In this blog you will find information how to setup a SSL encrypted connection between the SAP Solution Manager and a HANA DB. In a scenario using SAP Solution Manger to monitor the System Landscape a connection must be established between the HANA DB and the ABAP of the Solution Manager. To do this you need to create a connection in the ABAP of Solution Manger, which accesses the HANA DB using the user “DBACOCKPIT”. To guarantee a higher level of security you can enable an SSL encryption for this connection. It is possible to enable SSL connection to all DBs but also for single DBs in a Multi DB Landscape. This blog is focused on enabling SSL connection between SAP Solution Manger and only one single SAP HANA Tenant.
This DB-user must be created previously on the HANA DB. To create this user, you can use a SQL command, HANA Studio or HANA Cockpit. To prevent the connection from errors, caused by expired user password, disable the password lifetime of DBACOCKPIT. You can use the following SQL command:
ALTER USER DBACOCKPIT DISABLE PASSWORD LIFETIME;
To enable the SSL connection between Solution Manager and HANA DB follow the instruction of SAP note: 2475246 (- How to configure HANA DB connections using SSL from ABAP instance). This enables SSL for all DB connections.
In case SSL should only be used for several database connections, please follow the installation instruction of Note 2572975 (- Solman monitoring of only specific HANA DBs using SSL).
Enable SSL Connection to Host Agent
Please follow the instructions in note 2514150 (- SAP Host Agent for SAP HANA: SSL connection to SAP HANA).
Create a DB connection using the correct configuration
In the ABAP of SAP Solution Manger open the transaction DBCO. Find more information in SAP Note - 1983389 (- DBCON entry for SAP HANA).
Enable Change > New Entry
For Multi Tenant HANA DBs you have to create a connection for the System DB and the Tenant itself. In our example we use the following connection parameters.
System DB:
Tenant:
Enter connection parameters in following syntax:
HOST=<host name>:<SQLPort>[,...,<host name>:<SQLPort>][;SCHEMA=<schema>][;CON_PARAM=<dbparam>,...,<dbparam>]
Make sure to set the parameter ENCRYPT=TRUE, for enabling the SSL-connection.
Creating DBCO connection for System DB using SSL
Creating DBCO connection for DB Tenant using SSL
Connection can be found in the DBCO list now.
SSL connection between SAP Solution Manager and HANA DB is enabled.
To test the status of the DB connection you can use a report. Therefore open the transaction SE38 and execute the report ADBC_TEST_CONNECTION.
Select the connection, which you want to test and execute.
As result you will either get a success message.
In Solution Manger ABAP open transaction DBACOCKPIT. Go to System Landscape > Database Connections > Select your Connection > Select test
Find the connection success or error message below.
Let´s summarize the contents once again. First of all make sure you have an existing user on your HANA DB. Don´t forget to disable the passwords lifetime, to avoid future connection failures. Enable the SSL encryption to your HANA DB. Depending on whether it is an Single or a Multi Tenancy DB use the right parameters. You can test your connection by using the test function of transaction DBACOCKPIT, or by running the report ADBC_TEST_CONNECTION. Checking this connection can be one step for troubleshooting for monitoring issues.
Notes mentioned in this blog:
Note: 2475246
Note: 2572975
Note: 1983389
Note: 2514150
Create DBACOCKPIT user
This DB-user must be created previously on the HANA DB. To create this user, you can use a SQL command, HANA Studio or HANA Cockpit. To prevent the connection from errors, caused by expired user password, disable the password lifetime of DBACOCKPIT. You can use the following SQL command:
ALTER USER DBACOCKPIT DISABLE PASSWORD LIFETIME;
Enable SSL connection on all HANA DB
To enable the SSL connection between Solution Manager and HANA DB follow the instruction of SAP note: 2475246 (- How to configure HANA DB connections using SSL from ABAP instance). This enables SSL for all DB connections.
Enable SSL connection for single HANA DBs
In case SSL should only be used for several database connections, please follow the installation instruction of Note 2572975 (- Solman monitoring of only specific HANA DBs using SSL).
Enable SSL Connection to Host Agent
Please follow the instructions in note 2514150 (- SAP Host Agent for SAP HANA: SSL connection to SAP HANA).
Create a DB connection using the correct configuration
In the ABAP of SAP Solution Manger open the transaction DBCO. Find more information in SAP Note - 1983389 (- DBCON entry for SAP HANA).
Enable Change > New Entry
For Multi Tenant HANA DBs you have to create a connection for the System DB and the Tenant itself. In our example we use the following connection parameters.
System DB:
| Host | HOST= hdb-01.sap.test.com |
| User | DBACOCKPIT |
| SQL-Port | 30013;CON_PARAM=ENCRYPT=TRUE,CONNECTTIMEOUT=50000 |
| Parameter | HOST=hdb-01.sap.test.com:30013;CON_PARAM=ENCRYPT=TRUE,CONNECTTIMEOUT=50000 |
Tenant:
| Host | HOST= hdb-01.sap.test.com |
| User | DBACOCKPIT |
| SQL-Port | 30041;CON_PARAM=ENCRYPT=TRUE |
| Parameter | HOST= hdb-01.sap.test.com:30041;CON_PARAM=ENCRYPT=TRUE |
Enter connection parameters in following syntax:
HOST=<host name>:<SQLPort>[,...,<host name>:<SQLPort>][;SCHEMA=<schema>][;CON_PARAM=<dbparam>,...,<dbparam>]
Make sure to set the parameter ENCRYPT=TRUE, for enabling the SSL-connection.
Creating DBCO connection for System DB using SSL
Creating DBCO connection for DB Tenant using SSL
Connection can be found in the DBCO list now.
SSL connection between SAP Solution Manager and HANA DB is enabled.
Testing HANA-DB connection using report
To test the status of the DB connection you can use a report. Therefore open the transaction SE38 and execute the report ADBC_TEST_CONNECTION.
Select the connection, which you want to test and execute.
As result you will either get a success message.
Testing HANA-DB connection using DBACOCKPIT
In Solution Manger ABAP open transaction DBACOCKPIT. Go to System Landscape > Database Connections > Select your Connection > Select test
Find the connection success or error message below.
Summary
Let´s summarize the contents once again. First of all make sure you have an existing user on your HANA DB. Don´t forget to disable the passwords lifetime, to avoid future connection failures. Enable the SSL encryption to your HANA DB. Depending on whether it is an Single or a Multi Tenancy DB use the right parameters. You can test your connection by using the test function of transaction DBACOCKPIT, or by running the report ADBC_TEST_CONNECTION. Checking this connection can be one step for troubleshooting for monitoring issues.
Notes mentioned in this blog:
Note: 2475246
Note: 2572975
Note: 1983389
Note: 2514150
- SAP Managed Tags:
1 Comment
