose Settings Display variant Current.
On the field selection screen, move the planned start date and planned start time from the
hidden fields on the right, to the displayed fields on the left.
10. Choose
Start condition.
10
912
Release 4.6A/B

11. Change the Scheduled start date, to

a date after the shutdown.
12. Choose Save.
11
12
13. Verify the new start date.

14
14. Choose Save.
13
913

15. A message indicates that the job

was saved.
16. Repeat the steps for each of the
other jobs that need to be moved.
15
17. As a final step, repeat the initial

job selection to verify that there
are no jobs scheduled during the
system shutdown.
914
Release 4.6A/B

&KHFNIRU$FWLYH3URFHVVHVRQ$OO6\VWHPV60
*XLGHG7RXU
1. In the Command field, enter transaction SM51 and choose Enter

SM51-Servers).
This screen lists all instances in the
system.
2. Select an instance.
3. Choose
.
2
4. The screen that appears is the

transaction SM50 screen for that
server.
5. Review for activities.

6. Choose Back and return to the SAP
servers transaction (SM51).
7. Repeat steps 2 to 5 for each
instance.
&KHFNIRU([WHUQDO,QWHUIDFHV
External interfaces are interfaces where data is being moved to or from the R/3 System.
Checking for active interfaces depends on the specific interface and how it has been
designed, built, and implemented. The developer or consultant can help you determine if
the interface is active.
915

6WRSSLQJ5
<
When you bring down or stop R/3, coordinate and plan this event with all the R/3 users
or their representatives.
<
Stopping a system at your convenience is unprofessional and usually causes

considerable operational issues with users who need (and expect) the system to be up
and running.
Stop R/3 only after all checks have been made and you are certain that there is no activity
on the system.
To stop the R/3 System:
1. If there are application servers in the system, stop the instance on the application
server(s).
2. Stop the instance on the database server.
<
NT/SQL:
Use the SAP Management Console.
<
UNIX:
At the command prompt, enter stopsap

This script may also stop the database; check your specific
installation.
3. If needed, stop the database.

The database must be stopped separately. Unlike the start process, stopping the system
does not also stop the database.
<
NT/SQL:
Use SQL Server Service Manager to stop the database.
<
NT/Oracle:
Use SAPDBA to stop the database.
<
UNIX:
Use either SAPDBA or the stopsap script to stop the database.
4. If needed, stop the operating system.

6723517
1. On the NT desktop,
double-click SAP R3
Management Console.
916
Release 4.6A/B

2. Drill down to the:

a. <SID> (for example, SAS).
b. <servers> (for example, pa100767
and pal002840).
2a
2b
2b
The following steps are applicable

only if you have application servers.
Stop the R/3 dialog instance (on the
application server).
to the <application server> (for
example, pal002840).
2. Right click on the <application

server> and choose Stop.
3. Choose Yes.
4. When R/3 stops:

a. The status indicators change
color to gray.
b. The Status indicates Stopped.
4b
4a
917

Stop the R/3 central instance (on the

database server).
to the <database server> (for
example, pa100767).
2. Right click on the <database server>

and choose Stop.
3. Choose Yes.
4. When R/3 stops:

a. The status indicators change
color to gray.
b.
918
The Status indicates Stopped.
4a
4b
Release 4.6A/B
&RQWHQWV
Overview ................................................................................................................102
Major System Monitoring Tools ..........................................................................102
Specific Transaction Monitoring Overview ......................................................1032
System Message (SM02) ....................................................................................1051
101
Chapter 10: R/3 System Administration

Overview
2YHUYLHZ
This chapter will help you understand how to monitor your system. It is crucial that a
system administrator gets a quick overview of the system status and is quickly notified of
critical situations. In this chapter, the reader will learn about the following items:
<
Some CCMS tools
<
Major tasks
<
Specific transactions
<
System messages
0DMRU6\VWHP0RQLWRULQJ7RROV
The major tools of system monitoring provide a quick mechanism to monitor your system.
The two major tools, the CCMS Central Alert Monitor and the System Administration
Assistant (SAA), perform two different functions. The CCMS Central Alert Monitor is
primarily an alert monitor. The SAA is a control panel from which you can directly access
the specific monitoring tools and be notified of any alerts. If you have time constraints, these
major tools provide a quick overview of the system status and notify you of critical
situations that warrant your immediate attention.
&&06&HQWUDO$OHUW0RQLWRU7UDQVDFWLRQ5=
:KDW
Transaction RZ20 is a centralized alert monitor. With this transaction, you can monitor the
servers in your landscape, such as development, QA, testing, production, etc. You no longer
have to individually log into each system to search for alerts. If there is an alert, the monitor
will link to many of the other transactions in this guidebook.
You can do many of your system monitoring tasks with the Central Alert Monitor.
To find Alert Monitor documentation, from the menu bar, choose:
1. Help SAP Library.
2. SAP Library Basis Components Computing Center Management System (BC-CCM)
BC-Computing Center Management System
3. BC-Computing Center Management System the Alert Monitor.
The Central Alert Monitor is not a replacement for examining the other checklist tasks.
Certain alerts, such as Microsoft SQL Server and TMS have not yet been integrated into
the Central Alert Monitor.
102
Release 4.6A/B

Major System Monitoring Tools
:K\
contained, these problems could deteriorate into a disaster.
*XLGHG7RXU
1. In the Command field, enter transaction RZ20 and choose Enter

(or from the SAP standard menu, choose Tools CCMS Control/Monitoring RZ20-Alert monitor).
This screen is the standard display.
We will use a modified display with
most of the monitor sets suppressed.
We will be using this monitor set

display. See the configuration section
later in the RZ20 section to learn how
to configure your display.
103

$FFHVVLQJWKH&&06$OHUW0RQLWRU5=
1. From the CCMS Alert Monitor
screen, we have the display with
only two monitor sets:
< SAP-delivered SAP CCMS
Monitor Templates
< User-created SystemAdmin docu
2. Click the node (+) to expand the

monitor sets.
3. In the SAP CCMS Monitor Templates,
there are predefined monitors to use
6
as your starting point.
These monitor templates cannot be
modified. To modify them, copy
them into a customer monitor set
and modify the monitor there.
4. In this example, we copied the Entire
system monitor from the SAP CCMS
Monitor Template into SystemAdmin
docu.
This step allows us to modify the

monitor.
5. Select a monitor.
(In this example, we selected Entire
system.)
6. To load the monitor, choose
104
4, 5
Release 4.6A/B

This is the monitor screen.

7. The monitor contains the alerts for a
single system/SID.
8. Here, we can see the application
servers in that system.
Here we show the following:
a. pa100767_SAS_00, the central
instance
b. pal101003_SAS_00, the
application server
7
8
8a
8b
&XUUHQW9LHZDQG$OHUW9LHZ
The display has two modes:
<
The current system status

This mode shows the alert situation right now.
<
Open alerts
This mode shows alerts that have been generated but not yet acknowledged. In this
mode, alerts are collected over time.
The recommended process is to look for:

1. Immediate problems (current system status)
2. Prior or transient problems (open alerts)
105

6ZLWFKLQJ%HWZHHQWKH&XUUHQWDQG$OHUW9LHZV
On the View: Current system status
screen:
1
1. To view alerts, choose Open alerts.
2. On the View: Open Alerts screen, to

return to the current status view,
choose Current status.
2
106
Release 4.6A/B

)LQGLQJDQ$OHUW
From the monitor screen:
1. Look for red node text.
If a node text is highlighted in red,
there is an alert somewhere below
that text.
2. Drill down to the bottom node.

Here, the alert node is Percentage
Used of the file system on drive H.
3. Select the node text.
4. Choose
3
2
5. Scroll to the bottom of the screen or

choose .
107

6. At the bottom of the detail screen are

two tables. These table show the
alert values over the last:
< 30 minutes
< 24 hours
These tables can be of significant

value in troubleshooting.
To display a graph of a timetable:

7. Select the table to use (for example,
last 24 hours).
8. Choose
The graphical display shows how

the values changed over a 24-hour
period.
9. Choose Back when you have

finished.
108
Release 4.6A/B

10. Choose Performance history.

The batch job that collects historical
data must be running. The default is
that the job will not run. But,
13
running this job will add more data
to the database and affect database
growth. For more information, see
Configuring the Batch Job to Collect
Historical Data (RZ21) on the
following page.
14
10
11. Enter a from and to period in

any of the time frames.
12. Choose , which returns you to the
screen above.
13. Select the history items to display.
14. Choose
12
109

&RQILJXULQJWKH%DWFK-REWR&ROOHFW+LVWRULFDO'DWD5=
The batch job that collects historical data must be running. The default situation is that the job will not run.
But, running this job will add more data to the database and affect database growth. The batch jobs
provide the data for the performance history option above.
Do not run this batch job unless you want performance history data (RZ20).

(or from the SAP standard menu, choose Tools CCMS Configuration RZ21-Alert Monitor).
2. From the menu bar, choose
Technical infrastructure Performance
Database Define Background Job.
1010
Release 4.6A/B

3. This user ID is the user ID that was

used to log in.
4. Enter the time to run the job.
The job will run every six hours.
5
6
5. Choose Save.
6. Choose
Next step.
3
4
This screen shows the second of the

two jobs that will be scheduled.
7. Choose Back.
1011

9LHZWKH$OHUWV
1. Choose Display alerts.
2. The alerts are listed in order of

priority (Red at the top and yellow
below).
1012
Release 4.6A/B

$QDO\]HWKH$OHUW
1. Select the alert.
2. Choose
.
2
1
3. The specific analysis tool that is

started is node dependent. (In this
case it is the OS Monitor.)
These tools that are individually
covered in the remainder of this
guidebook. If no tool is assigned,
you will get a No method assigned
message.
1013

$FNQRZOHGJHWKH$OHUW
1. From the detail screen, choose
Display alerts.
1
This screen is the same screen where

you start to analyze an alert (see
previous page).
2. Select the alert to acknowledge.
3
2
3. Choose Complete alert.
4. Note the message at the bottom of

the screen.
5. There is one less alert displayed.
5
You still have to perform a task based on the alert. Acknowledging the alert only means
that you received the alert notification.
1014
Release 4.6A/B

6. When all alerts and warnings are

acknowledged, the alert will
change color to green.
3URYLGH6\VWHP&RQILJXUDWLRQ,QIRUPDWLRQ7UDQVDFWLRQ5=
1. Under the SAP CCMS Monitor
Templates, select System
Configuration.
2. Choose
1015

The various nodes will provide a

variety of information about:
< Clients
< SAP license
< Database
As shown here, a monitor can be

configured to display multiple
systems. Note that this monitor has
been configured to monitor the
following systems:
< SAS
< RW8
< BSK
1016
Release 4.6A/B

0DLQWDLQLQJ7KH$OHUW7KUHVKROGVIRU5=
:KDW
The alert threshold is the point where the alert indicator changes color from:
<
<
Green to yellow
Yellow to red
<
Red to yellow
<
Yellow to green
:K\
Each installation is different, so the point at which an alert changes color depends on the
individual installation.
Sample situations where you would want to change the threshold levels when:
<
A high amount of paging is a cause for concern on the production system, but it is
expected on the development system.
<
The only file on a drive may be the database file, which is completely filling the drive.
A filesystem full alert on that particular drive is of no concern, because the database
would have been configured to take up the whole drive.
+RZ
*XLGHG7RXU
1. Click the node (+) of the specific

alert that you want to change the
threshold.
3
2. Select an alert.
3. Choose Properties.
1
1017

4. If the displayed values are for a

group, an indicator field will
appear in the screen.
In this case the group indicator

means that the values displayed
apply to all drives, not just the
selected drive.
5. To switch to group or individual:
<
Group:
From the menu bar, choose
Edit Properties Use from
MTE class/group.
<
Individual:
From the menu bar, choose
Edit Properties Use for
individual Monitoring Tree
Element (MTE).
6. Choose
7. The threshold value field will

change color from grey to white.
6
1018
Release 4.6A/B

8. If the transaction is set to group

mode, an information screen will 8
appear.
9. Choose
.
9
10. Enter new values for when the

alerts will change (for example,
98).
11
These threshold values are specific

to the alert you indicated.
11. Choose Save.
10
+LGLQJ6$36WDQGDUG0RQLWRU6HWV
The monitor sets that are being hidden are not usually needed.
1. On the CCMS alert monitor screen,
from the menu bar, choose
Extras Activate maintenance
function.
1019

2. Expand all the monitor sets.

3. Under Public sets, select a monitor
set (for example, SAP Business
Communication).
4. Choose
5. Deselect Public (visible for all users).

6. Choose
5
6
1020
Release 4.6A/B

7. The monitor set will disappear from

My favorites and Public sets.
8. The set still exists under SAP.
Therefore, if it is needed, this set
could be unhidden.
1021

9. Repeat the steps until the only SAP

standard set remaining is SAP
CCMS Monitor Template.
Once the extra monitor sets

disappear, this screen shows how
the CCMS monitor sets will look.
1022
Release 4.6A/B

&UHDWHD1HZ0RQLWRU6HW
1. On the CCMS alert monitor screen,
function.
2. Select Public sets.

3. Choose
4. Under Monitor set, enter a name for

the new monitor set (for example,
SysAdmin 2).
5. Select Public (visible for all users).

6. Choose
5
6
1023

7. The new monitor set is in the Public

sets and My favorites.
8. To turn off maintenance, from the

menu bar, choose Extras
Deactivate maintenance function.
9. The new monitor set (SysAdmin 2)

now appears on the screen.
$GGD0RQLWRUWRWKH0RQLWRU6HW
function.
1024
Release 4.6A/B

2. Select the Monitor set (for example,

SysAdmin 2).
3. Choose
.
3
4. Expand the monitor design tree.

6
5. Select the nodes (+) that you want to

include in the monitor (for example,
Background under both RW8 and
SAS).
6. Choose Save.
1025

7. Under Monitor, enter a relevant

name for the new monitor (for
example background-SAS+RW8).
8. Choose
7
8
9. The monitor definition is saved.
10. Expand the monitor set to see the

new monitor.
11
11. To turn off maintenance, from the

menu bar, choose Extras
Deactivate maintenance function.
10
1026
Release 4.6A/B

12. Select the new monitor.

13. Choose
13
12
14. Expand the monitor tree.

15. This new monitor shows only the
nodes you selected.
This monitor is monitoring
background service on two different
systems (SAS and RW8).
15
15
1027

6\VWHP$GPLQLVWUDWLRQ$VVLVWDQW7UDQVDFWLRQ66$$
:KDW
The System Administration Assistant (SAA) was developed as part of the Ready-to-RunR/3 project. The core of the SAA has been brought into standard R/3 and is now available.
The SAA lists all the R/3 administrative tasks and tracks tasks that need to be done. It also
provides documentation on each task and displays critical, and non-critical, alerts.
:K\
It helps the system administrator track work by providing a point of reference for all
relevant system administration transactions.
+RZ
*XLGHG7RXU
1. In the Command field, enter transaction SSAA and choose Enter

(or from the SAP standard menu, choose Tools Administration Monitor SSAA-System
Administration Assistant).
2. Choose Entire View tab.
1028
Release 4.6A/B

3. Choose
4. Choose
.
4
1029

5. From the menu bar, choose View

Transaction code to display the
transaction codes on the right side.
6. If a task needs to be performed, a

red square will appear next to it.
7. To execute the task, choose
on
that line (for example, R/3: Checking
Background Jobs).
6
1030
Release 4.6A/B

8. The associated transaction is started.

The specific transaction code
selected is node dependent. The task
to execute the transaction will be
specific to the started transaction.
9. When you have finished, choose

Back.
10. The list is updated, and the task has

a green circle indicating that it has
been performed.
11. To see if there are any alerts in each
task, choose List Current Alerts.
11
10
1031

Specific Transaction Monitoring Overview
12. Critical
and noncritical
in each task are displayed.
alerts
12
6SHFLILF7UDQVDFWLRQ0RQLWRULQJ2YHUYLHZ
)DLOHG8SGDWHV7UDQVDFWLRQ60
:KDW
An update terminate (or failed update) is an update to the database that failed. These
terminates occur when a user entry or transaction is not entered or updated in the database.
The following example should help clarify this concept:
([DPSOH
1. The accountant gives a file clerk a folder (similar to the save in a transaction).
2. The file clerk gives the accountant a receipt (similar to the R/3 document number).
3. On the way to the file cabinet, the clerk falls and gets hurt.
The folder in not filed in the cabinet (the failed update).
4. The end result is that the folder is not in the cabineteven though the accountant
has the receipt.
This same end result occurs in an update environment, the document is not in the
R/3 Systemeven though the user has a document number.
1032
Release 4.6A/B

For performance reasons, the database update is done in an asynchronous mode. In this
mode, the user continues to work while the system takes over the update process and waits
for the database update to complete.
In a synchronous mode, users would have to wait until the database has successfully
updated before they could continue to work.
:K\
Users assume that when they receive a document number, the entry is in the system. But it
is not. Even if the users received a document number, because of the update terminate, no
trace of it exists in the system.
([DPSOH
Even though a sales order document number is generated, the order does not exist.
Therefore, customers would not receive their order, and no trace of the order would exist
in the system.
:KHQ
Check the system for failed updates several times a day.

During a dayshift, the checks can be distributed:
<
First thing in the morning
<
Late morning
<
<
Early afternoon
Late afternoon
If you have a global operation, your schedule should be adjusted to account for other time
zones and someone in that time zone should participate in the monitoring.
The longer you wait after the update terminate has occurred, the more difficult it is for users
to remember what they did when the update terminate occurred. If you wait too long, the
user will not remember.
When things go wrong, they can really go wrong. For example, in one situation, there were
over 600 update terminates that occurred in a 30-minute period. The system administrators
were not alerted to the problem so prompt action was not taken. Therefore, normal business
transactions continued to be entered and each one was terminated.
On Windows NT, from R/3 Release 3.0F and higher, system log entries are written to the
NT event log. You might consider configuring an event log monitor to page you when an
update terminate occurs. This step reduces the need to constantly check transaction SM13. It
also reduces the exposure between the time the update terminate occurs, when you find out
about it, and when you can get to the user.
The following message appears: You have express mail in you inbox. This message means
that an update terminate has occurred on the users transaction.
1033

*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration Monitor SM13-Update).
2. In Client enter *.
3. In User enter *.
4. Under Status, select All.

5. In From date, change the date to a
year ago (for example,
09/07/1998).
6. Choose
2
3
7. In the Status column, look for

entries with an Err.
These entries are failed updates or
update terminates. You may also
see other entries listed without the
Err status.
If you have no failed updates, stop
here. If you have failed updates,
continue with the next section,
Managing Update Terminates.
1034
Release 4.6A/B

0DQDJLQJ8SGDWH7HUPLQDWHV
1. Double-click on an entry with an
Err status.
2. This screen shows in what module

(Mod.name) and where in the
process (Mod.ID) that the update
terminate occurred.
2
3. Double-click on the entry with an

Err status.
4. Choose ABAP short dump.

If a short dump exists, it will
appear.
1035

5. After choosing ABAP short dump in

the previous screen, you will see
one of the following screens:
a. If you have an ABAP dump,
you will see this screen.
b. If a short dump does not exist, you will see:

< A dialog box (titled Update Status).
< The message No ABAP/4 short dump exists which appears either in the inactive Update Modules
window or a separate dialog box.
Do not attempt to reapply the failed update! There are conditions under which this
reapplication can lead to corruption of the database.
Always advise users to reenter the transaction.
1036
Release 4.6A/B

Some of the problems that can occur with an update terminate include:
<
No short dump
In this case, the only clues you have are the:
User ID
Date
Time
Transaction
<
Difficulty reading the short dump

Do not be discouraged because you cannot understand a short dump. The ability to read
a short dump comes with experience and practice. Some of the content is only useful to
the developer. You may recognize a pattern of characters as a part number, document
number, vendor code, etc.
<
Short dump with little usable information
<
Update terminate occurring downstream from the actual transaction

The data in the short dump may be of little value in finding the root of the update
terminate. (For example, if the terminate occurred in the FI posting of an SD transaction,
you will not know which SD transaction document caused the problem.)
<
Update terminate occurring in a batch job

There is no indication of which batch job (by job name) caused the update terminate.
SAP is aware of the inability to identify the batch job which was the source of an update
terminate.
6. The users need to be contacted.

7. The users should check for the missing entry and reprocess the missing transaction.
8VHU7UDLQLQJ
When a user receives the following message, You have express mail in your inbox, usually
signals a problem. The user should immediately stop and get assistance to determine what
happened. R/3 uses express mail to notify the user of a failed update. It is during this
window (immediately after the error has occurred) that the user has the best chance of
correcting the problem.
1037

6\VWHP/RJ7UDQVDFWLRQ60
:KDW
The system log is the R/3 Systems log of events, errors, problems, and other system
messages.
:K\
The log is important because unexpected or unknown warnings and errors could
indicate a serious problem.
:KHQ
You should check the system log several times a day.
The ability to properly monitor the system log comes with experience. Over time, you
will become familiar with what log entries normally appear in your system log, and
recognize the unusual ones that need investigation.
*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration Monitoring SM21-System log).
If you select Problems only, you
will see this screen.
2. You can get more information on
certain entries. In this example,
double-click on the short dump.
Proceed to step 4.
2
1038
Release 4.6A/B

If you select All messages, you will see

this screen.
3. Notice that the warning messages
on this screen (indicated by the
yellow highlight under the column
MNo), and the text Perform
rollback) did not appear in the
previous screen.
3
What to look for:

< Unusual entries
For your installation for a specific system, before you can recognize the unusual entries, you will need
to become familiar with normal entries.
< Column MNo for the error status
Errors are in red and pink, and warnings are in yellow. These entries may have been examined when
you did the Alert Monitor (RZ20).
To minimize the video processing overhead, many NT servers are configured with a video
color depth of 16 colors. On these servers, increase the video color depth to 256 colors to see
the alerts in color, or view the log from a computer that has the video set to at least a color
depth of 256 colors.
1039

4. Choose Analyze runtime errors.
This screen is the short dump. You

can access this screen using
transaction ST22.
1040
Release 4.6A/B

/RFNV7UDQVDFWLRQ60
:KDW
A lock is a mechanism that prevents other users from changing the record on which you
are working. The example below illustrates the importance of using this function.
([DPSOH
You are changing a customer mailing address, while someone is simultaneously changing
the customers telephone number. You first save your change; then the other person saves
his or her change. The other persons change overwrites your change, and your change
will be lost.
:K\
There may be old locks still in place from transactions that did not release, or from when
the user was cut off from the network. Unless cleared, these locks prevent access or change
to the record until the system is cycled. The easiest way to locate these locks is to look for
locks from prior days.
We presume that the profile parameter rdisp/gui_auto_logout has been set. This parameter
defines an automatic logout of the user if there is no activity for the set number of minutes.
Setting the auto_logout parameter is recommended for security. It is also an item for which
your external auditors may test. The parameter is a global setting that applies to all users
on the instance. You cannot have different logout times for different groups of users on the
same instance.
The only way to have different logout times for different groups of users is to have specific
groups (for example, Finance) log in to specific instances (for example, the Finance
application server) where this parameter is set in the instance profile of that instance.
1041

*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration Monitor SM12-Lock entries).
2. In Client enter *.
3. Clear the User name field.
4. Choose
2
3
5. In the Time column, look for locks

from previous days.
The presence of a lock from a
previous day could mean that the
user was disconnected from the
network and the R/3 System.
Deleting a lock is a dangerous task.

Do not delete a lock without checking first to see if it is being used. If you delete a lock
that is in use, you risk corrupting the database.
1042
Release 4.6A/B

The following process should be followed before deleting a lock:

Task
Transaction Code that Completes this Task
Is the user logged on any of the servers?
<
Transaction SMO4 (without application

servers)
<
Transaction AL08 ( with application servers)
If the user is not on the system, but transaction

SM04 shows them on the system, delete their
sessions as described in chapter 9, Deleting a Users
Session. This step, alone, may clear the lock.
Are there are processes running under the user ID? <
Transaction SM50
<
Transaction SM51
Also see the Processes section later in this chapter.

Are there batch jobs running under the user ID?
<
Transaction SM37
Also see the Background Jobs section in this chapter.

Are there updates in process for that user ID?
<
Transaction SM13
Also see Failed Updates section in this chapter.

Once you know that there is no activity using the users ID:
1. Select the lock entry for deletion.
2. From the menu bar, choose Lock entries Delete.
<
Double-check the user ID of the entry that you selected to delete.

If you delete the wrong lock, you could corrupt the database.
<
Clear only one lock entry at a time.
<
Do not use the mass delete option.

This option will delete all the locks, not just the ones for the user you have selected.
$FWLYH8VHUV7UDQVDFWLRQV60DQG$/
:KDW
These transactions display all the users who are currently logged on to the system. They
show both the users ID and terminal name.
:K\
terminals. An unfamiliar terminal may indicate that someoneother than the designated
useris using that user ID.
1043

A user logged on to more than one terminal may indicate that the ID is being used:
<
<
Used/shared by several people
Here are some reasons not to share user IDs:

<
If a problem arises, you will not know who created the problem.
This situation makes the problem difficult for you to fix and prevent from happening
again.
<
Prudent security practices do not allow for the sharing of user IDs.
<
Your external auditors may also perform this test to test your security.
Release 4.6 allows you to prevent concurrent sharing of user IDs by activating the
disable_mult_gui_login system profile. We recommend that you activate this parameter.
3UREOHPV
Transaction SM04 may show a user as active, when the user has actually logged off. Because
the user session was not properly closed, the system thinks that the user is still logged on.
This condition can be caused by one of the following:
<
A network failure, which cuts off the user.
<
Users who turn off their computer without logging off from the R/3 System.
6LQJOH,QVWDQFH6\VWHP7UDQVDFWLRQ60
*XLGHG7RXU

2. Select the user ID (for example,
GARYN) to view the session the
user has opened.
3. Choose Sessions.
3
1044
Release 4.6A/B

The Overview of Sessions screen

shows what sessions the user has
opened.
4. Choose

0XOWL,QVWDQFH6\VWHP7UDQVDFWLRQ$/
If you have several instances in your system, using AL08 is easier, because you can
simultaneously see all users in all instances on the system.
1. In the Command field, enter transaction AL08 and choose Enter
(or from the SAP standard menu, choose Tools CCMS Control/Monitoring
SM66-All work processes.
2. From the menu bar, choose Goto Global users overview.
3. The Current Active Users screen
shows all the instances in your
system.
4. For each instance, a list of the users
logged onto that instance/
application server is also provided.
3
4
3
4
1045

:RUN3URFHVVHV7UDQVDFWLRQV60DQG60
:KDW
Process overview transactions allow users to view the status of work processes and monitor
for problems. Transaction SM51 is a central transaction from which you can select the
instance to monitor. SM51 starts transaction SM50 for each application server, which is used
for a system without application servers.
:K\
Transaction SM51 is one place to look for jobs or programs that may be hung, which
maybe indicated by long run times. If batch jobs are not running, transaction SM50 may
provide a hint of the problem, if all the batch work processes are in use.
)RUD6\VWHPZLWK$SSOLFDWLRQ6HUYHUV
*XLGHG7RXU

SM51-Servers).
2. Select the instance you want to
view (for example,
pawdf071_Q99_75).
3. Choose
.
2
1046
Release 4.6A/B

This screen shows the Process

Overview transaction (SM50) for that
instance.
)RUD6\VWHP:LWKRXW$SSOLFDWLRQ6HUYHUV
*XLGHG7RXU
In the Command field, enter transaction SM50 and choose Enter

SM50-Process overview).
What to look for:
a. Dialog work processes (DIA) that
have long Time values.
These values could indicate a
problem or a long running step in
batch programs, which sometimes
start dialog work processes.
b. In the Status column, work

processes that say stopped, can
sometimes be a problem because a
process may have stalled or failed.
The columns are defined in the table
below.
1047

Column Text
Definitions
No
Work process number
Ty
Type of work process
PID
OS PID (Process ID) number
Status
Current status of the work process
Err
Number of detected errors in the work process
CPU
Cumulative CPU time that the current process is taking
Time
Cumulative wall time that the current process is taking
Program
Name of the ABAP program
Clie
Client number
User
User ID that is using the work process
Table
Table that the action is being performed on
$%$3'XPS$QDO\VLV7UDQVDFWLRQ67
:KDW
An ABAP dump (also known as a short dump) is generated when a report or transaction
terminates as the result of a serious error. The system records the error in the system log
(transaction SM21) and writes a snapshot (dump) of the program termination to a special
table. This transaction can also be called from the system log (transaction SM21).
:K\
An ABAP dump is used to analyze and determine why the error occurred and take
corrective action.
1048
Release 4.6A/B

*XLGHG7RXU
1. In the Command field, enter transaction ST22 and choose Enter

(or from the SAP standard menu, choose Tools Administration Monitor
ST22-Dump analysis).
There are two selection methods to display the list of dumps:
<
For a simple selection, Today or Yesterday (proceed to step 2)
<
For a free selection (proceed to step 5)
6LPSOH6HOHFWLRQ
2. Under No. of short dumps, if you
see a value other than zero (0) in
Today or Yesterday, dumps have
occurred that need to be
examined.
3. Select Today.
4. Choose
Proceed to step 8.
)UHH6HOHFWLRQ
5. Choose
Selection.
5
1049

6. Enter your selection criteria in the

ABAP Dump Analysis screen.
7. Choose
7
6
8. Double-click on the dump you

want to analyze.
1050
Release 4.6A/B

System Message (SM02)
This screen shows the short

dump.
Despite being called a short dump, ABAP dumps may be more than 75 pages long. We
recommend you save the dump locally and print out only the portion you need.
If the SAP hotline asks for a copy of the short dump, rather than fax the entire dump, it is
easier to e-mail or upload the file (see SAP note 40024).
6\VWHP0HVVDJH60
:KDW
A system message is a popup that users see when they:

<
First log on to the R/3 System
<
Move between screens
:K\
<
To send a broadcast message to everyone on the system (for example, SAP will be down
for scheduled maintenance from 6:00 p.m. PST Friday, October 23 to 12:00 p.m. PST Saturday,
October 24.).
<
To inform the user about the system they are logging on to.
This information is recommended for systems other than the production system, such as
development, test, sandbox, training, etc. (for example, You are logging into QAS, copy of
PRD as of Nov-1-98 at 0100 PST).
1051

&UHDWLQJD0HVVDJH
*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration Administration SMO2-System
messages).
2. Choose
Create.
3. Enter your message in System

message text.
4. Optionally, you may also enter
text in the following fields:
a. In Server, choose
and select
the instance on which the
message should appear.
b. In Client, enter the client
number, for a client specific
message.
3
4a
4b
5
6
5. In Expiry on, enter the messages

expiration date and time.
6. Choose
1052
Release 4.6A/B

To prevent the message from expiring, enter a date several years in the future.
When referencing the time for an event, always enter the specific time, time zone, and date
(for example, 0230 PDST-MonJun 8,1998). Entering vague information (such as in 15
minutes), creates confusion as to when and where an event has been scheduled. Some
examples of confusion that may arise includes:
<
15 minutes (from when?)
<
0230 (which time zone?)
<
6:00 (a.m. or p.m.?)
<
Monday (of which week?)
7. The message in the status bar

been saved.
The System Messages popup

window will appear.
1053

(GLWLQJD0HVVDJH
*XLGHG7RXU

SM02-System messages).
2. Select the message.
3. Choose
Change.
To delete the message from this

screen, choose
Delete, not
Change.
3
2
4. Enter your changes.

5. If necessary, change the following:
a. ServerName
b. Client
c. Expiry on
6. Choose
5a
5b
5c
6
1054
Release 4.6A/B


been changed.
8. Check the changed message.
8
$%$3(GLWRU6(
:KDW
An R/3 system administrator will need to execute certain reports and programs to apply a note or in
relation to everyday duties and tasks.
+RZ
1. In the command field, enter transaction SE38 and choose Enter

(or from the SAP standard menu, choose Tools ABAP workbench Development SE38-ABAP Editor).
2. In Program, enter the report or
program name (for example,
RSPARAM).
3. Choose
.
3
2
Be careful when executing reports

and programs because it may affect
and change your system. Make sure
you are executing the correct
program, and you know what the
program is going to do.
1055

4. This program has a variant screen

where you can indicate whether you
want parameters that cannot be
substituted to also be listed.
5. Choose
6. The report is run.

In this case, the report displays the
profile parameters.
7. Choose Back.
)RU,QIRUPDWLRQ$ERXWD3URJUDPRU5HSRUW
1. In the Program, enter RSPO0041.
2. Select Documentation.
3. Choose
Display.
2
3
1056
Release 4.6A/B

The screen displays information

about the program RSPO0041.
1057

1058
Release 4.6A/B
&RQWHQWV
Overview ................................................................................................................112
Audits .....................................................................................................................114
Security Layers .....................................................................................................116
Operational Security...........................................................................................1125
Audit Tools ..........................................................................................................1137
Audit Tasks..........................................................................................................1157
111
Chapter 11: Security Administration

Overview
2YHUYLHZ
The purpose of this chapter is to make you aware of your responsibilities as the R/3 system
administrator(s) for security. These responsibilities include:
< Protecting the R/3 System
<
Preparing you for a computer security audit
When an audit is performed on an R/3 System, the administrator(s) will be responsible for
responding to the audit findings. This chapter is an attempt to prepare you for these audits.
Each auditing firm has their own audit procedures and may look at many different items, so
we cannot prepare you for everything. However, we will try to prepare you for the core
group of items that all firms normally look at.
This chapter is only an introduction to computer security and its importance. Although an
entire book can be written on this subject, even that would be insufficient. We recommend
that you contact and work with all the parties (external auditors, internal auditors, finance
department, legal department, and others) who might be affected by system security.
:KDWLV6HFXULW\"
Security is more than the R/3 authorization (or keeping undesirables out of the system).
It is concerned with the following issues regarding data:
<
Protecting it from hardware problems
<
Maintaining its integrity
<
Restoring it in the event of a disaster
Security is a broad topic and can be organized in many different ways. Some of the areas
covered include:
<
Keeping unauthorized people out of the system
<
Keeping people out of places that they should not be
<
Safeguarding the data from damage or loss
<
Complying with legal, regulatory, and other requirements
Each of these areas can be further divided.

.HHSLQJ8QDXWKRUL]HG3HRSOHRXWRIWKH6\VWHP
This area is what we usually think about as security and includes the R/3 authorization
concept, operating system and network logon security, and physical security.
.HHSLQJ3HRSOHRXWRI3ODFHV:KHUH7KH\6KRXOG1RW%H
This area covers users having access to more parts of the system and to more data than they
need to perform their job. The data may not be damaged but accessing and revealing this
data could be equally damaging.
112
Release 4.6A/B

Overview
Examples of this sensitive data include:

<
<
Your companys customer list, contacts, and sales volume.

This information could be used by a competitor.
Your employees personnel data.
There are privacy laws that protect this type of data.
<
Financial performance data, such as quarterly financial statements.

There are strict SEC rules governing insider trading (see below for a definition of insider
trading).
<
Items specified in contracts with customers, vendors, or other parties.
6DIHJXDUGLQJWKH'DWDIURP'DPDJHRU/RVV
There are two major sources of damage:
<
<
Accidental, such as:

Loading test data into the production system.
This situation happens, unfortunately, more often than people admit.
A hardware failure.
A fire that destroys the data center.
Arson
A flood, hurricane, earthquake, tornado, or other regional natural disasters.
Deliberate, such as:
A disgruntled employee who deletes or damages files from the system.
A hacker who deletes or damages files from the system.
&RPSO\LQJZLWK/HJDO5HJXODWRU\DQG2WKHU5HTXLUHPHQWV
:KDW
Other reasons for security are defined by laws, contracts and other parties.
Security is a sensitive issue, and it has legal implications. One good example of security is
insider trading. Before defining insider trading, we have to first define insider knowledge or
inside information. Insider knowledge or inside information means you have information,
which is not known or available to the general public. If the information is known to the
general public, it could affect the stock price. Insider trading is using inside information to
buy or sell stock and make a profit or reduce a loss. Even if you do not profit from the sale,
you could be held liable.
113

Audits
([DPSOH
In one company, an employees spouse passed on inside information to a relative, who
purchased the stock, then sold the stock at a profit after the earnings announcement.
That relative made a profit by buying the stock before the earnings announcement
(insider trading). The SEC fined the spouse and the relative. The spouse was guilty of
providing insider information to the relative, who then made the profit on the sale of the
stock. Both, therefore, were guilty of insider trading.
([DPSOH
The IS director of a company asked for authorization to log into the production R/3
System. This request raised the concern of the accounting/finance department. Access to
financial information is typically on a need-to-know or need-to-access basis, and the
IS director did not need to access the production R/3 System. Red flags went up when
he started asking about financial performance information (quarterly earnings), well
before this information was made public. He was asking for insider information.
+RZ
You will need the assistance of your companys legal department.
$XGLWV
As a system administrator, you will be affected by two audits:
< Security
<
Financial
)LQDQFLDO$XGLW
:KDW
A financial audit is a review of your companys financial statements by a Certified Public

Accountant (CPA) in the U.S., or their equivalent in other countries. The purpose of the
audit is to issue an opinion on the companys financial statements. This opinion essentially
states that the financial statement represents fairly the financial position of the company. A
financial audit is usually not an option. If your companys stock is traded on the stock
market, the audit is required by the Securities and Exchange Commission (SEC) in the U.S.,
or its equivalent in other countries. If your company is private, a financial audit could be
required by creditors.
As a part of the financial audit, the CPA will typically do a security audit of R/3 and the
associated systems. The purpose of the security audit is to determine how much reliance can
114
Release 4.6A/B

Audits
be placed on the data in the R/3 System. Your external auditors will evaluate your system
security to determine what audit tests to perform and how much testing they will have to
do.
:K\
If their evaluation results are not good, they may need to increase the scope of their audit.
This increased scope also increases the cost of the audit, and the extra work could delay the
completion of the audit. In a worst case scenario, they could determine that the security is so
weak that they cannot issue an opinion on the companys financial statements. This
situation is really bad.
Because of the effect on the stock price (down) that this inability to issue an opinion will
probably cause, the chief financial officer (CFO), and likely the president, will be quite
upset. Is your resume updated?
6HFXULW\$XGLW
:KDW
A security audit is performed specifically to test the security of the R/3 environment. This
audit is usually done as a part of the financial audit or to comply with government or other
regulatory agencies. It can also be done by your companys internal audit group.
:K\
As a security audit.
As a part of the financial audit, the CPA will typically do a security audit of R/3 and the
associated systems. The purpose of the security audit is to determine how much reliance can
be placed on the data in the R/3 System. Your external auditors will evaluate your system
security to determine what audit tests to perform and how much testing they will have to
do.
The audit is also done to test the security of confidential data, such as:
<
Financial information
<
Customer data
<
Product information
<
Company personnel data (from the HR module)
$XGLW&RQVLGHUDWLRQV
:KDW
Audit considerations are the things that auditors will look at when they do the financial
audit, or a computer security audit.
Some of these considerations are:
<
Physical security
<
Network security
115

Security Layers
<
<
User administration procedures

Adequate segregation of duties
Proper training
Passwords
Data security
Protection from hardware failure; mirrored drives, RAID, fail-over, HA, etc.
Backup and recovery procedures
Protecting the production system from unauthorized changes
Locking dangerous transactions
:K\
These tasks are done to support the financial or security audit. Without knowing what the
auditors will look for, you cannot properly prepare yourself, and protect the system.
1RWH This section is not an all-inclusive SAP security audit. It is only to make you
aware of some of the things that could be reviewed as part of a security audit. We
recommend that you work with your auditors before the financial audit, to review your
system and bring it up to acceptable standards for the audit.
6HFXULW\/D\HUV
To make security more manageable, we have chosen to use the security layer model, one of
the many existing security models. It uses the following three major layers of security:
Data
Security
Access
security
116
<
Access security
Physical security
Network security
Application security
<
Operational security
<
Data security
Operational
Security
Release 4.6A/B

Security Layers
$FFHVV6HFXULW\
3K\VLFDO6HFXULW\
:KDW
Physical security controls the physical access to R/3 and network equipment.
Like the graphic on the previous page, to get to the inner circle, an intruder must penetrate
the outer circles as follows:
<
Onto the property or site
<
Into the building
<
Into the areas of the building where the users are or where the equipment is located
Finance
MIS
Computer operations
Into the specific equipment rooms within these areas of the building
Server room
Wiring closet
Network room
<
:K\
This layer is probably the most important. If an intruder can physically access your
equipment, all your other security layers can be bypassed.
When this layer is bypassed:
<
<
Equipment can be physically damaged or destroyed.

The system can be accessed from the operators console (and could bypass strong
network security).
<
Equipment can be removed.
<
Data could be hacked.
Without physical access to the equipment, the intruder must electronically access the system
through the network.
+RZ
The R/3 equipment should be located in a secured room. Access to the room should be only
through a locked door. It is crucial to control who is allowed access to the server room.
If you have electronic card key access, periodically audit the access log for the server room.
The periodic review of the access log may be an item for which auditors will test.
117

Security Layers
1HWZRUN6HFXULW\
:KDW
Network security also has sublayers of security. The goal of this security type is to control
the following types of access to the network:
< External
<
Logon
This type controls on-site and remote access and where on the network users can go
once they gain access.
:K\
If intruders access your network, they could have an electronic link to your computers.
+RZ
Use network security specialists to properly configure the various access points into your
network and, once users are on the network, control their movements.
Some of these points of control are:
<
Outside access
Dial-in access
Internet access
Other remote access methods, such as VPN
<
Network login access
<
This access method is the actual logon to the network (for example, the NT domain).
Access to portions of the network.
NT domains
1RWH We recommend that you have:

<
A dedicated SAP domain where only the administrators are allowed to directly log
onto.
<
Other domains where users will log onto, trust the SAP domain, but the SAP domain
does not trust other domains.
Router tables
This table can be used to control (by IP address) which users can access the SAP
servers.
118
Release 4.6A/B

Security Layers
$SSOLFDWLRQ6HFXULW\
:KDW
Like the other layers, application security has sublayers of security, which controls:
<
<
The ability to log into the application, such as logging into R/3
Where a user can go in the application
<
What a user can do in the application
<
What a user can do based on the system data in the application [such as the R/3 System
(for example, limiting the user to company 001 and cost center 200)]
R/3 security functions at this layer.
:K\
This layer provides the fine or specific security of what a user can do [for example, read (not
change) accounting data for only cost center 200 in company 001].
+RZ
Using R/3 application tools such as:

<
Profile Generator (transaction PFCG; for more information, see Authorizations Made Easy)
<
Audit Information System (transaction SECR; see page 1137)
<
<
Security Audit Log (transaction SM19/SM20; see page 1144)

Delete Old Audit Logs (transaction SM18)
2SHUDWLRQDO6HFXULW\
:KDW
This layer is security at the operational or user level. Because it is primarily procedures and
control, there are few computer or systems issues related at this level.
:K\
These are organizational and people issues, which are always a problem, because people
need to comply with guidelines and rules. The problem is, of course, that some people never
want to comply with guidelines.
+RZ
Some of the methods of operational control are:

<
Segregation of duties
<
Preventing sharing of user IDs
<
Password standards
<
Log off when away from the computer, such as during lunch or at the end of day
119

Security Layers
'DWD6HFXULW\
This layer is closely knit to the material in chapter 2, because disaster recovery is an integral
part of data security.
:KDW
Data security is the protection of the data.

<
Data on the servers

Here we are protecting the data on the server from damage or loss. This protection is
accomplished in various ways. The goal is to prevent or minimize loss of data in a
disaster.
<
Backup data
The goal of this security layer is to preserve application data (usually on tape) so that the
system can be recovered.
<
The backup tapes must be stored safely to:

Preserve the backup tapes in the event of a disaster
Protect the backup tapes from theft
Disaster Recovery
For more information on disaster recovery, see chapter 2.
:K\
It is easier to be proactive and prevent a problem than to recover from it.

To remain proactive:
< Reduce the chances of losing data.
The first place to do it is on the server.
<
Protect backup data from damage or loss.
<
Ensure that, if there is a disaster, the system be completely recovered.
+RZ
<
Data on the servers

The goal is to prevent or minimize loss of data in a disaster. Some of the items below can
be referred to as High Availability (HA) items:
RAID arrays for drives
Redundant equipment
Using reliable equipment and vendors
Premium hardware support agreements for the production system
The following are facilities-related items:
Uninterruptible Power Supplies (UPS)
Fire detection and prevention devices
1110
Release 4.6A/B

Security Layers
<
Intrusion alert
Environmental alerts
Backups
Backup tapes should be sent to a secure, off-site data storage facility.
This step protects the backup data from damage or destruction a disaster.
Tapes at both the off-site backup and the on-site tape storage facilities must be
secured to prevent the theft of the backup tapes.
If the backup tapes were stolen, the data can be restored and hacked. Using database
tools, most R/3 security could be bypassed by directly reading the tables.
$SSOLFDWLRQRU56HFXULW\
&RQWUROOLQJ$FFHVVWR5
Also see the Password section in this chapter.
3UHYHQW0XOWLSOH8VHU/RJLQV
:KDW
This process prevents users from logging onto the system multiple times. Multiple user
logons is when several users are sharing a user ID, or someone is using a users ID without
the users knowledge. Preventing multiple user logons is not allowing more than one R/3
logon from one user ID.
:K\
If several people share a user ID:

<
You do not know who created a problem.
<
This situation is an audit security issue.
+RZ
Set the disable multi-login parameter (login/disable_multi_gui_login) in the system profile.

You can allow specific users to log on multiple times by entering their user IDs in the
parameter login/multi_login_users separated by commas and no spaces.
3UHYHQWLQJ&KDQJHVLQWKH3URGXFWLRQ6\VWHP
:KDW
The production system should be set to Not modifiable. The locks on the system should be
set so that configuration changes (client-independent and client-dependent) cannot be made
directly into the production system. The purpose for this setting is to ensure that all changes
are completed in a controlled manner.
1111

Security Layers
In the development pipeline, changes are:

1. Made in the development system
2. Tested in the development system
3. Transported from the development system to the test system
4. Tested in the test system
5. Transported from the test system to the production system
This procedure ensures that changes are properly tested and applied to the systems in the
pipeline. (A pipeline is the environment where development is moved from the
development system to the quality assurance system, and finally to the production system.)
:K\
Configuration changes should not be made directly into the production system. This
restriction maintains the integrity of the production system. If changes are made directly
into the production system, it may break because the change:
<
Was not tested
<
Is not the same as the one made in the development system
The goal is to protect the production system from changes, without the changes being
properly tested and to preserve the integrity of the pipeline. If changes are made into the
production system, the development and testing pipeline could become out of sync with the
production system. If the pipeline is out of sync, it get difficult to develop and test with any
certainty that things will not be different in the production system.
All changes should be made in the development system and then transported through the
pipeline into production. In this way, all systems get the same changes. A common excuse is
that making changes directly into the production system, takes too long to transport the
fix.
By making changes directly into the production system, you:
<
Create an out of sync landscape, where the change made to the production system is
not the same as the changes made to the development or test systems.
<
Allow emergency transports to occur at any time, with coordination.
([FHSWLRQV
Infrequent exceptions occur when:
1112
<
There is no mechanism to transport the changes.
<
An SAP note requires the direct change.
Release 4.6A/B

Security Layers
When a change cannot be transported, the following procedure should be used:

1. Verify that the change cannot be transported.
Some objects may use an ABAP program to transport the object.
2. Unlock the system (to make it modifiable).
3. Make the change.
4. Immediately re-lock the system.
5. Make the same changes to all other systems.
Use this procedure only if a change cannot be transported.
Manual entry always increases the chance of making an error.
6HWWLQJWKH3URGXFWLRQ6\VWHPWR1RW0RGLILDEOH7UDQVDFWLRQV6(6&&
:KDW
There are switches that prevent changes from being made in the system. In the production
system, these switches should be set to Not modifiable. The purpose of this setting in the
production system is to make sure that changes are made using the development pipeline.
With this procedure, changes are properly tested and applied to the systems in the pipeline.
:K\
Objects should not be modifiable in the production system. This rule protects the
production system from object and configuration changes before being tested. By setting the
production system to Not modifiable, before the integrity of the pipeline is preserved.
+RZ
There are two transactions (SE03 and SCC4) that you will use to set the system to Not
modifiable. (These transactions can also be used for other tasks.)
1113

Security Layers
&OLHQW,QGHSHQGHQW&KDQJHV7UDQVDFWLRQ6(
*XLGHG7RXU
1. In the Command field, enter transaction SE03 and choose Enter.

