Enable HANA connection for Solution Manger monitoring using SSL

In this blog you will find information how to setup a SSL encrypted connection between the SAP Solution Manager and a HANA DB. In a scenario using SAP Solution Manger to monitor the System Landscape a connection must be established between the HANA DB and the ABAP of the Solution Manager. To do this you need to create a connection in the ABAP of Solution Manger, which accesses the HANA DB using the user “DBACOCKPIT”. To guarantee a higher level of security you can enable an SSL encryption for this connection. It is possible to enable SSL connection to all DBs but also for single DBs in a Multi DB Landscape. This blog is focused on enabling SSL connection between SAP Solution Manger and only one single SAP HANA Tenant.

Create DBACOCKPIT user

This DB-user must be created previously on the HANA DB. To create this user, you can use a SQL command, HANA Studio or HANA Cockpit. To prevent the connection from errors, caused by expired user password, disable the password lifetime of DBACOCKPIT. You can use the following SQL command:

ALTER USER DBACOCKPIT DISABLE PASSWORD LIFETIME;

Enable SSL connection on all HANA DB

To enable the SSL connection between Solution Manager and HANA DB follow the instruction of SAP note: 2475246 (– How to configure HANA DB connections using SSL from ABAP instance). This enables SSL for all DB connections.

Enable SSL connection for single HANA DBs

In case SSL should only be used for several database connections, please follow the installation instruction of Note  2572975 (- Solman monitoring of only specific HANA DBs using SSL).

Enable SSL Connection to Host Agent

Please follow the instructions in note 2514150 (- SAP Host Agent for SAP HANA: SSL connection to SAP HANA).

Create a DB connection using the correct configuration

In the ABAP of SAP Solution Manger open the transaction DBCO. Find more information in SAP Note – 1983389 (– DBCON entry for SAP HANA).

Enable Change > New Entry

For Multi Tenant HANA DBs you have to create a connection for the System DB and the Tenant itself. In our example we use the following connection parameters.

System DB:

Tenant:

Enter connection parameters in following syntax:

HOST=<host name>:<SQLPort>[,…,<host name>:<SQLPort>][;SCHEMA=<schema>][;CON_PARAM=<dbparam>,…,<dbparam>]

Make sure to set the parameter ENCRYPT=TRUE, for enabling the SSL-connection.

Creating DBCO connection for System DB using SSL

Creating DBCO connection for DB Tenant using SSL

Connection can be found in the DBCO list now.

SSL connection between SAP Solution Manager and HANA DB is enabled.

Testing HANA-DB connection using report

To test the status of the DB connection you can use a report. Therefore open the transaction SE38 and execute the report ADBC_TEST_CONNECTION.

Select the connection, which you want to test and execute.

As result you will either get a success message.

Testing HANA-DB connection using DBACOCKPIT

In Solution Manger ABAP open transaction DBACOCKPIT. Go to System Landscape > Database Connections > Select your Connection > Select test

Find the connection success or error message below.

Summary

Let´s summarize the contents once again. First of all make sure you have an existing user on your HANA DB. Don´t forget to disable the passwords lifetime, to avoid future connection failures. Enable the SSL encryption to your HANA DB. Depending on whether it is an Single or a Multi Tenancy DB use the right parameters. You can test your connection by using the test function of transaction DBACOCKPIT, or by running the report ADBC_TEST_CONNECTION. Checking this connection can be one step for troubleshooting for monitoring issues.

Notes mentioned in this blog:

Note: 2475246

Note: 2572975

Note: 1983389

Note: 2514150