Guides

Hermes for SAP On-Premise

Installation and configuration guide for Hermes, the graphiteConnect adapter for SAP ECC on-premise systems.

Hermes for SAP On-Premise

Hermes is a lightweight application that you deploy on a server inside your private network, protected by your firewall. It regularly queries the graphiteConnect Public API for supplier updates and synchronizes those updates with your SAP ECC system using RFC function modules.

Hermes only initiates outbound HTTPS connections to the Graphite Public API — it does not open any inbound ports.

Note: For Oracle E-Business Suite integrations, see Hermes for E-Business Suite.

System Requirements

RequirementDetails
Operating SystemsWindows x64 (Windows 10+, Windows Server 2019+) and Linux x64
Linux GLIBCVersion 2.28 or higher
Disk Space300 MB for installation; typically ~10 MB of log data per month
RAM500 MB available
CPUModern CPU (no specific minimum)

Installation

Download

Download the latest stable Hermes release for your platform:

PlatformRelease BuildDevelopment Build (unstable)
Linuxhermes.linux.ziphermes.linux.zip (dev)
Windowshermes.win32.ziphermes.win32.zip (dev)

The zip file contains the application files, the nwrfcsdk libraries, an example sapnwrfc.ini file, and an example production.json file.

Unzip and Run

Unzip to a directory of your choice, then start Hermes using the included startup script:

Linux:

$ ./run.sh

Windows:

C:\Users\Graphite\hermes> run.cmd

Windows Service Installation

To run Hermes as a Windows service:

  1. Open a command prompt or PowerShell with Administrative privileges.
  2. Change to the Hermes installation directory.
  3. Run the install command:
node.exe dist\win-svc.js install --use-nwrfcsdk

This installs a Windows service named "Graphite Hermes" (by default) and starts it immediately. To customize the service name, set the windowsServiceName parameter in production.json.

To uninstall the service:

node.exe dist\win-svc.js uninstall

Configuration: production.json

The production.json file must be present in the working directory when Hermes starts. It controls how Hermes connects to the Graphite Public API and to SAP.

For SAP ECC interfaces, set adapterType to SAP_EH8.

Minimal example:

{
  "adapterType": "SAP_EH8",
  "graphitePublicApi": {
    "url": "https://app.graphiteconnect.com",
    "interfaceName": "your-interface-name",
    "apiKey": "US000000.000000000.000000000000000000000"
  }
}

Refer to the example production.json included in the distribution zip for a full template.

SAP Authentication

Hermes connects to SAP using the SAP NetWeaver RFC SDK (nwrfcsdk). You can configure the SAP connection in two ways:

Option 1: sapnwrfc.ini File

Place a sapnwrfc.ini file in the working directory when Hermes is executed. This is the standard RFC connection file format.

Full documentation on sapnwrfc.ini parameters: https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/48/a88d7f5134307de10000000a42189b/content.htm

Option 2: production.json SAPNWRFC Field

Alternatively, include the SAP connection parameters directly in production.json under the SAPNWRFC field. The field names are identical to those used in sapnwrfc.ini.

This approach allows you to take advantage of the configuration file encryption feature (see Encryption below).

Encryption

The production.json file can be encrypted to protect your API keys and SAP credentials at rest. Hermes uses AES-256 CTR encryption via the Node.js Crypto library.

Providing the Encryption Key

You can provide the encryption key to Hermes in two ways:

  • Environment variable (HERMES_ENCRYPTION_KEY): Allows Hermes to start as a service without user interaction. Set this variable in the service environment.
  • Interactive CLI: Run a CLI command each time Hermes restarts to provide the key interactively.

CLI Encryption Commands

All CLI commands use HERMES_ENCRYPTION_KEY if set, or will prompt for the key.

Encrypt production.json:

node dist/encryption.js --encrypt production.json

Output: production.json.encrypted

Decrypt production.json.encrypted:

node dist/encryption.js --decrypt production.json.encrypted

Output: production.json

Provide key to a running Hermes instance:

node dist/encryption.js --provide

Testing the Connection

A test script is included to verify the connection between Hermes and SAP. It runs the STFC_SRTUCTURE Remote Function Module.

macOS:

export DYLD_LIBRARY_PATH=lib/darwin/nwrfcsdk/lib
node test

Linux:

export LD_LIBRARY_PATH=lib/linux/nwrfcsdk/lib
node test

Windows:

set PATH=%PATH%;C:\lib\win32\nwrfcsdk\lib
node test

Updating Hermes

Hermes includes a self-update program. To update to the latest release:

Linux:

$ ./node dist/update.js

Windows:

C:\Users\Graphite\hermes> node.exe dist\update.js

The updater downloads and applies the latest release build in place.

Logging

Hermes writes log output to:

logs/hermes.YYYY-MM-DD.log

Log files are rotated automatically when a log file reaches 20 MB. All interface-related errors are reported to graphiteConnect and can be viewed in the Interfaces Administration tool.

Network Requirements

ConnectionDetails
Graphite APIHTTPS (port 443) egress to app.graphiteconnect.com. Hermes uses long-polling, approximately once per minute.
SAP RFCTCP connections to SAP, typically on port 3300.

Ensure your firewall allows outbound HTTPS to app.graphiteconnect.com and outbound TCP on the SAP RFC port.

SAP Function Modules Used

Hermes communicates with SAP using the ABAP remote function module ABAP4_CALL_TRANSACTION. It passes vendor data to SAP using the following Transaction Codes (TCODEs):

TCODEAction
XK01Create vendor
XK02Update vendor
XK05Block vendor

SAP requires a username and password for the Hermes service account, configured in sapnwrfc.ini or the SAPNWRFC field of production.json.

Security Architecture

For a detailed overview of the Hermes security architecture, refer to the architecture document provided by graphiteConnect support.

Related Documentation

Updated about 7 hours ago