advanced data synchronization framework for mobile asset

Configuration Guide

Document Version: 1.0 – Final

Date: June 26, 2015

CUSTOMER

Advanced Data Synchronization Framework For

Mobile Asset Management 1.0

Configuration Guide CUSTOMER

Advanced Data Synchronization Framework For Mobile Asset Management 1.0

Configuration Guide – Version: 1.0 – Final

June 26, 2015

© 2015 SAP SE or an SAP affiliate company. All rights reserved. 2

Typographic Conventions

Type Style Description

Example Words or characters quoted from the screen. These include field names, screen titles,

pushbuttons labels, menu names, menu paths, and menu options.

Textual cross-references to other documents.

Example Emphasized words or expressions.

EXAMPLE Technical names of system objects. These include report names, program names, transaction

codes, table names, and key concepts of a programming language when they are surrounded

by body text, for example, SELECT and INCLUDE.

Example Output on the screen. This includes file and directory names and their paths, messages,

names of variables and parameters, source text, and names of installation, upgrade and

database tools.

Example Exact user entry. These are words or characters that you enter in the system exactly as they

appear in the documentation.

<Example> Variable user entry. Angle brackets indicate that you replace these words and characters with

appropriate entries to make entries in the system.

EXAMPLE Keys on the keyboard, for example, F2 or ENTER .




June 26, 2015


Document History

Version Status Date Change

1.0 Final 2015-06-26 First Documentation Release




June 26, 2015


Table of Contents

1 About This Document ............................................................................................................... 6 1.1 Purpose and Scope ........................................................................................................................................... 6 1.2 Target Audience ................................................................................................................................................ 6 1.3 Glossary ............................................................................................................................................................ 6 1.4 Related Information ........................................................................................................................................... 7 1.5 Important SAP Notes ......................................................................................................................................... 8

2 Solution Overview ..................................................................................................................... 9 2.1 System Landscape ............................................................................................................................................ 9 2.2 Implementation and Configuration – Basic Settings ........................................................................................ 10

3 Solution Manager Information ............................................................................................... 11 3.1 Project Administration ...................................................................................................................................... 11

3.1.1 System and Application Landscape ................................................................................................. 11 3.1.2 Documentation of Background Jobs ................................................................................................ 12

3.2 Configuration Details ....................................................................................................................................... 12 3.2.1 MobiLink Server Setup..................................................................................................................... 13 3.2.2 SAP NetWeaver Gateway Setup ..................................................................................................... 17 3.2.3 SAP Work Manager Add-On Setup.................................................................................................. 19 3.2.4 SAP Plant Maintenance and EAM Setup ......................................................................................... 20

3.3 Assigning Users to Territories.......................................................................................................................... 20

4 Security Information ............................................................................................................... 21 4.1 User Management ........................................................................................................................................... 21

4.1.1 User Administration and Authentication ........................................................................................... 21 4.1.2 User Authorization ........................................................................................................................... 22 4.1.3 User Creation and Authorization Assignment .................................................................................. 22 4.1.4 User Management Tools.................................................................................................................. 23

4.2 Security Aspect of Data Flow and Processes .................................................................................................. 23 4.3 Cross-Site Request Forgery Protection ........................................................................................................... 24 4.4 Privacy and Data Protection ............................................................................................................................ 24 4.5 Security-Relevant Logging and Tracing ........................................................................................................... 24

5 Operations Information........................................................................................................... 25 5.1 Monitoring ........................................................................................................................................................ 25 5.2 Troubleshooting ............................................................................................................................................... 25 5.3 Administration and Management ..................................................................................................................... 26

5.3.1 Periodic Tasks for MobiLink ............................................................................................................. 26 5.3.2 Periodic Tasks for SAP NetWeaver Gateway .................................................................................. 28 5.3.3 Load Balancing and Scalability ........................................................................................................ 28 5.3.4 High Availability................................................................................................................................ 29




June 26, 2015


Table of Figures

Figure 1 - System Landscape ................................................................................................................................... 10




June 26, 2015


1 About This Document

1.1 Purpose and Scope

This configuration guide provides a central starting point for the technical implementation and configuration of the

advanced data synchronization framework for mobile asset management. It describes all configuration activities

necessary for the implementation and configuration of the solution. It is not meant to be an installation document.

Refer to the appropriate installation notes for instructions on how to install the underlying software.

1.2 Target Audience

This document is intended for the following target audiences:

Consultants

Partners

Customers

System administrators

1.3 Glossary

Term Abbreviation Definition

data source name DSN The logical name that is used by Open Database

Connectivity to refer to the drive and other information

that is required to access data.

Lightweight Directory Access

Protocol

LDAP A software protocol for enabling anyone to locate

organizations, individuals, and other resources such as

files and devices in a network.

MobiLink A sub-component of SAP SQL Anywhere. It is a session-

based synchronization technology for exchanging data

between relational databases and other non-relational

data sources.

Open Database Connectivity ODBC A Microsoft application programming interface used to

access databases on networks based on a common

language.

SAP ECC SAP ERP Central Component

SAP Plant Maintenance SAP PM The measures taken to maintain operational systems in




June 26, 2015


Term Abbreviation Definition

working order, for example, machines or production

installations.

According to DIN 31051, maintenance comprises the

following activities:

Inspection - All measures that determine the actual

condition of a technical system

Maintenance - All measures that maintain the ideal


Repair - All measures that restore the ideal


SAP SQL Anywhere SAP database including MobiLink client and web server.

