Showing posts with label MySAP Market Place. Show all posts
Showing posts with label MySAP Market Place. Show all posts

SAP Project Migration to mySAP

SAP Project Migration to mySAP is not truly a technical process of operating a certain upgrade program. It's largely a concept of evolving ERP business processes into collaborative e-business processes and making probably the most of the potential markets created in the Internet economy. Subsequently, a migration to mySAP.com is extra of a conceptual course of, where ERP remains to be the again-workplace and important enterprise software, and new solutions are added and built-in to get better enterprise worth in a extra world economy. There's, nevertheless, the idea of migrating to mySAP.com in terms of licensing, however this process can be better addressed by the SAP gross sales representatives.

The primary query that arises is where SAP R/3 stands in this picture. Taking a look at the evolution of SAP software solutions, it was already 1998 when the New Dimension merchandise had been launched as predecessors to the more comprehensive platform represented by mySAP.com solutions. SAP developed from a single product company (producing R/3) to a world resolution one, but it was still R/3 at the coronary heart and heart of the picture.According to SAP, R/3 is now one very important piece of the mySAP options and is being further enhanced and developed. The result is SAP R/3 Enterprise, as the new version of SAP R/3.

There are heaps of reasons for “migrating” to a mySAP.com platform. A few of these reasons are:

  1. Create value in the new economic system wherein electronic commerce has an important function
  2. Effective and price discount in the relationships with enterprise partners
  3. Creating new enterprise lines
  4. Common access, with out set up to enterprise portals
  5. Implementing real and collaborative e-business
  6. Easy contracts, all accessible software can be utilized if wanted
The subsequent query is,What does it take technically emigrate and take benefit of the brand new e-enterprise platform? There is not a single answer however many, and all of it is dependent upon the character of the enterprise and the degree of integration and collaboration required, as properly as the general strategy of the corporate on know-how trends. However an example of a migration process coming from R/3 could be the next one.

  1. If it’s not already there, migrate SAP R/3 to a minimum of release 3.1I or higher, to latest releases equivalent to 4.6C.
  2. Build an idea for an Enterprise Portal (using, as an illustration, mySAP Workplace solutions).
  3. Build a concept and implement one or more of the Customer Relationship Administration solutions, as an illustration, Internet Gross sales, Mobile Sales, Buyer Interplay Center, or all of them.
  4. Implement a Data Warehouse solution (Enterprise Warehouse), which will be wanted to investigate information and feedback the the rest of e-enterprise solutions and therefore incorporate Enterprise Intelligence.
  5. Build a concept and implement one or more of the Provide Chain Administration solutions, for instance, the APO (Advanced Planner and Optimizer).
  6. Construct an idea and implement an e-procurement solution to streamline the buying and procurement processes. Take into account also the implementation or integration inside an e-marketplace.
  7. Integrate the parts carried out with the back-finish (ERP) systems.
  8. Construct the function idea for customers and business partners.
  9. Implement the Enterprise Portal and combine all implemented components.
  10. Provide customers and business companions with the data wanted for performing their jobs or their relationships.
This is simple to say, however not easy to achieve to its full potential. So the approach should be step by step, part to part, getting outcomes and advantages from every of the functions of the parts being implemented.

Introduction to ASAP

ASAP is the normal framework for SAP’s implementation of R/3 tasks and has been extended to cowl not only R/three, however other mySAP solutions, reminiscent of CRM (Customer Relationship Management), APO, or e-procurement (BBP). Within the context of the answer life cycle management, ASAP is the basic and more vital methodology for the implementation of advanced projects. Nevertheless, ASAP goes past just a methodology and supplies a giant quantity of its personal tools and utilities for simplifying the implementation process. ASAP can traditionally be complemented with SAP and SAP partners’ implementation services, comparable to coaching, support, consulting, and so on.

Though there are different ASAPs for the mySAP options, the final phases are fairly frequent to all of them, the main difference being the actions and duties for constructing the enterprise course of maps and the configuration options. So within the following sections, the generic ASAP is essentially introduced, with R/3 implementations as the core for the work packages and actions explained.The path proposed by SAP to succeed in the aim of getting a quick return on funding-that's, accomplishing a fast and price-effective implementation-is based on the idea of facilitating a quick implementation of mySAP purposes and guaranteeing the quality. To achieve a each quick and quality implementation, ASAP is predicated on the following issues:

  1. Clear definition of the mission, goals, and the scope of the project.
  2. A clearly defined venture scope is vital to adjust time planning and to strategy mission cost plans to actual costs.
  3. Enhance the feasibility of realizing an in depth planning at first of the project.
  4. Standardizing and establishing a single challenge or implementation methodology, as defined by ASAP itself.
  5. Making a homogeneous mission environment.
To understand these targets, ASAP gives the challenge staff with a technique, instruments, training, and providers, in addition to a course of-oriented venture plan known as the ASAP Road map.

The main tools supplied by ASAP are:

  1. Implementation Assistant
  2. World Question and Answer Database
  3. Business Engineer
  4. Data Corner

The ASAP solution set is delivered in a CD-ROM that is put in independently of SAP techniques, though it can be linked with them and might be available from the Solution Architect Portal. ASAP is launch-dependent and is consistently updated. SAP supplies periodic updates within the SAP Service Market, and in the newest releases, it is included inside ValueSAP.

