Show TOC

Configuring Outbound Enablers to Work with SAP Mobile Platform ServersLocate this document in the navigation structure

Set up a Relay Server outbound enabler on each SAP Mobile Platform Server in the cluster.

Context

The outbound enabler connects the SAP Mobile Platform Server running in the corporate LAN to the Relay Server farm running in the DMZ.

Procedure

Use the Relay Server's Service utility (dbsvc.exe) to set up each outbound enabler to start automatically as a service.
To set up an auto-started outbound enabler service named oes (Outbound Enabler service) on IIS host on Windows:
dbsvc -as -s auto -t rsoe -w oes "%SQLANY16%\Bin<XX>\rsoe.exe" 
-cr "host=<host_name_or_IPaddress>; port=<host_port>; url_suffix=/rs16/server/rs_server.dll" 
-cs "host=localhost;port=80" 
-f <farm_name> -id <server_name>

To set up an auto-started outbound enabler service named oes (Outbound Enabler service) on Apache host on Linux:

dbsvc -y -s auto -a <Apache-user-account> -t rsoe -w oes
-cr "host=<host_name_or_IPaddress>; port=<host_port>; url_suffix=/srv/iarelayserver" 
-cs "host=localhost;port=80" 
-f <farm_name> -id <server_name>

On either Windows or Linux, you can enter parameters into an outbound enabler configuration file (<oe_config_file>), using same syntax as at the command prompt.

Table 1: Parmeters for rsoe Command, Executed by dbsvc Utility
rsoe Option Description
-cr "<connection-string>" Specifies the Relay Server connection string. The format of the Relay Server connection string is a semicolon separated list of name-value pairs. The name-value pairs consist of the following:
  • host – IP address or hostname of the Relay Server.
  • port – The port the Relay Server is listening on.
  • url_suffix – URL path to the server extension of the Relay Server. Required. By default, the rsoe requires the url_suffix to be specified.
  • http_userid – (Optional) Userid for authentication. You should consult your web server (or proxy) documentation to determine how to set up HTTP authentication.
  • http_password – (Optional) Password for authentication. You should consult your web server (or proxy) documentation to determine how to set up HTTP authentication.
  • http_proxy_userid – (Optional) Userid for proxy authentication. You should consult your web server (or proxy) documentation to determine how to set up HTTP authentication.
  • http_proxy_password – (Optional) Password for proxy authentication. You should consult your web server (or proxy) documentation to determine how to set up HTTP authentication.
  • proxy_host – (Optional) Specifies the host name or IP address of the proxy server.
  • proxy_port – (Optional) Specifies the port number of the proxy server.
  • https – 0 - HTTP (default), 1 - HTTPS

    By default, MobiLink starts up the TCPIP communication protocol. When starting MobiLink for use with the RSOE, be sure to start the communication protocol required by your RSOE configuration. For example, if you specify HTTPS as the back-end security, then MobiLink must be started with HTTPS.

    When the https=1 parameter is included in the -cs option, the default port changes to 443.

    For https=1, the following options can also be specified:
    • tls_type – (Optional, Relay Server 12 only) RSA or ECC. Relay Server 16 uses RSA only.
    • certificate_name – (Optional) Common name field of the certificate.
    • certificate_company – (Optional) Organization name field of the certificate.
    • certificate_unit – (Optional) Organization unit field of the certificate.
    • identity – (Optional) Provides the credentials to establish mutually-authenticated TLS between the Outbound Enabler and the back-end server. Note that mutual authentication is required for the back-end server.
    • identity_password – (Optional) Provides the credentials to establish mutually-authenticated TLS between the Outbound Enabler and the back-end server. Note that mutual authentication is required for the back-end server.
    • fips – (Optional) Yes or no.
    • trusted_certificates – (Optional) A file containing a list of trusted root certificates. To verify the back-end server, and only the back-end server, set this property to backend_server_public_cert_filename.
      trusted_certificates=backend_server_public_cert_filename

      For Windows, if trusted_certificate is not set, the operating system certificate store is used.

-cs "<connection-string>" Specifies the SAP Mobile Platform Server (backend server) connection string. Sets the host and port used to connect to the back-end server. The default is "host=localhost;port=80;https=0". To enable periodic back-end server status requests, add the status_url parameter to -cs. The status_url parameter is specified in the format status_url=/<your-status-url>. The following example shows how to specify status_url with -cs.
-cs "host=localhost;port=80;status_url=/getstatus/"
Use the -d option to specify the frequency of the back-end server status requests.
  • host – (Optional) IP address or hostname of the SAP Mobile Platform Server (backend server). Default is localhost.
  • port – Port number the backend server is listening on. This is required. Default is 0.
  • https – (Optional) 0 = HTTP (default); 1 = HTTPS.

