WebSocket RFC (Cloud Connections)
The Cloud Configuration allows on-premise solutions to communicate with Internet based Gimmal Link Enterprise servers over HTTPS/SSL.
To allow SSL handshake between SAP and a hosted Link Enterprise Environment we require importing Gimmal Link Enterprise public certificate into SAP's Trust Manager.
- In SAP start the Trust Manager (STRUST)
- Import the Gimmal Link Enterprise public certificate into SSL Client (Standard) (This will enable SAP to identify Gimmal certificate during TLS handshake)
- Enter Change Mode (Ctrl + F1)
- Click SSL Client Standard. Click Import and select the Gimmal Link Enterprise public certificate provided. Click Add to Certificate List and Save
The Gimmal Link Enterprise middleware requires an export of the SAP public root certificate for SSL Client and SSL Server. This is to identify the SAP system connecting into the hosted environment.
- In SAP start the Trust Manager (STRUST)
- Export the root certificate from SSL Client (Standard) and SSL Server (Standard).
Click SSL server Standard and double click the subject
- It will be appear in the Certificate section
Scroll down and export (provided below is a sample image) of export icon
- Click SSL server Client and double click the Subject
Scroll down and export the certificate
- Send both certificates to your Gimmal representative
To enable a endpoint for the SAP to connect into the middleware we require an RFC Destination to be created
- Visit transaction SM59
- Click Create and give the destination an appopriate name. An example is Z<TYPE>_<NAME>
Ensure the connection type is type 'W'
- Under technical settings we need to prove the Target System Settings
- For host name enter the provided hostname given to you by your Gimmal Representative
- For port enter the provided port given to you by your Gimmal Representative
- Click the Logon & Security tab and enter Language as EN
- Set the Explicit Client to by Hostname
- Set the Authentication Method to by X.509 certificate
- Under Security Options set to SSL Client (Standard)
- Click Save
- Provide the RFC Destination to your Gimmal representative
The firewall needs to be configured to allow HTTPS traffic through to the Gimmal Link Enterprise server. To find or define these ports:
Inbound Rule
- In SAP, review the value for icm/server_port_x (where x=0,1,2,3...,n) that is used for HTTPS. This port will need to be opened for inbound traffic to the SAP system.
Outbound Rule
- Review the section Setup RFC Destination for the port that has been configured in SM59 for the WebSocket RFC communication to the Gimmal Link Enterprise Server.
- This port will be given to you by the Gimmal representative
To allow quick setup of websocket connetivity we can dynamically change the parameters to quickly confirm connectivity. Work with your SAP BASIS to configure the parameters to hold.
- Enter transacation RZ11.
- Type in rfc/websocket/external_active
- Change the value from 2 to 1. (This will allow us to bypass UCONN and enable logon, even if UCON is not activated and configured)
- Confirm ucon/websocketrfc/active is set to 1.
Configure websockets through rfc destinations in middleware. INI File configuration.
settings | Description | Sample Value(s) |
|---|---|---|
enable websockets | Enable websocket when a websocket connection is required. | true/false |
wsPortClient | SAP client port number. | 44300 |
wsPortServer | middleware port configured to websockets. | 8812 |
wsportHost | SAP host name/ ip address | XX.XX.XXX.XX |