The menu path to access this screen is extremely complicated, which is why it is not included.
2. Select Set System Change Option.
3. Choose
4. Under Global setting, choose :

a. To lock the system, select Not
modifiable.
b. To unlock the system, select
Modifiable (selected in this
example).
5. Choose
1114
Release 4.6A/B

Security Layers
&OLHQW,QGHSHQGHQWDQG&OLHQW'HSHQGHQW&KDQJHV6&&
*XLGHG7RXU
1RWH This method also locks the client-dependent changes.

1. In the Command field, enter transaction SCC4 and choose Enter
(or from the SAP standard menu, choose Tools Administration Administration Client
administration SCC4-Client maintenance).
2. Choose
3. To continue, choose
1115

Security Layers
4. Select the client number (for

example, 500).
5. Choose
.
5
To Lock a Client (Not modifiable):

6. Under Changes and transports for
client-dependent objects, select
No changes allowed.
7. Under Client-independent object

changes, choose and select No
changes to Repository and clientindependent custom obj.
8. Under Protection: Client copier and
comparison tool, choose and select
Protection level 2: No overwriting, no
external availability.
9. Choose Save.
1116
Release 4.6A/B

Security Layers
To Unlock a Client (Modifiable):

client-dependent objects, select
Automatic recording of changes.

changes, choose and select Changes
to Repository and client-ind.
Customizing allowed.
Protection level 0: No restriction.
6
9. Choose Save.
9HULI\LQJWKDW'DQJHURXV7UDQVDFWLRQV$UH/RFNHG
:KDW
Dangerous transactions could:

<
<
Damage or corrupt the system

Present a security risk
<
Adversely impact performance
:K\
If users accidentally access these transactions, they could corrupt or destroy the R/3 System.
<
In a production system:
<
Access to dangerous transactions is more critical in the production system than the
development or test systems. This criticality is because of live data and the companys
operational dependency on the R/3 System.
In a developmental system:
Certain transactions should be locked in the production system, but not in the
development, test, or training systems. Standard security normally prevents access to
these transactions, but some administrators, programmers, consultants, and functional
key users could access them depending on which system they are. In these cases, the
transaction lock provides a second line of defense.
1117

Security Layers
There are over 48,000 English transaction codes in the R/3 System. To manage such a large
number of transactions, lock only the critical ones. Your functional consultants should
supply you with any additional critical transactions in their modules.
The table below is organized with input from Basis consultants and users and lists
transactions that we recommend you lock. The transactions are categorized by the following
risk categories:
1118
<
Dangerous
<
Security-related
<
Performance impact
Transaction
Description
Dangerous
Security
F040
Document Archiving
F041
Bank Master Data Archiving
F042
G/L Accounts Archiving
F043
Customer Archiving
F044
Vendor Archiving
F045
Document Archiving
F046
Transaction Figures Archiving
GCE2
Profiles: Initial screen
GCE3
Maintain Authorizations: Object Classes
KA10
Archive Cost Centers (all)
KA12
Archive cost centers (plan)
KA16
Archive cost centers (line items)
KA17
Archive admin: cost centers (line items)
KA18
Archive admin: completely cancelled

doc
KA20
Archive admin: cost centers (all)
O001
Maintain Users: Initial Screen
O002
Profiles: Initial Screen
O016
OBR1
Reset Transaction Data

(delete transaction data)
OBZ7
OBZ8
Performance
Release 4.6A/B

Security Layers
Transaction
Description
OBZ9
OD02
OD03
OD04
OIBA
OIBB
OIBP
OMDL
OMDM
OMEH
OMEI
OMG7
OMI6
OML0
OMM0
OMNP
OMSN
OMSO
OMSZ
OMWF
OMWG
OMWK
OOPR
OOSB
Change View "User Authorizations":

Overview
OOSP
Change View "Authorization Profiles":

Overview
OOUS
OP15
OP29
OPCA
Dangerous
Security
Performance
1119

Security Layers
1120
Transaction
Description
Dangerous
OPCB
OPCC
OPE9
OPF0
OPF1
OPJ0
OPJ1
OPJ3
OSSZ
OTZ1
OTZ2
OTZ3
OVZ5
OVZ6
OY20
OY21
OY22
OY27
OY28
OY29
OY30
SARA
Archive Management: Initial Screen
SCC5
Client delete
SE01
Transport Organizer
SE06
System Table maintenance
SE09
Workbench Organizer
SE10
Customizing Organizer
SE11
Data Dictionary maintenance
SE13
Maintain Storage parameters for table
SE14
Utilities for dictionary tables
Security
Performance
Release 4.6A/B

Security Layers
Transaction
Description
Dangerous
Security
Performance
SE15
Data Dictionary Information System
SE16
Data Browser
SE17
General Table display
SE38
ABAP workbench
SM49
External OS commands
SM59
Maintain RFC destinations
SM69
External OS commands
ST05
SQL trace
SU12
Delete All Users
X
X
X
The following table shows dangerous transactions that probably cannot be locked because
they are (or could be) used regularly. These transactions may have other valid reasons for
use in a production systembut because of the potential danger, need to have restricted
access.
Transaction
Description
Dangerous
Security
RZ10
Edit System Profiles
SA38
ABAP Workbench
SM04
User Overview
SM12
System Locks
SM13
Update Terminates
SM30
Table Maintenance
SM31
Table Maintenance
STMS
Transport Management System
SU01
User Maintenance
SU02
SU03
Maintain Authorizations: Object

Classes
Performance
Table TSTCT contains the transaction codes and the name of the transaction. The current
content is over 93,000 entries in the table, with over 48,000 in English.
1121

Security Layers
+RZ
Create and maintain a list of the following information:

<
Which transactions were locked?
<
Why are they locked?
<
Who locked them?
<
When were they locked?
Maintaining the above-mentioned information will be important, because someone will

invariably want to know who locked the transaction and why it was locked.
*XLGHG7RXU

SM01 Transaction Code Administration).
2. Enter the transaction code you
want to lock (for example, SE14)
3
in the search field at the bottom of
the TCode column.
3. Choose
1122
Release 4.6A/B

Security Layers
4. Use the locked checkbox:

< To lock a transaction, select the
transaction.
< To unlock a transaction,
deselect the transaction.
5. Choose
5
6
.
4
6. Choose Back.
Check which transactions you are locking. You could accidentally lock yourself out of a
key transaction, which would prevent you from unlocking this or other transactions.
Access to transactions can also be controlled by building security authorizations on the

security object S_TCODE under Cross application authorization objects.
1123

Security Layers
7R/LVW/RFNHG7UDQVDFWLRQV
1. In the Command field, enter transaction SECR and choose Enter.
2. Select Complete audit.
3. Choose
.
3
2
4. Expand the following menu path:

Audit Information System (AIS)
System Audit
Development / Customizing
Transactions
Locked Transactions: Display.
next to Locked
5. Choose
Transactions: Display.
1124
Release 4.6A/B

Operational Security
6. Verify that the following are

selected:
< Locked
< Transactions
< Menu transactions
< Parameter transactions
< Report transactions
7. Choose
This screen shows the list of locked

transactions.
2SHUDWLRQDO6HFXULW\
This section describes selected operational security issues.
6HJUHJDWLRQRI'XWLHV
:KDW
There are standard audit guidelines that cover job or task combinations that are considered
risky or that reduce internal controls.
Some of these combinations are:
<
Accounts Payable and Check Generation
<
Accounts Receivable and Cash Receipts
<
ABAP development and transport control
1125

Your external auditors should help you define these risky combinations. Testing for
segregation of duties is a standard audit procedure.
:K\
Accounts Receivable and Cash Collection

The purpose is to separate the person who collects and handles the cash from the person
who keeps the records of what a customer owes. In this combination, the cash received from
the customer could be pocketed and the amount written off the customers account. This
separation explains why, in a restaurant, the waiter is not also the cashier, or why a
mechanic must get spare parts from a storekeeper.
+RZ
The review of segregation of duties should be completed with the various user owners (key
users of each functional area).
Out of necessity, smaller companies must assign multiple functions to a single person. Be
aware of the potential security risks in this situation. If you must combine functions,
combine them in a way that minimizes risks.
5HVWULFWLQJ$FFHVVWR6$3 RU'',&
:KDW
These are system user IDs that have restricted uses for specific purposes.
:K\
There are certain functions that can only be performed by SAP* or DDIC. If an R/3 user
requires similar functionality, they should have a copy of the SAP* profile. These users
should be grouped as super users, with the appropriate security approvals.
The security profile for SAP* is SAP_ALL. This profile is extremely powerful because it
grants the user complete access to the system. For more information, see chapter 12,
Recommended Polices and Procedures: System Administration.
A user with user administration rights cannot change the password to gain access to a user
ID and then change it back to the original password. Passwords are not visible to the
administrators, so they cannot restore the original password if they do not know it. At the
next logon, the owner of the user ID will know that the password has been altered because
they will be unable to log on with their current password.
1126
Release 4.6A/B

+RZ
1. Log on using SAP* and DDIC to determine if someone has changed the password.
2. Periodically change the password for these users in all:
<
Systems
<
Clients in those systems
This step prevents a person who knows the password from accessing the system.
3. Update the secured password list.
4. Verify that the system profile parameter login/no_automatic_user_sapstar has been
configured, to prevent the use of the automatic user sap*.
If the user ID has been deleted, this step prevents the backdoor usage of user sap*.
&KDQJH0DQDJHPHQW
:KDW
Change management is the process of controlling what changes are made to the system. In
this context, system refers to the entire system environment, not just R/3.
:K\
One aspect of security is to control and know what changes are made to the system.
+RZ
Item of concern:
< Is there a change management procedure for changes being made to the R/3 System?
<
Is a QA testing process in place?
<
Are reviews and approvals required to move changes into the production system?
6KDULQJRI8VHU,'V
:KDW
This process occurs when more than one person uses a single user ID.
:K\
This issue is a security concern because:

<
<
There is no way to tell who is doing the activity.

If there is a training problem, you do not know who needs training.
<
If there is a deliberate security breach, there is no way to track the responsible party.
2WKHU
Despite the cautionary statements above, there are a few situations where it is not practical
to have individual user IDs. These situations must be treated individually and with
management and internal audits review and approval.
1127

([DPSOH$:DUHKRXVH
In a warehouse, there is one computer and several employees who use that computer to
post their warehouse transactions such as goods issued, goods received, etc. This process
occurs because the user ID is used to log on, not at the individual transaction level, but
the R/3 System. For each transaction that the warehouse employee access, it is
impractical to log on to R/3, access transaction, and log off from R/3. The alternative is
to have a computer for each warehouse person, although this step may not be
economically justified.
+RZ
To prevent a user ID from being shared, the system profile parameter

(login/disable_multi_gui_login) can (and should) be set.
Parameter values are:
<
1 (to block multiple logins)
<
0 (to allow multiple logins)
We recommend that this value be set to 1 to prevent multiple logins under the same user
ID.
3DVVZRUG,VVXHVDQG7DVNV
The password is the users key to accessing R/3. Like the key to your house, safeguarding
this key is important to keep undesirables out. Your company should have a clear and
practical company password policy, which should be distributed to all users informing
them not to use easy-to-guess passwords.
A password policy that is too restrictive or difficult to comply with could defeat the
purpose of this policy. Users will write their passwords down and leave it in an easily seen
place, which means you have lost your security.
1128
Release 4.6A/B

6HWWLQJ3DVVZRUG6WDQGDUGV8VLQJ7UDQVDFWLRQ5=
:KDW
There are security parameters for the users password (for example, the minimum password
length, the time interval that the user must change their password, etc.).
The following is a list of the most important password parameters:
<
Minimum password length: login/min_password_lng

A longer password is more difficult to break or guess, so the standard is usually five (5)
characters.
<
Password expiration time: login/password_expiration_time

This time period is the limit before users must change their password.
Auditors usually recommend 30 days.
A practical number that customers use is 90 days.
Password lockout: login/fails_to_user_lock
This parameter locks out users who, after a specified number of times, try to logon with
an incorrect password. Users are usually locked out after three failed attempts.
<
:K\
Properly assigned parameters will make it more difficult to break into the system.
Your external auditors may check to see if you have set the security parameters.
+RZ
To set up password parameters, maintain system profiles with transaction RZ10 (for more
information on this transaction, see chapter 20).
(OLPLQDWLQJ6RPH(DV\3DVVZRUGV
:KDW
There are certain passwords (for example, 123, QWERTY, abc, sex, sap, <your company name>)
that are well known or easy to guess. You can prevent these passwords from being used by
loading them into a table (USR40) that the system checks when the user attempts to save a
new password.
Table USR40 is only a basic level of password security and is maintained manually.
There are third-party password security programs that can be integrated into R/3.
1129

:K\
A password is the key to enter the system, similar to the key you use to enter your home. If
users choose easy-to-guess or well-known passwords, security is compromised and your
system is potentially at risk.
Your external auditors may check to see if you have a mechanism to secure against users
with easy-to-guess passwords.
+RZ
By maintaining the table of prohibited passwords.

0DLQWDLQLQJD7DEOHRI3URKLELWHG3DVVZRUGV
:KDW
A table of prohibited passwords is a user-defined list of passwords that are prohibited from
being used in the R/3 System. This table is not a substitute for good password policies and
practices by the users. Interaction occurs between a system profile parameter and the table
of prohibited passwords.
If the minimum password length is set to five characters, there is no reason to prohibit
passwords like 123 or SAP, because these passwords would fail the minimum length
test. However, if company security policy requires it, you could include all passwords that
are considered risky in the table.
The following is a list of easily guessed passwords that cannot be put into any table:
<
<your name>
<
<your spouses name>
<
<your childs name>
<
<your pets name>
<
<your cars license plate>
<
<your drivers license number>
<
<your social security number>
:K\
There are many lists circulating of commonly used user passwords. If one of these
passwords is used, the chances of an unauthorized person accessing a users account
increases.
+RZ
Changes will be made to table USR40 using transaction SM31, the general table maintenance
transaction. (For more information on this transaction, see chapter 19, Change Management:
1130
Release 4.6A/B

Table Maintenance.). This change creates a transport that can then be transported throughout
the landscape.
Keep a log of changes made to this table in your security log.

A few suggestions for table entries are:
<
<
SAP
GOD
<
ABC
<
QWERTY
<
SEX
<
XYZ
<
PASSWORD
<
123
<
12345*
<
54321*
<
*12345*
Other table entries include:

<
Days of the week

(Monday*, Tuesday*, Mon*, Tue*, etc.)
<
Months of the year
<
(January*, February*, Jan*, Feb*, etc.)

<your company name>
<
<your product names>
<
<competitors names>
<
<competitors products names>
5HFRUGLQJ6\VWHP3DVVZRUGV
We recommend that you never write down passwords, except for the:
<
Critical nature of the R/3 System.
<
Many systems, clients, and all the other areas where passwords are required.
<
Need to access the system if the SAP system administrator(s) is not available.
1131

5HFRPPHQGHG3URFHVV
<
All passwords for all system IDs should be:

Recorded
Placed in a sealed envelope
Put in a company safe (possibly both an onsite and offsite safe) that has restricted
access.
Only a select list of company personnel should have access to this information.
<
User IDs that are used or needed to maintain the R/3 System include:
SAP*
DDIC
SAPCPIC (see note 29276)
EarlyWatch (client 066)
All user-created administrative IDs
Any other non-SAP user ID that is required to operate the system, such as for the
operating system, the database, and other related applications.
<
The password list should be updated and replaced whenever passwords are changed.
Two people should prepare the list, change the password, and verify the new password
one user ID at a time. If the recorded password is wrong, those keys are lost, and you may
not be able to log on to the system.
Following are sample password tables:
Server
SID
Client
User ID
Password
SAPR3T
TST
000
SAP*
Newpass
DDIC
Newpass
<SID>ADM
Newpass
SAPCPIC
Newpass
SAP*
Newpass
DDIC
Newpass
<SID>ADM
Newpass
SAPCPIC
Newpass
SAP*
Newpass
<SID>ADM
Newpass
Earlywatch
Newpass
SAP*
Newpass
DDIC
Newpass
001
066
100
1132
Release 4.6A/B

Server
SID
Client
User ID
Password
BATCH1
Newpass
<SID>ADM
Newpass
SAPCPIC
Newpass
All systems should have entries for clients 000 and 001. In addition, the production system
should have an entry for client 066. Clients 000 and 001 are default clients in all systems,
and client 066 is the EarlyWatch client and may not exist in every system.
Where
User ID
Password
NT
Finance/DEVADM
Newpass
Finance/PRDADM
Newpass
sa
Newpass
sapr3
Newpass
root
Newpass
<SID>ADM
Newpass
system
Newpass
SYS
Newpass
OPS$<SID>ADM
Newpass
OPS$SAPSERVICE<SID>
Newpass
SAPR3
Newpass
SQLserver
UNIX
Oracle
1133

*XLGHG7RXU
To change the password for a user ID:

1. In each instance and each client, log on under the user ID to change the password.
2. In Client, enter the client number
(for example, 500).
3. In User, enter the user ID you
want to change (for example,
sap*).
5
4. In Password, enter the current

password.
5. Choose New password.
3
4
6. Enter the new password twice in

the popup window.
6
Be careful when you enter the

new password. It is easy to enter
the password incorrectly or to
make the same error twice (for
example, user versus users and
the versus teh).
7. Choose
At this point the logon will

proceed as normal.
1134
Release 4.6A/B

8. Record the new password in the password table.

9. Log on using the new password to verify it.
At this point, if the new password fails, use another administrative user ID to reset the
password. This reason is why password changes should be made one user ID at a time.
This process must be repeated for every system and client in which the user ID has an entry.
With Central User Management, you can manage users across all systems (for more
information, see Authorizations Made Easy, Release 4.6).
2SHUDWLQJ6\VWHP/HYHO
At the operating system level, the following user IDs should have their passwords changed:
17
In some places, NT is case sensitive (for example, at the initial login screen).
8VHU,'V
<
<SID>ADM
<
SAPService<SID>
6HUYLFHV
<
<
SAP
These services will either use user ID <SID>ADM or SAPService<SID>
SAP<SID>_<instance>
SAPOsCol
SAProuter
Oracle
OracleService<sid>
OracleTNSListener80
The default user that the Oracle services runs under is system
<
SQLserver
MSSQLServer
SQLServerAgent
The user ID that they run under is either <SID>ADM or SAPService<SID>

<
Informix
INFORMIX-OnLineDynamicServer
INFORMIX-OnLineMessageService
<
DB2
DB2-DB2DA400
1135

81,;
8VHU,'V
<
<sid>adm
<
root
6HUYLFHV
ora<sid>
'DWDEDVHV
For the databases, the following user IDs should have their passwords changed:
'%
NT/DB2 (see SAP note 80292)
,QIRUPL[
See note 15399
0LFURVRIW64/6HUYHU
<
See SAP note 28893
<
sa
<
sapr3
2UDFOH81,;
User IDs:
<
SAPR3
<
SYS
<
SYSTEM
8VHIXO6$31RWHVIRU2UDFOH81,;
1136
SAP Note #
Description (Release)
117736
4.5A
101318
4.0B
086857
4.0A
Release 4.6A/B

Audit Tools
Use the program chdbpass to change the passwords. This program automatically updates the
SAPUSER table and enables the user <sapsid>adm to access the database.
2UDFOH17
< system
< sys
< op$<sid>adm
< ops$sapservice<sid>
< sapr3
$XGLW7RROV
$XGLW,QIRUPDWLRQ6\VWHP7UDQVDFWLRQ6(&5
:KDW
The Audit Information System (AIS) is designed for the system and business audits and will
likely be requested to be run by internal or external auditors. It puts into one place many of
the R/3 security tools. The center of the AIS is the Audit report tree. AIS uses standard R/3
reports and transactions to conduct the review and is a standard component in Release 4.6A.
However, you can import the AIS into your system back to Release 3.0D or higher. AIS also
provides an interface to export data to an external auditing system that analyzes financial
statements.
:K\
Auditors examine the results of automated and manual financial and system procedures to
ensure that there is a checks-and-balances infrastructure to prevent fraud, etc. AIS enables
the auditors to test transactions and run reports during the inspection.
+RZ
There are two ways to conduct an audit:

< Complete
<
User defined
1137

Audit Tools
&RPSOHWH$XGLW
In the Command field, enter transaction SECR and choose Enter
(or from the SAP standard menu, choose Information Systems SECR-Audit Info System).
1. Select Complete audit.
2. Choose
.
2
1
A complete audit consists of a system audit and

business audit. The structure on this screen is
Audit_All with a standard view.
3. Click the node (+) to expand the following:
< System Audit
< Business Audit
1138
Release 4.6A/B

Audit Tools
6\VWHP$XGLW
The following example shows how to use the AIS.

1. Under System Audit, click the node (+) next to
Repository / Tables.
2. Click the node (+) next to Table Information.

3. Choose
next to Data Dictionary display.
2
3
1139

Audit Tools
4. When the transaction executes, you will see this

screen.
From here, you will execute the transaction
normally.
5. Choose Back.
1140
Release 4.6A/B

Audit Tools
%XVLQHVV$XGLW
1. Under Business Audit, click the node (+) next to

Closing (FI-GL).
2. Click the node (+) next to Balance Sheet/ P&L/
Balances.
3. Click the node (+) next to Balance Sheet/ P&L.
You can execute different reports to inspect the
financial balances.
4. Choose
next to Profit and Loss Projection.
2
3
4
5. On this screen, you can enter criteria for your

report then choose .
6. Choose Back.
6
5
1141

Audit Tools
8VHU'HILQHG$XGLW
You can also conduct a user-defined audit by creating a view or subset of a complete audit.
1. In the Command field, enter transaction SECR and choose Enter
(or from the SAP standard menu, choose Information Systems SECR-Audit Info System)
2. Select User-defined audit.
3. Under User-defined audit, enter a view name (for
example, ZVUE).
4. Choose
4
2
3
View names must start with Y or Z.
5. In Name, under New view, enter the name of the

view (for example, ZVUE).
6. Under Select using, select Manual selection.
You will select the procedures that will be

included in the view.
7. Choose
When you are creating a view and you entered a

different name in Name, the name of the view is
what was entered in the main screen.
6
7
We want to include all the procedures for a

system audit in this view.
8. Select System Audit.
9. Choose
10. Choose
1142
9
10
Release 4.6A/B

Audit Tools
The message in the status bar indicates that the

generation was successful.
11
11. Choose Back.
12. Choose
Display to check the view of this
structure.
12
13. Click on the System Audit node (+) to expand it.
13
1143

Audit Tools
These are all the procedures for the Audit_All

structure with a ZVUE view.
6HFXULW\$XGLW/RJ60
:KDW
The Security Audit Log records the security-related activities of users in the system. These
activities include successful and failed:
<
Dialog logon attempts
<
Report and transaction starts
<
RFC/CPIC logons
Other events written into the log are:

<
Locked transactions or users
<
Changed or deleted:
Authorizations
Authorization profiles
User master records
Changes to the audit configuration
<
The log is created each day, and previous logs are neither deleted nor overwritten. The log
files can become numerous and large, so we recommend that the logs be periodically
archived before being manually purged. An audit analysis report can be generated from the
audit logs. You can analyze a local server, a remote server, or all the servers in an R/3
System.
:K\
Based on certain criteria, the information in the security audit files can be manipulated to
tailor the audit analysis report.
The report assists the administrator:
1144
<
Reconstruct or analyze incidents
<
Improve security by recognizing inadequate measures
Release 4.6A/B

Audit Tools
<
Trace unusual user activities
<
Understand the impact of changes to transactions or users
+RZ
To start a security audit, you can do one of the following:

<
Set the profile parameter rsau/enable to 1

(For more information, see the section on RZ10 in chapter 20.)
<
Dynamically start it using transaction SM19.
The number of audit logs created by the system depend on the following:
<
<
You may choose to set the maximum space for the security audit file in parameter
rsau/max_diskspace/local.
When the limit has been reached, logging will end.
You can define the size of an individual security log file to fit in the chosen archiving
media.
This definition means that the system produces several log files each a day and these
files can be, for example, archived periodically into CDs. The profile parameter is
rsau/max_diskspace/per_file, and the maximum size per file is 2 GB.
1RWH You cannot set both parameters. You have to choose the method by which the
audit files are created.
1145

Audit Tools
5XQQLQJWKH$XGLW/RJ
*XLGHG7RXU
This procedure assumes that the audit has been running for some time and that audit logs have been
created.
(or from the SAP standard menu, choose Tools Administration Monitor Security Audit log
SM20-Analysis).
2. Complete the steps below:
a. In From date/time, enter a time and a date (for
example, 13:00).
3
b. Under Audit classes, select:
< Dialog logon
< Transaction start
< Report start
2a
2b
3. Choose Re-read audit log.

This button is used to read a log for the first
time.
The security report is displayed.

4. To see the details of an audit message, select a
line and choose .
1146
Release 4.6A/B

Audit Tools
5. Documentation for the message and

technical details are revealed. This
screen is most useful when
displaying negative messages such as
failed logins or locked transactions.
6HWWLQJ6HFXULW\$XGLW/RJ3DUDPHWHUV60
:KDW
The audit log parameters are the criteria used to write the types of audit messages into the
audit log file. The parameters are grouped into audit profiles that can be activated at the
next system startup (configuration status) or applied on the fly (dynamic configuration).
:K\
Audit profiles need to be first created before audit logs can be written. These profiles limit
the amount and type of data written into the security audit files, which makes the
subsequent security reports more meaningful to the administrator.
+RZ
Decide what to audit and set selection criteria at the database level or dynamically at the
application server level:
<
If the audit configuration is permanently stored at the database level, all application
servers use the identical criteria to save events in the audit log.
The settings take effect at the next application server start.
<
At the application server level, however, dynamic changes can be set to individual
application servers and distributed to the entire system.
The new criteria will remain in effect until the server is brought down.
You can define up to 5 sets of selection criteria or filters. The system parameter,
rsau/selection_slots (that defines the number of filters has a default value of 2). You can
activate an audit in the dynamic configuration using transaction SM19.
1147

Audit Tools
*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration Monitor Security Audit log
SM19-Configuration).
Configuration status refers to the storage of the parameters in the database.
2. Choose
.
2
3. Enter a profile name (for example, audprof1).

4. Choose
1148
Release 4.6A/B

Audit Tools
5. In this screen, you may specify two filter groups

and define the types of audit messages that will
be written into the log.
'HILQH)LOWHU*URXS
6. Choose Filter 1.
7. Under Selection criteria, in:
< Client, enter *
< User Names, enter *
8. In Audit classes, select:
< Dialog Logon
< Transaction Start
6
9. Under Events, select All.

10. Select Filter active.
10
7
1149

Audit Tools
'HILQH)LOWHU*URXS
11. Choose Filter 2.
This filter traces the reports started by one user.
12. Under Selection criteria:
<
In Client, enter *.
<
In User Names, enter a user ID (for example,

GARYN).
13. In Audit Classes, select Report start.
11
14. Under Events, select Severe and critical.

15. Deselect Filter active.
16
15
This setting allows you to save the filter settings 12

but does not activate them.
13
14
16. Choose Detail setting to drill down the audit

class and event class categories.
17. Scroll down to Report start.
Notice that the category is automatically chosen
based on the earlier selection of Event type and
Audit class type.
18. Choose
18
17
1150
Release 4.6A/B

Audit Tools
19. The general categories are cleared indicating

that settings were browsed or defined at the
detail level.
20
20. Choose Save.
19
21. A message at the bottom of the screen notifies

the user that the profile was successfully saved.
22. Choose
22
21
1151

Audit Tools
23. The profile name is now in the Active profile

field, and the message in the status bar indicates
that the profile will be activated when the
application server is restarted.
24
24. To dynamically change the selection criteria for

one or more application servers in a running
system, choose the Dynamic configurat (Dynamic
configuration) tab.
23
25. In this example, the audit has been running for

some time (indicated by the current file size
greater than zero) before being stopped briefly.
26
The red square indicates that the audit is
inactive.
26. Choose
.
25
25
1152
Release 4.6A/B

Audit Tools
5XQQLQJDQ$XGLWRQD'LIIHUHQW8VHU
*XLGHG7RXU
In this procedure, we will run an audit on a different user and check on all the reports that were started.
1. Under Selection criteria, in:
<
Client, enter *.
<
User names, enter a user ID (for example,

Patricia).
2. Under Audit classes, select Report start.
3. Under Events, select All.

4. Under Filter 1, select Filter active.
5. Choose
.
4
1
6. Choose Yes.
1153

Audit Tools
7. A green dot appears in the Stat

(Status) column and the message
at the bottom of the screen
indicates that the configuration
was activated.
8VHU6HFXULW\$XGLW-REV
Many of these reports are included as part of the AIS.
:KDW
There are several predefined SAP security reports, including:

<
RSUSR003
Checks for default password on user IDs SAP* and DDIC
<
RSUSR005
Lists users with critical authorizations
<
RSUSR006
Lists users who are locked due to incorrect logon

This report should be scheduled to run each day, just before midnight.
<
RSUSR007
Lists users with incomplete address data
<
RSUSR008
Lists users with critical combinations of authorizations or transactions
<
RSUSR009
Lists users with critical authorizations, with the option to select the
critical authorizations
<
RSUSR100
Lists change documents for users and shows changes made to a users
security
<
RSUSR101
Lists change documents for profiles and shows changes made to security
profiles
<
RSUSR102
Lists change documents for authorizations and shows changes made to

security authorizations
Some of these reports have parameter tables that need to be properly maintained. Review
and analyze these reports based on your knowledge of the company. However, be aware
1154
Release 4.6A/B

Audit Tools
that security issues may exist. If you have a small company, these issues cannot be avoided
because one person often must wear many different hats.
:K\
Your external auditors may require some of these reports to be executed as part of the
annual financial audit.
+RZ
You can use either of the following transactions:

<
SA38 (ABAP: Execute Program)

This transaction only allows the program to be executed.
<
SE38 (ABAP Editor)

With this transaction, if the user has the security authorization, the user can execute and
change the program.
6$$%$3([HFXWH3URJUDP
1. In the Command field, enter transaction SA38 and choose Enter.

2. In Program, enter the
report name.
3. Choose
1155

Audit Tools
6($%$3(GLWRU
1. In the Command field, enter transaction SE38 and choose Enter.

2. In Program enter the
report name .
3. Choose
.
3
2
1RWHVIRU6SHFLILF5HSRUWV
RSUSR008 (lists critical combinations of authorizations or transactions):
1156
<
These combinations are maintained on table SUKRI.
<
Dangerous combinations include the following transactions:

RZ02 (with anything)
RZ03 (with anything)
SE14 (with anything)
SU01 (with security, users, and profiles)
SU02 (with security, users, and profiles)
Release 4.6A/B

Audit Tasks
$XGLW7DVNV
5HYLHZWKDWDOO1DPHG8VHUVDUH9DOLG
:KDW
All users who have left the company should have their R/3 access terminated immediately.
By locking or deleting these user IDs, you limit access to only those users who should have
access to R/3. Periodic review assures that the task of locking or deleting has been
completed.
:K\
Proper audit control requires that a user who no longer has a valid business need to access
R/3 should not be allowed to do so.
Deleting or locking these user IDs also prevents anyone who had been using the terminated
user ID from accessing the system with that ID.
One of the audit procedures that your external auditors will use is to test whether a person
who does not need to access R/3 has a live user ID.
+RZ
*XLGHG7RXU
1. In the Command field, enter transaction SU01 and choose Enter

(or from the SAP standard menu, choose Tools Administration User maintenance SU01-Users).
2. Choose
1157

Audit Tasks
Review the active users and

verify that these users are
valid.
In a large company, you

should do a random audit on
at least 20 users. The
minimum number should be
determined by your auditors.
For additional information on how to lock a user, see chapter 12, User Administration.
5HYLHZLQJ3URILOHVIRU$FFXUDF\DQG3HUPLVVLRQ&UHHS
:KDW
A permission creep is an incremental increase in permission and is given to a user over

time. If left unchecked, increased permissions may grant a user more authority in the system
than is required or intended.
:K\
Users may have undesirable authorization(s) or combinations.
Your external auditors may have an audit step to check for permission creep.
+RZ
You can conduct a spot audit of:

<
Individuals
1. Review the security forms for a user
2. Compare these forms to the activity groups and profiles assigned to that user
3. Investigate inconsistencies
1158
Release 4.6A/B

Audit Tasks
4. Review the activity groups and profiles assigned to the individual for reasonableness.
Reasonableness is defined as, Does it make sense?
5. Review the individual profiles assigned for content and check to see if the profile has
been recently changed.
<
Profiles (transaction SU02) and authorizations (transaction SU03)

Check if the change date is recent.
You can also execute the following audit reports:

<
RSUSR100 (user changes)
<
RSUSR101 (profile changes)
<
RSUSR102 (authorization changes)
For additional information on these reports, see the User Security Audit on page 1154.
1159

Audit Tasks
1160
Release 4.6A/B
&RQWHQWV
Overview ................................................................................................................122
Recommended Policies and Procedures ...........................................................123
New User Setup.....................................................................................................127
Maintaining a User (SU01)..................................................................................1224
Resetting a Password (SU01) ............................................................................1226
Locking or Unlocking a User (SU01).................................................................1227
User Groups ........................................................................................................1229
Deleting a Users Session (Transaction SM04)................................................1232
121
Chapter 12: User Administration

Overview
2YHUYLHZ
User administration is a serious function, not just a necessary administrative task. Security is
at stake each time the system is accessed. Because the companys financial and other
proprietary information is on the system, the administrator is subject to external
requirements from the companys external auditors, regulatory agencies, and others.
Customers should consult with their external auditors for audit-related internal control user
administration requirements. For example, human resources should be consulted if the HR
module is implemented or if personnel data is maintained on the system.
A full discussion on security and user administration is beyond the scope of this guidebook.
For example, manually creating and maintaining security profiles and authorizations is also
not covered. Our discussion is limited to a general introduction and a list of the major
issues related to security. The two sections below affect all aspects of security, which is why
we begin with them.
8VHU*URXSV
User groups are created by an administrator to organize users into logical groups, such as:
<
Basis
<
Finance
<
Shipping
For additional information, refer to the section User Groups on page 1229.
3URILOH*HQHUDWRU
The Profile Generator is a tool used to simplify the creation and maintenance of SAP
security. It reduces (but does not eliminate) the need for specialized security consultants.
The value of the Profile Generator is more significant for smaller companies with limited
resources that cannot afford to have dedicated security administrators. For more
information on the Profile Generator, see the Authorizations Made Easy guidebook.
122
Release 4.6A/B

Recommended Policies and Procedures
5HFRPPHQGHG3ROLFLHVDQG3URFHGXUHV
Some of the tasks in this guidebook are aimed at complying with common audit procedures.
Obtaining proper authorization and documentation should be a standard prerequisite for all
user administration actions.
8VHU$GPLQLVWUDWLRQ
User administration tasks comprise the following:
<
User ID naming conventions

The employees company ID number (for example, e0123456)
Last name, first initial, or first name, last initial
In a small company where names are often used as ID, it is common to use the
employees last name and first initial of the first name or the employees first name
and first initial of the last name (for example, doej or johnd, for John Doe).
Clearly identifiable user IDs for temporary employees and consultants (for example,
T123456, C123456).
<
Adding or changing a user

The users manager should sign a completed user add-or-change form.
The form should indicate the required security, job role, etc., that defines how
security is assigned in your company.
If security crosses departments or organizations, the affected managers should also
give their approval.
If the user is not a permanent employee, or if the access is to be for a limited time, the
time period and the expiration date should be indicated.
The forms should be filed by employee name or ID.
A periodic audit should be performed, where all approved authorizations are
verified against what was assigned to the user.
<
Users leaving the company or changing jobs

This event is particularly sensitive.
The policies and procedures for this event must be developed in advance and be
coordinated by many groups. As an example, see the table below.
System Adminstration Made Easy
123

Group
Responsibility
Human resources
Legal or personnel matters
External auditors
Internal control issues related to financial

audit
IT
Procedures to terminate network access
Senior management
Policy approval
Employees manager
Handover or training period for the

employees replacement
To manage terminated employees:

< The users manager or HR should send a form or e-mail indicating that the employee is
leaving.
<
The users ID should be locked and the user assigned to the user group term for
terminated.
If the users ID is not required as a template:
The activity groups assigned to the user should be deleted.
(use transaction SU01, under the Activity Group tab, delete the activity groups).
The security profiles assigned to the user should be deleted
(use transaction SU01 and under the Task profile and Profile tabs, delete the profiles).
<
Check Background Jobs (transaction SM37) for jobs scheduled under that user ID.
The jobs will fail when the user ID is locked or deleted.
<
If the user leaves one job for another and needs to maintain access for handover, this
handover should be documented.
The duration of the handover access must be defined and the expiration (Valid to) date
entered in the R/3 System.
<
All temporary employees or consultants should have expiration (Valid to) dates on their
user IDs.
Similar to banks, there should be a secret word that users could use to verify their
identity over the phone. This word would be used when the user needs their password
reset or their user ID unlocked. But, realize that others can overhear this secret word
and render it useless.
124
Release 4.6A/B

6\VWHP$GPLQLVWUDWLRQ
<
Special user IDs

The two user IDs (SAP* and DDIC) should only be used for tasks that specifically
require either of those user IDs. A user who requires similar super user security rights
should have a copy of the SAP* user security.
The security rights of SAP* and DDIC are extensive, dangerous, and pose a security
risk. Anyone who requires or requests similar security rights should have an extremely
valid reason for the request. Convenience is not a valid reason. The security profiles
that serves as the master key are SAP_ALL, and to a lesser degree, SAP_NEW.
The user ID SAP* should never be deleted. Instead:
1. Change the password.
2. Lock the user ID.
If the user ID SAP* is deleted, logon and access rights are gained by rights programmed
into the R/3 System. The user ID SAP* then gains unknown and uncontrollable security
rights.
The user IDs SAP* and DDIC should have their default passwords changed to prevent
unauthorized use of these special user IDs.
An external audit procedure checks the security of these two user IDs.
For medium- and large-size companies, granting developers SAP* equivalent security
rights in the development and test systems is usually inappropriate. SAP* equivalent
security in the production system is a security and audit issue and should be severely
limited.
<
User passwords
Parameters that define and restrict the user password are defined by entries in the
system profiles.
Passwords should be set to periodically expire.
The recommended expiration date is no more than 90 days, but auditors will usually
want this date to be set at 30 days.
Minimum password length of five (5) characters should be set.
User should be locked after three unsuccessful logon attempts.
The table of prohibited passwords (USR40) should be maintained.
125

Sample R/3 User Change Request Form
R/3 User Change Request
Company ID:
System/Client No.
PRD 300
QAS 200 210 220
DEV 100 110 120
Employee:
Type of Change
Department Name/Cost Center Number:
Change user
Delete user
Add user
User ID:
Position:
Expiration Date (mandatory

for temporary employees)
Secret Word:
Request Urgency
High
Requester:
Medium
Requesters position:
Low
Requesters phone:
Employees Job Function (If similar to others in department, name and user ID of a person with similar job function):
Special Access/Functions:
Requester Signoff
Name
Signature
Date Signed
Name
Signature
Date Signed
Name
Signature
Date Signed
Name
Signature
Date Signed
Name
Signature
Date Signed
Name
Signature
Date Signed
Manager Signoff
Owner Signoff
Security
In addition to security approval (above), is a signed copy of computer security and policy statement attached?
W Yes
126
W No
Release 4.6A/B

New User Setup
1HZ8VHU6HWXS
3UHUHTXLVLWHV
*HQHUDO3URFHVVRU3URFHGXUH
Before you set up a new user, have in hand the user add form (with all the required
information and approvals).
7KH8VHUV'HVNWRS
Does the users desktop meet the following criteria:
<
Does the system configuration meet the minimum requirements for SAP?
<
Is the display resolution set to a minimum of 800 x 600?
<
Is there sufficient space on the hard disk to install the SAP GUI with sufficient room for
desktop application to run?
For windows, a minimum of 50MB free space should remain after installing SAP GUI. A
practical minimum however, is at least 100MB of free space.
1HWZRUN)XQFWLRQDOLW\
Can the user log on to the network?
From the users computer:
<
Can you ping the SAP application server(s) that the user will be logging onto?
<
If the SAP GUI will be loaded from a file server, can you access the file server from the
users computer where the SAP GUI will be installed?
)RU,QVWDOODWLRQRI6$3*8,
Before you install the SAP GUI, you should have the R/3 server name and the R/3 System
(instance) number (for example, xsysdev and 00). You will need to enter this information
during the installation.
5HFRPPHQGHG3UHUHTXLVLWHIRUWKH*8,,QVWDOODWLRQ
The online documentation should be installed according to the instructions in the SAP
document Installing the Online documentation. The online documentation installation and
access method has changed since Release 3.x.
127

New User Setup
,QVWDOOLQJWKH)URQWHQG6RIWZDUH6$3*8,
The SAP GUI or frontend installation instructions are in the installation guide, Installing SAP
Frontend Software for PCs.
The SAP GUI can be installed from:
<
A copy of the presentation CD on a file server
<
The presentation CD or a copy of the CD
In most situations, accept the installation defaults.
,QVWDOOLQJ6$3*8,IURPD)LOH6HUYHU
The preferred method is to install SAP GUI from a file server because you do not need to
carry the presentation CD around. Also, remote installations can be completed without
shipping out and potentially losing the original CD.
The following is a list of the prerequisites to install SAP GUI from a file server:
<
Copy the SAP GUI load files from the presentation CD to a shared directory on a file
server.
<
Have access to the shared directory from the users PC.
+RZWR,QVWDOOWKH6$3*8,
*XLGHG7RXU
1. Map a drive to the shared drive on the network where the presentation CD has been copied.
Select the mapped drive to the
presentation CD software.
In this example, Sim-cd on
Pal100767 (E:).
2. Navigate down to the directory for
the gui.
In this example, Sim-cd on
Pal100767 (E:) 46a-gui
Win32.
1
2
3. Double-click on Setup.exe.
The installation program starts.
128
Release 4.6A/B

New User Setup
4. Choose Next.
5. Select Local installation.

6. Choose Next.
7. Choose Next.
129

New User Setup
8. Select SAPgui.
Steps 912 are optional.
9. Click on Desktop Interfaces.
10. Choose Change option.
9
8
10
From this screen, select the

components you want:
11. Example, select Graphical
Distribution Network.
This component is required if
system administrators wish to
view specific screens.
11
12. Choose OK.
12
1210
Release 4.6A/B

New User Setup
13. Choose Next.
13
14. Select English.

15. Choose Next.
14
15
16. Choose Next.
16
1211

New User Setup
This parameter is set in the R/3

System when the online
documentation is installed
(Release 4.0B+).
17. Choose Next.
17
18. For path for shared drives, choose

Next (not shown).
19. Enter the following information:
< Application server
< System number
20. Choose Next.
19
19
20
21. Choose Next.
21
1212
Release 4.6A/B

New User Setup
22. Choose Install.
22
23. The SAPSetup window appears to

show you how the installation is
progressing.
The installation is now complete.

24. Choose OK.
24
25. Choose Yes to restart your

computer.
25
To add systems to the SAP Logon see section Adding Systems in the SAP Logon.
1213

New User Setup
,QVWDOOLQJ6$3*8,IURPWKH3UHVHQWDWLRQ&'
When the network connection between the SAP GUI files on the network and the user is too
slow to permit installation, install SAP GUI from the presentation CD. A slow connection
could result from a slow modem or a slow network link.
A copy should be made of the original presentation CD and the copy shipped to the user
site. You then maintain control of the original CD and reduce the chance that it might get
lost. The SAP GUI installation files can also be copied to other high-capacity removable
media such as ZIP or optical disk, as appropriate for your company.
The copy of the presentation CD can then be safely sent to the users site. From there, it can
be either loaded onto a local file server for installation or installed directly from the delivery
media. The prerequisites for such an installation is that the user has a CD drive or other
drive compatible with the delivery media (ZIP, optical, etc.) on which the SAP GUI files are
delivered.
To install SAP GUI from a CD:
1. Insert the CD into the drive.
2. In Windows Explorer, choose this drive.
3. Choose Gui Win32.
4. Double-click on Setup.exe.
5. Follow the same procedure as when loading from a file server.
6. Test your connection
7. Log on to the system.
1214
Release 4.6A/B

New User Setup
$GGLQJ$GGLWLRQDO6\VWHPV
*XLGHG7RXU
7R$GG$GGLWLRQDO6\VWHPVLQWKH6$3/RJRQ
1. On the SAP Logon window, choose
New.
2. In Description, enter a short

description of the system (for
example, SAS App Server 1).
3. In Application Server, enter the

name of the server (for example,
pal101003 or xsapdev).
4. The SAP Router String field is

usually blank.
5. In SAP System, select R/3.

6. In System Number, enter the system
(instance) number for the instance
in which you are creating the
logon (for example, 00).
7. Choose OK.
1215

New User Setup
8. The new system is in the SAP

Logon.
9. Test your connection

10. Log on to the additional system.
6HWWLQJ8SD1HZ8VHU68
The procedural prerequisite is to check that all documentation and authorizations required
to set up a new user are present.
There are two ways to create a new user:
<
Copy an existing user
<
Create a new user from scratch
&RS\LQJDQ([LVWLQJ8VHU68
You can copy from an existing user if you have a good match. The new user will have the
same security profiles as the existing user. This process is the easiest and is the
recommended method for a small company.
Create template users for the various job functions that can be copied to create new
users.
Prerequisite:
A valid user ID to copy is identified on the user setup form.
1216
Release 4.6A/B

New User Setup
*XLGHG7RXU

2. Enter the user ID (for example,
GARYN) that you want to copy.
3. Choose
3
2
4. In the Copy Users window, enter the

new user ID in To (for example,
GARY).
4
Follow your companys naming

convention for creating user IDs.
5. Choose
1217

New User Setup
6. Under the Password section, in Initial

password, enter an initial password
(for example, init). Reenter the
same password in Repeat password.
Your company may have a
password policy where a random
initial password is to be used.
10
7. In User group for authorization check,

enter the user group (for example,
SUPER) to which the user is to be
assigned.
A user group must exist before a

user can be assigned to it.
to select from a list of
8. Check
user groups.
9. Enter dates in the Valid from and
Valid to fields to limit the duration
that the users will have access to the
system.
Entering valid to/from dates is

usually required for contractors and
other temporary personnel.
10. Choose the Address tab to change the
users address data.
1218
Release 4.6A/B

New User Setup
11. Enter the users Last name.

12. Enter the users First name.
13. Enter the users job Function.
14. Enter the users Department.
15. Enter the users location (for
example, Room no., Floor, Building).
17
16. Enter the users phone number.

