Parameterization of the SAP Gateway
The gateway is installed within an instance as service "G", and reads its parameters, as all servers do, from the profile file located in the profile directory in the SAP directory tree.
The following documentation describes parameters that could require modification in the event of gateway problems.
"Dynamic" means that the parameter can be changed while the system is running.
gw/alternative_hostnames
List of alternative host names for local host. The gateway determines the IP addresses of the LAN adapter at start-up to ensure it knows which IP addresses are "local" addresses.
Problems can arise when a client connects via a firewall, and this firewall converts the IP addresses. The gateway cannot then tell that the connection request should be sent to the local system, and attempts to set up a connection to another system. In such cases, you have to maintain this parameter, and enter the IP address that the client sends as your own address.
This parameter can also be used when the algorithm that checks the output from the command
|
Syntax |
host1,host2,host3 |
|
Default value |
No alternative host names |
|
Dynamic |
No |
gw/max_sys
Specifies the maximum number of clients connected at a time. Note that the gateway regards an R/3 server as one single client.
|
Default value |
300 |
|
Dynamic |
No |
gw/max_conn
Specifies the maximum number of connections that can be active at a time. This includes connections via LU6.2 to a HOST (R/2) and connections via TCP/IP.
|
Default value |
500 |
|
Dynamic |
No |
gw/max_wp
Specifies the maximum number of gateway work processes that can be started.
This parameter only affects SNA connections.
|
Default value |
0 |
|
Dynamic |
No |
gw/max_overflow_usage
Specifies the usage of the overflow area in % as of which the gateway slows down its clients, i.e. sends SYNC requests.
|
Default value |
10 |
|
Dynamic |
Yes |
gw/rem_start
Determines how to start remote CPIC programs:
Remote programs to be started via remote shell always run under the "gateway" identification. If remote programs are started using rexec, they run under the identification defined by the parameters SAPUSERNAME and SAPPASSWORD.
|
Default value |
REMOTE_SHELL |
|
Dynamic |
Yes(*) |
(*) but only if changing the parameter affords increased security, thus REMOTE_SHELL -> DISABLED or REXEC -> DISABLED is allowed, whereas DISABLED -> REMOTE_SHELL or DIABLED -> REXEC is not.
SAPUSERNAME
Identification for starting remote CPIC programs via rexec.
|
Default value |
- |
|
Dynamic |
No |
SAPPASSWORD
Identification for starting remote CPIC programs via rexec.
|
Default value |
- |
|
Dynamic |
No |
gw/startup
File containing statements to start programs when the gateway starts. This is useful if CPIC/RFC server programs are always to run. When the gateway is restarted, these programs are thus started as well.
|
Default value |
- |
|
Dynamic |
No |
File syntax:
Local start of a program
Remote start of a program (using Remote Shell, or value of parameter gw/remsh)
";*!"
can be used as comment characters. The individual parameters in the file must be separated by tabs.
Example of a file
; Syntax : local program [parameter...] or
; hostname program [parameter ...]
;
; Under NT the options ( starting with '-' )
; or strings containing a '/' must be placed in
; in quotation marks, for example
;
; hw1439 "/priv/cpict2" "-tp" cpict2 "-gwhost" p29290 "-gwserv" sapgw53
;
; start program locally ( registers using ID cpicsrc on gateway
; running locally and responds to service sapgw53 )
local /usr/sap/BIN/SYS/exe/run/cpicserver -tp cpicsrv -gwhost uw1033 -gwserv sapgw53
; start program remotely
hw1439 /usr/sap/BIN/SYS/exe/run/rfcserver -tp rfcsrv -gwhost uw1033 -gwserv sapgw53
gw/timeout
Specifies the timeout value for
NiConnect calls in milliseconds. If a connection to the other gateway is not made within this time interval, an error is reported to the calling program.|
Default value |
10000 |
|
Dynamic |
Yes |
gw/internal_timeout
Specifies the timeout values for
NiRead and NiWrite calls in milliseconds. If not all data has been sent or received within this time interval, the action concerned is interrupted and continued later. Thus slow connections cannot block the gateway.|
Default value |
0 |
|
Dynamic |
Yes |
gw/accept_remote_trace_level
Specifies whether the trace level of a CPIC or RFC connection should be transferred. In order to prevent misuse, you can use this parameter to prevent the trace level from being transferred within the gateway.