Consistent with SAP strategy, the ASAP technique of implementation is positioned in conserving with the next aims and methods:
  1. ASAP is the mySAP implementation resolution straight developed and supported by SAP and partners.
  2. ASAP presents a preliminary planning of the resource needs-time, prices,individuals-based mostly on the initial buyer information and requirements.
  3. ASAP gives an optimum setting for quite a bit of totally different mySAP tasks, even improve projects.
  4. ASAP is aimed at and particularly fitted to those implementation initiatives the place the variety of changes to standard SAP purposes is reduced to a minimum.

The ASAP Road map is the challenge plan of the methodology. It’s a effectively-outlined and clear process-oriented mission plan, providing a step-by-step guide during the life of the implementation project. The Road map is made up of five main phases, each describing the principle work packages, activities, and tasks to achieve the anticipated results. Together with the activities and tasks, ASAP supplies all the process descriptions, instruments, training, services, and documentation that shall be useful for finishing up these activities. The next sections briefly introduce the frequent Road map phases.

Venture Preparation

At this primary section, mission preparation, the challenge mission and scope are defined. Some key problems with this section are:
  1. Define clear challenge objectives.
  2. Reach total settlement on challenge issues amongst concerned parties.
  3. Set up an environment friendly course of for making choices and resolving conflicts.
  4. Prepare the company for accepting cultural and process changes.

ASAP offers instruments, such because the Undertaking Estimator, which helps and guides the project staff utilizing predefined questionnaires geared toward firm upper management. Using the outcomes of those questions, consultants can consider the answers and supply a excessive-stage evaluation of the undertaking scope, in addition to an preliminary estimation of required resources and planning. That is the undertaking beginning point.

The finish result of this section consists of two essential documents in the implementation, the project charter and the detailed undertaking plan. The management crew or steering committee is answerable for evaluating such a plan and approving it if no objections are found. This may set off the beginning for the subsequent phase. ASAP pays specific attention to ensure the quality in the whole mission process and selections taken throughout the execution of this phase. Any error or wrong choices can negatively have an effect on the subsequent stream of the project and might produce delays, which suggests longer mission time and better costs.Thus Project Migration to mySAP is going to help us to do the job in a better way.

Related posts

sap internet transaction architecture
SAP internet transaction application components
Mysap market place introduction
Customer interface in mysap market place
MySAP environment security solutions
CALL FUNCTION PART FIVE
CALL METHOD
No comments :
Labels: MySAP , MySAP Market Place , SAP

My SAP Web Application Server What it is

SAP Web Application Server is amongst the primary technical foundations of the mySAP.com strategy and it is named as SAP WAS. It fully integrates Internet and Internet connectivity into the suite of the mySAP.com e-business platform. The SAP WAS is the platform of alternative for creating dynamic, scalable, and collaborative Net applications primarily based on the mySAP.com infrastructure.

The World Vast Internet know-how has utterly changed the business panorama in the final a number of years. With the intention to preserve tempo with this consistently altering environment, SAP has been providing Web-enabling applied sciences to its suite of products because the beginning of the Net era. But this is the first time that the Net method of doing issues will get totally built-in in the traditional SAP software server architecture. This achievement is of such importance that the main part of the SAP system, previously called SAP Foundation, is now known as the SAP WAS.

What Is a Internet Software Server?

When you consider all the elements of a Internet set up, it is easy to see that holding a very good development mannequin is form of a posh task. The ample selections of server operating programs, web page format kinds,Net embedded programming languages, database access and more, whereas giving an important vary of flexibility, have an implicit set of issues quite troublesome to take care of effectively. This is the purpose when an internet utility server comes to help us. It is common to speak about a three-tiered or three-layered structure as the muse of Net software servers. Those three layers may very effectively be summarized as follows:

  1. A presentation layer
  2. An application layer
  3. A database layer

For every of these layers, there must be a special program supposed to fulfill every process:

  1. A Net server program
  2. An utility server program
  3. A relational database administration system

This division of duties is often thought-about a nice way of separating different parts of a growth project as an alternative of an precise set up of software program (even if there are numerous products available in the market that attempt to mimic this division). The applying layer is the place where it is greatest to put the business program logic. The concept behind this separation is the easing of maintenance of programming and layouts and the avoiding of interference between the designing staff and the event team. Designs and layouts change fairly often within the Web, so a modification within the design should never affect the business logic within the application.

The database system offers the idea for knowledge storage and retrieval using some kind of query language, normally the SQL (Structured Question Language) if a relational database management system is in use. Different kinds of databases in widespread use at this time are techniques based mostly on directories, just like the LDAP (Light-weight Listing Entry Protocol).

Internet utility server usually as a system that integrates an surroundings to serve and develop Internet applications whereas separating program logic and presentation structure and providing a uniform and consistent methodology for data access.

