หน้านี้ยังไม่พร้อมใช้งานในภาษาท้องถิ่นของคุณ เรากำลังพยายามอย่างหนักเพื่อเพิ่มเวอร์ชันภาษาอื่น ๆ เพิ่มเติม ขอบคุณสำหรับการสนับสนุนเสมอมา
- What's New
- SAP on Cloud Technology Poster
- SAP Deployment Guide
- Data Provider for SAP User Guide
- SAP HA and DR Guide
- SAP Security White Paper
- SAP HANA Overview
-
SAP HANA User Guide (Single Node)
- Introduction
-
Deployment
- Scheme
- Data Planning
- Preparing Resources
- Creating ECSs
- Installing SAP HANA (Single-Node Deployment Without HA Required)
-
Installing SAP HANA (Single-Node Deployment with HA Required)
- Formatting a Disk
- Installing the SAP HANA Software
- Installing the SAP HANA Studio on a Windows ECS
- Installing the SAP HANA Studio on a Linux ECS
- Connecting SAP HANA Nodes to the SAP HANA Studio
- Configuring the Backup Path
- Configuring the System Replication
- Configuring HA on SAP HANA Nodes
- Configuring SAP HANA Storage Parameters
- Installing Data Provider
- Configuring iSCSI (Cross-AZ HA Deployment)
- Management and Monitoring
- Backing Up and Restoring Data
- FAQs
- Appendix
- Change History
- SAP HANA HA and DR Guide
- SAP NetWeaver User Guide
-
SAP Application AS User Guide
- Overview
- Deployment
- SAP Application AS Management
-
FAQs
- What Is SAP Application AS?
- What Are the Advantages of SAP Application AS?
- What Are Restrictions on Using SAP Application AS?
- How Many AS Policies and AS Configurations Can I Create and Use?
- How Many AS Policies Can Be Enabled?
- How Can I View the Logs of SAP Application AS?
- How Do I Change the CPU Threshold?
- Change History
- SAP S/4HANA Quick Deployment Guide
- SAP S/4HANA HA Deployment Guide
- SAP Business One User Guide
- SAP Business One Quick Deployment Guide
-
Best Practices
- SAP Best Practices
- Huawei Cloud SAP on DB2 Installation Best Practice
- Huawei Cloud SAP on SQL Server Installation Best Practice
-
SAP S/4HANA (1809) HA Deployment Best Practice
- Overview
- Preparations
- Resource Planning
- Resource Creation
- Software Installation
- High Availability Configuration
- Change History
- HUAWEI CLOUD SAP Business One on HANA Installation Best Practice
-
SAP Monitoring Best Practices
- Overview
-
Installing the Monitoring Agent
- SAP HANA (Single-Node Deployment Without High Availability Required)
- SAP HANA (Single-Node Deployment With High Availability Required)
- SAP S/4HANA (Single-Node Deployment Without High Availability Required)
- SAP S/4HANA (Single-Node Deployment With High Availability Required)
- SAP S/4HANA (Distributed Deployment with High Availability Required)
- SAP S/4HANA (Distributed Deployment Without High Availability Required)
- SAP ECC
- (Optional) Upgrading the Monitoring Agent
- Viewing Monitoring Metrics
- Configuring Grafana SAP Full Screen Monitoring
- Alarm Configuration
- FAQs
- Best Practices of SAP Migration to HUAWEI CLOUD
- Best Practice of Using Block-Level Migration of SMS to Migrate SAP Applications and Databases Running on Linux Servers
- Best Practice of SAP Migration from XEN to KVM
- Best Practice of SAP Disaster Recovery with SDRS
- Best Practice of Rsync-based SAP Disaster Recovery
- SAP Backint Installation Guide
- Best Practices for Uploading SAP Backups to the OBS Bucket
- Best Practices of the SAP ASE Solution
- Best Practices of SAP System Capacity Expansion
- Change History
-
FAQs
-
FAQs
- Basic Concepts
-
Purchase
- Why Do I Deploy SAP System on the Cloud?
- What Are the Advantages of Huawei SAP on Cloud Solution?
- What SAP Products Does Huawei SAP on Cloud Solution Support?
- Can I Migrate Local SAP Resources Directly to the Cloud?
- Which Billing Mode Should I Choose When Buying SAP Systems on HUAWEI CLOUD?
- Is SAP Hybris Supported?
- How Do I Ensure the Security of SAP Systems Deployed on HUAWEI CLOUD?
- What Are the Advantages of Deploying SAP HANA on HUAWEI CLOUD?
- What Are the Scenarios Supported by Huawei SAP on Cloud Solution?
- Does HUAWEI CLOUD Sell SAP Software Licenses?
- How Do I Use SAP Software Licenses on HUAWEI CLOUD?
- What Are the Application Scenarios of SAP HANA?
- What OSs Can Be Used by SAP Products on HUAWEI CLOUD?
- Can I Deploy SAP Software on HUAWEI CLOUD Immediately Just After Buying It?
- Can I Migrate SAP Systems on Other Clouds to HUAWEI CLOUD?
-
Products
- What SAP HANA Products Does HUAWEI CLOUD Provide?
- What HANA ECSs Does HUAWEI CLOUD Provide?
