System Monitoring Monthly Tasks

 SAP - General

House keeping – delete old logs, spools if any

Review user ID for Terminated users that should be locked or deleted

Check changeable status for applicable client

SM01
Transaction Codes: Lock / Unlock

Check locked transactions against your list

Database - Oracle

Record database usage and plot database growth

ST04
Database Performance Analysis

Review System performance analysis – Check critical tables for reorganization.

House keeping using SAPDBA, Backup database log files & delete.

Operating System

Backup file server; Review file system usage. Plot usage.

House keeping jobs – Backup system logs, delete core files if any, remove all unwanted files.

SAP R 3 System Parameters Review

 SAP R/3 System Parameters Review

This overview describes how security and controls can be implemented through system parameters. System parameters are used to maintain configuration over the operation of the SAP system. System parameters may define key settings for the whole system on which SAP runs, individual hosts systems (e.g. configuration for only one of many application servers) or the instances that are running on these servers. The majority of system parameters ensure that SAP operates effectively on the customer’s preferred hardware, operating system and database platforms. System parameters also control how SAP operates and provides system wide control over some aspects of Security. System parameters are set using transaction RZ10. To make the parameters globally effective set them in the default profile, DEFAULT.PFL. To make them instance-specific, you must set them in the profiles of each application server in your R/3 System. System parameters can be reviewed with transaction TU02 or from the standard SAP report RSPARAM using transaction SA38.Incorrect Logon, Default Clients and Default Start Menus• Login/fails_to_session_end (default value - 3)defines the number of times a user can enter an incorrect password before the system terminates the logon attempt.• Login/fails_to_user_lock (default value - 12)the number of times a user can enter an incorrect password before the system locks the user. If the system locks, an entry is written to the system log, and the lock is released at midnight.• Login/failed_user_auto_unlock (default value - 1)unlocks users who are locked by logging on incorrectly. The locks remain if the parameter value is 0.This parameter specifies the default client. This client is automatically filled in on the system logon screen. Users can enter a different client.Since release 3.0E, external security tools such as Kerberos or Secude have managed R/3 System access. If this parameter is set, an additional identification can be specified for each user (in user maintenance) where users log on to their security system. To activate, set the value to X.• rdisp/gui_auto_logout (default value - 0)Maximum time allowed between input from the GUI before the frontend is automatically logged out. The value is set in seconds and the value of zero is used when this facility is not active.This parameter specifies the default start menu for all users and can be overwritten with the user-specific start menu (transaction SU50). The default is S000, and this value can be set to any other area menu code.System profile parameters define the minimum length of a password and the frequency with which users must change passwords.minimum password length. The minimum is three characters and the maximum eight characters.• Login/password_expiration_timenumber of days after which a password must be changed. The parameter allows users to keep their passwords without time limit and leaves the value set to the default, 0.• To prevent use of a certain password, enter it in table USR40. Maintain this table with transaction SM30. In USR40, you may also generically specify prohibited passwords.There are two wild-card characters:– * means a sequence of any combination characters of any length– 123* in table USR40 prohibits any password that begins with the sequence 123.– *123* prohibits any password that contains the sequence 123.– AB? prohibits passwords that begin with AB and have an additional character, such as ABA, ABB, and ABC.Securing SAP* user master record• login/no_automatic_user_sapstarBy default SAP is installed with a user master record SAP*. This user has the profile SAP_ALL with access to all transactions and programs in SAP. By default if this user master record is deleted then SAP allows logon using SAP* and a password of ‘PASS’. Although the user master record does not exist, SAP grants unrestricted system access privileges to SAP*. By setting this parameter value to ‘1’ this ‘backdoor’ access is blocked in the event the SAP* user master record is deleted. Prior to version 4.0 this parameter was login/no_automatic_user_sap*.