INTERNAL – AUTHORIZED FOR SAP CUSTOMERS AND PARTNERS

Set Up an SNC-Based SAProuter Connection

Information on setting up a connection for Employee Central
Payroll™ systems hosted on Azure™ & GCP.
TABLE OF CONTENTS
1 INTRODUCTION ................................................................................................................................3
1.1 Supported Scenarios........................................................................................................................3
1.2 Unsupported Scenarios ...................................................................................................................3
2 SNC CONNECTION BETWEEN SAPROUTERS – TECHNICAL DETAILS ........................................4
2.1 SAProuter .........................................................................................................................................4
2.2 SAProuter Registration and Configuration .....................................................................................5
2.3 SNC – Secure Network Communication ..........................................................................................6
2.4 Prerequisites.....................................................................................................................................6
3 INSTALL AND CONFIGURE SAPROUTER .......................................................................................8
3.1 Context..............................................................................................................................................8
3.2 Procedure .........................................................................................................................................8
3.2.1 Linux/Unix-Based Hosts................................................................................................................. 10
3.2.2 Windows-Based Hosts ................................................................................................................... 11
3.3 Network Tests ................................................................................................................................. 11
4 SAP LOGON FOR EMPLOYEE CENTRAL PAYROLL .................................................................... 12
4.1 SAP Logon Configuration .............................................................................................................. 12
4.2 Usage of Connectivity .................................................................................................................... 14
5 CUSTOMER ACCESS TO/FROM PAYROLL SYSTEMS AVAILABLE VIA WEB SERVICES .......... 15
6 IMPORTANT DISCLAIMERS AND LEGAL INFORMATION ............................................................ 15
6.1 Hyperlinks ....................................................................................................................................... 15
6.2 Beta and Other Experimental Features.......................................................................................... 16
6.3 Example Code................................................................................................................................. 16
6.4 Gender-Related Language ............................................................................................................. 16

2
4 INTRODUCTION

This document describes the steps required to set up a secure connection using SNC (Secure Network
Communications) between an Employee Central Payroll customer and SAP.
SAProuter connectivity is primarily needed for the back-end access to Employee Central Payroll systems via
SAP GUI. However, it can also be used for RFC/ALE-based integrations.
For integration scenarios, where it is possible SAP recommends that you use Web Services instead of RFC to
be less dependent on the SAProuter connection.

SAProuter connectivity cannot be used for integration scenarios with HTTP/HTTPS

connections.

4.0 Supported Scenarios

• SAP GUI communication through the SAProuter (to the message server and/or SAP dispatcher)
• RFC communication between systems or between RFC client and Gateway
• Support connections from SAP to customers. For support purposes SAP enables the transfer of other
protocols through special, proprietary precautions, but these are not appropriate for production operation and
are not released.

4.1 Unsupported Scenarios

• Communication between server components with HTTP-based protocols through the SAProuter (e.g. Web
service calls through HTTP)
• Communication from a user interface such as the browser or the Business Client through SAProuter to an
application server (e.g., Web Dynpro or BSP-based applications)
• Binary protocols (e.g., terminal server, X-server) between communication partners

3
5 SNC CONNECTION BETWEEN SAPROUTERS – TECHNICAL DETAILS

The technical setup consists of at least SAProuter on the customer side, as well as a load balanced SAProuter
on the SAP side. Note that all network devices at SAP are set up as a high availability cluster. For simplicity, the
firewall and Load Balancer are represented as single devices in the figure below.
Figure 1 Connection Diagram

5.0 SAProuter

SAProuter is a software application that provides Application-Level Gateway (ALG) functionality for SAP
application protocols.
Typically, SAProuter is used to provide a remote connection to the SAP support infrastructure. For Employee
Central Payroll connectivity, SAProuter is used only as an Application-Level Gateway.
Once SAProuter is installed, it is possible to use it to connect to the SAP Payroll system. However, make sure
that SAProuter is configured with a public IP address owned by your company. This helps to avoid IP address
conflicts with other customers. As most customers use private IP addresses on their internal systems, this can
be achieved by applying Network Address Translation (NAT).

Please find below outlines comparisons between VPN with SNC based SAProurter.