0 : Transfer trace level allowed
1 : Transfer trace level not allowed
|
Default value |
1 |
|
Dynamic |
Yes |
gw/close_routes
Specifies the period (in seconds) after which a route to a remote gateway through which a CPIC connection is open is closed.
|
Default value |
120 |
|
Dynamic |
Yes |
gw/netstat
Command to determine your own host addresses. This parameter is without effect for NT, since under NT your own IP addresses are determined with
gethostbyaddr().|
Default value |
HP |
/usr/bin/netstat -in |
|
SNI |
/bin/netstat -in |
|
|
AIX |
/bin/netstat -in |
|
|
OSF1 |
/usr/sbin/netstat -in |
|
|
SUN |
/usr/bin/netstat -in |
|
|
OS/2 |
netstat -a |
|
|
VMS |
ucx show interfaces |
|
|
other |
empty string |
|
|
Dynamic |
No |
|
gw/netstat_once
There are high availability solutions in which the IP addresses can move from one host to another. This means that the entries read when the gateway was started up may no longer be valid. In such cases, the current configuration must always be read using the "netstat" command when making the test for a "local" IP address. To activate this mechanism, set the profile parameter to 0.
|
Default value |
1 |
|
Dynamic |
No |
gw/remsh
Specifies the call path of the remote shell to start programs on other hosts. If the variable USER is defined in the environment, the value of this variable is transferred to the remote shell with the option -l <value>.
|
Default value |
HP |
/usr/bin/remsh |
|
SNI |
/usr/bin/remsh |
|
|
AIX |
/usr/ucb/remsh |
|
|
OSF1 |
/usr/ucb/rsh |
|
|
SUN |
/bin/rsh |
|
|
OS/2 |
rsh |
|
|
VMS |
rsh |
|
|
NT |
rsh |
|
|
other |
remsh |
|
|
Dynamic |
No |
|
gw/auto_disconnect
Specifies the maximum number of seconds for which an active connection cannot be used. If this time interval is exceeded, the connection is closed automatically. Only R/2 connections are checked.
If you set this parameter to 0, the connection is not closed automatically.
This parameter only affects SNA connections.
|
Default value |
0 |
|
Dynamic |
Yes |
gw/conn_disconnect
Specifies the maximum number of seconds for which an active connection can remain in the status DISCONNECT or DISCONNECTED. If this time interval is exceeded, the connection is closed by the gateway.
If you set this parameter to 0, such connections are not closed.
|
Default value |
300 |
|
Dynamic |
Yes |
gw/gw_disconnect
Specifies the maximum number of seconds for which a GW-GW connection can remain inactive. If this time interval is exceeded, the connection to the other gateway is closed. This is only the case if there is no active CPIC/RFC connection to this gateway.
If you set this parameter to 0, such connections are not closed.
|
Default value |
1800 |
|
Dynamic |
Yes |
gw/max_sleep
Specifies the maximum time in seconds for which the gateway read process sleeps on the select.
|
Default value |
20 |
|
Dynamic |
Yes |
gw/keepalive
Specifies the maximum time period (in seconds) before the system checks, using a ping, whether the partner is still alive when there is no data transfer across a CPIC connection.
|
Default value |
300 |
|
Dynamic |
Yes |
gw/side_info
Specifies the complete path of the side-info file. This parameter is passed on to the CPIC interface via putenv and defines the shell variable SIDE-INFO. The side-info file should be created in the Data Directory of the gateway instance, i.e. in /usr/sap/<instance name>/data.
