Oracle is Red, SAP is Blue

There are many similar actions between the origin country of Oracle and SAP and its respective global product.
We have noticed this month, American Congress passed around 70 billion US dollar for war fund. The reason behind this is the growth from military business selling many war business. Do you see the relation between this phenomenon and fund for hostile acquisition prepared by America corporation like Oracle? The color at least tell their company nature.

Complicated and Troublesome Fussion

I heard Oracle has tried to combine all apps in forms of ERP, BI, etc they have bought into only one platform coded Oracle Fusion or Fussion. I really dont know in detail about this, but in my opinion ... Wow that will be great if Oracle could make Fussion happening. unfortunately this will be only dream for some extent due to complex and unclear blueprint, realization, and support approach at least in my opinion. Is the way to go a migration, upgrade, reimplementation, or complex combination of them?

However combining Peoplesoft, JD Edwards, Oracle ERP (Oracle E-Business Suite), etc which each has different core technology and different project approach for business process for different industry sector is super duper complicated task especially when the release plan is not clearly defined and scheduled for customers. If Oracle think only technology inside them, it is probably still possible to combine them, when considering business process, transaction, and data that customers own, Oracle will play hard with customers.

To release the Fussion in even 2010 is like to deliver a premature Fussion baby. In my opinion it is still looooong way for Oracle to get same of stability level with business-stability of Netweaver platform from SAP. This will be interesting when Fussion is first released, however let's expect only interface-collection runtime inside the baby. Oracle is enough to take part in maintaining nice database.

Tukang pun pergi berhaji

Membaca dari blog tetangga http://harry.sufehmi.com/archives/2007-11-29-1563/
cukup menyadarkan semangat bekerja untuk melengkapi kewajiban rukun Islam kita.
Selain semangat berhaji, strategi menabung haji untuk jangka waktu panjang alangkah baiknya dalam bentuk emas karena harganya akan tetap bahkan naik dibandingkan harga ongkos haji (dengan hitungan emas, biaya berhaji semenjak jaman dulu sampai sekarang relatif sama)

Republika - Kamis, 22 Nopember 2007
Ngadino, Pembersih Jamban yang Mampu Pergi Haji

Pekanbaru-RoL–Ngadiono (47) hanyalah seorang penjaga sekolah dasar yang menyambil sebagai pembersih jamban di sebuah pasar tradisional di Ujungbatu Kabupaten Rokan Hulu (Rohul), Riau. Tapi siapa yang menyangka petugas kebersihan ini mampu pergi haji? Sebab gaji sebagai penjaga sekolah dan upah membersihkan kakus tidaklah seberapa.

“Dia mampu karena niat dan keinginannya yang kuat,” ujar Kepala Dinas Pendidikan Rokan Hulu Hj Efie di Ujungbatu seperti dilaporkan Antara, Kamis. Saat melepas jamaah calon haji (JCH) di lingkungan Dinas Pendidikan Rokan Hulu, Efie tidak mampu membendung air matanya, ikut menangis bersama Ngadiono, ayah tiga anak itu. Ngadiono akan berangkat ke embarkasi Batam melalui lapangan udara Pasir Pengaraiyan pada 25 November bersama 346 JCH asal Rohul.

Warga transmigran yang gigih itu merupakan pegawai negeri sipil golongan 1C sebagai penjaga SDN 002 Kecamatan Ujungbatu sejak 1993. Gaji yang kecil dan tidak cukup untuk menghidupi keluarganya tidak mematahkan semangatnya untuk pergi ke Tanah Suci Mekkah untuk menunaikan ibadah haji, keinginan yang telah lama tertera di hatinya.

“Saban siang, sepulang dari sekolah saya membersihkan jamban di Pasar Ujungbatu. Bertahun-tahun pekerjaan ini saya jalani dan uangnya saya kumpulkan untuk haji. Insya Allah lusa saya berangkat,” katanya dengan mata berkaca-kaca. (pur)

configuring SAP SSL in webdispatcher, SAP Portal, Netweaver/J2EE engine, SRM, BW

configuring SAP SSL in webdispatcher, SAP Portal, Netweaver/J2EE engine, SRM, BW

There are some information of SSL configuration in SAP in below links as addition to SSL in Enerprise Portal.

http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/content.htm

The SAP Web dispatcher supports SSL in two manners:

·        End-to-End-SSL. The SAP Web dispatcher forwards the HTTPS request without decrypting it to an (HTTPS-enabled) SAP Web AS.

