Removing risks and violations in existing SAP Landscape

Similar Messages

• Conectivity between existent SAP Systems and migrated system to MSCS Cluste

  Hi
  I have an existing SAP NW PI 7.0 (Abap + Java on Windows 2003 - SQLServer 2005) and plan to migrate to a cluster with new hardware (MSCS).
  I have to prepare for the installation by creating a homogeneous copy of the database but I'm a little bit confused.
  -Can I use backup/restore method or only can use import/export with R3load tools? The target system is windows and sql server same versions.
  -If I can use backup/restore... what is the rigth sequence to the installation? Can I use sapinst with mixed high availability options and System copy options?
  -I need to use in the target system the same hostname and IP address of the actual system, so in the Follow-Up Activities we do not change the configuration between the actual system (SAP NW PI) and other existent systems in the landscape... but I do not know what is the location in the cluster to this hostname and IP:
  *The central instance will be in the local disks in the node 1. Is the node 1 the rigth option to use the hostname and IP of the actual system?
  *The SAP Cluster group has a virtual hostname and IP, it has message and enqueu services. Is the sap cluster group he rigth option to use the hostname and IP of the actual system?
  How is the communication between the other systemas and the new clustered system?
  Thanks for your help

  Can I use backup/restore method or only can use import/export with R3load tools? The target system is windows and sql server same versions.
  You should follow the SAP guidlines in performing a homogeneous system copy.
  I need to use in the target system the same hostname and IP address of the actual system, so in the Follow-Up Activities we do not change the configuration between the actual system (SAP NW PI) and other existent systems in the landscape... but I do not know what is the location in the cluster to this hostname and IP
  This is not possible.  If you follow the SAP instructions for installing NW 7.0 in MSCS you will create two cluster groups: DBGroup and SAPGroup.  You will therefore have two virtual IP addresses, one for SAP cluster group and one for DB cluster group.  If you retain the current IP address/hostname for the virtual SAPGroup, you will need to follow the SAP guidelines for performing a SAP system copy to find where to change the database hostname/IP addresses to point to your new DBGroup.
  The central instance will be in the local disks in the node 1. Is the node 1 the rigth option to use the hostname and IP of the actual system?
  If you are meaning the ASCS then this should be installed on the disks that are part of the SAPGroup in the cluster.
  If you mean the dialog instance (or the Central Instance of a Java stack) then this can be on a local disk for node 1, and not in the cluster.
  The SAP Cluster group has a virtual hostname and IP, it has message and enqueu services. Is the sap cluster group he rigth option to use the hostname and IP of the actual system
  Yes, this will be the message server host for ASCS.

• How can I remove my account on an iPad and add an existing one

  how can I remove my account on an iPad and add an existing one

  Or, how can I change the account on an existing iPad without restoring / formatting it?

• Best practise for SAP landscape and copyback procedures

  Can i get help on bestpractise for SAP landscape design and copy back procedures .

  Hi. GO to http://help.sap.com/bp/initial/index.htm
  There you find all about BP.
  Regards, Award if helpful

• How can i disable the 'top sites' cleaning history does not remove this and it is confusing and a risk to privacy

  How can i disable the 'top sites' cleaning history does not remove this and it is confusing and a risk to privacy.
  It also serves no purpose as sites i want to keep are bookmarked
  Is there an alternatively an addon for this

  Hi there - nope, this doesnt work either. the options available when I tap and hol are only OPEN IN NEW TAB, SHARE, ADD TO HOME SCREEN
  wayne

• Risk and Controls in SAP ISU - auditing.

  Dear All,
  Could anyone advise what the Key Risks and the Key Controls are in SAP ISU, what the touch points are in the Business Process or point me in the right direction. I would like to do an audit for ISU like I have undertaken in Security and Basis. Is there a risk and control mix? (Not SoD)
  Kind Regards
  Camran

  Here are some points:
  1) Verify FICA with FI
  2) Verify FICA with BW
  3) Verify Billing with BW
  4) Verify Invocing with what has been printed
  These are not standard ISU reports therefore they need to be developed. Usually they are developed using SAP Script based on the audit particular requirements.
  Hope it helps,
  Daniel Toba
  [www.sap-isu.net|www.sap-isu.net]
  sap isu community

• Removal of transit stock and old inventory from SAP

  Dear All,
              How to  Removal of transit stock and old inventory from SAP.
  We had taken an approval for removal of some transit stock and old inventory (366.173 DWT) from SAP as on 31.03.2014.
  We have removed 279.509 DWT and the balance qty cannot be removed from transit/plant inventory
  removed some transit stocks ,but the major
    old inventory viz; at plant 1000 a stock of 15.693 DWT is appearing.
  Thanks
  Teknath