|
Default value |
<Data Directory>sideinfo |
|
Dynamic |
No |
gw/cpic_timeout
Specifies the maximum wait time during connection setup. The wait time must not exceed the interval defined by the parameter (in seconds). Otherwise the connection setup is terminated with a timeout. This parameter is passed on to the CPIC interface via putenv and defines the shell variable CPIC_TIMEOUT.
|
Default value |
20 |
|
Dynamic |
Yes |
gw/reg_timeout
Species the maximum wait time for setting up the connection with a registered program. The wait time must not exceed the interval defined by the parameter (in seconds). Otherwise the connection setup is terminated with a timeout.
|
Default value |
60 |
|
Dynamic |
Yes |
gw/reg_lb_level
Defines the type of load balancing for registered programs. The following values are permitted:
|
Default value |
1 |
|
Dynamic |
Yes |
gw/reg_lb_default
Default value for the load of a server if its IP address cannot be found in the list.
|
Default value |
20 |
|
Dynamic |
Yes |
gw/reg_lb_ip
Specifies the load value for an IP address or for a range of IP addresses. A host name can be entered in the place of an IP address. The gateway then determines the IP address for the host name.
When the registered program logs onto the gateway, the IP address is used to determine what the load of the IP address is. The system searches the list in the order specified by the profile parameter. This value is added to the load when this program receives a request. If the IP address is not found, the system uses the value defined by parameter gw/reg_lb_default. This ensures that a strong server is assigned more requests than a weaker server. A server that registers itself with the gateway receives as initial value the highest load of all servers with the same registration ID. If no servers are registered with this ID, or if no requests have been assigned to these servers, the value is 0.
Syntax
List of IP addresses or host names The corresponding load is output with an equal sign after each IP address. The load is a weighting factor that specifies the strength of a particular server. The higher the value, the weaker the server. The maximum value is 1.
a.b.c.d=val1 e.f.g.*=val2 linux1=val3
Important: You can specify a range of IP addresses in the place of a single IP address, for example
gw/reg_lb_ip = 194.56.48.*=1 194.56.49.*=3
All servers from the 194.56.48 – network are highly efficient, the servers from the 194.56.49 network are somewhat weaker, and all other servers are extremely weak and should only be used infrequently.
For a detailed description, see
Load Balance for Registered Programs.|
Default value |
"" |
|
Dynamic |
Yes |
gw/cpic_security
Determines whether CPIC security calls (CMSCSP, CMSCSU, etc.) are called. The parameter setting depends on the security setting on the host.
If the host connection is implemented via UPIC, the security calls must not be called (parameter value must be 0).
This parameter only affects SNA connections.
|
Default value |
1 |
|
Dynamic |
Yes |
(*) but only if changing the parameter affords increased security, thus 0 -> 1 is allowed, 1 -> 0 is not allowed.
gw/tcp_security
These parameters can be used to protect external programs against being started. For more information, see the section on security.
|
Default value |
1 |
|
Dynamic |
Yes |
(*) but only if changing the parameter affords increased security, thus 0 -> 1 is allowed, 1 -> 0 is not allowed.
gw/sec_info
File with security information
|
Default value |
<Data Directory>secinfo |
|
Dynamic |
Yes |
gw/stat
Determines the status of the gateway statistics after starting the gateway. The gateway statistics can be evaluated using the gateway monitor (gwmon or transaction SMGW), and can be changed dynamically.
0: Statistics not active
1: Statistics active
|
Default value |
0 |
|
Dynamic |
Yes |
gw/non_conversational
Determines (provided this is supported by the R/2 System) that "non-conversational" mode is used, i.e. that the connection is established and closed for each dialog step of the CUA interface.
This makes sense when many connections are to be established to an R/2 System because (in CICS, for example) approximately 40 KB of information are held for each connection.