• Auth/check_value_write_on (default value - 0)Authorization failures can be evaluated immediately they occur by running transaction SU53. This functionality is only active if the parameter is set to a value greater than zero in the system profile parameter.• Auth/authorization_trace (version 4.0B onwards - default value - ‘N’)When the parameter is set, any authorization checks performed are validated against existing entries in table USOBX. If the table does not contain the transaction/authorization object combination, then a new entry is added to the SAP reference table (i.e. USOBT not USOBT_C). Due to significant performance issues, SAP does not recommend this parameter being set in customer systems.• Auth/test_mode (version 4.0B onwards - default value ‘N’)When activated every authority check starts report RSUSR400. However SAP recommends not activating this parameter as the system is paralyzed if syntax errors occur in running the report and it has a significant performance impact .• Auth/no_check_on_sucode (version 3.0E to version 3.1H - default value ‘N’), Auth/no_check_on_tcode (version 4.0 onwards - default value - ‘N’)From release 3.0E, the system checks on object S_TCODE. In upgrades from versions prior to 3.0E to set this flag to ‘Y’ to ensure that old profiles operate in the new system. By default, the function is inactive.The flag should not normally be switched on because of the degradation in security that results.• Auth/no_check_in_some_cases (version 3.0F onwards -default value depends on release)This parameter needs to be set to ‘Y’ for installation of the profile generator. It defines the use of table USOBT in the authority checks undertaken and allows authority checks to be disabled in individual transactions. Whilst SAP recommends switching off unnecessary authority checks, the full impact of this should be considered carefully.• Auth/object_disabling_active (default value -‘N’)Whilst_no_check_in_some_cases allows authority checks to be switched off in for individual transactions, this parameter allows checks on individual objects to be switched off globally within SAP. It is recommended that this parameter is not set.Number of Authorisations in User Buffers• Auth/auth_number_in_userbufferWhen a user logs onto SAP, the authorizations contained in the user’s profiles are copied to a user buffer in memory. The maximum number of authorizations copied is set by this parameter. The size of the buffer must always exceed the maximum number of authorizations as authorization checks are made only against those in the buffer.The default value is 800, but this can be set to between 1–2000. Refer to OSS notes 84209 and 75908 for more detailed information regarding changes to the size of the user buffer.Transaction SU56 shows the contents of the user’s user buffer and a total for all the authorizations in a user master record.Table, ABAP and RFC system parameters• Rec/client (default value - ‘N’)The parameter switches automatic table logging on. Images of the table before and after are logged rather than just changes and so consideration to which tables are to be logged and log volumes must be made before using this as part of a control solution.• Auth/rfc_authority_check (default value - ‘1’)The parameter determines how object S_RFC is checked during RFC calls. The object has three fields, activity, the name of the function being called and the function group in which the function resides. The parameter defines whether S_RFC object is checked and if so, whether the function group field is included in the validation.Value = 0, no check against S_RFCValue = 1, check active but no check for SRFC-FUGRValue = 2, check active and check against SRFC-FUGR• Auth/system_access_check_off (default value - ‘0’ - check remains active)This parameter inactivates the automatic authorization check for particular ABAP/4 language elements (file operations, CPIC calls, and calls to kernel functions). This parameter ensures the downward compatibility of the R/3 kernel.• TU02 Shows current parameters for all hosts and gives a history of changes to parameters• RZ10 Maintain system parameters• RZ11 View single system parameters and their functional area.• SU56 Shows all authorizations a user has in their user master record and the total number. This is useful toidentify apparent authorization failures caused by user buffer overflow.RSPARAM displays all system parameters set and applicable to the system and instance in which it is run.From version 4.0 the RSUSR003 report also shows the settings for some of the critical password parameters. The report also shows identifies whether SAP*, DDIC or CPIC have insecure passwords by comparing value of the encrypted password field with the encrypted values of the standard shipped passwords. It also shows whether the SAP* user master record is absent from any clients.

