Show TOC

Configuration ParametersLocate this document in the navigation structure

Use

The parameters described here specify the basic settings of the SAP Gateway - startup, execution of remote programs, tracing, etc.

Features

gw/startup

File containing statements to start programs when the gateway starts. This is useful if CPIC/RFC server programs are always to run. When the gateway is restarted, these programs are started as well.

To start the gateway on another host you can use a remote shell or a secure shell.

Default Setting

-

Unit

File Name

Dynamic

No

File syntax:

  • Start program locally local program [parameter ...]

  • Starting a program on another computer (using remote shell, or the value of the gw/remsh parameter, or using secure shell or the value of gw/ssh):

    [REMSH|SSH] host name program [parameter ...]

  • ;*! can be used as comment characters. The individual parameters in the file must be separated by tabs.

  • For parameters gwhost and gwserv, macros $(GWHOST) and $(GWSERV) can be used. They are replaced by the current host name and gateway service (sapgw <xx> ).

  • With the GWCHECK option you can activate monitoring of the program started by the gateway. If the program terminates, it is automatically restarted by the gateway.

Example

In Windows options (starting with '-' ) or strings containing a '/' have to be placed within quotation marks, for example:

hw1439 "/priv/cpict2" "-tp" cpict2 "-gwhost" p29290 "-gwserv" sapgw53

Example of a file

; start local program ( registers using ID on gateway

; cpicsrc on gateway running locally and responding to service

; sapgw53)

local /usr/sap/BIN/SYS/exe/run/cpicserver -tp cpicsrv -gwhost uw1033 -gwserv sapgw53

; start program remotely

hw1439 /usr/sap/BIN/SYS/exe/run/rfcserver -tp rfcsrv -gwhost uw1033 -gwserv sapgw53

; start remote program with remote shell

[REMSH] hw1439 /usr/sap/BIN/SYS/exe/run/rfcserver -tp rfcsrv -gwhost uw1033 -gwserv sapgw53

; start remote program with secure shell

SSH hw1439 /usr/sap/BIN/SYS/exe/run/rfcserver -tp rfcsrv -gwhost uw1033 -gwserv sapgw53

; start local program and activate gateway

; switch on. This monitoring is activated with

; keyword GWCHECK. If the

; program terminates, it is automatically restarted by the gateway.

local GWCHECK /usr/sap/BIN/SYS/exe/run/rfcserver -tp rfcsrv -gwhost uw1033 -gwserv sapgw53

gw/start_in_homedir

Determines the directory in which the gateway starts programs:

  • 0: Start in work directory (work)

  • 1: Start in home directory

Caution

This parameter is not valid for Microsoft Windows. Here, programs are always started in the work directory.

Default Setting

1

Unit

Truth value

Dynamic

Yes

gw/accept_remote_trace_level

Specifies whether the trace level of a CPIC or RFC connection should be transferred. In order to prevent misuse, you can use this parameter to prevent the trace level from being transferred within the gateway.

0: Trace level is not allowed to be accepted

1: Transfer trace level allowed

Default Setting

1

Unit

Truth value

Dynamic

Yes

gw/rem_start

Determines how remote CPIC programs are to be started:

  • REMOTE_SHELL : Start via remote shell

  • SSH_SHELL: Start via secure shell

  • REXEC: Start via rexec (UNIX only!)

  • DISABLED: Deactivate remote activation of programs

Remote programs to be started via remote shell always run under the gateway identification. If remote programs are started using rexec, they run under the identification defined by the parameters SAPUSERNAME and SAPPASSWORD.

Default Setting

REMOTE_SHELL

Unit

Special string

Dynamic

Yes(*)

(*) but only if changing the parameter affords increased security, thus REMOTE_SHELL -> DISABLED or REXEC -> DISABLED is allowed, whereas DISABLED -> REMOTE_SHELL or DIABLED -> REXEC is not.

gw/start_threshold

If programs are started using rexec, blockages may occur in the gateway. To make it easier to analyze any blockages, a warning is written to the trace file once the time has exceeded by five seconds. This check is also made for remote shell calls.

The value 0 deactivates this check.

Default Setting

5 (seconds)

Unit

Seconds

Dynamic

Yes

SAPUSERNAME

Identification for starting remote CPIC programs using rexec.

Default Setting

-

Unit

Character string

Dynamic

No

SAPPASSWORD

Identification for starting remote CPIC programs using rexec.

Default Setting

-

Unit

Character string

Dynamic

No

gw/remsh

Specifies the call path of the remote shell to start programs on other hosts. If the variable USER is defined in the environment, then the value with der Wert mit -l <value> is transferred to the remote shell.