• SSL termination. The SAP Web dispatcher decrypts the HTTPS request and then selects the server. (Server Selection). You can define whether the request should be SSL-encrypted again before forwarding it.

The following scenarios are possible:

SSL Scenarios

The Web Dispatcher Receives:	…… And Forwards:	Configuration (see graphic below.)
HTTP	HTTP	icm/server_port_= ... PROT=HTTP ...
HTTP	HTTPS	icm/server_port_= ... PROT=HTTP ... wdisp/ssl_encrypt=2
HTTPS	HTTP	icm/server_port_= ... PROT=HTTPS ... wdisp/ssl_encrypt=0
HTTPS	HTTPS	icm/server_port_= ... PROT=HTTPS ... wdisp/ssl_encrypt=1
HTTPS	HTTPS without unpacking End-to-End SSL	icm/server_port_= ... PROT=ROUTER ...

The following graphic shows the various configurations.

The option PROT in parameter icm/server_port_ specifies whether SSL is terminated in the SAP Web dispatcher:

·        HTTP: The SAP Web dispatcher receives HTTP requests at the port (1 and 2 in the graphic).

·        HTTPS: The SAP Web dispatcher receives HTTPS requests at the port. It decrypts the request, before it forwards it to an application server (3 and 4 on the graphic)

·        ROUTER: The SAP Web dispatcher receives an HTTPS and forwards the request without unpacking it. (5): End-to-End SSL.

The wdisp/ssl_encrypt determines whether the SAP Web dispatcher encrypts the request again with SSL before forwarding it. (See graphic and SAP Web Dispatcher Profile Parameters).

If you want your SAP Web dispatcher to unpack SSL or encrypt HTTP requests with SSL (2,3 and 4 in the graphic), you have to install the relevant SSL libraries and follow the configuration procedure. This is described in Configuring SAP Web Dispatcher for Supporting SSL.

Metadata Exchange Using SSL

The Web Dispatcher receives details of the active application servers and logon groups from the message server and the application servers.

You can also use HTTPS for this communication. Section Metadata Exchange Using SSL explains how to do this.

http://help.sap.com/saphelp_nw04s/helpdata/en/20/37c33ae8361838e10000000a11402f/content.htm

Creating the SSL Server PSE  

Use

The SSL Server PSE contains the application server's security information that it needs to communicate using SSL. If you have a system with multiple application servers, then the following options are available:

·        Use a single system-wide SSL server PSE for all servers.

·        Use server-specific SSL server PSEs for individual application servers.

·        Use a combination of both types. (Some application servers use a system-wide SSL server PSE, and other application servers use server-specific SSL server PSEs.)

Use a system-wide PSE for those application servers that are accessed via a Network Address Translator (NAT). Use the NAT's fully-qualified host name as the Common Name (CN) part of the Distinguished Name.

Prerequisites

·        The SAP Cryptographic Library is installed in the $(DIR_EXECUTABLE) directory on the application server.

If the SAP Cryptographic Library is not installed, then the SSL Server PSE and SSL Client PSE nodes are not included in the trust manager's PSE status section.

·        You know the naming convention to use for the server's Distinguished Name. The syntax of the Distinguished Name depends on the Certification Authority (CA) you use.

For example, if you use the SAP CA, the naming convention is CN=, OU=I-, OU=SAP Web AS, O=SAP Trust Community, C=DE.

For more information about the SAP CA naming conventions, see the SAP Trust Center Service at http://service.sap.com/tcs.

Procedure

From the Trust Manager screen:

...

       1.      Select the SSL Server PSE node.

       2.      Using the context menu, choose Create (if no PSE exists) or Replace.

The  PSE dialog appears.