Type of user on SAP system

1. Dialogue:-
For this kind of users:-
GUI login is possible.
Initial password and expiration of passowrd are checked.
Multi GUI logins are checked.
Usage:- These are used for GUI logins.

2. System
For this kind of users:-
GUI login is not possible.
Initial password and expiration of passowrd are not checked.
Usage:- These are used for internal use in system like background jobs.

3. Communication
For this kind of users:-
GUI login is not possible.
Users are allowed to change password through some software in middle tier.
Usage:- These are used for login to system through external systems like web application

4. Service
For this kind of users:-
GUI login is possible.
Initial password and expiration of passowrd are not checked.
Multiple logins are allowed.
Users are not allowed to change the password. Only admin can change the password
Usage:- These are used for anonymous users. This type of users should be given minimum authorization.

5. Reference
For this kind of users:-
GUI login is not ible.
Initial password and expiration of passowrd are not checked.
Usage:- These are special kind of users which are used to give authorization to other users.

System Monitoring Daily Tasks

 SAP Basis - General

Check for lock entries
More info: Sm50/SM66/DB01

Update terminates, update queue, update status. Delete Errors if not required
More info:SM21/ST22

Check System Log, especially errors

Check job log: Delete old jobs from all columns if not required.

Check cancelled/long running jobs
More info: SM21/ST22/DB01/SM66/SM50

Check work processes for error, long running jobs, table usage, exclusive lock wait situation, PRIV mode
More info: SM21/DB01/ST02

Check for spool problems. Look for status other than completed.  

Check critical dumps, error analysis & corrective action 
More info: SM21, SE38

System performance

Review  buffer statistics – check for swap, extended & heap memory
More info: ST03

Review Workload statistics; Go to Performance database -> -> today Check for today’s statistics              More    info: ST02             

Database performance analysis. Check for expensive sqls. Analyse the cost.
More info: DB02

Operating System

Operating system monitor - check CPU utilization, Physical Memory Available, OSCOL running, OS logs 
More info: AL18/RZ20

Database

Check database for free Space and max extents reached. Check growth of table & indexes. Also check for missing indexes and space critical objects

Check daily backups 
executed without errors. Check log of Database & redo logs backup.
More info: DB24/ST04

Database check for error messages or warnings.

The building blocks of SAP Project System

At the highest level of SAP PS, projects are defined and then structured into an organizational form that maps to the specific project.

Work Breakdown Structure
The project is first broken down into work breakdown structures (WBS) which map to specific project deliverables.

Networks
Each WBS can then be broken down into networks of activities.  A network can be thought of as a list of tasks organized into a process flow with specific timing.

Activities
Activities are the key tasks to be completed.  These activities map to internal activities, external activities, cost activities and materials components.

Work Centers
Internal activities are assigned to work centers (resources) to be completed.

A graphical  structure of the PS organization is as follows:

SAP Project System 2008

Managing your SAP Projects is a conference coming up in October. The conference looks interesting for those involved with SAP PS.

They list the following agenda for the sessions at Managing your SAP Projects 2008:

* SAP project management tools

* Organizational change management

* Project strategy and risk mitigation

* Project Management Office (PMO)

* SAP Solution Manager

* Quality assurance and testing

* PMP certification

* Project and post go-live support strategies

* Team building and leadership

* Governance

* Testing

* Managing any size SAP project

* Outsourcing

* Project and system security

* Utilizing Six-Sigma and Lean Methodologies throughout your SAP project

Deploying the SAP Business Objects System tutorial

Deployment is the distribution and arrangement of Business Objects query,reporting and analysis tools within a network infrastructure.Each deployment is different. How your deployment is structured and configured depends on the number of users supported, the type of information access that you want your users to have, the number and types of databases you’re using, the geographical distribution of your company, and so on. Before looking at the specific products Business Objects has to offer, it may be useful to review some basics, and to look at the reasons companies choose Business Objects as their database query, reporting, and analysis tool.