11
12
A telephone number should be a

required entry field. If there is a
system problem identified with the
user, you need to contact that user.
13
14
15
15
15
16
17. Choose the Defaults tab.
1219

New User Setup
18. Check that the Logon language is set

correctly (for example, EN for
English).
23
If the system default language has

been set (for example, to English),
then this field is only used to enter a
default logon language for the
individual user (for example, DE for
German).
18
19. Under Output Controller:

a. For OutputDevice, enter a default
printer or choose
printer.
21
to select a 19a
b. Select:
< Output immediately
< Delete after output
19b
22
20
20. Check that the Personal time zone is

correct, or choose
zone.
to select a time
21. Under Decimal notation, select the

appropriate notation (for example,
Point for United States).
The Decimal notation affects how

numbers are displayed. Setting it
correctly is critical to prevent
confusion and mistakes.
22. Under Date format, select the
appropriate date format
(for example, MM/DD/YYYY).
23. Choose Save.
1220
Release 4.6A/B

New User Setup
&UHDWLQJD1HZ8VHU68
Sometimes it becomes necessary to create a completely new user. You may need to create a new user when
you do not have another user from which to copy.
*XLGHG7RXU

GARY) that you want to create.
3. Choose
.
3
4. Enter the users Last name.

5. Enter the users First name.
6. Enter the users job Function.
7. Enter the users Department.
8. Enter the users location (for
example, Room no., Floor, Building).
10
9. Enter the users phone number.

4
5
A telephone number should be a

required entry field. If there is a
system problem identified with the
user, you need to contact that user.
6
7
8
10. Choose Logon data tab.
1221

New User Setup
11. Enter an initial password (for

example, init). Reenter the same
password in the second field.
12. In User group for authorization check,
enter the user group (for example,
SUPER) to which the user is to be
assigned or choose
user group.
14
to select a
11
12
A user group must exist before a

user can be assigned to it.
13
13. Enter dates in the Valid from and

Valid to fields to limit the duration
that the users will have access to the
system.
Entering valid to/from dates is

usually required for contractors and
other temporary personnel.
14. Choose the Defaults tab.
1222
Release 4.6A/B

New User Setup
15. As an option, in Logon language,

enter the appropriate language code
(for example, EN for English).
If the system default language has
been set (to for example, English),
this field is only used to enter a
default logon language for the
individual user (example, DE for
German).
20
15
16. Under Output Controller:

a. For OutputDevice, enter a default 16a
printer or choose
printer.
18
to select a
16b
b. Select:
< Output immediately
< Delete after output
17
19
17. Under Personal time zone, enter a

time zone or choose
time zone.
to select a
18. Under Decimal notation, select the

appropriate notation (for example,
Point, for United States).
The Decimal notation affects how

numbers are displayed. Setting it
correctly is important to prevent
confusion and mistakes.
19. Under Date format, select the
appropriate date format (for
example, MM/DD/YYYY).
20. Choose Save.
1223

Maintaining a User (SU01)
21. The message indicates that the user

was saved.
21
22. Assign security to the user by using the Profile Generator

(see the Authorizations Made Easy guidebook).
0DLQWDLQLQJD8VHU68
Before maintaining a user, have a properly completed and approved user change form.
The user change documentation is audited in a security audit.
:K\
You need to maintain a user to manage:

< Job changes to an existing job or position
1224
<
New jobs or positions
<
User data changes, such as name, address, phone number, etc.
Release 4.6A/B

Maintaining a User (SU01)
*XLGHG7RXU

gary) to be maintained.
3. Choose
.
3
The Maintain User screen allows

you to change a users:
< Address
< Logon data

< Defaults
< Password
< User group
< Other
4. When you finish making the
changes, choose Save.
1225

Resetting a Password (SU01)
5HVHWWLQJD3DVVZRUG68
:K\
The most common reason to reset a password is that users forget their password. In this
situation, the user has probably attempted to log on too many times with an incorrect
password. The user has probably also locked their user ID, which also needs to be unlocked.
Make certain the person who requests their password to be reset is indeed the valid user.
A basic user verification method is to have a telephone with a display so that the displayed
callers phone number can be compared to the users phone number, which is stored in the
system or can be found in the company phone directory.
We recommend that you use a method similar to what banks use where the user has a
secret word that verifies their identity on the phone. This method is not foolproof because
someone can overhear the secret word.
You should maintain a security log of password resets. This log should be periodically
audited to look for potential problems.
*XLGHG7RXU

3. Choose
.
3
2
1226
Release 4.6A/B

Locking or Unlocking a User (SU01)
4. In the Change Password popup

window, enter a new password in
New password and reenter this
password in Repeat password.
5. Choose
Copy.
For security, you can only set an initial value for the users password. Users are then
required to change the password when they log on. You cannot see what the users current
password is, nor can you set a permanent password for the user.
/RFNLQJRU8QORFNLQJD8VHU68
:KDW
The lock/unlock function is part of the logon check, which allows the user to log on (or
prevents the user from logging on) to the R/3 System.
:K\
<
Locking a user
R/3 access should be removed if a user:
Leaves the company
Is assigned to a different group
Is on leave
The lock function allows the user ID and the users security profile remains on the
system but does not allow the user to log on. This function is ideal for temporary
personnel or consultants where the user ID is locked unless they need access.
<
Unlocking a user
Users are automatically locked out of the system if they attempt to incorrectly log on
more than a specified number of times. The administrator must unlock the user ID and
more than likely reset the users password.
Before unlocking a user, determine if the request is valid.
Do not unlock a user who has been manually locked without first finding out why this
was done. There may be an important reason why the user should not access the
system.
1227

Locking or Unlocking a User (SU01)
Maintain a security log of unlocking users, which should be periodically audited for
potential problems.
*XLGHG7RXU

(or choose SAP standard menu Tools Administration User maintenance SU01-Users).
3. Choose
.
3
4. A popup window appears.

In this example, an administrator
has manually locked the user ID.
If a user is locked by the system

manager, always check why.
There may be a valid reason to
refuse to unlock a user.
5. Choose
In this example, this step will

unlock the user.
1228
Release 4.6A/B

User Groups
6. A message at the bottom of the

screen indicates that the user has
been unlocked (or locked).
8VHU*URXSV
:KDW
A user group is a logical grouping of users (for example, shipping, order entry, and finance).
The following restrictions apply to user groups:
<
A user can belong to only one user group.
<
A user group must be created before users can be assigned to it.
<
A user group provides no security until the security system is configured to use user
group security.
Create the group term for terminated users. Lock all users in this group and, for most of
these users, delete the security profiles. This process maintains the user information for
terminated users, and prevents the user ID from being used to log on.
:K\
The purpose of a user group is to:

<
Provide administrative groups for users so they can be managed in these groups.
<
Apply security.
1229

User Groups
8VDJH
Following are a few recommended special groups:

Group
Definition
TERM
Terminated users. This way, user records

can be kept in the system for identification.
< All users in this group should be
locked.
< If it is not being used as a template, all
security profiles should be removed
from the user.
SUPER
Users with SAP* and DDIC equivalent

profiles.
TEMPLATE
Template users to be used to create real

users.
+RZWR&UHDWHD8VHU*URXS68
*XLGHG7RXU

2. From the menu bar choose
Environment User groups
Maintain.
1230
Release 4.6A/B

User Groups
3. Enter the name of the user group

you would like to create (for
example, purchasing).
4. Choose
5. In Text, enter a description of the

user group.
7
6. Under User Assignment, in User,

choose
group.
to add users to the
7. Choose Save.
5
1231

Deleting a Users Session (Transaction SM04)
8. The message inidicates the new

user group was created.
'HOHWLQJD8VHUV6HVVLRQ7UDQVDFWLRQ60
:KDW
Use transaction SM04 to terminate a users session.

:K\
Transaction SM04 may show a user as being active when the user has actually logged off.
This condition is usually caused by a network failure, which cuts off the user, or that the
user has not properly logged off the system. (For example, the user turned the PC off
without logging off the system.)
A user may be on the system and needs to have their session terminated:
<
<
1232
The users session may be hung and terminating the session is the only way to remove
the users session.
The user may have gotten into a one way menu path without an exit or cancel option.
This situation is dangerous, and the only safe option is to terminate the session.
Release 4.6A/B

+RZWR7HUPLQDWHD8VHU6HVVLRQ
*XLGHG7RXU
1. Verify that the user is actually logged off from R/3 and that there is no SAP GUI window minimized
on the desktop. Verification is done by physically checking the users computer.
Verification is important because users may have forgotten that they minimized a
session.
3. Select the user ID that you want to
delete.
4. Choose Sessions.
4
In step 3 above, double-check that the selected user is the one you really want to delete.
It is very easy to select the wrong user.
5. Select the session to be deleted.
6. Choose End session.
It may take a while to actually
delete the session so be patient.
7. Repeat steps 5 and 6 until all
sessions for that user are deleted.
1233

$FWLYH8VHUV7UDQVDFWLRQV60DQG$/
:KDW
These transactions display all the users who are currently logged on to the system. They
show both the users ID and terminal name.
:K\
terminals. This recognition may indicate that someoneother than the designated useris
using that user ID.
A user logged on to more than one terminal indicates that the user ID is being:
<
<
Used or shared by several people
User IDs should not be shared for several reasons.

<
One reason is that if a problem arises, you will not know who created the problem.
This situation makes the problem difficult to fix, prevent, and from re-occurring.
<
Prudent security practices do not allow for sharing of user IDs.
<
Set the system profile login/disable_multi_gui_login.

Your external auditors may also perform this test to test your security.
3UREOHPV
Transaction SM04 may show a user as active, when in fact the user has actually logged off.
Because the user session was not properly closed, the system thinks that the user is still
logged on.
This condition can be caused by the following (among others):
1234
<
A network failure, which cuts off the user from the network or R/3.
<
The user turning off their computer without logging off from the R/3 System.
Release 4.6A/B

6LQJOH,QVWDQFH6\VWHP7UDQVDFWLRQ60
*XLGHG7RXU

2. Select the user ID to view the
session the user has open.
3. Choose Sessions.
3
The Overview of Sessions screen

shows what sessions the user has
open.
4. Choose
1235

0XOWL,QVWDQFH6\VWHP7UDQVDFWLRQ$/
If you have several instances in your system, using AL08 is easier, because you can
simultaneously see all users in all instances.
Exceptions/Users Active users ALO8-Users, global).
2. The Current Active Users screen
shows all the instances in your
system and the number of active
users.
3. For each instance, the users logged
into that instance/application server
are listed.
2
1236
Release 4.6A/B
&KDSWHU 'DWDEDVH$GPLQLVWUDWLRQ
0LFURVRIW64/6HUYHU
&RQWHQWV
Overview ................................................................................................................132
Starting and Stopping the Database ...................................................................132
Database Performance .........................................................................................134
Scheduling Database Tasks (DB13)....................................................................139
Checking the Database Backup (DB12)............................................................1315
Initializing Backup Tapes ...................................................................................1318
Database Backups with Microsoft Tools..........................................................1319
Database Error Logs...........................................................................................1328
Verify Database Consistency.............................................................................1329
Run Update Statistics .........................................................................................1329
System passwords .............................................................................................1330
131
Chapter 13: Database Administration Microsoft SQL Server

Overview
2YHUYLHZ
Microsoft SQL Server is a low maintenance database that is increasingly popular with smaller R/3
installations. This chapter will review the database administrative tasks that can be accomplished within
the R/3 System with associated tasks utilizing the Microsoft administrative tools.
6WDUWLQJDQG6WRSSLQJWKH'DWDEDVH
6WDUWLQJWKH'DWDEDVH
1. From the NT desktop, choose Start Programs MS SQL Server 7.0 Service Manager.
2. Choose Start/Continue.
3. Check that Microsoft SQL Server

is started by checking the color
and shape of the status icon (the
green arrow), and the status
message at the bottom of the
window.
3
132
Release 4.6A/B

Starting and Stopping the Database
6WRSSLQJWKH'DWDEDVH
1. Verify that R/3 has been stopped.
If R/3 has not been stopped, stop R/3 now.
Follow the proper procedure to stop R/3.
2. From the NT desktop, choose Start Programs MS SQL Server 7.0 Service Manager.
3. Choose Stop.
4. Choose Yes.
5. Check that Microsoft SQL Server

is stopped by checking the color
and shape of the status icon (a red
square), and the status message at
the bottom.
For more information on stopping the database, see chapter 9.
133

Database Performance
'DWDEDVH3HUIRUPDQFH
2YHUYLHZ
The CCMS System has tools available for R/3 Administrators to monitor the database for
growth, capacity, I/O statistics, and alerts. This section will discuss the initial transactions
that can help the database administrator.
'DWDEDVH$FWLYLW\67
:KDW
The Database Performance Monitor (ST04) provides a database-independent tool to analyze

and tune the following components:
< Memory and buffer usage
<
Space usage
<
CPU usage
<
SQL requests
<
Detailed SQL items
:K\
To manage your system performance, the database must be monitored. One of the
important items is the ability to view the database error log from within R/3. This view
saves the extra effort of logging into the database to view this log.
134
Release 4.6A/B

+RZ
*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration Monitor Performance Database
ST04 - Activity).
2. An initial overview of database activity is
provided which pertains to database,
operating system, CPU, and memory.
Microsoft SQL Server allows the analysis
of specific attributes pertaining to
memory, space, I/O, and quality of table
reads and writes. This information can
signal adjustments necessary to improve
performance of the database.
In the screen to the right, some important
areas are highlighted:
2d
2a
2a
a. Memory Usage
Procedure cache and Data cache hit
ratio can reflect memory problems.
These values should be greater than 2b
95 percent for optimal memory usage.
b. Server Engine/Elapsed
Shows how hard the CPU has been
working on Microsoft SQL Server
processes. You are interested in the
ratio of busy : idle time.
2c
2c
c. SQL Requests
Allows for snapshots of how SQL
queries are utilizing table access
pertaining to full table or index scans.
A high ratio of full table scans vs. index
scans can indicate performance
bottlenecks.
d. Detail analysis menu
135

3. This screen is the Detailed analysis menu

(option 2D).
c. This screen is composed of the
following three sections:
3a
< Analyze database activity

< Analyze exceptional conditions
3b
3b
< Additional functions

d. Areas of common interest are:
< Server details
< SQL processes
3a
3b
< Error logs (see the following screen)

3a
c. Additional functions are links to
transactions that will be discussed in 3c
later sections.
This screen shows the Database Error Log.

3b
136
Release 4.6A/B

'DWDEDVH$OORFDWLRQ'%
:KDW
The Database Allocation transaction is used to analyze:

<
<
Database growth
Database index, consistency, etc.
<
Tables
:K\
One critical reason is to monitor database growth. Using the growth rate you could project
the growth to determine when you may need to get additional disk storage for the database.
+RZ
*XLGHG7RXU
1. In the Command field, enter transaction DB02 and choose Enter

(or from the SAP standard menu, choose Tools Administration Monitor Performance Database
DB02-Tables/Indexes).
2. An initial review would identify
the type of database, name, size,
file systems, and totals for
database objects.
The following describes some of
the features of the screen to the
right:
a. Database information indicates
space used for data and log
information.
2a
2b
2c
b. DB space history takes you to

the View database history screen.
c. DB analysis takes you to an
analysis menu screen.
d. To determine attributes for a
specific database object, use
Detail analysis to make
decisions for an individual
object.
2d
137

This screen is the DB space history

display.
A spreadsheet allowing analysis
based on calendar scenarios exists
with the ability to sort on column
information.
1. To view by file, choose Files.
Here you can analyze the physical

file information.
This screen is the DB analysis

display.
From here, the administrator can:
< Analyze the database for
missing indexes, conflicts
between ABAP Dictionary and
database, and R/3 Kernel
integrity.
<
Perform a database
consistency check.
Analysis can be done for table

specific objects to determine the
largest tables, and tables that are
modified.
138
Release 4.6A/B

Scheduling Database Tasks (DB13)
6FKHGXOLQJ'DWDEDVH7DVNV'%
:KDW
The DBA Planning Calendar (DB13) is the scheduling tool for DBA tasks in R/3. Using the
Calendar, the DBA can schedule many of the DBA tasks that need to be performed, such as:
<
Database and transaction log backup
<
Update statistics
<
Check table and database consistency
:K\
These tasks can be conveniently managed and scheduled without going to the database. The
DBA Planning Calendar works with transaction DB12 (Backup logs). For more information on
transaction DB12, see page 1315.
+RZ
To schedule a backup task using the DBA Planning Calendar, the backup must be able to
run unattended, which means that you must have one of the following options:
< A single tape drive with sufficient capacity to back up the database without changing
tapes.
< Multiple tape drives with sufficient total capacity to back up the database without
changing tapes.
139

*XLGHG7RXU
1. Enter transaction DB13 and choose Enter.

(or from the SAP standard menu, choose Tools CCMS DB Administration DB13-DBA Planning
Calendar).
2. Double-click on the date.
If a task exists for that day, this

window appears.
3. Choose Insert to add a new task.
1310
Release 4.6A/B

4. In StartTime, enter the time to begin

the backup.
4
5
The start time is the time on the

database server.
5. Under Action, select a task (for
example, Full Database Backup).
6. Choose Continue.
7. Select all the databases.

8. Choose OK.
7
9. Select the backup device.

(Select R3DUMP0 if you only have
a single tape drive attached.)
10. Choose OK.
10
1311

11. In the Log backup tape options popup window, select the following
options as appropriate:
a. Unload tape
To eject the tape after the
backup is completed.
b. Initialize tape
To overwrite existing data,
rather than appending to last
backup.
c. Verify backup
To verify the backup after it has
run.
If you are doing an online
backup when transactions are
being performed, selecting this
option is not useful because the
database changes during this
13
time will cause this test to fail.
d. Format tape
To erase the entire tape and
write a new tape label.
11a
11b
11c
11d
12
This option is selected when

using a brand new tape, or a
tape that was previously used
with a different application.
12. In Expiration period for backup
volumes, enter the number of days
to protect the tape.
The backup tape is protected from
overwriting by the backup
program for this number of days.
13. Choose OK.
1312
Release 4.6A/B

14. The task will be listed in the day.
14
'HWHUPLQLQJWKH7DSH/DEHO1HFHVVDU\IRUD%DFNXS

1. Double-click on the day.
1313

2. If there is more than one entry,

select the backup entry.
3. Choose Volumes needed to see what
tape (label name) is required for
that backup.
Using the correct tape is

important. If the wrong tape is
used, the backup will fail. For
further information on tape
labeling, see chapter 3.
4. The required tape is displayed (for
example, CD27S).
4
'HOHWLQJDQ(QWU\IURPWKH3ODQQLQJ&DOHQGDU'%
1. On the DBA Planning Calendar,
double-click on the date.
1314
Release 4.6A/B

Checking the Database Backup (DB12)
2. Select the item to delete.

3. Choose Delete.
a. Here you can also choose Change

to change the options you
originally selected for the job.
3a
4. Choose Yes.
5. The item has been deleted.

6. Choose
&KHFNLQJWKH'DWDEDVH%DFNXS'%
:KDW
The Backup Logs transaction (DB12) provides backup and restore information, such as:
<
Log file size and free space in the log file
<
Date and time of last successful restore for:

R/3 database
Transaction log
Master database
Msdb database
<
Backup history
<
Restoration history
<
Backup device list
1315

<
SQL Server jobs
<
Tapes needed for restore
:K\
It is a convenient one stop point for backup information.

Some of the important backup information such as tape label name is passed to DB12 from
DB13. The tapes needed for restore option is important.
Do not rely on the tapes needed for restore feature. You must have a method that does
not rely on R/3 being available to tell you what tapes you will need to do a restore of the
R/3 system.
If there is a severe disaster, and the R/3 system is lost, R/3 is not available for you to look
at this report.
The only missing information is the run time (duration) of the backup job. This is a problem
indicator, when compared to the expected duration of the backup.
+RZ
*XLGHG7RXU

(or from the SAP standard menu, choose Tools CCMS DB Administration DB12-Backup logs).
2. Review log space information to
analyze growth.
3. Review backup information and
notice the date and time of success
or failures.
4. The following is a list of the
available buttons and their
functions:
a. Backup history
A spreadsheet summary of
2
each backup is listed. Each
backup type can be reviewed
with detailed log information
available using History info.
3
(see the SAP R/3 screen below).
4a
4b
4c
4d
4e
b. Restoration history
A spreadsheet of detailed
restoration information is
listed.
1316
Release 4.6A/B

c. Backup device list

Each logical device name is
listed with the appropriate
physical device name (see the
Backup Device List screen
below).
4a
d. SQL Server jobs

A spreadsheet listing of all
scheduled jobs with options
for CCMS, Database and History
Info is listed. History Info lists
the specifics of the job, that
pertain to success or failure of
the job.
e. Tapes needed For restore
A listing of the tapes that are
needed to restore the various 4c
databases. Scroll to the bottom
of the screen, for the
instructions to restore the
database (see the Tapes Needed
For Restore screen below).
1317

Initializing Backup Tapes
4e
,QLWLDOL]LQJ%DFNXS7DSHV
:KDW
Initializing the tape writes a label on the tape header. This label is the same as the physical
label of the tape (for example, CD26S).
:K\
The tape label and the expiration date are additional safety levels to prevent backing up to
the wrong tape, and possibly, destroying needed data. When using the DBA Planning
Calendar (DB13) for backups, the tape must be properly labeled to execute a backup to tape,
because the transaction expects a specific tape to be in the drive. If the tape label does not
match the required label, the backup will fail.
+RZ
Initializing and labeling is an option when executing the backup using DB13, SQL Server
Enterprise Manager, or NT Backup. (For SQL Server, see SAP note 141118 for a description
of the tape label naming convention used by DB13).
1318
Release 4.6A/B

Database Backups with Microsoft Tools
'DWDEDVH%DFNXSVZLWK0LFURVRIW7RROV
Backing up R/3 on SQL Server involves backing up the following SAP-specific and
database-related directories:
< \usr\sap
<
\usr\sap\trans
<
<homedirectory> of <sid>adm
<
\<sid>data
The R/3 database files
<
\<sid>log
The R/3 log file
If the log is allowed to grow to capacity and use all available filespace on the drive, SQL
Server will stop. This event is critical, because when R/3 stops, so does the business
processes that require R/3 to be running.
<
\tempdb
Also backup the following Microsoft SQL Server databases:

<
Master
In case of failures or hardware or software disasters, the Master database contains the
data necessary to recover the database.
<
MSDB
The MSDB database contains the data for the SQL Server job scheduler and the database
backup history.
To make the backup process easier, and open to fewer errors, we recommend that you
backup the entire server and not just specific directories and files.
2QOLQH%DFNXS8VLQJ64/VHUYHU(QWHUSULVH0DQDJHU
:KDW
The SQL 7.0 Enterprise manager is Microsoft SQL Servers general tool. Here it is used to
backup the following while R/3 is running:
<
The R/3 database
<
The R/3 log

To clear the log, the log backup must periodically be done in the initialization mode.
If the log is allowed to grow to capacity and use all available filespace on the drive, SQL
Server will stop. This event is critical, because when R/3 stops, so does the business
processes that require R/3 to be running.
1319

<
\tempdb
You must also backup the following SQL Server databases:

<
Master
If there is a hardware or software disaster, the master database contains the data
necessary to recover the database.
<
MSDB
The MSDB database contains the data for the SQL Server job scheduler and the database
backup history.
:K\
An online backup allows you to backup the database(s) when R/3 and the database is
running, so that system users are not impacted.
+RZ
To backup any of the databases mentioned above:

1. On the NT desktop, choose Start Programs Microsoft SQL Server 7.0 Enterprise Manager.
2.
3.
4.
5.
6.
In the Enterprise Manager:

Expand the SQL Server Group under
which your server is located. (You
may have a different group name.)
Expand the server that you want to
look at. (You will have a different
server name.)
Choose Management
Choose Backup.
Choose Tools Backup Database.
1320
6
2
3
4
5
Release 4.6A/B

7. In Database, choose
database to backup.
to select the
11
8. Under backup, select the type of

backup to perform (for example,
Database - complete).
Select Database complete to do a full
backup of the database. Select
Transaction log to backup only the
transaction log.
9. Under Destination:
< Select the media (in this case

Tape)
< Select the device R3DUMP0.
10. Under Overwrite select Overwrite
existing media.
10
11. Choose the Options tab.
12. Under Options, select:

< Verify backup upon completion
< Eject tape after backup
< Backup set will expire
13. Under Backup set will expire, select
one of the following options and
complete the entry field:
< After (a defined number of days),
then enter the number of days.
< On (a specific date), then enter
the date.
12
12
12
13
1321

On the screens below, you have three options:

< Backup without checking the tape label.
< Backup checking the tape label.
< Initialize the tape and writing a new tape label, before backing up.
To backup without checking the tape
label:
1. Leave the following options
deselected:
< Check media set name and backup set
expiration
< Initialize and label media
This step will overwrite and destroy

any data on the tape. Be certain that
the correct tape is in the drive.
2. Choose OK.
The backup will now begin.
2
1322
Release 4.6A/B

To check the tape label before backing

up:
1. Select Check media set name and
backup set expiration.
2. Enter the tape label in Media set
name (for example, RD26S).
3. Choose OK, to begin the backup.
If the label of the tape does not
match the name entered in Media set
name, the backup will fail.
1
2
To initialize the tape before backing

up:
1. Select Initialize and label media.
2. Enter the tape label name in Media
set name (for example, RD26S).
This step will relabel, overwrite, and

destroy any data on the tape. Be
certain that the correct tape is in the
drive.
3. Choose OK to begin the backup.
1
2
1323

2IIOLQH%DFNXS8VLQJ17%DFNXS
:KDW
The offline backup is done when R/3 and the database are down. Here, we also use the
offline backup to also backup other files which are needed to restore R/3. Since high
capacity tape drives are now more common, it is simpler and safer to backup the entire
server. This full server backup eliminates the possibility of not backing up an important file.
For smaller customers, the entire server could be backed up to a single DLT cartridge.
At a minimum, backing up R/3 on SQL Server involves backing up the following SAPspecific and database-related directories:
<
\usr\sap
<
\usr\sap\trans
<
<homedirectory> of <sid>adm
<
\<sid>data
<
\<sid>log
<
\tempdb
(the R/3 database files)

(the R/3 log file)
In addition to these directories, you must back up any directories and files for third-party
products, interfaces, etc. that store their data outside the R/3 database. Getting all the
required files and directories can be difficult, which is why we recommend that you backup
the entire server.
:K\
The data in the database does not change while the backup is being made, which means that
you have a static picture of the database and do not have to deal with the issue of data
changing while the backup is being run. With some third party applications, you cannot
back up the files unless they are closed, and this is not possible unless R/3 and the
application are shut down. Therefore, an offline backup needs to be done. A full server
offline backup also gives you the most complete backup in the event of a catastrophic
disaster. On one tape, you have everything on the server.
+RZ
Due to system limitations on the documentation system, the location of the files in this
example are presented differently from the recommendations in the SAP installation
manual.
1324
Release 4.6A/B

*XLGHG7RXU
To do an offline backup, we use NT Backup interactively:

1. Shut down R/3.
2. Shut down the database.
3. Shut down any other applications.
4. Insert the appropriate tape into drive.
5. On the NT desktop, choose Start Programs Administrative Tools Backup.
6. Select all drives on the server.
7. Choose Backup.
Enter appropriate information in the

Backup Information dialog box.
8. In Tape Name, enter the tape label
name (for example, CD26S).
9. Select Verify After Backup.
10. If your tape drive supports
hardware compression, select
Hardware Compression.
8
9
11
10
11. Under Operation, select Replace.

12. In Description, enter a description.
12
13. Choose OK.
13
1325

14. This window will appear to verify

that the correct tape is in the drive.
Even if the tape name you entered
in the previous screen matches the
tape label, this window will
appear.
15
14
15. Choose Yes.

16. The backup will run. The window
displays the backup progress.
16
17. When the backup has successfully

completed, choose OK.
17
1326
Release 4.6A/B


Operations Exit.
18
19. Remove the tape from the tape

drive and store properly.
1327

Database Error Logs
'DWDEDVH(UURU/RJV
567
You can view the database error logs from within R/3 using transaction ST04. For more
information on database error logs, see the Database Performance Analysis (ST04) section
earlier in this chapter.
0LFURVRIW64/6HUYHU(QWHUSULVH0DQDJHU
*XLGHG7RXU
1. From the NT desktop, choose Start Programs Microsoft SQL Server 7.0 Enterprise Manager.
In the Enterprise Manager:
2. Expand the SQL Server Group
under which your server is
located.
3. Expand the server where the R/3
system is installed.
4. Expand Management.
2
3
4
5. Expand the SQL Server Logs.

5
6. Select the Current log.

Here, you can also look at the six
previous error logs.
7. Read the log in the right-hand side
window.
7
1328
Release 4.6A/B

Verify Database Consistency
9HULI\'DWDEDVH&RQVLVWHQF\
:KDW
In a database management system, consistency can be represented from the logical and
physical levels. R/3 must insure a logical consistency when communicating with the SQL
Server engine, and SQL Server must insure a physical consistency for the database.
:K\
Sometimes a physical inconsistency can occur in the databases internal structures. This
problem occurs when R/3 thinks the data is, and where the data actually is, in the
database are different.
+RZ
SQL Server uses the DBCC CHECKDB command to correct and repair the database to a
consistent state. This is executed using:
<
CCMS Scheduling calendar (DB13)
<
The SQL Server Enterprise Manager
The consistency checks should be done during non-peak hours or when R/3 users are
offline. For those coming from SQL Server 6.5 environments, SQL Server 7.0 executes the
DBCC CHECKDB job much faster than SQL Server 6.5.
5XQ8SGDWH6WDWLVWLFV
:KDW
Database objects statistics help make data access more efficient.

:K\
The optimizer of the database engine will perform better if the table indexs statistical
information is current. This information helps R/3 find an item in the database faster.
+RZ
By default, SQL Server 7.0 has automatic statistics turned on. The possibility of manually
scheduling update statistics using the CCMS scheduling calendar still exists. Examples of
when this scheduling might be necessary after large data inserts or deletes from a given
table (for example, client copy, BDC sessions, and archiving).
1329

System passwords
6\VWHPSDVVZRUGV
64/VHUYHU
For additional information, see SAP note 28893.
User IDs to change:
< sa
< sapr3
During the installation, by default:
< SQL server does not ask for, nor does it set, a password for user sa.
Once the installation is complete, the system administrator must manually create a
password.
< For user sapr3, a password is created, but it is created with a default password.
Therefore, you must change the password. Beginning with release 4.5, user sapr3 is no
longer used by R/3.
These loopholes must be closed manually.
+RZ
*XLGHG7RXU
1. From the NT desktop, choose Start Programs Microsoft SQL Server 7.0 Enterprise Manager.
In the SQL server Enterprise Manager:
2. Expand the SQL Server Group.
3. Expand the server.
4. Expand Security.
5. Choose Logins.
2
1330
Release 4.6A/B

System passwords
6. On the right side of the screen,

double-click sa (or sapr3, if
sapr3 was created).
7. Choose General tab.

8. Enter new password in Password.
9. Choose Apply.
10. Reenter the password in Confirm

New Password.
11. Choose OK.
10
11
1331

System passwords
12. Choose OK.
12
For user sapr3, up through release 4.0,

the following also needs to be done:
13. In the SQL Server Enterprise
Manager Console, choose Tools
SQL Query Analyzer.
1332
13
Release 4.6A/B

System passwords
14. Enter the following SQL

commands:
use <SAPSID>
go
sap_change_password
<OLD_PASSWD>,
<NEW_PASSWD>
15
14
15. Choose Execute Query (or choose

Query Execute Query).
1333

System passwords
1334
Release 4.6A/B

&RQWHQWV
Contents.................................................................................................................141
Printer Setup (SPAD) ............................................................................................142
Check the Spool for Printing Problems (Transaction SP01) ............................149
Check that Old Spools are Deleted (SP01) .......................................................1412
Printing the Output (SP01) .................................................................................1415
Printing the Screen .............................................................................................1418
Check Spool Consistency (SPAD) ....................................................................1421
Check TemSe Consistency (SP12)....................................................................1423
141
Chapter 14: Output Management

Printer Setup (SPAD)
3ULQWHU6HWXS63$'
Before you set up a printer:
<
Set up the printer at the operating system level.

This step must be completed before the printer can be set up in R/3.
<
Know the name of the printer.

This name is the network name of the printer (for example, FIN3 or
\\FINANCE\ACCT2; not HP Laser Jet 5si).
<
Know the type of printer.

This information is the manufacturer and model of the printer (for example, HP Laser Jet
5si).
+RZWR6HW8SWKH3ULQWHULQWKH56\VWHP
*XLGHG7RXU
1. In the Command field, enter transaction SPAD and choose Enter

(or from the SAP standard menu, choose Tools CCMS Spool SPAD-Spool administration).
2. In the Device/servers tab, choose
Output devices.
142
Release 4.6A/B

3. Choose
4. Choose
143

5. In Output device, enter a

descriptive name for the printer
(required).
6. Enter a short name in Short name
or let the system define it for you
(optional).
In our example, we will let R/3
define the short name.
7
8
9
7. Choose Device Attributes tab.

8. In Device type, choose to select
the appropriate device type for
your printer (required).
9. In Spool server, choose
to select
the appropriate server where your
print requests will be processed.
10. In Model, enter the printers make
and model.
10
11
12
11. In Location, enter the printers

location.
The Model and Location fields are

important because you cannot use
a printer if you do not know its
location and its model name. The
key is to make your description as
precise as possible. If the printer
has moved, remember to update
this field.
12. The message field is used for a
temporary message that replaces
the Location text. Messages are
useful if a printer is offline for
repair, etc.
144
Release 4.6A/B

11
13. Choose the HostSpoolAccMethod

tab.
14. In Host spool access method, choose
to select the appropriate access
method.
13
14
15
At this point, things can get

complicated. In general, use the
following local access methods to
reduce network problems in the
system.
For:
<
<
NT
Select C Direct operating
system call.
UNIX
Select L Print locally via
LP/LPR.
15. In Host printer, enter the printer

name as defined in your network
(required).
16. Select the Output Attributes tab.
17. In this section, you can specify a
cover page (optional).
19
18. Select Monitor using monitoring

architecture.
If you have a large number of
printers, do not select this option.
16
19. Choose Save.

17
18
145

20. In our example, to let R/3 create

the short name:
a. Choose Yes.
20a
b. If we had entered a short

name, and there is a name
conflict with an existing
printer, this conflict message
would appear.
20b
If this name conflict exists, at

this dialog box, choose Yes.
21. A message indicates that the
printer was created.
22. Choose Paper tray info.
22
21
23. Under Actv., select the paper tray

to activate it for automatic
selection.
23
24
Automatic selection means that

the correct tray is selected based
on the paper format (i.e., letter).
This selection applies only to the
paper format, not the type of
paper (for example, letter head,
invoice, blank, etc.)
146
Release 4.6A/B

24. In the screen above, under Page

format, enter the page format or
choose
25. Select the proper paper format.

Scroll down to see the Letter and
Legal paper formats.
26. Choose
.
25
26
27. Repeat steps 2326 for all printer

trays.
28. Choose
27
28
147

29. Choose Save.

30. A message in the status bar
indicates that the paper tray
information was saved.
29 31
31. Choose Back.
30
32. The new printer (Finance GL) is

now in the printer list.
33. Test the printer by printing this
screen to it.
32
148
Release 4.6A/B

Check the Spool for Printing Problems (Transaction SP01)
&KHFNWKH6SRROIRU3ULQWLQJ3UREOHPV7UDQVDFWLRQ63
:KDW
The spool is the R/3 Systems output manager. Data is first sent to the R/3 spool and then to
the operating system for printing.
:K\
shipping documents, etc.) or there may be an operational impact.
You should check for active spool jobs that have been running for over an hour. These longrunning jobs could indicate a problem with the operating system spool or the printer.
*XLGHG7RXU
1. In the Command field, enter transaction SP01 and choose Enter

(or choose SAP standard menu Tools CCMS Spool SP01-Output Controller).
2. Delete information in Created by.
3. Set the Date created field to, for
example a week ago, or to any
other date range to check for other 5
problems.
The range of data will depend on
your installation. If you generate
hundreds or thousands of spools a
day, you would choose
every
day. This data range would be
much shorter, possibly only two
days.
2
3
4
4. Delete information in Client.

5. Choose
149

6. Look for jobs with an error in the

Output Status column.
7. Double click on the Error.
6
8. Select the error.

9. Choose
10. Review the error.

11. From this point, troubleshooting
depends on the specific problem.
12. Choose
12
1410
Release 4.6A/B

13. Select the error.

14. Choose
14
13
15. Use the log to investigate the

problem (for example, this job was
Unable to establish connection to the
Berkley LPD).
15
1411

Check that Old Spools are Deleted (SP01)
&KHFNWKDW2OG6SRROVDUH'HOHWHG63
:KDW
The SAP spool is the output manager for R/3. From the SAP spool, the print job goes to the
operating systems print spooler or manager. You need to check that old spool jobs are being
properly cleared by the daily batch job.
:K\
<
Depending on how the spool system has been configured, old spools will use database
space or file system space.
Whether it is database or file system space, potentially available space is being used
by these spools.
<
Look for any errors that may indicate problems in the printing process.
*XLGHG7RXU

(or from the SAP standard menu, choose Tools CCMS Spool SP01-Output Controller).
2. Clear the following fields:
< Created by
<
<
<
Date created (date)

to (date)
Client
3. Choose
.
2
1412
Release 4.6A/B

After the system has been

operating for some time, check
whether old jobs are being purged.
4. Scroll down the screen to find the
oldest date. This date should be
within the time frame defined for
the job that runs RSPO0041
program (see SAP note 16083).
If the spool requests beyond the

minimal age are found, the job
may not be properly deleting the
old jobs and needs to be analyzed.
5. To view the attributes of a spool
request, highlight a request and
choose .
Two reasons for failure of the job that runs the RSPO0041 program are:
< The user ID under which the job is run does not have the proper security authorization
to execute the program.
< The job is routed to an invalid printer.
From this screen, the spool
attributes, output, and temporary
sequential database (TemSe)
attributes can be conveniently
accessed.
6. Notice that information on the
Number of pages generated, the
Recipient, and the Delete date of the
spool request are displayed.
6
6
1413

7. Choose Output attributes tab.

8. On this screen, you can set the
priority of the output request. The
priority levels are from 19 with 1
being the highest priority.
9. Select the TemSe attributes tab.

10. This screen displays the name and
size of the object as it is stored in
the TemSe database. It is useful to
know this information when there
are inconsistencies in the spool
and TemSe databases.
(For more information, see the
section on Check Spool Consistency)
10
1414
Release 4.6A/B

Printing the Output (SP01)
3ULQWLQJWKH2XWSXW63
:KDW
There are two types of requests:

<
Spool
<
Output
The spool request contains the printed document which has not been sent to the output
device. The output data of this document is partially formatted and stored in the TemSe
database. The output request tells R/3 to format the request to a particular device and
contains attributes such as target printer, number of copies, etc. Each time you select the
printer icon, an output request is created for the spool request.
:K\
To print the contents of a spool request immediately or at another date and time using
different parameters.
+RZ
(continued from the previous section)

1. Select a spool request.
2. Choose
to print directly.
This step creates an output request

and prints the contents of the
spool request immediately on the
printer.
1415

3. A message appears on the status

bar stating that an output request
was created.
4. In the Status column, is the status
of the print job.
If the output was printed

successfully, the status is Compl
(complete). Otherwise, a status of
Waiting or Error will be displayed.
You can also print a spool request

with a different printer or change the
start date and time.
1. Select a spool request.
2
2. Choose
to print with changed
parameters.
1
1416
Release 4.6A/B

3. On this screen, you can:

< Change to another output
device
< Increase the number of copies
< Change the priority

3
< Change the start date and time

In our example, we change the
printer to DCBZ.
4. Choose
to print directly.
5. You are notified that an output

request was created.
1417

Printing the Screen
6. Under the Status text column, the

request is scheduled for printing.
3ULQWLQJWKH6FUHHQ
:KDW
You can quickly and easily print the contents of most screens or do a print screen by
choosing the printer icon. A spool request and an output request are also generated by using
this procedure.
:K\
This is most useful in testing that a new printer was setup correctly.
1418
Release 4.6A/B

Printing the Screen
+RZ
Continue from the prior step or any screen with a printer icon:
*XLGHG7RXU
On some screens, there are two printer

icons. The one to choose is usually
located just under the menu bar.
(When the cursor is passed over this
button, Print Ctrl+P appears.)
1. Choose
2. You can specify or change the:

< Output device
< Number of copies
< Pages to print
< Spool request name
< Start time
< Change the priority
< Number of days you wish to
keep the spool request
< Print format
3. Choose
next to Retention period.
1419

Printing the Screen
In this dialog box, selecting Do not

delete keeps the spool request
indefinitely. Therefore, this request
will not be purged by program
RSPO0041 that deletes old spools.
4. Choose a spool retention period

(for example, Delete after 3 days).
5. Choose
Save.
6. Choose Continue.
1420
Release 4.6A/B

Check Spool Consistency (SPAD)
7. In the status bar, a message stating

that a spool request was created is
displayed.
8. Choose
9. The new output requested now

appears.
9
&KHFN6SRRO&RQVLVWHQF\63$'
:KDW
A spool consistency check compares data in the spool and output request tables (TSP01 and
TSP02), with the entries in the TemSe tables (TST01 and TST03), TSP0E (archive) and
TSP02F (frontend print request) tables. It also displays a list of obsolete write locks which
should be deleted.
:K\
If you delete table entries manually from the spool and TemSe tables or delete spool and
TemSe objects from the directories, inconsistencies can occur. Other causes of
inconsistencies are report and transaction terminations or an incorrectly executed client
copy.
1421

Check Spool Consistency (SPAD)
*XLGHG7RXU
1. In the Command field, enter transaction SPAD and choose Enter

(or from the SAP standard menu, choose Tools CCMS Spool SPAD-Spool administration).
2. Choose the Administr. tab.
3. Choose Consistency check of spool

database.
1422
Release 4.6A/B

Check TemSe Consistency (SP12)
The system checks the spool tables and

the TemSe tables to make sure that each
spool object has corresponding entries in
each of the tables.
1RWH There is another report, RSPO1043, that can be used for the spool consistency check. It should be
scheduled as a periodic batch job (see SAP note 98065).
&KHFN7HP6H&RQVLVWHQF\63
:KDW
A TemSe consistency check compares data in TST01 [Temporary Sequential Database

(TemSe) objects] and TST03 (TemSe data) tables. The TemSe contains objects that are
temporary such as job logs, spool requests, tests for workflow, batch input logs, and
personnel administration temporary data. The report RSTS0020 performs the consistency
check.
:K\
The relationship between the object and data in the TemSe may be destroyed due to the
following activities:
< Restore from backups
<
Copying databases
<
Copying clients using improper tools
<
Deleting clients without first deleting their objects
1423

Check TemSe Consistency (SP12)
*XLGHG7RXU

(or from the SAP standard menu, choose Tools CCMS Spool SP12-TemSe Administration).
2. From the menu bar choose TemSe database
Consistency check.
3. The TemSe objects and data were checked.

4. If there are inconsistencies:
a. Select the item
b. Choose Delete Selection.
1424
Release 4.6A/B
&KDSWHU 1HWZRUN266HUYHU
$GPLQLVWUDWLRQ
&RQWHQWV
Overview ................................................................................................................152
Operating System Tasks ......................................................................................152
Other Tasks .........................................................................................................1512
151
Chapter 15: Network/OS/Server Administration

Overview
2YHUYLHZ
This chapter is about using transactions to get to the operating system log, regardless of the
platform.
2SHUDWLQJ6\VWHP7DVNV
2SHUDWLQJ6\VWHP$OHUW$/
*XLGHG7RXU
Use the operating system alert monitor for a quick visual review.
Operating System Local Alerts AL16-Operating system).
2. Review this screen for potential
problems.
152
Release 4.6A/B

Operating System Tasks
6\VWHP/RJV26
:KDW
The system logs are where the operating system and some applications write event records.
Depending on the operating system, there may be multiple logs.
:K\
There may be indications of a developing problem (for example, a hard drive that generates
errors may indicate that it is failing and needs to be replaced).
+RZ
*XLGHG7RXU
1. In the Command field, enter transaction OS06 and choose Enter

Operating System Local OS06-Activity).
2. Choose Detail analysis menu.
153

3. Choose OS Log.
This screen shows the operating

system log. In this example, it is
the NT event log.
154
Release 4.6A/B

17(YHQW/RJV
:KDW
NT has three event logs:

<
<
System
Security
<
Application
:K\
There may be indications of a developing problem. If the security audit parameters have
been properly set, you could detect unauthorized attempts to access files.
Configuring the security audit function is a tradeoff among the following:
< The need to log security events.
< System resources to track and maintain the log.
The more detailed you make the log, the more the system performance will degrade.
This degradation is due to the extra processing required to track and log the items.
< Effort required to audit the log (dependent on the size of the log).
*XLGHG7RXU
The following steps show you how to open the NT event logs.
1. On the NT desktop, choose Start Programs Administrative Tools Event Viewer.
2. The following logs can be selected
2
under Log:
< System
< Security
< Application
3. Look for unusual entries.
Monitor these entries regularly to
recognize unfamiliar events such
as errors, failures, or securityrelated entries. These events do
not usually occur.
155

&KHFNLQJ)LOH6\VWHP6SDFH8VDJH5=
:KDW
The file system should have sufficient free space for normal operations. Over time,
various activities will write files that will use up file space. These files need to be
periodically reviewed and moved or backed up and deleted.
A few of the items that consume file space when monitoring file space usage include:
<
Transports
<
Support packages
<
Extract files from the R/3 System
<
Program logs
<
Backup logs
<
Error logs
<
Inbound interface files
<
Third-party programs that store their data outside the R/3 database
<
Trace files
<
Spool files (if stored at the OS level)
In addition to these items, check to see that the house cleaning programs are running
properly (see SAP note 16083).
:K\
If your file system fills up, the R/3 System may stop because the database cannot write to a
file. If R/3 stops, any business operations that use the system will also stop.
For example, note the following sequence of events:
1. The SQL Server transaction log fills up the file system.
2. SQL Server cannot write anymore entries into the log.
3. SQL Server will stop.
4. R/3 will stop.
Your user will not be able to perform activities such as:
< Enter orders
< Generate shipping documents to ship products
To plan for such a situation:
156
<
Anticipate and plan for disk space needs.
<
Determine if storage space expansion is needed.

If storage space expansion is needed, purchase and installation plans need to be made.
The expansion should be planned to minimize operational disruption.
Release 4.6A/B

<
Determine if house cleaning is needed.