  Hi,
     Please follow the procedure explained in the note:  392205 - Analysis of stock in transit/correction for split valuation and  1727922 - Stock in Transit is not cleared with movement types 557/558 in the transaction MB5T
  Regards,
  AKPT

• To implement SAP HCM module in existing SAP ECC 6.0

  Hi,
  I have SAP ECC 6.0 system already implemented 2 years back.
  I am planning to implement SAP HCM with OM, PA, SAP Time management, SAP PAYROLL in existing SAP ECC 6.0 system.
  I have currently 3 system landscape for SAP ECC.
  I would like to know what change/addition is required in above landscape to implement SAP HCM module in existing SAP ECC 6.0
  Do share your view.
  Regards.

  Hi.
  As per you, Already designed Landscape. Why dont you follow you existing Landscape which is alredy proved for other modules.
  Normally Dev/Quality/Production clients will there..
  If more that depends upon flexibility in Each client and defining different business for testing and production interfaces purpose.
  Better use Existing only remaining modules already sucessfully running in Production Right????

• Best practice SAP landscape

  Hello all,
  I would like to know if there is some kind of best practice regarding SAP landscape in a big company.
  For example is it recommended to have in the landscape a SAP Quality Assurance System open for customizing (transaction SCC4) so that quick customizing tests are performed at any moment, instead of customizing in Development system and then transports in QaS. (this can be very frustrating because for solving and testing an issue it's possible that numerous customizing tasks and reset of customzing is neccessary) ?
  How SAP compliant would this solution be?
  Thank you very much for your help!
  Daniel Nicula

  Hmmm, I do not know exactly if the question can be posed here in GRC related threads.
  But it seemed to me that it is somehow connected.
  Anyway, I agree with you that final customizing should be done in DEV and then transported in QAS.
  What i am not sure is if it is against SAP recommendations to have a QAS opened for customizing and try all the solutions for an issue. And in the end when you are sure of what you want to do and to obtain, then you do the customizing also in DEV and follow the normal transport route.
  Which can be the risks in case you have a QAS opened for customizing?
  Thank you.

• ARQ: Problem with Mitigation of a Risk and Request Rejection at the same time???

  Hi All,
  I have configured my workflow in such a way that, when a request reaches a certain approver (who is authorized to mitigate), he has following options available (we have configured this way):
  1. Submit the Request: This will simply approve the request. But I would NOT want him to approve the request if it has violations. First he should mitigate the risks and then approve the request.
  May I know how I can do it? Is this the correct process?
  2. Reject the Request: If he is not ok, he can reject the request. I am ok with this and no action is required.
  3. Forward the Request: If he needs any business clarifications, he can forward the request to the user's manager before mitigating and approving the request. This is also ok for me.
  4. Mitigate the risk: If a request has risk violations, he can mitigate the risks  by clicking on "Mitigate" button on "Risk Analysis" tab.
  Here is the problem I see. The straight forward what he can do is, mitigate the risks and then approve the request (Submit). However, there is one more option with him and that is, he can mitigate the risks and then changes his mind to reject the request!
  If he rejects the request (after mitigating the risks), the mitigation which was done before, is not "UNDONE". Meaning, that user is mitigated though the request is rejected!
  This is very confusing and this way users are simply mitigated for no reason!
  May I know below things:
  1. What is the best way or practice to mitigate risks in a request?
  2. How above explained problem (for point#4) can be addressed?
  3. How I can stop approving a request if it has violations?
  Please advise on this.
  Regards,
  Faisal

  Hi Faisal,
  I try to answer your question (as always ).
  You can configure that at a specifc stage the approver cannot approve if there are risks. Therefore modify the task settings for all the stages and allow/disallow "approve despite risk". For all stages where approval can be given (like role owner stage) you can activate the button so that it is possible to approve even though risks are coming up.
  To make this setting workable you have also to set parameter 1072 (Mitigation of critical risk required before approving the request) to YES.
  Regarding the mitigation which was set but is obsolet after rejection. There is actually a simple way to remove invalid controls. Run the risk analysis and gather information for "Invalid Mitigating Controls".
  In the result you have the option to change or delete the mitigation.
  Does this answer the question(s)?
  Regards,
  Alessandro