Topic SNC SAPRouter in DMZ IPSec VPN tunnel

Technology SNC secured SAProuter – SAProuter LAN-to-LAN IPSec VPNs are established
connections are established between SAP between SAP and the customer’s network
and the customer’s SAProuter to provide to provide data confidentiality and integrity
data confidentiality and integrity services. services. These VPNs complement the
State-of-the-art encryption, authentication, leased lines in the current Remote
and access control technology will be Customer Support Network environment.

4
 Topic SNC SAPRouter in DMZ IPSec VPN tunnel
employed. No additional hardware State-of-the-art encryption, authentication,
compared to a leased-line setup is required and access control technology will be
at either end of the connection. employed. VPN equipment is required at
both ends of the connection. The VPN
device at customer’s side must be
reachable from the Internet.

Skillset SAP Basis Expert (End to end SAPRouter Network experts (End to end VPN setup)
setup)

Network team (IP allowing at firewall) SAP Basis (Install SAPRouter, SAPGui)

Hardware Firewall + SAProuter host in DMZ Firewall + SAProuter host + VPN device
Requirements

Network 1 static Public IP address for SAProuter 1 static public IP address for VPN device
Requirements

1 static public IP address for SAProuter

host

Configuration Setup of saprouttab necessary for security. Setup of routing configuration in VPN
Saprouttab influences security strongly as device necessary for security. Saprouttab
access is controlled via saprouttab and influences security less strongly as access
firewall. is controlled via VPN device, SAProuter
software and firewall

Encryption By software By hardware

Key Signed Digital certificates with SAP Router Pre-shared keys exchanged between
management CA authority customer and SAP

Key storage In file system In VPN device

SNC bases SAProuter is traditional based configuration which is being used extensively by all SAP customers in
on-prem and public cloud landscapes. As mentioned above SNC based SAProuter is more efficient in terms of
support, maintenance, configuration, setup, reliability...etc

5.1 SAProuter Registration and Configuration

Ensure that SAProuter is provisioned in the DMZ network that should have a public IP address assigned to it.

Use the template to create SAP support incident to component LOD-EC-GCP-PY-OPS to register SAPRouter IP
and to enable the configuration on the SAP side. SAP GUI access is possible only after the completion of
configuration on the SAP and Customer side.

5
Figure 2 SAP Router Registration Request

Ticket Subject: NGCD- New SNC SAPRouter Setup for Employee Central Payroll System

While SAP is performing SAProuter registration, follow the steps under section 4.2 Procedure below.
Dear SAP Team,
Register SAProuter using the details below which will be used to connect “Employee Central Payroll
Systems hosted in <Azure/GCP>”
5.2 SNC – Secure Network Communication
IP address of the SAProuter computer (*): ___<Mention public IP of SAProuter>______
SNC is usedHost
toname
make of the SAProuter
network computer
connections using (*):
the ___<any
Internet, unique hostname_________
in particular WAN connections, secure. It provides
reliable authentication as well as encryption of the
[Host name is restricted to 16 characters]data to be transferred.
Customer Name:
SAProuter Payroll system
allows SNC ID: Dev/QA/Prod
connections to be set up. The route permission table can be used to specify precisely
whether SNC
Full connections
distinguishedare allowed,
name of theand if so,certificate
applied which ones.(Provide this information if you already have a
SAPRouter IP registered with SAP IT Team):

5.3 Prerequisites
Regards,
XXXXXX
Here are the prerequisites.
• You are using at least version 30 of SAProuter or higher and have an SNC configured using the relevant
guide.
• SAProuter must get started with option -K <SNCname>. These names ensure the authenticity of a host.
• There must be a KT entry in the route permission table of the source host. This causes the connection to
the target host to use the SNC layer.
• Allowlist both primary and disaster sites SAP IP addresses as mentioned below, when applicable. (Only
primary sites IP addresses are tobe allowlisted for DC22- Dubai and DC23- Riyadh)

Primary Datacentre: Frankfurt Google Cloud Platform Data Center - DC55

34.107.112.35, 34.89.141.13, 34.89.143.40

Disaster Recovery: DC56 Europe - West4 Netherlands (Google Cloud Platform )