If archiving is required for data files, archive to quality storage media such as an optical
disk, CD, or other long-term storage media.
*XLGHG7RXU
You can use the R/3 Alert Monitor or go to the operating system to check file system space usage. In this
section, we use the R/3 Alert Monitor, because we can set alert points.
(or from the SAP standard menu, choose Tools CCMS Control/Monitoring RZ20-Alert Monitor).
2. Click the node (+) to expand the
monitor set.
3. Select the monitor set (for
example, SAS for docu).
4. Choose
2
3
157

5. Drill down to get to the following

starting node:
<SID>\<host>_<SID>_<Instance>
(for example,
SAS\pa100767_SAS_00).
6. Drill down to the drives
OperatingSystem Filesystems.
The drives are color coded to
indicate alert status:
< Green (OK)
< Yellow (Warning)
< Red (Critical)
7. Select a drive (for example, H:)
and drill down to see its statistics
(Freespace and Percentage_Used):
These are statistics at the drive

(not directory) level.
As you view these statistics, keep
your system in mind.
For example, on your system,
drive H may contain the database
which takes up all the space on
that drive. Keeping this in mind,
you can expect and ignore the
warning message, or change the
alert threshold for that specific
drive. For more information on
changing the alert threshold, see
page 159.
158
Release 4.6A/B

&KDQJLQJWKH$OHUW7KUHVKROG5=
Also see chapter 10, Maintaining the Alert Thresholds for RZ20.
To customize the points when the
alert indicator changes from green to
yellow, yellow to red, back from red
to yellow, and yellow to green:
1. Click the node of the drive for
which you want to change the
threshold (for example, drive H:).
2. Select an alert (for example,

Freespace).
3. Choose Properties.
1
2
159

4. Then:
a. Choose
b. The Threshold values fields will 4a

change color from grey to
white, indicating that you can
change the values.
5. Under Threshold values, select a
threshold change point (for
example, Change from GREEN to
YELLOW).
6. Enter the new value for when the
alert will change color (for
example, 500).
4b
These threshold values are specific

to your system and even to
specific drives in your system.
7. Choose Save.
8. A message appears in the status
bar indicating that the new
properties were saved.
1510
Release 4.6A/B

&OHDQLQJ2XW2OG7UDQVSRUW)LOHV
:KDW
Transport files are used to transport or move SAP objects and customizing changes between
clients and systems.
:K\
If left unchecked, transport files could gradually fill up the file system.
If the file system fills, operations may be affected because:
<
Outbound R/3 System files may not be created.
<
Transport export may fail.
<
Inbound files may not be created.
In an extreme situation, if you run out of file system space, R/3 may stop, or you may have
other failures because R/3 or other applications cannot write to the necessary files.
:KHQ
The transport directory check is important:

<
After a major implementation where many transports have been created that take up a
lot of space.
<
Immediately before (or after) performing a database copy, if you do not use a central
transport directory, most (if not all) files dated before the copy become irrelevant to the
system.
<
After installing a large support package.
+RZ
To complete a transport directory check:

1. Check the following directories under /usr/sap/trans:
<
Data
<
Cofiles
<
Log
2. Sort the directory by date to determine file age.

3. Archive obsolete files.
These are files created before a database refresh or those that have been applied
successfully to all target systems.
4. As an option, archive old transports to a backup media such as tape, optical disc, or CD.
1511

Other Tasks
Check the following:

< Support package directory /usr/sap/trans/EPS/in
< Transport data directory /usr/sap/trans/data
Support package files can be reloaded if needed and can be large (for example, hot
package 10 for Release 4.0B is over 200MB).
2WKHU7DVNV
&OHDQWKH7DSH'ULYH
To minimize a backup failure due to a dirty head, clean the tape drive as part of a
preventive maintenance program.
To keep your tape drive clean:
<
Follow the tape drive manufacturers instructions for your tape drive.
Some drives specify a specific interval of use for cleaning, typically based on hours of
use. Adjust your cleaning frequency to account for your usage. Remember, that these are
recommendationsnot rules. If you consistently have recording errors or head dirty
messages, then decrease the time between cleanings. If you have to clean your tape
drives more or less frequently, this task should be moved to the appropriate interval.
Some drives (for example, DLT) do not require regular cleaning. They only need
cleaning when the clean head indicator light is activated.
<
Use the manufacturers approved cleaning cartridge for the tape drive.
<
Use the cleaning cartridge according to the manufacturers instructions.
<
Between uses, store the cleaning cartridge according to the manufacturers instructions.
Keep your server room clean.

A dusty or dirty environment will not only make you clean your tape drive more often, but
will also coat the inside of the server with dust and cause a cooling problem.
1512
Release 4.6A/B

Other Tasks
8QLQWHUUXSWLEOH3RZHU6XSSO\
&KHFNWKH8QLQWHUUXSWLEOH3RZHU6XSSO\
:KDW
The uninterruptible power supply (UPS) that you use should be monitored by a control
program. This program, when triggered by a power event, records the event and initiates a
shutdown process of the R/3 environment (R/3, the database, related applications, and the
operating system), and finally the server. In addition, most UPSs have a self-test and
capacity calibration function. The results of these tests are logged. Specific data logged
depends on the program and the UPS.
:K\
You need to review the power events that triggered the UPS control program.
While the UPS protects the server, the control program should be recording power events
such as power dips, brown outs, power failures, etc. This recording could help you or the
facilities person solve electrical problems in the facility. For example, a pattern of power
dips or outages may indicate a problem elsewhere in the building.
You need to verify that:
<
The UPS is functioning
<
The self-tests completed successfully
<
There is sufficient capacity in the batteries
The batteries in the UPS must be periodically replaced. If the batteries are low, the capacity
test will indicate that the batteries do not have sufficient capacity to shutdown the system
before failing.
+RZ
Review the log for the UPS control program.

&KHFN\RXU8366KXWGRZQ3URFHVV
:KDW
Verify that your UPS shutdown process works. A shutdown process is an automated script
for the UPS to shut down R/3, the database, other applications, the operating system, and
the UPS.
:K\
This check verifies that the entire shutdown process works as planned and documented.
When there is a power failure, the R/3 environment should be shut down in an orderly
manner. There should be sufficient reserve in the UPS to reach the end of the shutdown
1513

Other Tasks
process. Something might have changed since your last test to cause the shutdown process
to fail. If this process fails, you need to find out why and fix the problem.
The stopsap command does not work within all UPS control programs. You need to
verify that your UPS control program will properly stop R/3 and the database before
shutting down the server.
Like a car battery, UPS batteries wear out over time and must be replaced. If the battery is
worn out, the UPS will not have sufficient power to complete the shutdown process.
&KHFN0DLQWHQDQFH&RQWUDFWV
:KDW
Many of the servers and related equipment are under maintenance or service contracts with
the manufacturer or distributor.
<
The production system and critical equipment should be under a premium 24 hour x 7
day (x 2 hour response) support agreement.
<
Less critical equipment can be under a next-business-day support agreement.
:K\
If you need support or service and the service contract has expired, the confusion and time
to reestablish the service contract could be critical.
:KDW
The support level should be selected based on equipment use. If a piece of equipment
becomes critical to the companys operation, its support level should be upgraded to reflect
the critical nature of that equipment. Conversely, equipment could become noncritical or
be replaced. In this situation, the service contracts could be downgraded or dropped as
appropriate.
+RZ
<
Keep a list of service contracts.

Include what these contracts are for and the expiration date in the list.
<
Review equipment usage to determine if the support level for equipment should be
upgraded, downgraded, or dropped.
<
Review the list for expiration dates each quarter.

How long in advance of the expiration date to do this review depends on the time it
takes to go through the purchase requisition and approval process in your company.
<
1514
Renew service contracts.
Release 4.6A/B

Other Tasks
5HYLHZ+DUGZDUHRUD6\VWHP0RQLWRU3DJLQJ6\VWHP
:KDW
A hardware or system monitor paging system generates alert messages (including e-mail)
and pages based on your predefined parameters. Depending on the software, the following
can be monitored:
<
Hardware items (such as servers, routers, and printers)
<
Logs (such as operating system, applications, and database)

By monitoring the NT event logs, you can monitor events from the SAP system log. This
way, critical events such as an Update Terminate can be detected and acted on as soon as
they happen.
The following screen is courtesy of TNT Software.
The screenshot above shows that the monitor has three functional windows:
< Notification Rules
<
This mechanism passes or filters events, and determines what action will be taken on the
events that are passed.
Events
<
These are the events that have been passed to the monitor program. (They got through
the filters in Notification Rules.)
Monitored device
1515

Other Tasks
These are the monitored servers and IP devices.

This example, however, has not been configured to pick up and report on SAP events.
Initially, there will be a lot of tuning as the system parameters are adjusted. Over time,
parameter adjustments will reduce.
:K\
You may need to change alert parameters to filter noncritical events and to generate alerts
for critical events. The key to remember is that this process is dynamic. Some of these tasks
are as follows:
<
Account for new events that have never occurred.

Critical, you need to generate a page
Important, you need to generate a message (for example, e-mail)
<
Determine if an event that used to be filtered now needs to generate an alert
<
Filter out events (both old and new) that should not generate alert messages
<
Filtering is necessary to manage the messages that are reviewed. If too many irrelevant
messages get through the filter, it becomes difficult to review the alert message log.
Adjust for personnel changes
There may be other events that require action (for example, shift or duty changes for
organizations with several people on call).
<
Test that all alert mechanisms are functional.
The paging/messaging function needs to be tested regularly. If the monitoring program is

unable to send a page, you will not receive the page when a critical alert occurs.
The inability to send a page can be caused by:
<
Someone changing something in the e-mail or phone system that prevents alert
messages from being sent.
<
A phone patch cable that has disconnected from the modem.
+RZ
To review the paging system:

<
Review the various monitored logs (such as the NT event logs) to look for events that
should generate an alert message (e-mail or page).
The monitor program needs to be configured to pick these events up and properly
process them.
<
Review the alert monitor log for alert events that should be filtered out.
The monitor program needs to be configured to filter or ignore such events.
<
Test all alert mechanisms, such as pager, e-mail, etc. to make sure that they are
functional.
If you receive regular daily e-mail messages, then the e-mail testing is being done for
you.
1516
Release 4.6A/B
&KDSWHU 2SHUDWLRQV
&RQWHQWV
Overview ................................................................................................................162
Check that All Application Servers Are Up (Transaction SM51)......................162
Background (Batch) Jobs ....................................................................................163
Background Jobs (SM37)...................................................................................1615
Operation Modes.................................................................................................1621
Backups ...............................................................................................................1636
Checking Consumable Supplies .......................................................................1642
161
Chapter 16: Operations

Overview
2YHUYLHZ
Operations is a generic category that refers to the tasks that would be done by a computer
operations group. These are the tasks that the people in the glass room in a data center
would be doing. If you do not have a data center, these tasks do not disappear; they must be
assigned to the appropriate employees.
This chapter is important because operations is a crucial part of system administration.
While learning to manage operations, readers will learn how to perform:
<
Batch jobs
<
Background jobs
<
Operation modes
<
Backups
&KHFNWKDW$OO$SSOLFDWLRQ6HUYHUV$UH8S7UDQVDFWLRQ
60
:KDW
Transaction SM51 allows you to look at all the servers in your system (for example, the PRD
database server and all of its application servers). You do not have to log into each server
individually.
:K\
The ability to look at the servers is important because if:

< One of your dialog application servers is not up, the users who usually log on to that
application server will not have a server to log on to.
<
162
The batch application server is down, batch jobs that are specified to run on that server
will not run.
Release 4.6A/B

Background (Batch) Jobs
*XLGHG7RXU

SM51 - Servers).
2. Review the list of instances under
Server name.
Verify that all your instances are
listed. If it is listed, it is up and
running.
%DFNJURXQG%DWFK-REV

:KDW
In the R/3 System, a batch job is referred to as a background job. This job runs
independently of a user being logged on.
There are two kinds of background jobs:
<
Regular
These are jobs that are run on a regular schedule.
<
Ad hoc
These are jobs that are run as needed or required.
:K\
Background jobs are used for the following reasons:

<
Users have the flexibility of scheduling jobs when they are out of the office.
<
The program can be run without locking a user session.
<
Jobs that run for a long time would time out if executed online.
163

5HJXODUO\6FKHGXOHG-REV
:KDW
Regularly scheduled jobs are background jobs that will run on a schedule (for example,
daily at 11:00 a.m., Sundays at 5:00 a.m., etc.)
:K\
Regularly schedule jobs are run to:

<
Collect performance statistics
<
Populate an information system, such as the Special Ledger.
<
Generate a report
<
Generate output for an outbound interface
<
Process an inbound interface
<
Perform housekeeping tasks, such as deleting old spool requests
+RZ
The job is scheduled like any other background job, but with a few additional
considerations:
%DWFK8VHU,'
<
Create a special user ID to be used only for scheduling batch jobs, such as BATCH1.
The reason for special user IDs is to keep scheduled jobs independent of any user. This
way, when a user leaves the company, the jobs will not fail when the user ID is locked,
shut down, or deleted.
<
Consider multiple-batch user IDs when batch jobs are scheduled by or for different
organizations or groups. This method has the disadvantage of having to manage
multiple accounts. For example:
BATCH1
System Jobs
BATCH2
Finance
BATCH3
Accounts Payable
BATCH4
Warehouse
BATCH5
Material Planning/Inventory
3HUIRUPDQFH
For more information on performance, see 165.
+RXVHNHHSLQJ-REV
These background jobs must be run regularly to perform administrative tasks, such as:
164
<
Deleting old spools
<
Deleting old batch jobs
<
Collecting statistics
Release 4.6A/B

See SAP note 16083 for the required SAP housekeeping jobs, and to schedule the spool
consistency check, see SAP note 98065.
Program RSPO0041 is sometimes troublesome; see SAP note 48400.
2WKHUV
Various modules and functions may require their own regularly scheduled jobs. For
example, the Special Ledger requires a regular job to copy data from the FI/CO modules
and to regenerate sets in Special Ledger. There may be various database and operating
system-level housekeeping jobs that also need to run.
3HUIRUPDQFH)DFWRUVIRU%DFNJURXQG-REV
Background jobs consume a significant amount of system resources. As a result, they could
adversely affect online system performance. There are several ways to improve system
performance while running background jobs. These methods benefit both online users and
other background jobs.
To reduce the system impact from background jobs:
< Run batch jobs on a dedicated batch application instance/server.
This step separates the processing requirements of the background job from the
processing requirements of online users and of the database. Even with as little as 10
users on a small central instance (no application servers), two batch jobs can
significantly slow down the online system response. Therefore, even for a small
installation, there may be a need for application servers to offload the batch processing
from the central instance. The instance profile for this application server would be tuned
for background jobs rather than dialog (online) performance (for example, five
background work processes and only two dialog work processes).
Specifying a target host is a double-edged sword. If you specify the target host, load
balancing is not performed. There may be the situation where all the batch work
processes on the batch application server are in use, and other application servers are
idle. However, by specifying that the job is to run on the batch application server, it will
not run on any of the other available application servers. This job will wait until a batch
work process is available on the specified batch application server.
<
Schedule background jobs to run during nonpeak periods, such as at night or during
lunch.
If no one is on the system, slow system performance does not matter.
<
Minimize job contention.

Two background jobs are running at the same time and contending for the same files,
possibly even the same records. Minimizing this conflict is one reason to coordinate
background job scheduling (for example, by not simultaneously running two AR aging
165

reports). In such cases, the reports may finish sooner if they are run sequentially, rather
than in parallel.
<
For global operation, consider the local time of your users.

For example, scheduling a resource intensive background job to start at 1:00 a.m. PST in
California (0900 GMT) corresponds to 10:00 a.m. CET in Germany. This time may be
good for Americans who are not working, but it is the middle of the workday morning
in Germany.
When these jobs run can be critical, for tasks such as backing up operating system-level
files, because of the following:
A backup of these files may require that the file not be changed or used during the
backup, or the backup will fail.
Programs attempting to change the file will fail because the backup has the file
locked.
Make a chart that converts your local time to the local time for all affected global sites. With
this chart you can quickly see what the local time is for locations that would be affected by a
job (see following example):
A corporate master clock (or time) should be defined for a company with operations in
multiple time zones.
Two common methods are:
< The time zone where the corporate office is located.
For SAP in Walldorf, Germany this is Central European Time (CET).
For United Airlines in Chicago, IL, this is Central Standard Time (CST).
< Coordinated Universal Time (UTC), formerly known as Greenwich Mean Time (GMT).
This common time is used by global operations, such as the airlines.
The change to and from daylight savings time does not occur on the same day in all
countries. During that interim time, the offset time could be different.
The time conversion table (based on a 24-hour clock) below shows selected times around the
world.
166
Release 4.6A/B

The Microsoft Excel file for this table is included on this guides companion CD, which is
located inside the back cover of this book.
<
Highlight the column for your local time zone, so you do not accidentally read the
wrong column.
<
Using a 24-hour clock eliminates the common A.M./P.M. confusion.
If you use daylight savings time, you need to be aware of the days when the time changes:
<
Daylight savings time starts

A one-hour time period will disappear. Jobs scheduled to run in this missing hour
may either not run or run as a late job. Any tasks following this change, which rely on a
job scheduled to run during the missing hour, need to be reviewed.
167

<
Daylight savings time ends

This period creates a problem where a one-hour period of time repeats itself. For
example, at 3:00 a.m., the clock resets back to 2:00 a.m. This time period will occur twice.
One way to avoid problems when daylight savings time is switched on and off is to use
UTC (formerly known as GMT) as your master clock. If you are in a U.S. state that does not
use daylight savings time, such as Hawaii, it is not a concern.
See the following SAP notes:
<
7417 - Changing to daylight savings time and back
<
102088 - End of daylight savings time: the double hour
&UHDWLQJDQG6FKHGXOLQJD%DWFK-RE60
:K\
Background jobs are used for the following reasons:

<
Users have the flexibility of scheduling jobs when they are not in the office.
<
The program can be run without locking a user session.
<
Jobs that run for a long time would time out if run online.
1RWHV
<
The job class determines the start priority of the job.

For example, a class A job would start before a class B job, and a class B job would
start before a class C job.
<
Once started, all job classes have equal priority.

A class A job will not take processing resources away from a class B job to finish
faster.
<
Jobs in the start queue do not affect running jobs.

A class A job in the start queue will not replace a currently running class C job.
Avoid playing priority games with the job class. If you make every job a class A job,
there is no priority, because every job will be at the same priority level.
The recommended method is to assign all jobs to job class C. The exceptions to this
recommendation are those jobs that need the priority. This priority increase should be
properly justified.
3UHUHTXLVLWH
A batch job may require that a variant be created to execute the job.
168
Release 4.6A/B

*XLGHG7RXU

(or from the SAP standard menu, choose Tools CCMS Jobs SM36-Definition).
2. In Job name, enter a job name.
Using the standard naming

convention makes it easier to manage
jobs.
2
3
3. In the Job class, enter C.

Class C is the standard job class.
4. Choose
Start condition.
5. Choose Date/Time.
5
169

6. For Schedule start, in Date and

Time, enter the start date and time.
8
6
7
The Schedule start is the date and time

on the database server, not the local
time.
7. On No start after, enter the date
and time by which time the
program must start. If the
program does not start by the
specified date and time, then it
will not start at all.
8. If you have a job that will run
periodically, perform steps 913.
10
If not, choose Immediate and skip

to step 14.
9. Select Periodic job.
10. Choose Period values.
11. Choose the appropriate period
button (for example, Daily).
12. Choose
Check.
13. Choose Save.
11
13
12
1610
Release 4.6A/B

14. Choose
Check.
15. Choose Save.
15
14
16. Choose
Step.
16
1611

17. To schedule an ABAP program,

choose ABAP program.
18. In the ABAP program section, in
Name, enter the name of the
program (for example, rspo0041).
19. Choose
17
Check.
18
19
If the program has variants, a window

with the list of available variants
appears.
20. Select the appropriate variant.
21. Choose
20
21
1612
Release 4.6A/B

22. Choose
Print specifications.
22
23. Enter the printer name or choose

23
to select the printer.

24. Select the appropriate Spool control
options.
25. Under Print settings:
<
Lines and Columns values are

generated by the report.
<
For Format, choose

to select
the value that most closely
matches the Lines and Columns 24
value.
26. Choose
25
26
1613

27. Choose Save.
27
28. Choose Save.

29. A message will appear in the
status bar indicating that the batch
job has been created.
28 30
30. Choose Back.
29
1614
Release 4.6A/B

Background Jobs (SM37)
%DFNJURXQG-REV60
:KDW
:K\
If you are running critical jobs, you need to know if the job failed because there may be
other processes, activities, or tasks that depend on these jobs.
+RZ
You should have a list of all the critical jobs that are scheduled to run. For each of these jobs,
you should have a list that shows:
<
When the jobs are scheduled to run
<
The expected run time
<
An emergency contact (names and phone numbers) for job failure or problems
<
Restart or problem procedures
1615

*XLGHG7RXU

(or from the SAP standard menu, choose Tools CCMS Jobs SM37 - Maintenance).
2. In Job name, enter * to get all jobs.
3. Enter one of the following options:
< * (for all users)
< User ID that the batch jobs run
under (to limit the display to
those scheduled under a
specific user ID in User name).
4. Under Job status, select:
< Active
< Finished
< Canceled
8
2
3
4
5. In Fr., enter a start date.

6. In To, enter an end date.
7. In after event, choose
*.
8. Choose
and select
Execute.
9. Check for failed or cancelled jobs.

Analyze why jobs failed or were
cancelled and make the necessary
corrections.
10. Check critical jobs such as MRP,
check payment jobs, etc.
To do this check, you need to
know the job name.
11. From this point, you may do one

of the following tasks:
< Check the job log
< Get basic job information
1616
Release 4.6A/B

&KHFNLQJWKH-RE/RJ
To check a job log:
1. Select the job.
2. Choose
Job log.
3. Check job performance and record

run times.
A deviation from the usual run

time on a job may indicate a
problem and should be
investigated.
4. Choose Back.
1617

8VLQJWKH-RE7UHH
To get basic job information at a
glance using the job tree:
1. Select the job.
2. Choose
3. A job tree is displayed showing

information such as:
<
Job class and status
<
<
Target server
Job steps
<
Job start conditions
4. Choose
5. Choose Back.
1618
Release 4.6A/B

*UDSKLFDO-RE0RQLWRU7UDQVDFWLRQ5=
:KDW
The graphical job monitor is useful when coordinating many background jobs because it
allows you to see individual job statistics.
:K\
The graphical job monitor is a visual format where status is indicated by the following
colors:
<
Aborted job (red)
<
Active job (blue)
If a job ran past its expected end time, and other jobs are scheduled to start, the graphical job
monitor lets you see the conflict.
*XLGHG7RXU

(or from the SAP standard menu, choose Tools CCMS Control/Monitoring RZ01-Job Scheduling
Monitor).
2. Choose Time unit Hour to get a
more usable time scale.
3. Choose Legend to get a popup
legend of the colors or patterns
used.
2
3
4
4. Choosing Timer ON will update

the display every three minutes.
1619

%DWFK,QSXW-REV1HZRU,QFRUUHFW60
:KDW
This transaction shows jobs that need to be processed or started, and jobs with errors that
need to be resolved.
:K\
This transaction is important because it alerts you to batch input jobs that are:
<
New
These are jobs that are waiting to be processed (for example, a posting from an interface
file). If not processed, the data will not post to the system.
<
Incorrect
These are jobs that have failed due to an error. The danger is that only a portion of the
job may have posted to the system. This partial posting increases the potential for data
corruption of a different sort, since only part of the data is in the system.
*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration Monitor SM35-Batch Input).
2. Enter a start date of at least a week
ago (or even further back if people 3
are not good about resolving these
jobs) in the From field.
2
3. Choose
1620
Release 4.6A/B

Operation Modes
4. Choose the New tab.

A list of batch input sessions that
need to be processed are
displayed.
5. Choose the Incorrect tab.
A list of incorrect batch input

sessions are displayed.
6. Contact the responsible user to
notify them or determine why
these jobs are in:
<
New Sessions
<
Incorrect sessions
2SHUDWLRQ0RGHV
:KDW
Operation modes allow the R/3 System configurations to be adapted to different

requirements. The configuration is the mix of the number of dialog (online) and batch
processes at different times of the day.
When switching operation modes, the R/3 work processes are automatically redistributed,
without stopping and restarting the instance. Only the work process type changes. For
example, a work process used as a dialog process can be switched for use as a background
process. The total number of work process remains the same.
The new process type is not activated until the process is free, which means that a process
may not be immediately switched. Instead, it is set for switching at the earliest possible
time. For example, if all background processes to be switched to dialog processes still have
jobs running, the processes are individually switched when the jobs are completed.
Processing is not interrupted and normal system operation continues uninterrupted during
the operation mode switch.
Operation mode switches are recorded in the system log. The old process type and the new
process type are recorded for each switched work process.
:K\
A batch job runs on a batch work process until it is completed and does not time share the
work process. Therefore, to increase the number of batch jobs that are processed during a
given period, you need to increase the number of batch work processes. To achieve this
1621

Operation Modes
increase, you must also decrease the number of dialog (online) work processes by the same
amount.
This process is usually done to increase the number of batch sessions available to process
batch sessions at night, when most of the online users have gone home and you have many
batch jobs to run. During the day the opposite situation occurs. The number of batch work
processes is reduced, and the number of dialog work processes is increased to accommodate
the number of online users.
For example:
Mode
Dialog WP
Batch WP
Day
Night
There should always be a minimum of two dialog processes. Do not reduce the value below
two.
There must be at least two batch work processes on the system. An individual instance,
such as a dialog application server, could be configured without a batch work process. But
there must be batch work processes to use somewhere on the system, or a task (such as a
transport) will fail if it needs a batch work process to execute.
For small clients with little batch processing at night, the additional process of configuring
and maintaining operation modes may not be necessary. Not using operation modes
reduces the level of administration required to maintain the system. Although once
configured and running, there is little maintenance required.
+RZ
To set up and use the operations modes:

1. Define the operation mode (RZ04).
2. Assign the instance definition to an operation mode (RZ04).
3. Define the distribution of work processes for the operation modes (RZ04).
This distribution is the mix of dialog and batch work processes.
4. Assign the operation modes (SM63).
Define or set the schedule of when the modes will switch and to what mode it will
switch to.
1622
Release 4.6A/B

Operation Modes
7R'HILQHWKH2SHUDWLRQ0RGH5=
*XLGHG7RXU

(or from the SAP standard menu, choose Tools CCMS Configuration RZ04 - OP Modes/instances).
2. Choose
3. In the Operation Mode field, enter a

name or title description.
5
4. In Description, enter a short

description for the mode.
5. Choose Save.
3
4
Make the name and descriptions meaningful, such as day mode and night mode, which makes it
easier to select them later.
1623

Operation Modes
Productive Operation Modes are for normal R/3 operation.

Test Operation Modes are used for systems where development work or testing is being done.
Test Operation Mode can be switched manually or by using the timetable.
6. The Operation mode (for example, day)
is created.
7. Repeat the above steps for any

additional operation modes (for
example, afternoon and nite) you need.
1624
Release 4.6A/B

Operation Modes
$VVLJQDQ,QVWDQFH'HILQLWLRQWRDQ2SHUDWLRQ0RGH5=
*XLGHG7RXU
7KH)LUVW7LPH<RX*HQHUDWHDQ,QVWDQFH2SHUDWLRQ0RGH
The first time the CCMS: Maintain Operation Modes and Instances screen is opened, there are no operation
modes. This process populates the screen.
2. Choose Instances/operation modes.
3. To generate an instance definition

for our host, from the menu bar,
choose Settings Based on current
status New instances Generate.
1625

Operation Modes
4. The instances are populated.

5
5. Choose Save.
6. Choose Back.
$GGLQJD1HZ2SHUDWLRQ0RGH
1626
Release 4.6A/B

Operation Modes
3. Choose any operation mode.

4. Choose
5. Choose Other operation mode.

6. Choose
mode.
to select an operation
1627

Operation Modes
7. Choose the new Operation Mode

(for example, morning).
8. Choose
.
8
9. At this point, you can also define

the work process distribution (see
Defining Distribution of Work
Processes later in this chapter).
10. Choose Save.
10
1628
Release 4.6A/B

Operation Modes
11. Under Op Mode, the new operation

mode, morning, appears.
12
12. Choose Save.
11
'HILQLQJ'LVWULEXWLRQRI:RUN3URFHVVHV5=
*XLGHG7RXU

2. Select the operation mode you
wish to define (for example, nite).
3
1629

Operation Modes
4. Select an OP Mode, for example

nite.
5. Choose
.
5
6. Click in the Background field.
Do not change any other field.

Use the minus (-) or plus (+)
buttons to reduce or increase the
number of Background work
processes. This step automatically
changes the number of Dialog
work processes by the opposite
amount, to keep total number of
work processes the same.
In this example, we increased the

number of background work
processes from 1 to 3.
7. Choose Save.
7
Remember that there should always be a minimum of:

< Two dialog processes on an instance
< Two batch work processes on a system
1630
Release 4.6A/B

Operation Modes
8. The changes now appear on this

screen.
9. Choose Save.
10. Repeat for all the other operation

modes.
11
11. Choose Save.
10
1631

Operation Modes
$VVLJQLQJ2SHUDWLRQ0RGHV60
*XLGHG7RXU

(or from the SAP standard menu, choose Tools CCMS Configuration SM63 Operation mode
calendar).
2. Select Normal operation (24hr).
3. Choose
Chan.(Change).
2
3
1632
Release 4.6A/B

Operation Modes
4. This screen shows the timetable.

The dashed arrow (= =>) indicates
the current time.
5. Double-click on the beginning and
ending times when the operation
mode should be in effect.
6. Choose Assign.
7. In Op. mode, choose
.
7
8. Choose the mode to assign (for

example, day).
9. Choose
1633

Operation Modes
10. Choose
10
11. The operation mode name is next to

the time periods you assigned.
11
1634
Release 4.6A/B

Operation Modes
12. Repeat steps 511 for the other

operation mode(s).
13
13. Choose Save.
14. When the Operation Mode switches,

entries appear in the system log
(transaction SM21).
14
1635

Backups
%DFNXSV
3HULRGLF$UFKLYDOV
At the end of the quarter:
<
Made certain you get a usable backup at the end of the quarter.
<
Send quarter-end backup tapes offsite for an extended period.
At the end of the year:

<
<
Make certain to get a usable backup at year-end.

Send the backup tapes offsite for an extended period.
Be aware that you may have two year-end backup dates:

<
End of the calendar or fiscal year
<
After the financial books are closed for the year

This period may be several months after the end of the fiscal year.
The length of the extended period should be determined by your legal and finance
departments, external auditors, and others as appropriate in the company (for more
information, see discussion in chapter 3).
%DFNXSWKH'DWDEDVH
See the procedures in chapter 3, 15, and 17.
3HUIRUPLQJD)XOO6HUYHU%DFNXS
:KDW
An offline backup of the entire server is done at the operating system level. This process
requires that the R/3 System and the database be down so that no files are open.
:K\
Performing an offline backup is necessary for files that cannot be backed up if the R/3
System or the database is active. With this full-server backup, you know you have
everything on the server. If you experience major system problems, you will have a
defined point from where everything is backed up and from where you can begin a restore.
1636
Release 4.6A/B

Backups
:KHQ
A full-server backup should be performed before and after major changes on the server,
such as:
<
Installing new software
<
Upgrading installed software
<
Changing hardware
If a change has a catastrophic effect (a disaster), you will need to recover the server to its
before-the-change state.
+RZ
To perform a full server backup:

1. Stop the R/3 System.
2. Stop the database.
3. Stop all services (NT).
4. Execute the backup using your backup program (database and file system).
5. Check backup times and logs.
6. Cycle the server.
1637

Backups
&KHFNLQJWKH%DFNXSV'% '%

'DWDEDVH
*XLGHG7RXU

(or from the SAP standard menu, choose Tools CCMS DB Administration DB12-Backup logs).
2. Record the date and time that
appears next to Full R/3 backup.
3. If the backup failed, there is no
indication on this screen, except
that the last successful backup
date was not the expected date.
You must review DB13 to see the
indication that the job failed.
4. Choose Backup history to get more

detail on the backups.
5. This screen shows the backup. For

the backup that ran, you can see
the following info:
a. Start date and time.
5a
5b
5c
5d
b. DB name
c. Media name or tape label
d. Position on the backup tape
1638
Release 4.6A/B

Backups
*XLGHG7RXU

(or from the SAP Standard Menu, choose Tools CCMS DB Administration DB13-DBA Planning
Calendar).
2. Look for the backup job that is
listed under each data square.
3. If the backup failed, the job will be
indicated in red.
In Release 4.6, red-text jobs could

also mean that the job log is
unavailable, and the job could still
be running.
4. Select the entry for the backup.
5. Choose Action logs.
This is the job log from the

backup.
1639

Backups
2SHUDWLQJ6\VWHP/HYHO%DFNXSV
The general process is as follows:
1. Record the usual or expected run time for the backup.
2. Compare the actual backup time to the expected (usual) run time for the backup.
If the backup takes longer or shorter than this time, there may be a problem that needs
to be investigated.
Any failed backup must be immediately investigated and resolved.

81,;
For your UNIX-level backup, review the results using the appropriate UNIX backup
application.
17
We assume that you are using the NTBackup application. If you are using another program,
use that programs documentation to determine its status after backup.
NTBackup records some log information in the NT event logs. A more specific log is written
to a file as specified when NTBackup is run.
*XLGHG7RXU
1. From the Windows NT desktop,

2
choose Start Programs
Administrative tools Event viewer.
3
Create a shortcut on your desktop to

the Administrative tools group.
2. Choose Log Application.
3. Under Source, look for the
NTBackup entries.
4. Check for error messages, which
are indicated in red.
1640
Release 4.6A/B

Backups
5. To view the details for a line

entry, double-click on the line.
This view will give you a bit more
information.
5HYLHZWKH17%DFNXSORJ
If the event log indicates problems:

1. Review the NTBackup log to determine more specifically what the error was.
2. Using that information, take corrective action.
The NTBackup log is by default: c:\winnt\backup.log. If the NTBackup writes to a different file or directory,
you need to review that file.
1. In Explorer, select the directory
c:\Winnt.
2. Double-click on Backup.log.
Backup.log is a text file. This step
assumes that you have Notepad
associated with the extension log.
2
1
1641

Checking Consumable Supplies
3. Scroll through the file to look for

any problems.
&KHFNLQJ&RQVXPDEOH6XSSOLHV
:KDW
Consumable supplies are those that you use regularly, such as:
<
Cleaning cartridges
<
Data cartridges (tape and disk)
<
Laser printer toner
<
<
Ink cartridges
Batteries
<
Forms
<
Envelopes, etc.
Within the group of consumable supplies are critical supplies. If these supplies run out,
your business operations could be affected or stopped. Examples are preprinted forms with
your companys name or other special printing and magnetic toner cartridges. The amount
of spare supplies purchased and available on-hand should be enough to accommodate
varying usage levels and to allow for time to purchase replacements.
:K\
Running out of supplies will create an inconvenience, or even an operational problem.

&ULWLFDO6XSSOLHV
If an item is critical, and you run out of it, business operation may stop.
1642
Release 4.6A/B

([DPSOH
If you run out of the magnetic toner cartridge for the check printer, you will not be able
to generate checks out of the system. At this point, either you cannot print checks to pay
your vendors, or you have to manually type the checks (if you have blank manual check
stock on hand).
Special or custom supplies such as the following require special consideration:
<
Special magnetic ink toner cartridges to print the MICR characters on checks.
Not every computer supplier will stock these special cartridges.
<
Preprinted forms (with company header, instructions, or other custom printing).

Due to the customized nature of these items, there is usually a significant lead time to
restock these items.
If it is a critical item, stock extras, the first spare may be bad or defective.
Murphy says: When you need something immediately, it will be Friday evening and
vendors and stores will be closed.
+RZ
To check consumable supplies:

<
Check the expiration date on supplies that are subject to aging.

This check applies to supplies currently being used and those in inventory (not yet in
use).
<
Check supplies that have a time in service expiration, such as hours, cycles, etc.
([DPSOH
Certain DAT tapes are rated for 100 full backups. After that they should be discarded
and replaced with new tapes. (This usage limit can be entered into the SAPDBA control
file for Oracle.)
<
Keep in touch with your purchasing agent and the market place.
Market conditions may make certain supplies difficult to purchase. In such conditions,
the lead time and quantities to be purchased need to be increased.
For example, at one time, 120 meter DAT tapes cartridges were difficult to buy, at any
price.
<
Track usage rates and adjust stocking levels and purchasing plans as needed.
1643

2WKHU&RQVLGHUDWLRQV
Certain supplies may have long lead times for purchase, manufacture, or shipping.
Do not make your lack of planning the purchasing agents emergency. If you do this too
often, you will soon use up your favors. Then when you really need help, the purchasing
agent may not be as willing to help you.
1644
Release 4.6A/B
&RQWHQWV
Table Maintenance (Transaction SM31) .............................................................172
Change Control .....................................................................................................179
Managing SAP Notes ............................................................................................179
Change Control (Managing Transports) ...........................................................1712
Transporting Objects..........................................................................................1715
171
Chapter 17: Change Management

Table Maintenance (Transaction SM31)
7DEOH0DLQWHQDQFH7UDQVDFWLRQ60
If no transaction is available to maintain a table, it can be directly maintained using
transaction SM31.
Use this method if, and only if, there is no transaction to maintain the table. Directly
maintaining a table circumvents all edits and validations in the system.
When a change is made directly to a table and the table is saved, the change is immediate.
There is no undo function.
&UHDWLQJDQ(QWU\LQWKH7DEOH60
*XLGHG7RXU
1RWH This procedure shows how to create new entries in the Prohibited Password table, USR40.
1. In the Command field, enter transaction SM31 or SM30 and choose Enter
(or from the menu bar, choose System Services Table maintenance Extended table maintenance).
2. In Table Views, enter the table
name (for example, USR40).
3. Choose
Maintain.
172
Release 4.6A/B

4. If the table you are changing is

client-independent, this dialog box
appears.
Choose
.
4
Client independent changes will

affect all clients on a system, not
just the client on which you are
working.
5. Choose New entries.
173

6. In Password (the field name that

appears depends on the table
selected), enter the new entry (for
example, january).
7. Choose Save.
If the client is not configured to

record changes for transport, this
screen does not appear.
8. If this screen appears, create a
request by choosing .
8
9. In Short description, enter text that

describes what change you are
making to the table and why you
are making the change.
10. Choose Save.
10
174
Release 4.6A/B

11. Record the request number. This

number is needed to transport the
table changes to the other systems.
12. Choose
.
11
12

indicates that the entries have
been saved.
14
14. Choose Back.
13
15. Here you see the new entry

january in the table.
16
16. Choose Back.
15
175

'HOHWLQJDQ(QWU\IURPD7DEOH60
*XLGHG7RXU
1. In the Command field, enter transaction SM31 or SM30 and choose Enter
(or from the menu bar, choose System Services Table maintenance Extended table maintenance).
2. Enter the table name (for example,
USR40).
3. Choose
Maintain.
4. If the table is client-independent this

window appears.
Choose
Client-independent changes affect

all clients on a system, not just the
client you are working in.
176
Release 4.6A/B

5. Navigate to the password by

scrolling up or down to go
through the table or choose
Position to go directly to the
entry.
5a
6. Select the password to delete (for

example, password).
7. Choose
.
6

indicates that the password was
deleted.
9. Choose Save.
10. Choose
10
177

11. In Short description, enter text

about the change you are making
to the table and why.
11
12. Choose Save.
12
13. Record the request (transport)

number.
This number is needed to
transport the table changes to the
other systems.
14. Choose
13
.
14

indicates the change was saved.
15
178
Release 4.6A/B

Change Control
&KDQJH&RQWURO
Change control is the managing of the changes, modifications and customizing made to
your system. This control allows you to be aware of and control what changes are made.
These change must be made in a controlled manner, because uncontrolled changes are a
recipe for disaster.
The process is:
<
<
Managing the changes:

SAP notes that are applied to the system.
Authorization process for moving the changes from one system to another.
Making the changes to the R/3 System.
<
Moving the changes from one system to another.
The SAP training class BC325 (Software Logistics) covers change management and
transports. Also see Software Logistics by Sue McFarland.
0DQDJLQJ6$31RWHV
:KDW
SAP notes were formerly known as OSS notes.

Managing SAP notes means tracking the notes that you have reviewed and applied. These
notes are release and configuration specific and may (or may not) relate to your systems
configuration. Some of these notes may actually be specific to individual systems in your
environment.
:K\
There are several reasons to track SAP notes that are applied to your system:
<
If a problem arises, SAP may ask if a specific note has been applied.
If you do not have a record of what notes you have applied, then you must manually
investigate your system. This process can be difficult and time consuming.
<
When the system is upgraded, for conflict resolution, you need to know what notes have
been applied.
You must know what notes:
Are included in the upgrade, so you can go back to SAP standard code
May need reapplying because they are not included in the upgrade
179

Managing SAP Notes
+RZ
<
Document all SAP notes applied to your system(s), and specify which system and
instance to which it is applied.
<
Document all code changes with the SAP note number that applies.
This documentation is important especially if a program is changed by an upgrade or
support package. It helps you determine if your code change is included in the upgrade
or patch and, therefore, whether the program can revert back to SAP standard.
<
In addition to a high-level tracking table, detailed records should be kept on the

individual notes.
The record should include the problem to be fixed, objects changed, release in which the
note was fixed (important for upgrades), and other applied or recommended notes (see
sample form in chapter 12).
<
Document all SAP notes that are noted and do not require actual changes to be made
to the system (for example, procedural or informational notes).
<
Document SAP notes that have not been applied to your systems.
There may be cases in which you review a note and determine that it does not apply.
You should document the reason(s). If SAP asks why a specific note was not applied,
you will have an answer.
6DPSOH)RUPV
General Note Record

Note #
Description
12345
36987
1710
Noted
DEV
QAS
PRD
xxx
11/06/98
11/15/98
11/30/98
yyy
2/06/99
2/13/99
2/28/99
Release 4.6A/B

Managing SAP Notes
Detailed Online Service System Note Record
Note Applied
Note # :
Short text:
Module:
Problem to solve:
Objects changed:
Fixed in release:
Comments:
Other notes
applied with this
problem:
Applied to:
System
Client
DEV
100
Transport number
Date imported or
applied
Return
code
Sign off/Initial
110
QAS
200
210
PRD
300
1711

Change Control (Managing Transports)
&KDQJH&RQWURO0DQDJLQJ7UDQVSRUWV
:KDW
Change control is the process of managing changes, modifications and customizing made to
the system and the transport of those changes through the pipeline from the development to
the test system, and finally to the production system. One of the most important change
management tasks involves notifying the appropriate people of the changes and getting
their approvals.
:K\
Because R/3 is an integrated system, there are items that may impact many other modules
or groups. If, for example, a change is made to a module which impacts other modules, and
this change is done without the knowledge of the appropriate people, a process may cease
to function. If something stops functioning in the production system, business may stop
until the problem is resolved.
In the past, most application systems were independent, so changes in one system were
insulated from the other systems. Because of this independence, users may not be used to
consulting with other organizations when making changes to what they consider their
systems.
In change control, there is a review and approval process. You should not make a change
and apply it to the system without a review and approval of the changes. These changes
apply to changes to SAP objects and system configuration.
+RZ
The following steps demonstrate a change control process:

1. Document all code, configuration, and other changes.
2. Test by:
<
<
Developer
Functional analyst
3. Get the following signoffs (see sample Transport Request Form on page 14)
By all functional groups:
1712
<
Review and be aware of changes that might affect their functional areas.
<
If needed, perform additional tests by and with other functional groups, where there
is possible interaction from the change.
Release 4.6A/B

Operations review
<
Review any changes that may affect the operations staff
<
<
Schedule new jobs

Program error or problem procedure
Document the program restart procedure. Is it safe for the operator to restart the
job, if it fails or hangs?
4. Verify the change in the target system

Change control should also contain a recovery plan that includes:
<
What to do if the import to the production system creates a problem?
<
How to roll back? Will it be possible to roll back?
<
Will a problem require a database restore?
A transport cannot be undone.
1713

Sample Transport Request Form

Request to Transport
Transport number:
Transport title/description:
Objects:
SAP Notes Applied:
(SAP note form required

for each note)
Effect on other functional areas:
Special transport instructions:
Specific order
Need quiet time: Yes/No
Request for transport by:

Tested by:
Functional area review and approval:

FI
MM
Computer Operations
SD
Approved for transport by:
Transport details:
System
Client
QAS
200
Date
Start time
End time
Return
code
Sign off/
Initial
210
PRD
1714
300
Release 4.6A/B

Transporting Objects
7UDQVSRUWLQJ2EMHFWV
7UDQVSRUWVLQWRWKH3URGXFWLRQ6\VWHP
:KDW
A transport is the mechanism that R/3 uses to move changes:

< Within a system from one client to another client
<
From one system to another system on the same client
<
From one system to another system and from one client to another client
:KHQ
Complete the transport in the production system during a quiet period (for example,
Sunday afternoon or evening) when users are not logged on the system.
Ideally, a full system backup should have been completed before transports are imported.
:K\
During a transport, objects may be overwritten. If an object is being used in the target
system when a transport is performed, the transport may cause inconsistent results or
terminate the transaction. In the worst case scenario, a transport may break the
production system and you will need to restore the system.
+RZ
Transports are only done when necessary (when you have a transport that needs to be
moved). You may also have the occasional emergency transport that must be moved at a
time other than at your normal weekly transport time.
7UDQVSRUWLQJ2EMHFWV
The transport system has been significantly changed in Release 4.x. (It used to be known as
Correction and Transport System.) It is still CTS, but is now called the Change and Transport
System; In CTS are the Transport Management System (TMS) and Change and Transport
Organizer (CTO).
The purpose of transports is to move objects and configuration from one system to another
in the production pipeline. This pipeline is defined in a three-system landscape as systems
comprising development to quality assurance to production. A transport starts in the
development system, is transported to the quality assurance system where is tested, and
finally into the production system.
To transport objects, use one of the following methods:
<
Transport Management System (TMS)
<
Operating system (OS)
Transports are taught in BC325 (Software Logistics).
1715

7060HWKRG
The TMS method uses a new transaction, STMS, to perform the transports.
Benefits:
< The user does not have to go into the operating system to do the transport.
<
The user selects the transport from a GUI to do the import.

There is no risk of incorrectly typing the wrong command or transport number.
<
Because the import is done from within R/3, there is no need to physically go down to
the server or use a remote connection (for NT) to the server to do the import.
<
The transport route can be specific to clients.

With one export, the TMS system is set up to import into several combinations of system
and client as defined in the transport route. (This functionality is new in Release 4.6.)
<
Transport requests can be grouped into projects, and the transport request selected and
moved by these projects.
This grouping reduces the chances of transporting the wrong transport request when
there are many activities and projects going on. (This functionality is new in Release 4.6.)
<
Advanced quality assurance prevents transports from being imported into the
production system until they are released after successful testing in the quality
assurance system. (This functionality is new in Release 4.6.)
<
The import of transport requests can be scheduled.

You no longer have to manually import the transport requests or write scripts to do the
import. (This functionality is new in Release 4.6.)
706GRFXPHQWDWLRQ
The TMS documentation (including configuration) can be found on the R/3 online
documentation by choosing Help SAP Library Basis Components Change and Transport
System (BC-CTS) BC-Transport Management System.
2SHUDWLQJ6\VWHP0HWKRG
The operating system (OS) method requires you to go down to the OS level to execute the
transport program (tp) at the command line.
Disadvantages:
< The user must go into the operating system to do the transport.
This action is a security issue in companies that restrict which employees can have this
level of access.
<
The import is done from the command line.

There is the risk of incorrectly typing and importing the wrong transport.
1716
Release 4.6A/B

6WDQGDUG7UDQVSRUW3URFHVV
This section describes the standard transport process from your development system to
your production system.
The following steps are part of your companys change management process:
1. Obtain proper authorization to transport the objects.
Obtaining this authorization is the responsibility of the person who requests the
transport move. The required authorizations and approval process differ based on the
company. Some companies require the approval of only one person, while other
companies require the approval of numerous people.
A major purpose of the approval process is to give other functional groups a heads up
as to what you are moving.
If the move affects any of the functional groups, and they know about it, they can take
the appropriate action: review, test, etc. If necessary, your transport is delayed until the
affected functional groups are satisfied. This way, there will not be problems related to
your transport.
2. Define other necessary transport management related information, such as:
<
Who to contact in case of problems

The person doing the transport typically is not a programmer. If there is a problem
with the transport, that person will need assistance to determine what failed.
<
What recovery process to follow if the transport fails
<
Who will test the transport in the target system to determine that it works as
intended
<
The transport number
<
The source system
<
The target system(s)
<
Relationship to other transports, such as sequence order, etc.
For more information, see chapter 12.