    By default, MobiLink starts up the TCPIP communication protocol. When starting MobiLink for use with the RSOE, be sure to start the communication protocol required by your RSOE configuration. For example, if you specify HTTPS as the backend security, then MobiLink must be started with HTTPS.

    When the https=1 parameter is included in the -cs option, the default port changes to 443.

    For https=1, the following options can also be specified:
    • identity – (Optional) The path and file name of the identity file that is to be used for server authentication. Provides the credentials to establish mutually-authenticated TLS between the Outbound Enabler and the backend server. Mutual authentication is required for the backend server.
    • identity_password – (Optional) An optional parameter that specifies a password for the identity file. When this option is specified, the identity option must also be specified. Provides the credentials to establish mutually-authenticated TLS between the Outbound Enabler and the backend server. Mutual authentication is required for the backend server.
    • trusted_certificates – (Optional) A file containing a list of trusted root certificates. To verify the backend server, and only the backend server, set this property to backend_server_public_cert_filename.
      trusted_certificates=backend_server_public_cert_filename
      On Windows, if trusted_certificates is not set, the operating system certificate store is used.
  • status_url – (Optional) Enables backend status requests. This option can be set in the outbound enabler configuration file (for example): -cs "host=localhost;port=80;status_url=/getstatus/. The frequency of the backend server liveness ping is set using the -d option.
    If status_url is specified, the outbound enabler sends a simple HTTP GET request as follows:
    GET /<your-status-url> HTTP/1.1\r\n Host: localhost:80\r\n User-Agent: IAS_OE_BE_Status\r\n Connection: close\r\n \r\n
    The outbound enabler parses the backend server's HTTP response and looks for AVAILABLE =<accept-value> in the BODY of the HTTP response, where <accept-value> is one of: TRUE, FALSE, T, F, YES, NO, Y, N, ON, OFF, 1, or 0. If the outbound enabler receives AVAILABLE=FALSE|F|NO|N|OFF|0, it assumes that the backend server is not willing to accept more client requests and terminates its channels to the Relay Server. If the RSOE receives AVAILABLE=TRUE|T|YES|Y|ON|1, it re-establishes its channels with the Relay Server and resumes sending client requests to the backend server
-d <seconds> (Optional) Sets the frequency of the back-end server liveness ping and back-end server status request. The default is 5 seconds.
-dl (Optional) Displays log messages in the Relay Server Outbound Enabler console. By default, log messages are not displayed for verbosity levels 1 and 2.
-f <farm> Specifies the name of the farm that the back-end server belongs to.
-id <id> Specifies the name assigned to the back-end server.
-o <file> (Optional) Specifies the file to log output messages to.
-oq (Optional) Prevents the appearance of the error window when a start-up error occurs.
-os (Optional) Sets the maximum size of the message log files. The minimum size limit is 10 KB.
-ot (Optional) Truncates the log file and logs messages to it.
-q (Optional) Run with a minimized window on start-up.
-qc (Optional) Shuts down the window on completion.
-s (Optional) Stops the Outbound Enabler.
-t <token> (Optional) Sets the security token to be passed to the Relay Server.
-uc (Optional) Starts the rsoe in shell mode. This is the default. Applies to Linux and Mac OS X. You should only specify one of -uc, -ui, -um, or -ux. When you specify -uc, this starts the rsoe in the same manner as previous releases of the software.
-ud (Optional) Runs the rsoe as a daemon. Applies to Linux platforms only.
-ui (Optional) Starts the rsoe in shell mode if a usable display is not available. This option is for Linux with X window server support.

When -ui is specified, the server attempts to find a usable display. If it cannot find one, for example because the X window server is not running, the rsoe starts in shell mode.

-ux

(Optional) For Linux, opens the rsoe messages window where messages are displayed.

When -ux is specified, the rsoe must be able to find a usable display. If it cannot find one, for example because the DISPLAY environment variable is not set or because the X window server is not running, the rsoe fails to start.

To run the rsoe messages window in quiet mode, use -q.

On Windows, the rsoe messages window appears automatically.

-v <level>
(Optional) Set the verbosity level to use for logging. The level can be 0, 1, 2, or higher (higher levels are used primarily for technical support):
  • 0 – Log errors only. Use this logging level for deployment.
  • 1 – Session level logging. This is a higher level view of a synchronization session.
  • 2 – Request level logging. Provides a more detailed view of HTTP requests.
  • 3 or higher – Detailed logging. Used primarily for technical support.
Levels 1 and 2 are only written to the log file and are not displayed. To have all log messages displayed, use the -dl switch.