A personal firewall, or intrusion detection/prevention software (IPS
or IDPS), can cause SAP Mobile Platform components to malfunction or not
function at all. SAP Mobile Platform uses regular IP communication
between components on the primary network interface of a computer, even when all components
are installed on the same
host.
If the local network interface is secured by intrusion detection/prevention
software (IPS or IDPS, for example, McAfee Host Intrusion Prevention software or
equivalent), you must configure the security software to allow all network
communication between SAP Mobile Platform components.
For a single-node installation of all of the SAP Mobile Platform
components, try one of these options to work around the limitations imposed by the
host intrusion prevention software and policy settings, without violating any
security policy, until the settings of your security software are adjusted to the
needs of SAP Mobile Platform.
Choose an option:
- Removing the host machine from the network – this option ensures that all
interconnections between SAP Mobile Platform components are
treated as local traffic and is not be flagged as incoming connections from
external sources, thereby causing connection failures due to security policy
setting. This option is suitable when you use your laptop in a network other
than your corporate network, and want to demonstrate a mobile solution using
a simulator or emulator with all components running on the same machine. To
use this option:
- Stop the SAP Mobile Platform services
in the correct order. See Methods for Starting
and Stopping SAP Mobile Platform
in System Administration.
- Disconnect the host from all networks.
- Restart SAP Mobile Platform services
in the correct order.
- Change the SAP Control Center
URL link to use "localhost" or <yourhostname> as the host name, instead of the
original fully qualified host name of the machine that included the
domain name (for example:
https://localhost:8283/scc, or
https://yourhostname:8283/scc). Accept any
security warnings to connect to
SAP Control Center.
- Connecting the host to the corporate network – this option ensures that all
interconnections among SAP Mobile Platform components are
internal to your corporate network and validated against the corporate
network security policy. The option of connecting to corporate network
through VPN is especially suitable when you use your laptop in a network
other than your corporate network, and want to demonstrate a mobile solution
using your physical devices, and need outgoing connections to a backend
Enterprise Information System (EIS) or Relay Server
(SAP Hosted Relay Server or otherwise).
- Stop the SAP Mobile Platform services
in the correct order. See the Methods for
Starting and Stopping
SAP Mobile Platform topic in System Administration.
- Reconnect the host to your corporate network
directly or through corporate VPN, to ensure that the corporate
network security policy applies.
- Restart SAP Mobile Platform services
in the correct order.
- Change the SAP Control Center
URL link to use "localhost" or <yourhostname> as the host name, instead of the
original fully qualified host name of the machine that included the
domain name (for example:
https://localhost:8283/scc, or
https://yourhostname:8283/scc). Accept any
security warnings to connect to
SAP Control Center.
- So required internal component communication ports are not blocked, configuring
the firewall software to allow connections to the ports the SAP Mobile Platform uses. For information
about what ports you must accommodate, see
SAP Mobile Platform Port Accommodation in the
Landscape Design and
Integration guide.