SAP Work Manager SMERP

SMFND

An SAP mobile application that allows remote workers to

access, transfer, complete and manage their assigned

work orders and service requests. The components

SMERP and SMFND are the ABAP add-ons for SAP

Work Manager.

Workflow A sequence of automated logical steps using the

evaluation of conditions to assign work items to

approvers based on the hierarchical information flow and

corresponding approval process of a company.

1.4 Related Information

You can find related information in the following resources:

Resource Location

SAP Work Manager 6.2 Configuration Guide http://service.sap.com/instguides

→ SAP Mobile → SAP Work Manager → SAP Work Manager

6.2

SAP Work Manager 6.2 Add-On Component

Installation Guide

http://service.sap.com/instguides

→ SAP Mobile → SAP Work Manager → SAP Work Manager

6.2

MobiLink Server Administration 16.0 http://dcx.sap.com/index.html#sa160/en/mlserver/mlserver16.ht

ml

MobiLink Synchronization with High Availability

Databases

http://scn.sap.com/docs/DOC-41601

SAP NetWeaver Gateway Configuration Guide http://help.sap.com → Technology → SAP Gateway →

Application Help → Support Package Stack 08 → SAP

NetWeaver Gateway Configuration Guide



http://dcx.sap.com/index.html#sa160/en/mlserver/mlserver16.html

http://dcx.sap.com/index.html#sa160/en/mlserver/mlserver16.html

http://scn.sap.com/docs/DOC-41601

http://help.sap.com/




June 26, 2015


Resource Location

SAP NetWeaver Gateway Installation Guide

http://help.sap.com → Technology → SAP Gateway →


NetWeaver Gateway Installation Guide

SAP NetWeaver Gateway Master Guide http://help.sap.com → Technology → SAP Gateway →


NetWeaver Gateway Master Guide

SAP NetWeaver Gateway Developer Guide http://help.sap.com → Technology → SAP Gateway →


NetWeaver Gateway Developer Guide

SAP NetWeaver Gateway Technical Operations

Guide



NetWeaver Gateway Technical Operations Guide

SAP NetWeaver Application Server ABAP

Security Guide

http://help.sap.com → Technology → SAP NetWeaver Platform

→ Security Guide → Security Guides for the AS ABAP → SAP

NetWeaver Application Server ABAP Security Guide

Note that the versions referenced in this table are the lowest supported versions. If you use a higher version, for

example, NetWeaver Gateway 2.0 Support Package Stack 10, see the corresponding documentation.

1.5 Important SAP Notes

Recommendation

Make sure that you read the SAP Notes before you start implementing the software. The SAP Notes contain

the latest information about the installation as well as corrections to the installation information.

Also make sure that you have the up-to-date version of each SAP Note, which is available on SAP Service

Marketplace at https://service.sap.com/notes.

SAP Note Number Title Description

2181738 Release strategy for the ABAP

add-on advanced data

synchronization for mobile asset

management

This SAP Note provides information about planning the

installation and upgrades of the ABAP add-on for the

advanced data synchronization framework for mobile

asset management.

2182561 Advanced data synchronization

framework for mobile asset

management - Middleware

Installation Note

This SAP Note provides information about planning the

installation and upgrades of the non-ABAP components

for the advanced data synchronization framework for

mobile asset management.






https://service.sap.com/notes




June 26, 2015


2 Solution Overview

The advanced data synchronization framework for mobile asset management enables timely and accurate entry of

data and ensures that both backend and front-end systems have the latest information. It allows data from SAP PM

to be synchronized in an optimized and scalable manner. This framework allows inspectors to access data even

when they are not connected to the central SAP PM system.

The advanced data synchronization framework for mobile asset management provides the following features:

Fast and reliable synchronization of SAP PM business objects, (for example, assets, work orders, and

notifications) based on supervisor or inspector territory

Full offline support, with efficient synchronization with the SAP backend to support large data volumes

The data from SAP PM is transferred to and from a database using the following SAP components:

SAP PM

SAP Work Manager 6.2

SAP NetWeaver Gateway 2.0

MobiLink 16.0

SAP SQL Anywhere 16.0

The following SAP PM business objects are used:

Work orders

Notifications

Technical objects (functional locations and equipment) and classifications

Catalog profiles and code groups

Measuring points and measurement documents

2.1 System Landscape

The diagram below shows the high-level structure and interaction of the required components of the advanced data

synchronization framework for mobile asset management. This architecture can be leveraged to support mobile

inspection scenarios for SAP Plant Maintenance (structures, tracks, signals and so on) with a large number of users

and data volumes.

Recommendation

We strongly recommend that you use a minimal system landscape for test and demo purposes only. For

reasons of performance, scalability, high availability, and security, do not use a minimal system landscape as

your productive landscape. For more information about creating productive system landscapes, see SAP

Service Marketplace at https://service.sap.com.

https://service.sap.com/




June 26, 2015


2.2 Implementation and Configuration – Basic Settings

After installing the required components referred to in the SAP Notes in section 1.5, carry out the following activities:

1. Configure SAP Work Manager on SAP ECC and activate permissions.

2. Configure SAP NetWeaver Gateway.

3. Configure the MobiLink synchronization server.

4. Run MobiLink server scripts.

Figure 1 - System Landscape




June 26, 2015


3 Solution Manager Information

3.1 Project Administration

The advanced data synchronization framework for mobile asset management can either be documented in a

separate project or embedded in an existing implementation project.