Contents of this Deploying the SAP Business Objects System tutorial
Chapter 1 Introducing BusinessObjects 6.5 23
Standard SQL reporting configurations . 26
The secure Business Objects configuration . . . . . . . 27
What can you do with the Business Objects solution? . . . . . . . . 28
BusinessObjects 6.5 . . . . . . 30
Desktop products 31
Server products . 36
Administration products . . . . 46
Database Access Packs . . . 54
Demonstrations . 55
Developer Suite . 56
Organization of this guide . . 58
How terminology has changed . . . . . . . . 61
Chapter 2 System Architecture and Communication 63
Deployment architectures . . 65
3-tier architecture overview . 67
The client . . . . . . 69
The middle tier . . 70
Database components . . . . 75
What products are associated with each architecture? . . . . . . . 76
What platforms are associated with each architecture? . . . . . . 79
What is a cluster? . . . . . . . . 80
Why use distributed configurations? . . . 82
What is CORBA? 83
The Application Server Framework . . . . 85
How the system accesses data . . . . . . . 89
Chapter 3 How the System Is Administered 93
The Administration Console 95
Administering Broadcast Agent . . . . . . . 98
Monitoring and analyzing system activity . . . . . . . 101
Command-line administration tools . . . 103
Chapter 4 The Repository and Security 105
Data security through the repository . . 107
Repository domains . . . . . . 108
How clients access the repository . . . . 110
Which components access the repository? . . . . . . 113
Using multiple repositories 115
The repository and your data warehouse . . . . . . . 116
How do users access the repository? . 118
Working with or without a repository . . 121
Repository compatibility issues . . . . . . 123
Chapter 5 Deployment Considerations 127
Pre-deployment checklist . . 129
Education: providing the tools to be successful . . . 130
Performance: what is acceptable and how can you attain it? . 131
Server sizing: efficiently supporting peak user activity . . . . . . . 132
Deployment configuration . 133
Data management: making data accessible . . . . . 134
Protecting your system and your resources . . . . . . 135
Users: know their numbers, profiles, groups and rights . . . . . . 136
Documents: what type, how complex? . 140
Load balancing: matching system processes and server resources . . . . . 141
Disaster recovery: what can you do about it? . . . . 142
Deployment procedure . . . . 143
Conclusion . . . . 145
Chapter 6 Modeling your System 147
Designing your architecture 149
Selecting your system’s software . . . . . 153
Selecting your system’s operating system . . . . . . . 154
Deployment models . . . . . . 159
Cluster architecture . . . . . . 161
Repository architecture . . . 166
Database and repository location . . . . . 168
Centralized or decentralized architecture? . . . . . . . 170
Global deployment scenario summary . 182
Chapter 7 Supported Deployment Configurations 183
Terminology . . . 186
Basic 2-tier deployments . . 188
Citrix configurations . . . . . . 190
3-tier architecture overview 192
Combined 2- and 3-tier deployments . 193
Basic intranet deployments 195
DMZ configurations . . . . . . 197
Extranet deployments . . . . 202
Deported application servers . . . . . . . . 208
Reverse proxies . . . . . . . . 211
IP redirectors . . 214
Multiple clusters in an intranet . . . . . . . 218
Single-cluster intranet/extranet deployment options . . . . . . . . 222
Multiple-instance servers under UNIX . 225
Multihomed configurations 227
Multilingual configurations using Unicode . . . . . . . 230
Heterogeneous clusters . . 232
Deployment configuration summary . . 234
Part III Practical Deployment Specifics
Chapter 8 From Development to Production 239
The development lifecycle . 241
Planning the pre-production environment . . . . . . . 246
Creating the lifecycle environments . . 252
Migrating between environments . . . . 261
Planning and building the production environment 265
Chapter 9 Overall Deployment Checklist 267
Setting up a Windows deployment . . . 269
Setting up a UNIX deployment . . . . . . 274
Setting up a heterogeneous deployment . . . . . . . . 280
Chapter 10 Implementing Supported Deployment Configurations 287
Installation and configuration for all 3-tier deployments . . . . . . 289
Implementing a Citrix configuration . . . 294
Implementing a basic intranet deployment . . . . . . . 298
Implementing a DMZ configuration . . . 299
Implementing an extranet deployment . 302
Implementing a deported application server . . . . . 307
Implementing an IP redirector . . . . . . . 311
Implementing a multihomed configuration . . . . . . . 319
Implementing a multiple-instance UNIX configuration . . . . . . . 321
Implementing heterogeneous clusters . 323
Implementing a single web server for intranet and extranet users . . . . . . . 325
Implementing Unicode corporate databases . . . . . 326
Chapter 11 Deploying and Managing the Repository 339
Choosing a repository database . . . . . 341
How much space should you allot for the repository? . . . . . . . 344
The location of repository domains . . . 347
Deploying and using multiple repositories . . . . . . . 349
Optimizing the security domain . . . . . . 352
Making documents available to users of other repositories . . . 353
Changing a cluster’s repository . . . . . . 354
Chapter 12 Deploying Specific Components and Products 355
Overall 3-tier deployment guidelines . . 357
Choosing your applications and how they are deployed . . . . . 362
Deploying Connection Server . . . . . . . 372
Deploying InfoView/WebIntelligence . . 380
Deploying BusinessObjects 391
Deploying Broadcast Agent 399
Deploying Auditor . . . . . . . . 411
Chapter 13 Deploying WebIntelligence for OLAP Data Sources 417
WebIntelligence OLAP server as part of the cluster . . . . . . . . 419
Setting up the dedicated OLAP node . 421
The WebIntelligence cache service . . . 423
The Universal Drill Through Service (UDS) . . . . . . 424
Installing the OLAP services on cluster nodes . . . 425
Configuring the OLAP services on cluster nodes . 427
Defining the OLAP connection in WebIntelligence 437
Part IV Securing the Solution
Chapter 14 Data Security 441
Security at the product feature level . . 444
Data security at the universe level . . . 446
Section and block security at the report level . . . . 462
Chapter 15 Network Security 465
Common protection techniques . . . . . . 467
Appendix A How Products Compare Functionally 475
InfoView vs. WebIntelligence . . . . . . . 477
BusinessObjects: 2-tier vs. 3-tier mode 479
BusinessObjects in 3-tier mode vs. InfoView/WebIntelligence 480
Processing different types of documents in InfoView . . . . . . . 482
Version 2.x/5.x vs. 6.5 . . . . 485

