SAP Web Dispatcher — Some Project Insides

Within 16 years of consulting I came across different questions about the magic SAP WebDispatcher. Often Go Lives, Cut Overs and other critical timelines fails because a lack of knowledge about this piece of software works. But honestly it is not a magic thing. Meanwhile a lot of good Blogs and so on are published which helps to configure the webdispatcher to fit the needs.

So if you want to implement a WebDispatcher you should consider the following:

Documentation:

Beside the SAP documentation stored in help.sap.com and other Documentation that can be found on the support portal there are two blogs which should be read and be understood before a implementation planning starts:

The first blog from Brian McKellar is very old, but still explain from my point of view the challenges in implementing a WebDispatcher scenario in the best way I found.

The second blog from Isaias Freitas is more up to date and describe the mainly the Implementation for one WebDispatcher  for several Backend Systems.

Technical Aspects:

First of all, the Version to be used should checked.

SAP Note 908097 helps here and should be the start point.

If you install a productive WebDipatcher in a high load scenario consider the following

Check SAP Note 1437105 (UNIX) or for adapt OS Limits

Check SAP Note 684106 (Windows) for install required DLLs

Check SAP Note 2007212 after the installation to adapt the required profile Parameter

Due security reasons you should use Transport Layer Security for all communication form and to the SAP WebDispatcher. As SSL is based on certificates use a CA for Certificate Management, to minimize the effort. Think about the of setup a own (Projetct) CA if there is no Enterprise CA is available.

Do not forget to secure the communication between the WebDispatcher and the (A)SCS Instance of the Application Server(s).

wdisp/server_info_protocol = https

wdisp/group_info_protocol = https

wdisp/url_map_protocol = https

wdisp/ping_protocol = https

Redirect all http requests to https on the WebDispatcher

icm/HTTP/redirect_0 = PREFIX=/, FROM=*, FROMPROT=http, PROT=https

Use the URL Filter to protect the URLs provided “outside”.

Consider to use the Web Cache provided by WebDispatcher.

For productive usage consider to use a HA-Scenario, special if you address several Back-ends.

If I will find time I will write a blog about it 😉

Other technical Aspects I saw in projects, where the implementation is blocked.

Be sure you have a working DNS and Reverse DNS implemented.

Be sure your Certificates are correct.

Be sure Routing is correct.

Be sure local Firewall rules setup correct if us use a local Firewall on the WebDispatcher Host.

One Example:

Assume the following about the System landscape;

We have a Backend Network called sapdemo.lan. Beside this we have a frontend network called dmz.*********. The WebDispatcher reside on host vsapdc00 and have one networkcard for the backend and one for the Frontend Network. It acts as the Single Point of access to the Backend Network for http and RFC Communication. The WebDispatcher provides Access to three Back-end Systems (SMA; SMJ and NW1). SMA is a ABAP Backend SMJ and NW1 are Java Systems.

The Profile looks as follows:

Remark:

In this example the Webdispatcher is used also for internal Calls. For this each system is defined twice, one time with its Webdispatcher Name in the Backend and and one time for the Frontend Network Name.

Once all is configured and installed check the Status in the WebUI of Webdispatcher:

Check each Application Server can be reached by http and https:

For ABAP Systems use

http(s)://server.domain.ext:port/sap/bc/bsp/sap/system_test/test_proxy.htm




Remark:
Do not forget to deactivate the SICF Node or to block this URL to outside once you have tested successfull.

to test your Proxy setup.

Conclusion:

Dealing with SAP WebDispatcher is not a rocket science but it need some deeper knowledge about how things work through the Internet. For sure the same can be achieved with other Hardware or Software Solutions.

So at all do not underestimate the time needed for implementation. My Consultant live has shown that a lot of Projects run into a risk because a lack of knowledge and start to late with the implementation of this piece of Software. In best case start in development 😉