5 Post-Installation5.1 Post-Install

5 Post-Installation
5.1 Post-Installation Checklist

Post-Installation Checklist
NOTE
In a central system, all mandatory instances are installed on one host. Therefore, if you are
installing a central system, you can ignore references to other hosts.
You have to complete the following post-installation steps, which are described in more detail in the
linked sections:
1. If required, you perform a full installation backup [page 103] immediately after the installation has finished.
2. You check whether you can log on to the application server [page 91].
NOTE
In a distributed or high-availability system you check whether you can log on to every instance
of the SAP system that you installed.
3. You configure user management [page 92].
4. You ensure user security [page 93].
5. You install the SAP license [page 95].
6.
Only valid for: HA (UNIX) |
If you installed a high-availability system, you set up the licenses for high availability [page 95].
End of: HA (UNIX) |
7. You apply the latest kernel and Support Package stacks [page 96].
8. You configure the remote connection to SAP support [page 96].
9. You install the SAP Online Documentation [page 97].
10. You perform initial ABAP configuration [page 97].
11. On the database instance host, you perform the Oracle-specific post-installation steps [page 101].
12. To connect your SAP system to an existing central system landscape directory (SLD), you configure
the connection to a central System Landscape Directory (SLD) [page 102].
13. You implement ERP ABAP Add-On Components [page 103].
14. You perform the client copy [page 103].
15. You perform a full backup of the installation [page 103].
5.2 Logging On to the Application Server
You need to check that you can log on to the SAP system with the standard users, given in the table
below.
5 Post-Installation
5.1 Post-Installation Checklist
2009-05-25 PUBLIC 91/146ABAP Users
User User Name Client
SAP system user SAP* 000, 001, 066
DDIC 000, 001
Prerequisites
■ The SAP system is up and running.
■ You have already installed a front end.
Procedure
Logging On to the ABAP Application Server
1. Start SAP Logon on the host where you have installed the front end as follows:
■ SAP GUI for Windows:
Choose Start All Programs SAP Front End SAP Logon .
■ SAP GUI for Java:
Choose Start All Programs SAP Clients SAP GUI for Java .
NOTE
You can alternatively enter the command guilogon in the SAP GUI installation directory
to start SAP GUI for Java.
The SAP Logon appears.
2. Create a logon entry for the newly installed system in the SAP Logon.
For more information about creating new logon entries, press F1 .
3. When you have created the entry, log on as user SAP* or DDIC.
5.3 Configuring User Management
After the installation of your SAP system has finished, you must decide whether you want to do the
following:
■ Add the system to Central User Administration (CUA)
■ Use Lightweight Directory Access Protocol (LDAP) synchronization
For more information, see the SAP Library at:
http://help.sap.com/nw70 SAP NetWeaver 7.0 Library (including Enhancement Package 1) English SAP
NetWeaver Library SAP NetWeaver by Key Capability Security Identity Management Identity Management for
System Landscapes Integration of User Management in Your System Landscape Adding an ABAP System to Your System
Landscape
5 Post-Installation
5.3 Configuring User Management
92/146 PUBLIC 2009-05-255.4 Ensuring User Security
You need to ensure the security of the users that SAPinst created during the installation. The tables
below at the end of this section list these users:
■ Operating system users
■ SAP system users
During the installation, SAPinst by default assigned the master password to all users created during the
installation unless you specified other passwords.
If you change user passwords, be aware that SAP system users might exist in multiple SAP system clients
(for example, if a user was copied as part of the client copy). Therefore, you need to change the passwords
in all the relevant SAP system clients.
CAUTION
SAPinst applied the master password to users SAP* and DDIC only for SAP system clients 000 and
001, but not to users SAP*, DDIC, and EARLYWATCH in client 066.
Instead, SAPinst always assigns the following passwords to these users in client 066:
SAP*: 06071992
EARLYWATCH: support
See also Master Password in Basic SAP System Parameters [page 39].
RECOMMENDATION
User ID and password are encoded only when transported across the network. Therefore, we
recommend using encryption at the network layer, either by using the Secure Sockets Layer (SSL)
protocol for HTTP connections or Secure Network Communications (SNC) for the SAP protocols
dialog and RFC.