READ / DOWNLOAD THIS SAP PDF GUIDE

SAP Business Objects business intelligence Deployment Diagnostic Tools GuideYour company has bought the Business Objects business intelligence solution. You have deployed at least part of this solution, but are experiencing issues that prevent your users from being able to exploit the Business Objects solution’s full functionality.This guide describes the tools and methods available to you when you need to troubleshoot performance or functional problems encountered while using your Business Objects system. Contents of this SAP Business Objects business intelligence Deployment Diagnostic Tools Guide...

SAP Business Objects Repository Reference PDF GuideThe Business Objects repository is a relational database used to share data among the applications in the Business Objects suite.When it is created, the Business Objects repository is made up of three domains ( the security domain , the document domain, the universe domain ).This document describes the tables in domain and the structure and contents of the tables they contain. Contents of this SAP  Business Objects Repository Reference PDF Guide Chapter 1 The Business...

SQL Server Setup Guide for SAP Business Objects PlanningInstallation, configuration and administration of SQL Server is typically handled by the organization’s Information Technology department. Business Objects Planning Support is also available to assist you with issues relating to use of SQL Server with Business Objects Planning. This PDF study material provides details about SQL Server Setup Guide for SAP Business Objects Planning Contents of this Guide Introduction SQL Server Versions . . .5 Intended Audience . . . . .5 Technical Requirements .5...