• Change in Active Directory Domain where a SAP landscape is installed

  Dear fellow forum members,
  the IT team of one of our customers is planning a change in their Microsoft Active Domain forest in their LAN: as their SAP ERP systems are all domain installations, they have asked me, as their BASIS consultant, if this activity could harm in any way their SAP landscape.
  The SAP ERP Systems are domain installations on two Windows Server 2008 R2 64 bit hosts.
  This is the activity they plan to do is to replace an old Windows Server 2003 domain controller with a Windows Server 2012 domain controller. These are the steps they will do:
  1) Add the new Windows Server 2012 domain controller to the forest;
  2) Move the main roles from the old Windows Server 2003 domain controller to the new 2012 one, following the procedure recommended by Microsoft;
  3) Remove the old Windows 2003 R2 domain controller from the forest.
  During all the procedure, their current Windows Server 2008 domain controller will remain active and functional. At the end of the procedure, the domain will then be updated to a Windows Server 2008 structure, from the actual 2003.
  I can't see any problem in this procedure: at least one domain controller will always remain active so the SAP users <sid>adm and SAPService<SID> will be able to authenticate on the domain with no interruptions. Also the SAP hosts won't change name, FQDN, IP address or configuration.
  But I'm not a Microsoft AD expert and this procedure can't be tested beforehand, because all the SAP systems belong to the same domain obviously.
  I've searched through the SAP knowledge base and I can't find any note or document that is relevant to this activity.
  I've also opened a ticket to SAP, but they basically replied that the Active Directory is a matter for the Microsoft consultants, not SAP. They also recommended I post my question on the forum so here I am.
  So I'd like to ask you if you foresee any problems with this procedure, and if you can recommend preparation activities or any other kind of precautions.
  Thanks, kind regards.
  M

  Hi Marcello,
  I can tell you that the Network Operations group at my organization have upgraded the domain controllers a few times (Windows 2000 -> Windows 2003, then Windows 2003 -> Windows 2012), and other than some warning about potential disruptions during the maintenance window, they didn't otherwise even include the SAP Basis group in the discussion!  So, it happened, we did nothing special for SAP to prepare (nor afterwards), and basically we didn't even notice.  It made no difference to SAP.  Other aspects of network/domain functionality, especially our Exchange email server, experienced more disruption than SAP did.
  So, in conclusion, I think that your IT team can proceed, and other than keeping an eye on things and testing basic things, like network communication, afterwards, there isn't much you need to do.  Your main concern is that there always be a functioning domain controller (and DNS server).  Do they have a rollback plan if things go south for them?
  Regards,
  Matt

• Agile Development in an SAP Landscape

  My team is looking to shift from a 'regular', waterfall-type development methodology which delivers 2 large functional releases per year to a more flexible, nimble project based approach based on Agile Development methodologies.
  The goal is to be able to treat each project independently from a resource and scheduling perspective - so multiple projects could be underway at any one time but each one potentially running on a different time line.  Of course, life-cycle support for the production environment would be on-going at the same time.
  The problem we face is defining an SAP system landscape that supports this approach and that allows for the management of the inevitable conflicts that will arise when different projects require changes to the same development object.
  I'm interested to hear feedback from anyone who has implemented an Agile Development approach within an SAP environment ( successfully or not ! ) as well as ideas for what a  possible Agile SAP landscape could look like.
  Thanks
  Tim

  Our team has been adopting some agile practices and have seen some great benefits. We have not embraced one methodology entirely (XP, Scrum, etc.).  We're taking bits and pieces that make sense in our environment and adopting them incrementally. 
  Here's an example of some of the things that we're doing:
  1.  Chunking out development tasks.  Basically working with the requirements or functionality that we know and not waiting until every possible scenario is clearly (or not so clearly) defined.  We try to get stakeholders (business users and BPx's) looking at our programs and prototypes often to ensure that we're on the right track.  This chunking out of tasks has been a benefit in that it is easier to manage (from a manager and developer perspective) and it gives us clearly definable goals for what we're shooting for in a fixed time frame (1 week).  We talk individually every day (short spinarounds) to ensure that we're on track and identify any potential risks.
  2.  Modeling of requirements.  This proves extremely valuable to our developers, functional folks, and business users.  This usually involves grabbing a couple of folks and whiteboarding ideas to ensure that everybody has a clear understanding of what is going on.  I will admit that this  we certainly don't do it as much as we should, but it's something that we're working on doing as much as we can.
  3.  Frequent builds/migration.  We currently transport released changes to test every 30 minutes in the ABAP stack.  This allows us as developers to move on to the next task and allows our testers a quicker turnaround of bug fixes and new functionality.  We move production code twice a week.  For the JAVA side, we do a "JIT" build/deployment.  As fixes need to be migrated, we check in/build and deploy.  Since the NWDI is still new to us, we haven't done much investigation on automating this process, but I imagine that we will do so in the future.
  One of the challenges that we ran into was thinking that the code was the only thing that matters (which you might get from some agile camps).  Just because you're modeling and documenting (just enough documentation), does not mean that you're not "agile".  You don't throw out design and analysis just so you can sit down and write code to have something to show somebody.  The collaboration and clarity that agile practices provide is one of the keys to making it successful.
  We started implementing some of these practices in the development group about 8 months ago and since then we've seen some interest/adoption in our project management group and functional teams.  I would imagine that we'll continue to pick and choose practices that work for us...try some out, see what happens, adapt, evolve, etc.  So far so good in my opinion.  From a managment perspective, it really has made it easy to know what people are working on and how productive we can be as a group.  From a developer's perspective, it makes development easier and more fun when you have a clear target in front of you and you can throw out ideas in a modeling session.  From the end user perspective, they seem to like that we can roll out production ready functionality in an incremental way so they don't have to wait 6 months to get something that they can see and use.  From my limited experience, it seems to be a much better way to develop applications.