34.91.42.149 and 34.90.197.160

Primary Datacenter: Virginia Microsoft Azure Data Center - DC64 - Azure - US East2
20.36.216.190 and 20.75.47.175

Disaster Recovery : DC65 - Azure - US-West2 - Washington

20.80.180.191 & 52.137.102.104

Primary Datacenter: Australia Microsoft Azure Data Center - DC66 - Azure - Australia East –
Sydney
20.227.19.131, 20.53.139.250

Disaster Recovery : DC67 - Azure - Australia Southeast - Melbourne

52.255.53.186, 52.189.194.37

6
 Primary Datacenter: DC 22 Dubai
130.214.197.23

Primary Datacenter: DC 23 Riyadh

130.214.223.77

Note : Disaster Recovery Set Up for SAPRouter

SAP has built Disaster Recovery systems at SAP DR sites for every corresponding Employee Central
Payroll Production system. In case of any disaster situation at SAP Production site, customer must be
able to connect to payroll system located in DR site via DR SAPRouter to continue with business run,
until Production system become available. The same configuration details submitted for Production site
SAPRouter would be used for DR site SAProuter configuration also.

We recommend that you always install the latest SAProuter version.

3 SAPRouter PSE certificate generate:

Before starting the SAProuter service, ensure that SAProuter registration is completed via the request described
in section 2.2 SAProuter Registration above. Once it is registered make sure to follow these steps.
1. Go to the portal https://launchpad.support.sap.com/#/saproutercertificate and search for the
SAProuter application and from the list of SAProuters registered to your installation number, choose the
relevant SAProuter.
2. Generate a PSE. You must provide a password, which will be used to create your SAProuter PSE.
3. Download the generated PSE and save it as "local.pse" in the same directory as the sapgenpse
executable.
4. Run the commands below.
• sapgenpse seclogin -p local.pse -x <pse password> -O <user_for _SAProuter>
• sapgenpse get_my_name -v -n Issuer
This command ensures that the issuer of the certificate is from SAProuter CA.
Refer to the SAProuter page for more details - https://support.sap.com/en/tools/connectivity-tools/saprouter.html

7
6 INSTALL AND CONFIGURE SAPROUTER
This section covers the procedure for installing and configuring SAProuter and includes information for both
Linux/Unix and Windows hosts.

6.0 Context
SAProuter related data is available on the SAP Support Portal Home page.

6.1 Procedure
Following are the steps to install and configure SAProuter.

1. Create the subdirectory saprouter in directory /usr/sap/saprouter

2. SAProuter-related data is available on the SAP Support Portal Home page.
• Click on Download SAProuter to download the latest version of the SAProuter software.
according to the operating system of the host that you plan to install SAProuter.
• A-Z Alphabetical List of Products > S > SAPROUTER > SAPROUTER (latest versions) > select
OS from drop-down > select saprouter_XXX-XXXXXXXX.sar > Download Basket button
• A-Z Alphabetical List of Products > S > SAPCRYPTOLIB > COMMONCRYPTOLIB (latest
version) > select OS from drop-down > select SAPCRYPTOLIBP_xxxx-xxxxxxxx.SAR >
Download Basket button
• A-Z Alphabetical List of Products > S > SAPCAR > SAPCAR (latest version)
>your preferred O.S. version > SAPCAR_xxx-xxxxxxxx.EXE
Depending on the operating system, the following steps must be executed from the command
line interface.
3. All downloaded files must be in the same path.
• For example, the path from step 1 above: /usr/sap.
4. Extract all the files in the same path using commands.
• SAPCAR -xvf <SAPCRYPTOLIBP_xxxx-xxxxxxxx.SAR>
• SAPCAR -xvf < saprouter_XXX-XXXXXXXX.sar>

For Windows ensure that downloaded SAPCAR_XXX-XXXXX.EXE file is being used to

unchar the .SAR file.
5.Set the environment variables SNC_LIB and SECUDIR.
• SNC_LIB = <path of COMMONCRYPTOLIB>
(For example, SNC_LIB=/usr/sap/saprouter/libsapcrypto.so in Linux)
• SECUDIR = <Directory of SAProuter>
(For example, SECUDIR=/usr/sap/saprouter in Linux)
Ensure that the sec directory is created if it does not exist. However, it is not mandatory
to use this sec directory. Instead, the same directory (/usr/sap/saprouter) where the
executable is located can be used.