SAP Business Objects PDF USER Guide Advanced Analysis, edition for Microsoft OfficeThis guide is intended for users interested in building and analyzing workbooks using SAP BusinessObjects Advanced Analyzer, edition for Microsoft Office. Contents of this SAP Business Objects PDF USER Guide Advanced Analysis, edition for Microsoft Office Chapter 1 About this guide.............7 1.1 Who should read this guide?..........7 1.2 User profiles...7 1.3 About the documentation set.........7 Chapter 2 Getting Started9 2.1 What is SAP BusinessObjects Advanced Analysis, edition for Microsoft Office? .....9 2.2 Working with Advanced...

SAP BusinessObjects Explorer (blade) Administration Tutorial GuideThis guide is for administrators responsible for managing an SAP BusinessObjects Explorer system as part of an SAP BusinessObjects Explorer, accelerated version implementation, which includes SAP NetWeaver BW Accelerator. Contents of this SAP BusinessObjects Explorer (blade) Administration Tutorial Guide Chapter 1 Introduction......7 About this guide.......7 Important SAP Notes.............7 Related guides.........8 Chapter 2 Business Scenarios.....11 End-user features..11 Administration features........12 Key terms.12 Chapter 3 Technical System Landscape...15 Architecture............15 The BI platform......16 The Explorer servers...........17 Supported data providers....17...

SAP Universal Drill Through Service Tutorial GuideThis guide describes the Universal Drill Through Service and associated tool, UDS Designer.Universal Drill Through Service (UDS) is a technology that allows users to drill down into a WebIntelligence Relational report, or another WebIntelligence OLAP report, from a WebIntelligence OLAP report. With UDS, users can seamlessly carry over their data analysis from report to report. The user selects the cell or cells in the OLAP cube for drilling, and UDS presents them with a list...

SAP Business Information Warehouse Reporting: Building Better BI with SAP BI 7.0This SAP BI book is  aGuide to SAP Business Information Warehouse Give your company the competitive edge by delivering up-to-date, pertinent business reports to users inside and outside your enterprise. SAP Business Information Warehouse Reporting shows you how to construct Enterprise Data Warehouses, create workbooks and queries, analyze and format results, and supply meaningful reports. Learn how to use the BEx and Web Analyzers, Web Application Designer, Visual Composer, and Information Broadcaster. You will also...

BusinessObjects Enterprise Administrator’s Tutorial GuideThis help provides you with information and procedures for deploying and configuring your BusinessObjects Enterprise system. Procedures are provided for common tasks. Conceptual information and technical details are provided for all advanced topics.This help is intended for system administrators who are responsible for configuring, managing, and maintaining a BusinessObjects Enterprise installation. Contents of this BusinessObjects Enterprise Administrator's Tutorial Guide Chapter 1 Getting Started 23 About this help...........24 Who should use this help?...24 About BusinessObjects Enterprise.......24...

Essbase OLAP Access Pack Tutorial GuideOnline analytical processing (OLAP) describes a software technology extracts and presents multidimensional data from different points of view. The Essbase OLAP Access Pack is a tool that lets BusinessObjects users retrieve data from Hyperion Essbase multidimensional servers. An Essbase OLAP server is a data manipulation engine that supports and operates on multidimensional data structures. These data structures are represented by objects that you manipulate with the Essbase OLAP Access Pack.This guide describes the ESSBASE OLAP...

SAP BI (BUSINESS INTELLIGENCE )SAP BUSINESS INTELLIGENCE ( BI ) SAP Business Intelligence (SAP BI) provides a complete view of the company. The solution, which is part of SAP NetWeaver, provides the tools needed to make the right decisions, optimize processes, and measure strategic success: data from all enterprise sources are merged effectively and can be comprehensively analyzed, business-critical factors can be monitored using external and internal benchmarks, the most important KPIs can be passed on to all the...

View the original article here