3. Use transactions SE01, SE09, or SE10 as necessary to release the transport.
First release the task, then release the request (or transport).
The TMS (normal) import and one of the OS import options, tp import all, will
import all transports in the import buffer. The assumption is that all objects released
into the import buffer have been tested and approved for transport into the target
system. If you use either method, it is important to not release the objects until they have
been tested and approved for transport.
Up to, and including Release 4.5, in a three-system landscape, once the transport is
imported into the quality assurance system, it is added into the production system
import buffer, and there is no second release out of the quality assurance system.
4. Import the request into the target system.
1717

5. Check the transport log.

,PSRUWLQJWKH(QWLUH,PSRUW%XIIHU
If you import the entire import buffer, everything in the buffer will be imported into the
target system, regardless of whether all the transports are ready. The problem with
importing the entire buffer is that the various transports may be in different stages of
testing. Some may be finished, while others may still be in the process of being tested. An
import all imports all the objects in the buffer, regardless of whether they are ready to be
transported.
A new feature in Release 4.6 is the Advance Quality Assurance. In this feature, the requests
imported into the quality assurance system must be approved in this system to be
transported to the production system. This process helps prevent the accidental transport
of a request that has not completed quality assurance testing in this system. This change is
an important change management enhancement and should be used by everyone with a
standard three-system landscape.
Before Release 4.6, when a transport was imported into the quality assurance system, it was
automatically added to the import buffer of the production system. Therefore, an import
all would import everything, ready or not.
To manage the import buffer in the:
< Source system, do not release the transport until the testing is complete.
<
Production system:
Using the TMS method, use preliminary import to select the individual transport
to import.
Using the TMS method, use the project method to manage the transport requests.
Using the OS method, import the requests (transports) individually.
Do an import all only when the entire buffer is ready to be imported.
6SHFLDO7UDQVSRUWVIURP6$3
Special manual transports fix specific problems, add features, or add functionality from
third-party software vendors. U.S. customers can download the transport files from
SAPSERV4. These files are usually a single file that you have to unpack using the CAR
program. The downloading and unpacking procedure is described in chapter 22.
1. Get the files from SAP or the delivery media, such as a CD.
Two files (sometimes there is a third file) are normally combined as a set (for example,
K174511.P30, R174511.P30, and D174511.P30).
2. Copy the files into the appropriate transport directories:
a. Copy files beginning with K into:
<
NT
<
UNIX
<drive>:\usr\sap\trans\cofiles
\\<host>\sapmnt\trans\cofiles
/usr/sap/trans/cofiles
b. Copy files beginning with R and D into:
1718
Release 4.6A/B

<
NT
<drive>:\usr\sap\trans\data
\\<host>\sapmnt\trans\data
<
UNIX
/usr/sap/trans/data
1RWH D files do not always exist.

3. Add the special transport to the import buffer (process described in 1725 and 1734).
4. Import the transport (process described in 1727 and 1734).
5HOHDVLQJD5HTXHVW7UDQVSRUW
To release a request:
1. Release all tasks associated with the request.
2. Release the request.
*XLGHG7RXU
1. In the Command field, enter transaction SE10 and choose Enter

(or from the SAP standard menu, choose Tools Accelerated SAP Customizing
SE10-Customizing Organizer).
2. In User, enter the user ID of the
person who owns the Request.
3. Verify that the following categories
are selected:
< Customizing
< Workbench
< All clients
2
3
4. To verify the Request status:

< Select Modifiable.
< As an option, you may deselect
Released.
Over time the released list will be
large.
5. Choose
Display.
1719

6. Select the task to release.

7. Choose
8. Document the content of the

transport.
9 11
9. Choose Save.
10. A message appears on the message
line indicating the task was released.
11. Choose Back.
10
1720
Release 4.6A/B

12. A message indicates that the task was

released into the specified request.
All of the tasks associated with a
request must be released, before the
request can be released.
The next step is to release the request.
12
5HOHDVLQJWKH5HTXHVW
1. Select the request.

2. Choose
.
2
3. If this window appears, select

Release and export.
4.
Choose
.
4
1721

5. As the export is running the line

In process Requires update appears.
6. Choose
7. When the export is finished, the

above message changes to a status
message.
10
8. Check the export return code and

text message.
This screen shows that the export
Ended OK and has a return code of 0.
9. Check the test import return code
and text message.
This screen shows that the import
Ended OK and has a return code of 0.
7, 8
9
The return codes are:

< 0 Successful
< 4 Warnings occurred
< 8 Performed with errors
< 12+ - Transport was terminated
A return code of 8 or higher is a

failed transport.
10. Choose Back.
1722
Release 4.6A/B

11. A message appears indicating that

the request was released and
exported.
11
12. The request is now in the Released

section.
You can see this request only if you
selected to view released requests in
step 1 of releasing a task.
12
,I7KHUH,VD3UREOHP
If there is a problem, review the transport log. For more information, see the transport log later in this
chapter.
1723

7060HWKRGRI7UDQVSRUWLQJ
7KH0DLQ7066FUHHQ
*XLGHG7RXU
1. In the Command field, enter transaction STMS and choose Enter

(or from the SAP standard menu, choose Tools Administraton Transports
STMS-Transport Management System).
2. The Transport Management System
(TMS) screen appears.
This is the transaction that all the
following TMS processes will start
from.
1724
Release 4.6A/B

To access TMSs online documentation, choose:

1. SAP Library Basis Components Change and Transport System (BC-CTS)
BC-Transport Management System
2. BC-Transport Management System
Under BC-Transport Management System, there are five major topics:
< Configuring TMS
< Performing Transports
< Approving or Rejecting Requests
< Special Transport Workflow
< Troubleshooting
$GGLQJD6SHFLDO7UDQVSRUWLQWRWKH,PSRUW%XIIHU
*XLGHG7RXU
Adding a special transport into the import buffer is usually not done. The release process adds the
transport into the appropriate input buffer. This task is only performed for special transports that are
downloaded from SAPSERV4 or received via CD.
3UHUHTXLVLWH
The transport files have been moved into the appropriate directories.
1. From the TMS screen, choose
1725

2. Position cursor on the <SID> of

the R/3 System to which you want
to add the transport.
3. Choose

Extras Other requests Add.
5. Enter the transport number.

6. To continue, choose
7. Choose Yes.
1726
Release 4.6A/B

8. The special transport is now in the

system buffer.
8VLQJ706WR,PSRUWD7UDQVSRUW5HTXHVW
*XLGHG7RXU
1727

2. Select the <SID> of the system into

which the request will be
imported.
3. Choose
4. From this screen, you have two

options:
< Preliminary Import
to selectively import requests
one at a time.
< Import All
to import all the requests in the
queue for the selected system.
,PSRUWD6HOHFWHG5HTXHVW
1. Select the request you wish to

import.
2. Choose
.
2
1728
Release 4.6A/B

3. Enter the Target client.

4. Choose
.
3
5. The Options tab is where you select

special import options.
These options correspond to the
unconditional codes used when
transporting at the OS level.
6. Choose Yes.
1729

7. The import process begins and

may run for a while. You can
monitor the progress of the import
by watching the process
indicators.
8. The Request number now appears

with a green check, indicating that
it was imported as a preliminary
import.
,PSRUW$OO5HTXHVWV
1. At this point, all the requests

shown in the input buffer will be
imported and indicated in the
Request column.
2. Choose
.
1
1730
Release 4.6A/B

3. Enter the target client number.

4. Choose
.
3
5. Choose Yes.
6. To refresh the screen, periodically

choose .
7. When completed, the message
Import queue is empty appears.
8. Choose Back.
8
6
1731

&KHFNWKH7UDQVSRUW/RJ
*XLGHG7RXU
2. Select the <SID> of the R/3

System for which you want to
check the transport log.
3. From the menu bar, choose Goto

TP system log.
2
1732
Release 4.6A/B

4. Choose
(or from the menu bar,
choose Syslog Refresh).
5. Check the final return code:
< 0 (Successful)
6
4
< 4 (Warning)
< 8 (Error)
< 12 (Fatal)-6
Anything other than a 0 or 4 is
considered a failed transport.
GoTo Transport steps (this was
formerly known as alog).
5
7. From this screen, you can verify

the request number and the return
code for that request.
8. The return code (indicated in
column RC) is the same as in step
5 above.
By using TMS to review the transport logs, the inconsistency encountered in the OS method of viewing
the transport log does not occur. The inconsistency is when the tp return code (received when the
import is done) does not match the return code in the transport log. The following line would appear in
the above screen:
Request
SID
RC
ALL
SAS
0008
1733

260HWKRGRI7UDQVSRUWLQJ
$GGLQJD6SHFLDO7UDQVSRUW,QWRWKH,PSRUW%XIIHU
Adding a special transport into the import buffer is normally not done. This task is only
performed for special transports that are downloaded from SAPSERV4 or received via CD.
3UHUHTXLVLWH
<
The transport files have been moved into the appropriate directories.
<
You must be on the target system (PRD).
1. Go to the transport program directory:

<
NT:
<
UNIX: /usr/sap/trans/bin
<drive>:\usr\sap\trans\bin
2. Load the transport into the import buffer with the following command:
tp addtobuffer <transport> <target sid>
tp addtobuffer P30K174511 DEV
Where the:
<
Target system is DEV
<
File is K174511.P30
<
Transport number is P30K174511
<
The transport number is derived from the transport file number, where the first three
characters are the file extension (P30), and the rest of the name is the base name of
the file (K174511).
3. Import the transport.

,PSRUWLQJWKH7UDQVSRUW
3UHUHTXLVLWH
<
You must be on the target system.
<
For NT, on the target system, you must have mapped a drive to the shared directory
(\sapmnt) on the source system (for example, where drive S: is mapped to
\\devsys\sapmnt).
+RZ
1. Go to the transport directory.

NT:
<drive>:\trans\bin
UNIX:
/usr/sap/trans/bin
2. Test your connection to the target system with the following command:
tp connect <target sid>
tp connect prd
1734
Release 4.6A/B

3. Enter the transport command.

<
To specify an individual transport, enter:

tp import <transport> <target sid> client=<target client>
tp import devk900023 prd client=100
Where the:
Transport number is devk900023
Target system is PRD
Target client number is 100
<
To import the entire import buffer, enter:

tp import all <target sid>
tp import all prd
You may be instructed in an SAP note or by the SAPNet hotline to use Unconditional codes
or U codes. These are special program option switches that the tp program uses during the
import process.
<
In NT, use QuickSlice, an application included with the NT resource kit, and the CPU
activity in the NT Performance Monitor to monitor the import process. After a few
times, you will recognize the activity pattern of a transport.
<
In UNIX, use the utilities top or xload to monitor the import process.
1. Record the start and finish time for the transport on the transport log or the transport
form.
2. Check the exit code.
If you receive an exit code of 8 or higher, the import failed. You must resolve the
problem and reimport the transport. If you get a return code of 8, there is a known
condition where this return code does not match the transport log. This condition is
described in Checking the Transport Log section below.
3. Check the transport log (see below).
&KHFNLQJWKH7UDQVSRUW/RJ7UDQVDFWLRQ6(
:K\
The transport log indicates why a transport failed.

+RZ
The information in this chapter is only a portion of the first half of the process, that is,
determining if the transport succeeded or failed. The second half of the process,
investigating why the transport failed, is not covered. If the transport involves an object
such as an ABAP program or SAPscript layout, you will need the assistance of your
programmers to determine why it failed and how to fix it.
1735

After the transport is completed, check the transports exit code:

<
0 = OK
<
<
4 = Warning
8 = Error
<
12 = Severe Error
If you receive an exit code of 8 or higher, the import failed. You must resolve the problem
and re-import the transport.
The transport could still have failed even if you did not receive a failed return code. The
final test is to verify in the target system that the transport arrived properly. The developer
and functional area owner are responsible for this verification.
&KHFNLQJWKH7UDQVSRUW/RJ
*XLGHG7RXU
1RWHYou must check the transport log from the transaction that released the transport (SE09 or SE10).
1. In the Command field, enter transaction SE10 and choose Enter
(or from the SAP standard menu, choose Tools Accelerated SAP Customizing
SE10-Customizing Organizer).
2. Under Category, select:
< Customizing
< Workbench
< All clients
3. Under Request status:
< Deselect Modifiable.
< Select Released.
4. Enter a date range in the Last changed

From and To fields to limit the
3
amount of requests to review.
5. Choose
Display.
5
1736
Release 4.6A/B

6. Select the request.

7. Choose
8. On the Import line, check the return

message and code:
< 0 Successful
< 4 Warnings occurred
< 8 Performed with errors
< 12+ Transport was terminated
8
9
A return code of 8 or higher is a

failed transport.
9. If you see a warning in step 8,
choose display log for the line with
the warning.
1737

10. Choose
to drill down for
additional details.
11. The status bar indicates how many
levels you have drilled down.
10
11
You may run into a rare inconsistency between the return code in this log and the return code
when you ran the import program tp. This condition occurs when the tp program ends with a
return code 8 (Error) and the log above shows a maximum return code of 4 (Warning). This
inconsistency is caused by a step in the import that is not associated with the transport number
(in the example RW6K9000079). Thus when the log is reviewed, the maximum return code of 4
[(and not 8) (Warning)] appears. However, it is still a failed transport.
The TMS method does not have this inconsistency.
1738
Release 4.6A/B
&RQWHQWV
Overview ................................................................................................................182
Basic Troubleshooting Techniques ....................................................................182
181
Chapter 18: Troubleshooting

Overview
2YHUYLHZ
This chapter is a basic problem solving chapter. We will present you with some of the tools
and techniques to help you solve the problem yourself. We will not be going into advanced
troubleshooting techniques. Troubleshooting is learned by doing; the more experience you
have, the better you become.
The next chapter is on performance tuning. Performance tuning is a specialized
troubleshooting, so troubleshooting techniques are also relevant for performance tuning.
%DVLF7URXEOHVKRRWLQJ7HFKQLTXHV
The general procedure when working on troubleshooting is not new. It is the standard
problem solving procedure that has been in use for years by many professions. Your auto
mechanic would follow the same procedure when repairing your car:
<
Gather data
<
Analyze the problem
<
<
Evaluate the alternatives

Make a change
Remember to make only one change at a time.
<
Document the changes
<
Evaluate the results
*DWKHU'DWD
182
<
Ask the following questions:

What is the problem?
What error messages, dumps, or other diagnostic aids are available from the
problem?
What conditions caused the problem?
Is the problem repeatable?
<
To analyze the problem, use your available tools, such as:

System Log (SM21)
Update Failure (SM13)
ABAP Dump (SM22)
Spool (SP01)
Release 4.6A/B

Basic Troubleshooting Techniques
$QDO\]HWKH3UREOHP
<
<
What are the resources you have to help solve the problem:
Online documentation
Reference books
SAP notes
Other customers (this is your network)
Call for assistance:
Consultants
SAPNet help desk
(YDOXDWHWKH$OWHUQDWLYHV
0DNHRQO\2QH&KDQJHDWD7LPH
<
If there is a problem, and you made several changes at once, you will not know which
change caused or fixed a problem.
<
There are times where several changes need to be made, to fix a problem.
Unless they must be done together, such as related program changes, make the changes
separately.
'RFXPHQWWKH&KDQJHV
<
If a change causes a problem, you need to undo the change.

To do that you need to know what the configuration was before the change and what
you did.
<
If the change needs to be applied to multiple systems, you need to know exactly what
changes to make and how to do it. This process must be repeated exactly the same on all
systems.
183

*HWWKH&RPSOHWH(UURU0HVVDJH
*XLGHG7RXU
When you get an error message in an R/3 transaction, you need all the information on the error to forward
to SAP. To get the complete error message, do the following:
1. When an error occurs, the field
with the error is highlighted.
2. Double-click on the error message.
3. The error message appears in the

dialog box.
4. Record the relevant information
from the screen to send to SAP.
184
Release 4.6A/B

*HWWKH6$33DWFK/HYHO
:KDW
This level is the R/3 kernel patch level that is being used.
:K\
This patch level is needed when submitting problem messages to SAP. It tells the hot line
personnel on what kernel patch level you are. Different problems are fixed in different patch
levels.
([DPSOH
You are on patch level 50 and have a particular problem. The fix to your problem may
have been done in patch level 61. This level identifies that the problem is an older kernel
that contains the problem. The solution is to upgrade to the current kernel, at least patch
level 61.
+RZ
*XLGHG7RXU

SM51-Servers).
2. Select the central instance (for
example, pa100767_SAS_00).
3. Choose Release notes.
3
2
185

4. Record the Patch level (for our

example, we chose Patch level 55).
'HWHUPLQLQJ:KDW6XSSRUW3DFNDJHV+DYH%HHQ$SSOLHG
:KDW
A support package is an SAP-provided R/3 fix and is similar to an NT Service Pack.

:K\
As with the SAP Patch level, problems you have may be related to the level of the applied
support package.
186
Release 4.6A/B

+RZ
*XLGHG7RXU
1. From the menu bar, choose System Status.

2. Choose
3. Choose the Patches tab.

3
187

4. In this example, the following

patches have been applied:
< SPAM update 17-Sept-99
< Support Package 01 for 4.6A
Patch Status values are:
< N The patch has not yet been
applied
<
I Patch has been successfully

applied
<
? Patch application has been

aborted
The name of a Support Package is interpreted as follows:

< SAPKH<release><sequence_number>
<
188
SAPKH46A01 is interpreted as SAPKH / 46A / 01, and is for Release 4.6A and is the first Support
Package.
Release 4.6A/B
&KDSWHU 3HUIRUPDQFH
&RQWHQWV
Overview ................................................................................................................192
General Procedure ................................................................................................193
R/3...........................................................................................................................194
Database ..............................................................................................................1911
Operating System ...............................................................................................1911
Hardware..............................................................................................................1915
191
Chapter 19: Performance

Overview
2YHUYLHZ
This chapter is an introduction to performance issues in R/3. We provide only general
guidelines, not detailed performance tuning instructions. It is not possible in one chapter, to
provide the breadth and depth of information available in the SAP training class or the
Performance Optimization book. For more detailed performance tuning, we recommend the
following resources:
<
BC315 R/3 Workload Analysis (the SAP Performance Tuning class)
<
SAP R/3 Performance Optimization, by Thomas Schneider, SAPs TCC organization, which
recently published a book on performance optimization.
Performance tuning is specialized troubleshooting. Since you are trying to solve

performance issues, all troubleshooting techniques are also relevant.
Rather than using database and operating system-specific details, where possible, we will be
using R/3 transactions to access relevant database and operating system data. This
approach makes the information database and operating system independent.
&ULWLFDO$VVXPSWLRQ
The hardware, operating system, database, and R/3 have been properly installed based
upon SAPs recommendations.
:K\
As with the design of this book, performance tuning has to have a starting point. This point
is the SAP-recommended configuration for hardware, database, operating system, network,
etc.
An extreme example (that did occur with a customer) is where the operating system, the
database, and R/3 has been installed on a single logical drive. In this situation, all the drives
in the server were configured in a single RAID5 array and treated as a single, huge drive.
This situation created a classic condition known as head contention, where R/3, the
database, and the operating system all simultaneously competing for the same disk drive
head.
Head contention is similar to you being asked to do many things at the same time, such as:
<
Cook dinner
<
Read a book
<
Help your child with homework
<
Water the yard
<
Fix the fence
You run around doing a little of each task then going to the next. None of the tasks get done
with any reasonable speed.
192
Release 4.6A/B

General Procedure
This is an example of a problem that is not new. Head contention existed in the early days of
computing. The solution now is essentially the same as it was back then, that is, to spread
the data over multiple drives.
3ULRULW\RI(YDOXDWLRQ
The SAP EarlyWatch group has determined that the majority of the performance issues and
gains are from within R/3. This gain is followed first by database issues, then operating
system, then hardware. Thus we will primarily discuss R/3 performance issues.
*HQHUDO3URFHGXUH
The general procedure when working on performance issues is not new. It is the standard
problem-solving procedure:
<
Gather data
<
Analyze the problem
<
Evaluate the alternatives
<
Make only one change at a time

If there is a problem, you will not know which change caused a problem. There are
times where several changes need to be made to fix a problem. Even so, unless they
must be done together, such as related program changes, make the changes one at a
time.
<
Document the changes.

If a change causes a problem, you need to undo the change.
To do that you need to know what the configuration was before the change and
what you did.
If the change needs to be applied to multiple systems, you need to know exactly
what changes to make, and how to do it.
This process must be repeated exactly the same on all systems.
193

R/3
5
One of the most common reasons for R/3 performance problems is poorly written custom
(or modified standard) ABAP programs.
:RUNORDG$QDO\VLVRIWKH6\VWHP7UDQVDFWLRQ67
:KDW
Workload analysis is used to determine system performance.

+RZ
You should check statistics and record trends to get a feel for the systems behavior and
performance. Understanding the system when it is running well helps you determine what
changes may need to be made when it is running poorly.
*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration Monitor Performance Workload
ST03-Analysis).
2. Choose Data base server or This
application server.
(In this example, we chose This
application server,
pal101003_SAS_00.)
194
Release 4.6A/B

R/3
3. Select a time period to analyze.

(In this example, we chose Last
minute load.)
4. Enter how many minutes back to

analyze, or choose Other selection
to specify a date and time period
to analyze.
In this example, we chose Other
selection.
5. Under Time interval to be analyzed

is, enter the Date and time range to
6
be analyzed.
6. Choose
195

R/3
7. Check the Current value under

Task types (for example, Total).
The task types are:
< Total
< Dialog
< Background
< RFC
10
8. Choose the appropriate button to

view performance values for that
Task type.
9. Examine Av. response time.
If this value is less than 1,000 ms (1
second), the response time meets
the target standard response time.
For more information on Av.

response time, see notes below.
10. Choose Transaction profile.
8
7
Judgment must be applied when reviewing statistical values. If you just started the R/3
System, the buffers will be empty and many of the statistics will be unfavorable. Once the
buffers are loaded, values can be properly evaluated.
In this example, the Av. response time of almost 4 seconds must be evaluated with other
factors in mind.
The R/3 user default for a decimal point is a comma. If your default profile for decimal point,
(point or comma) is not appropriately set, the display may be misread. For example, rather
than 3,888 ms, it would read 3.888 ms. Quite a difference!
196
Release 4.6A/B

R/3
11. Click on any cell in the Response

time avg column.
12. Choose
12
11
Analysis of transaction ST03 is covered in BC315 (the Workload Analysis and Tuning class).
We recommend you take this class.
13. The programs and transactions are
now sorted in average response
time order.
13
197

R/3
A few standard functional transactions will exceed the one-second guideline. They include,
but are not limited to the following:
Type
Transaction
Create Sales Order
VA01
Change Sales Order
VA02
Display Sales Order
VA03
Create Billing Document
VF01
Create Delivery
VL01
Maintain Master HR data
PA30
%XIIHUV67
:KDW
The buffer tune summary transaction displays the R/3 buffer performance statistics. It is
used to tune buffer parameters of R/3 and, to a lesser degree, the R/3 database and
operating system.
:K\
The buffer is important because significant buffer swapping reduces performance. Look
under Swaps for red entries. Regularly check these entries to establish trends and get a feel
for buffer behavior.
198
Release 4.6A/B

R/3
*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration Monitor Performance
Setup/Buffers ST02-Buffers).
2a
2b
2. The two important things to review on the above screen are:

a. Hit Ratio
The target value is 95 percent and higher. Soon after starting the system, this value is
typically low, because buffers are empty. The hit ratio will increase as the system is
used and the buffers are loaded. It usually takes a day to load the buffers that are
normally used.
b. Swaps
The target value is less than 1,000. Swaps occur when the necessary data is not in the
buffer. The system has to retrieve the data from the database. The swap value is reset
to zero (0) when the system is restarted.
199

R/3
Analysis of transaction ST02 is covered in BC315 (the Workload Analysis and Tuning
class). We recommend you take this class.
0HPRU\'HIUDJPHQWDWLRQ
:KDW
A computers memory behaves similar to a hard disk. As different programs execute, they
are loaded into, and later deleted out of, memory. Over time, like a hard disk, the usage of
the computers memory becomes fragmented with unused spaces scattered throughout.
:K\
At a certain point you may have sufficient free memory (that is, the total of all the unused
spaces), but not a contiguous (single) piece of memory large enough to allow certain
programs to execute. At that point, those types of programs attempting to run that need
contiguous memory will fail because they cannot be loaded into memory.
+RZ
To defragment the systems memory:

1. Stop R/3.
This step requires stopping R/3 on all application and database servers. (For more
information, see Start/Stop R/3 in chapter 10.)
2. Restart R/3.
You only need to restart R/3, you do not need to cycle the server.
When R/3 is restarted, the buffers are refreshed. This process means that the first person
who accesses the buffered object will have a long response because the system must get the
data from disk and load it into the buffer. The second person will have a normal (quick)
response time. This process repeats until all normally used objects are loaded into the
buffer, which usually takes up to a day to accomplish.
1910
Release 4.6A/B

Database
'DWDEDVH
See chapter 13 (Database Administration Microsoft SQL Server) for the database-related
performance tuning transactions:
< Activity - ST04
<
Tables/Indexes - DB02
2SHUDWLQJ6\VWHP
2SHUDWLQJ6\VWHP0RQLWRU26
:KDW
The operating system monitor allows you to view relevant operating system and hardware
details.
The operating system-related detail, such as:
<
Memory paging
<
Operating system log
In addition, the following hardware details are available:

<
<
CPU utilization
Free space on disks
:K\
Certain operating system items will impact R/3 performance.
1911

Operating System
+RZ
*XLGHG7RXU
1. In the Command field, enter transaction OS07 and choose Enter

(or from the SAP standard menu, choose Tools Administration Monitor Performance
Operating System Remote OS07-Activity).
2. Select the appropriate server.
3. Choose
.
3
2
This screen is a snapshot of the CPU,

Memory, Swap, and Disk response data.
4. To analyze, choose Detail analysis
menu.
4
1912
Release 4.6A/B

Operating System
5. Choose an item under Previous hours

(for example, Memory or OS Log).
This screen shows CPU utilization

over time.
1913

Operating System
This window shows the memory

paging and free memory over time.
This is the Operating System Log.
1914
Release 4.6A/B

Hardware
+DUGZDUH
&38DQG'LVN
Also see Operating System Operating System Monitor (OS07) to get data on:
<
CPU utilization
<
Free space on disks
0HPRU\
The hardware item that has the largest effect on R/3 performance is memory. The R/3
System uses memory extensively. By keeping data in buffer, physical access to the drives is
reduced. Thus, in general, the more memory you have, the faster R/3 will run.
Physical access to the drives is the slowest activity.
1915

Hardware
1916
Release 4.6A/B
&RQWHQWV
Overview ................................................................................................................202
Logging on to SAPNet ..........................................................................................203
Online Services .....................................................................................................204
Solving a Problem with SAPNet ..........................................................................205
Registering a Developer or Object ....................................................................2015
Online Correction Support.................................................................................2024
201
Chapter 20: SAPNetWeb Frontend

Overview
2YHUYLHZ
SAPNetWeb Frontend (SAPNetweb) is the internet access to SAP resources and SAPNet
R/3 (formerly OSS) functions such as:
< Registering developers and objects
<
Searching for SAP notes
<
Downloading support packages
Most of the OSS functions will be migrated to SAPNet. The entering and retrieving of
customer messages on SAPNet has just become available and is currently in pilot.
However, not all OSS functions will be migrated to SAPNet. The opening and use of the
SAP service connections for Earlywatch and SAP hotline access to customer systems will
remain in OSS or SAPNetR/3.
We recommend that you use SAPNetWeb as your primary SAPNet access method. For
most companies with an existing (flat fee) internet access line, the cost of the internet
access is already paid for. The SAP service connection required for SAPNet-R/3, if using
ISDN, is additional per minute cost.
+RZ
The prerequisites to use SAPNetWeb are:

<
An internet connection
<
A browser
SAPNet works better with Microsoft Internet Explorer.
<
202
A valid SAPNet/OSS user ID and password
Release 4.6A/B

Logging on to SAPNet
/RJJLQJRQWR6$31HW
*XLGHG7RXU
1. In your web browser, enter www.sapnet.sap.com.

2. In User Name, enter your OSS/SAPNet user ID.
3. In Password, enter your OSS/SAPNet password.
2
3
This main screen (SAPNet for Customers and

Partners) is the starting screen for the following
tasks.
203

Online Services
2QOLQH6HUYLFHV
*XLGHG7RXU
1. In the left frame, scroll down to Services.

2. Choose Online Services.
The Online Services main screen appears.

Most of the SAPNet functions used by systems
administrators are grouped in this screen.
204
Release 4.6A/B

Solving a Problem with SAPNet
6ROYLQJD3UREOHPZLWK6$31HW
If you have a particular problem or question, you should search:
<
<
The online documentation

SAP notes.
This large database contains problem notes.
6HDUFKLQJIRU6$31RWHV
*XLGHG7RXU
SAP Notes were formerly known as OSS Notes.

1. On the Online Services screen, choose SAP Notes.
2. SAP Notes are divided into several topics. For

example, you can retrieve a list of notes on the:
< Installation and upgrade processes
< Managing Y2K issues
< Latest or hot news about R/3
205

3. The search can be done in one of many different

ways:
a. You can use a text search with the following
options:
<
AND the note must contain all of the

words in the search text field
<
OR the note must contain at least one

of the words in the search text field
<
PHRASE the note must contain the

words in the exact order specified in the
field.
3a
3b
b. You can also specify the specific:

< Note Number
< R/3 Release
< Application Area
< Database
You cannot simultaneously specify a Note
Number and Search Text.
4. On the SAP Notes Search screen, in each of the
following fields, enter the following text:
a. In Search Text, enter spool system
b. In Search Mode, select all given words (AND)
c. In Release, enter 46A
d. In Database, enter a database name
5. Choose Submit.
4a
4b
4c
4d
5
206
Release 4.6A/B

6. The results from the criteria are displayed. Each

page contains 20 hits and the total number of
hits is limited to 500.
7. Choose the first note.
6
7
8. Review the note.

9. Close this window and return to the SAP Notes
list.
7R6HDUFKIRU1RWHV5HODWHGWR,QVWDOODWLRQ
1. On the left frame, click the node (+) next to

Installation folder.
The folder contents appear in the main frame.
2. Choose a note.
2
1
207

3. The note gives additional

information on the 4.5B R/3
installation in the NT/Oracle
environment.
4. Return to the Online Services main
menu.
&XVWRPHU0HVVDJHV
1RWH As this guidebook is going to print, the Customer Message function has just been
released to SAPNet-Web. Since this function is in pilot mode, it may change from the
process described here. At present, you can only create and view messages via SAPNetWeb, modifying messages is only possible via SAPNet-R/3.
If you have searched both the online documentation and SAP notes and not found the
answer to your question or problem, then you should submit a SAPNet message for
assistance.
1RWH The SAPNet customer message function is not meant to replace consulting.
Messages entered into SAPNet are for reporting and getting resolution on SAP problems
or bugs. If a message is interpreted as a request for consulting information, it will be
returned to you, and you will be advised to seek consulting assistance.
208
Release 4.6A/B

(QWHULQJ&XVWRPHU0HVVDJHV
Include as much information as possible in your message, so the SAPNet Hotline
consultants can help you. Indicate where in the online documentation you have searched
and which SAP notes you have reviewed.
3ULRULW\WDEOH
Assign your message a priority from the following table below:
Priority
Situation
Very High
<
In your production system, only for system or application

shutdown
<
In your nonproductive system, during a critical project phase
These messages are reviewed by an Online Service System/SAPNet

consultant within 30 minutes of arrival. If the problem does not fall
within the defined description for a very high priority problem,
the priority is immediately reduced.
Do not assign a message this priority if you cannot be available to
receive a call back from SAP. If SAP attempts to call you and you
cannot be reached, your message may be downgraded.
High
When important applications or subprograms fail in function, or for

a system shutdown in a nonproductive system.
Medium
For errors with less serious consequences than the above two cases,
where the operation of the productive system is not seriously
affected.
Low
For minor errors, such as documentation errors, typographical

mistakes, etc.
Use care when assigning a priority to your message. If the problem does not meet the Very
High criteria, assigning the message this priority will not guarantee you a quicker response
time.
209

The following list contains hints that can improve total problem resolution time:
&RPSRQHQW
<
If you know the specific component, assign it.

If you do not know it, do not assign to a detailed component level (for example, assign it
to level 3, BC-CCM-PRN rather than a level 4, BC-CCM-PRN-DVM). The Online Service
System Hotline consultant can assign a specific component. If you assign the message to
a wrong component, and it is forwarded to the incorrect person, time is lost. It will take
that much more time to resolve your problem.
<
Be aware that the cause of the problem may be in an area other than the module you are
working on.
3UREOHP'HVFULSWLRQ
<
Be clear and descriptive.

The better the information you provide, the better the results. Information that is clear to
you may not be clear to the hotline consultant.
<
Provide enough data so that SAPNet Hotline personnel will not have to ask additional
questions before beginning work on your problem.
<
Examples of complete data includes:

If there is an error message, enter it exactly as it appears.
Provide the transaction or menu path describing where the error or problem
occurred.
Indicate if the problem can be duplicated on your test system.
Describe the circumstances that created the problem.
Describe anything unique about the data entered in the transaction where the
problem occurred.
List which problem-related SAP notes that have been reviewed and which notes
have been applied.
List which actions and research you have already performed.
The following examples are messages in which the SAPNet hotline requires more
information before beginning on the problem:
FB01 does not work.
The system is slow.
Keep your system technical information in SAPNet current and correct. This information
is used by hotline personnel when they work on your problem.
2010
Release 4.6A/B

+RZ
*XLGHG7RXU
(QWHULQJ&XVWRPHU0HVVDJHV
1. On the Online Services screen, choose

Customer Messages.
2. Note that the Customer messages

function is in pilot.
The final process many change from
the steps in this guidebook.
3. Choose Message Wizard.
3
3
2011

4. Under Reporter, check that the values

in the fields are correct.
If it is not, you must use SAPNetR/3 to correct your user
information.
5. In System type, select the type of your
system:
< Development
< Production
< Test
6. In Installation, choose the installation
that your message is for.
7. In Release, choose the R/3 release of
your system from display options.
5
6
8. In Add-on, choose the add-on that

you are running.
7
8
9
9. In Add-on release, choose the release

of the add-on.
10
10. Choose continue.
11. In Oper system (operating system),

click the down arrow and choose
your operating system.
12. In Database, click the down arrow
and choose your database.
13. In Frontend, click the down arrow
and choose your frontend.
11
12
13
2012
14
Release 4.6A/B

15. Under Classification, in Priority click

the down arrow and choose the
appropriate priority for your
message.
Use the table on page 209 to
determine the proper priority level.
16. In Components, entering the fields in
order (from 1 to 3), click the down
arrow and choose the component for
the message.
15
16
17
18. In Language, click the down arrow

and choose the language for the
message.
19. In Short text, enter a short (one line)
problem description.
20. In Long text, enter a complete
description of the problem.
21. Choose Send to SAP.
18
19
20
21
9LHZLQJ&XVWRPHU0HVVDJHV
The response to your message is often in the form of an electronic message, rather than a
telephone call. It is, therefore, important to monitor the status of your messages.
2013

9LHZLQJ&XVWRPHU0HVVDJHV
1. On the SAPNet screen, on the menu
bar, choose Inbox.
2. Choose Sent SAPNet Items.
3. Messages will be in the following

three categories:
< Messages to be sent to SAP
< Messages in process at SAP
< Messages solution proposed by
SAP
2014
Release 4.6A/B

Registering a Developer or Object
5HJLVWHULQJD'HYHORSHURU2EMHFW
:KDW
To modify an SAP object, both the developer and the object that will be modified need to be
registered with SAP. A developer, once registered for the installation, does not have to
register again. Similarly, an SAP object once registered for the installation, does not have to
be registered again. It is for this reason that on the registration screen either or both the
developer or object access key would be required.
:K\
<
Only an SAP-registered developer can make changes to SAP objects.

Restricting access to registered developers provides a record of who has made changes
to the system.
<
Registering an SAP object provides a record of which SAP objects have been modified
by the customer.
The assumption is that if you requested an object access key, you will be modifying the
object.
+RZ
See the following sections for registering a developer and an SAP object.
5HJLVWHULQJD'HYHORSHU
To modify an SAP object, the developer needs to be registered with SAP. Once registered for
the installation, the developer does not have to register again.
:K\
Only an SAP-registered developer can make changes to SAP objects. Restricting access to
registered developers provides a record of who has made changes to the system.
+RZ
In the following procedure:

1. The developer requests a developer key
2. The system administrator obtains the key
3. The developer enters the key
2015

*XLGHG7RXU
'HYHORSHU5HTXHVWV'HYHORSHU.H\
1. This screen is seen by the
developer when a developer key is
required.
a. If the developer Access key is
blank, you need to obtain a
developer access key.
b. Give the developer User name
(2) to the system administrator
to get a developer access key.
b
a
7KH6\VWHP$GPLQLVWUDWRU*HWVWKH$FFHVV.H\
1. On the Online Services screen, choose SSCR.
2016
Release 4.6A/B

2. On the SSCR screen, you can register and get

keys for:
<
<
Developers
SAP objects that will be changed
3. Choose Start SSCR now.
1. If your site has several R/3 installations, select
the one for which you wish to perform
registrations.
2. Choose Register Developer.
2
1
3. In Developer, enter the developers user ID.

4. Choose Register.
2017

5. The registration information for the developer is

displayed.
If the registration date is not todays date and
the registration name is not the name of the user
who just submitted the request to register a
developer, the developer has been previously
registered.
6. Record the Registration key.
The generated key enables the user to create or
change customer objects and change SAP
objects. The registration is done only once for
each developer.
(QWHUWKH'HYHORSHU.H\
In the development system:
1. In the developer Access key field,
the developer enters the key
received from the system
administrator.
2018
Release 4.6A/B

'HOHWLQJD'HYHORSHU
On the same screen that was used to
register a developer:
1. In Developer, enter the user ID of the
developer to delete.
2. Select Delete.
3. Choose Register.
4. To check if the deletion is
successful, choose Overview, which
displays a list of developers.
2
3
5HJLVWHULQJDQ2EMHFW
:K\
Registering an SAP object provides a record of which SAP objects have been modified by
the customer. The assumption is that if you requested an object access key, you will be
modifying the object. If the customer modifies an object and problems arise, resolving the
problem may be the customers responsibility. If an object is not modified and problems
arise, resolving the problem is SAPs responsibility.
+RZ

2019

*XLGHG7RXU
'HYHORSHU5HTXHVWV2EMHFW.H\
developer when an object key is
required:
a. If the object Access key is blank,
you need to obtain an object
access key.
b. Give the three object fields to
the system administrator (for
example, R3TR, PROG,
RSPARAM).
All three fields are required to
obtain the object key.
b
c
a
c. If you are in a mixed release

environment, also give the
system administrator the SAP
Release for the system.
1. On the Online Services screen, choose SSCR.
2020
Release 4.6A/B

2. On the SSCR screen, you can register and get

keys for:
<
<
Developers
SAP objects that will be changed
3. Choose Start SSCR now.
5HJLVWHULQJDQ2EMHFW
1. If your site has several R/3 installations, select

the one for which you wish to perform
registrations.
2. Choose Register Object.
2
1
2021

3. TADIR is the table that contains R/3 repository

objects.
Information must be entered in the following
fields:
< Program ID
< Object
< Object name
In this example, we wish to change a program
(PROG) named RSPO0041. The entry is R3TR /
PROG / RSPO0041.
4. Select Advance correction to apply an SAP note,
and this note is an advance correction.
4
3
5. Choose Register.
6. Registration information for the object is

displayed.
If the registration date is not todays date and
the registration name is not the name of the user
who logged onto SAPNet, the object has been
previously registered in this installation.
7. Record the Registration key.
Return to the Online Services main screen.
2022
Release 4.6A/B

(QWHUWKH2EMHFW.H\
1. In Access key, the developer would enter the
object key received from the system
administrator.
10
'HOHWHDQ2EMHFW
From the Register Object Screen:
1. In TADIR Object, enter the Program
ID/Object/Object name of the object to
be deleted.
2. Select Delete.
3. Choose Register.
4. To check whether the deletion is
successful, choose Overview, which
displays a list of developers.
2
3
2023

Online Correction Support
2QOLQH&RUUHFWLRQ6XSSRUW
The SAP Online Correction Support provides information and tools to retrieve support packages such as
hot packages, legal change packages, SPAM updates, etc.
*XLGHG7RXU
1. On the Online Services screen, choose Online

Correction Support.
2. In the left frame, choose Download.
2024
Release 4.6A/B

*HWWLQJWKH/DWHVW63$0YHUVLRQ
Make sure that you have the latest version of the
SAP Patch Manager or SPAM on your R/3 System
before you apply any support packages:
1. To get the latest SPAM version, on the
download screen, choose SPAM Updates.
2. Choose SPAM Updates.
3. Choose the SPAM update for your release.

Use the date (for example, 17-Sept-1999) to
determine if the SPAM update is a newer
version than what you have.
The transport number for an R/3 release
(example SAPKD00029) does not change.
2025

4. Choose Download.
5. Select Save this file to disk.

6. Choose OK.
7. Specify the directory where you want the

update to be saved.
8. Choose Save.
The downloading process begins.
9. Choose OK.
2026
Release 4.6A/B

'RZQORDGLQJ6XSSRUW3DFNDJHV
1. On the download screen, from the left frame,
select R/3 Support Packages.
2. Select the appropriate release (for example,

select HP 4.6A on the left frame).
3. Select the appropriate support package.

The file size column tells you how large the
patch file is.
Make sure that your system has enough file

space to:
<
Download the patch
<
Upload the patch into usr/sap/trans/EPS/in
<
Create the transport file in usr/sap/trans/da
2027

4. From this screen, you have the following

options:
<
<
Download the support package

View the related SAP notes that apply to the
support package
<
View the objects that are affected by the

support package
6SHFLILF6XSSRUW3DFNDJH5HODWHG1RWHV
To look at the notes related to the specific Support
Package:
1. On the Option screen, choose R/3 Notes.
2028
Release 4.6A/B

The listed notes appear.

2. To display a note, click on it.
3
2
3. You can print the note or save it as any other

browser page.
2029

'RZQORDGLQJ6XSSRU3DFNDJHV
To download the Support Package:
1. On the option screen, choose Download.
2. Select Save this file to disk.

3. Choose OK.
4. Specify the directory.

5. Choose Save.
4
2030
Release 4.6A/B

The downloading process has begun.
6. After the download has completed, choose OK.
After downloading the support packages (whether SPAM update or support package), complete the
following steps:
1. Unpack the patch archive file (see Unpacking a CAR file in chapter 22).
2. Transfer the resulting *.ATT and *.PAT files to the /usr/sap/trans/EPS/in subdirectory.
Useful SAP Notes
Description
83458
OCS Info: Downloading patches from SAPNet
97621
OCS Info: Online Correction Support (OCS)
169142
Online Correction Support (OCS)
36579
Questions and answers on the topic: SSCR
152170
Migration of support functions to SAPNet-Web frontend
169329
New functions in the SAPNet as of 09/05-06/99
86161
Registering developers and objects
69224
Access to the SAPNet server via OSS User ID
2031

2032
Release 4.6A/B
&RQWHQWV
Overview ................................................................................................................212
Useful SAP Notes..................................................................................................213
Connecting to SAPNetR/3 ..................................................................................213
Researching a Problem with SAPNet-R/3...........................................................216
Registering a Developer or Object ....................................................................2122
Opening a Service Connection..........................................................................2130
211
Chapter 21: SAPNetR/3 Frontend

Overview
2YHUYLHZ
SAPNetR/3 Frontend [SAPNet-R/3 (formerly OSS)] is a group of services offered by SAP
that is used to:
< Search for solutions to problems
<
Enter problem messages
<
Register developers and objects before changing SAP objects
<
Open a service connection

This connection allows SAP personnel to log on to your system(s) when solving a
problem or performing an EarlyWatch session.
<
Retrieve patches from SAP
Periodically, the SAPNetR/3 user interface changes as the frontend is upgraded. Therefore,
screens may not appear as shown in this book or be the same over time.
In this chapter, you will learn how to:
<
Connect to SAPNetR/3
<
Research problems about SAPNetR/3
<
Open a service connection
<
Register a developer and an object
If you have an ISDN connection, the telephone bill can become high. ISDN is normally
billed by the minute of connect time. Manage the time that you are connected to
SAPNet-R/3, or you could get a large phone bill for your SAP service connection.
Check with your networking person or company about how your SAP service connection
is configured. Some will hold the ISDN connection open even if there is no traffic, which
could result in an even larger phone bill.
3UHUHTXLVLWHV
<
<
212
The SAP Service connection must be set up and working

SAProuter must be installed and configured
OSS1 technical settings must be configured
You must have a valid SAPNet/OSS user ID and password for your company
Release 4.6A/B

Useful SAP Notes
8VHIXO6$31RWHV
SAPNet R/3 Note #
Description
32789
OSS Quick reference sheet
33221
Easy to Use guide for transaction OSS1 SAPSERV4
&RQQHFWLQJWR6$31HW5
*XLGHG7RXU
1. In the Command field, enter transaction OSS1 and choose Enter.

2. Choose Logon to the SAP Online
Service System.
Once you pass this screen, the SAP

service connection is open, and the
ISDN billing meter is running.
3. Select 1_PUBLIC.
4. Choose Continue.
213

Connecting to SAPNetR/3
5. In User, enter your OSS/SAPNet

user ID.
6. In Password, enter your password.
7. In Language, enter your language
preference (for example, DE for
German). The default language is
English.
8. Choose
.
5
6
This screen shows System News.

We recommend that you
periodically review these
headlines to see if any apply to
your systems configuration.
9. Choose Continue.
214
Release 4.6A/B

Connecting to SAPNetR/3
10. The Inbox is the main SAPNetR/3

screen.
In the rest of this chapter, this
screen is repeatedly referenced as
the first screen of each process.
215

Researching a Problem with SAPNet-R/3
5HVHDUFKLQJD3UREOHPZLWK6$31HW5
SAPNet-R/3 contains a large database of problem notes. If you have a particular problem or
question, you should first search the online documentation, then search these notes. You can
also access SAP notes through SAPNet-Web.
)LQGLQJ1RWHVLQWKH6$31HW5
*XLGHG7RXU
1. On the main SAPNetR/3 screen,

choose Gen. functions.
216
Release 4.6A/B

2. Choose Notes.
3. Choose Find.
4. Enter the search parameter(s) (for

example, sapserv4).
Additional search parameters
include:
a. Keywords with and/or logic
b. Release number
c. Component
d. Note number
e. Priority
f. Category
5. Choose
4
4a
4a
4a
.
4b
4c
4d
By using a combination of parameters,

you can search for:
4e
High priority notes

<
<
Microsoft SQL Server

R/3 Release 4.0B and higher
4f
217

If the search is too broad, a warning message appears.
6. If the warning window appears,

you have two options:
<
Option 1: To view all

matching entries, choose Yes.
<
Option 2: To return to the

previous screen and refine the
search parameters or to
narrow the results, choose No.
In this example, we chose Yes

to list all 532 entries.
7. Select a note (for example, SAP
note 0016663).
8. Choose
218
Release 4.6A/B

From this screen, you can read the

note online or download it to your
local PC. Once the note is
downloaded to your PC, print it
using a text editor or word
processor.
9. To download the note to your PC,

System List Save Local file.
You can also download a note to

your PC by entering %pc in the
Command field.
10. Select unconverted.

