BusinessObjects Enterprise and client side SNC Part 1 of 2
I have seen frequently the question about using SNC in combination with BusinessObjects Enterprise and the BusinessObjects Integration for SAP Solutions. Most customers use SNC to combine the user authentication of for example Windows AD with the SAP credentials.
To configure BusinessObjects Enterprise to use SNC you the following tasks are needed:
– Configuring BusinessObjects Enterprise servers to start and run under an appropriate user account
– Configure the SAP system to trust your BusinessObjects Enterprise system
– Configure the SNC settings in the Central Management Console of BusinessObjects Enterprise
– Map SAP users as aliases to Windows AD users.
In this part we will look at the first two steps of these 4 items. In the following steps we will use the Microsoft NTLM implementation for SNC.
Some of the outlined steps might require different values depending on the SNC implementation software you are using but the general steps should help you to follow along.
BusinessObjects Enterprise services
As a technical pre-requisite your SAP server needs to be setup for SNC and the SNC library needs to be deployed on your BusinessObjects system. For client SNC to work properly in your BusinessObjects Enterprise system some services of your landscape need to be started with a user account which his configured for SNC.
For your SAP server the following profile parameters need to be configured (transaction RZ10):
|snc/enable||Set this parameter to the value 1 to activate SNC on the application server|
|sec/libsapsecu||Enter the full path including the file name to the SNC library on your SAP server|
|ssf/ssfapi_lib||Enter the full path including the file name to the SNC library on your SAP server|
|snc/gssapi_lib||Enter the full path including the file name to the SNC library on your SAP server|
|snc/identity/as||Enter the Distinguished Name (DN) for your SAP system.|
To configure your SAP system for example with Microsoft Kerberos you can find the complete details here.
On the BusinessObjects server you then also need to deploy the SNC library and create an environment variable entry called SNC_LIB that points to the complete path including the file name of the SNC library on your BusinessObjects Enterprise system.
Now for client side SNC, your application server (by default Tomcat), your Central Management Server and your processing tier (for example Crystal Reports Job server and Crystal Reports Processing server) needs to be run under a configured SNC account.
The processing tier is not a necessity for a client SNC configuration to work, but when you want to leverage the full functionality of your BusinessObjects platform the processing tier needs to be configured to leverage the established trust between your SAP and BusinessObjects system.
To setup those services to leverage the SNC account there are different options. In the following example we will use a single Server Intelligent Agent and configure it to use the SNC account. Another option would be to add a second Server Intelligent Agent and assign specific services to only that Server Intelligent Agent.
The SNC account that you setup needs to be a domain user.
- Start the Central Configuration Manager of your BusinessObjects Enterprise system (START • PROGRAMS • BUSINESSOBJECTS XI RELEASE 3.1 • BUSINESSOBJECTS ENTERPRISE • CENTRAL CONFIGURATION MANAGER).
- Select your Server Intelligence Agent (SIA) and stop the service.
- Select the Server Intelligence Agent and click on PROPERTIES.
- Uncheck the option LOG ON AS SYSTEM ACCOUNT and enter the SNC account in the syntax DOMAIN\USER. In my example the account is SAP_ALL\IHILGEFORT.
- Click OK and start the Server Intelligence Agent service.
- Now you need to follow the same steps and configure your application server to use the SNC account. In our example the application server is Tomcat.
- Select Tomcat in the Central Configuration Manager and stop the service.
- Click on PROPERTIES.
- Uncheck the option LOG ON AS SYSTEM ACCOUNT and enter the SNC account.
- Click OK and start your application service.
You now need to create a system ID in transaction SNC0 and configure it with your SNC account.
1. Logon to your SAP system and start transaction SNC0.
2. Click the button NEW ENTRIES.
3. Enter the name of your BusinessObjects system as System ID.
4. Enter the SNC account with the prefix “p:” into the SNC name field.
5. Select the options ENTRY FOR RFC ACTIVATED and ENTRY FOR EXT ID ACTIVATED.
6. Click SAVE
This covers the first two steps and in the next part we will continue to configure the SNC options on the BusinessObjects Enterprise server.