The documentation language must be English. Documents to be uploaded into SAP Solution Manager must have a

commonly readable format (PDF is recommended).

3.1.1 System and Application Landscape

The following systems are the basis for advanced data synchronization framework for mobile asset management:

Component Version Software Component

SAP ECC / Plant

Maintenance

6.0 SAP ERP 6.0 SP15 (or higher) with EhP0 (or higher)

Mobile Add-On for ERP

6.10 SP04 See SAP Note 1962948.

This add-on contains the following ABAP add-on

software components:

SAP Work Manager 6.2: SMERP 610_700 SP04.

See SAP Note 1936034.

Mobile Integration Framework Foundation: SMFND

610_700 SP04

SAP NetWeaver

Gateway

2.0 SP08 or above Software components depend on the deployment

options.

For more information about installing SAP NetWeaver

Gateway components, see SAP Help Portal at



NetWeaver Gateway Installation Guide → Installation

Prerequisites.

Note: Refer to the version relevant to your

software component.

For more information about the deployment options

available for SAP NetWeaver Gateway, see SAP Help

Portal at http://help.sap.com → Technology → SAP

Gateway → Application Help → Support Package Stack

08 → SAP NetWeaver Gateway Master Guide →

Deployment Options.

http://service.sap.com/sap/support/notes/1962948

http://service.sap.com/sap/support/notes/1936034






June 26, 2015


Component Version Software Component

Note: Refer to the version relevant to your

software component.

MobiLink Server 16.0 Included in the SAP SQL Anywhere package

Microsoft SQL Server

(optional)

Server 2012

Oracle JDK 1.7

3.1.2 Documentation of Background Jobs

The following background job is used for the advanced data synchronization framework for mobile asset

management.

3.1.2.1 Update Template Databases

To update the template databases with the latest from the SAP ECC system, you must create a background job on

the MobiLink server. To download the delta changes of the master and transactional data for the day, MobiLink runs

the script version ML2014R1. This process is run on the application server as a regular Windows task (or Control-M).

Use the following command to run the process:

ant startsyncPwd -DsyncUser=user -DsyncUserPwd=password

In this command, user is the master account user and password is the master account password.

3.2 Configuration Details

The advanced data synchronization framework for mobile asset management requires some specific setup. The

system comes pre-configured but there are some settings that you can configure according to your business needs.

You must also set up the background jobs that perform the synchronization with the remote sites.

SAP Work Manager 6.2 must be installed on the ECC system (components SMFND and SMERP). The advanced data

synchronization framework for mobile asset management solution is based on, and is an extension of SAP Work

Manager 6.2.




June 26, 2015


3.2.1 MobiLink Server Setup

3.2.1.1 Creating a New Database in SQL Server

1. Open the SQL Server Management Studio.

2. In the Authentication field, select Windows Authentication and choose Connect.

3. In the Object Explorer, right-click Databases and choose New Database.

4. In the New Database window, in the Database name field, enter EAM_DB and choose OK.

3.2.1.2 Creating a New User with Full Access to the

New Database

1. In the Object Explorer, expand the Security folder. Right-click Logins and choose New Login…

2. In the Login - New window, in the Login name field, enter mobilink.

3. In the Password and Confirm password fields, enter a password.

4. In the Default database field, select EAM_DB. Choose OK.

5. In the Object Explorer, expand the Security folder. In the Logins folder, right-click mobilink and choose

Properties.

6. In the Login Properties - mobilink window, select EAM_DB and choose OK. The Select Schema window is

displayed.

7. Choose Browse. Select [dbo] and choose OK.

3.2.1.3 Creating a System DSN with EAM_DB as the

Default Database

1. Open ODBC Data Source Administrator (64 bit).

2. On the ODBC Data Source Administrator window, choose the System DSN tab.

3. Select the EAM_consolidated data source and choose Add.

4. On the Create New Data Source window, select SQL Server Native Client 11.0 and choose Finish. The Microsoft

SQL Server DSN Configuration window is displayed.

5. In the Name field, enter EAM_consolidated.

6. In the Description field, enter EAM_DB Connection.

7. In the Server field, select (local) and choose Next.

8. Select the With SQL Server authentication using a login ID and password entered by the user radio button.

9. In the Login ID field, enter mobilink.

10. In the Password field, enter your password and choose Next.

11. Select the Change the default database to checkbox and select EAM_DB.




June 26, 2015


12. Ensure the Use ANSI quoted identifier and Use ANSI nulls, paddings and warnings checkboxes are selected and

that the Application intent is set to READWRITE. Choose Next.

13. Ensure the Perform translation for character data checkbox is selected and choose Finish.

14. Choose Test Data Source. If the test fails, perform steps 15 - 17.

15. Open SQL Server Configuration Manager.

16. On the Sql Server Configuration Manager window, expand SQL Server Network Configuration. Select Protocols

for MSSQLServer and ensure that TCP/IP is enabled.

17. To restart the service, select SQL Server Services. Right-click SQL Server and choose Restart.

3.2.1.4 Accessing the Extracted Files

For the following steps, you must access the files you extracted when you downloaded the advanced data

synchronization framework for mobile asset management software (SAP Note 2182561).

3.2.1.5 Editing the build.xml File

In the <Installation drive>:\mobilink\eam folder, enter your own values for the following properties in the build.xml file:

<property name="cons.host"/>

<property name="cons.pwd"/>

<property name="ml.host"/>

3.2.1.6 Maintaining the Backend Endpoint

Maintain the backend endpoint URL parameters in the configuration file root\cons\bin\MLSyncScript.cfg. This

corresponds to the SAP NetWeaver Application Server ABAP system where SAP NetWeaver Gateway is running.

The following table shows the parameters that must be maintained (with sample values) to maintain the backend

endpoint:

Parameter/Value Description

endpointUrl=server.domain.com Fully Qualified Domain Name (FQDN) of the system

endpointPort=80000 HTTP or HTTPS port numbers of the central instance of

the system

sapClient=300 Client number of the system

oDataPath=/sap/opu/odata/DSFW/




June 26, 2015


3.2.1.7 Creating a MobiLink Server Service in Sybase

Central

1. Open Sybase Central, right-click on the Services tab, and choose New → Service…. The Create Service Wizard

window is displayed.

2. Enter EAMML and choose Next.

3. Select MobiLink Server and choose Next.

4. Enter the following parameters and choose Next.

-c dsn=EAM_Consolidated;uid=mobilink;pwd=<password> -x tcpip(port=5555) -ftr

<Installation drive>:\mobilink\eam\ftr\download -ftru <Installation

drive>:\mobilink\eam\ftr\upload -o <Installation

drive>:\mobilink\eam\cons\logs\ml.log -on 2M -zu+ -zp -dl -zw 0 -w 25 -v -zs

ML_EAM_DEV -sl java(-DscriptConfig=<Installation

drive>:\mobilink\eam\cons\bin\MLSyncScript.config) -sl java(-cp <Installation

drive>:\mobilink\eam\cons\bin\MEAMScripts.jar

5. Select the Local system account radio button and choose Next.

6. Select the Automatic radio button and choose Next.

7. Select the Start the service now checkbox and choose Finish.

3.2.1.8 Checking for Errors

Open Command Prompt as administrator. In the root directory of the project (where the build.xml file is located), run

the following commands:

ant create_cons_from_scratch_prod > output.txt

(Validate that there are no errors in the output.txt file)

ant build_sync_logic > output.txt

(Validate that there are no errors in the output.txt file)

3.2.1.9 Parameters

By default the following configuration is provided. You can change some of the parameters according to your own

requirements.

ANT Properties Description

cons.host, cons.port, cons.uid, cons.pwd, cons.instance,

cons.db.consolidated, cons.dsn

MSSQL consolidated ESM database instance

environment

ml.www, ml.dev.host, ml.dev.localhost Possible MobiLink host, ml.www which connects to the

outside address mobilink.ecolab.com

ml.tcpip.port, ml.http.port, ml.http.rs_port, ml.https.port, The listening port for the MobiLink stream ml.www




June 26, 2015


ANT Properties Description

ml.https.rs_port typically uses ml.https.rs_port which is port 443

ml.host, ml.port ml.host and ml.port are the settings that are used in the

MobiLink server setup and the MobiLink client

subscription setup. They should be set based on the

above two sets of properties.

ml.scriptVersion MobiLink script version is used for adding remote

database subscription.

ml.farm The MobiLink server farm listed in the Relay Server

configuration file

ml.url_suffix Used by the MobiLink client synchronization

subscription setup, where ml.host and ml.port point to

the Relay Server, and the url_suffix load ISAPI handler

redirects the MobiLink synchronization stream to the

appropriate MobiLink server farm.

ml.syncUser This is the synchronization user, which is also known as

the domain user. This is set up by an ANT input

parameter, for example, ANT build_remote –

DsyncUser=TABHD1.

ml.syncUserDivision This is the division of the synchronization user. This is

set up by an ANT input parameter. This parameter is

only used by the deployment_template_db target. The

following is an example: ANT deployment_template_db

–DsyncUser=TABHD1 –Ddivision=DIV010

ml.debugLevel MobiLink server debug level (-v switch)

ml.log MobiLink server log file location

ml.jar.dir MobiLink JAR directory; this is used to locate

mlscript.jar which is used by the LDAP authenticator.

sql.cons.dir SQL directory for consolidated database SQL scripts

sql.cons.install_ml MobiLink system table installation scripts.

Sql.cons.named_param, sql.cons.named_param_init,

sql.cons.named_param_temp_init,

sql.cons.named_param_download_only,

sql.cons.named_param_upload_recover

Named parameters to populate ml_columns for upload

tables.

build.cons.sync_logic Points to build.xml itself.

build.cons Points to build_cons.xml which is generated from

SyncObjectGenerator.

build.remote_db Points to the remote build file which is build_rem.xml.

Build.cons.sync_support Points to the sync_support build file which is

build_cons_sync_support.xml.




June 26, 2015


3.2.1.10 Preparing Template Databases

Data in the distributed environment is common to all employees within a territory. To provide scalability, the initial

loading of the common data is prepared in template databases, once for each territory.

These template databases are kept up-to-date via a periodic job. For example, if you were to deploy the database to

a new user using these template databases, updated via a nightly job, at worst, the common data would be one day

out of sync. A master account user is needed to create (and update) all the template databases.

Create the following remote database for each territory:

ANT build_remote –DsyncUser=DIV010

ANT build_remote –DsyncUser=DIV040

ANT build_remote –DsyncUser=...

Execute the following initial synchronization for each territory:

ANT startsync_template_init –DsyncUser=DIV010

ANT startsync_template_init –DsyncUser=DIV040

ANT startsync_template_init –DsyncUser=...

In this case, DIV010, DIV040 and so on denote territory IDs.

The template databases are updated with background jobs (see section 3.1.2).

3.2.2 SAP NetWeaver Gateway Setup

You must configure NetWeaver Gateway as described in the SAP NetWeaver Gateway Configuration Guide. The

advanced data synchronization framework for mobile asset management accesses data from SAP ECC via OData

services exposed from the SAP NetWeaver Gateway.

3.2.2.1 Configuring Connection Settings from SAP

NetWeaver Gateway to SAP ERP

Configure the connection between SAP NetWeaver Gateway and the SAP ERP system, if you have not already

carried this out as part of the general NetWeaver Gateway configuration.

For more information, see SAP Help Portal at http://help.sap.com → Technology → SAP Gateway → Application

Help → Support Package Stack 08 → SAP NetWeaver Gateway Configuration Guide → OData Channel

Configuration → Connection Settings on the SAP NetWeaver Gateway Hub System → Connection Settings: SAP

NetWeaver Gateway to SAP Systems.





June 26, 2015


3.2.2.2 Configuring Application Services

Configure the services used by the advanced data synchronization framework for mobile asset management as

follows:

1. In the SAP NetWeaver Gateway system, run the /IWFND/MAINT_SERVICE transaction.

2. Choose Add Service.

3. Enter the system alias for the target ERP system that you defined when you configured the connection between

SAP NetWeaver Gateway and the ERP system.

4. Choose Get Services and choose the service for the application by choosing its technical service name.

Note: The services of the application have technical names beginning with /DSFW/.

5. In the Add Service window, enter a package assignment if you wish to transport your changes, or alternatively

you can save as a local object. Save your changes.

6. Repeat steps 2 to 5 for each service of the application.

7. Return to the main screen of the /IWFND/MAINT_SERVICE transaction.

8. Check that all services of the advanced data synchronization framework for mobile asset management have

been activated.

For more information about activating and maintaining services, see SAP Help Portal at http://help.sap.com →

Technology → SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway

Development Guide → OData Channel → Basic Features → Service Life-Cycle → Activate and Maintain Services.

3.2.2.3 Activating Internet Communication Framework

Services

The OData services are managed by the Internet Communication Framework (ICF). When you add the services as

described in section 3.2.3.2, a new ICF service node called sap\opu\odata\dsfw is created automatically. All the ICF

services in this node must be activated. You can do this either in the SICF transaction, or directly in the

/IWFND/MAINT_SERVICE transaction.

You must also activate the sap\bc\ping service in the SICF transaction, and configure it to return an authentication

challenge. It is called by the MobiLink server to initiate a user connection, passing the user ID and password. If the

authentication is successful, the server generates a client certificate (SSO ticket) that is used in subsequent requests.

For more information, see section 4.2.

For more information about activating services with the SICF transaction, see SAP Help Portal at http://help.sap.com

→ Technology → SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway

Configuration Guide → Basic Configuration Settings → ICF Services.

For more information about activating services with the /IWFND/MAINT_SERVICE transaction, see SAP Help Portal

at http://help.sap.com → Technology → SAP Gateway → Application Help → Support Package Stack 08 → SAP

NetWeaver Gateway Development Guide → OData Channel → Basic Features → Service Life-Cycle → Activate and

Maintain Services.







June 26, 2015


3.2.3 SAP Work Manager Add-On Setup

You must install SAP Work Manager using the SAINT and SPAM/SPAU transactions as described in the SAP Work

Manager 6.2 Add-On Component Installation Guide.

The advanced data synchronization framework for mobile asset management is delivered with a BC Set that is based

on SAP Work Manager and contains default configuration. As part of the implementation you can modify the field

selections and filter criteria. You can activate this BC Set using the SCPR20 transaction.

After you have installed SAP Work Manager, you must create a number range for statistics and monitoring.

The advanced data synchronization framework for mobile asset management uses the following SAP Work Manager

configuration:

Mobile Application Configuration (For more information, see section 3.8.2 of the SAP Work Manager 6.2

Configuration Guide)

o Mobile Status Setting

Here you can map the available mobile statuses that a mobile data object (MDO) supports on the client side.

If a user status also exists for the same object type, you can link it to the mobile status and the system

status.

Exchange Object Configuration (For more information, see section 3.11 of the SAP Work Manager 6.2


o Technical Settings

Here you can configure basic settings for an exchange object.

o Change Detection Field Selection

Here you can optimize the change detection process for mobile applications. If a value change is detected

for any fields within the group, the object identifier is written to the exchange table, indicating that a change

has been made. If the Active checkbox is not selected for a field, any value changes made to that field are

not detected and therefore not recorded during the exchange process. By default, all fields are selected.

o Change Detection Condition Filter

Here you can restrict change detection based on data content. For exchange handlers to support this

feature, you must define data filter conditions which the underlying SAP business object must fulfil before the

change detection process is triggered. The condition is defined at the table field level and is in the SAP

range table format.

o Linkage Settings

Allows the exchange objects that are linked together to communicate with each other. The communication is

one-directional, with the exchange object sending information to the object(s) listed in the Linked Exchange

Objects List. When there is a value change to the exchange object, that value change information is passed

on to the linked exchange objects. The linked exchange objects then go through additional processes related

to the value change.

Mobile Data Object Configuration (For more information, see section 3.13 of the SAP Work Manager 6.2


o General Settings

Here you can modify the general settings for a mobile data object.

o ResultSet Field Selection

When a field selector function is enabled for a class handler, the option to select fields for the GET method to

populate is available. The class handler is designed to be mobile application-neutral. It can supply more data

than the mobile application needs. Therefore, in order to preserve system performance, you can customize




June 26, 2015


field usage settings to only retrieve required data for the mobile application. This ability prevents the need to

develop a new class handler for each mobile application.

o Data Filter

When a data filter function is enabled for a class handler, you can define various types of filter rules to

control what data can be viewed by the mobile application based on a customer’s business process. In an

SAP environment, each user is assigned a role-based profile with authorization restrictions. These

authorization restrictions determine what data the user can view and what activities they can perform.

o Data Staging

If an application processes a large amount of objects, data staging the objects can help with processing

times. If an object is configured for data staging, the data within the object is stored as a package and is split

into packets. The data can contain metadata and tagging for easy lifecycle management and data lookup.

Standard APIs are provided for package management.

3.2.4 SAP Plant Maintenance and EAM Setup

The standard task list function module EAM_TASKLIST_GET_LIST requires that a logical system be maintained in

the table for maintaining system clients T000. The logical system is used for error logging purposes only. If the logical

system is not maintained, the task list services results in a short dump when called.

3.3 Assigning Users to Territories

In advanced data synchronization framework for mobile asset management, territories are defined as a combination

of the maintenance planner group and planning plant. These fields must be assigned to users via the following user

parameters in their user master record:

Parameter ID Description

IHG Maintenance planner group

IWK Maintenance planning plant

These parameters can be maintained by administrators or by users.

For more information about editing user options, see SAP Help Portal at http://help.sap.com → Technology → SAP

NetWeaver Platform → SAP NetWeaver 7.0 EHP2 → IT Scenarios at a Glance → Integrated User and Access

Management → Identity Management → User and Role Administration of AS ABAP → Administration of Users and

Roles → User Administration → Editing User Defaults and Options.





June 26, 2015


4 Security Information

The advanced data synchronization framework for mobile asset management is based on the SAP ERP 6.0 (EHP 1

through EHP 7) PM component and SAP NetWeaver Gateway.

For more information about specific security-related topics, see the following resources on SAP Service Marketplace

or SDN:

Topic Quick Link on SAP Service Marketplace or SDN

Security http://service.sap.com/security

http://sdn.sap.com/irj/sdn/security

Platforms http://service.sap.com/platforms

Infrastructure http://service.sap.com/securityguide

→ Infrastructure Security

Related SAP Notes http://service.sap.com/notes

http://service.sap.com/securitynotes

SAP NetWeaver http://sdn.sap.com/irj/sdn/netweaver

For a complete list of available SAP Security Guides, see SAP Service Marketplace at

http://service.sap.com/securityguide.

4.1 User Management

4.1.1 User Administration and Authentication

Advanced data synchronization for mobile asset management uses the user management and authentication

functionalities provided by SAP NetWeaver, specifically by SAP NetWeaver Application Server ABAP. Most of the

security recommendations and guidelines for user administration and authentication described in the SAP NetWeaver

Application Server ABAP Security Guide also apply to this application, with the exception of some topics such as

authentication.

The SAP NetWeaver Application Server ABAP Security Guide contains the following information:

User management, including the user management concept, the tools used for user management, and the types

of users required

User authentication and single sign-on (SSO)

The authentication options supported and how they are integrated with SAP Single Sign-On

Authorizations and roles

An overview of the authorization settings, network and communication security, and standard authorization roles

http://service.sap.com/security

http://sdn.sap.com/irj/sdn/security

http://service.sap.com/platforms

http://service.sap.com/securityguide

http://service.sap.com/notes

http://service.sap.com/securitynotes

http://sdn.sap.com/irj/sdn/netweaver

http://service.sap.com/securityguides




June 26, 2015


Standard authorization objects

A summary of password-related security issues

Advanced data synchronization for mobile asset management has different user management concepts for different

systems, as follows:

Users in the backend system (SU01, PFCG)

Existing users are relevant for the backend system.

Users in SAP NetWeaver Gateway (SU01, PFCG)

In addition to having a user in the backend system, users also require a user ID for SAP NetWeaver Gateway,

with the same ID as the users in the backend system. The user requires authorizations that allow the services of

the application to be triggered in the backend.

If you create SAP NetWeaver Gateway users or copy them from the backend users, note that if you use SSO2

logon tickets to authenticate the requests from MobiLink on SAP NetWeaver Gateway, we recommend that you

copy the user without a password. This protects against attacks based on incorrect or insecure password

handling.

If users already exist in SAP NetWeaver Gateway, authentication can be carried out with the same credentials as

for the existing application.

To authenticate users, you can set up integration with your existing SSO solution based on SAP Logon Tickets. The

user name in the system that issues the logon must be the same as the user name for the Gateway system and

backend system.

4.1.2 User Authorization

A new authorization object /DSFW/RFC has been created for this solution. The authorization check is activated with

the BC Set for advanced data synchronization framework for mobile asset management. The authorization check

secures the RFCs that are called from SAP Work Manager.

The existing authorizations for the underlying SAP Work Manager and SAP PM functions are sufficient for securing

the transactions.