11. Choose
10
11
12. In File name, enter

<drive\path\filename>.
A suggested filename is the note
number and a short text
description.
13. Choose Transfer.
12
13
14. Once the file is downloaded to your local computer, you can view and print the file using a text editor
or a word processor.
219

(QWHULQJ&XVWRPHU0HVVDJHV3UREOHPVLQWR6$31HW5

If you have searched both the online documentation and SAP notes and not found the
answer to your question or problem, then submit a SAPNet message.
The SAPNet message function does not replace consulting. Messages entered into SAPNet
are for reporting and getting resolution on SAP problems or bugs. If a message is
interpreted as a request for consulting information, it will be returned to you, and you will
be advised to seek consulting assistance.
Include as much information as possible in your message, so the SAPNet Hotline
consultants will be able to best help you. Indicate where in the online documentation you
have searched and the individual SAP notes you have reviewed. Assign your message a
priority from the following table below:
Priority
Situation
Very High
<
In your production system, only for system or application

shutdown
<
In your nonproductive system, during a critical project phase
These messages are reviewed by an Online Service System/SAPNet

consultant within 30 minutes of arrival. If the problem does not fall
within the defined description for a very high priority problem,
the priority is immediately reduced.
Do not assign a message this priority if you cannot be available to
receive a call back from SAP. If SAP attempts to call you and you
cannot be reached, your message may be downgraded.
High
This priority is for situations when important applications or

subprograms fail in function, or for a system shutdown in a
nonproductive system.
Medium
This priority is for errors with less serious consequences than the
above two cases, where the operation of the productive system is
not seriously affected.
Low
This priority is for minor errors, such as documentation errors,

typographical mistakes, etc.
Use care when assigning a priority to your message. If the problem does not meet the Very
High criteria, assigning the message this priority will not guarantee you a quicker response
time.
2110
Release 4.6A/B

The following list contains hints that can improve total problem resolution time:
&RPSRQHQW
<
If you know the specific component, assign it.

If you do not know it, do not assign to a detailed component level (for example, assign it
to level 3, BC-CCM-PRN rather than a level 4 BC-CCM-PRN-DVM). The SAPNet Hotline
consultant can assign a specific component. If you assign the message to a wrong
component, and it is forwarded to the incorrect person, time is lost. It will take that
much more time to resolve your problem.
<
Be aware that the cause of the problem may be in an area other than the module you are
working on.
3UREOHPGHVFULSWLRQ
<
Be clear and descriptive.

The better the information you provide, the better the results. Information that is clear to
you may not be clear to the hotline consultant.
<
Provide enough data so that SAPNet Hotline personnel will not have to ask additional
questions before beginning work on your problem:
<
Examples of complete data includes:

If there is an error message, enter it exactly as it appears.
Provide the transaction or menu path describing where the error or problem
occurred.
Indicate if the problem can be duplicated on your test system.
Describe the circumstances that created the problem.
Describe anything unique about the data entered in the transaction where the
problem occurred.
List which problem-related SAP notes that have been reviewed and which notes
have been applied.
List which actions and research you have already performed.
The following examples are messages in which the SAPNet hotline requires more
information before beginning on the problem:
FB01 does not work.
The system is slow.
Keep your system technical information in SAPNet current and correct. This information
is used by hotline personnel when they work on your problem.
2111

*XLGHG7RXU

choose Messages.
2. Choose Create.
3. Select your system <SID> (for

example, SAS).
Depending on your installation,
this screen may not appear.
4. Choose
2112
Release 4.6A/B

From the message entry screen:

15
5. Verify phone and fax numbers.

6. Verify the R/3 release (required).
7. Verify the system type (required).
8. Enter the Component area where
the error occurred (required).
You can also choose
selection.
to make a
9. Select the priority (see the table on

page 2110 for a list of priorities.) 5
10. Enter a short description of the
problem (required).
11. Provide, where possible, the
following information:
< Kernel patch level
<
Kernel release
<
Transaction code or menu path
<
<
Program name
Error message
8
10
11-14
12. Describe the sequence of your

actions as precisely as possible.
13. Describe any modification(s) you
made to the standard system.
14. Provide the following remote
access information:
<
System ID
<
Client number
<
User ID
<
Type of connection
15. Choose Save.
To control access to your system and mange how long the service connection is open, request
that you be contacted to:
< Get the password
< Open the SAP service connection
2113

16. Choose Yes.
16
17. The Status changes to Sent to SAP.

18. A message number appears on the
message line. Record the message
number, because in the future, you
may need to reference it.
17
18
2114
Release 4.6A/B

*HWWLQJ6WDWXVRQ<RXU0HVVDJH
The response to your message is often in the form of an electronic message rather than a
telephone call. It is, therefore, important to monitor the status of your messages.
*XLGHG7RXU

choose Messages to view the status of
your message.
In this section, you can choose one of
the following options:
a. New at SAP is where the message
has been sent to SAPNet but not
picked up yet by a SAPNet
consultant.
b. In process by SAP is where an
SAPNet consultant is working on
your message.
c. Inquiry from SAP is where the
SAPNet consultant has a question
for you. To resolve the problem, you
need to respond in a timely manner.
1a
1b
1c
1d
2
d. Solution proposed by SAP is where the

SAPNet consultant has proposed
what they feel is a solution to your
message.
2. For this example, we have a message in
Solution proposed by SAP, so choose this
option.
3. Double-click on your message.
2115

From this screen, there are four tasks that

should be completed in the following order:
4. Action log View the current status and
stages through which the message has
passed.
5. Long text View the full text message,

the original message, and all subsequent
messages that have been sent and
received.
6. Reopen Reopen the message, if you are
not satisfied with the proposed solution.
7. Confirm Close the message if you are
satisfied with the response.
5HYLHZWKH$FWLRQ/RJ
1. Choose Action Log.
2116
Release 4.6A/B

2. Review the action log.

3. Choose Close.
'LVSOD\/RQJ7H[W
1. Choose Long text.
2117

2. Review the message.

3. Choose Back.
5HRSHQ
1. Choose Reopen.
2. To provide a reason why the problem is

being reopened, choose
reason.
3. Choose Reopen.
2118
and select a
2
3
Release 4.6A/B

4. Choose Additional info to reply to the

message.
5. Enter your reply to the SAP message.

6. Choose Back.
6
2119

7. Choose Send to SAP.
8. A message appears in the status bar

indicating the message has been
changed.
9. Choose Back.
2120
Release 4.6A/B

&RQILUP
1. Choose Confirm.
2. Choose Yes.
2121

5HJLVWHULQJD'HYHORSHURU2EMHFW
:KDW
To modify an SAP object, both the developer and the object that is to modified needs to be
registered with SAP. A developer, once registered for the installation, does not have to
register again. Similarly, an SAP object once registered for the installation, does not have to
be registered again. It is for this reason that on the registration screen either or both the
developer or object access key would be required.
:K\
modifying the object.
+RZ
See the following sections for registering a developer and registering an SAP object.
To modify an SAP object, the developer needs to be registered with SAP. A developer, once
registered for the installation, does not have to register again.
:K\
+RZ

2122
Release 4.6A/B

*XLGHG7RXU
'HYHORSHU5HTXHVWV'HYHORSHU.H\
developer when a developer key is
required.
a. If the developer Access key is
blank, you need to obtain a
developer access key.
b
a
b. Give the developer User name

(2) to the system administrator
to get a developer access key.
1. From the main SAPNetR/3
screen, choose Registration.
2123

2. Choose Register developer.
3. Select the installation (for

example, 820014122-R/3 SAP Tech
InstallationNT/Intel/MSSQLSRV.)
This screen may not appear in
your system.
4. Choose
.
3
5. In User, enter the user ID of the

developer.
6. Choose Register.
2124
Release 4.6A/B

7. Record the key number for the

developer.
Write down the key, or use the
copy and paste, function and
give the key to the developer.
(QWHUWKH'HYHORSHU.H\
1. In the User name Access key field,
the developer enters the key
received from the system
administrator.
The easiest way to enter the developer key is to use copy and paste. This function can
be done either:
<
From screen to screen
<
Into an intermediate file using a text editor, such as Notepad (NT) or vi (UNIX)
2125

5HJLVWHULQJDQ2EMHFW
:K\
modifying the object. If the customer modifies an object and problems arise, resolving the
problem may be the customers responsibility. If an object is not modified and problems
arise, resolving the problem is SAPs responsibility.
+RZ

'HYHORSHU5HTXHVWV2EMHFW.H\
*XLGHG7RXU

developer when an object key is
required:
a. If the object Access key is blank,
you need to obtain an object
access key.
b. Give the three object fields to
the system administrator (for
example, R3TR, PROG,
RSPARAM).
All three fields are required to
obtain the object key.
b
c
a
c. If you are in a mixed release

environment, also give the system
administrator the SAP Release for
the system.
2126
Release 4.6A/B

choose Registration.
2. Choose Register Objects.
2127

3. Select the installation (for

example, 820014122-R/3 SAP Tech
InstallationNT/Intel/MSSQLSRV).
This screen may not appear in
your system.
4. Choose
.
3
5. Select SAP patch only if the change

that is being made is an SAPprovided advanced correction,
such as via an SAP note.
5
6
7
6. Enter information in the following

fields:
<
<
<
PGMID (Program ID)

Object
Name of the object (for
example, R3TR PROG)
RSP00041).
These three values are provided to

you by the developer. (For more
information, see the Enter user and
SAP object key screen on page 21
22.)
7. Enter the SAP release (for example,
46A).
8. Choose Register and deliver the
key to the developer.
2128
Release 4.6A/B

9. Record the key number for the

object.
Write down the key or use copy
and paste and give the key to the
developer.
(QWHUWKH2EMHFW.H\
The developer completes this step:
1. In Access key, the developer enters
the object key received from the
system administrator.
The easiest way to enter the developer key is to use the copy and paste function. Copy
and paste can be done either from screen to screen or into an intermediate file using a
text editor, such as Notepad (NT) or vi (UNIX).
2129

Opening a Service Connection
2SHQLQJD6HUYLFH&RQQHFWLRQ
:KDW
A service connection allows SAPNet/OSS Hotline and EarlyWatch personnel to remotely

access your system.
1RWH For security reasons:

The customer opens this connection.
SAP cannot access the customers system until the customer opens the connection.
The service connection functionality is not available via SAPNet-web.
:K\
<
SAPNet Hotline personnel use the connection to remotely examine and diagnose your
system while investigating your question or problem.
<
EarlyWatch consultants use the connection to remotely review performance and system
configuration.
1RWHYou can only specify the length of time for a connection to remain open, not the
start time.
To schedule the time when a service connection will open, you must apply SAP note
170102. This note is valid back to Release 3.1G.
To manage your telephone expense:
1. Request that SAPNet consultants call to request that the connection be opened at a
specific time for a specified duration.
2. Open the connection at the time they request.
2UGHURI$FFHVVWR6\VWHPV
<
Try to first duplicate the problem in your development or test server, and have SAP
access that server first.
<
As a last resort, and only if the problem cannot be duplicated on the development or test
server, grant access to the production server.
:K\
Problem solving may require making an entry into the system to observe the problem.
Testing is not an activity that should be done in the production system. Entering test data,
even if reversed, could affect operational statistics. If the problem is basis related, an
accident could result in a disaster. The Service Connection function has changed in
September 1999.
2130
Release 4.6A/B

Review the following SAP notes for further information:
SAP Note
Description
31515
Service connections
169296
Integrating service connections into maintain system data
169329
New functions in the SAPNet as of 09/05-06/99
170102
Automatic opening of a service connection
171569
Maintaining service connection in system data maintenance2
*XLGHG7RXU
To open a service connection:

choose Service.
2131

2. Under Service, choose Service

connection.
3. Under Service Connection, choose
Service connection.
2
3
4. Scroll down to find your system.

Depending on your installation,
this screen will be different.
2132
Release 4.6A/B

5. Select the <SID> of the system to

open the connection to
(for example, SAS).
6. Choose
.
6
7. Under Service selection, select R/3

Support.
8. Choose
.
8
2133

9. To select the user contact,

choose
.
9
10. Under Connections, select the

appropriate type of connection. (It
is usually R/3 Support).
11. Choose
.
11
10
12. Enter the duration of the

connection (in Days and Hours).
13. Choose Save.
12
13
2134
Release 4.6A/B

To schedule the time when a service connection will open, you must apply SAP note 170102.
This note is valid back to Release 3.1G.
14. The connection status is shown.
14
2135

2136
Release 4.6A/B
&RQWHQWV
Overview ................................................................................................................222
Retrieving Files from SAP, SAPSERV4 ..............................................................222
EarlyWatch Session............................................................................................2214
221
Chapter 22: Remote Services

Overview
2YHUYLHZ
In this chapter, readers will learn about SAPSERV4 and EarlyWatch. The information in this
chapter should help the user understand how to:
< Retrieve files from SAP and SAPSERV4
<
Connect to SAPSERV4
<
Download files
<
Arrange for an EarlyWatch session
5HWULHYLQJ)LOHVIURP6$36$36(59
:KDW
SAPSERV is a series of servers that contain patches and other downloadable files for
customers. In this guidebook, we specifically discuss the U.S. server, SAPSERV4. The
difference between the various SAPSERV servers is the name, the IP address, and the
location (see table below). At present, we are not aware of any plans to move this
functionality to SAPNetWeb.
Location
Host
IP Address
Long Hostname
Walldorf
sapserv3
147.204.2.5
sapserv3.wdf.sap-ag.de
Foster City
sapserv4
204.79.199.2
sapserv4.sfo.sap-ag.de
Tokyo
sapserv5
194.39.138.2
sapserv5.tyo.sap-ag.de
Sydney
sapserv6
194.39.139.16
sapserv6.syd.sap-ag.de
Singapore
sapserv7
194.39.134.35
sapserv7.sin.sap-ag.de
:K\
The following types of files are retrieved from SAPSERV4:
222
<
Updates to the R/3 System kernel.
<
Various patches, such as:

R/3 System
Database
SAP GUI
<
Miscellaneous downloadable files.
Release 4.6A/B

Retrieving Files from SAP, SAPSERV4
:KHUH
If you cannot connect to SAPSERV4, you may not be on the machine where SAProuter is
installed.
The SAProuters at SAP are configured to only recognize their counterpart SAProuter on the
customers side. Therefore, you must connect from the computer where the SAProuter is
installed and running.
17
You must either:

<
<
Be physically on the NT server where the SAProuter is installed.

Use a remote control program to take over the server where the SAProuter is installed.
81,;
You must either:

<
Be physically on the UNIX server where the SAProuter is installed
<
Telnet to the server where the SAProuter is installed.
+RZ
You can connect to, navigate within, and download files from SAPSERV4 using:
<
Command prompt
<
Windows FTP GUI client
<
Internet browser
For ease of use and navigation, use an FTP GUI client to access SAPSERV.
&RQQHFWLQJWR6$36(598VLQJD*8,17
Using an FTP GUI client is much easier than using the command prompt.
In this guidebook, we use only one of the many available FTP clients. Other FTP clients are
listed in the resources section of appendix A. SAP does not endorse any particular product.
Also, it is your responsibility to perform compatibility testing to determine if the software
you select functions on your system without conflict (for example, without crashing the
system).
223

3UHUHTXLVLWHV
Before attempting a connection to SAPSERV4 using a GUI, make certain that:

<
The SAP service connection to SAPSERV4 has been established, tested, and is functional.
<
An FTP client is installed on the computer where the SAProuter is located.
<
The FTP client has been configured with the following parameters:
IP address of SAPSERV4, 204.79.199.2
Login user ID, FTP
User password <your e-mail address>
Directory to download files to on the client PC (optional)
$Q([DPSOHRIDQ)73&OLHQW
*XLGHG7RXU
The following example of an FTP client is courtesy of Van Dyke Technologies.

1. Start the FTP client program.
2. Connect to SAPSERV4.
224
Release 4.6A/B

3. Navigate down the tree structure

to the directory that contains the
file(s) you need.
4. In some directories, there are

informational files ( .message and
*.info) that you should download
and read.
5. Select the file(s) you want to

download.
*.CAR (program) files must be
downloaded in binary format.
225

&RQQHFWLQJWR6$36(598VLQJWKH&RPPDQG3URPSW
1DYLJDWLQJLQ6$36(59
SAPSERV4 is a UNIX server.
<
<
UNIX differences to remember for NT users:

UNIX is a case-sensitive operating system, NT is not. When navigating in SAPSERV4
or downloading a file, enter the directory or filename exactly as it is displayed (for
example, Rel40B is not the same as rel40b).
UNIX commands differ from NT commands (for example, dir [NT] = ls [UNIX] ).
Important UNIX commands:
ls
List (similar to the dir command in NT and DOS)
cd
Change directory (similar to the cd command in NT and DOS)
get
Get or download a file
bin
Switch to binary mode, to download programs
bye
Log off
&RQQHFWLQJDWWKH&RPPDQG3URPSW
*XLGHG7RXU
Both UNIX and NT use a command prompt window, and the commands entered are the same. The NT
command prompt window is shown in the following example.
The directory you are currently in is the directory into which file will be downloaded. To
download the file to a different directory, change to that directory after you open the
command prompt window and before you enter the FTP command.
1. Open a Command Prompt window.

2. As an option, you can change to
your download directory.
3. Enter ftp 204.79.199.2

If your network personnel put
sapserv4 into the hosts file or DNS,
you can enter ftp sapverv4
after the prompt.
In this example, the file(s) will
download to the root directory of
the C drive.
226
Release 4.6A/B

4. Enter ftp at the User prompt.

5. Enter your e-mail address at the
Password: prompt.
4
5
6. From this screen, use the cd

command to navigate through the
directory structure.
A portion of the SAPSERV4
directory structure is provided at
the end of this chapter to help you
navigate within SAPSERV.
In NT, to increase the screen buffer size and prevent the text from scrolling off the screen:
1. On the NT desktop, choose My Computer Control Panel Console Layout tab.
2. Under screen buffer size, increase the height to 100.
227

7. The navigation commands are cd

and ls.
This is the directory for Release

4.0b HPUX Oracle
8. There are informational files
(.message and *.info) that we
recommend you download and
read.
9. Remember the file you want to

download, because you will enter
the filename later.
The files indicated are only for
example.
228
Release 4.6A/B

'RZQORDGLQJ)LOHV
< Download patches, kernels, transports, and other files in binary format.
< Many of the files are in *.CAR archives.
Use the CAR program to unpack these files (see Unpacking a CAR file on page 2213).
*XLGHG7RXU
For text files ( .message and *.info), skip

to step 2.
1. For binary files, such as patches,
kernels, and transports (with the
.CAR extension), to switch to
binary mode, enter bin at the ftp
prompt.
2. Enter get <filename> to
download the file (for example,
get sapdba_60.CAR).
1
2
4
Filenames are case sensitive.

3. Press Enter.
4. Wait for the download to finish
and the ftp prompt to appear.
This screen shows an example of
an information file, in this case
dw.info (a text file that contains the
patch level of the kernel).
229

Scroll down to view a listing (by patch

level) of what is fixed in the kernel
patch.
3DUWLDO2UJDQL]DWLRQRI6$36(59
Not all directories on SAPSERV4 are listed or expanded. For those that are similar (release, database,
operating system), only one is expanded in detail. Over time, the directory structure may change or be
reorganized. See below for the SAPSERV4 structure.
2210
Release 4.6A/B

general ----------------------------------------------------------for all corrections that generally apply to customers

3rdparty --------------------------------------------database and hardware specific
adabas
compaq
datageneral
db2
informix
mssql
oracle
sni (Seimens)
frontend
patches ----------------------------------patches to the SAPGUI
rel31H
rel31I
rel40A
rel40B
windows
win16
win32
rel45A
sapgui -----------------------------------released SAPGUI
apple
nt
30f
30f_r2
31G
31H
40A
pre_release
os2
win
saplpd (spool)
barcode
NT
WIN
LPRINT
alphaosf
hp
NT
rm600
rs6000
sun
WIN
NT
rel30F
rel31G
rel31H
rel40A
rel40B
rel45A
rel45B
WIN
R3server
A
abap
note.*-------------------------corrections specific to a note number
binaries
2211

R3server
abap
note.*
corrections specific to a note number
binaries
NT
support
i386
UNIX
languages
Note.*-------------------------specific note numbers
patches -----------------------------------R/3 patches, where most of the downloads will be
COMMON ------------------Kernel, release-independent programs
NT
i386 ---this dir has car.exe, sappad.exe, tar.exe
OS400
UNIX
NT
ALPHA
I386 ---------------this dir has car.exe, sappad.exe, tar.exe
MSSQL
rel31H
rel31I
rel40A
rel40B -----------------------Kernel release, OS, hardware, db specific programs
NT
I386
MSS --------------MS SQLserver
ORA --------------Oracle
OS400
UNIX
AIX
DEC
HPUX
ORA
HPUX_SHM
RELIANT
SOLARIS
rel45A
2212
Release 4.6A/B

8QSDFNLQJD&$5)LOH
:KDW
A CAR file is a packaged file similar to a zip file. Like a zip file, a CAR file may contain
more than one file. SAP delivers transports, patches, and other programs and files in CAR
files. To use the contents of these files, you must unpack them using car.exe.
3UHUHTXLVLWHV
1. Get car.exe from SAPSERV4 (for the latest version) or from the directory
NT:
\usr\sap\<sid>\sys\exe\run\
UNIX:
/usr/sap/<sid>/SYS/exe/run
If your version of the CAR program is older than six months, replace it with the latest
version.
2. Create an unpacking directory where you unpack files (for example, d:\sap\unpack).
3. Copy the file car.exe into this directory.
8QSDFNLQJD)LOH
*XLGHG7RXU
To reduce confusion:
<
Begin the unpacking session with only the car.exe program in the unpacking
directory.
<
Handle only one CAR file at a time.

Complete everything for that file before proceeding to the next file.
1. Copy the file to be unpacked into the unpacking directory (for example, sapdba_64.car).
2. Open a command prompt window.
3. Change to the unpacking directory.
2213

EarlyWatch Session
4. Execute the unpack command,

car xvf <file-name>
(for example,
car xvf sapdba_64.CAR).
The file will be unpacked into the
unpacking directory.
5. Move the unpacked files to where
you need them.
6. Clean the unpacking directory by

deleting all files, except the car.exe
file.
6SHFLDO6$31HW1RWHV
Note #
Function
29372
Unpacking CAR archives
63786
FAQ Frequently Asked Questions: sapservX
63845
Corrections on SAPSERV4 searching for files
96885
Downloading a front-end patch from SAPSERVx
(DUO\:DWFK6HVVLRQ
:KDW
The underlying concept of EarlyWatch is to prevent problems before they occur or escalate.
EarlyWatch diagnoses a systems potential problems and resource bottlenecks so they can
be resolved in advance.
During an EarlyWatch session, performance experts log on to your system (into client 066)
to monitor its performance, review its performance-related configuration settings, and
recommend changes to your system.
Analysis is done in five areas:
<
R/3 configuration
<
R/3 application
<
Server
<
Workload
<
Database
EarlyWatch applies only to the production system, not the development system. The goal is
for satisfactory online performance, not background performance. A system, other than the
2214
Release 4.6A/B

EarlyWatch Session
production, is difficult to tune to a moderate degree and is almost impossible to tune

optimally. This difficulty is because the activity in a development or test environment is not
regular or consistent; development activity can vary greatly from week to week.
:K\
EarlyWatchs primary function is to improve the online performance of the production

system.
:KHQ
<
<
A couple of months after going live

After implementing significant changes to your system, such as:
New modules
Expansion of existing modules
Addition of significant numbers of users to the system
These and similar items change the workload to the system. This change could render
the existing EarlyWatch parameters inapplicable. As your system or company
conditions change, we recommend that you request a new EarlyWatch session.
You do not have to do an EarlyWatch session if your system or company conditions have
remained the same.
<
After experiencing significant degradation of online performance

This condition should be a steady condition and not an intermittent spike.
1RWH The target response is less than 1 second, which excludes the network delay
from the users PC to the R/3 System. This delay is outside the scope and control of SAP.
+RZ
1. The customer contacts SAP to arrange for an EarlyWatch session at:

SAP America, Inc. EarlyWatch
600 East Las Colinas Blvd, Ste. 2000
Irving, TX 75039
Tel.: (800) 677-7271 or (972) 868-2094
FAX: (972) 868-2108
2. There are prerequisites to an EarlyWatch session and you will be advised of them.
These prerequisites may require technical assistance to apply.
3. The customer opens the SAP service connection to the production system for
EarlyWatch.
4. EarlyWatch connects to client 066 on the production system via SAP service connection
to gather data and record configuration. Client 066 is reserved exclusively for
EarlyWatch.
2215

EarlyWatch Session
5. Once the customers system is analyzed, a report is generated and sent to the customer.
Recommendations may be at any of three levels:
<
<
R/3 System
Database
<
Operating system
6. The customer reviews the report and recommendations.

If you have any questions about the report, discuss them with the EarlyWatch analyst.
If a recommended change seems drastic or does not make sense, discuss it with the
analyst before proceeding. Mistakes have been made.
Try to understand the recommendations made by EarlyWatch. As a system
administrator, the R/3 System is your responsibility.
7. After the review, apply the recommendations to your system.
8. Monitor your system for signs of problems.
2216
Release 4.6A/B
&RQWHQWV
Overview ................................................................................................................232
Changing System Profile Parameters (Transaction RZ10) ...............................232
Support Packages...............................................................................................2311
Kernel Upgrade ...................................................................................................2340
Client Copy ..........................................................................................................2342
Production Refresh Strategies ..........................................................................2356
231
Chapter 23: Special Maintenance

Overview
2YHUYLHZ
In this chapter, the reader will learn about special maintenance. This topic includes the
following:
< Kernel upgrade
<
Client copy
<
Production refresh strategies
&KDQJLQJ6\VWHP3URILOH3DUDPHWHUV7UDQVDFWLRQ5=
:KDW
The system profile parameters are what R/3 uses when it starts up. Parameters may define
how many of each work process to create, the minimum length of the user password, etc.
The system uses the following three parameters:
< Start
This parameter defines which R/3 services are started.
< Default
This parameter defines the profile for all instances in the system.
<
Instance
This parameter defines the profile for the specific instance, which allows individual
application servers to be configured differently for specific tasks and users.
:K\
Change a value only for a specific purpose and only with proper knowledge of what is
being changed and why it is being changed.
<
If a parameter is incorrectly changed, R/3 may not start.

Changing system profile parameters should only be done under the instruction of the
SAP Hotline, SAP EarlyWatch, or an experienced consultant.
<
Use RZ10 to maintain your profile parameters.
<
Do not modify the files at the operating system level.

This process could lead to inconsistency and confusion.
Before making changes to the system profiles, make certain that you have a recent, usable
copy of the system profile files. This backup is your last line of defense if a profile change is
made that results in R/3 not being able to start.
232
Release 4.6A/B

Changing System Profile Parameters (Transaction RZ10)
*XLGHG7RXU
1. In the Command field, enter transaction RZ10, and choose Enter

(or from the SAP standard menu, choose Tools CCMS Configuration RZ10 - Profile maintenance).
2. In the Profile field, choose
3. Select the instance or default

profile as appropriate (for
example, the instance profile, SAS
DVEBMGS00 PA100767).
4
4. Choose
.
3
The profiles used by the system work in the following order:

<
Start profile
<
<
Default profile (for all instances in the system)

Instance profile (specific to the instance you are on)
233

Use the instance profile to make the parameters of a specific application server different
than the other servers for specific reasons (for example, a batch application server).
Under Edit profiles, there are three selections:
<
Administration data
<
This selection is not a maintenance mode. It is used to change the name of the file where
the profile should be activated.
Basic maintenance (maintenance mode)
This mode allows you to set the buffers, work processes, and directories in the system
profiles. It also allows you to specify the SAP components to be started (for example,
message server, application server, SNA gateway, etc.) in start up profiles. This form of
maintenance protects most profile parameters from being changed by potentially
incorrect settings.
<
Extended maintenance (maintenance mode)

This mode allows you to access all system profile parameters or start up profile entries.
5. Note the Version number

of the instance profile.
Step 32 in this procedure
shows the version
number has changed.
6. Under Edit profile, select
Extended maintenance.
7. Choose
Change.
6
7
234
Release 4.6A/B

8. Click on the line above

which you want the entry
to be inserted (for
example, abap/buffersize).
9. Choose
Parameter..
The point where you insert the new profile parameter has no effect on the process.
But, to make it easier to read, you may want to group or order the parameters (for
example, group the logon parameters together).
Once you enter the profile parameter, it cannot be easily moved to another location.
Therefore, be careful where you choose to insert it.
10. Click in the Parameter name and
choose
10
235

11. The list that appears is long.

To find the profile parameter you want
13
to add, scroll down.
12. Select the parameter.
13. Choose
.
12
14. A default value appears in Unsubstituted

standard value.
15. Enter the new value in Parameter val.
(for example, enter 5 to increase the
minimum length to five).
17
16. In Comment, document your change by

entering a description of why the
change was made.
The system attaches your user ID and
date to your comment.
15
17. Choose Copy.

14
16
236
Release 4.6A/B

18. This screen shows that the system

inserted your user ID and the date and
time of the change into the Comment.
19
In this way, you can determine who

made a profile change, and when this
change was made.
19. Choose Back.
18
20. This screen shows the new parameter

login/min_password_lng with a value of 5
inserted above abap/buffersize.
21. Choose Copy.
21
20
237

22. The message at the bottom of the screen

indicates that the profile was changed.
23
23. Choose Back.
22
24. In Version, note the profiles version

number.
25
25. Choose Save.

24
26. Choose Yes.
26
238
Release 4.6A/B

27. Choose
27
28. Choose
28
Only if you have operation modes

configured, will this screen appear. If
this screen does not appear, skip to step
32.
29. Double-click on Yes.
29
239

30. Review the check log.

31. Choose
31
32. Note that the profiles version number

has changed.
32
Use transaction RZ11 to get the details of a specific profile parameter.
2310
Release 4.6A/B

Support Packages
6XSSRUW3DFNDJHV
:KDW
1RWH
< Hot Packages are now known as R/3 Support Packages
< Legal Change Patches (LCP) are known as R/3 HR Support Packages
A Support Package is a collection of corrections that address serious errors in the ABAP
repository. These corrections affect the Basis and functional areas. There are defined rules
about what kind of fixes should be (and are) included in a Support Package. Some rules are
technical while other rules are policy.
A Support Package is not a cumulative fix for application modules. You must still get and
apply the notes for the functional modules. However, since Support Packages contain
patches for the various functional areas, some of the notes may be applied in the Support
Package. The Support Package is not supposed to contain functional enhancements, but this
is not always the case.
:K\
The purpose of a Support Package is to fix problems before they become problems.
:KHQ
There is a conflict about when Hot Packages should be (and are) applied:
<
To prevent serious problems, SAPs position is that customers should apply all Support
Packages as they are released..
<
The position of many customers is that all system changes must be regression tested.
This stance, with the frequency of Support Package releases, results in the Support
Packages not being applied.
The reason is that the amount of testing required cannot be done continuously
This customer position is not unique to SAP and has been taken by many customers
since the early days of computing.
SAP development is working on ways to make Support Package application easier.

1RWH As of Release 4.5, Hot Packages have been separated from the HR Legal Change
Patch (HR LCP). This separation allows LCPs to be applied quickly, to be in legal
compliance, and not applying Support Packages before they are scheduled to be applied.
Before Release 4.5, the LCP contained the Hot Packages; applying a LCP also meant
applying the Hot Package.
2311

Support Packages
6WUDWHJ\
Obtain the notes related to the Support Package, and review what it fixes:
<
If there is nothing in the Support Package that applies to you, do not apply it.
<
If there is something in the Support Package that applies to you:

Determine if the entire Support Package (or just the note) must be installed.
If the Support Package is to be installed, treat the installation as a mini-upgrade.
+LJK/HYHO3URFHVVRI$SSO\LQJ6XSSRUW3DFNDJHV
Applying Support Packages
1. Determine what Support Packages have been applied to your system.
2. Get and review the notes for the Support Package(s).
3. Determine if the Support Package should be or needs to be applied.
Steps 4 through 9 assume that the Support Package is to be applied and are repeated
for all Support Packages that are to be applied at the current time.
4. Obtaining the Support Package
Depending on the size of the Support Package, it can be obtained three ways:
< Download it from the SAPNetR/3 (formerly OSS).
This option is size limited, so large Support Packages cannot be downloaded via
SAPNetR/3.
< Download it from SAPNetWeb.
< Upload it from the Support Package collection on CD.
The Support Package collection contains all Support Packages available at that
point in time.
Download from SAPNet R/3
(OSS)
Download from SAPNet Web
Support Package collection on CD
5. Request the Support

Package from the
SAPNetR/3.
5. Download the
Support Package.
5. Request the Hot Package

collection.
6. Download the Support

Package.
6. N/A
6. Upload the Hot Package.
7. Apply the Support Package.

8. Execute the regression test.
9. When successful, confirm the Support Package.
2312
Release 4.6A/B

Support Packages
'HWHUPLQLQJ:KDW6XSSRUW3DFNDJHV+DYH%HHQ$SSOLHG
*XLGHG7RXU
0HWKRG
1. From the menu bar, choose System Status.

2. On the right-hand side of this
screen, under SAP System data,
for additional
choose
component information.
3. Choose the Patches tab.

3
2313

Support Packages
4. In this example, the following

< SPAM update 17-Sept-99
< Support Package 01 for 4.6A
Patch status values are:
< N The patch has not yet been
applied.
< I Patch has been successfully
applied.
< ? Patch application has been
aborted.
The Support Package name is interpreted as follows:

< SAPKH<release><sequence_number>
< SAPKH46A01, interpreted as SAPKH / 46A / 01, is for Release 4.6A and is the first Support Package.
0HWKRG
1. In the Command field, enter transaction SPAM and choose Enter

(or from the SAP standard menu, choose Tools ABAP Workbench Utilities Maintenance
SPAM - Patches).
2. Select Applied patches.
3. Choose
Display.
2314
Release 4.6A/B

Support Packages
This screen shows:

4. Under Applied Patches:
a. SPAM Update version level.
b. Hot Packages / Support Packages
applied.
In this example, the following

SPAM update 17-Sept-99
Support Package 01 for 4.6A
*HWWLQJ,QIRUPDWLRQRQWKH6XSSRUW3DFNDJHIURP6$31HW5
*XLGHG7RXU
1. Choose Service.
2. Choose SAP Patch Service.
3. Choose R/3 support packages.
1
2
3
2315

Support Packages
4. Search the extended list for your

release.
5. Click the node (+) to the left of
your release to select it.
6. Choose
From this screen, you can view the:

a. SPAM update
This is the SAP Support Package
Manager (formerly Patch
Manager). Download and apply
the current version before
applying any Support Package.
10
b. Hot Packages
Extra Large indicates that the Hot
Package may not be
downloadable.
7. To display the notes for a specific
Support Package, select it, then
choose Notes for patch.
2316
a
b
Release 4.6A/B

Support Packages
8. To view all notes, click the node (-)

to the left of Application areas.
8
9. Choose Expand.
From this screen, you may view
one of the following:
< All notes
< A specific note
7R9LHZ$OO1RWHV
1. Right-click anywhere on the
screen.
2. Select Download list from the
popup menu (not shown).
2317

Support Packages
3. Select unconverted.
4. Choose
5. in the File name field , enter the

<drive\path\filename>
where you want to save the notes.
6. Choose Transfer.
This screen shows the saved note

list as read by a text editor or
word processor.
2318
Release 4.6A/B

Support Packages
To create a file of all notes (in case

there are too many notes to go
through individually on the screen):
7. Choose Select all.
8. Choose List selection.
9. Choose Download to download the

notes to a file.
2319

Support Packages
10. Choose No related copy.
10
11. Choose No.

Here you only want to review the
notes, not to register the object for
change. After reviewing the notes,
you may decide not to install the
Support Package.
11
1RWH The duration of the download depends on the number of notes addressed by the Support
Package. It could take 20 minutes (or more) to download the notes for a large Support Package.
12. Enter the path to your local PC
and create a name for the file.
12
13. Choose Transfer.

13
2320
Release 4.6A/B

Support Packages
7R9LHZD6SHFLILF1RWH
1. Double-click the node (+) to
expand an individual branch (for
example, BC).
2. Double-click the node (+) for BCCCM, BC-CCM-PRN and BC-CCMPRN-SPO.
3. Under BC-CCM-PRN-SPO, select

note 0168529.
4. Choose Choose.
This screen shows the SAP note.
2321

Support Packages
5HTXHVWLQJ63$0RUD6XSSRUW3DFNDJHIURP6$31HW5
*XLGHG7RXU
1. Choose Service.
2. Choose SAP Patch Service.
3. Choose R/3 support packages.
1
2
3
4. From the Support Packages screen,

select one of the following:
< SPAM update
< R/3 Support Package
5. Choose Request patch.
2322
Release 4.6A/B

Support Packages
6. Select the installation that the patch is

for.
7. Enter the <SID> for the system (for
example, SAS).
8. Choose Continue.
6

indicates that the patch request has
been generated.
10. The next step is to download the
patch (see the next section,
Downloading SPAM or a Support
Package).
2323

Support Packages
'RZQORDGLQJD6XSSRUW3DFNDJH+RW3DFNDJH6$31HW5

<
Always plan to first apply the Support Package on a test server to assure it will not
create a problem.
<
Back up the test server before applying the Support Package.
3UHUHTXLVLWH
The Support Package(es) must have been requested for the system/<sid> to which you are
downloading it.
*XLGHG7RXU
1. Log on to client 000, under any user that has the SAP* equivalent authorizations.
SPAM-Patches).
3. Choose
From this window you can specify

which Hot Packages to download.
4. Select the Hot Package (if not
already selected).
5. Choose
.
5
2324
Release 4.6A/B

Support Packages
This screen shows the EPS

Transmission (download) monitor:
a. Progress bar with the Size
[MB] of the Hot Package.
b. Elapsed Transmission time for

the download.
c. Remaining time to complete for

the download.
6. A message indicates that the
SPAM or Hot Package download
has finished.
7. Choose Back.
Make sure that the directory /usr/sap/trans/EPS/in has enough space to download the Hot
Package.
8SORDGLQJWKH6XSSRUW3DFNDJHIURPD&'RU6$31HW:HE
Large Support Packages (those too large to download from the SAPNetR/3) are available
via the following two methods:
<
Support Package Collection CD
<
SAPNetWeb
SAP periodically releases a Support Package Collection CD, which contains all the released
Support Packages up to a certain date.
2325

Support Packages
6XSSRUW3DFNDJH&ROOHFWLRQ&'
1. Load the CD containing the patches.
2. Log on to the operating system as:
<
NT:
<
UNIX: <sid>adm
<SID>adm
3. Change to the transport directory.

<
NT:
<
UNIX: /usr/sap/trans
<drive>:\usr\sap\trans
4. Unpack the patch archive.

<
NT:
<
UNIX: CAR xvf /<CD_DRIVE>/<PATH>/<ARCHIVE>.CAR
CAR xvf <CD_drive>:\<PATH>\<ARCHIVE>.CAR
6$31HW:HE
1. Log on to the operating system as:
<
NT:
<
UNIX: <sid>adm
<SID>adm
2. Copy the downloaded patch files (example kh46a02.car) into an unpack directory.
3. Unpack the patch file by entering:
car xvf <patch-file>
4. Copy the unpacked files from the EPS\in directory to the directory to upload patches:
2326
<
NT:
<
UNIX: /usr/sap/trans/eps/in
<drive>:\usr\sap\trans\eps\in
Release 4.6A/B

Support Packages
*XLGHG7RXU
The next step is to upload the patch from the operating system into R/3.
1. Log on to client 000, under any user that has SAP*-equivalent authorizations.
SPAM-Patches).
Patch Upload.
4. Choose
5. Check that the Support Packages

have successfully uploaded.
6. Choose Back.
2327

Support Packages
7. Select All patches.

8. Choose
Display.
7
6
9. The patch is under New patches.
2328
Release 4.6A/B

Support Packages
8SGDWLQJ63$0
3UHUHTXLVLWHV
<
The R/3 System should not be active, which means that no:
Users are logged on
Jobs are running
<
All application servers should be shut down.
<
The current SPAM update should have been downloaded from either SAPNet-R/3 or
from SAPNetWeb.
When using SAPNetWeb, the unpacked SPAM update files (.ATT and .PAT) should
have been moved to the /usr/sap/trans/EPS/in subdirectory.
<
If a SPAM update is available, apply it before any Support Packages. Some Support
Package changes require the new SPAM program to properly update the system.
*XLGHG7RXU
Log on to client 000, under any user that has SAP*-equivalent authorizations (not SAP*).
SPAM-Patches).
2. To upload the SPAM update file,
from the menu bar, choose Patch
2
Import SPAM update.
2329

Support Packages
3. Choose
4. Choose
After applying the SPAM update,

SPAM must restart to use the latest
version.
5. Choose
6. Restart transaction SPAM.

7. Note the version number change.
9. Choose
Disp.
8
9
2330
Release 4.6A/B

Support Packages
10. You will see the SPAM update

under Applied patches.
10
$SSO\LQJWKH6XSSRUW3DFNDJH
3UHUHTXLVLWHV
<
<
The R/3 System should not be active, so no:

Users are logged on
Jobs are running
All application servers should be shut down.
<
The current SPAM update should have been downloaded from SAPNet and applied.
<
The following programs should be updated to the latest version:

r3trans
tp
The Hot Package should have been downloaded from SAPNet or uploaded from the
CD.
<
2331

Support Packages
*XLGHG7RXU
1. Log on to client 000 under any user that has SAP*-equivalent authorizations (not SAP*).
SPAM-Patches).
$GGLQJWKH+RW3DFNDJHWRWKH3DWFK4XHXH

Patch Upload.
4. Select the component to import. In this

case, the Support Package is under
SAP_APPL.
5. Choose
.
4
6. Verify the patch to upload is selected.

7. Choose
.
6
2332
Release 4.6A/B

Support Packages
'HILQHWKH3DWFK4XHXH
1. Choose
Display/define to define a
patch queue.
2. Verify that the patch is selected.

3. Choose
.
2
2333

Support Packages
$SSO\LQJWKH+RW3DFNDJH
1. The name of the first support package

appears in Patch queue.
2. Choose
to apply the patch queue.

2
1
3. Choose
4. Choose
1RWH Depending on the size of the Hot Package, the patch application process could run for a long
time.
2334
Release 4.6A/B

Support Packages
&KHFNWKH3DWFK/RJ
1. Choose
2. Review the return codes.

Values greater than 4 indicate a
failure.
3. Choose Back.
2
At this point, regression testing

should be performed on the Hot
Package.
If several Hot Packages are going in as
a group, the option is to confirm them
after applying and then perform the
regression testing.
2335

Support Packages
&RQILUPWKH3DWFK
1. Choose
The next Hot Package cannot be

applied until the previous one is
confirmed.
2. Check the status bar to see if the patch

queue was confirmed.
2336
Release 4.6A/B

Support Packages
9HULI\WKH3DWFK$SSOLFDWLRQ

2. Choose
Display.
1
2
3. The support packages are found in the

Applied patches section.
2EMHFW&RQIOLFWV
:KDW
Object conflicts occur when SAP objects (such as programs, tables, etc.) that you modified
are included in a Support Package.
:K\
If an object has been modified by you and is being changed in the Support Package, you
could lose your modifications. This problem usually occurs with an advanced correction,
where a fix is incorporated in a future release of the R/3 System, and the advanced
correction is available before the future release.
2337

Support Packages
([DPSOH
If you are on Release 4.0B and experience a problem. Your problem has already been
fixed in a higher release (for example, Release 5.0).
You do not have to wait for the upgrade. The fix is available now for you to make as an
advanced correction to your system. Support Packages may not always include this
correction. Thus, after applying the package, you may have to reapply the correction.
+RZ
<
Determine if the change is (or is not) included in the Support Package by:
Reviewing the code comparison (transaction SPAU)
Checking if the advanced correction is from a future release
If so, it probably will not be included in the Support Package.
Checking if the change is your own modification
<
If the change is included in the Support Package, return to the SAP standard, which will
simplify future system maintenance.
<
If the change is not included in the Support Package:

1. Check to see what needs to be done to reapply the modification.
2. Apply the modification.
3. Test the modification.
This process is the same as that performed during an upgrade.
2338
Release 4.6A/B

Support Packages
5HJUHVVLRQ7HVWLQJ
Regression testing is necessary because many objects in many functional areas may be
affected by changes from a Hot Package. All functional areas must perform regression tests
to verify that a Hot Package does not create new problems as it fixes old ones. A Hot
Package is a mini-upgrade, especially if it is large (for example, Release 4.0B, Hot Package
10).
All existing processes should continue to function as they did before the Hot Package was
applied. A review of the notes related to a Hot Package indicates what specific tests need to
be performed by the technical and functional team. As during the implementation, the
functional teams should have a script of test procedures to test the system. This script could
also be used in the regression test.
8VHIXO6$31HW5)URQWHQG1RWHV
SAP Note #
Description
19466
Downloading a patch from SAPSERVx
33525
Important information about SAP patches < 3.1H
53902
Conflicts between Hot Packages/LCPs and Add-ons
62119
Obtaining extra large patches
73510
Problems during upgrade of patched source releases
82264
Important information about SAP patches >= 3.1H
83458
OCS Info: Downloading patches from SAPNet
84962
Info: SPAM update
85820
Patch is not displayed in patch queue
86241
HR Legal Change Patches for the HR component
87432
Contents of and applying LCPs
89089
Configuration of R/3 Systems for LCPs
97620
OCS Info: Overview of Important OCS Notes
97621
97623
Patch types
97630
Known problems with patches >= 3.1H
104664
Applying patches from CD
119738
Problems during upgrade with too new Hot Packages
173814
Known problems with patches Release 4.6
2339

Kernel Upgrade
.HUQHO8SJUDGH
:KDW
The kernel upgrade process is the replacing of operating system level files (the kernel files)
with updated versions of these files.
<
Special notes on the kernel version:

It is now independent of the R/3 release.
The kernel is backward compatible, which means that a user could be running a
Release 3.0F with a 3.1I kernel.
If you are on a release before 3.1I, review documentation to determine which kernel
version is applicable to your release.
You must remember the R/3 release and kernel version you are running. After the kernel
is upgraded, apply kernel patches for the upgraded version of the kernel. Do not apply
kernel patches for the old version of the kernel.
When getting which patches, remember that your R/3 release stays the same, regardless of
which version your kernel changes to. On rare occasions, a SAP note instructs you to apply
a fix based on the R/3 release of the system; not the kernel version.
All servers in a system must be on the same version of the kernel.
:K\
Kernel upgrades are normally done to fix bugs or other problems in the kernel. Some
kernel upgrades provide enhanced functionality.
+RZ
To upgrade the kernel:

1. Review all applicable documentation:
<
Kernel instructions
<
SAP notes
<
Upgrade manual
2. Always first perform the upgrade on a test server.

