You can use this parameter to specify the service/port that is to be used for a protocol. Either the service name or the port number can be specified.
You can also determine additional service properties. They are described below.
Caution
There cannot be more than one service allocated to a single port. Also, a service cannot be started if another program is using the port or service.
The <xx> stands for a number. The numbers must be used in acendending order from 0.
More information: Generic profile parameters with the ending _<xx>
Work area |
Internet Communication Manager / SAP Web Dispatcher |
Unit |
Character string |
Standard value |
Depending on system type, see below |
Dynamically changeable |
No Note You can create services dynamically (using the ICM Monitor or the Web Administration interface), though these are lost when the ICM or Web Dispatcher is restarted. End of the note. |
The character string has the following syntax:
PROT=<protocol name>, PORT=<port or service name>[, TIMEOUT=<timeout>, PROCTIMEOUT=<proctimeout>, EXTBIND=1, HOST=<host name>, VCLIENT=<SSL Client Verification>, SSLCONFIG=]
You have to specify the options for the protocol PROT and the service name (or port number) PORT, the other variables are optional.
The options are described below.
Protocol PROT can have the following values.
Value |
Description |
---|---|
HTTP |
Hyper Text Transfer Protocol |
HTTPS |
HTTP using SSL; the HTTPS request is decrypted by the ICM or Web dispatcher |
SMTP |
Simple Mail Transfer Protocol (NW AS ABAP only) |
P4 |
P4 protocol (proprietary SAP communications protocol; SW AS Java only) |
P4SEC |
P4 protocol using SSL (NW AS Java only) |
IIOP |
Internet Inter ORB protocol (NW AS Java only) |
IIOPSEC |
Internet Inter ORB protocol using SSL (NW AS Java only) |
TELNET |
Telnet protocol (NW AS Java only) |
Caution
You must also configure SSL support in the application server for protocols HTTPS, P4SEC and IIOPSEC.
More information:
AS ABAP: Configuring the AS ABAP for Supporting SSL
AS Java: Configuring the Use of SSL on the AS Java (available in English only)
Caution
SMTP is not supported for the SAP Web Dispatcher. There is however also the value ROUTER (in contrast to the ICM). This is not a protocol as such, it is used for End-to-End SSL configuration in the Web Dispatcher.
With option PORT you can specify the port by its number or service name. The value 0 means that no port for inbound connections can be opened for the specified protocol.
Two timeouts can be configured - the network timeout TIMEOUT and the processing timeout PROCTIMEOUT.
TIMEOUT is a keep-alive timeout for the network connection. PROCTIMEOUT is a processing timeout for communication with the back-end (work process).
Details about the timeouts, value range, and standard value can be found under Timeout Options for the ICM and Web Dispatcher.
To bind ports under 1024 on UNIX use option EXTBIND=1. The external binding program runs under user root and is authorized to bind these ports.
More information: Binding Ports < 1024 on UNIX
You can use the optional parameter HOST=<host name or IP address> to specify that the port should not be bound to all host names (default), but only to the specified host. In this way the host with only one open port can be reached under various URLs.
Using the optional parameter VCLIENT you can specify whether the client should have an X.509 certificate when you use SSL. There are three certification levels (0-2):
0: No certification is required and the server does not ask for one.
1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is carried out by another method, for example, basic authentication (default setting).
2: The client must transfer a valid certificate to the server, otherwise access is denied.
This server-specific value overrides the value that is set with parameter icm/HTTPS/verify_client.
If you maintained the SSL configuration with parameter icm/ssl_config_<xx>, you must set option SSLCONFIG to the value ssl_config_<xx> (<xx>, corresponding to parameter icm/ssl_config_<xx>, see the last example).
The standard system value for this parameter depends on the system type specified by parameter system/type.
Depending on the system type ports may already be configured.
The following types are possible:
Dual stack: The instance contains Application Server ABAP (AS ABAP) and Application Server Java (AS Java). system/type = DS
icm/server_port_0 = PROT=HTTP,PORT=5$(SAPSYSTEM)00,TIMEOUT=60,PROCTIMEOUT=600 icm/server_port_1 = PROT=P4,PORT=5$(SAPSYSTEM)04 icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07 icm/server_port_3 = PROT=TELNET,PORT=5$(SAPSYSTEM)08,HOST=localhost icm/server_port_4 = PROT=SMTP,PORT=0,TIMEOUT=120,PROCTIMEOUT=120 |
Java only: The instance contains only Application Server Java (AS Java). system/type = J2EE
icm/server_port_0 = PROT=HTTP,PORT=5$(SAPSYSTEM)00,TIMEOUT=60,PROCTIMEOUT=600 icm/server_port_1 = PROT=P4,PORT=5$(SAPSYSTEM)04 icm/server_port_2 = PROT=IIOP, PORT=5$(SAPSYSTEM)07 icm/server_port_3 = PROT=TELNET,PORT=5$(SAPSYSTEM)08,HOST=localhost |
ABAP only: The instance contains only Application Server ABAP (AS ABAP). system/type = ABAP
icm/server_port_0 = PROT=HTTP,PORT=0,TIMEOUT=30,PROCTIMEOUT=60 icm/server_port_1 = PROT=SMTP,PORT=0,TIMEOUT=120,PROCTIMEOUT=120 |
This means that outbound connections across HTTP and SMTP are possible, but no ports for inbound connections are open. For security reasons ports for inbound connections must be explicitly configured.
Note
You cannot see these standard values in the profile. If you make changes in the profile, you have to overwrite the standard values by setting the relevant parameters, or add further ports with the next available number.
PROT=HTTP, PORT=8080, TIMEOUT=15
Opens port 8080 for HTTP requests and closes the network connection after 15 seconds if there is no activity.
PROT=SMTP, PORT=80, TIMEOUT=45, EXTBIND=1, HOST=prd.sap.de opens port 80 for SMTP requests and closes the network connection after 45 seconds if there is no activity. Since port 80 under UNIX can only be bound by user root, the external binding program is activated. The port is bound only to the host name prd.sap.de.
PROT=HTTPS, PORT=443, TIMEOUT=15, PROCTIMEOUT=45, VCLIENT=0 opens port 443 for HTTPS requests and closes the network connection after 15 seconds if there is no activity. The timeout for processing in the back end is 45 seconds, and the server asks the client to send a certificate.
PROT=HTTPS, PORT=8444, SSLCONFIG=ssl_config_0 opens port 8444 for HTTPS requests and sets the SSL configuration as it is set in parameter ssl_config_0.
Note the following documentation associated with this parameter: