SAP Note Download and Upload Process Impacted

November 4, 2019 Posted by: Mark Mergaerts
sap note-1

SAP Note download/upload only possible for digitally signed notes as of 1/1/2020

As of 1 January, 2020 downloading or uploading SAP notes with the Note Assistant (transaction SNOTE) will work only if SNOTE is able to work with digitally signed notes. Digital signing was introduced to prevent malicious changes to notes (e.g. through spoofing or man-in-the-middle attacks), which could infect the systems where they are applied.

Enabling this feature requires several note implementation and configuration steps. To simplify this work, SAP has released note 2836302 - Automated guided steps for enabling Note Assistant for TCI and Digitally Signed SAP Notes. Implementing this note will install the report RCWB_TCI_DIGITSIGN_AUTOMATION in your system, which will guide you through the steps that will enable SNOTE both for digitally signed notes and for transport-based correction instructions (TCI). The note also contains a PDF guide as attachment providing detailed information on the use of the report and the various actions performed.

Basically the procedure consists of two major phases:

  1. Implementation of the necessary notes (the report will determine which notes are needed based on the current SAP_BASIS version of the system) and installation of the TCI Bootstrap Package with transaction SPAM
  2. Configuration of the network connections to the SAP Support Backbone (the central infrastructure that provides the Support Portal, Maintenance Planner, EarlyWatch Alert and others)

Phase 1 only has to be done once, normally in the development system. The changes are then imported into the quality and production  systems using a Transport of Copies. Phase 2 has to be repeated in every system.

Note: to use the RCWB_TCI_DIGITSIGN_AUTOMATION report , the SPAM version in the system must be >= 71.

As part of the implementation you will have to choose between the different delivery methods for notes (the instructions for each procedure are in the guide). These are the possibilities:

  • SAP_BASIS 740 and higher: use HTTPS (kernel must be 7.42 SP 400 or above); RFC connections will no longer be allowed. Alternatively, you can set up the Download Service (see below)
  • SAP_BASIS 700-731: existing RFC-based download method will continue to work, but in the RFC destinations SAPOSS and SAPSNOTE the user "OSS_RFC" must be replaced with an S-user. Alternatively, you can set up the Download Service
  • SAP_BASIS < 700: no support for digitally signed notes

The Download Service is an application set up on a central server in the landscape (the download server), which connects to the SAP Support Backbone via HTTPS. Other systems in the landscape then connect to the download server via RFC. Setting up a download server is a separate process, for which you need SAP note 2554853 - SAP NetWeaver download service for SAP Notes. This set-up may take some time; therefore it is recommended to identify the download server and carry out the steps of note 2554853 in advance if you choose to use the Download Service.

Information Sources

PDF of the Webinar presentation at https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/knowledge-base/note-assistant/Digitally_Signed_SAP_Notes_Presentation.pdf

Any questions or extra info required on this topic? Please do not hesitate to contact us!

Contact us

 

Mark Mergaerts

Development Manager within Expertum Belgium