Installation
This section explains the prerequisites and the detailed steps to install the CT-V for SAP.
Prerequisites
Before integrating CT-V with SAP, it is required to fulfill the following prerequisites:
Obtain the CT-V license file from Thales and install the license file on the Key Manager.
Create an NAE user on the Key Manager.
Create a versioned AES-256 key on the Key Manager with the NAE user as owner.
Create a non-versioned HMACSHA256 key on the Key Manager.
Create a token vault.
Installing SAPTM
The installation steps for integrating CT-V with SAP are divided into two broad areas as mentioned below:
CT-V Installation: This step installs CT-V for SAP. Refer to Installing CT-V for details.
Installation of SAP Binaries: This step installs the SAP binaries for CT-V. Refer to Installing SAP Binaries for details.
Before starting the installation, make sure to START the SAP instance on the SAP Microsoft Management Console (SAP MMC) as displayed in the following screen:
The "TMSAP 0" is a user created instance. The instance name may differ in other SAP installation. The green color icon against "TMSAP 0" depicts the running state of this instance.
Installing CT-V
Follow below steps to install CT-V:
Navigate to the directory where you have downloaded CT-V.
Unzip the
CipherTrustVaultedTokenization-8.12.4.000.zip
file to install CT-V.Open command prompt and navigate to the
SafeNetTokenization\Tokenization\lib\ext
directory. Run theinstall_sap_tm.bat
to start installation.The license agreement is displayed on the console. Press return/enter to continue or s to skip to the end.
Enter Yes, if you agree to the license terms.
Note
In this step, the installer checks for the encryption policy files (
US_export_policy.jar
andlocal_policy.jar
) for unlimited strength ciphers. You need these to use AES-256 keys. In case the test fails, download the encryption policy files for unlimited strength ciphers and install them inJAVA_HOME/lib/
security. For Java 10, 11, and 17, the encryption policy files are not required to be installed separately.Enter Yes to install CipherTrust Vaulted Tokenization.
By default, the CADP JCE Provider will be installed in the
C:\Program Files\Java\jre1.8.0_281\lib\ext
directory. Enter Yes to install CADP JCE at the default location. Enter No to provide a different installation location.The installer displays the following properties that are required to connect to the Key Manager:
Log_File
NAE_IP.1
NAE_Port
Enter Yes to update the above mentioned properties. Enter No to continue with the existing values.
Provide the directory to install CipherTrust Vaulted Tokenization.
The installer displays the following properties that are required to connect to the token vault:
HostName
PortNumber
DatabaseName
DatabaseType
Enter Yes to update the above mentioned properties. Enter No to continue with the existing values.
The installer prompts you to upgrade token vault schema. Enter Yes to upgrade and No to skip the upgrade.
Enter NAE User name, NAE Password, Database Username and Database Password to test CT-V.
Press y to install the SAP binaries for CT-V.
Installing SAP Binaries
Follow below steps to install SAP binaries:
Enter Yes to install SAP binaries for CipherTrust Vaulted Tokenization.
Provide the installation directory to install the SAP binaries.
Note
You must select a fresh location for a successful installation. If the SAP binaries already exist at the mentioned location, the system will quit installation. You may require to delete the binaries manually.
Enter the following details to run the service:
SAP Server Host Address
SAP Client Host Address
SAP Client user (SAP* user)
SAP Client password
A message “Service is running...” is displayed on the screen.
Removing SAPTM Service
Run the following command to remove the SAPTM service:
TMJavaService.exe -uninstall SAPTM
Testing SAPTM Installation
After CT-V and SAP binaries are installed, you must test the SAPTM Installation. Following are the steps to test it:
Log on to SAP Management Console. The following screen is displayed:
Enter values for the fields Client, User, Password, Language and Transaction.
Click OK to login. Following screen is displayed:
Enter transaction “SM59” in the highlighted text box and press Enter key. The list of RFC Connections appears:
Click on “TCP/IP connections” and then click Create icon (highlighted in the figure below) on toolbar:
The following screen is displayed:
Enter RFC Destination as “SAPTM_DES” in the text box.
On Technical Settings tab, select Registered Server Program option under Activation Type and enter Program ID as
SAPTM_PROGID
.Note
The Program ID must be the same value as the server property value of SAP (
jco.server.progid
): SAPTM_PROGID.Drag down the scroll box (highlighted in figure above) and enter the SAP Server IP and Port in the Gateway Host and Gateway service text box respectively.
Note
Gateway Host must be the same value as configured property in SAP (
jco.server.gwhost
): localhost.Gateway Service must be the same value as configured property in SAP (
jco.server.gwserv
): sapgw00.
Click Connection Test. A dialog box appears confirming about saving the entries.
Click Yes to save the entries. The status bar displays a message Destination SAPTM_DES saved.
Click Connection Test again to test the connection.
Following screen appears displaying the connection status:
Navigate to Windows Services on your system to check the status.
The SAPTM service has status Started. This confirms the connection.