Show TOC

Background documentationNetwork Security Locate this document in the navigation structure

 

All SAP NetWeaver Enterprise Search components communicate within a private subnetwork and are not visible from outside. There is only one dedicated access point from outside: The master blade.

More information: Single Access Point Concept

This graphic is explained in the accompanying text.

Network Topology of SAP NetWeaver Enterprise Search 7.2

Network Topology

The network topology of SAP NetWeaver Enterprise Search is that only one blade, the master blade, is directly connected to the customer network. All user PCs that want to use SAP NetWeaver Enterprise Search through the Web front end and all information resources that are to be indexed and searched must be located in this network. If this is not the case or not desired, you must use appropriate routing or an appropriate v-LAN. The master blade masks all outbound communication (DNS, NTP, OSS, LDAP, and so on) and inbound connections are forwarded internally through the SAP Web Dispatcher and SAProuter, therefore SAP NetWeaver Enterprise Search requires only one IP address in the customer network for production operations. Internally, each blade has at least one internal IP address to allow network communication between the blades and the storage, if necessary.

Master Blade

The master blade is a server with IP addresses in two networks. It has an external network interface in the customer network and an internal address in the private SAP NetWeaver Enterprise Search network. The outbound communication from the internal network interface is masked using NAT. Only the following services are supported for inbound communication:

  • SAP Web Dispatcher is used to distribute inbound HTTP(s) requests equally to all AS ABAP instances.

  • SAProuter is used to manage inbound RFC connections.

Ethernet Switches

The blade center has several Ethernet switches, for which additional IP addresses may be required for monitoring and administration purposes.

Shared Storage

All components (TREX instances and application servers) require central data storage. This may require additional IP addresses for monitoring and administration purposes.

Console LAN

Depending on the hardware used, more than one IP address can be used to allow remote administration and monitoring of the hardware. These include IP addresses for the components, such as switches, blades, and storage, as well as for the blade center itself. Whether or not a console LAN is required or useful depends on your hardware partner and service provider.