Hermes for SAP ECC

Process for installing/updating Hermes for SAP ECC

Hermes Installation

Hermes is distributed as a zip file containing the application files, the nwrfcsdk libraries, and an example production.json file.

  1. Install the latest version of the Hermes installation
    1. Production: Linux - Windows
    2. Development: Linux - Windows
  2. Unzip the distribution to a directory of your choice.
  3. Run Hermes with the included start-up script appropriate for your operating system inside the unzipped directory.
    1. Linux: ./run.sh
    2. Windows: run.cmd

Windows Service

Hermes can be installed to run as a Windows Service.

Installation

  1. Open a command prompt (or PowerShell) with Administrative privileges
  2. Navigate to the Hermes installation directory
  3. Run node.exe dist\win-svc.js install --use-nwrfcdsk

This will install a service named Graphite Hermes and start it

The service name can be configured by setting the windowsServiceName parameter in the production.json configuration file.

Note that any changes to production.json will require a service restart to take effect.

Uninstallation

To uninstall the service, follow the same steps to install the service but run:

node.exe dist\win-svc.js uninstall

System Requirements

Hermes requires the following hardware and software packages

  • Hermes is a nodejs application which comes bundled with the appropriate runtime.
  • Operating System:
    • Windows: x64 (>= Windows 10 or >= Windows Server 2019)
    • Linux: x64 `
      • Distro must include GLIBC version >= 2.28
  • Disk Space: 1GB (300mb for installation and additional space for logging. 10MB of log data is typical per month)
  • Memory: 500 MB of available RAM
  • CPU: Any modern CPU
  • On Windows: A bundled dependency node-rfc requires Microsoft Visual C++ Redistributable 2013 installed.

Updates

Hermes comes bundled with a self-updater that will download the latest Hermes build and install it. The updater will update Hermes in-place, replacing any changed files as necessary.

You can run the updater with the following command:

  • Linux: ./node dist/update.js
  • Windows: node.exe dist\update.js

Logging

Hermes by default logs output to a file in the logs directory. The log file is automatically rotated when the log file size reaches 20 MB. All interface related errors are reported to Graphite and can be viewed in the interfaces administration tool.

Configuration File

This file must be customized to your interface for Hermes to function correctly for all environments. This file includes information such as Graphite API credentials and credentials needed for the Netweaver DSK

The example file included with Hermes includes all parameters.

For example:

{  
    "graphiteApiUrl": "https://app.graphiteconnect.com",  
    "graphiteApiKey": "US12345.c18185d47a79.3c23aaa46caaa90a8aa27f0aaa9fbb67",  
    "graphiteInterfaceName": "sap",  
    "adapterType": "SAP_EH8",  
    "windowsServiceName": "Graphite Hermes",  
    "ECCParams": {  
        "dest": "MME",  
        "user": "IDADMIN",  
        "passwd": "ides123",  
        "ashost": "34.148.95.253",  
        "sysnr": "00",  
        "client": "800",  
        "lang": "EN"  
    }  
}

For SAP ECC interfaces, use the adapterType of SAP_EH8.

Encryption

Due to the sensitivity of the data contained within this file, it is highly encouraged to use this encryption.

A hermes installation includes an encryption utility to manage encrypting and decrypting the production.json file. At runtime, the configuration file will be decrypted in memory, without writing the decrypted file to disk.

The provided utility uses AES 256 CTR encryption using the NodeJS Crypto Library.

Encryption Key

Hermes requires a key in order to decrypt the configuration file. You can supply this key to Hermes in several ways:

  • An environment variable (HERMES_ENCRYPTION_KEY)
    • This option allows Hermes to start as a service without user interaction.
  • An interactive CLI program
    • This option requires users to run a CLI command every time hermes restarts, prompting that user for the encryption key. The CLI will send the key to the running Hermes process which can then decrypt the configuration file and continue operation. If the configuration file is encrypted, Hermes will block until it receives the key.

CLI Usage

Encryption

To encrypt the config file, use the following commands:

  • Windows: node.exe dist\encryption.js --encrypt
  • Linux: node dist/encryption.js --encrypt

This command will encrypt the configuration file with the provided key (either the HERMES_ENCRYPTION_KEY or prompt for the key). The encrypted file will be renamed to production.json.encrypted

Decryption

To decrypt an encrypted config file, use the following commands:

  • Windows: node.exe dist\encryption.js --decrypt
  • Linux: node dist/encryption.js --decrypt

This command will decrypt the configuration file with the provided key (either the HERMES_ENCRYPTION_KEY or prompt for the key). The decrypted file will be renamed to production.json

Provide

To provide the key to the process if installed as a windows service, run the following command:

  • node.exe dist\encryption.js --provide

This command will pass the provided key to the executing service, which will attempt to decrypt the config file in memory. This file will not decrypt the file onto the disk.

SAP Authentication

Hermes connects to SAP using the NetWeaver RFC Software Development Kit (nwrfcsdk). This library is developed by SAP and includes a few options for authentication.

Testing Connection

Included with the adapter is a short test script test.js that can be run to quickly test the connection between the adapter and SAP. The script runs the STFC_SRTUCTURE Remote Function Module.

Ensure the sapnwrfc.ini parameters are correct for the SAP environment

navigate to the project directory and run the command:

    export DYLD_LIBRARY_PATH=lib/darwin/nwrfcsdk/lib node test for MacOS
    export LD_LIBRARY_PATH=lib/linux/nwrfcsdk/lib node test for Linux

    For Windows:
        set PATH=%PATH%;C:\lib\win32\nwrfcsdk\lib
        run node test

Security and Permissions

A basic overview of Hermes architecture and components is detailed here:

Network

Hermes makes HTTPS requests to the Graphite Public API. These are long-polling requests that occur approximately once per minute. In a production environment, the application must be able to make egress network connections to the domain api.graphiteconnect.com.

Hermes connects to SAP via the TCP RFC connections, typically on port 3300. Hermes must reside on a system with network access to SAP and the RFC port, as defined in the sapnwrfc.ini file.
SAP

Authentication

Hermes requires an SAP username and password which lives in the sapnwrfc.ini file. This is a standard SAP defined file format that external programs must use when using the NetWeaver SDK.

Communication

Hermes communicates with SAP using the ABAP remote function module ABAP4_CALL_TRANSACTION and passes a table with all vendor information mapped and required by SAP. The function module passes the TCODE parameter values XK01, XK02 and XK05 to create, update, and block vendors respectively.