       3.      Enter the Distinguished Name parts for a default SSL server PSE in the corresponding fields. For the default SSL server PSE, use a wildcard character (*) as the host name in the Name field. For example:

¡        Name = *.mycompany.com

¡        Org. (opt.) = Test

¡        Comp./Org. = MyCompany

¡        Country = US

If you want to use a reference to a CA name space, then elements contained in the CA's name space are automatically used for the server's Distinguished Name. In addition, you cannot modify the Country field. Use the toggle function () to activate or deactivate the reference to a CA name space.

The system uses these components to build a default Distinguished Name to use for a system-wide PSE, as well as for building the server-specific names for individual PSEs.

The SSL Server screen then appears. In this screen, you can decide whether the individual application servers should use the default Distinguished Name and system-wide SSL server PSE or individual PSEs. The default Distinguished Name appears in the Default PSE DN field. The server-specific Distinguished Names appear in the table in the Distinguished Name column.

       4.      If necessary, modify or delete any of the individual application server's Distinguished Names to meet you own needs.

For example:

¡        Delete the Distinguished Name entry for any servers that should receive the default Distinguished Name.

¡        Assign the same Distinguished Name to all servers that are to be accessed via a NAT.

¡        Modify the Distinguished Name to adhere to your CA's naming convention (for example, adding an attribute such as L=).

If the system could not determine a Distinguished Name for the server, then an error has occurred either in the connection or the target server’s configuration is not set up correctly.

       5.      Choose Enter.

You return to the Trust Manager screen.

Result

The system creates the SSL server PSEs and distributes them to the individual application servers.

http://wiki.sdn.sap.com/wiki/display/EP/Configuring+the+Use+of+SSL+on+the+SAP+J2EE+Engine  by Bala Duvvuri

Configuring the Use of SSL on the SAP J2EE Engine

 Deploying the SAP Java Cryptographic Toolkit

Prerequisites

1. You have obtained the SAP Java Cryptographic Toolkit package that corresponds to your SAP J2EE Engine release.

2. This package is available on the SAP Service Marketplace at service.sap.com/download under Download ® SAP Cryptographic Software.

3.  The SAP Java Cryptographic Toolkit package contains the corresponding Software Delivery Archives (SDAs) for both J2SE 1.3.x and J2SE 1.4.x. The SDAs contain the file iaik_jce.jar, which replaces the export version of the toolkit iaik_jce_export.jar.

4.    If you use J2SE 1.4 or higher, then you also have to install and use the unlimited strength jurisdiction policy files from your J2SE vendor to be able to use the strong cryptography functions used by the Secure Storage and SSL Provider services. (Per default, only limited policy files are delivered with the J2SE 1.4 packages.)

The use of these policy files can underlie import regulations. Make sure you are allowed to use these files before you download and install them.

The policy files you use need to be provided by the same vendor as your J2SE package.

The policy files to use with the Sun Java Development Kit are available from Sun Microsystems, Inc. at java.sun.com.

For other vendors, see their corresponding documentation.

-         The SAP J2EE Engine and the Software Deployment Manager (SDM) are running.
    Goto the link : service.sap.com/download     

Procedure

     1.      Unpack the SAP Cryptographic Toolkit package into a local directory.

      2.      Using the SDM Remote GUI, connect to the SAP J2EE Engine and deploy the SAP Java Cryptographic Toolkit SDA that applies to your J2SE version (1.3.x or 1.4.x).

For more information about using the SDM see the Software Deployment Manager in the Development Manual.

http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm  RUN cmd and do the below;

The SAP Java Cryptographic Toolkit package contains the corresponding Software Delivery Archives (SDAs) for both J2SE 1.3.x and J2SE 1.4.x. The SDAs contain the file iaik_jce.jar, which replaces the export version of the toolkit iaik_jce_export.jar. (depending on the JDK you have installed during the installation of the portal use the appropriate version)

Deploy the SDA files as shown below:

1/2

2/2 You can now change the startup mode for the SSL Provider so that it automatically starts when the server is started. Use the Configuration Adapter in the Visual Administrator and set the startup mode to Always instead of Manual. For more information, see Changing the Startup Mode for the SSL Provider.

      3.      Restart the J2EE dispatcher and server. Also restart any tools such as the Visual Administrator or the Config Tool that are running.

You can verify that the correct library has been loaded underDispatcher  ®Libraries_ _ ® core_lib in the Visual Administrator. The iaik_jce.jar should be included in the list of loaded jars and not iaik_jce_export.jar. 

Result

The SAP Java Cryptographic Toolkit replaces the export version of the toolkit on the J2EE dispatcher and server.

You should periodically check for an updated version of this library on the SAP Service Marketplace, for example, when you install support packages.      Go to the Visual Administrator and generate the corresponding SSL keystore certificates.

Generate a certificate signing request. Select your entry, choose Generate CSR Request and save it to a file.

4.     If the corresponding certificate has not yet been signed by a CA, then:

                          a.      Generate a certificate signing request. Select your entry, choose Generate CSR Request and save it to a file.

                           b.      Send the certificate signing request to a CA to be signed.

The exact procedure to use depends on the CA that you use. For the SAP CA, follow the instructions provided by the SAPTrustCenter Service at service.sap.com/tcs.

                           c.      Save the certificate request response to a file in the file system. Use the extension.crt(DER-encoded or Base-64 encoded) or .cert (Base-64 encoded).

                           d.      Import the corresponding certificate request response. Choose Import CSR Response and load the response from the file system.

For more information about managing keys and certificates in the Key Storage service,     Go to the following link

service.sap.com/tcs.

           Send the certificate signing request to a CA to be signed.

The exact procedure to use depends on the CA that you use. For the SAP CA, follow the instructions provided by the SAPTrustCenter Service at service.sap.com/tcs              Since the file is "save as type - text document and u need to save it as . cert use the double quotes. The SSLCERT is shown above.                                     Check the link to determine if the SSL is working or not:

1. Use the URL https instead of the http.    Hence the SSL is set up for the J2ee server. 2.   If SSL is configured correctly, then the SAP J2EE Engine's start page appears in your Web browser. Many Web browsers also display a lock in their footer. Select the lock with a double-click to view the server's certificate.           3. Also test by using the following URL: Test the SSL connection with https://: For eg: https://localhost:50001 URL with SSL    For more information check the following link :

http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm 

http://help.sap.com/SAPHELP_470/Helpdata/EN/d8/a922d7f45f11d5996e00508b5d5211/content.htm

SAP Web Dispatcher and SSL Unlike HTTP, with HTTPS (end-to-end SSL) the SAP Web dispatcher cannot read any request data and therefore cannot interpret any session cookies that may be available (with stateful applications). The necessary information for forwarding the request to the correct server is therefore missing. The SAP Web dispatcher cannot decide whether the request belongs to a stateless or a stateful application.
As a result, the SAP Web dispatcher forwards the encoded data unchanged to the application server, where the data is finally decoded.
The only distinguishing criterion that is available to the SAP Web dispatcher is the client IP address. As a result, the SAP Web dispatcher manages a mapping table between the client IP address and the application server. If a request from a client IP address is sent to application server X, all subsequent requests from this client IP address must also be sent to this sever, since it could well be a stateful application. Load balancing therefore only takes place upon the very first client request.ProblemsThis process hides the following problems.

• All companies use proxies. This means that requests that are sent via a proxy are sent to one server. As a result, this cancels load balancing with the first request.
• Large companies use several parallel proxies (which in turn also balance load) as access to the Internet. This means that a request from the same client is sent via proxy A, and a later request from the same client, belonging to the same session, is sent via proxy B to the SAP Web dispatcher, and therefore has a different client IP address.

SolutionYou can use profile parameter wdisp/HTTPS/sticky_mask to group several client IP addresses into a logical address. Profile Parameter of the SAP Web Dispatcher describes the exact functions of this parameter.
The default is: Mask 255.255.240.0 is joined with the real IP address UND; this hides the lowest 12 Bits, that is, 124.94.55.1 and 124.94.55.99 are then interpreted as the same.Mapping TableThe mapping table, which is used by the SAP Web dispatcher to manage client IP addresses and the application severs that are assigned, has the following properties.