0: "non-conversational" mode not active "non-conversational" mode active
This parameter only affects SNA connections.
|
Default value |
1 |
|
Dynamic |
Yes |
gw/gwwp_short_polling_time
gw/gwwp_long_polling_time
gw/max_short_poll_no
Poll raster setting for poll mode:
The system first polls gw/max_short_poll_no times with an interval of gw/gwwp_short_polling_time, then with an interval of gw/gwwp_long_polling_time.
The intervals are specified in milliseconds.
This parameter only affects SNA connections.
|
gw/gwwp_short_polling_time |
Default |
100 |
|
Dynamic |
Yes |
|
|
gw/gwwp_long_polling_time |
Default |
1000 |
|
Dynamic |
Yes |
|
|
gw/max_short_poll_no |
Default |
20 |
|
Dynamic |
Yes |
gw/upic_pterm_name
This parameter only affects host connections via UPIC.
It determines the first 4 characters of the UTM login name. The gateway fills the remaining 4 characters with the work process number.
This parameter only affects SNA connections.
|
Default value |
- |
|
Dynamic |
No |
gw/ims_signon
Determines whether a SIGN ON should be performed when the partner system is IMS.
0: No IMS-SIGN-ON
1: IMS-SIGN-ON is performed
This parameter only affects SNA connections.
|
Default value |
1 |
|
Dynamic |
Yes |
gw/ims_signon_cmd
IMS-SIGN-ON data. The following standard SIGN ON command is built up:
ON <user> <password>
The SIGN ON data may include up to two variable parts that must be specified with %s.
Note that the first %s pattern is replaced by the user name and the second %s is replaced by the password.
This parameter only affects SNA connections.
|
Default value |
ON %s %s |
|
Dynamic |
Yes |
gw/ims_max_send_length
Maximum length of a data packet that can be sent to IMS using the send function.
This parameter only affects SNA connections.
|
Default value |
32000 |
|
Dynamic |
Yes |
gw/compatibility
This parameter determines whether the gateway can communicate with servers older than Release 3.0. For 3.0 installations, this parameter should be set to 0. In this case, errors that occur during connection setup can be returned to the caller directly, without trying the old procedure once more.
As of Release 4.6A, the default value of this parameter has been changed to 0.
In mixed installations, this parameter must have the value 1.
|
Default value |
0 |
|
Dynamic |
Yes |
gw/monitor
This parameter determines whether the gateway should communicate with the monitor locally or remotely.
|
Default value |
2 |
|
Dynamic |
Yes(*) |
(*) but only if changing the parameter affords increased security, thus 2 -> 1 is allowed, 1 -> 2 is not allowed.
Other Gateway Parameters
The following parameters are connected with SAP Gateway memory management, and must be changed in relation to the use of the gateway. Incorrect settings are the frequent cause of gateway error messages. These parameters and the permitted changes to them are described in detail to prevent errors in configuration:
The interaction between the parameters is explained in
Memory Management of SAP Gateway.SNC Parameters
There are a number of additional parameters that control the behavior of the SAP Gateway in conjunction with SNC (Secure Network Communication).
|
Parameter |
Meaning |
Default Value |
Dynamic |
|
snc/enable |
This parameter specifies whether the gateway accepts connections that protect the data via SNC. |
0 |
No |
|
snc/permit_insecure_comm |
This parameter specifies whether the gateway accepts connections without SNC. |
0 |
No |
|
snc/permit_insecure_start |
This parameter specifies whether the gateway may establish connections with programs that communicate without SNC. |
0 |
No |
|
snc/permit_common_name |
This parameter specifies whether the gateway can use a default SNC name specified by the parameter snc/identity/as, if an SNC name for the connection cannot be read from secinfo. |
0 |
No |
|
snc/gssapi_lib |
Path for the shared library of the security system in use. |
"" |
No |
|
snc/identity/as |
Identity of the gateway application server |
"" |
No |