- What SAP NetWeaver ECSs Does HUAWEI CLOUD Provide?
- How Do I Deploy SAP NetWeaver on HUAWEI CLOUD?
- How Do I Deploy SAP HANA on HUAWEI CLOUD?
- How Do I Back Up and Restore SAP HANA?
- How Do I Deploy HA and DR Systems?
- How Can I Migrate an Existing SAP System to HUAWEI CLOUD?
- How Can I Do Sizing?
- What Modules Does a Typical SAP System Contain?
- How Many SAP Systems are Required to Support Services?
- How Do I Back Up SAP Systems and the HANA Database on HUAWEI CLOUD?
- How Do I Connect to the SAP System on HUAWEI CLOUD?
- Change History
-
FAQs
- Videos
- Glossary
- General Reference
Copied.
Security Group Rules
SAP HANA Security Group Planning
Table 1 describes the SAP HANA security group rules.
NOTE:
- The network segments and IP addresses are for reference only. The following security group rules are recommended practices. You can configure your own security group rules as needed.
- In the following table, ## stands for the SAP HANA instance ID, such as 00. The instance ID must be the same as that specified during SAP HANA software installation. For details about SAP HANA instance ID planning, see SAP HANA ECS Planning.
- For more information about the specific ports to be accessed by SAP software and security group rules, see SAP official documents.
|
Source/Destination |
Protocol |
Port Range |
Description |
|---|---|---|---|
|
Inbound |
|||
|
Automatically specified by the system |
All |
All |
Security group rule created by the system by default It enables ECSs in the same security group to communicate with each other. |
|
0.0.0.0 |
TCP |
22 |
Allows users to access the SAP HANA Studio using Secure Shell (SSH) protocol. This rule is required only when SAP HANA Studio is deployed on a Linux ECS. |
|
0.0.0.0 |
TCP |
3389 |
Allows users to access the SAP HANA Studio using Remote Desktop Protocol (RDP). This rule is required only when the SAP HANA Studio is deployed on a Windows ECS. |
|
10.0.0.0/24 |
TCP |
80 (HTTP) |
Allows users to access the NAT server using Hypertext Transfer Protocol (HTTP). |
|
10.0.0.0/24 |
TCP |
443 (HTTPS) |
Allows users to access the NAT server using Hypertext Transfer Protocol Secure (HTTPS). |
|
10.0.0.0/24 |
TCP |
1128-1129 |
Allows access to SAP Host Agent using SOAP/HTTP. |
|
10.0.0.0/24 |
TCP |
43## |
Allows access to XS Engine from the 10.0.0.0/24 subnet using HTTPS. |
|
10.0.0.0/24 |
TCP |
80## |
Allows access to XS Engine from the 10.0.0.0/24 subnet using HTTP. |
|
10.0.0.0/24 |
TCP |
8080 |
Allows Software Update Manager (SUM) to access SAP HANA using HTTP. |
|
10.0.0.0/24 |
TCP |
8443 |
Allows Software Update Manager (SUM) to access SAP HANA using HTTPS. |
|
10.0.0.0/24 |
TCP |
3##13 |
Allows SAP HANA Studio to access SAP HANA. |
|
10.0.0.0/24 |
TCP |
3##15 |
Provides ports for the service plane. |
|
10.0.0.0/24 |
TCP |
3##17 |
Provides ports for the service plane. |
|
10.0.0.0/24 |
TCP |
5##13 |
Allows SAP HANA Studio to access sapstartsrv. |
|
Outbound |
|||
|
All |
All |
All |
Security group rule created by the system by default Allows SAP HANA to access all peers. |
SAP S/4HANA Security Group Planning
The security group planning needs to meet the requirements for communication between SAP nodes over the management plane and internal communication plane. You need to configure the security group together with the network department. For details about SAP's requirements for security group rules, see TCP/IP ports used by SAP applications.
You can configure the security group by referring to Table 2.
NOTE:
- Plan the network segments and IP addresses based on the site requirements. The following security group rules are recommended practices. You can configure your own security group rules as needed.
- In the following table, ## stands for the SAP S/4HANA instance ID, which must be consistent with the instance ID specified when the SAP S/4HANA software is installed.
|
Source/Destination |
Protocol |
Port Range |
Description |
|---|---|---|---|
|
Inbound |
|||
|
Automatically specified by the system |
All |
All |
Security group rule created by the system by default It enables ECSs in the same security group to communicate with each other. |
|
10.0.3.0/24 |
TCP |
32## |
Allows SAP GUI to access SAP S/4HANA. |
|
10.0.3.0/24 |
TCP |
36## |
Message Port with profile parameter rdisp/msserv |
|
10.0.3.0/24 |
TCP |
5##13 ~ 5##14 |
Allows ASCS to access SAP application server. |
|
10.0.3.0/24 |
TCP |
33##, 38##, 48## |
Port used by CPIC and RFC |
|
10.0.3.0/24 |
TCP |
22 |
Allows SAP S/4HANA to be accessed using SSH. |
|
10.0.3.0/24 |
TCP |
123 |
Allows other servers to synchronize time with SAP S/4HANA. |
|
Outbound |
|||
|
All |
All |
All |
Security group rule created by the system by default Allows SAP 4/HANA to access all peers. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
