Learning Series: SAP NetWeaver Process Orchestration, secure connectivity add-on 1c SFTP Adapter

(1)

SAP COMMUNITY NETWORK scn.sap.com

Learning Series: SAP NetWeaver

Process Orchestration, secure

connectivity add-on 1c SFTP

Adapter

Applies to:

SAP NetWeaver Process Orchestration, Secure Connectivity Add-on 1.0 SP0

Summary

This article explains various use cases and corresponding configuration options of SFTP adapter which is available as part of SAP NetWeaver Process Orchestration’s Secure Connectivity add-on.

Author: Sivasubramaniam Arunachalam Company: SAP Labs India Pvt. Ltd.

Created on: May 18, 2012

Author Bio

(2)

1 Introduction

1.1 What is SFTP?

SFTP is a network based file access/transfer protocol which offers following major features  File Access

 File Transfer  File Management

1.2 Other Names/expansion of SFTP

 SSH File Transfer Protocol  Secret File Transfer Protocol  Secure FTP

1.3 What SFTP is NOT?

 FTP run over SSH  FTPS (FTP Over SSL)

 Simple File Transfer Protocol

2 Plain FTP – Issues

 It’s not secured

 If the message needs to be transferred outside the firewall, it requires separate FTP proxy since it can’t work with normal HTTP and SOCKS proxies

 It doesn’t support file management functionalities

 Only password based authentication is supported. If the used password expires, the scenarios (or) connection negotiation will fail

 File uploads to include the original date/timestamp attribute is not supported

3 Alternate Protocols to address Plain FTP issues

 SCP (Secure Copy)

 FTPS (FTP Over SSL (or) TLS)  SFTP

4 SCP – Limitations

 It offers only file transfer capabilities  It won’t support the following features

• Resuming Interrupted Transfers • Directory Listings

• Remote File Removal

(5)

5 FTPS - Limitations

 Since the control and data channels are encrypted, the firewall in the middle can’t recognize the data channel port and it will block the access to the port used to data transfer

 It won’t work with normal FTP Proxy. Special FTP Proxy with SS (or) TLS support is required

6 Difference Between FTPS and SFTP

 Both operate on different protocol • FTPS Operates on SSL (or) TLS • SFTP Operates on SSH

 FTPS uses the secured connection and data channels

 SFTP uses the secured tunnel for both connection negotiation and data transfer

7 Introduction to SAP’s SFTP Adapter

It is built based on SSH2 protocol and supports SFTP Versions 0, 1, 2 & 3.

8 Pre-requisites

8.1 Deployment

 SFTP Adapter related SCA’s and Design Time objects should be deployed/imported as per the supplied installation guide

8.2 Infrastructure

 Obtain the following details from the system administrator • SFTP Server

 Host Name  Port

 User Name & Password • HTTP Proxy

 User Name & Password (for proxy authentication) • SOCKS Proxy (It can be version 4 & 5)

(6)

 SFTP Server should be up and running. It can be verified with the following command • # telnet hostname 22

• The SSH Server implementation will be different based on the vendor  This can be verified with other third party SFTP clients like FileZilla

(7)

(8)

8.3 SSH Keys

NWA key storage doesn’t support SSH keys. So it has to be converted into SSL keys. All the key generation steps are available in the following wikis.

• http://wiki.sdn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+1 • http://wiki.sdn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2

8.4 SSH Server Public Key Finger Print

In the following wiki explains the need of Public Key Finger Print and Steps to generate the same.

(9)

9 SFTP Configuration Options

9.1 SFTP Server

Option Description

Server Host Name (or) IP Address of the Server where SFTP Server/SSH Service is running

Port Port Number where SFTP Server/SSH Service is running. By default it will be 22

Timeout(ms)

It represents the following timeouts in milliseconds  Connection Establish Timeout

 Idle Connection Timeout

Server Finger Print http://wiki.sdn.sap.com/wiki/display/XI/How+to+Determine+the+Pub lic+Key+Finger+Print+of+a+SSH+Server

(10)

Proxy

Proxy Type. The supported types are  HTTP

 SOCKS4  SOCKS5

Server Host Name (or) IP Address of the Server where Proxy Service is running

Port

Port Number where Proxy Service is running. The defaults are  HTTP (Squid) – 3128

 SOCKS (Dante) - 1080 User Name &

Password

If the proxy requires authentication, the corresponding credentials can be configured. But it is optional.

9.3 SFTP Server Authentication

Authentication Method

The type of authentication in which client wants to authenticate itself to the SFTP Server. It is mandatory and it could be either

 Password based  Private Key based

(11)

Password If the authentication method is password based, the corresponding user account’s password

Private Key View/Entry

If the authentication method is private key based, the corresponding view and entry of the user’s private key available in NWA Key Storage. For more details, please refer the following wikis.

 http://wiki.sdn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP +Adapters+-+Type+1

 http://wiki.sdn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP +Adapters+-+Type+2

9.4 Archiving on PI Server

All the files which are being processed can be archived in PI Server. The Archive Name can be a complete (or) relative path. The Time and Sequence Number also can be configured in the archived file name.

9.5 Adapter Specific Message Attributes

This feature is same as the Standard PI’s File Adapter. For more details please refer the point 22 in the SAP documentation,

http://help.sap.com/saphelp_nw73/helpdata/en/44/658abd344a4de0e10000000a1553f7/frameset.htm

It additionally supports Customizable Name space in order to compatible with other standard PI adapter

(12)

9.5.2 Receiver Channel

9.6 Sender Channel Specific Configuration 9.6.1 File Selection

File Name

The individual file name (or) Java regular expression to select the input files. For more details about regular expressions, please refer

http://docs.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html Directory The folder where files needs to be picked. It can Complete (or) Relative path Additional

Files

(13)

9.6.2 Polling Interval

 Polling interval can be specified in minutes.  It doesn’t support second based polling

 It will poll at 0th second of the configured interval

 The first poll after channel start will not happen immediately. It will wait configured minutes for the first poll

9.6.3 Processing Parameters

Delete File Delete the file once it is processed

Process Empty File

This feature is same the Standard PI’s File Adapter. For more details please refer point 12 in the SAP documentation,

http://help.sap.com/saphelp_nw73/helpdata/en/44/658abd344a4de0e10000 000a1553f7/frameset.htm

Duplicate File Checking

This option is used to prevent the input file is being picked for processed twice. The duplicate is calculated based on the following file parameters

(14)

 File Size Maximum File

Size Restriction

Processing Sequence

If more than one file found during the file selection, the order in which it should be processed can be defined.

Archive Faulty File & Archive

Name

If the file is qualified as faulty (or) error file, it can be archived in the same input folder along with configured prefix.

Stop Processing After Faulty File

The further processing of the current selection will be stop after a fault file is detected

Quality of Service

This feature is same the Standard PI’s File Adapter. For more details please refer

http://help.sap.com/saphelp_nw73/helpdata/en/f9/17888f490846a9972628 525cc28aac/content.htm

9.6.4 Archiving on SFTP Server

(15)

9.7 Receiver Channel Specific Configuration

9.7.1 Output File Parameters

This feature is same as the Standard PI’s File Adapter. For more details please refer “Define File Access parameters” section of the SAP documentation.

http://help.sap.com/saphelp_nw73/helpdata/en/44/658abd344a4de0e10000000a1553f7/frames et.htm

9.7.2 Processing Parameters

All the above options are same as the Standard PI’s File Adapter. For more details please refer the SAP documentation.

9.7.3 Set Permissions

UNIX based permissions can be set for the created output files. For more details about the UNIX permission, please refer “Octal Notation” in the following link

(16)

9.7.4 Store Attachments

If the received XI message contains more than one payload, all of them are stored/created in the configured output folder.

9.7.5 Variable Substitution

This feature is same as the Standard PI’s File Adapter. For more details please refer the SAP documentation.

10 Example Scenarios

The following scenarios explain the configuration of SFTP Sender and Receiver Channels for basic end to end connectivity.

10.1 Scenario - 01

This scenario is configured with the following options.

(17)

(18)

10.1.1.2 Processing Tab

(19)

(20)

10.1.2.2 Processing Tab

(21)

10.1.3 Message Logs

10.1.3.1 When there is no file found

(22)

(23)

10.2 Scenario - 02

This scenario is configured with the following options.

 Private based authentication (Both Sender & Receiver)  SOCK5 Proxy with Authentication (Sender)

 HTTP Proxy with Authentication (Receiver)

(24)

(25)

10.2.3 Message Logs

(26)

11 Related Content

http://wiki.sdn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+1 http://wiki.sdn.sap.com/wiki/display/XI/Generating+SSH+Keys+for+SFTP+Adapters+-+Type+2

(27)

12 Other Learning Series Articles

SL No

Product Name Topic Name

1. SAP NetWeaver Process Orchestration, secure connectivity add-on 1.0

a) How to Proceed Guide b) Installation Guide c) SFTP Adapter d) PGP Module 2. SAP NetWeaver Process

Orchestration, business to business add-on 1.0

a) How To Proceed Guide b) Installation Guide c) AS2 Adapter d) OFTP Adapter e) X400 Adapter f) EDI Separator

g) Archiver Module and Archiver Mapping h) Number Range Objects Module

i) EDI XML Converter

I. Master Guide: EDI XML Converter II. EDIFACT_Info_Guide III. X12_Info_Guide IV. TRADACOMS_Info_Guide V. ODETTE_Info_Guide VI. VDA_Info_Guide VII. PLAIN_Info_Guide j) B2B Content

3. SAP NetWeaver Process Orchestration, business to business add-on 1.0

a) Sample Scenario Set-up (contains File Adapter, AS2 Adapter, EDI XML Converter, Mapping Templates, and NRO Module)

b) Sample Scenario Set-up (contains File Adapter, OFTP Adapter, EDI XML Converter, Mapping Templates, and PGP Module)

(28)

Copyright

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.

Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation.

Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.

Java is a registered trademark of Oracle Corporation.

JavaScript is a registered trademark of Oracle Corporation, used under license for technology invented and implemented by Netscape.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

Learning Series: SAP NetWeaver Process Orchestration, secure connectivity add-on 1c SFTP Adapter