Heartbleed: SAP Business Intelligence products using APR native Tomcat library affected

SAP has released an advisory on the implications of Heartbleed bug on SAP Business Objects and Business Intelligence products, through SAP note 2003582

According to the note:
Default Tomcat provided by SAP with SAP Business Intelligence products  is not affected by this issue, unless customers explicitly enable SSL using APR native tomcat library.
See http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html and http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html for details on Tomcat SSL configuration.
Open an SAP message on the component XX-SER-BO-SEC if you suspect you are affected.

Here is a simple explanation of this bug

Use this site to check if a website has been fixed or not to know whether to change password now or wait.
You can also use this site to test if the servers are secure right now. It sends a deliberately malformed heartbeat and checks if the server responds with too much information. Keep in mind this tells you nothing about whether or not a previously vulnerable website has changed their x509 certificates and similar information.

Reduce memory footprint of Chrome by disabling Chrome's GPU acceleration

With every new version seems to improve the responsiveness, but at the same time it is getting bloated with each new version release.

One of the tricks to reduce the memory footprint of Chrome is starting it without GPU acceleration by using "--disable-gpu --disable-software-rasterizer" option when launching Chrome. It become nearly as good and you get to free up some memory.

How do IR ID RWB Adapter Engine and Integration Engine register their URLs?

In XI/PI, the URLs used by various components are registered by the individual components in the SLD. These URLs are then used by other components for intra-XI/PI communications. The configurations are stored as follows:

For Integration Repository/Integration Directory/Runtime Workbench the details are configured on Exchange Profile. Following are the most important parameters that define the component URLs:

  • com.sap.aii.connect.directory.name
  • com.sap.aii.connect.directory.httpport
  • com.sap.aii.connect.directory.httpsport
  • com.sap.aii.connect.integrationserver.name
  • com.sap.aii.connect.integrationserver.httpport
  • com.sap.aii.connect.integrationserver.httpsport
  • com.sap.aii.connect.integrationserver.r3.httpport
  • com.sap.aii.connect.integrationserver.r3.httpsport
  • com.sap.aii.connect.repository.name
  • com.sap.aii.connect.repository.httpport
  • com.sap.aii.connect.repository.httpsport
  • com.sap.aii.connect.rwb.name
  • com.sap.aii.connect.rwb.httpport
  • com.sap.aii.connect.rwb.httpsport
  • com.sap.aii.rwb.server.centralmonitoring.name
  • com.sap.aii.rwb.server.centralmonitoring.httpport
  • com.sap.aii.rwb.server.centralmonitoring.httpsport

For Integration Engine, the details are configured in the Business System maintained in the SLD. Edit the Pipeline URL maintained in the Business System if there is a hostname or network change. Check the Pipeline URL maintained in SXMB_ADM --> Integration Engine Configuration. If it is blank, leave it blank. If it incorrect, update it.

For Adapter Engine, the details are configured in "SAP XI AF CPA Cache" or "XPI Service: CPA Cache" service depending on PI release. To check/update it call Visual Administrator or NWA and verify the following properties:

  • SLD.selfregistration.hostName
  • SLD.selfregistration.httpPort
  • SLD.selfregistration.httpsPort

If these values are changed:

  1. Restart the applicatons: "com.sap.aii.af.cpa.app" and "com.sap aii.af.app". Restarting these applications or J2EE engine will re-register the AE URL in SLD. To can check the URL registered in SLD, navigate to "CIM Instances" > "XI Adapter Framework". As part of the "associated instances" you can find e.g. at "XI Adapter Service XIRA -> Associated Instances -> Port for XIRA of af.<SID>.<hostname>"
  2. Call SXI_CACHE transaction and choose Goto -> Adapter-Engine-Cache. You will see the cached URLs for Adapter Engine maintained there. You have to delete those entries by selecting the row and clicking on delete icon. The URLs will re-cached when Integration Engine sends are message to Adapter Engine.

Configure Single Signon on Service Market Place using SAP Passport

SAP Service Marketplace is served by a cluster of servers and while you are browsing through the portal, you might switch to different server. With each time you will be prompted to authenticate yourself. If you want to type in your S-User ID and password each time, you can configure Single Sign-on using SAP Passport (client-certificate that authenticates you) by following these steps:

  1. Login to http://service.sap.com/myprofile and click on "Maintain my Single Sign-On Certificate"

    Maintain my Single Sign-On Certificate
  2. Enter your S-User ID password and click on "Apply for SAP Passport"

    Apply for SAP Passport
  3. Private certificates will be installed in your browser trust store

    SAP Passport installed
  4. Restart your browser and the next the you call SMP you will be able to authenticate using the client certificate.

    SSO in action

Adding multiple printers to a single transport requeset

If you wish to include the printer devices into one transport request: Create a new transport request. Double click on the transport request and go to objects tab. Change to edit mode and then enter the following values to the below fields
  • Project ID: R3TR
  • Object Type: SPDV
  • Object Name: <Printer name>
After you have added all the printers that you wanted to include, save the changes and release the transport.