3. Obtain the new kernel from:
2340
<
SAPSERV4
<
This route is more current than getting the kernel via CD (see chapter 13, Retrieving
files from SAP, SAPSERV4).
Distribution CD (if provided)
Release 4.6A/B

Kernel Upgrade
<
The kernel files are:

dw1_nnn.CAR
dw2_nnn.CAR
In this filename, nnn is the patch level (for example, dw1_114.CAR.)
4. Unpack the kernel files (see chapter 13, Retrieving files from SAP, SAPSERV4 for the
unpacking procedure).
5. Back up the system at the database and operating system levels.
6. Stop the R/3 System.
7. Stop the SAP services that are using the kernel files (NT).
8. Backup the kernel directory
NT:
<drive>:\usr\sap\<sid>\sys\exe\run
UNIX:
/usr/sap/<sid>/sys/exe/run
Copy the current kernel files to a backup directory, to be prepared in the event that you
need to restore back to the old version if a problem occurs with the new version.
9. Copy the new kernel files into the kernel directory
This replaces the old programs with the new programs.
10. Perform any special instructions contained in:
<
Kernel instructions
<
<
Online Service System notes

Upgrade manual
11. Restart.
5HVWDUW2SWLRQ
1. Restart the SAP services that are using the kernel files (NT).
2. Start the R/3 System
3. Check the R/3 logs.
4. Monitor the system and system logs for problems.
5HVWDUW2SWLRQ
1. Restart the server.
2. Check all logs for:
<
Operating system
<
Database
3. Start the R/3 System

4. Check the R/3 logs
5. Monitor the system and system log for problems.
2341

Client Copy
&OLHQW&RS\
:KDW
The client copy function copies client-dependent customizing and data. Client copy allows
the copy or transport of the complete customizing environment from a source client to a
target client within the same system (instance) or to another system.
Tables are selected based on their delivery class.
Client copy is not meant to copy client-independent objects, such as ABAP programs and
table structures. If a table is changed to add an additional field, and the added field is then
populated with data, the table change is not copied to the target system. Thus, the data in
the additional field is not copied.
6SHFLDO1RWHV
Read the current online documentation on client copy. The client copy programs and
functionality improve and change significantly with each new release.
To access the online help documentation on client copy:
1. From the menu bar, choose SAP Library
2. In the left frame, click the node (+) next to SAP Library.
3. Click the node (+) next to Basis Components.
4. From the list that appears, choose Change and Transport System (BC-CTS)
5. Choose Client Copy and Transport.
6. In this screen, click the node (+) next to Client Copy and Transport.
7. Click the node (+) next to Client Copy and you will see the following list of files:
< Technical Background
< Copy profiles
< Authorizations
< Maintaining clients
< Copying clients within the Same System
< Copying Clients Between Systems
< Transporting Clients Between Systems
< Copying Transport Request within the Same System
< Deleting Clients
< Displaying Copy Logs
2342
Release 4.6A/B

Client Copy
<
<
Restarting Client Copy

Error Handling
You cannot separate master data from transaction data.
The developer of client copy maintains several informational SAP notes. Do a SAP note
search on component BC-CTS-CCO and search for notes beginning with CC*.
8VHIXO6$31RWHV
SAP Note #
Description
7312
Create client 066 for EarlyWatch
13391
Deleting/resetting a client (up to 3.0F)
24853
CC info: Client copy, functionality in 3.0, 4.0
47502
CC-TOPIC: Remote Client copy
69556
CC-TOPIC: Missing tables and data
70643
CC-TOPIC: Delete client
84504
CC-TOPIC: SM29 transfers data in spite of Cancel
3URFHVVLQJ1RWHV
During the copy process, do not work in the source client or the target client. The target
client is locked for all users except SAP* and DDIC.
Since large volumes of data are involved, copying a client could take several hours. If you
are copying a large productive client, the copy time could take upwards of a day. For client
copy of a large client, see SAP note 67205. Due to the long run time, the probability of an
abnormal termination due to external factors is high.
A client copy produces a large amount of log activity. If this directory runs out of space,
the database will stop. Turn off logging (i.e., truncate on checkpoint) or monitor the
filespace in the directory where the log file(s) is located.
2343

Client Copy
6HFXULW\
To perform a client copy, the user ID of the person doing the copy must have the same authorizations in
the source client and in the target client. A system administrator with the same authorizations as user SAP*
will have all the required authorizations.
&UHDWLQJD&OLHQW
*XLGHG7RXU

(or from the SAP standard menu, choose Tools Administration, then Administration Client admin
Client maintenance).
2. Choose
3. Choose
2344
Release 4.6A/B

Client Copy
4. Choose New entries.
5. In Client, enter the client number

(for example, 100) and name (for
example, test client for
docu).
13
5
6
Do not use clients: 000,001, or

066. These clients are reserved for
9
SAP.
7
8
6. In City, enter the city name (for

example, Palo Alto).
7. In Std. Currency, enter the
standard currency for the client
(for example, USD).
8. In Client role, choose
role for the client.
10
to select the
11

client-dependent objects, select the
appropriate option.
In this case we selected Automatic
recording of changes.
12

changes, choose and select the
appropriate option.
In this screen, we selected Changes
to Repository and client-ind.
2345

Client Copy
Customizing allowed.
the appropriate entry.
In this screen, we selected
Protection level 0: No restriction.
12. Under Restrictions, if CATTs are
allowed to be executed, select
Allows CATT processes to be started.
13. Choose Save.
14. The new client is listed.
In later steps, this new client may
be referred to as the target
client.
14
15. To log on to the new client, enter SAP* for the user and PASS for the password.
SAP* with the default password PASS is a known user ID password. Do not leave the
client in this condition for longer than absolutely needed. Once the client copy is
complete, verify that the passwords for all system user IDs in the new client are secure.
2346
Release 4.6A/B

Client Copy
&RS\LQJD&OLHQW
*XLGHG7RXU
&RS\LQJRQWKH6DPH6\VWHP6,'
To copy a client on the same system/<sid>, do a local client copy.
1. To log on to the target client, enter sap* for the user ID and pass for the password.
Be sure you are logged on to the correct target client. If you are on the wrong client, you
will destroy that client.
2. In the Command field, enter transaction SCCL and choose Enter
(or from the SAP standard menu, choose Tools Administration, then Administration Client admin
Client copy Local copy).
to
3. In Selected profile, choose
select a copy profile that matches
your requirements.
4. In Source client, enter the source
client number (for example, 001).
5. If your user masters will be copied
from a specific client, in the Source
client user masters field, enter this
client number (for example, 001).
6
3
4
5
6. Choose Schedule as background job.
You will be taken to the

background scheduling screen to
complete the task.
7. In Background server, choose
to
select the server on which to run
the client copy.
2347

Client Copy
8. Select the server to run the client

copy on.
9. Choose
8
9
10. Choose Schedule job.
10
11. Choose Continue.
11
2348
Release 4.6A/B

Client Copy
At this point, the scheduling

proceeds as in scheduling any
other background job.
12
12. To begin the copy immediately,

select Immediate.
13. Choose
Check.
14. Choose Save.
13
15. In Output device, enter the printer

name (for example, dcba).
16. Choose
14
15
16
2349

Client Copy
17. Choose
17
18. The displayed message indicates

the job was successfully
scheduled.
19. Choose
18
19
&RS\LQJWRD'LIIHUHQW6\VWHP6,'
To copy a client to a different system/<sid>, do a remote client copy.
3UHUHTXLVLWH
In the target system, the:

< Source system needs to be set up in transaction SM59.
< Client must have been created.
Copying from one system to another using remote client copy uses the RFC interface,
therefore, there is no intermediate storage on disk.
*XLGHG7RXU
1. Log in to the target system and client.

Be sure you are logged in to the correct target client. If you are on the wrong client, you
will destroy that client.
(or from the SAP standard menu, choose Tools Administration Administration Client admin
Client copy Remote copy).
2350
Release 4.6A/B

Client Copy
3. In Selected profile, choose

to
select a profile that matches your
requirements.
4. In Source destinat., use
for a list
of available RFC destinations, and
choose the source system.
3
4
5. Verify the source System name and

Source client.

select a background server.
to

7
8. Choose Continue.
2351

Client Copy
9. From this point, schedule the job

as you would any other
background job.
10. When you have finished

scheduling the client copy, this
message window will appear.
3RVW&OLHQW&RS\7DVNV
<
<
Secure the passwords for SAP* and DDIC in the new client.
If you copied the user master, the user IDs and passwords for those users have been
copied from the source client. When you create a new client, immediately change the
default passwords for user SAP*. The default password is well known and has been
posted on the Internet.
Always have at least two administrative user IDs for each client, so you do not lock
yourself out of the client.
SAP* and DDIC should only be used for tasks that require those user IDs be used. A
better solution is to create an administrative user ID, which is a copy of the user SAP*.
'HOHWLQJD&OLHQW
To delete a client, there are two options:
<
The Delete Client transaction, SCC5.
<
The R3TRANS program (see SAP note 13391).
We recommend that you use SCC5 to delete the client.
2352
Release 4.6A/B

Client Copy
Before deleting a client, in the event of a major problem (for example, deleting the wrong
client), make certain you have a usable backup of the system.
'HOHWH&OLHQW7UDQVDFWLRQ
*XLGHG7RXU
1. Log on to the client that will be deleted.

Be sure you are logged in to the client you want to delete. If you are on the wrong client,
you will destroy that client.
(or from the SAP standard menu, choose Tools Administration Administration Client admin
Special functions Delete client).
3. Verify the Client to be deleted (for
example, 500).
The Client to be deleted field is a
nonchangeable field and is the
client onto which you log. If the
client number is incorrect, you are
logged onto the wrong client.
5
3
4
4. Select Delete entry from T000.

5. Choose
Background.
to
select the server to run the delete
job.
2353

Client Copy
8. Select Continue.
From this point, the process is the
same as scheduling a background
job.
5HYLHZLQJWKH&OLHQW&RS\/RJ
1. Log on to another client.
2
2. In the Command field, enter

transaction SM37 and choose Enter.
3. In User name, enter the user ID that
the client copy job was run under
(for example, garyn).
4. Choose
2354
4
3
Execute.
Release 4.6A/B

Client Copy
5. Select the client copy entry.

6. Choose
Job log.
6
Review the log.
7. At the bottom of the log is the

message that the job has successfully
finished.
2355

Production Refresh Strategies
3URGXFWLRQ5HIUHVK6WUDWHJLHV
Because data in the target system is being replaced, refreshing a system is an inherently
dangerous.
:KDW
Production refresh is where the other systems are refreshed with data from the production
system.
After the copy, actual production data exists in the test system. This data poses data
security issues which must be addressed by the various data owners. It is more critical if
the HR system is installed, because personnel records are sensitive. Financial, sales, and
other data may also be company sensitive.
:K\
Refreshing a system from the production system helps:

<
<
Get production data into the test environment.

Sync the configuration in the test and development systems with the production system.
Over time, the configuration of the various systems could drift apart and not match the
production system.
<
Prepare for an upgrade.

You want the test system to mirror the production system, so that the upgrade in the test
system mirrors everything you will encounter into in the production system.
:K\1RW
In the recent past, the standard procedure was to create your own test data. One major
reason was that disk storage space was expensive. Here are some are reasons for not to
refresh the system:
2356
<
Data storage is expensive

Even with cheaper disks, the volume of data more than makes up any savings.
With several copies of the entire production database, the total of all the databases
could approach a hundred gigabytes for a small company to a terabyte (or more) for
a large company.
<
Data security
Data from the production system is real.
Even if it is old, it could be confidential and sensitive. The development and test
systems are, then, subject to the same high level of security as the production system.
Created test data is fake and everyone knows that.
There is much less issue with data confidentiality or sensitivity.
Release 4.6A/B

+RZ
There are two ways to refresh a system:

<
Database copy of the production system
<
Client copy of the production client
'DWDEDVH&RS\RI3URGXFWLRQ6\VWHP
A database copy is done by copying the entire production database.
%HQHILWV
<
The refreshed system will be a duplicate of the production system.

Client-independent changes will also be captured and copied to the target system.
<
The copy can be made using standard backup tapes, so there is no impact on the
production system.
Making a copy also tests your backup and restore process.
'LVDGYDQWDJHV
<
<
All revision history of the refreshed system is lost, which is usually:

Acceptable for the test/QA system
Not acceptable for the DEV system because version history is lost.
The target database needs to be as large as the PRD database.
<
After the copy, the target system must be reconfigured.
<
The target system loses its client structure and become a duplicate of the client structure
of the PRD system.
If the PRD system has one client and the QAS system has three clients, after the database
copy, the QAS system will have one client. The other two clients are lost.
&OLHQW&RS\RIWKH3URGXFWLRQ6\VWHPZLWK'DWD
A client copy is done by performing a client copy of the active client from the PRD system
(instead of copying the entire database, like a database copy).
$GYDQWDJHV
<
Unlike a database copy, the target system does not have to be reconfigured.
<
The target system does not lose its client configuration.
'LVDGYDQWDJHV
<
A client copy requires that the source and target systems are not in use during the copy.
Having both systems out of use may not be a practical action for many companies
because the amount of time required to do the copy could be significantly greater than
the amount of time that the production system can be down.
<
If there are any client-independent objects (programs, table structures, etc.) that have
been changed and are not the same in the two systems, these objects will not be copied
(refer to the sections on Client Copy below).
2357

&OLHQW&RS\RIWKH3URGXFWLRQ6\VWHP:LWKRXW'DWD
In this option, only a basic client copy is performed (including customizing), but no master
or transactional data, and possibly no user data.
All test data is loaded into the new client using the following tools:
<
Computer Assisted Test Tools (CATT)
<
Data Transfer Workbench
$GYDQWDJHV
In addition to the benefits of the client copy above:
<
You can control the data being loaded into the new client.
Data can be created to test specific items.
You are not subject to the randomness of real data to test specific items.
Real data may (or may not) have the appropriate data to test specific test items.
In this case, test data has to be created anyway.
'LVDGYDQWDJHV
These are the same as for a client copy with data above.
2358
Release 4.6A/B
$SSHQGL[$8VHIXO7UDQVDFWLRQV
&RQWHQWV
Useful Transactions............................................................................................... A2
A1
Appendix A: Useful Transactions

Useful Transactions
8VHIXO7UDQVDFWLRQV
System administrators may find the following transactions useful. Although many of the
transactions are not discussed in this guidebook, we are listing them for your convenience.
Many of these transactions are for more advanced functions than targeted in the scope of
this guidebook.
7UDQVDFWLRQ&RGH6ZLWFKHV
/n<trans code>
/nspad
Exit the current transaction and

start the new transaction
/o<trans code>
/ospad
Open a new session (window) and

start the new transaction
7UDQVDFWLRQ&RGH7DEOH
The following are definitions of two of the column headers.
< Dangerous
These transactions are potentially damaging or fatal to the system if executed
incorrectly.
As a general rule, most of the Basis transactions are potentially damaging. Access to
these transactions should be restricted in all systems. Access to some of these
transactions should be even further restricted in the production system.
<
Performance Impact
These transactions could have a potentially adverse impact to system performance if
executed. Traces and table display are the transactions of concern here.
The problem with a table display occurs when the query does a full table scan for data.
When done on a large table, this query has serious impact on performance because the
system searches every record in the table to find those that meet the search criteria.
A2
Release 4.6A/B

Useful Transactions
Transaction
Description
AL02
Database Alert Monitor

(not supported for MS SQL Svr 7.0)
AL03
Operating System Alert Monitor
AL05
Workload Alert Monitor
AL08
Current active users (in system)
AL11
Display operating system file from CCMS
AL12
Display table buffer (buffer synchronization)
BALE
ALE administration and monitoring
DB01
Exclusive waits in Oracle database
DB02
Database performance; tables and index
DB03
Parameter changes in database
DB05
Analysis of table with respect to indexed fields
DB12
Backup logs
DB13
DBA planning calendar
DB14
DBA logs
DB20
Generate table statistics
OSS1
Online Service System logon
RZ01
Graphical background job scheduling monitor
RZ02
Network graphical display of instance
RZ03
Server status, alerts, maintain operations mode
RZ04
Maintain operations mode and instance
RZ06
Maintain alert threshold
RZ08
CCMS Alert Monitor
RZ10
Maintain system profiles
RZ11
Display profile parameter attributes
RZ20
Alert Monitor 4.0
RZ21
Maintain settings for Alert Monitor 4.0
SA38
ABAP reporting
SCAM
CATT management
Dangerous
Performance
impact
A3

Useful Transactions
Transaction
Description
SCAT
Computer Aided Test Tool
SCC1
Client copy transport
SCC3
Client copy log
SCC4
Client copy administration
SCC5
Delete clients
SCC6
Client import
SCC7
Client import post processing
SCC8
Client export
SCC9
Remote client copy
SCCL
Local client copy
SCMP
Table comparison
SCU3
Table history
SE01
Transport organizer
SE03
Workbench organizer: tools
SE06
Set up workbench organizer
SE09
Workbench organizer
SE10
Customizing organizer
SE11
Data Dictionary maintenance
SE12
Data Dictionary display
SE14
Utilities for ABAP Dictionary tables
SE15
Repository Info System
SE16
Display table content
SE17
General table display
SE38
ABAP editor
SECR
Audit Information System
SEU
R/3 Repository Browser
SFT2
Maintain public holiday calendar
SFT3
Maintain factory calendar
SICK
Installation check
A4
Dangerous
Performance
impact
X
X
Release 4.6A/B

Useful Transactions
Transaction
Description
SM01
Lock transactions
SM02
System messages
SM04
Overview of users
SM12
Database locks
SM13
Update terminates
SM18
Security Audit: Delete Old Audit Logs
SM19
Security Audit: Administer Audit Profile (for

SM20)
SM20
System (Security) Audit Log
SM21
System log
SM30
Maintain tables (not all tables can use SM30)
SM31
Maintain tables
SM35
Batch input monitoring
SM36
Schedule background jobs
SM37
Overview of background jobs
SM39
Job analysis
SM49
External operating system commands, execute

(see related SM69)
SM50
Work process overview
SM51
Instance overview
SM56
Reset or check number range buffer
SM58
Error log for asynchronous RFC
SM59
RFC connection, maintain
SM63
Operations mode, maintain
SM64
Event trigger
SM65
Background processing analysis tool
SM66
Global work process overview
SM69
External operating system commands, maintain

(see related SM49)
SMLG
Maintain logon groups
Dangerous
Performance
impact
A5

Useful Transactions
Transaction
Description
SMX
Display own jobs
SNRO
Maintain number range objects
SP00
Spool
SP01
Spool control
SP02
Display output requests
SP11
TemSe (temporary sequential objects) contents
SP12
TemSe administration
SPAD
Spool administration (printer setup)
SPAM
SAP Patch Manager
SPAU
Intersection SAP transport/customer

modifications
SPCC
Spool; consistency check
SPDD
Intersection SAP transport/customer

modifications, DDIC
SPIC
Spool; installation check
ST01
SAP system trace
ST02
Buffer statistics
ST03
Workload analysis
ST04
Database performance analysis
ST05
SQL trace
ST06
Operating system monitor
ST07
Application monitor
ST08
Network monitor
ST09
Network Alert monitor
ST10
Table call statistics statistics on table accesses
ST11
Display developer trace
ST12
Application monitor
ST14
Application analysis statistics related to business

document volume
ST22
ABAP dump analysis
A6
Dangerous
Performance
impact
Release 4.6A/B

Useful Transactions
Transaction
Description
ST4A
Oracle: analyze the shared cursor cache
STAT
Local transaction statistics
STMS
Transport Management System
STUN
Performance monitoring menu
STZAC
Customizing Time Zones
SU01
User maintenance
SU01D
Display users
SU02
Maintain authorization profiles
SU03
Maintain authorizations
SU10
Mass change to user records
SU12
Delete ALL Users
SU2
Maintain user parameters
SU22
Authorization object check in transactions
SU3
Maintain own user parameters
SU53
Display authorization checked values
TU02
Parameter changes display active parameters

and history of changes
Dangerous
Performance
impact
A7

Useful Transactions
A8
Release 4.6A/B
$SSHQGL[%8VHIXO5HVRXUFHVDQG3URGXFWV
&RQWHQWV
Other System Administration Resources............................................................ B2
Other Helpful Products: Contributed by Users................................................. B13
B1
Appendix B: Useful Resources and Products

Other System Administration Resources
2WKHU6\VWHP$GPLQLVWUDWLRQ5HVRXUFHV
The references cited by no means represent an all inclusive listing of resources because SAP
training classes, guidebooks, white papers, and internet sites are constantly being created
and updated.
6$35HVRXUFHV
SAP books and CDs can be ordered from the SAP online store (http://shop.sap.com) or for
items with an SAP part number, from your SAP account executive. Books with ISBN
numbers can be ordered from Fatbrain (www.fatbrain.com/sap), Amazon (www.amazon.com)
or Barnes & Noble (www.bn.com).
B2
Release 4.6A/B

%RRNV
Title
SAP Part Number
Complementary Software Program

Directory
50-018-672
R/3 System Getting Started
50-018-896
SAP Dictionary R/2 System Release

5.0: EnglishGerman
5000-5296
SAP Wrterbuch System R/2 Release

5.0: DeutschEnglish
(SAP Dictionary R/2 System Release
5.0: GermanEnglish)
5000-5295
Authorizations Made Easy
ISBN Number
1-893570-21-5 (3.1G/H)
500-23994
1-893570-22-3 (4.0B)
1-893570-23-1 (4.5A/B)
1-893570-24-X (4.6A/B)
Data Transfer Made Easy (English)
500-32525
Data Transfer Made Easy (German)
1-893570-04-5 (4.0B/4.5x)
1-893570-05-3 (4.0B/4.5x)
Printout Design Made Easy (3.x)
500-22337
1-893570-12-6 (3.1H)
SAPscript Made Easy (4.x)
500-32527
1-893570-13-4 (4.0B)
ISBN:
1-893570-14-2 (4.6B)
Reporting Made Easy (4.0B) (3-vol set) 500-32445
1-893570-65-7 (4.0B)
Fundamentals of Reporting
1-893570-60-6
Report Development Tools
1-893570-61-4
Commonly Used Reports
1-893570-62-2
1-893570-41-X (3.1H)
500-32525
1-893570-42-8 (4.0B)
1-893570-43-6 (4.6A/B)
B3

&'V
< Accelerated SAP (ASAP)
While ASAP is an implementation project management methodology, production
system administration information is available on this CD.
< Knowledge Products
Knowledge products must be registered and a license installed (similar to saplicense),
before they can be used.
Technical Implementation and Operation Mgt
500-27903
SAP System Management
500-27391
SAP System Monitoring
500-25694
SAP Software Logistics
500-27393
SAP Database Administration MS SQL server
500-25696
SAP Database Administration Oracle
500-27392
SAP Database Administration Informix
500-25695
SAP Database Administration DB2-400
500-25697
SAP Database Administration Adabas
500-29389
SAP Integration Technologies
500-25698
R/3 Interface Advisor
500-21636
< SAP Terminology Database
500-30826
< SAP Business Information Warehouse
500-29281
< SAP Interface Advisor, Rel 4.5
500-26902
< Computer Based Training (CBT)
Archiving CBT
500-20297
< R/3 Online Documentation
< Report Navigator (pre-Release 4.0)
See SAP Simplification Groups web site, www.saplabs.com/simple
7UDLQLQJ&ODVVHV
In the U.S., call central registration at (888)-777-1SAP(1727) or visit SAP Americas training
web site, www.sap.com/usa/trainsupp for the most current class list.
/HYHO
SAP50 R/3 Basis Technology

/HYHO7HFKQLFDO&RUH&RPSHWHQFH
B4
<
BC310 Windows NT/Oracle
<
BC314 Windows NT/MS SQL Server
<
BC317 Windows NT/DB2
<
BC360 UNIX/Oracle
<
BC361 UNIX/Informix
Release 4.6A/B

<
BC370 AS/400-DB2/400
/HYHO
BC340 Going Live

/HYHO$GYDQFHG
<
BC305 Advanced R/3 System Management
<
BC325 Software Logistics
<
BC315 R/3 Workload Analysis
<
BC505 Database Administration - Oracle
<
BC511 Database Administration Informix
<
BC520 Database Administration MS SQL Server
<
BC525 Database Administration DB2/400
/HYHO&URVV$SSOLFDWLRQ
<
BC601 Build and Use SAP Business Workflow
<
BC615 Archiving Technology
<
BC630 SAP Business Communication
<
CA940 SAP R/3 Security Concepts
2WKHU
< R/3 Security Guide; see SAP note 39267
www.sapnet.sap.com/securityguide
:KLWHSDSHUV
< System Landscape
The R/3 System Landscape, System and Client Deployment Strategy can be
downloaded from www.saplabs.com/simple.
6$31HW6HOHFWHG,WHPVRI,QWHUHVW
Explore SAPNet at www.sapnet.sap.com, to see what is available. The amount of
information that is obtainable is extensive and is growing.
We selected a few items that we think would be of particular interest to you in the
abbreviated tree structure that follows. Please be aware that SAPNet will change over time
and the specific path to an item may change.
1HZV (YHQWV
<
Press Release
<
SAP INFO magazine
<
Events (SAPPHIRE, TechEd, etc.)
<
Media Library
SAP Knowledge Store
Media by Type
R/3 Online Documentation
B5

R/3 Documentation Info Center for Customers & Partners
6HUYLFHV
<
Consulting Services
Individual Consulting Services, such as remote consulting, going live check, going live
functional upgrade, EarlyWatch, remote upgrade, conversion services, OS/DB
migration service, remote Euro conversion service, and remote archiving
<
<
<
B6
Education Services
Advanced Training Solution
SAP Standard Training
R/3 Knowledge Products
Computer Based Training
SAP TechNet, including software logistics, system management, system monitoring,
technical SD/CO/PP, DB Admin Oracle/Informix/MS SQL Server, ABAP
Development Workbench, data archiving, etc.
SAP Team SAP Support Services
Release Information
Release strategy
Release notes
SAP Methodology & Tools
ASAP
Ready to Run R/3
Sizing
Interface Advisor
Outsourcing
Legacy System Migration Workbench
Online Services
Installation/Upgrades
License keys
Installation/Upgrade guides
Sizing
Customer data
User Administration
Modifications
SSCR (SAP Software Change Registration)
Object registration
Developer registration
SAP Online Correction Support
Download
SPAM
Release 4.6A/B

<
R/3 Support Packages
Customers & Partners

SAP Users Groups
Partners
7KLUG3DUW\5HVRXUFHV
The following list of books is not all inclusive. There are good books that are not listed here.
Also, no one book will provide you with all the information you need. You will typically
need several books in each category in your library.
A listing of these books does not constitute an endorsement by SAP. This listing is provided,
as a starting point, for your convenience. We recommend you check with your vendors
(hardware, operating system, database, and other) and the various book sources (both
online and in stores) and for additional titles.
%RRNV
5
%\6$3
Brand, Hartwig. 1999. SAP R/3 Implementation with ASAP, The Official SAP Guide. Sybex.
(Release 4.0) (ISBN: 0-7821-2427-5)
*This book is about technical/Basis implementation.*
Buck-Emden, Rdiger; and Jrgen Galimow. 1996. SAP R/3 System, A Client/Server
Technology. Addison-Wesley. (ISBN: 0-201-40350-1)
McFarland, Sue and Susanne Roehrs. 1999. SAP R/3 Software Logistics, The Official SAP Guide.
Sybex. (Release 4.0/4.5) (ISBN: 0-7821-2564-6)
Schneider, Thomas. 1999. SAP R/3 Performance Optimization: The Official SAP Guide. Sybex.
(Release 4.x) (ISBN: 0-7821-2563-8)
Will, Liane. 1998. SAP R/3 System Administration: The Official SAP Guide. Sybex. (Release 4.0)
(ISBN: 0-7821-2426-7)
7KLUG3DUW\$XWKRUV
Hernandez, Jose. 1999. SAP R/3 Administrators Handbook, Second Edition. Osborne.
(Release 4.x) (ISBN: 0-07-135413-1)
1997. The SAP R/3 Handbook. McGraw-Hill. (Release 3.x, Oracle, and UNIX)
(ISBN: 0-07-033121-9)
Hirao, Joey; and Jim Meade. 1999. SAP R/3 Administration for Dummies. IDG. (Release 3.x)
(ISBN: 0-7645-0375-8)
Parkinson, Robert; Johan Marneweek. 1999. Basis Administration for SAP. Prima.
(Oracle, and UNIX) (ISBN: 0-7615-1887-8)
Prince, Dennis. 1998. Supporting SAP R/3. Prima. (ISBN: 0-7615-1750-2)
B7

Will, Liane; Christiane Hienger, Frank Strassenburg, and Rocco Himmer. 1998. SAP R/3
Administration Addison-Wesley. (Release 3.x) (ISBN: 0-201-92469-2)
81,;
Arick, Martin. 1995. Unix for DOS Users. John Wiley & Sons. (ISBN: 0471049883)
Frisch, leen. 1998. Essential Systems Administration: Help for Unix System Administrators.
OReilly. (ISBN: 1-56592-127-5)
Nemeth, Evi., [et al.]. 1995. Unix System Administration Handbook. Prentice Hall.
(ISBN: 0-13-151051-7)
Pugh, Kenneth. 1994. Unix for the MS-DOS User. Prentice Hall. (ISBN: 0-13-146077-3)
Siegert, Andreas. 1996. The AIX Survival Guide. Addison-Wesley. (ISBN: 0-201-59388-2)
17
Enck, John (Editor). 1998. Windows NT Magazine, Administrators Survival Guide, Volume 1.
Duke Communications. (ISBN: 188241988X)
Frisch, leen. 1998. Essential Windows NT System Administration. OReilly.
(ISBN: 1-56592-274-3)
1998. Windows NT Desktop Reference. OReilly. (ISBN: 1-56592-437-1)

Ivens, Kathy. 1998. Windows NT Troubleshooting. Osborne. (ISBN: 1-07882471-0)
Jumes, James; Neil Cooper, etal (PW Coopers). 1999. Microsoft Windows NT4.0 Security,
Audit, and Control. Microsoft Press. (ISBN: 1-57231-818-X)
Lambert, Nevin; Manish Patel. 1999. Microsoft Windows NT Security. ZD Press.
(ISBN: 1-56276-457-8)
Leber, Jody; Jody Schivley, and Robert Denn (Editor). 1998. Windows NT Backup & Restore.
OReilly. (ISBN: 1-56592-272-7)
McMains, John; and Bob Chronister. 1998. Windows NT Backup & Recovery. Osborne
McGraw-Hill. (ISBN: 0-07-882363-3)
Jumes, James (Editor);Neil F. Cooper, and Todd M. Feinman. 1998. Microsoft Windows NT 4.0
Security, Audit, and Control (Microsoft Technical Reference). Microsoft Press.
(ISBN: 1-57231-818X)
Microsoft Corporation. 1996. Microsoft Windows NT Server Resource Kit: for Windows NT
Server Verison 4.0. Microsoft Press. (ISBN: 1-57231-3447)
1997. Microsoft Windows NT Server Resource Kit Verison 4.0, Supplement Two. Microsoft
Press. (ISBN: 1-57231-6268)
1994. Windows NT 3.5 Guidelines for Security, Audit, and Control. Microsoft Press.
(ISBN: 1-55615-814-9)
Minasi, Mark. 1997. Mastering Windows NT Server 4, 5th Edition. Sybex. (ISBN 0-7821-2163-2)
B8
Release 4.6A/B

Pearce, Eric; Robert Denn (Editor), and Beverly Scherf. 1997. Windows NT in a Nutshell: A
Desktop Quick Reference for Systems Administrators. OReilly. (ISBN: 1-56592-251-4)
Rutstein, Charles. 1997. Windows NT security: A Practical Guide to Securing Windows NT
Servers and Workstations , McGraw-Hill (ISBN: 0-07-057833-8)
Siyan, Karanjit. 1997. Windows NT Server 4: Professional Reference. New Riders Publishing.
(ISBN: 1-56205-805-3)
Sutton, Stephen. 1997. Windows NT Security Guide. Addison-Wesley. (ISBN: 0-201-41969-6)
26
IBM. 1994. An Implementation Guide for AS/400 Security and Auditing. IBM. (ISBN: 0-73840-573-6)
(part# : GG24-4200-00)
IBM. 1998. The System Administrators Companion to AS/400 Availability and Recovery. IBM.
(ISBN: 0-73840-038-6) (part# : SG24-2161-00)
0LFURVRIW64/6HUYHU
Baird, Sean; Chris Miller, and Michael Hotek. 1998. SQL Server System Administration.
Macmillan. (ISBN: 1-562059556)
Dalton, Patrick. 1997. SQL Black Book (v6.5). Coriolis Group Books. (ISBN: 1-57610-149-5)
Microsoft Corporation. 1998. Microsoft SQL Server 7.0 System Administration Training Kit.
Microsoft Press. (ISBN: 1572318279)
Prathak, Paritosh. 1998. Administering SQL Server 7. Osborne McGraw-Hill.
(ISBN: 0-07-134168-4)
Rankins, Ray., [et al.]. 1998. SQL server 6.5 unleashed (3rd edition). Sams. (ISBN: 0-672-31190-9)
Soukoup, Ron; Kalen Delaney. 1999. Inside Microsoft SQL Server 7.0. Microsoft Press.
(ISBN 0-735605173)
Spenik, Mark; and Orryn Sledge. 1998. Microsoft SQL Server 7 DBA Survival Guide. Sams.
(ISBN: 0-672-31226-3)
1996. Microsoft SQL Server 6.5 DBA Survival Guide. Sams. (ISBN: 0-672-30959-9)
Talmage, Ron. 1999. Microsoft SQL Server 7 Administrators Guide. Prima. (ISBN: 0-7615-1389-2)
,QIRUPL[
Doe, Charleton. 1997. Informix OnLine Dynamic Server Handbook, 1/e. Prentice Hall.
(ISBN: 0-13-605296-7)
Informix Software, Inc. 1996. Evolution of the High Performance Database, 1/e. Prentice Hall.
(ISBN: 0-13-594730-8)
1996. Informix Performance Tuning, 2/e. Prentice Hall. (ISBN: 0-13-239237-2)

Lumbley, Joe. 1999. Informix DBA Survival Guide, Second Edition. Prentice-Hall.
(ISBN: 0-13-079623-9)
McNally, John (Editor); Glenn Miller, Jim Prajesh, Jose Fortuny, and Robert Donat. 1997.
Informix Unleashed. Sams. (ISBN: 0-672-30650-6)
B9

'%
Bullock, Diane; Jonathan Cook; et al. 1999. DB2 Universal Database and SAP R/3, Version 4.
Prentice-Hall. (ISBN: 0-13-082426-7)
IBM. 1997. IBM DB2 for AIX and SAP R/3 Administration Guide. IBM. (ISBN: 0-73840-990-1)
(part# : SG24-4871-00)
2UDFOH
Adkoli, Anand, and Rama Velpuri. 1998. Oracle NT handbook. Osborne. (ISBN: 0-07-211917-9)
Ault, Michael. 1997. Oracle8 Administration & Management. Wiley & Sons. (ISBN 0471192341)
Corey, Michael., [et al.]. 1997. Oracle8 Tuning. Osborne McGraw-Hill. (ISBN: 0-07-882390-0)
Koch, Loney. 1997. Oracle8: The Complete Reference. Osborne McGraw-Hill.
(ISBN: 0-07-882396-X)
Loney, Kevin. 1997. Oracle8 DBA Handbook. Osborne McGraw-Hill. (ISBN: 0-07-882406-0)
Loney, Kevin; Noorali Sonawalla, and Eyal Aronoff. 1998. Oracle8 Advanced Tuning &
Administration. Osborne McGraw-Hill. (ISBN: 0-07-882534-2)
Spence, Greg. 1999. SAP R/3 and Oracle Backup and Recovery. Addison Wesley.
(ISBN: 0-201-59622-9)
Velpuri, Rama; and Anand Adkoli. 1998. Oracle8 Backup & Recovery Handbook. Osborne
McGraw-Hill. (ISBN: 0-07-882389-7)
1997. Oracle Troubleshooting. Osborne McGraw-Hill. (ISBN: 0-07-882388-9)
2WKHU7RSLFV
< Disaster Recovery
Corrigan, Patrick. 1994. LAN: Disaster Prevention and Recovery. Prentice Hall.
(ISBN: 0-13-015819-4)
<
Rothstein, Philip. 1995. Disaster Recovery Testing: Exercising Your Contingency Plan.
Rothstein Associates. (ISBN: 0-964164809)
Schreider, Tari. 1998. Encyclopedia of Disaster Recovery, Security & Risk Management.
Crucible. (ISBN: 0-966272900)
Toigo, Jon. 1995. Disaster Recovery Planning. John Wiley & Sons. (ISBN: 0-471121754)
Security
Russell, Deborah; GT Gangemi Sr. 1992. Computer Security Basics; OReilly.
(ISBN: 0-937175-71-4)
<
B10
Scripting
Perl, www.perl.com
Hoffman, Paul. 1997. Perl 5 for Dummies. IDG. (ISBN: 0-7645-0044-9)
Schwartz, Randal; Tom Christiansen, and Larry Wall. 1997. Learning Perl, 2nd edition.
OReilly. (ISBN: 1-56592-284-0)
Schwartz, Randal; Erik Olson, and Tom Christiansen. 1997. Learning Perl on Win32
Systems. OReilly. (ISBN: 1-56592-324-3)
Srinivasan, Sriram. 1997. Advanced Perl Programming. OReilly. (ISBN: 1-56592-220-4)
Release 4.6A/B

Vromans, John. 1996. Perl 5 Desktop Reference. OReilly. (ISBN: 1-56592-187-9)

Wall, Larry; Tom Christansen, and Randal Schwartz. 1996. Programming Perl, 2nd
edition. OReilly. (ISBN: 1-56592-149-6)
0DJD]LQHV
SAP Info: The Magazine of the SAP Group, www.press@sap-ag.de
SAP Technical Journal, www.saptechjournal.com
+HOSIXO7KLUG3DUW\,QIRUPDWLRQ
6$36HUYLFH&RQQHFWLRQ
SAP service connection to SAP (rcPack):

HS Network Technologies
950 Tower Lane, 12th floor
Foster City, CA 94404 USA
Tel.: (650)-286-3018, FAX: (650)-287-3372
%XVLQHVV&RQWLQXDWLRQ
<
Comdisco, www.comdisco.com
<
Disaster Recovery Journal, www.drj.com
<
DRI International, www.dr.org
<
IBM Business Recovery Services
<
SunGard Recovery Services, www.recovery.sungard.com
2UJDQL]DWLRQV
<
Americas SAP Users Group (ASUG), www.asug.com

For customers in the Americas, ASUG is the only vehicle to submit requests for
upgrades and enhancement to SAP.
:HE6LWHV
6$3
< SAP, www.sap.com
< mySAP.com, www.mySAP.com
< SAPNet, www.sapnet.sap.com
Note: you need a SAPNet user ID to access SAPNet
< SAP America, www.sap.com/usa
< SAP America, training, www.sap.com/usa/trainsupp
< SAP Labs, Simplification Group, www.saplabs.com/simple
< SAP Online Store, www.sap.com/store_index.htm
< SAP Complementary Software Program, www.sap.com/CSP
B11

6$3$IILOLDWHG
Americas SAP Users Group (ASUG), www.asug.com
7KLUG3DUW\
< SAP Fans, www.sapfans.com
< SAP Club, www.sapclub.com
< SAP Assist, www.sapassist.com
< ERP site, www.erpsupersite.com
< ERP central, www.erpcentral.com
,QWHUQHW1HZV*URXSV
<
<
<
<
B12
SAP-related
comp.soft-sys.business.sap
Other
comp.client-server
Operating Systems
UNIX
comp.os.unix
comp.unix.*
NT
comp.ms-windows.nt.*
Databases
Oracle
comp.databases.oracle.*
DB2
comp.databases.ibm-db2
Informix
comp.databases.informix
MS SQL server
microsoft.public.sqlserver.*
comp.databases.ms-sqlserver
Release 4.6A/B

Other Helpful Products: Contributed by Users
2WKHU5HVRXUFHV
2SHUDWLQJ6\VWHP
< UNIX
Digital Unix, www.unix.digital.com
HP UX, www.datacentersolutions.hp.com/2_2_index.html
IBM AIX, www.austin.ibm.com/software/aix_os.html
Siemens Reliant, www.siemens.com/servers/rm/rm_us/reliant.htm
Sun Solaris, www.sun.com/solaris
< NT
Microsoft, www.microsoft.com/ntserver
Microsoft TechNet, www.microsoft.com/technet
'DWDEDVH
< Oracle
Oracle, www.oracle.com
< SQL server
Microsoft, www.microsoft.com/sql
< Informix
Informix, www.informix.com
< DB2
IBM, www.software.ibm.com/data/
2WKHU+HOSIXO3URGXFWV&RQWULEXWHGE\8VHUV
The products listed here have been recommended by users and consultants and are
provided as a starting point for your research.
A listing of these products does not constitute an endorsement by SAP.
The following list is not all inclusive. These products have different features and prices,
which meet different requirements. It is your responsibility to test their compatibility with
your requirements and needs, and to select the product that is appropriate to your
installation. For products which have been certified by SAP to work with R/3, see
Complementary Software Program at www.sap.com/CSP.
As a precaution, you should test all third-party software for compatibility and stability on a
test system before installing them in a production environment. There are cases where a
program many conflict with another program(s) or the hardware, and crashes the system.
Testing software applies to both the server and workstation that the system administrator
uses.
B13

In an NT environment, if a particular task is mission critical, use a dedicated system to

perform that task. A dedicated system eliminates much of the potential for conflict.
81,;
%DFNXS
< Networker, Legato, www.legato.com
< OmniBack II, HP, www.hp.com/solutions/storage
0RQLWRU
< Performance monitor
Stopwatch, Envive, www.envive.com
< System monitor
OpenView, HP, www.openview.hp.com
6FKHGXOHU
< AutoSys, Platinum, www.platinum.com
< Maestro, Tivoli, www.tivoli.com
6SRRO0DQDJHPHQW
< Dazel for R/3, Dazel, www.dazel.com
2WKHU
< Messaging:
TopCall, Topcall Intl., www.topcall.com
17
%DFNXS
< ARCserve, Computer Associates, www.cai.com/arcserveit
< Backup Exec, Seagate, www.seagatesoftware.com
< OmniBack II, HP, www.openview.hp.com
< Ultraback, BEI Corp, www.ultrabac.com
0RQLWRU
< Log monitor
ELM, TNT software, www.tntsoftware.com
Provision Network Monitor (formerly AlertPage), Computer Associates
www.platinum.com/products/provis/po/nmon_pv.htm
< System monitor
LANDesk Server Manager, Intel, www.intel.com/network/products
NetIQ, NetIQ, www.netiq.com
B14
Release 4.6A/B

OpenView ManageX, HP, www.openview.hp.com

RoboMon, Heroix, www.robomon.com
5HPRWH&RQWURO
< Compaq Carbon Copy 32, Compaq,
www.compaq.com/products/networking/software/carboncopy
< LapLink for Windows NT, Traveling software, www.travsoft.com
< pcANYWHERE32, Symantec, www.symantec.com/pca
< Remote Desktop 32, Network Associates, www.nai.com
< Timbuktu Pro 32, Netopia, www.netopia.com
6FKHGXOHU
< Auto Task 2000, Cypress Technologies, www.cypressnet.com
< Event Control Server, Vinzant, www.vinsoft.com
< Launch Pad, Cypress Technologies, www.cypressnet.com
< crondSys, # ifdef Software, www.ifdef.com
< Schedule Wizard 98 (shareware)
6SRRO0DQDJHPHQW
< Dazel for R/3, Dazel, www.dazel.com
2WKHU
< Anti-virus
See SAP note 106267 for known problems with certain anti-virus programs.
InocuLAN, CA, www.cheyenne.com
Norton AntiVirus, Symantec, www.symantec.com
NT shield, Network Associates, www.nai.com
< FTP client
AbsoluteFTP, Van Dyke Technologies, www.vandyke.com
CuteFTP, GlobalSCAPE, www.cuteftp.com
WS_FTP, Ipswitch, Inc., www.ipswitch.com
< NT monitor
Quick slice, NT Resource Kit
< Time sync
TimeServ, NT Resource Kit
&RPPRQ%RWK81,;DQG17
<
<
UPS control
Powerchute, APC, www.apcc.com
Scripting
Perl, www.perl.com
B15

<
Time sync
Network Time Protcol, www.eecis.udel.edu/~ntp
<
Network Analyser
Sniffer, Network Associates, www.nai.com
1HWZRUN
B16
Release 4.6A/B
$SSHQGL[&8VHIXO6$31RWHV
&RQWHQWV
Overview ................................................................................................................. C2
In this chapter you will learn:
{Enter here} Objective 1 of

this chapter is to

this chapter is to blah blah
blah

blah blah

blah
R/3 Notes................................................................................................................. C2
Operating System Notes ....................................................................................... C6
Database Notes ...................................................................................................... C9
C1
Appendix C: Useful SAP Notes

Overview
2YHUYLHZ
The SAP notes are grouped by major area:
<
R/3
<
Operating System
<
Database
Within each group, the notes are grouped by category. As we assembled this book, these are
the notes we found important or useful. Many more notes exist for each group, many of
which are also important. You are encouraged to explore the SAP notes to see what other
notes would be of interest or importance to you.
Over time, some of these notes may become obsolete and get removed.
* SAP Notes used to be known as OSS notes.
** The Online Service System (OSS) is now known as SAPNet.
51RWHV
Category
C2
SAP Note #
Description
11886
Central syslog cut off
15466
Customer name range
21559
Examination of SAPgui problems
31557
The multi-client concept of R/3 overview
42074
Using the R/3 dispatcher monitor dpmon
45580
How are syslog files deleted?
86985
Release of SAP Releases for SAP add-ons (IS)
Batch
06604
Deleting job logs at the operating system level
Batch
11728
Background jobs with low priority
Batch
16083
Standard jobs, reorganization jobs
Batch
18307
Batch input logs and reorganization
Batch
24092
Distribution of background jobs on application servers
Batch
31503
FAQ: Background jobs
Batch
36280
Background work processes reserved for job class A
Batch
37104
Error analysis: Background processing system
Release 4.6A/B

R/3 Notes
Category
SAP Note #
Description
Batch
70639
How are batch jobs scheduled
CCMS
71364
Collective note: monitoring ST04, DB02, ST10, ST03 (30c-31h)
Client
07312
Create client 066 for EarlyWatch
Client
13391
Deleting/resetting a client (up to 3.0f)
Client
35952
Client deleted, space still filled in database
Client
40672
System changability and client control
Client copy
4010
Tables missing after client copy
Client copy
24853
CC info: Client copy, functionality in 3.0, 4.0
Client copy
47502
CC-TOPIC: Remote Client copy
Client copy
69556
CC-TOPIC: Missing tables and data
Client copy
70643
CC-TOPIC: Delete client
Client copy
84504
CC-TOPIC: SM29 transfers data in spite of cancel
Config
21636
RAM extension: Which changes to profile?
Config
31395
System parameters: Defined where? Displayed how?
Config
33576
Memory management (as of 3.0c, Unix and NT)
Config
39412
How many work processes to configure?
Config
44695
Memory management (as of 3.0c, AS400)
Ops mode
16845
Operation mode switch without background processes
Patches
19466
Downloading a patch from SAPSERVx
Patches
29372
Unpacking CAR archives
Patches
33525
Important information about SAP patches < 3.1H
Patches
37617
Patches
53902
Conflicts between Hot Packages / LCPs and Add-Ons
Patches
63786
FAQ Frequently Asked Questions: sapservX
Patches
63845
Corrections on SAPSERVx searching for files
Patches
73510
Problems during upgrade of patched source release
Patches
74545
Problems when unpacking CAR archives
Patches
79376
Installation of the 3.1H kernel
Patches
80117
Admin functions in Online Service System
Patches
82264
Important information about SAP patches >= 3.1H
C3

