Show TOC

Background documentationicm/server_port_<xx> Locate this document in the navigation structure

 

You can use this parameter to specify the service or port that is to be used for a protocol. Either the service name or the port number can be specified.

You can also define additional properties of the service. They are described below.

Caution Caution

Only one service can be bound to one port. Also, a service cannot be started if another program is using the port or service.

End of the caution.

Prerequisites

<xx> stands for a number. The numbers must be used in acendending order from 0.

For more information, see: Generic Profile Parameters with Ending _<xx>

Structure

Work area

Internet Communication Manager / SAP Web Dispatcher

Unit

Character string

Standard value

Depending on system type, see below

Dynamically changeable

No

Note Note

You can create services dynamically (using the ICM Monitor or the Web Administration interface), though these are lost when the ICM or Web Dispatcher is restarted.

End of the note.
Value Range and Syntax

The character string has the following syntax:

PROT=<protocol name>, PORT=<port or service name>[, TIMEOUT=<timeout>, PROCTIMEOUT=<proctimeout>, EXTBIND=1, HOST=<host name>, SSLCONFIG=ssl_config_<xx>, VCLIENT=<SSL client verification>, ACLFILE=<ACL file>]

You have to specify the options for the protocol PROT and the service name (or port number) PORT, the other variables are optional.

The options are described below.

Protocol

Protocol PROT can have the following values.

Supported Protocols

Value

Description

HTTP

Hyper Text Transfer Protocol

HTTPS

HTTP using SSL; the HTTPS request is decrypted by the ICM or Web dispatcher

SMTP

Simple Mail Transfer Protocol (NW AS ABAP only)

P4

P4 protocol (proprietary SAP communications protocol; SW AS Java only)

P4SEC

P4 protocol using SSL (NW AS Java only)

IIOP

Internet Inter ORB protocol (NW AS Java only)

IIOPSEC

Internet Inter ORB protocol using SSL (NW AS Java only)

TELNET

Telnet protocol (NW AS Java only)

Caution Caution

You must also configure SSL support in the application server for protocols HTTPS, P4SEC and IIOPSEC.

End of the caution.

Caution Caution

SMTP is not supported for the SAP Web Dispatcher. There is however also the value ROUTER (in contrast to the ICM). This is not a protocol as such, it is used for end-to-end SSL configuration in the Web Dispatcher.

End of the caution.
Port

With option PORT you can specify the port by its number or service name. The value 0 means that no port for inbound connections can be opened for the specified protocol.

Timout Options

Two timeouts can be configured - the network timeout TIMEOUT and the processing timeout PROCTIMEOUT.

TIMEOUT is a keep-alive timeout for the network connection. PROCTIMEOUT is a processing timeout for communication with the back-end (work process).

Details about the timeouts, value range, and standard value can be found under Timeout Options for the ICM and Web Dispatcher.

Using an External Binding Program

To bind ports under 1024 on UNIX use option EXTBIND=1. The external binding program runs under user root and is authorized to bind these ports.

For more information, see: Binding Ports < 1024 on UNIX

Not Binding the Port to all Host Names

You can use the optional parameter HOST=<host name or IP address> to specify that the port should not be bound to all host names (default), but only to the specified host. In this way the host with only one open port can be reached under various URLs.

X.509 Certificate

Using the optional parameter VCLIENT you can specify whether the client should have an X.509 certificate when you use SSL. There are three certification levels (0-2):

  • 0: No certification is required and the server does not ask for one.

  • 1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is carried out by another method, for example, basic authentication (default setting).

  • 2: The client must transfer a valid certificate to the server, otherwise access is denied.

This server-specific value overrides the value that is set with parameter icm/HTTPS/verify_client.

SSL Configuration

If you defined the SSL configuration with parameter icm/ssl_config_<xx>, you must set option SSLCONFIG to the value ssl_config_<xx> (<xx>corresponding to parameter icm/ssl_config_<xx>; see the last example).

ACL File

Option ACLFILE specifies the file that is used as the “access control list”, ACL). If the profile parameter is set, the file must exist and its syntax be correct.

For more information, see: Setting Up Access Control Lists (ACL)

Standard value

The standard system value for this parameter depends on the system type specified by parameter system/type.

Depending on the system type ports may already be configured.

The following types are possible:

  • Dual stack: The instance contains Application Server ABAP (AS ABAP) and Application Server Java (AS Java). system/type = DS

    Standard Values

    icm/server_port_0 = PROT=HTTP,PORT=5$(SAPSYSTEM)00,TIMEOUT=60,PROCTIMEOUT=600

    icm/server_port_1 = PROT=P4,PORT=5$(SAPSYSTEM)04

    icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07

    icm/server_port_3 = PROT=TELNET,PORT=5$(SAPSYSTEM)08,HOST=localhost

    icm/server_port_4 = PROT=SMTP,PORT=0,TIMEOUT=120,PROCTIMEOUT=120

  • Java only: The instance contains only Application Server Java (AS Java). system/type = J2EE

    Standard Values

    icm/server_port_0 = PROT=HTTP,PORT=5$(SAPSYSTEM)00,TIMEOUT=60,PROCTIMEOUT=600

    icm/server_port_1 = PROT=P4,PORT=5$(SAPSYSTEM)04

    icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07

    icm/server_port_3 = PROT=TELNET,PORT=5$(SAPSYSTEM)08,HOST=localhost

  • ABAP only: The instance contains only Application Server ABAP (AS ABAP). system/type = ABAP

    Standard Values

    icm/server_port_0 = PROT=HTTP,PORT=0,TIMEOUT=30,PROCTIMEOUT=60

    icm/server_port_1 = PROT=SMTP,PORT=0,TIMEOUT=120,PROCTIMEOUT=120

    This means that outbound connections across HTTP and SMTP are possible, but no ports for inbound connections are open. For security reasons ports for inbound connections must be explicitly configured.

Note Note

You cannot see these standard values in the profile. If you make changes in the profile, you have to overwrite the standard values by setting the relevant parameters, or add further ports with the next available number.

End of the note.
Examples
  • PROT=HTTP, PORT=8080, TIMEOUT=15

    Opens port 8080 for HTTP requests and closes the network connection after 15 seconds if there is no activity.

  • PROT=SMTP, PORT=80, TIMEOUT=45, EXTBIND=1, HOST=prd.sap.de opens port 80 for SMTP requests and closes the network connection after 45 seconds if there is no activity. Since port 80 under UNIX can only be bound by user root, the external binding program is activated. The port is bound only to the host name prd.sap.de.

  • PROT=HTTPS, PORT=443, TIMEOUT=15, PROCTIMEOUT=45, VCLIENT=0 opens port 443 for HTTPS requests and closes the network connection after 15 seconds if there is no activity. The timeout for processing in the back end is 45 seconds, and the server asks the client to send a certificate.

  • PROT=HTTPS, PORT=8444, SSLCONFIG=ssl_config_0 opens port 8444 for HTTPS requests and sets the SSL configuration as it is set in parameter ssl_config_0.