Preparing System Landscape Data Router

The System Landscape Data Router (SLDR) is a component enabled on the Simple Diagnostics Agent (SDA), running on the Customer Management Server in the relevant Customer Networks, to route landscape data from a client e.g. RZ70, sapstartsrv, etc. to different destinations e.g. Landscape Management Database (LMDB) , System Landscape Directory (SLD). A SLDR is a central component and acts as data proxy also in a multi-Focused Run Scenario.

Note: In a multi-Focused Run scenario, the SLDR can only be configured from one SAP Focused Run. As a user, you should decide upfront, which SAP Focused Run system is the leading one. A configuration from a different SAP Focused Run system than the leading one is not allowed. Only for the leading SAP Focused Run system, the configuration will be shown in the SLDR configuration dialog. 

Operation Scenarios

The SLDR can be useful in the following scenarios. For a detailed discussion on the different scenarios, please check the page for SLD DS Payload Distribution.

Case A
You plan or you operate several SAP Focused Run.

Case B
You plan or you operate SAP Solution Manager in parallel with SAP Focused Run.

Case C
You plan or you operate SAP Solution Manager in parallel with several SAP Focused Run.

The below use case is applied for the following example configuration case.

Configuration Procedure

To configure the SLDR start the Agent Administration from the SAP Focused Run launchpad. The SLDR configuration can be opened from the Agent Action drop down menu.

 

General Remark

It is allowed to configure multiple inbound and outbound connections. Further it is possible to mix different authentication modes. So for each managed system sending data over the SLDR an own inbound connection can be configured.

Example

 

  • In the SLDR Activation section

This Host is an SLDR: to be checked, if the Simple Diagnostic Agent should enable the capability to work as a SLDR.
Active: to toggle, if the SLDR is enabled or disabled. 

 

  • Inbound Connections

It is allowed to configure multiple inbound ports. Just use a free open port number.

Port: Define the desired SLDR HTTP Port number – This is the port that will be opened on the SDA to receive the data from Outside Discovery/SLD payload. It`s possible to use any available port on this parameter.

Secure Communication: Option to select are HTTP or HTTP(S)

Authentication: The method to be used for incoming requests. Supported options:

- Basic Authentication

- Certificate-based Authentication (only works with HTTP(S))

This setting has an impact of the configuration for User/Certificate Name.

User/Certificate Name: Enter the username or the client certificate subject name which will be used in the client configuration e.g. RZ70, to connect to the SLDR.

Password: Define the password for the basic authentication use case, which will be used in the client configuration together with the username as the client credentials. There is no input necessary for the certificate-based approach.

 

  • Outbound Connections

Only Basic Authentication is supported.

Primary: Indicates which destination is used to propagate the result to the client in case multiple outbound destinations have been configured.

Name: Unique name of the destination. Typically, the system id of the target system is used.

URL: It is the endpoint URL. This can be either the URL to SAP Focused Run, a SLD or a reverse proxy. It depends on your landscape configuration. Check potential scenarios as described in SLD DS Payload Distribution. Ensure that the endpoint is valid. For any SAP Focused Run endpoint, you are able to test the URL upfront. Check Testing SLDR Configuration > Outbound Test for this.

User: User name from the client credentials which are valid for the endpoint URL. To push the data to a SAP Focused Run system, the user name is by default FRN_LDSR_<CID> (where <CID> has to be replaced with the customer id). Refer to the Security Guide, chapter User Authentication, for additional details about the authentication.

Password: This must fit to the configured user name.

 

Remote Configuration

As an alternative of the SLDR UI, it is possible to configure an SLDR via a remote REST-interface.

This request requires sapadm credentials for the authentication. No restart of the SDA is required.

For the given example, you are supposed to create a dedicated JSON-formatted configuration file with proper values. In our example, the following content of a SLDR.CONFIG file has to be specified.

 

{

    "active":{"value":"true"},

    "URL.FRN":{"value":"http://frunhostname:50000/sld/ds"},

    "user.FRN":{"value":"FRN_LDDS_FRN"},

    "password.FRN":{"value":"Qwertz@123","isSecret":true},

    "primary.FRN":{"value":"true"},

    "URL.SLD":{"value":"http://sldhostname:50000/sld/ds"},

    "user.SLD":{"value":"SLDDS_USER"},

    "password.SLD":{"value":"Qwertz@123","isSecret":true},

    "port.0":{"value":"8080"},

    "user.0":{"value":"SLD_DS_FDM"},

    "password.0":{"value":"Qwertz@123","isSecret":true},

    "secure.0":{"value":"false"},

    "basic-auth.0":{"value":"true"},

    "port.1":{"value":"8081"},

    "user.1":{"value":"SLD_DS_FDM"},

    "password.1":{"value":"Qwertz@123","isSecret":true},

    "secure.1":{"value":"true"},

    "basic-auth.1":{"value":"true"},

    "port.2":{"value":"8082"},

    "user.2":{"value":"CN=hostname,OU=SE,O=SAP,C=DE"},

    "secure.2":{"value":"true"},

    "basic-auth.2":{"value":"false"}

}

 

The so created configuration file can be used in an HTTP-POST request e.g. by using cURL.

curl

curl -v --noproxy "*" --user sapadm --request POST --header "Content-Type: application/json" --data-binary @SLDR.CONFIG 'http://<SLDR-HOST>:1128/lmsl/sda/default/?service=configuration&json-types=SecureProperties&application=t-connector&solution-manager=<FRUN-SID>'


This request requires sapadm credentials for the authentication. No restart of the SDA is required.

Testing SLDR Configuration

Inbound Test

A connection check against the SLDR is in general possible. If you want to test the configuration, use a command line tool like cURL to do so.

curl

curl -v -k -u SLD_DS_FDM “https://<sldr host>:<inbound port>/sld/ds”


This should result in:

Result

SLDR got response status 200 from destination <primary outbound SID>: https://<outbound URL>/sld/ds (primary: true).

curl: (18) transfer closed with 161 bytes remaining to read


Note: There is a limitation when checking the connection on an ABAP system. The connection check in transaction SM59 (which is also be used from transaction RZ70) will respond with an “Connection to partner broken.” The reason for this is that the SLDR only allows inbound requests of type HTTP-POST, while the connection check uses HTTP-GET. Any related icm-traces which showing a corresponding error can be ignored.

 

Outbound Test

It is recommended to test the URL for your outbound connections by using a web browser. For a destination to a SAP Focused Run system (also via reverse proxy), you should get the following information:


Remark: The test is only valid for connections to a SAP Focused Run system. The same will not work for testing a connection to a System Landscape Directory (SLD).