The Internet Transaction Server (ITS) SAP BASIS

SAP joins its applications with the Internet world in release 3.1 (1996) by means of the Internet Transaction Server (ITS). This server combines Internet technology with R/3 technology, enabling reliable access to SAP transactions from the Internet and from intranets. ITS uses the following:

  • SAP GUI for HTML (ITS 4.6DC4 or Higher), which dynamically converts R/3 transaction screens to HTML pages.
  • Web Transactions, which enables HTML pages to call R/3 transactions.
  • WebRFC, which enables HTML pages to call R/3 function modules.
  • WebReporting, which links SAP reports and pregenerated lists from an HTML pages and links to the Web Reporting Browser that displays R/3 report trees. Web Reporting is a special-case WebRFC.

ITS middleware allows accessing SAP Web AS scenarios from a Web browser and call function modules via an URL. It also allows the SAP GUI for HTML access with the enjoySAP interface to nearly all standard SAP transactions from a browser. ITS is also the portal service for the Workplace portal. ITS is one of the key pieces in the SAP Internet strategy and it is present in almost every mySAP system landscape. SAP transactions can run as Web transactions (IACs), Standard SAP transactions using the SAP GUI for HTML (or SAP GUI for JAVA), WebRFC, or WebReporting. In a IACS, the transaction finds all of the information needed for the presentation layer in it's a IACS or Web Transaction service file and templates, which includes the transaction code to start in the SAP system (defined with the parameter ~ transaction in the service file). The SAP GUI for HTML is accessed through the SAP GUI for HTML (ITS service webgui) or SAP GUI for JAVA (ITS service jvgui).

Access to WebRFC and WebReporting is also supported. Only WebRFC or WebReporting modules that have been specifically written to adhere to Internet scenarios can be accessed via this method. After release 4.5, all reports must be released in order to have access to them via the Web.

IACS Architecture

WGate Located on the same machine as the Web server, the WGate component connects the ITS to the Web server. The WGate supports standard Web server interfaces (e.g., Microsoft's Information Server API (ISAPI) on Windows NT, The Microsoft Information Server API, Netscape Server APT (NSAPI) on Windows NT, Common Gateway Interface (CGI) on UNIX, and AS/400 (controlled availability as of Release 4.5A)). On the UNIX and AS/400 platforms, the Common Gateway Interface starts the WGate as an external executable program. The AGate program is implemented as a Windows NT service. Although the AGate can be located on the same machine as the WGate, we recommend that you keep the two components on two separate machines.

AGate The AGate is responsible for the following communication tasks:

• Enabling connectivity to the SAP system using DIAG (SAP GUI) or RFC protocols
• Generating the HTML documents for the SAP applications
• Managing user logon data
• Managing session context and time-outs
• Code page conversions and national language support

Process The process depends on the model you use. These can be EWT.Flow Logic or Web GUI. With the Web GUI process, the Web browser passes the request to the Web server, which loads the WGate (Web gateway) that links ITS to the Web server. The WGate connects to the AGate and sends the AGate a request. TCP is used to establish the WGate connection. The WGate and AGate interact/share data through the SAP Network Interface. The AGate receives an HTTP request from the WGate using DIAG or RFC. The HTTP request is then processed, and the data and logon information is sent to the SAP system. The SAP system retrieves information, processes the information, and sends a response back to the WGate.

Security The ITS architecture allows for the WGate and AGate to run on separate hosts. The AGate keeps logon data, which is why it is good to keep components separated. SAP recommends that clients set up a network infrastructure that makes use of these features to control access from the Internet to internal networks. Other security components, such as firewalls, packet filters, and SAP routers, should be used to separate the individual parts of the network from one another. It is important to use various security mechanisms so that, in the event of a security breach, the consequences are limited to a subset of the system. Users can be authenticated in multiple ways:

  1. Authenticating Internet users. You'll need to make Web transactions available to anonymous Internet users because it is impractical to set up a separate account for each user since you don't know which users want to access the application data within SAP systems.

    Define these services as Web transactions.

    Set up the as service users with predefined passwords in the SAP system. Assign service users only the authorizations needed to access the application.

  2. Authenticating named users with user ID and password. For users with SAP usernames and accounts, do not set up passwords in the ITS service file. This authentication method would take place internal to the SAP system.
  3. Authenticating named users using X.509 client certificates (offered with release 4.5B and higher). Users can present a X.509 client certificate. This authentication would use the SSL and no password would be required.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status