Plan to deploy Duet Enterprise for SharePoint and SAP Server 2.0

Article
07/24/2014

Applies to: Duet Enterprise for Microsoft SharePoint and SAP Server 2.0

Summary: Learn how to plan a deployment of Duet Enterprise 2.0 in a SharePoint Server 2013 environment.

This article describes the planning that you should do before you begin an installation of Duet Enterprise for Microsoft SharePoint and SAP Server 2.0. The procedures and information presented in this article are listed in the order in which they must be used. All hardware and software must comply with the information found in Hardware and software requirements for Duet Enterprise for Microsoft SharePoint and SAP Server 2.0.

The installation and configuration process will require several hours to complete. You will need to work with your SAP administrator who will provide you with a SAPSSL.cer certificate and the endpoint URLs. You will provide the SAP administrator with two certificates: SharePointSSL.cer and DuetRoot.cer and the publishing URL of your extended SharePoint site. We recommend that you schedule time when both the SharePoint administrator and the SAP administrator are available. In addition to the items listed in this article, you need to review all hardware and software requirements for Duet Enterprise 2.0 and also for all Windows, SQL Server, and SharePoint Server computers that are used for this deployment.

The overall installation and configuration process will proceed in the following order:

We recommend that you obtain and record this information before you begin your deployment. We have provided the following deployment reference table that lists the names of the accounts and service applications described in the Duet Enterprise 2.0 install and configure process.

The Name as documented column in this table contains the names of the items you are tracking while deploying Duet Enterprise. These are the names that are referred to throughout this guide. The Name used column is for your use to record the names of these items.

Table: Deployment reference for Duet Enterprise 2.0

Name as documented	Name used
Secure Store Service Application
EndPoint URL: MetadataURL
EndPoint URL: LsiUrl
Business Data Connectivity Service Application
User Profile Service Application
Certificate: SharePoint SSL
Certificate : SAP SSL
Certificate : Duet Root
Security Account: Duet Admin
Security Account: DuetPublisher
Web Application Name
Web Application URL
Web Application (Extended) URL
Web Application (Extended) Zone
Site Collection: sites/DuetEnterprise2
Site Collection: Team site Template
Site: DuetReportingandWorkflow
Site: Team site Template

In this article:

Endpoint URL requirements
Certificate requirements
Active Directory account requirements

Endpoint URL requirements

Endpoint URLs are URL links that point the SharePoint Server system to specific endpoints in the SAP system and are bound to each imported Business Data Connectivity (BDC) model. These URLs must be obtained from the SAP administrator for each BDC model that you import. There are two URLs for each model:

LsiUrl This is the service URL with which SAP exposes data for a particular feature.
MetadataURL This will be automatically be picked up by the LsiUrl when the command is run.

Certificate requirements

You need three certificates to help secure Duet Enterprise 2.0 communications between clients and the server and between the servers running SharePoint and SAP. These certificates are created during the Duet Enterprise 2.0 installation process on both the SharePoint and SAP systems.

DuetRoot.pfx Created when you configure a root certificate by using the DuetConfig.exe -createselfsignedcertificate command. This certificate is used to create user certificates that are sent to SAP along with end-user requests. The process for creating this certificate must be completed in the following order:
1. Create the certificate as a .pfx file.
2. Configure the certificate. This includes storing it in the Secure Store Service Application.
3. Export the certificate as a .cer file. This is necessary because the SAP system needs the certificate with the public key only.
4. Share the .cer file with the SAP administrator. The SAP administrator will create a trust relationship for this certificate.
SharePointSSL.cer Secures server requests for calls from SAP to SharePoint. This certificate is created on the SharePoint system by using Internet Information Services (IIS) Manager, exported by using the Microsoft Management Console, and shared with the SAP administrator to be trusted in the SAP system.
SAPSSL.cer Secures server requests for calls from SharePoint to SAP. This certificate is created on the SAP system and shared with the SharePoint administrator to be trusted in the SharePoint system.

Active Directory account requirements

Two Active Directory Domain Services (AD DS) accounts are required to install Duet Enterprise 2.0, as shown in the following table.

Table: Domain accounts required to install Duet Enterprise 2.0

Account	Purpose	Requirements
DuetAdmin	Runs Setup.exe Runs DuetConfig.exe commands	A member of the Windows Administrators group on the computer that is running SharePoint Server 2013. A member of the Farm Administrators group on the SharePoint Server farm on which you are installing Duet Enterprise 2.0. Full Control permissions on the User Profile service application is required to configure RoleSync by using the DuetConfig.exe -configurerolesync command.
DuetPublisher	Used by the SAP system to connect to the SharePoint system for pushing reports and workflow notifications.	No permissions need to be set on the SharePoint Server 2013 farm for this account. You must give the name of the account you are using as the DuetPublisher account to the SAP administrator. We recommend that you use an account in AD DS named DuetPublisher. The SAP administrator will map this user account to one or more SAP roles in SAP NetWeaver Gateway that have access to SAP reports. Important This account cannot be the same as the SharePoint farm account or the Managed account assigned to the application pool of the web application using by Duet Enterprise.

DuetAdmin

Runs Setup.exe
Runs DuetConfig.exe commands

A member of the Windows Administrators group on the computer that is running SharePoint Server 2013.
A member of the Farm Administrators group on the SharePoint Server farm on which you are installing Duet Enterprise 2.0.
Full Control permissions on the User Profile service application is required to configure RoleSync by using the DuetConfig.exe -configurerolesync command.

DuetPublisher

Used by the SAP system to connect to the SharePoint system for pushing reports and workflow notifications.

No permissions need to be set on the SharePoint Server 2013 farm for this account.

You must give the name of the account you are using as the DuetPublisher account to the SAP administrator. We recommend that you use an account in AD DS named DuetPublisher. The SAP administrator will map this user account to one or more SAP roles in SAP NetWeaver Gateway that have access to SAP reports.

Important

This account cannot be the same as the SharePoint farm account or the Managed account assigned to the application pool of the web application using by Duet Enterprise.