Configuration of the SAP Web Dispatcher for Back-End Systems

Step-by-step instructions on how to configure the SAP Web Dispatcher for the back-end systems using profile parameter wdisp/system_<xx>.

Context

SAP Web Dispatcher can be put in front of one or mulitple back-end systems. Only one SAP Web Dispatcher has to be configured and maintained. From the URL the SAP Web Dispatcher identifies the back-end system the request was destined for. The SAP Web Dispatcher is configured with profile parameter wdisp/system_<xx>. The profile parameter overrides the two parameters rdisp/mshost and ms/server_port, which are used to configure a single SAP system. The profile parameter has the following syntax:

wdisp/system_<xx> = SID=<sap-sid>,
{
MSHOST=<ms-host>,   
    {MSPORT=<ms-http-port>, | MSSPORT=<ms-https-port>,}   
    [NR=<scs-sys-no>,] [SCSHOST=<scs-host>,]   
    [CLIENT=<target-client>,] |
XSSRV=<hana-xs-server-list>, |   
    [PINGURL=<ping-path>,]
EXTSRV=<external-server-list>,
    [STICKY={true|false}]   
    [PROXY=<proxy-url>,] |
SILOC=file://<filename>,
}
{
SRCSRV=<source-services>, 
SRCURL=<source-urls>,
SRCVHOST=<virtual-hosts>,
}
[SSL_ENCRYPT={0|1|2},]
[CONFIG_PROTOCOL={http|https},]
[STANDARD_COOKIE_FILTER={<filter-expression>|ON|OFF},]
[SSL_CLIENT_PSE=<filename of client PSE>,]
[SSL_IGNORE_HOST_MISMATCH={true|false},]
[SSL_CERTHOST=<hostname>,]
[RUNLEVEL={ stopped|running|internal},]
[CACHE_INFO_URL=<path> [, CACHE_INFO_POLL_INTERVAL=<interval in seconds>],]

Profile parameter wdisp/system_<xx> offers you many configuration options. A combination of the following subparameters is used for the configuration: SID, MSHOST, MSPORT, MSSPORT, XSSRV, EXTSRC, SILOC, NR, SCSHOST, CLIENT, SRCSRV, SRCURL, SSL_ENCRYPT, CONFIG_PROTOCOL, STANDARD_COOKIE_FILTER, PROXY, STICKY, PINGURL, SSL_CLIENT_PSE, SSL_IGNORE_HOST_MISMATCH, SSL_CERTHOST, RUNLEVEL, CACHE_INFO_URL, and CACHE_INFO_POLL_INTERVAL.

Not all subparameters can be combined with one another. The table below contains an overview of the combination options:

Table 1: Subparameter Conditions
Place for Meta Information	Mandatory Subparameter	Optional Subparameter
MSHOST	MSPORT/MSSPORT SID And one of the following three subparameters: SRCSRV SRCURL SRCVHOST	NR SCSHOST CLIENT SSL_ENCRYPT STANDARD_COOKIE_FILTER CONFIG_PROTOCOL SSL_CLIENT_PSE SSL_IGNORE_HOST_MISMATCH SSL_CERTHOST RUNLEVEL CACHE_INFO_URL CACHE_INFO_POLL_INTERVALL
XSSRV	SID And one of the following three subparameters: SRCSRV SRCURL SRCVHOST	SSL_ENCRYPT STANDARD_COOKIE_FILTER CONFIG_PROTOCOL PINGURL SSL_CLIENT_PSE SSL_IGNORE_HOST_MISMATCH SSL_CERTHOST RUNLEVEL CACHE_INFO_URL CACHE_INFO_POLL_INTERVALL
EXTSRV	SID And one of the following three subparameters: SRCSRV SRCURL SRCVHOST	SSL_ENCRYPT STANDARD_COOKIE_FILTER STICKY PROXY SSL_CLIENT_PSE SSL_IGNORE_HOST_MISMATCH SSL_CERTHOST RUNLEVEL CACHE_INFO_URL CACHE_INFO_POLL_INTERVALL
SILOC	SID And one of the following three subparameters: SRCSRV SRCURL SRCVHOST	STANDARD_COOKIE_FILTER SSL_CLIENT_PSE SSL_IGNORE_HOST_MISMATCH SSL_CERTHOST RUNLEVEL CACHE_INFO_URL CACHE_INFO_POLL_INTERVALL

