Before attempting to add SAP Adaptive Server Enterprise (ASE) database accounts to the Privileged Access Service, you should keep the following requirements in mind:
- You can only use the Privileged Access Service to manage passwords for local database accounts.
- You cannot rotate or manage expired passwords for managed accounts.
- Supported releases are subject to change based on the end of mainstream maintenance date as determined by SAP. For more details about which versions of the SAP ASE database are supported in the current release, see the release notes.
- The computer where the Centrify Connector is installed must have the SAP ASE Data Provider for the .NET client (ADO.NET) installed in the global assembly cache (GAC). For installation details, see Installing ADO.NET with the Centrify Connector. If you download and install the library after you install the Centrify Connector, you should restart the connector before adding the database to Privileged Access Service. If you have an older version of the ADO.NET client library, check the SAP ASE website to see if a newer version is available.
- Privileged Access Service can manage the account password for a standalone SAP ASE servers, or synchronize managed passwords across computers in a Windows cluster.
- Support for password encryption is enabled in the Privileged Access Service SAP ASE plug in. If the SAP ASE server also has password encryption enabled, the password is encrypted before being sent to the server. For additional information on password encryption, see the SAP documentation.
You must install the SAP ASE Data Provider for the .NET client (ADO.NET) on the computer where the Centrify Connector is installed.
To install ADO.NET Data Provider
On the computer where the Centrify Connector is installed, download SDK For SAP ASE 16.0 (Platform: Windows x64).
If you do not have the SDK for SAP ASE 16.0, check the SAP support portal > Software Downloads or contact your SAP support representative.
- Execute setup.exe.
In the installation menu, select Customize installation. Select SAP ASE ADO.NET Data Provider.
After installation, the Data Provider should be registered in the GAC.
If it is not registered in the GAC, see SAP KB article 2139582 for additional information.
Configuring a DNS Alias for SAP ASE Failover Clusters
This section describes how to set the DNS alias when configuring an SAP ASE failover cluster. The configuration requires a DNS alias to map to the primary and secondary node IP address.
Note: You can install the SAP ASE database on a Windows Server but use another Linux server for DNS.
To set the DNS alias on a Windows Server:
- Log in to the DNS Server Administrator.
- Open the DNS Manager.
- Go to Forward Lookup Zones.
- Right-click the target domain and choose New Alias (CNAME).
- Set an alias.
- Input the target FQDN and click OK.
On the machine running the application, open the Command Prompt window as Administrator and enter the command:
run "ipconfig /flushdns"
Ping the alias in FQDN to check the target IP address.