Administrator

Configuring Outbound Enablers to Work with SAP Mobile Platform Servers

Set up a Relay Server outbound enabler on each SAP Mobile Platform Server in the cluster.

Context

The outbound enabler connects an SAP Mobile Platform Server that is running in the corporate LAN to the Relay Server farm that is running in the DMZ.

Procedure

  1. In the SAP Mobile Platform Server installation tree, locate the dbsvc utility executable (dbsvc.exe on Windows, dbsvc on Linux).
    • Windows – <SMP_HOME>\Server\db\sa\smp3\win32\Bin64\dbsvc.exe.
    • Linux – <SMP_HOME>/Server/extras/rsoe/linux/RSOE2-Linux-16.5.3.1685m.gz; dbsvc is in the /bin64 folder in the .tar file within the .gz file.
  2. Set a temporary environment variable SQLANY16 to the rsoe location.
  3. Run the Relay Server's Service utility to set up each outbound enabler to start automatically as a service.
    To set up an auto-started outbound enabler service named oes on IIS host on Windows using the command line, enter:
    dbsvc -as -s auto -w oes "%SQLANY16%\rsoe2.exe" -t rsoe2 
    -cr "host=<host_name_or_IPaddress>; port=<host_port>; 
    url_suffix=/rs16.5/server/rs.dll" 
    -cs "host=localhost;port=80" 
    -f <farm_name> -id <server_name>
    To set up an auto-started outbound enabler service named oes on IIS host on Windows specifying the outbound enabler parameters in a command file, enter:
    dbsvc -as -s auto -w oes "%SQLANY16%\rsoe2.exe" @%SQLANY16%\oe.config
    //Sample oe.config file
    -v <verbosity>
    -t rsoe2 
    -cr "host=<host_name_or_IPaddress>; port=<host_port>; url_suffix=/rs16.5/server/rs.dll" 
    -cs "host=localhost;port=80" 
    -f <farm_name> 
    -id <server_name>
    -o <your path>\rsoe2.log
    -os 10MB
    
    To set up an auto-started outbound enabler service named oes on an Apache host on Linux, enter:
    dbsvc -y -a <Apache-user-account> -t rsoe2 -w oes @/<full-dir-path>/oe.config
  4. On either Windows or Linux, you can enter parameters into an outbound enabler configuration file, using the same syntax as at the command prompt.
    Table 1: Parameters for Configuration File
    rsoe2 Option Description
    -cr "<connection-string>" Specifies the Relay Server connection string. The format of the Relay Server connection string is a list of name-value pairs, separated by semicolons. The name-value pairs consist of the following:
    • host – IP address or host name of the Relay Server.
    • port – port on which the Relay Server is listening.
    • url_suffix – (required) URL path to the server extension of the Relay Server. By default, you must specify the url_suffix.
    • http_userid – (optional) user ID for authentication. Consult your Web server (or proxy) documentation to determine how to set up HTTP authentication.
    • http_password – (optional) password for authentication. Consult your Web server (or proxy) documentation to determine how to set up HTTP authentication.
    • http_proxy_userid – (optional) user ID for proxy authentication. Consult your Web server (or proxy) documentation to determine how to set up HTTP authentication.
    • http_proxy_password – (optional) password for proxy authentication. Consult your Web server (or proxy) documentation to determine how to set up HTTP authentication.
    • proxy_host – (optional) host name or IP address of the proxy server.
    • proxy_port – (optional) port number of the proxy server.
    • https – 0 - HTTP (default), 1 - HTTPS.

      By default, MobiLink starts the TCPIP communication protocol. When starting MobiLink for use with the Relay Server outbound enabler, start the communication protocol that is required by your outbound enabler configuration. For example, if you specify HTTPS as the back-end security, you must start MobiLink with HTTPS.

      When the https=1 parameter is included in the -cs option, the default port changes to 443.

      For https=1, you can also specify the following options:
      • tls_type – (optional, Relay Server 12 only) RSA or ECC. Relay Server 16 uses RSA only.
      • certificate_name – (optional) common name field of the certificate.
      • certificate_company – (optional) organization name field of the certificate.
      • certificate_unit – (optional) organization unit field of the certificate.
      • identity – (optional) provides the credentials to establish mutually authenticated TLS between the outbound enabler and the back-end server. Mutual authentication is required for the back-end server.
      • identity_password – (optional) provides the credentials to establish mutually authenticated TLS between the outbound enabler and the back-end server. Mutual authentication is required for the back-end server.
      • fips – (optional) yes or no.
      • trusted_certificates – (optional) a file containing a list of trusted root certificates. To verify the back-end server, and only the back-end server, set this property to <backend_server_public_cert_filename>.
        trusted_certificates=<backend_server_public_cert_filename>

        For Windows, if trusted_certificate is not set, the operating system certificate store is used.

