Home
SCP Configurations before Installing Innovapptive Products
This section guides you with the required SCP Configurations before installing Innovapptive Mobile Products.
Configur SCP for Deploying Innovapptive Products
SAP Cloud Platform (SCP) configuration process consists of tasks like validating access to SCP, enabling mobile services, configuring cloud connector and so on.
Establish trust between SCP, Cloud Connector and SAP Gateway
Establish trust between SCP, Cloud Connector and SAP system using self-signed certificates.
Configure SAP system to support principal propagation

Title and Copyright
Copyright and Terms of Use for the Pre-Install or Pre-Upgrade Configurations Guide for mAssetTag, mWorkOrder, mInventory, mServiceOrder, mWorkList and all other solutions of Connected Workforce Platform^TM .
Preface
Understand audience and conventions followed in this document.
Pre-Install or Pre-Upgrade Configurations for Innovapptive Products
This guide contains instructions for pre-install or pre-upgrade configurations for both SCP and SMP environments. Depending on the platform you are on, choose your configuration path.
SCP Configurations before Installing Innovapptive Products
This section guides you with the required SCP Configurations before installing Innovapptive Mobile Products.
- Configure SAP NetWeaver Gateway—BgRFC
- Configure NetWeaver Gateway
  Configure SAP NetWeaver Gateway to define how some settings must work with your existing SAP ECC Business Suite system.
- Configure ECC
  If you have HUB architecture, you must configure ECC.
- Configure Access for Deploying Innovapptive Products
  Understand the roles and access requirements for deploying Innovapptive mobile products.
- Configur SCP for Deploying Innovapptive Products
  SAP Cloud Platform (SCP) configuration process consists of tasks like validating access to SCP, enabling mobile services, configuring cloud connector and so on.
  - All About SCP Data Center
    Access your SCP account based on the region where you are located.
  - Validate access to SCP
    Validate the SCP Access and add members to the team for Administration and Development activities.
  - Enable Mobile Services
    Enable mobile services, if you are logging into SCP for the first time.
  - Install and Configure Cloud Connector
    Cloud Connector connects on-demand applications in SAP Cloud Platform and on-premise systems and lets you the control cloud applications resources. This helps you benefit from existing assets without exposing the entire internal landscape.
  - Establish trust between SCP, Cloud Connector and SAP Gateway
    Establish trust between SCP, Cloud Connector and SAP system using self-signed certificates.
    - Create Self-Signed Root CA for Cloud Connector
      You can use an existing CA to create a self-signed CA. If you are using your own CA, create the certificate of that CA.
    - Create an Intermediate Certificate for Cloud Connector
    - Import Certificate into the Cloud Connector Machine
      Import HCC_CA.crt --- HCC Root CA and intermediate .p12—Intermediate CA with the “KEYCERTSIGN” in the property certificates into the HCC computer.
    - Configure Cloud Connector
    - Configure Access Control
    - Configure SAP system to support principal propagation
    - Create HTTPS Service in SMICM
    - Provide Logon Data
    - Mapping certificates to users
      Map the certificates to respective users using Transaction code: EXTID_DN.
    - Export SAP System Certificates to Cloud Connector
    - Import Cloud Connector Root and Intermediate Certificates to Gateway Trust Store
SMP Configurations before Installing Innovapptive Products
This section guides you with the required SMP Configurations before installing Innovapptive Mobile Products.

Configure SAP system to support principal propagation

The SSL server PSE contains the application server's security information. The PSE needs the information to communicate using SSL as the server component. For each SSL port that is activated (see the profile parameter icm/server_port_<xx>), set up a corresponding SSL server PSE to use.

The server's Distinguished Name is used to identify the server when a connection is established. If you have a system with multiple application server instances, use the following options to resolve the server identity:

Use a single system-wide SSL server PSE where the Distinguished Name is the same for all servers.
Use server-specific SSL server PSEs for individual application servers.
Use a combination of both types. (Some application servers use a system-wide SSL server PSE, and other application servers use server-specific SSL server PSEs.)

Note: Use the trust manager (transaction STRUST) to maintain the PSEs.

SSL Setup—Creating the SSL Server PSE:

Select the SSL Server PSE node.
Click Create.

Figure 1. Create PSE
Enter the Distinguished Name parts for a default SSL server PSE in the corresponding fields. For the default SSL server PSE, use a wildcard character (*) as the host name in the Name field.
For example,
- Name = *.mycompany.com
- Org. (opt.) = Test
- Comp./Org. = MyCompany
- Country = US
The system uses these components to build a default Distinguished Name to use for a system-wide PSE, and to build the server-specific names for individual PSEs.

The SSL Server screen appears where you can specify the individual application servers. Use the default Distinguished Name and system-wide SSL server PSE or individual PSEs. The default Distinguished Name appears in the Default PSE DN field. The server-specific Distinguished Names appear in the table in the Distinguished Name column.

Figure 2. SSL Server

The system creates the SSL server PSEs and distributes them to the individual application servers.