For more information, see:
http://help.sap.com/nw70 SAP NetWeaver 7.0 Library (including Enhancement Package 1) English
SAP NetWeaver Library SAP NetWeaver by Key Capability Security Network and Transport Layer
Security
CAUTION
Make sure that you perform this procedure before the newly installed SAP system goes into
production. For security reasons, you also need to copy the installation directory to a separate,
secure location – such as a DVD – and then delete the installation directory.
Procedure
For the users listed below, take the precautions described in the relevant SAP security guide, which you
can find at http://service.sap.com/securityguide:
Operating System Users
After the installation, operating system users for SAP system and database are available as listed in the
following table:
5 Post-Installation
5.4 Ensuring User Security
2009-05-25 PUBLIC 93/146Operating System and Database Users
User User Name Comment
Operating system user adm SAP system administrator
ora Oracle database administrator (that
is, the owner of the database files)
Oracle database user SAP Oracle database owner (that is, the
owner of the database tables)
SYSTEM Oracle standard database user
SYS Oracle standard database user
OUTLN Oracle standard database user
DBSNMP Oracle standard database user
SAP System Users
After the installation, ABAP system users are available. The following table shows these users together
with recommendations on how you can ensure the security of these users.
ABAP Users
User User Name Comment
SAP system user SAP* User exists in at least SAP system
clients 000, 001, and 066
CAUTION
This user has extensive
authorizations. Make sure
that you assign a secure
password.
DDIC User exists in at least SAP system
clients 000 and 001
CAUTION
This user has extensive
authorizations. Make sure
that you assign a secure
password.
EARLYWATCH User exists in at least SAP system
client 066
SAPCPIC User exists in at least SAP system
clients 000 and 001
More Information
For more information about managing ABAP users, see:
http://help.sap.com/nw70 SAP NetWeaver 7.0 Library (including Enhancement Package 1) SAP NetWeaver
Library Security Identity Management User and Role Administration of AS ABAP
5 Post-Installation
5.4 Ensuring User Security
94/146 PUBLIC 2009-05-255.5 Installing the SAP License
You must install a permanent SAP license. When you install your SAP system, a temporary license
is automatically installed. This temporary license allows you to use the system for only 4 weeks from
the date of installation.
CAUTION
Before the temporary license expires, you must apply for a permanent license key from SAP.
We recommend that you apply for a permanent license key as soon as possible after installing your
system.
Procedure
Install the SAP license as described in the SAP Library at:
http://help.sap.com/nw70 SAP NetWeaver 7.0 Library (including Enhancement Package 1) English SAP
NetWeaver Library Technology Consultant's Guide Cross-NetWeaver Configurations SAP License Keys
Only valid for: HA (UNIX) |
If you have installed a high-availability system, proceed as described in High Availability: Setting Up
Licenses [page 95].
End of: HA (UNIX) |
More Information
For more information about SAP license keys, see http://service.sap.com/licensekey.
5.6 High Availability: Setting Up Licenses
Every SAP system needs a central license, which is determined by the environment of the message
server. Since SAP's high-availability (HA) solution stipulates 2 or more cluster nodes (host machines)
where the message server is enabled to run, you have to order as many license keys [page 95] as you have
cluster nodes.
When we receive confirmation from your vendor that you are implementing a switchover
environment, we provide the required license keys for your system, 1 key for each machine.
SAP has implemented a license mechanism for transparent and easy use with switchover solutions and
clustered environments. Your customer key is calculated on the basis of local information on the
message server host. This is the host machine where the ABAP central services instance (ASCS) runs.
There is no license problem when only the database is switched over.
Prerequisites
The SAP system is up and running.
Procedure
1. Make sure that the ABAP central services instance (ASCS) on the primary host, node A, is running.
5 Post-Installation
5.5 Installing the SAP License
2009-05-25 PUBLIC 95/1462. To find the hardware ID of the primary host, log on to any application server instance of the SAP
system and call transaction SLICENSE.
3. Perform a switchover of the ABAP central services instance (ASCS) to another node in the cluster
and repeat the previous step.
Repeat this for all remaining nodes in the cluster.
4. To obtain the two license keys, enter the hardware IDs for the primary and backup hosts at:
http://service.sap.com/licensekey
5. To import the files containing the two licenses, log on to any application server instance of the
SAP system and call transaction SLICENSE.
6. Perform a switchover of the ABAP central services instance (ASCS) to another node in the cluster
and repeat the previous step.
Repeat this for all remaining nodes in the