Default Setting

HP

/usr/bin/remsh

Linux

/usr/bin/remsh

SNI

/usr/bin/remsh

AIX

/usr/ucb/remsh

OSF1

/usr/ucb/rsh

SUN

/bin/rsh

OS/2

rsh

Windows

rsh

Otherwise

remsh

Unit

Data path

Dynamic

No

gw/ssh

Specifies the call path of the secure shell to start programs on other hosts.

Default Setting

HP

usr/bin/ssh

Linux

usr/bin/ssh

AIX

/usr/ucb/ssh

OSF1

/usr/ucb/ssh

SUN

/bin/ssh

OS/2

ssh

Windows

ssh

Otherwise

ssh

Unit

Data path

Dynamic

No

gw/stat

Determines the status of the gateway statistics after starting the gateway. The gateway statistics can be evaluated using the gateway monitor (gwmon or transaction SMGW), and can be changed dynamically.

0: Statistics deactivated

1: Statistics active

Default Setting

0

Unit

Truth value

Dynamic

Yes

gw/monitor

This parameter determines whether the gateway should communicate with the monitor locally or remotely.

  • 0 : No monitor commands allowed

  • 1: Only monitor commands from the local monitors accepted

  • 2: Commands from local and remote monitors accepted

Default Setting

1

Unit

Integer: 0,1,2

Dynamic

Yes(*)

(*) but only if changing the parameter affords increased security, thus 2 -> 1 is allowed, 1 -> 2 is not allowed.

gw/logging

With this parameter you can configure gateway logging. You can specify whether the gateway writes its actions to a log file, which types of actions are logged, and how the file is renamed. You have the options to define a maximum size for the file, and to specify whether old files are overwritten.

Recommendation

If the gateway is running in an AS ABAP instance, we recommend you make settings for gateway logging in the gateway monitor (transaction SMGW). If you want to make permanent logging settings so that it works again after the instance has been restarted, you have to set this parameter in the profile.

You must set the parameter as follows:

gw/logging = LOGFILE=<name> ACTION=[TERSMPXVCO] 
[MAXSIZEKB=n] [SWITCHTF=t] [FILEWRAP=on] 
            

The meaning of the individual elements is as follows:

  • LOGFILE: File name of the log file

  • ACTION: The character sequence (subset from TERSMPXVCO) specifies the actions to log.

  • MAXSIZEKB (optional): Maximum file size As soon as the file exceeds this size, a new file is opened, whereby the new file name can change if special characters are used. This happens unless a condition was specified for SWITCHTF that applies first.

  • SWITCHTF (optional): Opens a new file after a specific time period, unless a condition was specified for MAXSIZEKB that applies first.

    The following values can be specified:

    • year: After one year a new file is opened

    • month: After one month

    • week: After one week

    • day: After one day

    • hour: After one hour

  • FILEWRAP (optional): Reuse file This parameter can only have value ON. If this value is set, no new file is written, but the one already open is reset and rewritten to. The values for parameter LOGFILE are only used the first time the file is opened.

gw/prxy_info

Use this parameter to specify the proxy settings of the gateway.

For instance, you can specify restrictions for forwarding requests from other gateways. Requests can be forwarded to other gateways if the gateway options are defined for the RFC destination, or if load distribution is activated.

By making entries in the file you can permit or deny processing of requests from specific gateways.

Each line indicates permitted or denied connections. Each line must have the following syntax:

P D SOURCE=hosta DEST=hostb
            

The first character must be a P (permit) or a D (deny).

  • P: These entries indicate permitted connections.

  • D: These entries indicate denied connections.

For SOURCE and DEST lists of host names, IP addresses, subnetwork masks and/or domain names can be specified. These entries must be separated by a comma.

A port number can also be included. If it is, then only requests from the specified system are accepted or rejected. The port number must be the number of the gateway, for example, 3300 for the system with number 00. Wild cards are not permitted.

Example

P SOURCE=saphosta DEST=saphostb

D SOURCE=saphosta:3300 DEST=saphostb

D SOURCE=10.18.54.56 DEST=10.18.55.*

P SOURCE=*.sap.com DEST=*.sap.com

P SOURCE=*.sap.com,*sap.corp DEST=*

If a request arrives from another gateway and is to be forwarded, the file is searched sequentially and stopped at the first matching entry. In accordance with the entry, the request is forwarded or rejected.

If no matching entry is found, the request is rejected.

If the file does not exist, all requests are forwarded.

Default Setting

/usr/sap/<SID>/<instance>/data/prxyinfo

Unit

File Name

Dynamic

No