Skip to Content

Some quick hints for the 90 day trial PO cloud system within a corporate environment

The New PO Cloud Trial

I’m really enjoying getting my hands dirty with my sandpit PO system. Working a charm and a really great thing SAP has done.  Takes about 5 minutes to establish (if you have an AWS account already). Very cool.  Quick note – You do need to know a bit about JAVA systems until more doco comes out, but not much.

So I started to reply to Mariana Mihaylova ‘s blog and realised it’s a little long as a comment so here’s a rushed Blog before I take off for Holidays!

Anyway, the point being is I just wanted to provide some pointers for those working within a corporate firewall that blocks port 50000 amongst other things. Here’s some easy steps to make it work inside your corporate network, and use tools locally rather than within the remote desktop. Not perfect yet, but not far off I believe.

Port 50000 and Remote Desktop!

Firstly, you may need to configure some of this outside your corporate network as remote desktop is absolutely necessary to get you going.

Now getting access in your enterprise; well enterprises usually block port 50000 which PO is configured for, so one easy safe way to fix this is to add a new JAVA port to listen on and leverage 80 or port 443 which are generally open. 

To do this is trivial – go into the C:\usr\sap\C73\SYS\profile and open C73_J00_ip-0A4F07E3 and just after the jstartup/vn/home line, add the following lines:

# <protocol> port configuration

icm/server_port_4 = PROT=HTTP,PORT=80,TIMEOUT=60,PROCTIMEOUT=600

Restart your JAVA instance and the java system can be accessed through http://localhost.

Next step – Turn off the windows firewall (did not realise that woudl be on in this environment.

Now time to head into the office.

Semi-Safe opening of Port 80

Once in the office, go to the EC2 Management Console and go to Security Groups. Make sure you view “All Security Groups”, and not EC2 Security Groups. You’ll see your PO’s security settings under something like “SAP-NWPO-731-in-us-east-1-InstanceSecurityGroup-blah”. Now it might be a good idea to lock down your 3389 port unless you need to remote desktop (open to the world may not be the best idea at least). 

Now from your corporate IE browser – since Chrome is not allowed 😉 – go to Google (if you can) and ask it “what is my IP” and the Google will tell you your external facing IP address.  Now within the EC2 console, Create a new Rule for HTTP, and use your external facing IP address with “/32” added to the end of it. “Add Rule” then “Apply Rule Change” (Don’t worry, Amazon will force you to get this right).

Now hopefully if you open your browser to your elastic IP address, you should see the default JAVA Engine index page.

Curse Localhost and port 50000

At this point, you can do quite a bit with a local NWDS that you need to install separately (make sure you get the SP5 Process Orchestration version), but there’s still a heap of stuff that points at localhost:50000.  To fix that, I did what is probably a little dodgy and went to http://<ip address>/webdynpro/dispatcher/

i.e. In JAVA, the exchange profile info is stored in a different place. From the PI admin page it points you to this NWA administration page.

This is not probably fully correct, and happy to be corrected, but I just went into the Services tab, selected XPI Service: All Config Service, then adjusted all the parameters with localhost to the IP address, and all the 50000 ports to 80.  Yep – Probably broke my whole system, but that’s where I’m up to and things have worked out pretty well so far. Still not fully working but it’s close.

General Thoughts on Single Stack PO/PI

As I’m one of those annoying Architects who tends to set standards and do quality checks on SI consultants, I started to play around with the changes in 7.31 to see if I would structure things differently than the old PI dual stack. I’d played with the single stack for a couple of years at SAP TechEd, but never really tried to identify a true enterprise pattern for the most common pattern in PI of a sender to receiver via some kind of canonical message model (optimised for throughput).

Anyway, once I played with the Integration Flow (which makes PI so much easier for newbies IMO), figured out what dependencies were required, I ended up with the following thinking…

Consider Source SWCV, Target SWCV, a Global/CMM/Canonical SWCV and an Integration SWCV.

The Global SWCV contains the Canonical Message Type.

The target and source system SWCV contains their associated Message/Data Types and Service Interface plus the message mapping to the Canonical.

Now for the interface/operation mapping (much easier to think of this as an interface mapping IMO), we map from Source to Target in the Global SWCV because it is really the only SWCV that knows how to get from source to target with the 2-stage mapping. And to do this, I need to make sure that Global is dependent on Source and Target.

Now what is the Integration SWCV for? Well for value mappings, and reusable stuff and stops us having circular dependencies with the Global from Source/Target SWCV’s.

And yes – I’ll explore BPM within PI patterns in the future but it’s a hard sell to PI consultants at the moment unfortunately and as per my original requirement, I was looking for an optimised pattern for this scenario.

Wrap-Up and Happy Holidays

Anyway, hope that is of use and we can refine the details as others explore playing with PO and get a nice humming PO system. Feel free to challenge any of this, and I encourage all PI people to leave your comfortable Swing clients and get into NWDS so we can really find all the bugs and get the right features added in the next 1 or 2 Support Packages!

See you Next Year,

Some minor updates after this was published…

Within your NWDS, you may have a problem with connecting to your PO instance. This is probably because you have a Proxy in your network. To fix this, go into Windows Preferences of NWDS, and within Network, create a manual Proxy setting, pointing it at your proxy server and port (found in IE), and enter your domain username/password if necessary (prepending your domain like DOMAIN\harding,).

You must be Logged on to comment or reply to a post.
  • Hey Matt,

    Many thanks for taking the time for this overview. We are currently working on an FAQ but you’ve been of great help with these pointers.

    Glad to read your detailed feedback – very useful.

    Happy Holidays & see you next year!!



  • Matt,

    By any chance did you  come across this issue:

    “”The Windows Password cannot be retrieved because this instance is not associated with a Key Pair. The administrator password may only be retrieved for instances that were associated with a Key Pair when launched.””

    I got this error while trying to retrive admin password.

    Appriciate your help.



    • Hi Sunil,

      Yep – Came across that issue, but figured that SAP released it such a way that you cannot change that password (you could probably create a new admin account and disable logon to this one???).  So just use Lokal as your password.



      • Thanks for your help Matt !

        KeyPair tag is missing in Template so it remains blank when Instance get created and does not allow us to Retrieve the password.

  • I faced the same issue and then noticed the pwd in the blog.. 🙂 .   I also installed RDP lite on my iphone and tried remote desktop. Although it was not very convenient but was fun.. having PI on a smartphone..

  • Matt…

    Very nice one for starter .Do you have any update  connecting  from local NWDS  to  AWS PO. ? any straightforward method  without adjusting xpi settings ?



    • Hi Martin,

      Sorry – No updates. I haven’t actually spent any more time with the instance since this blog as I’ve had my own instance patched and running locally.

      Hope you found your own answer.