8
6. Create a file saprouttab (without any file extension like .txt) in the folder where executables are
downloaded and maintain the entries below according to your systems location (data center).

Primary Datacenter: DC55 - Frankfurt (Google Cloud Platform )

KT "p:CN=PAYDC55_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" payroll55-osk.sapsf.eu 3299

KS "p:CN=PAYDC55_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" * 3200.3399

S * payroll55-osk.sapsf.eu 3200.3399

D***

Disaster Datacenter: DC56 Europe - West4 Netherlands (Google Cloud Platform )

KT "p:CN=PAYDC56_SR, OU=0001119571, OU=SAProuter, O=SAP, C=DE" payroll56.sapsf.eu 3299

KS "p:CN=PAYDC56_SR, OU=0001119571, OU=SAProuter, O=SAP, C=DE" * 3200.3399
S * payroll56.sapsf.eu 3200.3399
D ***
Primary Datacenter: DC64 - Azure - US East2 – Virginia

KT "p:CN=PAYDC64_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" payroll64-osk.sapsf.com 3299

KS "p:CN=PAYDC64_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" * 3200.3399

S * payroll64-osk.sapsf.com 3200.3399

D***

Disaster Datacenter: D65 - Azure - US-West2 – Washington

KT "p:CN=PAYDC65_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" payroll65-osk.sapsf.com 3299

KS "p:CN=PAYDC65_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" * 3200.3399

S * payroll65-osk.sapsf.com 3200.3399

D***

Primary Datacenter: DC66 - Microsoft Azure - Australia East – Sydney

KT "p:CN=PAYDC66_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" payroll66-osk.sapsf.com 3299

9
KS "p:CN=PAYDC66_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" * 3200.3399

S * payroll66-osk.sapsf.com 3200.3399

D***

Disaster Datacenter: DC67 - Azure - Australia Southeast - Melbourne

KT "p:CN=PAYDC67_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" payroll67-osk.sapsf.com 3299

KS "p:CN=PAYDC67_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" * 3200.3399

S * payroll67-osk.sapsf.com 3200.3399

D***

Primary Datacenter: DC 22 Dubai

KT "p:CN=PAYDC22_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" payroll22-osk.sapsf.com 3299

KS "p:CN=PAYDC22_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" * 3200.3399

S * payroll22-osk.sapsf.com 3200.3399

D***

Primary Datacenter: DC 23 Riyadh

KT "p:CN=PAYDC23_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" payroll23-osk.sapsf.com 3299

KS "p:CN=PAYDC23_OSK, OU=0001119571, OU=SAProuter, O=SAP, C=DE" * 3200.3399

S * payroll23-osk.sapsf.com 3200.3399

D***

Start SAProuter
Context

6.1.0 Linux/Unix-Based Hosts

Start SAProuter using the command below to run in the background.
nohup saprouter -r -K "p:<Full distinguished name of the applied certificate>” &

10
This command can be used to run the service in the background.

Useful commands for Linux/Unix based hosts

• Stop SAProuter using the saprouter -s command.
• Check SAProuter status using the saprouter -1 command.
• Soft shutdown of SAProuter using the saprouter -p command.

6.1.1 Windows-Based Hosts

Start SAProuter using the command below to run in background.
Create a service to start the SAProuter. Execute the command below from the command prompt.
sc.exe create SAPRouter binPath= "<path>\saprouter.exe service -r -W 60000 -R <path>\saprouttab -r -K
^p:<your_distinguished_name>^” start= auto obj= "NT AUTHORITY\LocalService"
(or)
saprouter.exe -r -K “p:<Full distinguished name of the applied certificate>”

Path = Location where the saprouter.exe is extracted.

Parameter = location of the saprouttab file, for example: E:\SAProuter\saprouttab
ForFull
moredistinguished name
details, see SAP = 525751.
note You can find this name from the SAProuter registration certificate.

6.2 Network Tests

To check whether the connection to SAP is working, logon to the command line of the SAProuter server and
navigate to the dedicated SAProuter directory and execute the following commands based on your system’s
location.

