Airgap is a requirement within some organisations with secure networks whereby they cannot allow changes to be electronically transmitted from development to their production systems. It is typically found in industries such as the public sector, aerospace and defence, exploration and energy. In an SAP context, an Airgap typically means that following Development or QA or Regression testing, the SAP transport files need to be downloaded to some external media (disk, USB drive, DMZ) and then physically moved and uploaded to the production system side of the Airgap for import there.
High Side / Low Side
The key principle of the ActiveControl Airgap solution is the presence of two Domain Controllers, one on the Low side and one on the High side.
- The Low side is the Dev instance
- The High side is the (main) Production instance.
- Information is passed from one AC instance to the other in order to manage the complete flow of change.
Figure: Airgap within ActiveControl
Configuring Airgap
Airgap usage requires the configuration of various ActiveControl tables, and the scheduling of several programs.
Table /BTI/TE_TVARV
Standard configuration table /BTI/TE_TVARV is used as part of Airgap configuration, with various new variables used to achieve the required scenarios.
1) Path location of files
Configuration, Business Task and Transport Form related files will be written to a (user configurable) location as part of the solution. This is done via the TE_AIRGAP_OUTBOX variable on both the Low and High side.
2) Send Business Task and Configuration from High Side to Low Side
Most Airgap customers will want to create the Business Task on the High Side, and then have this sent over the Airgap to the Low side. This is done via the following configuration on the Low and High side:
High Side: Maintain TE_AIRGAP_ALLOWED_RECIDS_OUT in /BTI/TE_TVARV with value TASK, CONFIGURATION and ACKNOWLEDGE.
Low Side: Maintain TE_AIRGAP_ALLOWED_RECIDS_IN in TVARV with value TASK, CONFIGURATION and ACKNOWLEDGE
3) Create Transport Form on Low Side, send to High Side
Most Airgap customers will want to create the Transport Form on the Low Side, and then send this over the Airgap to the High Side. This is achieved with the following configuration.
Low Side: Maintain TE_AIRGAP_ALLOWED_RECIDS_OUT in /BTI/TE_TVARV with value TRANSPORT and ACKNOWLEDGE in the field low.
High Side: Maintain TE_AIRGAP_ALLOWED_RECIDS_IN in /BTI/TE_TVARV with value TRANSPORT and ACKNOWLEDGE in the field low.
4) Send programs
In order for the value entered in field external system in the AirGap SEND programs to be validated, values must be maintained in /BTI/TE_TVARV.
High Side Configuration:
AIRGAP_ALLOWED_SYS_IN: the systems valid for incoming messages (usually only one). Used to validate the system ID for inbound messages (used to receive tasks on low side and forms on high side)
AIRGAP_ALLOWED_SYS_OUT: the systems valid for outbound messages (usually only one). Used to validate the system for outbound messages (used to send tasks to low side and forms to high side)
Low Side Configuration:
AIRGAP_ALLOWED_SYS_IN: as per above description.
AIRGAP_ALLOWED_SYS_OUT: as per above description.
AIRGAP_ALLOWED_SYS_DECODE: used to validate the system used to decode task IDs (currently only used when sending forms, low side only)
Table: /BTI/TE_AGMSGTYP
For the framework to pick the correct class for every message type, table /BTI/TE_AGMSGTYP will have require entries to be configured. These table entries are shipped as part of the standard ActiveControl software transports. You do NOT need to maintain or change this table manually.
Table: /BTI/TE_INT_SYST
To send Business Tasks or Transport Forms over the Airgap, an integration ID must be defined for both systems in standard Integration table /BTI/TE_INT_SYST.
Table: /BTI/TE_INT_MAPP
As part of Airgap Solution, integration mapping is only required for field PATH for creating a transport form on the low side. All other values such as Groups, Types are same in both system.
Table /BTI/TE_INT_MAPP should be configured on the High side as follows:
Field | Description |
---|---|
EXTSYS_NO | Value configured in table /BTI/TE_INT_SYST |
EXTSYS_NAME | Name: configured in table /BTI/TE_INT_SYST Direction: Inbound (I) Sequence No: Doesn’t have to be in sequence but just to have part of key |
TEFIELDREF & EXTFLD_VAL | Field that needs conversion. Will be same. Refer structure /BTI/TE_ST_IFORM for other fields for transport forms. |
Table: /BTI/TE_INT_CONV
Table /BTI/TE_INT_CONV should be configured on the High side as follows:
Field | Description |
---|---|
EXTFLD_ID | Value of path from other side(LOW) |
EXTFLD_VAL | Value of path in the same system(HIGH) |
Airgap: Programs
After maintaining the aforementioned Airgap configuration tables, several programs also need to be scheduled as part of the Airgap solution.
Program: /BTI/TE_RUAIRGAP_SEND_TASKS
/BTI/TE_RUAIRGAP_SEND_TASKS is used on the Low side to send Business Task information to the High side.
Option | Description |
---|---|
Receiver | Value must be the number configured in table /BTI/TE_INT_SYST on High side. |
Sender | value must be the one configured in table /BTI/TE_INT_SYST on Low side. |
Specify Target and Location for when the transports are ready to send across Airgap. |
Program: /BTI/TE_RUAIRGAP_SEND_CONFIG
Program /BTI/TE_RUAIRGAP_SEND_CONFIG is used to send Groups, Types, Projects and Custom Fields from High Side to Low Side.
It is recommended to check the flag “Only send if changed”. Otherwise, same data will be sent on each run and generates spool.
Program: /BTI/TE_RUAIRGAP_PROCESS_INBOX
Program /BTI/TE_RUAIRGAP_PROCESS_INBOX is used on both the Low side and the High side to create what is required.
Option | Description |
---|---|
SAP Directory name | Directory where all the messages are stored to process. |
No. Retries before error | The number of times the program will try to process the message before changing the status to failed. |
Archive processed & failed msg | (Default) Choosing this will move down the file to the specified path if the message is processed or failed. |
Delete processed & failed msg | Choosing this will delete the file if the message is processed or failed. |
Keep the files | Select this if you want files to remain in the inbox. If the option Keep the files is chosen, it is better to flag the Checkbox ‘Display at least one new file is processed’ when running in background to avoid generating the spool unnecessarily for an already processed/failed messages. |
Post your comment on this topic.