4.1.3 User Creation and Authorization Assignment

You must create users and assign authorizations to them as follows:

1. Create users in SAP NetWeaver Gateway and in the backend system.

2. Decide on your preferred method for handling user authentication and SSO.

3. Create dedicated authorizations for users in the SAP NetWeaver Gateway system.




June 26, 2015


4.1.4 User Management Tools

For information about the tools used for user management and user administration with these applications, see SAP

Help Portal at http://help.sap.com → Technology → SAP NetWeaver Platform → SAP NetWeaver 7.0 EHP2 → IT

Scenarios at a Glance → Integrated User and Access Management → Identity Management → User and Role

Administration of AS ABAP.

4.2 Security Aspect of Data Flow and Processes

This section describes the security procedures and technology measures provided by SAP NetWeaver Gateway to

prevent unauthorized access and modification of data stored or processed by the system.

The following steps are an example of the security aspects that need to be considered when sending data between

the MobiLink server, SAP NetWeaver Gateway, and SAP ERP. In the example, the MobiLink server is sending an

OData request to update a template database using the technical user.

1. The MobiLink server calls an OData service over the HTTPS protocol to retrieve data that resides in the SAP

ERP backend system. The user name and password are provided in the request using basic authentication.

2. The NetWeaver Gateway server authenticates the user and generates a client certificate for the user in the

context and signs it with a certification authority (CA) certificate. The generated certificate is a short lived

certificate valid for a limited period (number of hours to days). The CA used for the certificate signing must be

trusted by SAP NetWeaver Gateway, and therefore it is stored securely on the MobiLink server.

3. The certificate is attached to the subsequent HTTPS call to SAP NetWeaver Gateway, which maps the

subject of the certificate to the user’s name, makes authorization checks, and processes the request. SAP

NetWeaver Gateway must have proper user mapping, and SAP NetWeaver Gateway users must be

assigned to their corresponding roles based on the SAP NetWeaver Gateway role templates.

4. The specific data is returned by the SAP ERP backend to SAP NetWeaver Gateway through the trusted

connection using RFCs.

5. SAP NetWeaver Gateway forwards the returned data to the web server, which in turn delivers it to the

MobiLink server.

If the certificate issued by SAP NetWeaver Gateway in step 2 is not signed by a certification authority, it must be

imported to the keystore of the MobiLink server as follows:

1. Export the certificate from the SAP NetWeaver Gateway server.

2. On the MobiLink server import the certificate to the MobiLink cacerts keystore, using the importcert command of

the keytool utility (or other third-party tool).

The importcert command must be executed from the <drive>:\Program Files\SQL Anywhere

16\Bin64\jre170\lib\security folder in the SAP SQL Anywhere installation.

For more information about keytool, see http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html.

Note: The keytool utility allows users to manage their own public/private key pairs and associated certificates

for use in self-authentication or data integrity and authentication services, using digital signatures. It also

allows users to cache the public keys (in the form of certificates) of their communicating peers.


http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html




June 26, 2015


4.3 Cross-Site Request Forgery Protection

As well as using standard authentication and authorization mechanisms, SAP NetWeaver Gateway provides an

additional level of protection against Cross-Site Request Forgery (CSRF) attacks. Before sending a modifying request

to SAP NetWeaver Gateway (for example, a request to update a work order), the MobiLink server must first retrieve a

CSRF token by sending a non-modifying request (such as GET). The token received from SAP NetWeaver Gateway

is then added to the subsequent modifying requests by MobiLink in a HTTP request header field.

For more information, see SAP Help Portal at http://help.sap.com → at http://help.sap.com → Technology → SAP

Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway Security Guide → Session

Security Protection → Cross-Site Request Forgery Protection.

4.4 Privacy and Data Protection

Advanced data synchronization framework for mobile asset management does not store any personal information.

4.5 Security-Relevant Logging and Tracing

The security trace and log files of SAP ECC and SAP NetWeaver Gateway use the standard functionality of SAP

NetWeaver.

For more information, see section Auditing and Logging of the SAP NetWeaver Security Guide.

On the MobiLink server all synchronization activities are logged in the table SYNC_SUB_CTRL.






June 26, 2015


5 Operations Information

Designing, implementing, and running your SAP solutions at peak performance 24 hours a day is vital for your

business success. This section contains important information on how to smoothly operate the advanced data

synchronization framework for mobile asset management. The major topics are monitoring, troubleshooting, and

administration. This section describes the tasks to execute and the tools to use.

The advanced data synchronization framework for mobile asset management is based on SAP ERP 6.0, SAP SQL

Anywhere (including MobiLink) and SAP Work Manager. Therefore, the general operations information that is

covered in the related operations guides also applies to the advanced data synchronization framework for mobile

asset management.

For a complete list of available SAP Operations Guides, see SAP Service Marketplace at

http://service.sap.com/instguides.

5.1 Monitoring

Monitoring for advanced data synchronization framework for mobile asset management consists of the following

topics:

SAP Work Manager

o User Monitor

o Communication Session Monitor

o Object Mobile Status Monitor

For more information, see section 4.5 of the SAP Work Manager 6.2 Configuration Guide.

MobiLink

o For more information about performance monitoring, see section MobiLink performance monitoring of the

MobiLink Server Administration 16.0 guide.

NetWeaver Gateway

o For more information about alert monitoring, see SAP Help Portal at http://help.sap.com → Technology →

SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway Technical

Operations Guide → Alert Monitoring with CCMS.