PRODUCTION DC55:
niping -c -O -H /H/<local LAN IP of SAProuter>/S/3299/H/34.107.112.35/S/3299
niping -c -O -H /H/<local LAN IP ofSAProuter>/S/3299/H/34.107.112.35/S/3299/H/vaci<payroll
system ID>/S/3200

DISASTER RECOVERY DC56:

niping -c -O -H /H/<local LAN IP of SAProuter>/S/3299/H/34.91.42.149/S/3299
niping -c -O -H /H/<local LAN IPofSAProuter>/S/3299/H/34.91.42.149/S/3299/H/vaci<payroll
system ID>/S/3200 (This command works only when DR site is active)

PRODUCTION DC64:
niping -c -O -H /H/<local LAN IP of SAProuter>/S/3299/H/20.75.47.175/S/3299
niping -c -O -H /H/<local LAN of IPSAProuter>/S/3299/H/20.75.47.175/S/3299/H/vaci<payroll
system ID>/S/3200

DISASTER RECOVERY DC56:

Yet to disclose.

11
 PRODUCTION DC66:
niping -c -O -H /H/<local LAN IP of SAProuter>/S/3299/H/20.227.19.131/S/3299
niping -c -O -H /H/<local LAN IP SAProuter>/S/3299/H/20.227.19.131/S/3299/H/vaci<payroll
system ID>/S/3200

DISASTER RECOVERY DC67:

Yet to disclose.

**Other Datacenter Network test comamnd will be disclosed shortly.

7 SAP LOGON FOR EMPLOYEE CENTRAL PAYROLL

SAP Logon is used to initiate a user session to your Employee Central Payroll system. Not all logon pads are
available for cloud customers.
To install the SAP GUI for Windows for Employee Central Payroll systems, go to the ONE Support Launchpad
. GUI versions are backward compatible. The supported version of GUI that can be used for Employee Central
Payroll systems available are SAP GUI FOR WINDOWS 7.50 CORE and SAP GUI FOR WINDOWS 7.60
CORE.
Customers can download either version.

7.0 SAP Logon Configuration

To complete your SAP Logon configuration, you need the information regarding Application Server Name and
System ID that has been provided to you in the system handover mail.

The SAProuter String value depends on both the IP address of your SAProuter as well as the location of your
SAP Payroll systems. As mention in below picture configure the settings to achieve logon load balance
connectivity.

12
Connection Type: Group/Server selection
Description: Your payroll Dev/QA/Prod system description
System ID: <SID>
Message server: vacs<sid>
SAProuter : String of SAProuter /H/<cust-IP>/S/3299/H/payroll55-osk.sapsf.eu/S/3299
Group/Server: PUBLIC
Instance number: 00

NOTE: Please ensure that below line is added into your SAPGUI service file in your window host.
Sapms<SID> 3600/tcp #SAP message server port

In case of SAPGUI for Java, ensure below string is maintained for connection type server group
conn=/M/<message server address>/S/<message server port no>/G/<Log on Group name>

13
7.1 Usage of Connectivity

Primary Datacenter: DC55

• SAPGUI from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll55-osk.sapsf.eu/S/3299/H/<payroll-host>/S/3200
• RFC from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll55-osk.sapsf.eu/S/3299/H/<payroll-host>/S/3300
• RFC from SAP Payroll System to Customer ABAP Systems
/H/payroll55-osk.sapsf.eu/S/3299/H/<Customer SAProuter>/S/3299/H/<ABAP server to be connected>

Disaster Datacenter: DC56

• SAPGUI from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll56.sapsf.eu/S/3299/H/<payroll-host>/S/3200
• RFC from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll56.sapsf.eu/S/3299/H/<payroll-host>/S/3300
• RFC from SAP Payroll System to Customer ABAP Systems
/H/payroll56.sapsf.eu/S/3299/H/<Customer SAProuter>/S/3299/H/<ABAP server to be connected>

Primary Datacenter: DC64

• SAPGUI from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll64-osk.sapsf.com/S/3299/H/<payroll-host>/S/3200
• RFC from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll64-osk.sapsf.com/S/3299/H/<payroll-host>/S/3300
• RFC from SAP Payroll System to Customer ABAP Systems
/H/payroll64-osk.sapsf.com/S/3299/H/<Customer SAProuter>/S/3299/H/<ABAP server to be connected>