• Pre Existing SAP XI Adapters

  Are there any pre-existing SAP XI Adapters for the following:
  UGS TeamCenter
  Winsight EVMS
  ARM Risk Management
  PTC Windchill
  DOORS
  MS Office Suite
  Can I use SOAP Adapter for MS Office Suite?

  Find a complete list of SAP and 3rd party adapter at
  http://service.sap.com/xi
  and follow in the menu -> SAP XI in Detail -> Connectivity -> Connectivity SAP XI 3.0
  For SOAP Adapter, well the answer is yes, unless MS Office Suite has some kind of SOAP support that you can handle.
  Hope this helps.
  Alex

• Steps and documentation help in SAP implementation

  Hi Experts,
  I need some documents and documentation help.i have never worked in SAP implementation projects.
  So,any body knows the steps and documentation when implementing SAP.
    please,tell me details and example documents with steps.and tell me the difference between support and implementation.What we will do extrain implementation.
  As a ABAP programmer what can i fill in se38 documentation.
  Please tell me.
  It'll be very helpful to me.
  Thanks in advance.
  Regards,
  Nandha

  Any SAP R/3 implementation is a big effort which is done by a team of experts from different backgrounds, not by an individual. So if you are going to be on a project as technical person, in all probability you will join the team as a member of the technical team during the implementation phase. By this time, the blueprint and design phases would have been almost complete and some standards and procedures with regards to documentation, coding, transports and migration accross systems will have been established.
  A team lead will brief you all the requirements of the project as far as documentation standards are concerned and migration of the objects, testing procedures etc. You don't have to worry about that. This will be specific to the project, so you cannot generalize it and apply it to every project.
  Now the difference between a new implementation and support is that the first one is new one which goes through the phases of blueprinting, design, implementation, testing and go-live. The support phase comes after go-live. You will just be supporting the production system, in that you will be fixing any bugs in the existing programs or change some existing programs to add some more logic or remove some logic, or write new reports or programs as per the users' request.
  Srinivas

• How many NWDI's in your SAP Landscape

  Hi SAPpers,
  we have a reasonable size SAP landscape and our developers do a lot of WebDynPro developments for Portal.
  We are now beginning to integrate CE with NWDI too, but that's a separate story.
  My point is, in our SAP Landscape we have ONE NWDI installed.
  We've just had basically a system down for NWDI for the last 10 days and it has shown us what a single point of failure NWDI is, because, as we have only one NWDI, if it is down, Developers cannot work, and transports cannot be completed.
  Therefore, my question,
  What does everyone else do about this ?
  Should we have a second NWDI, as a warm standby, where, if we lose the main NWDI we then configure the tracks in the standby NWDI and get the Developers to work against that one while we fix the primary NWDI ?
  Is there any guidance from SAP on how many NWDI's to have in a SAP Landscape to stop the NWDI becoming a single point of failure ?
  Others, please be aware of the risks and consequence of only one NWDI in a SAP Landscape.
  Thanks and regards,
  Petr.

  Hi Pascal,
  thank you for your reply.
  High availability of NWDI would not help the problem that recently happened to us, NWDI for various reasons stopped working.
  Hence we need to think about some kind of warm standby NWDI which could be bought up in emergencies, have all tracks configured in probably 12 hours - for ESS etc and then become active while the main NWDI is being repaired.
  NWDI is indeed a single point of failure on its own.
  Kind regards,
  Petr.