Updating SAP JVM
The SAP JVM is included in all products based on the NetWeaver Application Server Java 7.1. It resides in the sapjvm_5 subfolder which is located under /usr/sap/(SID)/SYS/exe/jvm.
The installation of the SAP JVM is included in the installation of the product. The following procedure describes what you have to do to upgrade to the newest SAP JVM version without upgrading your whole product.
Procedure:
An upgrade to the newest available version is possible by importing SAP JVM patches using the Java Support Package Manager (JSPM). The JSPM applies these patches as “SAP JVM Support Packages” to the software component “SAP JVM”. After deployment to the file system of the NetWeaver Application Server, there is an automatic replication to each server instance using the sapcpe program. In short, applying an SAP JVM patch takes the following steps:
- Download the SAP JVM patch from the SAP Support Portal. E.g., for SAP NetWeaver PI 7.1, navigate along the following path: The file name looks like SAPJVM5_XX-YYYYYYYYY.SAR, choosing the highest available patch level is recommended.
- Logon as <sid>adm.
- Copy the patch in the inbox of the JSPM The default inbox directory is defined by profile parameter DIR_EPS_ROOT.
- Start JSPM and logon as Administrator. Start the process with the following command:
- Windows: <drv:>\usr\sap\<SID>\<INSTANCE><NR>\j2ee\JSPM\go.bat
Unix: /usr/sap/<SID>/<INSTANCE><NR>/j2ee/JSPM/go - In the Select Package Type screen, choose Single Support Packages and Patches (advanced use) and choose Next.
- In the Specify Queue screen, you should be able to see the target patch level for the SAP JVM and it should be higher than the patch level of the current version. Deselect all patches you don't want to install and choose Next.
- In the Check Queue screen, you see the patches you have selected. If you agree, choose Next.
- After the queue has been deployed, you get the Completed screen where the status of the SAP JVM should show DEPLOYED.
- Choose Exit to finish the patch procedure.
Java Cryptography Extension (JCE):
Out of legal reasons, SAP does not deliver the so-called “Java Cryptography Extension (JCE) Jurisdiction Policy” files as part of the SAP JVM. Without these files the cryptography functionality inside the SAP JVM is blocked. Therefore typical usage scenarios requiring cryptography, e.g. communication via HTTPS or storage of information in Secure Storages will not work anymore.
If a JSPM version of 7.10 SP 6 or younger is used to patch an SAP JVM, the policy files are taken from the previously installed version. Otherwise, they have to be copied manually or downloaded and installed separately.
These files, namely local_policy.jar and US_export_policy.jar in directory sapjvm_5/jre/lib/security, can either be obtained from SAP's Service Marketplace (SAP Java Cryptography Extension Jurisdiction Policy) or alternatively from Sun Microsystems at . ; please download the package
0 comments: