advanced data synchronization framework for mobile asset
TRANSCRIPT
Configuration Guide
Document Version: 1.0 – Final
Date: June 26, 2015
CUSTOMER
Advanced Data Synchronization Framework For
Mobile Asset Management 1.0
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 2
Typographic Conventions
Type Style Description
Example Words or characters quoted from the screen. These include field names, screen titles,
pushbuttons labels, menu names, menu paths, and menu options.
Textual cross-references to other documents.
Example Emphasized words or expressions.
EXAMPLE Technical names of system objects. These include report names, program names, transaction
codes, table names, and key concepts of a programming language when they are surrounded
by body text, for example, SELECT and INCLUDE.
Example Output on the screen. This includes file and directory names and their paths, messages,
names of variables and parameters, source text, and names of installation, upgrade and
database tools.
Example Exact user entry. These are words or characters that you enter in the system exactly as they
appear in the documentation.
<Example> Variable user entry. Angle brackets indicate that you replace these words and characters with
appropriate entries to make entries in the system.
EXAMPLE Keys on the keyboard, for example, F2 or ENTER .
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 3
Document History
Version Status Date Change
1.0 Final 2015-06-26 First Documentation Release
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 4
Table of Contents
1 About This Document ............................................................................................................... 6 1.1 Purpose and Scope ........................................................................................................................................... 6 1.2 Target Audience ................................................................................................................................................ 6 1.3 Glossary ............................................................................................................................................................ 6 1.4 Related Information ........................................................................................................................................... 7 1.5 Important SAP Notes ......................................................................................................................................... 8
2 Solution Overview ..................................................................................................................... 9 2.1 System Landscape ............................................................................................................................................ 9 2.2 Implementation and Configuration – Basic Settings ........................................................................................ 10
3 Solution Manager Information ............................................................................................... 11 3.1 Project Administration ...................................................................................................................................... 11
3.1.1 System and Application Landscape ................................................................................................. 11 3.1.2 Documentation of Background Jobs ................................................................................................ 12
3.2 Configuration Details ....................................................................................................................................... 12 3.2.1 MobiLink Server Setup..................................................................................................................... 13 3.2.2 SAP NetWeaver Gateway Setup ..................................................................................................... 17 3.2.3 SAP Work Manager Add-On Setup.................................................................................................. 19 3.2.4 SAP Plant Maintenance and EAM Setup ......................................................................................... 20
3.3 Assigning Users to Territories.......................................................................................................................... 20
4 Security Information ............................................................................................................... 21 4.1 User Management ........................................................................................................................................... 21
4.1.1 User Administration and Authentication ........................................................................................... 21 4.1.2 User Authorization ........................................................................................................................... 22 4.1.3 User Creation and Authorization Assignment .................................................................................. 22 4.1.4 User Management Tools.................................................................................................................. 23
4.2 Security Aspect of Data Flow and Processes .................................................................................................. 23 4.3 Cross-Site Request Forgery Protection ........................................................................................................... 24 4.4 Privacy and Data Protection ............................................................................................................................ 24 4.5 Security-Relevant Logging and Tracing ........................................................................................................... 24
5 Operations Information........................................................................................................... 25 5.1 Monitoring ........................................................................................................................................................ 25 5.2 Troubleshooting ............................................................................................................................................... 25 5.3 Administration and Management ..................................................................................................................... 26
5.3.1 Periodic Tasks for MobiLink ............................................................................................................. 26 5.3.2 Periodic Tasks for SAP NetWeaver Gateway .................................................................................. 28 5.3.3 Load Balancing and Scalability ........................................................................................................ 28 5.3.4 High Availability................................................................................................................................ 29
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 5
Table of Figures
Figure 1 - System Landscape ................................................................................................................................... 10
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 6
1 About This Document
1.1 Purpose and Scope
This configuration guide provides a central starting point for the technical implementation and configuration of the
advanced data synchronization framework for mobile asset management. It describes all configuration activities
necessary for the implementation and configuration of the solution. It is not meant to be an installation document.
Refer to the appropriate installation notes for instructions on how to install the underlying software.
1.2 Target Audience
This document is intended for the following target audiences:
Consultants
Partners
Customers
System administrators
1.3 Glossary
Term Abbreviation Definition
data source name DSN The logical name that is used by Open Database
Connectivity to refer to the drive and other information
that is required to access data.
Lightweight Directory Access
Protocol
LDAP A software protocol for enabling anyone to locate
organizations, individuals, and other resources such as
files and devices in a network.
MobiLink A sub-component of SAP SQL Anywhere. It is a session-
based synchronization technology for exchanging data
between relational databases and other non-relational
data sources.
Open Database Connectivity ODBC A Microsoft application programming interface used to
access databases on networks based on a common
language.
SAP ECC SAP ERP Central Component
SAP Plant Maintenance SAP PM The measures taken to maintain operational systems in
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 7
Term Abbreviation Definition
working order, for example, machines or production
installations.
According to DIN 31051, maintenance comprises the
following activities:
Inspection - All measures that determine the actual
condition of a technical system
Maintenance - All measures that maintain the ideal
condition of a technical system
Repair - All measures that restore the ideal
condition of a technical system
SAP SQL Anywhere SAP database including MobiLink client and web server.
SAP Work Manager SMERP
SMFND
An SAP mobile application that allows remote workers to
access, transfer, complete and manage their assigned
work orders and service requests. The components
SMERP and SMFND are the ABAP add-ons for SAP
Work Manager.
Workflow A sequence of automated logical steps using the
evaluation of conditions to assign work items to
approvers based on the hierarchical information flow and
corresponding approval process of a company.
1.4 Related Information
You can find related information in the following resources:
Resource Location
SAP Work Manager 6.2 Configuration Guide http://service.sap.com/instguides
→ SAP Mobile → SAP Work Manager → SAP Work Manager
6.2
SAP Work Manager 6.2 Add-On Component
Installation Guide
http://service.sap.com/instguides
→ SAP Mobile → SAP Work Manager → SAP Work Manager
6.2
MobiLink Server Administration 16.0 http://dcx.sap.com/index.html#sa160/en/mlserver/mlserver16.ht
ml
MobiLink Synchronization with High Availability
Databases
http://scn.sap.com/docs/DOC-41601
SAP NetWeaver Gateway Configuration Guide http://help.sap.com → Technology → SAP Gateway →
Application Help → Support Package Stack 08 → SAP
NetWeaver Gateway Configuration Guide
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 8
Resource Location
SAP NetWeaver Gateway Installation Guide
http://help.sap.com → Technology → SAP Gateway →
Application Help → Support Package Stack 08 → SAP
NetWeaver Gateway Installation Guide
SAP NetWeaver Gateway Master Guide http://help.sap.com → Technology → SAP Gateway →
Application Help → Support Package Stack 08 → SAP
NetWeaver Gateway Master Guide
SAP NetWeaver Gateway Developer Guide http://help.sap.com → Technology → SAP Gateway →
Application Help → Support Package Stack 08 → SAP
NetWeaver Gateway Developer Guide
SAP NetWeaver Gateway Technical Operations
Guide
http://help.sap.com → Technology → SAP Gateway →
Application Help → Support Package Stack 08 → SAP
NetWeaver Gateway Technical Operations Guide
SAP NetWeaver Application Server ABAP
Security Guide
http://help.sap.com → Technology → SAP NetWeaver Platform
→ Security Guide → Security Guides for the AS ABAP → SAP
NetWeaver Application Server ABAP Security Guide
Note that the versions referenced in this table are the lowest supported versions. If you use a higher version, for
example, NetWeaver Gateway 2.0 Support Package Stack 10, see the corresponding documentation.
1.5 Important SAP Notes
Recommendation
Make sure that you read the SAP Notes before you start implementing the software. The SAP Notes contain
the latest information about the installation as well as corrections to the installation information.
Also make sure that you have the up-to-date version of each SAP Note, which is available on SAP Service
Marketplace at https://service.sap.com/notes.
SAP Note Number Title Description
2181738 Release strategy for the ABAP
add-on advanced data
synchronization for mobile asset
management
This SAP Note provides information about planning the
installation and upgrades of the ABAP add-on for the
advanced data synchronization framework for mobile
asset management.
2182561 Advanced data synchronization
framework for mobile asset
management - Middleware
Installation Note
This SAP Note provides information about planning the
installation and upgrades of the non-ABAP components
for the advanced data synchronization framework for
mobile asset management.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 9
2 Solution Overview
The advanced data synchronization framework for mobile asset management enables timely and accurate entry of
data and ensures that both backend and front-end systems have the latest information. It allows data from SAP PM
to be synchronized in an optimized and scalable manner. This framework allows inspectors to access data even
when they are not connected to the central SAP PM system.
The advanced data synchronization framework for mobile asset management provides the following features:
Fast and reliable synchronization of SAP PM business objects, (for example, assets, work orders, and
notifications) based on supervisor or inspector territory
Full offline support, with efficient synchronization with the SAP backend to support large data volumes
The data from SAP PM is transferred to and from a database using the following SAP components:
SAP PM
SAP Work Manager 6.2
SAP NetWeaver Gateway 2.0
MobiLink 16.0
SAP SQL Anywhere 16.0
The following SAP PM business objects are used:
Work orders
Notifications
Technical objects (functional locations and equipment) and classifications
Catalog profiles and code groups
Measuring points and measurement documents
2.1 System Landscape
The diagram below shows the high-level structure and interaction of the required components of the advanced data
synchronization framework for mobile asset management. This architecture can be leveraged to support mobile
inspection scenarios for SAP Plant Maintenance (structures, tracks, signals and so on) with a large number of users
and data volumes.
Recommendation
We strongly recommend that you use a minimal system landscape for test and demo purposes only. For
reasons of performance, scalability, high availability, and security, do not use a minimal system landscape as
your productive landscape. For more information about creating productive system landscapes, see SAP
Service Marketplace at https://service.sap.com.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 10
2.2 Implementation and Configuration – Basic Settings
After installing the required components referred to in the SAP Notes in section 1.5, carry out the following activities:
1. Configure SAP Work Manager on SAP ECC and activate permissions.
2. Configure SAP NetWeaver Gateway.
3. Configure the MobiLink synchronization server.
4. Run MobiLink server scripts.
Figure 1 - System Landscape
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 11
3 Solution Manager Information
3.1 Project Administration
The advanced data synchronization framework for mobile asset management can either be documented in a
separate project or embedded in an existing implementation project.
The documentation language must be English. Documents to be uploaded into SAP Solution Manager must have a
commonly readable format (PDF is recommended).
3.1.1 System and Application Landscape
The following systems are the basis for advanced data synchronization framework for mobile asset management:
Component Version Software Component
SAP ECC / Plant
Maintenance
6.0 SAP ERP 6.0 SP15 (or higher) with EhP0 (or higher)
Mobile Add-On for ERP
6.10 SP04 See SAP Note 1962948.
This add-on contains the following ABAP add-on
software components:
SAP Work Manager 6.2: SMERP 610_700 SP04.
See SAP Note 1936034.
Mobile Integration Framework Foundation: SMFND
610_700 SP04
SAP NetWeaver
Gateway
2.0 SP08 or above Software components depend on the deployment
options.
For more information about installing SAP NetWeaver
Gateway components, see SAP Help Portal at
http://help.sap.com → Technology → SAP Gateway →
Application Help → Support Package Stack 08 → SAP
NetWeaver Gateway Installation Guide → Installation
Prerequisites.
Note: Refer to the version relevant to your
software component.
For more information about the deployment options
available for SAP NetWeaver Gateway, see SAP Help
Portal at http://help.sap.com → Technology → SAP
Gateway → Application Help → Support Package Stack
08 → SAP NetWeaver Gateway Master Guide →
Deployment Options.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 12
Component Version Software Component
Note: Refer to the version relevant to your
software component.
MobiLink Server 16.0 Included in the SAP SQL Anywhere package
Microsoft SQL Server
(optional)
Server 2012
Oracle JDK 1.7
3.1.2 Documentation of Background Jobs
The following background job is used for the advanced data synchronization framework for mobile asset
management.
3.1.2.1 Update Template Databases
To update the template databases with the latest from the SAP ECC system, you must create a background job on
the MobiLink server. To download the delta changes of the master and transactional data for the day, MobiLink runs
the script version ML2014R1. This process is run on the application server as a regular Windows task (or Control-M).
Use the following command to run the process:
ant startsyncPwd -DsyncUser=user -DsyncUserPwd=password
In this command, user is the master account user and password is the master account password.
3.2 Configuration Details
The advanced data synchronization framework for mobile asset management requires some specific setup. The
system comes pre-configured but there are some settings that you can configure according to your business needs.
You must also set up the background jobs that perform the synchronization with the remote sites.
SAP Work Manager 6.2 must be installed on the ECC system (components SMFND and SMERP). The advanced data
synchronization framework for mobile asset management solution is based on, and is an extension of SAP Work
Manager 6.2.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 13
3.2.1 MobiLink Server Setup
3.2.1.1 Creating a New Database in SQL Server
1. Open the SQL Server Management Studio.
2. In the Authentication field, select Windows Authentication and choose Connect.
3. In the Object Explorer, right-click Databases and choose New Database.
4. In the New Database window, in the Database name field, enter EAM_DB and choose OK.
3.2.1.2 Creating a New User with Full Access to the
New Database
1. In the Object Explorer, expand the Security folder. Right-click Logins and choose New Login…
2. In the Login - New window, in the Login name field, enter mobilink.
3. In the Password and Confirm password fields, enter a password.
4. In the Default database field, select EAM_DB. Choose OK.
5. In the Object Explorer, expand the Security folder. In the Logins folder, right-click mobilink and choose
Properties.
6. In the Login Properties - mobilink window, select EAM_DB and choose OK. The Select Schema window is
displayed.
7. Choose Browse. Select [dbo] and choose OK.
3.2.1.3 Creating a System DSN with EAM_DB as the
Default Database
1. Open ODBC Data Source Administrator (64 bit).
2. On the ODBC Data Source Administrator window, choose the System DSN tab.
3. Select the EAM_consolidated data source and choose Add.
4. On the Create New Data Source window, select SQL Server Native Client 11.0 and choose Finish. The Microsoft
SQL Server DSN Configuration window is displayed.
5. In the Name field, enter EAM_consolidated.
6. In the Description field, enter EAM_DB Connection.
7. In the Server field, select (local) and choose Next.
8. Select the With SQL Server authentication using a login ID and password entered by the user radio button.
9. In the Login ID field, enter mobilink.
10. In the Password field, enter your password and choose Next.
11. Select the Change the default database to checkbox and select EAM_DB.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 14
12. Ensure the Use ANSI quoted identifier and Use ANSI nulls, paddings and warnings checkboxes are selected and
that the Application intent is set to READWRITE. Choose Next.
13. Ensure the Perform translation for character data checkbox is selected and choose Finish.
14. Choose Test Data Source. If the test fails, perform steps 15 - 17.
15. Open SQL Server Configuration Manager.
16. On the Sql Server Configuration Manager window, expand SQL Server Network Configuration. Select Protocols
for MSSQLServer and ensure that TCP/IP is enabled.
17. To restart the service, select SQL Server Services. Right-click SQL Server and choose Restart.
3.2.1.4 Accessing the Extracted Files
For the following steps, you must access the files you extracted when you downloaded the advanced data
synchronization framework for mobile asset management software (SAP Note 2182561).
3.2.1.5 Editing the build.xml File
In the <Installation drive>:\mobilink\eam folder, enter your own values for the following properties in the build.xml file:
<property name="cons.host"/>
<property name="cons.pwd"/>
<property name="ml.host"/>
3.2.1.6 Maintaining the Backend Endpoint
Maintain the backend endpoint URL parameters in the configuration file root\cons\bin\MLSyncScript.cfg. This
corresponds to the SAP NetWeaver Application Server ABAP system where SAP NetWeaver Gateway is running.
The following table shows the parameters that must be maintained (with sample values) to maintain the backend
endpoint:
Parameter/Value Description
endpointUrl=server.domain.com Fully Qualified Domain Name (FQDN) of the system
endpointPort=80000 HTTP or HTTPS port numbers of the central instance of
the system
sapClient=300 Client number of the system
oDataPath=/sap/opu/odata/DSFW/
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 15
3.2.1.7 Creating a MobiLink Server Service in Sybase
Central
1. Open Sybase Central, right-click on the Services tab, and choose New → Service…. The Create Service Wizard
window is displayed.
2. Enter EAMML and choose Next.
3. Select MobiLink Server and choose Next.
4. Enter the following parameters and choose Next.
-c dsn=EAM_Consolidated;uid=mobilink;pwd=<password> -x tcpip(port=5555) -ftr
<Installation drive>:\mobilink\eam\ftr\download -ftru <Installation
drive>:\mobilink\eam\ftr\upload -o <Installation
drive>:\mobilink\eam\cons\logs\ml.log -on 2M -zu+ -zp -dl -zw 0 -w 25 -v -zs
ML_EAM_DEV -sl java(-DscriptConfig=<Installation
drive>:\mobilink\eam\cons\bin\MLSyncScript.config) -sl java(-cp <Installation
drive>:\mobilink\eam\cons\bin\MEAMScripts.jar
5. Select the Local system account radio button and choose Next.
6. Select the Automatic radio button and choose Next.
7. Select the Start the service now checkbox and choose Finish.
3.2.1.8 Checking for Errors
Open Command Prompt as administrator. In the root directory of the project (where the build.xml file is located), run
the following commands:
ant create_cons_from_scratch_prod > output.txt
(Validate that there are no errors in the output.txt file)
ant build_sync_logic > output.txt
(Validate that there are no errors in the output.txt file)
3.2.1.9 Parameters
By default the following configuration is provided. You can change some of the parameters according to your own
requirements.
ANT Properties Description
cons.host, cons.port, cons.uid, cons.pwd, cons.instance,
cons.db.consolidated, cons.dsn
MSSQL consolidated ESM database instance
environment
ml.www, ml.dev.host, ml.dev.localhost Possible MobiLink host, ml.www which connects to the
outside address mobilink.ecolab.com
ml.tcpip.port, ml.http.port, ml.http.rs_port, ml.https.port, The listening port for the MobiLink stream ml.www
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 16
ANT Properties Description
ml.https.rs_port typically uses ml.https.rs_port which is port 443
ml.host, ml.port ml.host and ml.port are the settings that are used in the
MobiLink server setup and the MobiLink client
subscription setup. They should be set based on the
above two sets of properties.
ml.scriptVersion MobiLink script version is used for adding remote
database subscription.
ml.farm The MobiLink server farm listed in the Relay Server
configuration file
ml.url_suffix Used by the MobiLink client synchronization
subscription setup, where ml.host and ml.port point to
the Relay Server, and the url_suffix load ISAPI handler
redirects the MobiLink synchronization stream to the
appropriate MobiLink server farm.
ml.syncUser This is the synchronization user, which is also known as
the domain user. This is set up by an ANT input
parameter, for example, ANT build_remote –
DsyncUser=TABHD1.
ml.syncUserDivision This is the division of the synchronization user. This is
set up by an ANT input parameter. This parameter is
only used by the deployment_template_db target. The
following is an example: ANT deployment_template_db
–DsyncUser=TABHD1 –Ddivision=DIV010
ml.debugLevel MobiLink server debug level (-v switch)
ml.log MobiLink server log file location
ml.jar.dir MobiLink JAR directory; this is used to locate
mlscript.jar which is used by the LDAP authenticator.
sql.cons.dir SQL directory for consolidated database SQL scripts
sql.cons.install_ml MobiLink system table installation scripts.
Sql.cons.named_param, sql.cons.named_param_init,
sql.cons.named_param_temp_init,
sql.cons.named_param_download_only,
sql.cons.named_param_upload_recover
Named parameters to populate ml_columns for upload
tables.
build.cons.sync_logic Points to build.xml itself.
build.cons Points to build_cons.xml which is generated from
SyncObjectGenerator.
build.remote_db Points to the remote build file which is build_rem.xml.
Build.cons.sync_support Points to the sync_support build file which is
build_cons_sync_support.xml.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 17
3.2.1.10 Preparing Template Databases
Data in the distributed environment is common to all employees within a territory. To provide scalability, the initial
loading of the common data is prepared in template databases, once for each territory.
These template databases are kept up-to-date via a periodic job. For example, if you were to deploy the database to
a new user using these template databases, updated via a nightly job, at worst, the common data would be one day
out of sync. A master account user is needed to create (and update) all the template databases.
Create the following remote database for each territory:
ANT build_remote –DsyncUser=DIV010
ANT build_remote –DsyncUser=DIV040
ANT build_remote –DsyncUser=...
Execute the following initial synchronization for each territory:
ANT startsync_template_init –DsyncUser=DIV010
ANT startsync_template_init –DsyncUser=DIV040
ANT startsync_template_init –DsyncUser=...
In this case, DIV010, DIV040 and so on denote territory IDs.
The template databases are updated with background jobs (see section 3.1.2).
3.2.2 SAP NetWeaver Gateway Setup
You must configure NetWeaver Gateway as described in the SAP NetWeaver Gateway Configuration Guide. The
advanced data synchronization framework for mobile asset management accesses data from SAP ECC via OData
services exposed from the SAP NetWeaver Gateway.
3.2.2.1 Configuring Connection Settings from SAP
NetWeaver Gateway to SAP ERP
Configure the connection between SAP NetWeaver Gateway and the SAP ERP system, if you have not already
carried this out as part of the general NetWeaver Gateway configuration.
For more information, see SAP Help Portal at http://help.sap.com → Technology → SAP Gateway → Application
Help → Support Package Stack 08 → SAP NetWeaver Gateway Configuration Guide → OData Channel
Configuration → Connection Settings on the SAP NetWeaver Gateway Hub System → Connection Settings: SAP
NetWeaver Gateway to SAP Systems.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 18
3.2.2.2 Configuring Application Services
Configure the services used by the advanced data synchronization framework for mobile asset management as
follows:
1. In the SAP NetWeaver Gateway system, run the /IWFND/MAINT_SERVICE transaction.
2. Choose Add Service.
3. Enter the system alias for the target ERP system that you defined when you configured the connection between
SAP NetWeaver Gateway and the ERP system.
4. Choose Get Services and choose the service for the application by choosing its technical service name.
Note: The services of the application have technical names beginning with /DSFW/.
5. In the Add Service window, enter a package assignment if you wish to transport your changes, or alternatively
you can save as a local object. Save your changes.
6. Repeat steps 2 to 5 for each service of the application.
7. Return to the main screen of the /IWFND/MAINT_SERVICE transaction.
8. Check that all services of the advanced data synchronization framework for mobile asset management have
been activated.
For more information about activating and maintaining services, see SAP Help Portal at http://help.sap.com →
Technology → SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway
Development Guide → OData Channel → Basic Features → Service Life-Cycle → Activate and Maintain Services.
3.2.2.3 Activating Internet Communication Framework
Services
The OData services are managed by the Internet Communication Framework (ICF). When you add the services as
described in section 3.2.3.2, a new ICF service node called sap\opu\odata\dsfw is created automatically. All the ICF
services in this node must be activated. You can do this either in the SICF transaction, or directly in the
/IWFND/MAINT_SERVICE transaction.
You must also activate the sap\bc\ping service in the SICF transaction, and configure it to return an authentication
challenge. It is called by the MobiLink server to initiate a user connection, passing the user ID and password. If the
authentication is successful, the server generates a client certificate (SSO ticket) that is used in subsequent requests.
For more information, see section 4.2.
For more information about activating services with the SICF transaction, see SAP Help Portal at http://help.sap.com
→ Technology → SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway
Configuration Guide → Basic Configuration Settings → ICF Services.
For more information about activating services with the /IWFND/MAINT_SERVICE transaction, see SAP Help Portal
at http://help.sap.com → Technology → SAP Gateway → Application Help → Support Package Stack 08 → SAP
NetWeaver Gateway Development Guide → OData Channel → Basic Features → Service Life-Cycle → Activate and
Maintain Services.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 19
3.2.3 SAP Work Manager Add-On Setup
You must install SAP Work Manager using the SAINT and SPAM/SPAU transactions as described in the SAP Work
Manager 6.2 Add-On Component Installation Guide.
The advanced data synchronization framework for mobile asset management is delivered with a BC Set that is based
on SAP Work Manager and contains default configuration. As part of the implementation you can modify the field
selections and filter criteria. You can activate this BC Set using the SCPR20 transaction.
After you have installed SAP Work Manager, you must create a number range for statistics and monitoring.
The advanced data synchronization framework for mobile asset management uses the following SAP Work Manager
configuration:
Mobile Application Configuration (For more information, see section 3.8.2 of the SAP Work Manager 6.2
Configuration Guide)
o Mobile Status Setting
Here you can map the available mobile statuses that a mobile data object (MDO) supports on the client side.
If a user status also exists for the same object type, you can link it to the mobile status and the system
status.
Exchange Object Configuration (For more information, see section 3.11 of the SAP Work Manager 6.2
Configuration Guide)
o Technical Settings
Here you can configure basic settings for an exchange object.
o Change Detection Field Selection
Here you can optimize the change detection process for mobile applications. If a value change is detected
for any fields within the group, the object identifier is written to the exchange table, indicating that a change
has been made. If the Active checkbox is not selected for a field, any value changes made to that field are
not detected and therefore not recorded during the exchange process. By default, all fields are selected.
o Change Detection Condition Filter
Here you can restrict change detection based on data content. For exchange handlers to support this
feature, you must define data filter conditions which the underlying SAP business object must fulfil before the
change detection process is triggered. The condition is defined at the table field level and is in the SAP
range table format.
o Linkage Settings
Allows the exchange objects that are linked together to communicate with each other. The communication is
one-directional, with the exchange object sending information to the object(s) listed in the Linked Exchange
Objects List. When there is a value change to the exchange object, that value change information is passed
on to the linked exchange objects. The linked exchange objects then go through additional processes related
to the value change.
Mobile Data Object Configuration (For more information, see section 3.13 of the SAP Work Manager 6.2
Configuration Guide)
o General Settings
Here you can modify the general settings for a mobile data object.
o ResultSet Field Selection
When a field selector function is enabled for a class handler, the option to select fields for the GET method to
populate is available. The class handler is designed to be mobile application-neutral. It can supply more data
than the mobile application needs. Therefore, in order to preserve system performance, you can customize
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 20
field usage settings to only retrieve required data for the mobile application. This ability prevents the need to
develop a new class handler for each mobile application.
o Data Filter
When a data filter function is enabled for a class handler, you can define various types of filter rules to
control what data can be viewed by the mobile application based on a customer’s business process. In an
SAP environment, each user is assigned a role-based profile with authorization restrictions. These
authorization restrictions determine what data the user can view and what activities they can perform.
o Data Staging
If an application processes a large amount of objects, data staging the objects can help with processing
times. If an object is configured for data staging, the data within the object is stored as a package and is split
into packets. The data can contain metadata and tagging for easy lifecycle management and data lookup.
Standard APIs are provided for package management.
3.2.4 SAP Plant Maintenance and EAM Setup
The standard task list function module EAM_TASKLIST_GET_LIST requires that a logical system be maintained in
the table for maintaining system clients T000. The logical system is used for error logging purposes only. If the logical
system is not maintained, the task list services results in a short dump when called.
3.3 Assigning Users to Territories
In advanced data synchronization framework for mobile asset management, territories are defined as a combination
of the maintenance planner group and planning plant. These fields must be assigned to users via the following user
parameters in their user master record:
Parameter ID Description
IHG Maintenance planner group
IWK Maintenance planning plant
These parameters can be maintained by administrators or by users.
For more information about editing user options, see SAP Help Portal at http://help.sap.com → Technology → SAP
NetWeaver Platform → SAP NetWeaver 7.0 EHP2 → IT Scenarios at a Glance → Integrated User and Access
Management → Identity Management → User and Role Administration of AS ABAP → Administration of Users and
Roles → User Administration → Editing User Defaults and Options.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 21
4 Security Information
The advanced data synchronization framework for mobile asset management is based on the SAP ERP 6.0 (EHP 1
through EHP 7) PM component and SAP NetWeaver Gateway.
For more information about specific security-related topics, see the following resources on SAP Service Marketplace
or SDN:
Topic Quick Link on SAP Service Marketplace or SDN
Security http://service.sap.com/security
http://sdn.sap.com/irj/sdn/security
Platforms http://service.sap.com/platforms
Infrastructure http://service.sap.com/securityguide
→ Infrastructure Security
Related SAP Notes http://service.sap.com/notes
http://service.sap.com/securitynotes
SAP NetWeaver http://sdn.sap.com/irj/sdn/netweaver
For a complete list of available SAP Security Guides, see SAP Service Marketplace at
http://service.sap.com/securityguide.
4.1 User Management
4.1.1 User Administration and Authentication
Advanced data synchronization for mobile asset management uses the user management and authentication
functionalities provided by SAP NetWeaver, specifically by SAP NetWeaver Application Server ABAP. Most of the
security recommendations and guidelines for user administration and authentication described in the SAP NetWeaver
Application Server ABAP Security Guide also apply to this application, with the exception of some topics such as
authentication.
The SAP NetWeaver Application Server ABAP Security Guide contains the following information:
User management, including the user management concept, the tools used for user management, and the types
of users required
User authentication and single sign-on (SSO)
The authentication options supported and how they are integrated with SAP Single Sign-On
Authorizations and roles
An overview of the authorization settings, network and communication security, and standard authorization roles
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 22
Standard authorization objects
A summary of password-related security issues
Advanced data synchronization for mobile asset management has different user management concepts for different
systems, as follows:
Users in the backend system (SU01, PFCG)
Existing users are relevant for the backend system.
Users in SAP NetWeaver Gateway (SU01, PFCG)
In addition to having a user in the backend system, users also require a user ID for SAP NetWeaver Gateway,
with the same ID as the users in the backend system. The user requires authorizations that allow the services of
the application to be triggered in the backend.
If you create SAP NetWeaver Gateway users or copy them from the backend users, note that if you use SSO2
logon tickets to authenticate the requests from MobiLink on SAP NetWeaver Gateway, we recommend that you
copy the user without a password. This protects against attacks based on incorrect or insecure password
handling.
If users already exist in SAP NetWeaver Gateway, authentication can be carried out with the same credentials as
for the existing application.
To authenticate users, you can set up integration with your existing SSO solution based on SAP Logon Tickets. The
user name in the system that issues the logon must be the same as the user name for the Gateway system and
backend system.
4.1.2 User Authorization
A new authorization object /DSFW/RFC has been created for this solution. The authorization check is activated with
the BC Set for advanced data synchronization framework for mobile asset management. The authorization check
secures the RFCs that are called from SAP Work Manager.
The existing authorizations for the underlying SAP Work Manager and SAP PM functions are sufficient for securing
the transactions.
4.1.3 User Creation and Authorization Assignment
You must create users and assign authorizations to them as follows:
1. Create users in SAP NetWeaver Gateway and in the backend system.
2. Decide on your preferred method for handling user authentication and SSO.
3. Create dedicated authorizations for users in the SAP NetWeaver Gateway system.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 23
4.1.4 User Management Tools
For information about the tools used for user management and user administration with these applications, see SAP
Help Portal at http://help.sap.com → Technology → SAP NetWeaver Platform → SAP NetWeaver 7.0 EHP2 → IT
Scenarios at a Glance → Integrated User and Access Management → Identity Management → User and Role
Administration of AS ABAP.
4.2 Security Aspect of Data Flow and Processes
This section describes the security procedures and technology measures provided by SAP NetWeaver Gateway to
prevent unauthorized access and modification of data stored or processed by the system.
The following steps are an example of the security aspects that need to be considered when sending data between
the MobiLink server, SAP NetWeaver Gateway, and SAP ERP. In the example, the MobiLink server is sending an
OData request to update a template database using the technical user.
1. The MobiLink server calls an OData service over the HTTPS protocol to retrieve data that resides in the SAP
ERP backend system. The user name and password are provided in the request using basic authentication.
2. The NetWeaver Gateway server authenticates the user and generates a client certificate for the user in the
context and signs it with a certification authority (CA) certificate. The generated certificate is a short lived
certificate valid for a limited period (number of hours to days). The CA used for the certificate signing must be
trusted by SAP NetWeaver Gateway, and therefore it is stored securely on the MobiLink server.
3. The certificate is attached to the subsequent HTTPS call to SAP NetWeaver Gateway, which maps the
subject of the certificate to the user’s name, makes authorization checks, and processes the request. SAP
NetWeaver Gateway must have proper user mapping, and SAP NetWeaver Gateway users must be
assigned to their corresponding roles based on the SAP NetWeaver Gateway role templates.
4. The specific data is returned by the SAP ERP backend to SAP NetWeaver Gateway through the trusted
connection using RFCs.
5. SAP NetWeaver Gateway forwards the returned data to the web server, which in turn delivers it to the
MobiLink server.
If the certificate issued by SAP NetWeaver Gateway in step 2 is not signed by a certification authority, it must be
imported to the keystore of the MobiLink server as follows:
1. Export the certificate from the SAP NetWeaver Gateway server.
2. On the MobiLink server import the certificate to the MobiLink cacerts keystore, using the importcert command of
the keytool utility (or other third-party tool).
The importcert command must be executed from the <drive>:\Program Files\SQL Anywhere
16\Bin64\jre170\lib\security folder in the SAP SQL Anywhere installation.
For more information about keytool, see http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html.
Note: The keytool utility allows users to manage their own public/private key pairs and associated certificates
for use in self-authentication or data integrity and authentication services, using digital signatures. It also
allows users to cache the public keys (in the form of certificates) of their communicating peers.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 24
4.3 Cross-Site Request Forgery Protection
As well as using standard authentication and authorization mechanisms, SAP NetWeaver Gateway provides an
additional level of protection against Cross-Site Request Forgery (CSRF) attacks. Before sending a modifying request
to SAP NetWeaver Gateway (for example, a request to update a work order), the MobiLink server must first retrieve a
CSRF token by sending a non-modifying request (such as GET). The token received from SAP NetWeaver Gateway
is then added to the subsequent modifying requests by MobiLink in a HTTP request header field.
For more information, see SAP Help Portal at http://help.sap.com → at http://help.sap.com → Technology → SAP
Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway Security Guide → Session
Security Protection → Cross-Site Request Forgery Protection.
4.4 Privacy and Data Protection
Advanced data synchronization framework for mobile asset management does not store any personal information.
4.5 Security-Relevant Logging and Tracing
The security trace and log files of SAP ECC and SAP NetWeaver Gateway use the standard functionality of SAP
NetWeaver.
For more information, see section Auditing and Logging of the SAP NetWeaver Security Guide.
On the MobiLink server all synchronization activities are logged in the table SYNC_SUB_CTRL.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 25
5 Operations Information
Designing, implementing, and running your SAP solutions at peak performance 24 hours a day is vital for your
business success. This section contains important information on how to smoothly operate the advanced data
synchronization framework for mobile asset management. The major topics are monitoring, troubleshooting, and
administration. This section describes the tasks to execute and the tools to use.
The advanced data synchronization framework for mobile asset management is based on SAP ERP 6.0, SAP SQL
Anywhere (including MobiLink) and SAP Work Manager. Therefore, the general operations information that is
covered in the related operations guides also applies to the advanced data synchronization framework for mobile
asset management.
For a complete list of available SAP Operations Guides, see SAP Service Marketplace at
http://service.sap.com/instguides.
5.1 Monitoring
Monitoring for advanced data synchronization framework for mobile asset management consists of the following
topics:
SAP Work Manager
o User Monitor
o Communication Session Monitor
o Object Mobile Status Monitor
For more information, see section 4.5 of the SAP Work Manager 6.2 Configuration Guide.
MobiLink
o For more information about performance monitoring, see section MobiLink performance monitoring of the
MobiLink Server Administration 16.0 guide.
NetWeaver Gateway
o For more information about alert monitoring, see SAP Help Portal at http://help.sap.com → Technology →
SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway Technical
Operations Guide → Alert Monitoring with CCMS.
5.2 Troubleshooting
MobiLink
For more information about troubleshooting for MobiLink, see section MobiLink server log viewing of the
MobiLink Server Administration 16.0 guide.
NetWeaver Gateway
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 26
o For more information about trace and log files, see SAP Help Portal at http://help.sap.com → Technology →
SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway Technical
Operations Guide → Trace and Log Files.
o For more information about supportability, see SAP Help Portal at http://help.sap.com → Technology → SAP
Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway Technical
Operations Guide → Supportability.