Procedure

SID: With SID you specify the SID of the connected back-end system.
The SID is the three-character SAP system ID.
Example SID = ERP,
MSPORT, XSSRV, EXTSRV, and SILOC: Specify a place where the SAP Web Dispatcher obtains the meta information about the system. Usually the data is retrieved from the message server of the connected system (MSHOST). Alternatively, you can set up a file with the information (SILOC), or configure the data to be forwarded to an external system (EXTSERV), or a server list from which the instance list is received (XSSERV).
Specify one of the following variants:
- MSHOST, MSPORT, and MSSPORT:
  Specify the host name and HTTP or HTTPS port of the SAP Message Server that provides the information about the system in question. If you want to specify the HTTPS port of the message server, you have to also set profile parameter MSSPORT=<ms-httpS-port> to HTTPS.
  
  Example
  Example 1:
  
  HTTP-Port:MSHOST=<ms-host>, MSPORT=<ms-http-port>
  
  Example 2:
  
  HTTPS Port:MSHOST=<ms-host>, MSSPORT=<ms-https-port>
- XSSRV:
  Specify the URL of the XS engine instances on which the inbound HTTP requests are to be distributed. You separate the instances of the XS engine with a semicolon.
  
  The SAP Web Dispatcher distributes inbound requests to all specified instances. In addition to the list of XS engine instances, with subparameter PINGURL you can specify a path that is used by the SAP Web Dispatcher to check the availability of the XS engine. This is useful if the "/" path, which is the default path, has been deactivated.
  
  Note You only have to specify a subset of XS engine instance, not all of them. We recommend that you specify a maximum of three instances that are also candidates for the master name server because one of these instances must always be running so that the HANA system works.
  
  Example
  wdisp/system_0 = SID=HDX, XSSRV=http://host1:8000;http://host2:8000, SRCVHOST=hana.mycompany.com
  
  For more information, see SAP Note 1855097 .
- EXTSRV:
  Enter the name of an external system. You separate the instances of a system with a semicolon. If you use EXTSRV with subparameter PROXY, load balancing is not supported. In this case, you only have to specify one server. If you have configured an external system with more than one server, you can use subparameter STICKY, to enable with load balancing that requests from a particular client are always sent to the same server.
  
  Example
  wdisp/system_2 = SID=EXT, EXTSRV=http://websrv1:8080;http://websrv2:8888, SRCSRV=*:8093
  
  All requests that arrive on port 8093 (SRCSRV = * : 8093), are sent to the two Web servers in compliance with the round robin procedure (EXTSRV=http://websrv1:8080;http://websrv2:8888).
- SILOC:
  Specify the name of the configuration file containing the metadata of the application servers of the system. The subparameter corresponds to parameter wdisp/server_info_location for systems in which information is stored in a file.
  
  Example SILOC=file://<file name>
  
  Caution We recommend that you do not use static files (SILOC).

The following steps are optional.

The following options specify which requests the SAP Web Dispatcher forwards to this system. The table above contains the combination options of the subparameters.

No.: With No. you can opt to specify the SAP system number of the message server for MSHOST. The SAP system number of the message server is required to identify the back-end system in the System Landscape Directory (SLD) if the SAP Web Dispatcher is to register with the SLD.
Note Use the No. option to specify the system number of the instance that contains the message server. This can be an SCS instance (AS Java), an ASCS instance (AS ABAP), or a classic central instance (DVEMGS).
SCSHOST: You can opt to specify the host name of the SCS instance for MSHOST with SCSHOST. The option SCSHOST specifies the host name of the SCS instance, as does option MSHOST. Option SCSHOST is then only required if the host name specified in MSHOST does not correspond to parameter SAPLOCALHOST in the SCS instance (or central instance). In this case, option SCSHOST contains the value of parameter SAPLOCALHOST in the SCS instance (or central instance). The host name of the SCS instance is required for registering the SAP Web Dispatcher in the SLD data model.
CLIENT: You can opt to specify the client header sap-client for MSHOST with CLIENT.
Users may opt not to enter any "sap-client" header in the request header or the query string. In this case the SAP Web Dispatcher must add headers to the request,.