• The size of the mapping table depends on the sticky mask. The more bits that are hidden, the smaller the mapping table becomes. Profile parameter wdisp/HTTPS/max_client_ip_entries defines the maximum number of entries that this table can hold. Profile Parameter of the SAP Web Dispatcher describes the exact functions of this parameter.

Note: If the mapping table is full, that is, the value of wdisp/HTTPS/max_client_ip_entries has been reached, the SAP Web dispatcher no longer balances the load! The parameter should therefore always be set according to your needs and resources.

• There is no timeout for the entries in the mapping table. If a server is shut down, the context is deleted on this server. The system looks for a new server for the client IP address.

Selecting a Suitable Application ServerHTTP-Enabled Application ServerWith parameter wdisp/HTTPS/dest_logon_group (see Profile Parameter of the SAP Web Dispatcher) you define a logon group with HTTPS-enabled application servers, to which all HTTPS request are then sent.
ABAP or J2EE ServerSince the SAP Web dispatcher cannot decide whether a request should be processed by an ABAP or a J2EE server, all servers in the logon group for HTTPS requests must provide the same services. Of course, all servers must be HTTPS-enabled, and one of the following points must apply:

• All servers offer J2EE and ABAP
• All servers offer ABAP only
• All servers offer J2EE only

SSL in Portal

change to more friendly URL in Enterprise Portal
see https://www.sdn.sap.com/irj/sdn/wiki?path=/display/EP/Change+Portal+URL&
keystep are following from Visual Administrator / J2EE admin:
- Cluster ->Dispatcher ->services->HTTP Provider
- Cluster->server->services->HTTP provider
to change port to 80 or 81 (HTTPS/SSL) and remove /irj/portal in the URL


Ports in using SSL
see https://www.sdn.sap.com/irj/sdn/wiki?path=/display/EP/Port+Numbers%2C+SSL%2C+and+Message+Servers& for reference
Key points:
- xx as in JCxx is java instance number
- yy as in SCSyy as central instance number (central service)
- in Web AS Java server: HTTP/HTTPS 5xx00/5xx01, java dispatcher or message server is 81yy (not xx)
- in Web AS ABAP server: HTTP and HTTPS is defined in RZ10 instance profile
- for more about double stack server (ABAP+Java), visit the reference

free bonus: Keywords for SSO in Portal using Active Directory
- keytab file, import certificate, principal name
- Active Directory Service / ADS, KDC / Kerberos Domain Controller
- a. KDC b. J2EE etc. c. frontend and web browser

Download SAP software while sharing connection

I am downloading SAP software using unlimited GPRS connection from Centrin XL, however the bandwith is quite slow but i can still share the connection and open around 5 browser.

In Jakarta and remote area such as Bogor and Sukabumi, this Centrin XL internet connection is quite stable and even faster with bandwith limitation up to 64Kbps (kilo bit not kilo byte). My download using SAP Download manager which connect to http://service.sap.com/swdc (SAP software repositories), this SAP download manager has capability of resuming broken download. In case of antivirus download, I can download around 10-15MB of antivirus update successfully without such download manager and taking around 1 hour.

I also share my GPRS internet connection using Wifi without UTP network cable with following step
- laptop A has unlimited internet connection using GPRS Centrin XL, will share its internet connection into B
- turn off firewall software first
- one time configuration in my wireless network adapter in laptop A: IP configuration , IP address = 192.168.0.1 subnet mask = 255.255.255.0 gateway = empty
- one time configuration in my wireless network adapter in laptop B: IP configuration is automatic
- turn on WiFi in laptop A
- one time configuration in laptop A: create Ad Hoc network NET (device to device) in WiFi with WEP-64 bit personal security and key is abcde
- in laptop A, connect to Wifi network NET
- turn on Wifi in laptop B
- open Wifi manager in laptop B, search Wifi network, add / join / connect to network NET. Laptop B will have IP address 192.168.0.2 automatically
- test from laptop B: ping 192.168.0.1 , this command should have reply not time out.
- run your internet browser (firefox, internet explorer) from laptop B