Set up NLINK with SNC
- Darcy Curtin
- Rakesh
Follow these steps to set up NLINK to use SNC (Secure Network Communication) connections to SAP.
Prerequisites
The SAP system in general and the SAP user id(s) that NLINK will use must be set up to support SNC.
The following guide relates only to the setup on the NLINK side of the connection.
Step-by-step guide
The main steps are:
Set up SNC Environment on the NLINK Server
Configure NLINK to use SNC
Each of these steps is presented in detail below.
Step 1. Set up SNC Environment on the NLINK Server
- Set up SNC Client
Follow these instructions to set up the SNC Client: /wiki/spaces/JWHSAP/pages/1212437 - Get SAP Crypto Library
- Find the SAP crypto library (dll file). Typically it is named sapcrypto.dll.
- Make sure the version is the same as you used to generate the SNC client in the previous step.
- Copy the crypto dll file to a known folder (or just make a note of where it is if you already find it on the machine—you do not need two copies).
- Specify Location of SAP Crypto Library
Use one of the following methods to specify the location of the crypto dll file:- Point System-level Environment Variable SNC_LIB to the path and file location of the crypto dll file. Windows environment variable SNC_LIB for 32bit programs and SNC_LIB_64 for 64bit.
- In the SapNwRfc.ini file, for each destination entry that uses SNC, add an SNC_LIB parameter pointing to the full path and file location of the crypto dll file.
- Specify Location of SNC Certificates
Create a System-level Environment Variable SECUDIR and point it to the folder where all the SNC certificates are located. (See step 1 to generate certificates.)
Step 2. Configure NLINK to Use SNC
You have two options for connecting via SNC from NLINK.
- Start the NLINK Service with SNC user credentials
- Specify SNC user credentials on specific External System(s)
In both cases, you need to obtain the Windows OS account (domain or local) that is linked to the SAP SNC account.
Note
Set Up External Systems
- Do not specify User Id or Password for the External Systems that use SNC. If you are using an NLINK Environment Constant for these Attributes, be sure to set their values to blank.
- For External Systems under the SAP for Transaction Connector, set the Attribute Use SNC to True. This is needed to avoid the built-in call to AUTHORITY_CHECK, which will always fail.
Option 2 - Specify SNC User Credentials on External System
In cases where the NLINK Service cannot be started with a valid SNC account, you can set SNC user credentials on each External System.
However, this approach cannot be used with the RFC Listener Connector or the IDoc Coector (from SAP -> NLINK). In these cases, NLINK can register with SAP, but will fail when it receives a call.
Set Up Destination Entries
- Use the sapNwRfc.ini file to specify your SAP Destination(s) using the following parameters:
- For SAP Application Server
- DEST=
- ASHOST=
- SYSNR=
- SNC_PARTNERNAME=
- SNC_MYNAME=
- SNC_LIB=
- For SAP Load-Balancing Server
- Substitute the appropriate load-balancing parameters for the ASHOST parameter
- For IDoc (NLINK → SAP)
- DEST=
- PROGRAM_ID=
- GWHOST=
- GWSERV=
- SNC_PARTNERNAME=
- SNC_MYNAME=
- SNC_LIB=
Note
You do not need the SNC_LIB parameter in any of the Destination entries if you specify the SNC_LIB Environment Variable in Step 3 above.
Set Up External Systems
- Specify User Id and Password for the External Systems that use SNC. Use the Windows OS account that is linked to the SAP SNC account.
- Set the Attribute Use SNC to True.
Related articles
If the NLINK SAP IDoc Connector or the SAP RFC Listener Connector is used to receive data from SAP, then you must use this option. This option will also work for the SAP RFC/BAPI Connector, SAP Transaction Connector, and for sending IDocs to SAP via the SAP IDoc Connector.
Set Up Destination Entries