Example wdisp/system_0 = MSHOST=mshost.sap.corp, MSPORT=8111, SID=C11, NR=11, CLIENT=200, SRCSRV=*:*, SRCURL=/sap/opu;/sap/bc;/sap/public

Note Adding the client header can make some applications unusable. (For example, if authentication is based on user name and password). Only use this option if it is necessary.
SRCSRV: With SRCSRV you can opt to specify for MSPORT, XSSRV, EXTSRV, or SILOC the possible host/port combinations in a list separated by semicolons.
For the host name and host port you can use the wild card character * to specify every possible host name and port. Each port must be configured in the SAP Web Dispatcher as an HTTP port too. See also, profile parameter icm/server_port.
Example
Example SRCSRV 1:

<source-services>= <host1>: <port1>[; <host2>: <port2>;…]

Example SRCSRV 2:

SRCSRV=*:8073

All requests arriving through port 8073 of the SAP Web Dispatcher are forwarded to this system.

Example SRCSRV 3:

SRCSRV=*:8083;*:8073

All requests arriving through ports 8073 and 8083 of the SAP Web Dispatcher are forwarded to this system.
SRCURL: With SRCURL you can opt to specify for MSPORT, XSSRV, EXTSRV, or SILOC the possible URL prefixes in a list separated by semicolons. If the incoming request contains one of the specified URL prefixes, the request is forwarded to this system.
Example
Example 1:

<source-url-prefixes>= <prefix1>[; <prefix2>;…]

Example 2:

SRCURL=/sap/;/myapp/

Requests whose URL starts with “/sap/” or “/myapp/” are forwarded to this system.

Caution

If you specified both SRCSRV and SRCURL, you must make sure that the port and the URL prefix correspond with the system selection.
If you omit SRCSRV and SRCURL, the Web Dispatcher only works if you have set rules in the action file for forwarding requests to the connected systems. If you explicitly want the ambiguity between the systems, you have to set SRCSRV=*:* or SRCURL=/, and change profile parameter (wdisp/system_conflict_resolution = 2) to: wdisp/system_conflict_resolution = 2.

SSL_ENCRYPT: With SSL_ENCRYPT you can opt to specify for MSPORT, XSSRV, EXTSRV, or SILOC the SSL setting for systems connected separately.
Note If you set the subparameter, it overwrites profile parameter wdisp/ssl_encrypt for the configured system. Profile parameter wdisp/ssl_encrypt remains valid for all systems for which you have not explicitly set subparameter SSL_ENCRYPT.
Possible values are:
- 0 = Encryption deactivated
- 1 = Dependent on protocol set by CONFIG_PROTOCOL
- 2 = Encryption activated
Example
The following example shows a configuration of the SAP Web Dispatcher with two systems:

System "ABC" is configured with HTTPS and system "DEF" with HTTP.

wdisp/ping_protocol = https

wdisp/group_info_protocol = https

wdisp/url_map_protocol = https

wdisp/ssl_encrypt = 1

wdisp/system_0 = SID=ABC, MSHOST=msgserv1, MSPORT=8000, SRCSRV=*:*, SRCURL=/prefix1

wdisp/system_1 = SID=DEF, SSL_ENCRYPT=0, CONFIG_PROTOCOL=http, MSHOST=msgserv2, MSPORT=8000, SRCSRV=*:*, SRCURL=/prefix2
CONFIG_PROTOCOL: With CONFIG_PROTOCOL you can opt to specify the protocol for MSHOST/XSSRV.
If subparameter CONFIG_PROTOCOL is set, it overwrites profile parameters wdisp/group_info_protocol, wdisp/url_map_protocol, and wdisp/ping_protocol.
Possible values are: HTTP, HTTPS
STANDARD_COOKIE_FILTER: With STANDARD_COOKIE_FILTER you can opt to specify for MSPORT/XSSRV/EXTSRV/SILOC whether cookies are to be removed from inbound requests.
Example
STANDARD_COOKIE_FILTER=*SAP*; *HANA*

Standard cookies are removed from inbound HTTP requests if one of the following conditions is met:
- STANDARD_COOKIE_FILTER = ON
- STANDARD_COOKIE_FILTER contains a list of cookie names separated with semicolons.
- Although STANDARD_COOKIE_FILTER is not explicitly set, you use a PROXY connect for EXTSRV by using subparameter PROXY.
If you specified a list of cookies to filter, these will be filtered. If you use option STANDARD_COOKIE_FILTER = ON, the following cookie list is filtered out by default: *SAP*; JSESSION*; xsSessionId