Primary Datacenter: DC66

• SAPGUI from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll66-osk.sapsf.com/S/3299/H/<payroll-host>/S/3200
• RFC from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll66-osk.sapsf.com/S/3299/H/<payroll-host>/S/3300
• RFC from SAP Payroll System to Customer ABAP Systems
/H/payroll66-osk.sapsf.com/S/3299/H/<Customer SAProuter>/S/3299/H/<ABAP server to be connected>

Primary Datacenter: DC22

• SAPGUI from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll22-osk.sapsf.com/S/3299/H/<payroll-host>/S/3200
• RFC from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll22-osk.sapsf.com/S/3299/H/<payroll-host>/S/3300
• RFC from SAP Payroll System to Customer ABAP Systems
/H/payroll22-osk.sapsf.com/S/3299/H/<Customer SAProuter>/S/3299/H/<ABAP server to be connected>

14
Primary Datacenter: DC23
• SAPGUI from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll23-osk.sapsf.com/S/3299/H/<payroll-host>/S/3200
• RFC from Customer to SAP Payroll System
/H/<Customer SAProuter>/S/3299/H/payroll23-osk.sapsf.com/S/3299/H/<payroll-host>/S/3300
• RFC from SAP Payroll System to Customer ABAP Systems
/H/payroll23-osk.sapsf.com/S/3299/H/<Customer SAProuter>/S/3299/H/<ABAP server to be connected>

**Other Datacenter SAPRouter string will be disclosed shortly.

8 CUSTOMER ACCESS TO/FROM PAYROLL SYSTEMS AVAILABLE VIA WEB SERVICES

The integration between SAP S/4HANA Cloud and SAP SuccessFactors Employee Central Payroll is done via
web service and does not require an SAProuter connectivity.
For more information about the procedure, see the document Integration Between Payroll and Finance.
For more information about the configuration, see the document Setting Up Payroll Processing with SAP
SuccessFactors Employee Central Payroll (1NL) .

Because these configuration steps are customer-specific, they cannot be delivered by SAP
and must be carried out by the customer.

9 IMPORTANT DISCLAIMERS AND LEGAL INFORMATION

9.0 Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:

15
Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree
(unless expressly stated otherwise in your agreements with SAP) to this:
• The content of the linked-to site is not SAP documentation. You may not infer any product claims against
SAP based on this information.
• SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the
availability and correctness. SAP shall not be liable for any damages caused by the use of such content
unless damages have been caused by SAP's gross negligence or willful misconduct.
Links with the icon : You are leaving the documentation for that particular SAP product or service and are
entering a SAP-hosted Web site. By using such links, you agree that (unless expressly stated otherwise in your
agreements with SAP) you may not infer any product claims against SAP based on this information.

9.1 Beta and Other Experimental Features

Experimental features are not part of the officially delivered scope that SAP guarantees for future releases. This
means that experimental features may be changed by SAP at any time for any reason without notice.
Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate, or
otherwise use the experimental features in a live operating environment or with data that has not been
sufficiently backed up.
The purpose of experimental features is to get feedback early on, allowing customers and partners to influence
the future product accordingly. By providing your feedback (e.g. in the SAP Community), you accept that
intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.

9.2 Example Code

Any software coding and/or code snippets are examples. They are not for productive use. The example code is
only intended to better explain and visualize the syntax and phrasing rules. SAP does not warrant the
correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the
use of example code unless damages have been caused by SAP's gross negligence or willful misconduct.

9.3 Gender-Related Language

We try not to use gender-specific word forms and formulations. As appropriate for context and readability, SAP
may use masculine word forms to refer to all genders.

16
www.sap.com/contactsap

© 2021 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.

The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product
specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or
omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if
any. Nothing herein should be construed as constituting an additional warranty.

In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This
document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by
SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-
looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and
they should not be relied upon in making purchasing decisions.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product
and service names mentioned are the trademarks of their respective companies. See www.sap.com/trademark for additional trademark information and notices.