R/3 Notes
C4
Category
SAP Note #
Description
Patches
85820
Patch is not displayed in patch queue
Patches
86241
HR Legal Change Patches for the HR component
Patches
87432
Contents of and applying LCPs
Patches
89089
Configuration of R/3 systems for LCPs
Patches
96885
Downloading a front-end patch from SAPSERVx
Patches
97621
Patches
97623
Patch types
Patches
97630
Known problems with patches >= 3.1H
patches
104664
OCS info: applying patches from CD
Patches
119738
Problems during upgrade with too new hot packages
Patches
169142
Patches
173814
OCS: Known problems with Support Packages Rel. 4.6
Problems
15374
Checklist: Performance analysis
Problems
16513
File system is full what do I do
SAPNet
15641
Print/download in Online Service System
SAPNet
22235
OSS1: What to do if R/3 does not run?
SAPNet
26740
Online Service System registration form, North America (for

customers without existing Online Service System accounts)
SAPNet
29501
Search procedure for notes and messages in Online Service System
SAPNet
31515
Service connections
SAPNet
32411
The priority of your Online Service System message is changed
SAPNet
32789
OSS Quick reference sheet
SAPNet
33221
Easy to use guide for transaction OSS1 (SAPSERV4)
SAPNet
40024
Transferring customer files to sapservX via FTP
SAPNet
40866
Information required for registration keys
SAPNet
45027
User maintenance and creation in Online Service System for

customer
SAPNet
69224
Access to the SAPNet server with Online Service System user id
SAPNet
69378
Inbox BIBO in OSS/O01
SAPNet
74313
New customer messages in Online Service System
Release 4.6A/B

R/3 Notes
Category
SAP Note #
Description
SAPNet
75002
Confirmation of Online Service System registration
SAPNet
75686
Changing/Deleting Online Service System users and installations
SAPNet
80618
Access to Online Service System services via the internet
SAPNet
81908
Change to Online Service System user data
SAPNet
169296
Integrating service connections into maintain system data
SAPNet
169329
New functions in the SAPNet as of 09-05-06/99
SAPNet
170102
Automatic opening of a service connection
SAPNet
171569
Maintaining service connection in system data maintenance
SAProuter
30289
SAProuter documentation
SAProuter
30374
SAProuter installation
SAProuter
87388
Download SAProuter by FTP from sapserv#
Security
23611
FAQ concerning R/3 security
Security
39267
R/3 Security Guide
Security
48018
Data security in R/3
Spool
02510
Printer off: What happens to the data?
Spool
03255
Spool log with bad print control Sxxxx
Spool
06427
How do you transport a printer definition
Spool
08462
Performance problems spool output
Spool
09876
Cannot read my hostname
Spool
10551
Table TST03 (tablespace PSAPPROTD) size increasing
Spool
10743
Name of PC longer than 8 characters
Spool
10755
Long name for routing computer
Spool
11070
Space requirements of TemSe and spooler
Spool
12550
Problems with remotely connected printers (WAN)
Spool
18706
Tuning the spooler
Spool
23389
Transporting printer definitions
Spool
25941
R/3 does not find host name
Spool
26009
R/3 does not print, first steps
Spool
27831
Priority of output requests?
Spool
29666
Authorizations for spool requests
C5

Operating System Notes
Category
SAP Note #
Description
Spool
30187
Viewing completed print data for output device.
Spool
48914
Output requests are partially delayed
Spool
64333
Change default value for spool retention period
Spool
64337
Transport output devices (printer)
Spool
64628
Using network printers from R/3
Spool
78401
Download a list from SAP spool
Start/stop
00387
Problems when starting up a DB
Start/stop
17108
Shared memory still present, startup fails
TMS/CTS
5668
Transporting report writer ojbects
TMS/CTS
11599
Reversing transports (not possible to do)
TMS/CTS
13807
Analyzing Correction & Transport System problems
2SHUDWLQJ6\VWHP1RWHV
&RPPRQWR0XOWLSOH2SHUDWLQJ6\VWHPV
Category
SAP Note #
Description
80266
Installation of NT application servers in a UNIX environment
28781
Central transport directory NT/UNIX
SAP Note #
Description
28665
Central syslog under NT
89510
Installation notes for pcANYWHERE
Backup
71440
Problems when restoring DLT tapes with NTBackup
Config
22240
Windows NT Control Panel settings
Config
28392
Two systems on one NT machine
Config
31559
Setting environment variables for NT kernel
Config
31563
Setting environment variables for NT kernel
Config
33772
The correct configuration of Dr.Watson
17
Category
C6
Release 4.6A/B

Category
SAP Note #
Description
Config
65761
Configuration problems under Windows NT
Config
68544
Memory management under Windows NT
Config
74810
Notes on SAP services and NT registry
Config
75354
Multiple SAP instances on NT
Config
88416
Zero Administration Memory Management as of 4.0A/NT
Eventlog
72616
Syslog messages in the NT event log
Patches
29372
Unpacking .car archives
Patches
74545
Problems when unpacking CAR archives
Perfmon
102390
Use of NT performance monitor
Perfmon
110529
Professional use of the NT performance monitor
Problems
10616
Saposcol or collector not running
Problems
21790
WinNT: problems with notepad.exe
Problems
44803
Connection reset by peer
Problems
49776
Evaluating Dr.Watson log file
Problems
51781
Problems with SAPPAD
Problems
53211
Win NT appears to hang, SAP service problems
Problems
70572
SAP R/3 background problems on Win NT
Problems
100972
Help for analyzing a Win NT blue screen
Problems
122288
Win 3.51/4.0 no longer responds (hangs)
Problems
129813
NT: Problems due to address space fragmentation
SAProuter
41054
SAProuter as a service
Security
36462
Note for Oracle security on WinNT
Service pack
30478
Service Packs on Windows NT
Service pack
85582
High memory requests under NT 4.0 SP 3 fail
Start/stop
32182
Windows NT: Event log message when starting R/3
Start/stop
35388
Problems on STOP/START of R/3 via NT scheduler
TMS/CTS
28781
TMS/CTS
62739
Configuring a central transport host
Virus
106267
Problems with certain anti-virus software
C7

81,;
Category
SAP Note #
Description
21960
Two instances/systems on one UNIX computer
28781
80266
Installation of NT application servers in a UNIX environment
AIX
48689
IBM service, fixes and patches
AIX
64885
R/3 relevant operating system patches for AIX
Digital
72984
Release of Digital UNIX 4.0B for Oracle
Digital
39698
cpio generated when restoring sparse files
Digital
136653
Performance problems on Digital UNIX 4.0D and 4.0E
HPUX
06599
Sudden performance decrease, in UNIX too
HPUX
41596
HP-UX: problem solving using HP-UX patches
HPUX
64884
R/3 relevant OS patches for HP-UX
HPUX
99224
HP-UX Operating System patches
HPUX
99527
Problems with MC Service Guard
HPUX
101229
Informix: HPUX 10.20 patches
HPUX
143527
End of support for HP-UX 10.20, HP-UX 10.10, HP-UX 10.01
SUN
64887
R/3 relevant operating system patches for Solaris
SUN
71479
Solaris recommended patches
SUN
101883
R/3 relevant patches for Solaris 2.6
SUN
172524
Time stamp is incorrect
SUN
182552
Y2K patches for SOLARIS
Category
SAP Note #
Description
Config
44695
Memory management as of 3.0C, AS/400
Copy
49023
Client copy
CTS
37987
Importing transports
Patches
60856
OSS1 and hot packages
Performance
49201
Performance settings
$6
C8
Release 4.6A/B

Database Notes
Category
SAP Note #
Description
Performance
107104
4.0B kernel performance
Problem
125705
R/3 hangs in STARTSAP
Problem
154599
R/3 cannot be started/shmget fails
Problem
162580
Roll memory leak & SYSTEM_CORE_DUMPED
Problem
163022
Work process terminate abnormally
SAProuter
65600
SAProuter
'DWDEDVH1RWHV
0664/VHUYHU
Category
SAP Note #
Description
62849
news, compilation of notes

This note is important for SQL server installations.
28667
MS SQL Server specific profile parameters
67320
Basic knowledge of MS SQL Server
85846
Released operating systems R/3 4.0x/4.5x MS SQL Server
95901
R/3 on MS SQL Server release strategy
126131
Installing add-on on MS-SQL svr 3.x
159171
Recompilation of Stored Procedures
163315
MS SQL 6.5 end of support
7.0
82035
Improvements for MS SQL Server 7.0
7.0
95600
Installation of SAP R/3 on SQL Server 7.0
7.0
138392
SQL Server 7 and Vertex database
7.0
153802
Deleting transaction log files in MSSQL 7
7.0
160178
MSSQL 4.6A minimum corrections
7.0 conv
92410
DB conversion from MS SQL 6.5 to 7.0
7.0 conv
104392
Additional info: conversion 6.5/7.0 MS SQL Server
7.0 conv
107471
Special SQL Server 7.0 conversion methods
7.0 conv
107483
SQL Server 7.0: conversion on Alpha
C9

Database Notes
C10
Category
SAP Note #
Description
7.0 conv
129122
Conversion SQL Server 6.5/7.0 consultant companies
7.0 conv
130689
Conversion of multiple R/3 systems from 6.5 to 7.0
Backup
37152
SQL Server backup to a dump file
Backup
44449
Backup strategies with MS SQL Server
Backup
48585
Database copy
Backup
50990
DB Backup/Restore of Microsoft SQL Server
Backup
68818
Error in SQL Server backup/restore
Backup
70300
Backup/restore (compilation of notes)
Backup
151603
Copying a SQL Server 7.0 database
Backup
153763
Sub-optimal tape backup performance
Backup
166588
File backup with SQL server 7.0
CCMS
36637
SAP database monitor for MS SQL Server 6.5
CCMS
77434
New sched. Calendar in CCMS (DB13) SQL Server 6.5
CCMS
139945
SAP database monitor for MS SQL Server 7.0
CCMS
141118
New scheduling calendar in the CCMS (DB13) SQL Server
Client copy
85443
Client copy
Config
67071
Moving database devices
Config
70517
Restructuring a SQL Server installation
Config
80102
Device management for MS SQL Server
Config
97066
Running two SAP R/3 systems on one sever
Config
126808
Configuration parameter for SQL Server 7.0
HA
111372
Stand-by database for MS SQL Server
Kernel
77012
Spool, batch enhancements in kernel
Maint
67437
DBCC checks
Maint
142731
DBCC checks for SQL server 7.0
Performance
38657
Slow performance of R/3 on MS SQL Server
Performance
61340
Update statistics on MS SQL Server system tables
Performance
76052
Update statistics on database tables
Problems
67297
Error 1105 trans/db log full
Problems
79262
Incorrect database and log size in DB02 and ST04
Release 4.6A/B

Database Notes
Category
SAP Note #
Description
Problems
79883
Incorrect database freespace alert displayed
Problems
81692
Suspect database
Problems
87027
Fill level database logs
Problems
87029
Fill level of the database and log
Problems
111291
Analysis and avoidance of deadlocks
Problems
129190
Problems with Performance Monitor and SQL Server 7.0
Problems
150495
Deadlocks with MS SQL 7
Problems
155402
Analysis of hanging situations
Problems
166861
Analysis of DB13 problems
Problems
168408
R3load process dies directly during a start
Recovery
50745
Database restore for SQL Server
Recovery
70161
SQL error 916 and 4001 after restore
Recovery
82699
Rebuild master database
Recovery
94213
Point-in-time-recovery fails
Security
28893
Changing password of users sapr3
Security
116225
Password change for database user sapr3
Service pack
62988
Service Packs for MS SQL Server
Service pack
66365
Windows NT service packs (problems caused by)
Service packs
159069
SQL Server 7.0 service pack 1 install terminates
Service packs
159268
Service Pack installation on MS SQL server 7.0
SAP Note #
Description
80625
Released operating systems R/3 3.x/4.x DB2 for OS/390
85842
Released operating systems R/3 4.0x DB2/CS
Copy
111206
390: Homogeneous System Copy
Performance
92795
390: R3trans performance improvements
Performance
97014
390: R3trans performance improvement
Performance
122599
390: Performance of the update
'%8'%
Category
C11

Database Notes
Category
SAP Note #
Description
Performance
107123
400: Performance improvement on the database server
Problems
54028
400: Overflow in SQL package. SQL0904, SQL0901
Problems
84270
390: Deadlocks on TPFBA and TPFID
Problems
97449
390: Unspecified core dumps with HPDT UDP
Problems
98306
390: Tablespace name not set
Problems
141527
390: Generation of matchcode objects fail
Problems
149292
UDB: DB2adut1 displays no journals
Problems
151085
CS: Some work process end with SQL1403
Problems
163356
390: Signal 11 during DDIC operations
Restore
78332
CS: Database crash/core in restore from ADSM
Restore
163731
CS: Restore Terminates with SQL0973
Security
80292
Security DB2 with R/3 under NT
SAP Note #
Description
93264
Informix: Important News
53746
Use of correct Informix versions
62340
INFCFGCHECK: Download and First steps
64001
INFCFGCHECK: Detailed messages of single checks
71776
INFCFGCHECK: Automate database checks
85840
Released operating systems R/3 4.0x Informix
93868
BC511 Instructors contributions
AIX
102204
AIX 4.3 patches necessary with Informix
Backup
11462
Informix: Copying and renaming an R/3 database
Backup
167878
Informix: Copying and renaming an R/3 database
CCMS
66322
CCMS Database administration (DB13)
Config
12825
Installation of two R/3 systems on one host
Config
41360
Database configuration via onconfig parameter
Config
141054
Informix environment parameter for 7.3x
,QIRUPL[
Category
C12
Release 4.6A/B

Database Notes
Category
SAP Note #
Description
Document
154895
Ordering additional Informix documentation
HPUX
41596
HP-UX Problem solving using HP-UX patches
HPUX
101229
Informix: HPUX 10.20 patches
Maint
22941
Reogranization of table and dbspaces
Maint
29155
Consistency check of an Informix database
NT
126175
Service Pack 4 on NT4.0 with Informix IDS 7.X
Performance
38307
Reducing shared memory consumption
Performance
156766
Performance problems with Informix 7.3x
Performance
184760
Update Statistics: SAPDBA Rel.>=4.6A old strategy
Problems
31171
DB start/stop brings warnings
SOLARIS
48338
Problem solution through SOLARIS/SUN patches
Y2K
187183
Downloading the ON-Archive Y2K patch
SAP Note #
Description
85838
Released operating systems R/3 4.0x Oracle
112325
End of Cust Care Support Oracle 7.3.*
01039
Problems with ORACLE TWO_TASK linking
01042
ORACLE TWO_TASK connect failed
96397
OS06: Unable to open file os_sys.log
125242
Do not alter MAXEXTENTS on dictionary tables
128221
Increased memory consumption with Oracle 8
AIX
51396
Kernel extensions on AIX SMP computer
BR
02239
cpio with BRBACKUP and BRARCHIVE
BR
12593
BRBACKUP on several different tape drives
BR
13550
Using BRBACKUP and BRARCHIVE
BR
43494
Collective note: BRBACKUP, BRARCHIVE, BRRESTORE
BR
43499
Collective notes concerning DBA tools
CBO
93098
Changes to the upgrade to 4.0 CBO Oracle
2UDFOH
Category
C13

Database Notes
C14
Category
SAP Note #
Description
CBO
93256
CBO: changes for installation of 4.0
CBO
127715
CBO: Optimal parameters for performance
CCMS
85609
Offline backup via CCMS/DB13 not possible
Config
03809
Changing the size of the redo log files
Config
09705
Mirroring the ONLINE REDO LOG FILES
Config
94801
Environment variables for Windows NT
HPUX
92788
HP-UX/Oracle: hanging LGWR
Patches
127395
Current patch set for Oracle release 8.0.5
Patches
181195
Current patch set for Oracle release 8.1.5
Performance
33868
Performance problems NT 3.51 / Oracle / TCP/IP
Performance
72638
Performance problems with SQL*Net V2
Performance
102042
System hang on AIX SMP computers under high load
Performance
114716
Performance problems Oracle 8.0.4/all entries
Problems
33735
Archiver stuck in Windows NT
Problems
38006
Ora-1631 max extents reached. Which table?
Recovery
03804
Restoring from a full backup
Recovery
04157
General flowchart for Oracle recovery
Recovery
04160
Tape management for recovery
Recovery
04161
Complete recovery
Reorg
12921
Reorganization of SYSTEM tablespace
Reorg
40521
Reorganization (external tools)
Reorg
43487
Collective note: SAPDBA reorganization
SAPDBA
12621
SAPDBA speeding up reorganization
SAPDBA
15465
SAPDBA shrinking a tablespace
SAPDBA
19193
SAPDBA size and reorg of table space PSAPTEMP
SAPDBA
29348
SAPDBA reorganization of single table; PSAPTEMP
SAPDBA
42293
SAPDBA new command line option analyze
SAPDBA
43486
Collective note: General SAPDBA
SAPDBA
43490
Collective note: SAPDBA Recovery
SAPDBA
43491
Collective note: SAPDBA command line options
Release 4.6A/B

Database Notes
Category
SAP Note #
Description
SAPDBA
44395
SAPDBA: missing indexes after reorg run
SAPDBA
44595
SAPDBA: general procedure for reorganizations
Security
36462
Note for Oracle security on WinNT
Start/stop
02775
Oracle cannot be started
SUN
44361
Sun Solaris: database does not start after patch
SUN
116453
Backup via DB13 on Solaris Oracle 7.3.3
SUN
183292
Oracle crash because of kernel AIO bug on Sun
Tablespaces
02425
Function of tablespaces/Dbspaces on the database
Tablespaces
03807
Tablespace PSAPROLL, rollback segments too small
Tablespaces
09321
Next-extents in ORACLE system tables are too large
Tablespaces
39650
Maximum number of extents per tablespace
Upgrade
89691
Additional info: migrating to Oracle 8.0.3
Upgrade
98507
Additional info: migrating to Oracle 8.0.4
Upgrade
111922
NT/Oracle >= 7.3.3.4 necessary
Upgrade
126137
Additions Oracle upgrade to 8.0.5 UNIX 64 bit
Y2K
172380
Oracle Y2K bugs and fixes
C15

Database Notes
C16
Release 4.6A/B
$SSHQGL['8SJUDGH'LVFXVVLRQ
&RQWHQWV
Upgrade Discussion .............................................................................................. D2
Upgrade Issues ...................................................................................................... D3
Other Considerations ............................................................................................ D3
D1
Appendix D: Upgrade Discussion

Upgrade Discussion
8SJUDGH'LVFXVVLRQ
:KDW
An upgrade is an updating of your R/3 System.

:K\
The question of whether to upgrade your system to a new release depends on many
complex factors. Most importantly, the decision to upgrade should be based on business
need. Some of these factors are outlined below:
<
<
Desired functionality in new release

This can be found in the release note for the specific release.
Problem fixes and resolutions
<
The need to be on a supported release
5HDVRQV1RWWR8SJUDGH
Some reasons not to upgrade include the following:
<
Costthe following items could increase the cost of your upgrade.

You need to:
Upgrade the database and operating system (if required)
Purchase and install additional hardware (if required)
Test to find problems with the upgrade
Upgrade the SAPgui on the users computers
Find the time to do all the above
<
Disruption for users, especially if there is no functional enhancement for them.
<
Diversion of resources (Company resources that could be applied to other tasks would
be assigned to upgrading the R/3 System.)
<
Desire to be on the latest release (While desirable for a personal resume, this reason is
not a valid business reason to upgrade your system.)
:KHQWR8SJUDGH
In deciding to upgrade your system, ask yourself the following questions:
<
Have the reasons for upgrading and not upgrading been analyzed?
<
Has the business need criteria been met?
<
If you installed any Industry Solution (IS), are IS patches available for the new
release?
If the patches are not available, you cannot upgrade.
D2
Release 4.6A/B

Upgrade Issues
8SJUDGH,VVXHV
An upgrade can be more complex than a new implementation because:
<
There is real data on the system that is being upgraded.

If the upgrade fails, the companys operations could be affected and business could stop.
This failure would require you to recover the database (refer to the section on disaster
recovery).
<
The system is unavailable for users during a portion of the upgrade process.
The technical downtime is 612 hours. In addition, many other tasks are performed
around the backup that could increase this downtime significantly. System downtime
could significantly impact the operations of the business during this period.
<
Upgrade changes could require changing configuration, testing, training, and

documentation.
<
Changes require regression testing:

Do business processes function as they did before?
Does custom code need to be changed due to changes from the upgrade?
2WKHU&RQVLGHUDWLRQV
6RIWZDUH,VVXHV
The following software has to be compatible with the R/3 release you plan to upgrade to:
<
Database
<
Operating system
<
Third-party applications that compliment the R/3 System (for example, external tax
packages, job schedulers, system monitors, spool managers, etc.)
+DUGZDUH
<
The upgrade requires free working space on disks to run.

The amount of space required differs with operating system and database.
Some of the space is released after the upgrade; other space is permanently used.
<
As each release adds functionality, the required disk space, processing power and
memory required generally tends to increase.
A system configuration that was adequate for one release may be inadequate for a later
release. This is especially apparent when jumping release levels; example upgrading
from 3.1H to 4.6B. The following table is compiled from SAP notes:
D3

Other Considerations
SAP Release
CPU increase %
Memory increase %
3.1H to 4.0B
30
30
4.0B to 4.5B
20
20
4.5B to 4.6A
10
30
3HUIRUPDQFH
Upgrade performance is difficult to predict. Performance is sensitive to a variety of
variables, some of which can have significant impact. Therefore, an upgrade of the test
system should be done to determine timing values for your configuration.
The following are a few of the factors that affect the performance of an upgrade:
D4
<
Database and operating system
<
Hardware
Processor (number of processors and speed of each)
Memory (amount available)
Drive array
Performance factor (especially for writes)
Configuration (minimize or eliminate drive or channel contention)
Other I/O hardware (minimize or eliminate data channel contention)
<
Data volume for changes to tables that contain data
Release 4.6A/B
,QGH[
A
ABAP
dump analysis
free selection, 1049
in general, 415, 1048
performing, 45
simple selection, 1049
dump definition, 415, 1048
editor, 1055, 1056, 1156
execute, 82, 1155
Active processes, 915

Active users, 1043, 1234
Adding additional systems
in general, 1215
SAP logon, 1215
Administrator
access key, 2016, 2020, 2123, 2127
guidelines. See System guidelines
requirements of, 14
roles
external to R/3, 13
factors that determine, 12
within R/3, 12
AIS. See Audit Information System (AIS)

Alert monitor
accessing, 104
acknowledge alerts, 1014
adding a monitor, 1024
alert threshold, 159
alert, finding, 107
analyze alerts, 1013
checking, 44, 53, 54
create new monitor set, 1023
hiding SAP standard monitor sets, 1019
maintaining thresholds, 1017
views, 105, 1012
Alerts
acknowledge, 1014
analyze, 1013
database, 46
finding, 107
maintaining thresholds, 1017
messages, 1515
operating system, 46
parameters, 1516
threshold, changing, 159
views, 105, 1012
Annual tasks checklists

database, 83
notes, 84
other, 84
Application server, 114, 94, 162

Audit Information System (AIS)
business, 1141
complete, 1138
in general, 1137
system, 1139
user defined, 1142
Audits
business, 1141
check for validity, 1157
complete, 1138
considerations, 115
different users, 1153
financial, 114
in general, 114
information system. See Audit Information System
(AIS)
security, 115, 1125
security logs
filter group 1, 1149
in general, 1144
parameters, 1147
running, 1146
specific reports, 1156
system, 1139
tasks, 1157
tools, 1137
user defined, 1142
user security jobs, 1154
B
Background jobs
batch, 163
creating, 168
housekeeing, 164
incorrect, 1620
new, 1620
I1
Index
others, 165
performance, 164
performance factors, 165
regularly scheduled jobs, 164
scheduling, 168
select, 44, 48, 411, 72, 75, 1615
user ID, 164
Backup
archive procedures and policies, 313
checking, 1638
checklist, strategy, 312
database, 33, 312, 1315, 1319, 1636, 1638
dedicated drives, 323
design strategy, 39
differential, 37
frequency, 33
full, 37, 1636
in general, 31, 33, 1636
incremental, 37
initalizing tapes, 1318
NTBackup, 1640, 1641
offline, 38, 1324, 1636
on-demand, 39
online, 38, 1319
operating system level, 36, 312, 1640
performance
database restore options, 323
factors affecting, 320
faster devices, 321
in general, 320
options, 321
parallel backup, 322
recovery, 323
periodic archivals, 1636
procedures
archiving, 310
database check, 311
in general, 310
monitoring/controlling, 311
verifying backups, 310
scheduled, 39
sites, 218
storage
in general, 318
offsite, 318
onsite, 319
strategy, 32
supplementary, 310
tape label, 1313
tape management
handling tapes, 316
in general, 313
labeling tapes, 313
retention requirements, 317
I2
tracking and documenting tapes, 313, 315

transaction logs, 35, 312
types, 36
UNIX level, 1640
verify, 49
Batch input, 45, 413, 1620

Batch jobs, 911, 1010, 163, 165, 1620, 1621
Books, B3, B7
Buffers
definition, 198
hit ratio, 199
importing, 1718
performance, 414, 198
special transport, adding into import buffer, 1725, 17
34
swaps, 199
tune summary, 45, 414, 198
Business requirements, disaster recovery. See

Disaster recovery, business requirements
C
CAR files, 2213
Cascade failures, minimizing, 219
CCMS alert monitor. See Alert monitor
Central instance, 93
Change control
in general, 179
managing transports, 1712
Checklists
annual tasks
database, 83
notes, 84
other, 84
backup strategy, 312
daily tasks
database, 46
notes, 47
other, 47
R/3 System, 44, 48
monthly tasks
database, 62
notes, 65
other, 64
quarterly tasks
database, 73
notes, 74
other, 74
stopping R/3, 95
Release 4.6A/B
Index
weekly tasks
database, 53
notes, 54
other, 53
Cleaning tape drive, 1512

Client copy
copy to different system/SID, 2350
copy to same system/SID, 2347
copying, 2347
create, 2344
deleting a client, 2352, 2353
in general, 2342
log, 2354
post-client copy tasks, 2352
processing notes, 2343
production system, 2357, 2358
SAP notes, 2343
security, 2344
Client-dependent changes, 1115

Client-independent changes, 1114, 1115
Consumable supplies
checking, 1642
critical, 1642
other considerations, 1644
Contracts, maintenance, 1514

Correction support, online, 2024
Crash kit
in general, 212
inventory list, 213
location, 213
Critical tasks
daily tasks, 49
database, 1638
operating system level backups, 1640
verify backups, 49
verify R/3 is running, 49
Customer messages, 208. See SAPNet R/3

Frontend, customer messages
SAPNet-Web, 208
D
Daily tasks
checklists
database, 46
notes, 47
other, 47
R/3 System, 44, 48
Dangerous transactions
recommended lock table, 1118
restricted access table, 1121
Database (DB)
administration. See Database administration (DBA)
alert, 46
backup, 33, 312, 1315, 1636
checking backup, 311, 1638
checklists
annual tasks, 83
daily tasks, 46
monthly tasks, 62
quarterly tasks, 73
weekly tasks, 53
passwords, 1136
performance, 54, 65, 134, 1911
performance analysis, 46, 415
performance tables, 52, 62
server, 114, 93
TemSe. See Temporary Sequential (TemSe)
Database administration (DBA). See also Database

(DB)
activity, 134
allocation, 137
backup tape label, 1313
backups with Microsoft tools, 1319
checking backup, 1315
deleting planning calendar entry, 1314
error logs, 1328
in general, 131
initializing backup tapes, 1318
Microsoft SQL server, 1328
online backup, 1319
passwords, 1330
performance, 54, 65, 134
performance monitor, 134
scheduling, 139
starting the database, 132
statistics, 1329
stopping the database, 132, 133
verify consistency, 1329
DB. See Database (DB)

DDIC, 1126, 125
Defragmentation, memory, 1910
Deleting user session, 1232
Deleting users. See Locking, users
Disaster
definition, 22
minimizing opportunities
cascade failures, 219
human error, 218
in general, 218
single points of failure, 219
Disaster recovery
applications, up or downstream, 217
I3
Index
backup sites, 218

business continuation, 215
business requirements
defining, 24
in general, 24
performance, 32
who provides, 24
crash kit. See Crash kit
disaster, minimizing. See Disaster, minimizing
opportunities
downtime, 25
integration, 216
offsite, 27, 216
onsite, 27
planning, 23, 24
recovery
groups, 26
process, 211
scripts, 211, 215
time, 26
scenarios
corrupt database, 28
hardware failure, 28
in general, 28
loss or destruction of server facility, 29
staffing, 26
testing, 216
types, 27
when to begin, 25
Guidelines. See System guidelines
H
Hardware
central processing unit, 1915
disk, 1915
in general, 1915
memory, 1915
review, 1515
Help. See System guidelines

High availability (HA) options, 23
Hit ratio, 199
Hot packages. See Support Packages
Housekeeing jobs, 164
Human error, minimizing, 218
I
Insider trading, 113
Instance
definition, 114
operation mode, 1625
K
Keep it short and simple (KISS), 17, 310
Kernel upgrade, 2340
KISS. See Keep it short and simple (KISS)
Downstream applications, 217
E
EarlyWatch session, 2214
External interfaces, 915
F
Failed updates. See Update terminates
File space
old transport files, 1511
usage, 156
Forms
Detailed Online Service System Note Record, 1711
General Note Record, 1710
R/3 User Change Request, 126
Sample Transport Request, 1714
Free space. See File space

Frontend software. See SAP GUI
L
LCP. See R/3 HR Support Packages
Legal change patches (LCP). See R/3 HR Support
Packages
Lock entry list, 44, 412
Locking
client
modifiable, 1117
permanent, 1116
dangerous transactions table, 1118, 1121
logon, 1227
prohibited password table, 1130
service connection, 2130
transaction codes, 83
transactions, dangerous, 1117
users, 75, 84, 1129
Locks
definition, 412, 1041
deleting, 1042, 1043
Graphical job monitor, 48, 411, 1619
I4
Release 4.6A/B
Index
M
Maintenance
basic, 234
contracts, 1514
extended, 234
special, 231
table. See Table maintenance
user, 72, 75, 1224
Management, change
change control, 179
Memory
defragmentation, 1910
hardware, 1915
Microsoft SQL server, 1328

in general, 131
online backup, 1319
Modes. See Operations, modes

Monthly tasks checklists
database, 62
notes, 65
other, 64
Multi-role tasks checklist, stopping R/3, 95

mySAP, B11
N
New user setup. See Users, new user setup
NTBackup, 1324
O
Operating system (OS)
alert threshold, 159
alerts, 46, 152
checklists
annual tasks, 83
daily tasks, 46
monthly tasks, 63
quarterly tasks, 73
weekly tasks, 53
file space usage, 156
full server backup, 1636
monitor, 46, 411, 1911
NT event log, 155, 1515, 1516
old transport files, 1511
system logs, 153
tasks, 152
transporting method, 1734
Transporting objects, 1716
Operational security

management change, 1127
passwords, 1128
sharing of user IDs, 1127
Operations
consumable supplies, 1642
critical supplies, 1642
in general, 161
modes
adding new, 1626
assigning, 1632
assigning instance definition, 1625
define, 1623
generate instance, 1625
in general, 1621
work processes defining distribution, 1629
OS. See Operating system (OS)

OSS notes. See SAP notes
Output management
in general, 141
output printing, 1415
printer setup, 142
printing screen, 1418
spool check
consistency, 1421
deletion, for, 1412
printing problems, for, 149
P
Paging system, 1515
Passwords. See also Security, passwords
changing, 1134
database, 1136
database administration, 1330
eliminating easy, 1129
expiration time, 74, 1129
in general, 1128
length, 74, 1129
lockout, 74, 1129
maintaining table of prohibited, 1130, 172
operating system level, 1135
purpose, 75
recording, 1131
resetting, 1226
sample tables, 1132
security parameters, 74, 1129
standards, 1129
system administration, 125
Patch
application verification, 2337
confirmation, 2336
level, 185
I5
Index
logs, 2335
queue, 2332, 2333
extended, 234
Profile, definition, 2310
Performance
background jobs, 164
backup
database restore options, 323
factors affecting, 320
faster devices, 321
in general, 320
options, 321
parallel backup, 322
recovery, 323
to disks then tapes, 322
buffers, 414, 198
critical assumption, 192
database, 54, 65, 134, 1911
evaluation priority, 193
memory defragmentation, 1910
R/3, 194
workload analysis, 414
Permission creep, 1158

Policies
backup frequency, 33
supplementary backups, 310
system adminstration, 125
user administration, 123
Printer setup
in general, 142
Procedures
backup
archiving, 310
database check, 311
in general, 310
monitoring/controlling, 311
roles and responsibilities, 311
verifying backups, 310
system administration, 125
user administration, 123
Production refresh strategies

client copy with data, 2357
client copy without data, 2358
database copy of production system, 2357
in general, 2356
Production system
not modifiable, 1113
preventing changes, 84
Profile Generator, 122

Profile parameters, system
administration data, 234
editing, 72, 74, 232
maintenance
basic, 234
I6
Q
Quarterly tasks checklists
database, 73
notes, 74
other, 74
R
R/3 HR Support Packages, 2311
R/3 System. See also System
active processes, 915
administration. See System administration; User
administration
batch jobs. See Batch jobs
checking for users, 99
with application servers, 910
without application servers, 99
checklists
daily tasks, 44, 48
stopping R/3, 95
definition, 114
external interfaces, 915
guidelines. See System guidelines
performance. See Performance
starting, 92
stopping, 95, 916
R/3 system administrator. See Administrator

Recovery. See Disaster recovery
Recovery groups, 26
Recovery scripts
business continuation, 215
creating, 211
definition, 211
Regression testing, 2339

Remote services
CAR files, 2213
downloading files, 229
EarlyWatch, 2214
FTP client example, 224
in general, 221
SAP, retrieving files, 222
SAPSERV4
connecting using a GUI (NT), 223
connecting using command prompt, 226
navigating, 226
partial organization, 2210
retrieving files, 222
unpacking files, 2213
Release 4.6A/B
Index
Restore
reasons for, 32
strategy, 32
testing, 33
Retrieving files, 222

Return codes, transport, 1738
S
SAA. See System Administration Assistant (SAA)
SAP GUI
adding additional systems, 1215
installing
file server, from, 128
presentation CD, from, 1214
software, 128
SAP notes, 324, 179, 2031, 213, 2131, 2214, 23

39, 2343
SAP Patch Manager. See Support Package Manager
(SPAM)
SAP resources, B2
SAP*, 1126, 125
SAPNet, B5
SAPNet R/3 Frontend
action log, 2116
confirm, 2121
connecting to, 213
customer messages
component, 2010, 2111
in general, 2110
problem description, 2010, 2111
finding notes, 216
in general, 211
long text, display, 2117
message status, 2115
notes. See SAP notes
prerequisites, 212
problem researching, 216
reopen, 2118
SAPNet R/3 Web Frontend

developer
deletion, 2019
registration, 2015, 2017, 2122
in general, 201
installation note searching, 207
logging on, 203
note searching, 205
object
deletion, 2023
registration, 2015, 2019, 2122, 2126
online correction support, 2024
online services, 204
problem solving, 205

Support Package Manager (SPAM). See Support
Package Manager (SPAM)
SAPSERV, 222
SAPSERV4, 222, 223. See also Remote services,
SAPSERV4
Scenarios, disaster
corrupt database, 28
hardware failure, 28
in general, 28
loss or destruction of server facility, 29
Scheduling
database tasks, 139
Security. See also Security administration

access, 117
administration. See Security administration
application, 119
audit log
in general, 1144
parameters, 1147
review, 52
running, 1146
authorization maintenance, 82
auto logout, 1041
client copy, 2344
client-dependent changes, 1115
client-independent changes, 1114, 1115
controlling access, 1111
data, 1110
DDIC, 1126
definition, 112
layers, 116
multiple user logins, prevent, 1111
network, 118
NT audit function, 155
operational, 1125
operational security, 119
passwords. See also Passwords
changing, 1134
database, 1136
eliminating easy, 1129
expiration time, 74, 1129
in general, 1128
length, 74, 1129
lockout, 74, 1129
maintaining table of probibited, 1130
operating system level, 1135
parameters, 74, 1129
purpose, 75
recording, 1131
sample tables, 1132
standards, 1129
I7
Index
permission creep, 1158

physical, 117
production system changes, preventing, 1111
profile maintenance, 82
R/3, 1111
SAP*, 1126
security reports, 1154
segregation of duties, 1125
sharing of user IDs, 1044, 1127, 1234
user audit jobs, 1154
Security administration, 111. See also Security

audits, 114
data protection, 113
insider trading, 113
other requirements, 113
Server
application, 94
database, 93
Service connection, 2130

Session
delete user, 1232
terminate, 1233
Short dump. See ABAP, dump

Single points of failure, minimizing, 113, 219
SPAM. See Support Package Manager (SPAM)
Spool, 45, 414, 52, 54, 149, 1412, 1421
Starting R/3, 92
Stopping R/3, 95, 916
Super user
DDIC, 125
SAP*, 125
Supplies
checking consumable, 1642
critical, 1642
Support Package Manager (SPAM)

after download, 2031
download, 2027, 2030
notes, 2028
updating, 2025
Support Packages
adding to patch queue, 2332
applying, 2331, 2334
applying, high-level process of, 2312
determining which applied, 2313
downloading
SAPNet R/3 Frontend, from, 2324
information, getting from SAPNet R/3 Frontend, 23
15
notes
view all, 2317
view specific, 2321
I8
object conflicts, 2337

patch
application verification, 2337
confirmation, 2336
log, 2335
queue, 2333
regression testing, 2339
SAPNet R/3 Frontend (OSS), 2322
strategy, 2312
updating SPAM, 2329
uploading
CD, from, 2326
in general, 2325
web, from, 2326
Swaps, 199
System. See also R/3 System
audits, 1139
backup. See Backup
confirmation information, 1015
logs
in general, 413, 1038, 153
NT, 46, 155, 1515, 1516
R/3, 44, 48, 415, 92, 1515
messages
creating, 96, 1052
defining, 96
editing, 1054
in general, 1051
monitor, 1515
monitoring tools, 102
multi-instance, 1045, 1236
preventing changes, 84
profile parameters, 232. See Profile parameters,
system
R/3 definition, 114
single-instance, 1235
System administration. See also User administration

DDIC, 125
in general, 101
passwords, 125
SAP*, 125
System administration assistant (SAA), 1028

System Administration Assistant (SAA), 102
System administrator. See Administrator
System guidelines
changes, making, 110, 111
checklists, 18
database access, 112
help, 15
in general, 14, 113
networking, 16
non-SAP activity, 112
preventive maintenance, 19
protecting the system, 15
Release 4.6A/B
Index
recordation, 17
single points of failure, 113
System performance. See Performance
T
Table maintenance
deleting entry, 176
in general, 172
review, 72
table entry, create, 172
Tape drive, cleaning, 1512

Tasks
annual, 81
monthly, 61
multi-role, 91
operating system (OS), 152
other, 1512
post-client copy, 2352
quarterly, 71
scheduling database, 139
weekly, 51
Temporary Sequential (TemSe), consistency check,

52, 55, 1423
TemSe. See Temporary Sequential (TemSe)
Time
daylight savings, end, 168
daylight savings, start, 167
master clock, 166
zone conversion table, 166
TMS
documentation, 1716
import
all requests, 1730
selected requests, 1728
transport request, 1727
main screen, 1724
method, 1716, 1724
system, 55
tp, 1717
Training classes, B4
Transaction
AL02, 46
AL08, 45, 48, 410, 95, 99, 910, 1043, 1045, 12
34, 1236
AL16, 46, 152
DB02, 52, 54, 62, 65, 137
DB12, 39, 43, 139, 1315, 1316, 1638
DB13, 39, 312, 139, 1310, 1318, 1329, 1638, 1639
OS06, 46, 411, 153
OS07, 1911, 1912
OSS1, 213
PA30, 198
RZ01, 48, 411, 1619

RZ04, 1622, 1623, 1625, 1626, 1629
RZ10, 72, 74, 1129, 232, 233
RZ11, 2310
RZ20, 44, 411, 53, 54, 102, 103, 104, 1015, 10
17, 1039, 156, 157, 159
RZ21, 1010
SA38, 82, 84, 1155, 1156
SCC4, 82, 84, 1113, 1115, 2344
SCC5, 2352
SCC9, 2350
SCCL, 2347
SE03, 82, 84, 1113, 1114
SE09, 1736
SE10, 1719, 1735, 1736
SE38, 82, 84, 1055, 1156
SECR, 1124, 1137, 1138
SM01, 83, 85, 1122
SM02, 48, 95, 96, 97, 1051, 1052, 1054
SM04, 45, 411, 95, 99, 1043, 1044, 1232, 1233,
1234, 1235
SM12, 44, 412, 1041, 1042
SM13, 44, 48, 412, 1032, 1034, 1043
SM19, 1147, 1148
SM20, 52, 1144, 1146
SM21, 44, 48, 413, 415, 92, 1038, 1048
SM30, 172, 176
SM31, 72, 172, 176
SM35, 45, 413, 1620
SM36, 168, 169
SM37, 44, 48, 411, 72, 75, 95, 911, 1043, 124,
1615, 1616, 2354
SM50, 44, 45, 414, 95, 1043, 1046, 1047
SM51, 44, 45, 414, 95, 915, 1043, 1046, 162, 16
3, 185
SM63, 1622, 1632
SP01, 45, 414, 52, 54, 149, 1412, 1415
SP12, 52, 55, 1423, 1424
SPAD, 142, 1421, 1422
SPAM, 2314, 2322, 2324, 2327, 2329, 2332
SSAA, 1028
ST02, 45, 414, 198, 199, 1910
ST03, 45, 414, 194, 197
ST04, 46, 415, 134, 135, 1328
ST22, 45, 415, 1040, 1048, 1049
STMS, 52, 55, 1724
SU01, 72, 75, 1157, 124, 1216, 1217, 1221, 1224,
1225, 1226, 1227, 1228, 1230
SU02, 82, 1159
SU03, 82, 1159
TP, 52
useful, A2
VA01, 198
VA02, 198
I9
Index
VA03, 198
VF01, 198
VL01, 198
Transaction logs, backup, 35, 312

Transactions
dangerous
recommended lock table, 1118
restricted access table, 1121
locked, listing, 1124
Transport files
Transporting objects
importing
all requests, 1730
buffer, 1718
in general, 1734
selected requests, 1728
transport request using TMS, 1727
in general, 1715
log, 1732, 1735, 1736
managing transports, 1712
operating system (OS) method, 1716, 1734
problem, if occurs, 1723
production system, 1715
releasing requests, 1719, 1721
special transports, 1718, , 1734
standard process, 1717
TMS
documentation, 1716
main screen, 1724
method, 1716, 1724
1725
Troubleshooting
basic techniques
document changes, 183
error messages, 184
evaluate alternatives, 183
gather data, 182
in general, 182
making changes, 183
problem, analyze, 183
SAP patch level, 185
Support Packages, 186
in general, 181
Tune summary. See Buffers, tune summary
U
Uninterruptible power supply (UPS)
Unlocking
10
I10
Update terminates
looking for, 44, 48
managing, 1035
problems with short dumps, 1037
user training, 1037
Uploading Support Packages
cleaning out old, 1511

directory check, 1511
check, 1513
program log, 47
shutdown process, 1513
logon, 1227
password resetting, 1226
transaction codes, 83
users, 75
CD, from, 2326

in general, 2325
web, from, 2326
UPS. See Uninterruptible power supply (UPS)

Upstream applications, 217
User administration. See also System administration
active users, 1234
adding users, 123
change request form, 126
changing jobs, users, 123
changing users, 123
deleting user session, 1232
ID naming, 123
in general, 121
leaving, users, 123
maintaining user, 72, 75, 1224
new user setup. See Users, new user setup
policies and procedures, 123
terminated employees, 124
terminating session, 1233
user groups. See User groups
Users. See also User administration

active, 1043
AL08, 45, 48, 410
groups, 122, 1229, 1230
IDs, 1043, 1127
locking, 75, 84, 1227
maintenance, 72, 75, 1224
new user setup
copying an existing user, 1216
creating new user, 1221
installing SAP GUI. See SAP GUI, installing
prerequisites, 127
SM04, 45, 48, 411
unlocking, 75, 1227
W
Web sites, B11
Weekly tasks checklists
database, 53
Release 4.6A/B
Index
notes, 54
other, 53
Work processes
checking, 44, 45
defining distribution, 1629

with application servers, 1046
without application servers, 1047
Workbench organizer tools, 82

Workload analysis, 45, 414, 194
I11
11
Index
12
I12
Release 4.6A/B

SAP System Administration Made Easy

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SAP System Administration Made Easy

Uploaded by

Copyright:

Available Formats

6\VWHP$GPLQLVWUDWLRQ0DGH(DV\

R/3 System Release 4.6A/B

SAP Labs, Inc.

Printed in the United States of America.

&KDSWHU 56\VWHP$GPLQLVWUDWLRQ 

System Administration Made Easy

What Is This Guidebook About?........................................................................ xxii

How to Use This Guidebook .............................................................................. xxv

Whats New .......................................................................................................... xxv

System Administration Made Easy

Detailed Table of Contents

When Should a Disaster Recovery Procedure Begin? ......................................... 25

Recovery Group and Staffing Roles ..................................................................... 26

Disaster Scenarios ................................................................................................ 28

Recovery Script ................................................................................................... 210

Crash Kit.............................................................................................................. 211

Detailed Table of Contents

When the Backup Is Made ..................................................................................... 39

Backup Strategy Design........................................................................................ 39

General Procedures ............................................................................................ 310

Design Recommendations .................................................................................. 312

Tape Management ............................................................................................. 313

Retention Requirements...................................................................................... 317

Storage ................................................................................................................ 318

Recovery ............................................................................................................. 323

System Administration Made Easy

Detailed Table of Contents

Update Records (Transaction SM13) ................................................................. 412

Detailed Table of Contents

Stopping R/3........................................................................................................ 916

&KDSWHU 56\VWHP$GPLQLVWUDWLRQ 

System Administration Assistant (Transaction SSAA)...................................... 1028

System Log (Transaction SM21)....................................................................... 1038

Work Processes (Transactions SM50 and SM51)............................................ 1046

ABAP Dump Analysis (Transaction ST22)........................................................ 1048

System Message (SM02)................................................................................. 1051

System Administration Made Easy

Detailed Table of Contents

&KDSWHU 6HFXULW\$GPLQLVWUDWLRQ 

Operational Security............................................................................................ 119

Preventing Changes in the Production System ................................................ 1111

Verifying that Dangerous Transactions Are Locked ......................................... 1117

Operational Security ....................................................................................... 1125

Password Issues and Tasks ............................................................................. 1128

Audit Tools....................................................................................................... 1137

Security Audit Log (SM20) ................................................................................ 1144

Setting Security Audit Log Parameters (SM19) ................................................ 1147

Detailed Table of Contents

Define Filter Group 1 .......................................................................................... 1149

User Security Audit Jobs ................................................................................... 1154

Installing the Frontend SoftwareSAP GUI......................................................... 128

Adding Additional Systems ............................................................................... 1215

Setting Up a New User (SU01) ......................................................................... 1216

Maintaining a User (SU01).............................................................................. 1224

System Administration Made Easy

Detailed Table of Contents

Determining the Tape (Label) Necessary for a Backup.................................... 1313

Check the Spool for Printing Problems (Transaction SP01)........................ 149

Checking File System Space Usage (RZ20) ...................................................... 156

Check Maintenance Contracts .......................................................................... 1514

Detailed Table of Contents

Housekeeping Jobs .............................................................................................. 164

Performance Factors for Background Jobs ........................................................ 165

Graphical Job Monitor (Transaction RZ01)....................................................... 1619

&KDSWHU 56\VWHP$GPLQLVWUDWLRQ

&KDSWHU 56\VWHP$GPLQLVWUDWLRQ

&KDSWHU 6HFXULW\$GPLQLVWUDWLRQ

&KDSWHU 7URXEOHVKRRWLQJ

&KDSWHU 6$31HW5)URQWHQG

&KDSWHU 5HPRWH6HUYLFHV

$SSHQGL[$ 8VHIXO7UDQVDFWLRQV $

$SSHQGL[' 8SJUDGH'LVFXVVLRQ '