Inbound requests are not modified if one of the following conditions is met:
- STANDARD_COOKIE_FILTER = OFF
- STANDARD_COOKIE_FILTER was not set
- STANDARD_COOKIE_FILTER and PROXY were not set
Caution STANDARD_COOKIE_FILTER cannot be used together with STICKY.
STICKY: For EXTSRV as an option you can specify with STICKY that for load balancing requests are always forwarded to the same application server. If you deactivated STICKY, load balancing sticky is performed and the following cookie is used for it: sapextlb_<SID>. If an application server fails during the operation, all the requests intended for this application server are redistributed.
Caution STICKY cannot be used together with STANDARD_COOKIE_FILTER. .
PROXY: With PROXY you can opt to specify for EXTSRV a system that can only be reached through a proxy server. With PROXY you can specify the host name and port of the proxy server.
Note If you have set subparameter PROXY, and subparameter STANDARD_COOKIE_FILTER is not explicitly set, the system sets it automatically to STANDARD_COOKIE_FILTER = ON. In this way SAP-specific cookies are filtered out for security purposes.

Example
wdisp/system_1 = SID=SA1, EXTSRV=http://external.server.com:80, SRCURL=/external_path, SRCSRV=*:*, PROXY=myproxy.com:8080
PINGURL: For XSSRV as an option you can specify with PINGURL the URL that you want to use for pings instead of the standard URL or the URL specified in wdisp/abap_ping_url.
SSL_CLIENT_PSE: As an option you can specify for MSPORT, XSSRV, EXTSRV, or SILOC with SSL_CLIENT_PSE the name and path of the client certificate that has to be used for SSL connections to servers of this back-end system.
If this subparameter is not set, the name of the PSE file is taken from the globally valid profile parameter wdisp/ssl_cred if this is set to wsidp/ssl_auth = 2. If you use this subparameter, you do not need to set the value of wdisp/ssl_auth to 2.

(For more information, see: 2066738
SSL_IGNORE_HOST_MISMATCH: As an option you can specify for MSPORT, XSSRV, EXTSRV, or SILOC with SL_IGNORE_HOST_MISMATCH=TRUE if SAP Web Dispatcher is to ignore the inconsistencies between the actual server host name and the the host name in the server certificate for this back-end system.
If this subparameter is not set, the value is taken from the globally valid profile parameter wdisp/ssl_ignore_host_mismatch.

(For more information, see: 2066738
SSL_CERTHOST: You can opt to specify for MSPORT, XSSRV, EXTSRV, or SILOC with SSL_CERTHOST to specify the server host name for SSL connections for each back-end system.
The subparameter overwrites the actual host name of the server for this back-end system. Use this subparameter only if the server certificate is issued to a host name that is not the actual host name of the server.

If this subparameter is not set, the value is taken from the globally valid profile parameter wdisp/ssl_certhost.

(For more information, see: 2066738
RUNLEVEL: You can opt to restrict for MSPORT, XSSRV, EXTSRV, or SILOC with RUNLEVEL access to the back-end system.
This subparameter cannot be dynamically changed.

Possible values are:

Running: No access restriction.

Internal: Access for end users is denied and HTTP status code 503 "Service unavailable" is returned. Internal users, such as system administrators can continue to access the back-end system. Internal users are specified with profile parameter icm/internal_request_criteria.

Stopped: No access. HTTP status code 503 "Service Unavailable" is returned to all requests.
CACHE_INFO_URL: With SRCSRV you can opt to specify for MSPORT, XSSRV, EXTSRV, or SILOC a path to the HTTP application that decides if the cache is to be invalidated.
Periodic invalidation takes place only if this subparameter is set.

Every CACHE_INFO_POLL_INTERVAL seconds a request is sent to CACHE_INFO_URL. This request must be responded to with a value (maximum 256 bytes). Each time this value changes, the cache for the respective back-end system is invalidated.
CACHE_INFO_POLL_INTERVAL: With SSL_ENCRYPT you can opt to specify for MSPORT, XSSRV, EXTSRV, or SILOC the interval for periodic invalidation in seconds. The default value is 60 seconds.
Every CACHE_INFO_POLL_INTERVAL seconds a request is sent to CACHE_INFO_URL. This request must be responded to with a value (maximum 256 bytes). Each time this value changes, the cache for the respective back-end system is invalidated.