5.3 Administration and Management
5.3.1 Periodic Tasks for MobiLink
5.3.1.1 Maintenance Tasks in the Consolidated
Database
General maintenance in the consolidated database should be executed in batch mode. Some of the cleanup process
can be managed within synchronizations, but that prolongs the network connection time during synchronizations.
The following are some of the elements that require regular maintenance:
Shadow tables in the consolidated database
Framework tables
Log files on the MobiLink server and relay server
Obsolete MobiLink synchronization scripts
5.3.1.2 Cleaning Up Shadow Tables in the Consolidated
Database
Rows in the shadow tables accumulate over time. You can delete rows in the shadow tables if the values are not
required by any remote database (determined by the successful synchronization of the oldest delinquent user). You
can delete the rows using the following SELECT statement:
SELECT MIN( NEXT_DOWNLOAD_TS ) FROM SYNC_USER
Alternatively, you can clean up the shadow tables using a set date, for example, anything older than two months. This
means that a client cannot be delinquent by more than two months. If a user has not synchronized for two months,
the client application forces users to start from the template database.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 27
5.3.1.3 Cleaning Up Framework Tables
The framework tables require maintenance. The following table lists the recommended cleanup methods:
Table Name Description
SYNC_SUB_CTRL In the remote databases, these records are deleted
using SYNC_OPTION RETENTION DAYS, which is
currently set to 45 days. In the consolidated database,
this information is useful for profiling synchronization
times for all users. A retention day value of three years
provides a proper year over year analysis.
SYNC_LOG In the remote databases these records are deleted
using SYNC_OPTION RETENTION DAYS, which is
currently set to 45 days. This value is used for
informational purposes only, and you may want to keep
the values for any number of days greater than 45 days.
SYNC_USER Can be removed if the laptop is out of commission.
SYNC_SQL_COMMAND Rows can be removed when a schema version is
retired.
SYNC_USER_COMMAND The data in this table is user-specific, so the rows can
be deleted after a user’s successful synchronization, or
the laptop is taken out of commission.
SYNC_OPTIONS None
SYNC_USER_OPTION The data in this table is user-specific, so the rows can
be deleted after a user’s successful synchronization, or
the laptop is taken out of commission.
SYNC_TABLE Tables participating in the synchronization; this is used
in user refresh and shadow table cleanup. If a table
becomes obsolete and no synchronization script version
references the shadow table, the row of that table can
be removed.
5.3.1.4 Cleaning Up Log Files
Log files are generated by the MobiLink server and by default are logged at minimum verbosity. When the file
reaches 4 MB in size, the old file is renamed and a new file starts. Over time, a process is required to delete these
files. By default the files are stored in the directory/logs.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 28
5.3.1.5 Removing Obsolete Synchronization Script
Versions
If the schema change of a new synchronization script version is implemented, the consolidated database may contain
multiple versions of the synchronization script. If all users have been upgraded, a script version can be removed from
MobiLink system tables. To identify the synchronization script versions that are being used by synchronization users,
run the following command:
SELECT DISTINCT CURRENT_SCRIPT_VER FROM SYNC_USER
To remove a MobiLink script version, run the following command:
DELETE
FROM ml_connection_script
FROM ml_connection_script
JOIN ml_script_version
ON( ml_connection_script.script_id = ml_script_version.script_id )
WHERE ml_script_version.name = ‘obsoleted_script_version’;
DELETE
FROM ml_table_script
FROM ml_table_script
JOIN ml_script_version
ON( ml_table_script.script_id = ml_script_version.script_id )
WHERE ml_script_version.name = ‘obsoleted_script_version’;
DELETE
FROM ml_script_version
WHERE ml_script_version.name = ‘obsoleted_script_version’;
5.3.2 Periodic Tasks for SAP NetWeaver Gateway
For more information about periodic tasks for SAP NetWeaver Gateway, see SAP Help Portal at http://help.sap.com
→ Technology → SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway
Technical Operations Guide → Periodical Tasks.
5.3.3 Load Balancing and Scalability
MobiLink synchronization is scalable, that is, a single server can handle thousands of simultaneous synchronizations,
and multiple MobiLink servers can be run simultaneously using load balancing.
If you determine that a single instance of MobiLink running on a dedicated server does not meet your performance or
availability requirements, you can use multiple MobiLink servers in a server farm.
Configuration Guide CUSTOMER
Advanced Data Synchronization Framework For Mobile Asset Management 1.0
Configuration Guide – Version: 1.0 – Final
June 26, 2015
© 2015 SAP SE or an SAP affiliate company. All rights reserved. 29
For example, you can use the Relay Server (included with SQL Anywhere) and multiple MobiLink servers. Another
option is to use a hardware load balancer, or application delivery controller, with multiple MobiLink servers.
Note: To use multiple MobiLink servers, you must purchase the separately licensed high availability option.
5.3.4 High Availability
To configure MobiLink synchronization to run in a high availability environment using an SQL Anywhere 10
consolidated database with SQL Anywhere 10 remote databases, and to remove single points of failure from a
synchronizing environment, see MobiLink Synchronization with High Availability Databases.
www.sap.com/contactsap
© 2015 SAP SE or an SAP affiliate company. All rights reserved.