(SM-2002) Java Connector Setup

Owned by SNP
Jan 17, 2020
6 min read

Java connector is a component required for connections that either require Kerberos authentication, or connection using JDBC drivers. Follow these steps to properly set up the connector. This Java connector runs as an independent OS process and can be controlled through transaction /DVD/JCO_MNG. Current latest version is 200.

This transaction allows you to link Datavard Java connector to existing SAP RFC and maintain the settings of Datavard java connector. After all required fields are filled and saved, you can click the Restart button to start the Java service. When Java process is running, you can control it across the application servers and display logs.

Setup

This component requires initial setup to be fully functional.

Java version 

An up-to-date Java version should be available to the SAP's <sid>adm user. We recommend the latest Java release.

If Hadoop cluster with Kerberos authentication is the target storage, patched version of Java is required (e.g. Java 8u172).

NOTE: There is a limitation for AIX operating system. Oracle JDK is not available for this platform, thus usual replacement is IBM Java.
This poses certain limitation for Datavard Java Connector, specifically in scenario where Hive connection is facilitated by Zookeeper service. So far the authentication fails when running IBM JRE with Apache Hive driver connecting to Zookeeper. Connection directly to Hive or through a load balancer with IBM JRE is supported using Simba JDBC drivers.

SAP Java Connector library

SAP Java Connector 3.0 library libsapjco3.so, which can be downloaded from the SAP marketplace, needs to be uploaded to the SAP application server. It should be located in the directory referenced by LD_LIBRARY_PATH environment variable of <sid>adm user.

It is recommended to append a shared Datavard directory /sapmnt/<SID>/global/security/dvd_conn to LD_LIBRARY_PATH variable of <sid>adm user and place libsapjco3.so to this directory.
Or you may also copy it directly into the SAP kernel directory, which is by default included in LD_LIBRARY_PATH variable.

If you copy the SAP Java Connector library into the SAP kernel directory, you must ensure the library will be preserved during each SAP kernel upgrade.

$ echo $LD_LIBRARY_PATH /usr/sap/DVQ/SYS/exe/run:/usr/sap/DVQ/SYS/exe/uc/linuxx86_64:/usr/sap/DVQ/hdbclient:/sapmnt/DVQ/global/security/dvd_conn   /sapmnt/DVQ/global/security/dvd_conn/ # ls -l libsapjco3.so -rwxr-x--- 1 dvqadm sapsys 59 Apr  5 15:12 libsapjco3.so

SAP RFC role and user

The Java connector uses a dedicated user in the SAP system for communication. In our reference configuration, we use the username 'hadoop'. This user should be created with the type 'Communications Data' and with authorizations limiting his privileges to basic RFC communication.

Authorization object required is S_RFC with these settings:

  • ACTVT = 16

  • RFC_NAME = SYST, RFC1, SDIFRUNTIME

  • RFC_TYPE = FUGR

Example of custom SAP role in PFCG transaction (Display Authorization Data):

Java RFC

Java RFC by name refers to Datavard Java service which is used for authentication and communication with Hadoop services.

Entries explained:

  • Connection Type – T for TCP/IP Connection

  • Activation Type – select Registered Server Program

  • Program ID – DATAVARD_JAVA_CONN

SAP gateway access

External communication with SAP system goes through the SAP gateway. If SAP system parameter gw/acl_mode is enabled, there are two files (secinfo and reginfo) which limit the access.

In this case a program needs to have granted access either explicitly or by wildcard definition:

  • DATAVARD_JAVA_CONN

More information on the SAP gateway ACL topic can be found on the SAP web site Gateway Security Files secinfo and reginfo.

/DVD/JCO_MNG initial setup

 

  1. Select the latest JCO by double-clicking the row on the left side of the screen

  2. Switch to Edit mode

  3. Click fill default values

  4. Adjust values you want to change

    1. Config

      • Client - the client of SAP technical user used to register on SAP gateway

      • RFC User - username of SAP technical user used to register on SAP gateway

      • Password - hashed password of SAP technical user used to register on SAP gateway. The hash can be created by typing password in the field below and clicking 'Hash' button

      • Install directory - directory on the application server where the application and log files will be generated - can be a physical path or a logical path enclosed in <>, default path </DVD/DEF_JCO_DIR> can be used. After changing this value, you have to click the 'Generate paths' button

      • Java exe - the path to Java executable on the SAP application server

      • Java vendor - Name of Java vendor, ORACLE or IBM (for SAP JVM, or OpenJDK, fill ORACLE)

    2. Dependencies

      • select a library which you want to use with JCO. Base library must always be selected. In case the connection to AWS or GCP is required, library supporting such platform must be selected.

    3. Advanced
      In most scenarios, these settings don’t need to be changed.

      • OS Command for starting java service - name of an OS command for starting Java service (SM69)

      • OS Command for setting access permissions - name of an OS command for setting execution rights (SM69)

      • Max RAM used - maximum amount of RAM used by java service

      • Additional java starting arguments - additional arguments used to start java service

      • Repository destination - destination type

      • Work thread MIN - minimum number of work threads

      • Work thread MAX - maximum number of work threads

      • Connection count - number of connections

      • Peak limit - limit of connections at peak

      • Log4j log level - level of messages collected in logs

      • Log4j log deletion - how long the logs should be archived

      • JAR path - the path where the JAR file will be created

      • Server config path - the path where the server config will be created

      • Destination config path - the path where the destination config will be created

      • Log files path - a directory where the log files will be saved

      • Log4j config path - the path where the log4j config file will be created

  5. Go to the 'General' tab and assign an RFC to the java connector

    • RFC Usage - Defines an RFC that points to this java application.

  6. Save the settings

  7. Start the Java service by clicking the 'Restart' button

                         

The Java service is started with a system command. You can adjust the name of this command in the table Advanced tab. The default name of the command is ZDVD_START_JAVA. In the case the system command doesn't exist, it is created automatically. You can view the system commands through the transaction SM69.

On Linux, another system command is required, which sets executable rights for the configuration files (chmod 755 <filename>). Its name can be adjusted in the Advanced tab.

Central Java instance

It is possible to have a single Java connector running, instead of running one on every application server. To setup such scenario, follow these steps:

  1. If the Java connector is already running on several application servers, stop all instances.

  2. Open the Java RFC destination and fill the Gateway options valid for the desired instance

  3. When you restart transaction /DVD/JCO_MNG, only buttons belonging to the desired application server should be functional and all the other app. servers should be using this connection. Start the connector and all rows in the Connection column should be green.