    -cs "<connection-string>" The SAP Mobile Platform Server (back-end server) connection string. Sets the host and port that is used to connect to the back-end server. The default is "host=localhost;port=80;https=0". To enable periodic back-end server status requests, add the status_url parameter to -cs. The status_url parameter is specified in the format status_url=/<your-status-url>. The following example shows how to specify status_url with -cs.
    -cs "host=localhost;port=80;status_url=/getstatus/"
    Use the -d option to specify the frequency of the back-end server status requests.
    • host – (optional) IP address or hostname of the SAP Mobile Platform Server (back-end server). Default is localhost.
    • port – (required) port number on which the back-end server is listening. Default is 0.
    • https – (optional) 0 = HTTP (default); 1 = HTTPS.

      By default, MobiLink starts the TCPIP communication protocol. When starting MobiLink for use with the outbound enabler, start the communication protocol that is required by your outbound enabler configuration. For example, if you specify HTTPS as the back-end security, you must start MobiLink with HTTPS.

      When the https=1 parameter is included in the -cs option, the default port changes to 443.

      For https=1, you can also specify the following options:
      • identity – (optional) path and file name of the identity file that is to be used for server authentication. Provides the credentials to establish mutually authenticated TLS between the outbound enabler and the back-end server. Mutual authentication is required for the back-end server.
      • identity_password – (optional) password for the identity file. When this option is specified, the identity option must also be specified. Provides the credentials to establish mutually authenticated TLS between the outbound enabler and the back-end server. Mutual authentication is required for the back-end server.
      • trusted_certificates – (optional) a file containing a list of trusted root certificates. To verify the back-end server, and only the back-end server, set this property to the name of the back-end server public certificate file:
        trusted_certificates=<backend_server_public_cert_filename>
        On Windows, if trusted_certificates is not set, the operating system certificate store is used.
    • status_url – (optional) enables back-end status requests. Use the -d option to specify how often to ping the back-end server to verify that it is accessible. You can set this option in the outbound enabler configuration file, for example:
      -cs "host=localhost;port=80;status_url=/getstatus/
      If status_url is specified, the outbound enabler sends a simple HTTP GET request as follows:
      GET /<your-status-url> HTTP/1.1\r\n Host: localhost:80\r\n User-Agent: IAS_OE_BE_Status\r\n Connection: close\r\n \r\n
      The outbound enabler parses the back-end server's HTTP response and looks for AVAILABLE =<accept-value> in the BODY of the HTTP response, where <accept-value> is one of: TRUE, FALSE, T, F, YES, NO, Y, N, ON, OFF, 1, or 0. If the outbound enabler receives AVAILABLE=FALSE|F|NO|N|OFF|0, it assumes that the back-end server cannot accept more client requests, and terminates its channels to the Relay Server. If the outbound enabler receives AVAILABLE=TRUE|T|YES|Y|ON|1, it reestablishes its channels with the Relay Server and resumes sending client requests to the back-end server.
    -d <seconds> (Optional) Frequency of the back-end server aliveness ping and back-end server status request. The default is 5 seconds.
    -dl (Optional) Displays log messages in the Relay Server Outbound Enabler console. By default, log messages do not appear for verbosity levels 1 and 2.
    -f <farm> Name of the farm to which the back-end server belongs.
    -id <id> Name assigned to the back-end server.
    -o <file> (Optional) The file in which to log output messages.
    -oq (Optional) Prevents the appearance of the error window when a start-up error occurs.
    -os (Optional) Sets the maximum size of the message log files. The minimum size limit is 10 KB.
    -ot (Optional) Truncates the log file and logs messages to it.
    -q (Optional) Run with a minimized window on start-up.
    -qc (Optional) Shuts down the window on completion.
    -s (Optional) Stops the outbound enabler.
    -t <token> (Optional) Sets the security token to be passed to the Relay Server.
    -uc (Optional) Starts the rsoe2 in shell mode. This is the default. Applies to Linux and Mac OS X. Specify only one of -uc, -ui, -um, or -ux. When you specify -uc, this starts the rsoe2 in the same manner as in earlier releases.
    -ud (Optional) Runs the rsoe2 as a daemon. Applies to Linux platforms only.
    -ui (Optional) Starts the rsoe2 in shell mode if a usable display is not available. This option is for Linux with X window server support.

    When -ui is specified, the server attempts to find a usable display. If it cannot find one, for example because the X window server is not running, the rsoe2 starts in shell mode.

    -ux

    (Optional) For Linux, opens the rsoe2 messages window.

    When -ux is specified, the rsoe2 must be able to find a usable display. If it cannot find one, for example because the DISPLAY environment variable is not set or because the X window server is not running, the rsoe2 fails to start.

    To run the rsoe2 messages window in quiet mode, use -q.

    On Windows, the rsoe2 messages window appears automatically.

    -v <level>
    (Optional) Set the verbosity level for logging. The level can be 0, 1, 2, or higher (higher levels are used primarily for technical support):
    • 0 – error logging. Use this logging level for deployment.
    • 1 – session level logging. This is a higher level view of a synchronization session.
    • 2 – request level logging. Provides a more detailed view of HTTP requests.
    • 3 or higher – detailed logging. Used primarily for technical support.
    Levels 1 and 2 are only written to the log file. To display all log messages, use the -dl switch.