5.2 Troubleshooting

MobiLink

For more information about troubleshooting for MobiLink, see section MobiLink server log viewing of the

MobiLink Server Administration 16.0 guide.

NetWeaver Gateway






June 26, 2015


o For more information about trace and log files, see SAP Help Portal at http://help.sap.com → Technology →

SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway Technical

Operations Guide → Trace and Log Files.

o For more information about supportability, see SAP Help Portal at http://help.sap.com → Technology → SAP

Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway Technical

Operations Guide → Supportability.

5.3 Administration and Management

5.3.1 Periodic Tasks for MobiLink

5.3.1.1 Maintenance Tasks in the Consolidated

Database

General maintenance in the consolidated database should be executed in batch mode. Some of the cleanup process

can be managed within synchronizations, but that prolongs the network connection time during synchronizations.

The following are some of the elements that require regular maintenance:

Shadow tables in the consolidated database

Framework tables

Log files on the MobiLink server and relay server

Obsolete MobiLink synchronization scripts

5.3.1.2 Cleaning Up Shadow Tables in the Consolidated

Database

Rows in the shadow tables accumulate over time. You can delete rows in the shadow tables if the values are not

required by any remote database (determined by the successful synchronization of the oldest delinquent user). You

can delete the rows using the following SELECT statement:

SELECT MIN( NEXT_DOWNLOAD_TS ) FROM SYNC_USER

Alternatively, you can clean up the shadow tables using a set date, for example, anything older than two months. This

means that a client cannot be delinquent by more than two months. If a user has not synchronized for two months,

the client application forces users to start from the template database.






June 26, 2015


5.3.1.3 Cleaning Up Framework Tables

The framework tables require maintenance. The following table lists the recommended cleanup methods:

Table Name Description

SYNC_SUB_CTRL In the remote databases, these records are deleted

using SYNC_OPTION RETENTION DAYS, which is

currently set to 45 days. In the consolidated database,

this information is useful for profiling synchronization

times for all users. A retention day value of three years

provides a proper year over year analysis.

SYNC_LOG In the remote databases these records are deleted

using SYNC_OPTION RETENTION DAYS, which is

currently set to 45 days. This value is used for

informational purposes only, and you may want to keep

the values for any number of days greater than 45 days.

SYNC_USER Can be removed if the laptop is out of commission.

SYNC_SQL_COMMAND Rows can be removed when a schema version is

retired.

SYNC_USER_COMMAND The data in this table is user-specific, so the rows can

be deleted after a user’s successful synchronization, or

the laptop is taken out of commission.

SYNC_OPTIONS None

SYNC_USER_OPTION The data in this table is user-specific, so the rows can

be deleted after a user’s successful synchronization, or

the laptop is taken out of commission.

SYNC_TABLE Tables participating in the synchronization; this is used

in user refresh and shadow table cleanup. If a table

becomes obsolete and no synchronization script version

references the shadow table, the row of that table can

be removed.

5.3.1.4 Cleaning Up Log Files

Log files are generated by the MobiLink server and by default are logged at minimum verbosity. When the file

reaches 4 MB in size, the old file is renamed and a new file starts. Over time, a process is required to delete these

files. By default the files are stored in the directory/logs.




June 26, 2015


5.3.1.5 Removing Obsolete Synchronization Script

Versions

If the schema change of a new synchronization script version is implemented, the consolidated database may contain

multiple versions of the synchronization script. If all users have been upgraded, a script version can be removed from

MobiLink system tables. To identify the synchronization script versions that are being used by synchronization users,

run the following command:

SELECT DISTINCT CURRENT_SCRIPT_VER FROM SYNC_USER

To remove a MobiLink script version, run the following command:

DELETE

FROM ml_connection_script

FROM ml_connection_script

JOIN ml_script_version

ON( ml_connection_script.script_id = ml_script_version.script_id )

WHERE ml_script_version.name = ‘obsoleted_script_version’;

DELETE

FROM ml_table_script

FROM ml_table_script

JOIN ml_script_version

ON( ml_table_script.script_id = ml_script_version.script_id )


DELETE

FROM ml_script_version


5.3.2 Periodic Tasks for SAP NetWeaver Gateway

For more information about periodic tasks for SAP NetWeaver Gateway, see SAP Help Portal at http://help.sap.com

→ Technology → SAP Gateway → Application Help → Support Package Stack 08 → SAP NetWeaver Gateway

Technical Operations Guide → Periodical Tasks.

5.3.3 Load Balancing and Scalability

MobiLink synchronization is scalable, that is, a single server can handle thousands of simultaneous synchronizations,

and multiple MobiLink servers can be run simultaneously using load balancing.

If you determine that a single instance of MobiLink running on a dedicated server does not meet your performance or

availability requirements, you can use multiple MobiLink servers in a server farm.





June 26, 2015


For example, you can use the Relay Server (included with SQL Anywhere) and multiple MobiLink servers. Another

option is to use a hardware load balancer, or application delivery controller, with multiple MobiLink servers.

Note: To use multiple MobiLink servers, you must purchase the separately licensed high availability option.

5.3.4 High Availability

To configure MobiLink synchronization to run in a high availability environment using an SQL Anywhere 10

consolidated database with SQL Anywhere 10 remote databases, and to remove single points of failure from a

synchronizing environment, see MobiLink Synchronization with High Availability Databases.