Show TOC

Procedure documentationUpdating SAP JVM Locate this document in the navigation structure

 

The SAP JVM is included in all products based on the NetWeaver Application Server Java 7.1. It resides in the sapjvm_5 subfolder which is located under /usr/sap/(SID)/SYS/exe/jvm.

The installation of the SAP JVM is included in the installation of the product. The following procedure describes what you have to do to upgrade to the newest SAP JVM version without upgrading your whole product.

Procedure

An upgrade to the newest available version is possible by importing SAP JVM patches using the Java Support Package Manager (JSPM). The JSPM applies these patches as “SAP JVM Support Packages” to the software component “SAP JVM”. After deployment to the file system of the NetWeaver Application Server, there is an automatic replication to each server instance using the sapcpe program. In short, applying an SAP JVM patch takes the following steps:

  1. Download the SAP JVM patch from the SAP Support Portal. E.g., for SAP NetWeaver PI 7.1, navigate along the following path:   https://service.sap.com/patches   Entry by Application Group   SAP NetWeaver   SAP NETWEAVER   SAP NETWEAVER PI 7.1   Entry by Component   Application Server Java   SAP JVM 5.1   The file name looks like SAPJVM5_XX-YYYYYYYYY.SAR, choosing the highest available patch level is recommended.

  2. Logon as <sid>adm.

  3. Copy the patch in the inbox of the JSPM The default inbox directory is defined by profile parameter DIR_EPS_ROOT.

  4. Start JSPM and logon as Administrator. Start the process with the following command:

    • Windows: <drv:>\usr\sap\<SID>\<INSTANCE><NR>\j2ee\JSPM\go.bat

    Unix: /usr/sap/<SID>/<INSTANCE><NR>/j2ee/JSPM/go

  5. In the Select Package Type screen, choose Single Support Packages and Patches (advanced use) and choose Next.

  6. In the Specify Queue screen, you should be able to see the target patch level for the SAP JVM and it should be higher than the patch level of the current version. Deselect all patches you don't want to install and choose Next.

  7. In the Check Queue screen, you see the patches you have selected. If you agree, choose Next.

    Caution Caution

    Notice that the Application Server Java will be stopped!

    End of the caution.

  8. After the queue has been deployed, you get the Completed screen where the status of the SAP JVM should show DEPLOYED.

  9. Choose Exit to finish the patch procedure.

Java Cryptography Extension (JCE)

Out of legal reasons, SAP does not deliver the so-called “Java Cryptography Extension (JCE) Jurisdiction Policy” files as part of the SAP JVM. Without these files the cryptography functionality inside the SAP JVM is blocked. Therefore typical usage scenarios requiring cryptography, e.g. communication via HTTPS or storage of information in Secure Storages will not work anymore.

If a JSPM version of 7.10 SP 6 or younger is used to patch an SAP JVM, the policy files are taken from the previously installed version. Otherwise, they have to be copied manually or downloaded and installed separately.

These files, namely local_policy.jar and US_export_policy.jar in directory sapjvm_5/jre/lib/security, can either be obtained from SAP's Service Marketplace (  http://service.sap.com/swdc   Download   SAP Cryptographic Software  ; please download the package SAP Java Cryptography Extension Jurisdiction Policy) or alternatively from Sun Microsystems at   http://java.sun.com/javase/downloads/index_jdk5.jsp   Other Downloads   Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0  .

Note Note

Please note that the policy files provided by SAP will unlock the “strong but limited encryption”, which limits most encryption algorithms to 128 bit key lengths. The policy files provided by Sun Microsystems will unlock the “unlimited strength encryption”, which allows for even stronger encryption via longer key lengths.

End of the note.

More Information

The sapcpe Program

Configuration and Setup of SAP JVM