The SAP WAS has the next traits with a purpose to fulfill this definition:

  1. A generic TCP/IP multithreaded server that is ready to implement different protocols with the utilization of plug-ins. The HTTP, HTTPS (HTTP over Secure Sockets Layer), and SMTP (Simple Mail Switch Protocol) protocols can be found in the meanwhile of this writing, but the hooks to program other protocols are there as a approach to depart the system open to additional enhancements.
  2. An entire development environment (the Object Navigator) based mostly on the SAP 4.6 Development Workbench that gives version management, transport requests, and concurrent work in a project.
  3. A improvement mannequin that gives a transparent separation between page structure design and program logic. The ABAP (Superior Enterprise Software Programming) language has been prolonged and now has objects that directly take care of HTTP requests and could be embedded inside HTML tags. The Server Facet JavaScript language for embedding inside HTML tags has been made obtainable; for the primary time, it's attainable to create an utility running inside a SAP system in a programming language aside from ABAP.
  4. A MIME (Multipurpose Web Mail Extensions) Repository offers easy tracking and maintenance of static documents and binary objects which can be related to a Net project. The MIME repository is used to add photos, sound or video files, PDF or Microsoft Workplace paperwork to a given venture, and so are components of its transports requests.
  5. The highly effective time-confirmed and well-established SAP Basis system provides the inspiration for reliable knowledge management. In conclusion, the SAP WAS is a whole system specifically optimized for the growth of Net-oriented purposes and is absolutely compliant with the accepted requisites for an optimum Internet application server design.
The Architecture of the SAP WAS

The know-how behind SAP Net Application Server may be thought-about as an improvement on the SAP application server know-how basis. Its aim is to offer a framework that will allow the SAP technological basis to process HTTP requests and requests coming from other Web protocols. This converts any SAP application server right into a full-featured Internet server that may immediately accept connections from Web shoppers and send responses to them. The SAP WAS can also work as a Net consumer, producing requests to other Internet servers and processing the responses sent again by them.

This enhanced functionality of the SAP WAS is dealt with within the SAP kernel by technique of a further process. This course of is the ICM (Web Communication Manager). From the interior SAP architecture, the ICM might be seen as a special work course of that's answerable for handling connection requests from exterior purchasers and creating requests directed to exterior servers when requested to by a program running in any of the work processes. It is designed as a multi threaded server, and it communicates with the relaxation of the work processes by memory pipes positioned in shared memory.



The ICM is an external course of that is launched by the dispatcher if the system is configured to take action in the occasion profile. The internal server architecture of the ICM is a relaunched pool of employee threads to allow optimum coping with a selection of simultaneous Internet requests. Their description is given as follows.
  1. Thread control. This thread accepts incoming TCP/IP requests and calls a worker thread (or creates one if there aren’t any accessible) to course of the request.
  2. Worker thread. This thread is in cost of dealing with the request and the response of a connection. The method in which a working thread will handle a connection is set by the plug-in. The plug-in will outline the protocol below which the processing of the connection is to be accomplished (HTTP, SMTP, or others).
  3. Watchdog. This thread is responsible of looking ahead to timeouts and idle time of working threads. If a timeout happens (normally when ICM is waiting for a response), the watchdog will grab the connection and inform the thread control that the working thread is free for different tasks and when a connection has been received.
  4. Signal handler. This thread will course of indicators despatched by the working system or from one other process.
  5. Connection info. This table will keep details about the state of every existing network connection, equivalent to reminiscence pipes or plug-in data.
  6. Reminiscence pipes. These are reminiscence-based mostly communication objects. They deal with the communication of knowledge between the ICM and the work processes. There are four pipes for each connection: one for the request, one for the response, one for control data, and one out-of-band pipe.
The SAP WAS Growth Mannequin

The SAP WAS is predicated on a Web-oriented improvement model. This mannequin has the next characteristics:

  1. Web page-based mostly development model. Which means that Web purposes are constructed around Net pages.
  2. Event-pushed model. The events are often generated by navigation actions taken by the user, equivalent to clicking on a hyperlink or pushing Submit buttons.
  3. Server side scripting. That is to say that programming code can be inserted in Internet pages. That is crucial for the dynamic generation of Internet content in response to person input. This code ought to normally be presentation-related code, and no enterprise logic must be in it.
  4. Event-associated programming code. This needs to be in handler programs supposed for that function. This additionally gives a method of eliminating presentation tasks from the programming language by leaving a lot of the presentation to the HTML layout.
  5. Static (non ceaselessly changing) objects and documents in non-SAP format. For example, Microsoft Office documents are saved in a repository so as to maintain monitor of them and to relate them to the application. The combination of all these characteristics is done around the BSP (Enterprise Server Pages). Truly, a BSP software is the conventional method of growing packages within the SAP WAS. BSP applications are normally not display screen (dynpro) based SAP applications; as an alternative, they're meant to be accessible not via the SAPGUI, but by a Internet browser.
The SAP WAS improvement mannequin additionally consists of predefined ready-to-use Net controls that are supposed to ease and provides a consistent side to Internet web page design. These controls are gathered together within the WCF (Net Control Framework) and embody programming constructions to create tables, kinds, buttons, and other presentation elements.

The basis for the Web-oriented growth mannequin inside the SAP system is the enhancement of the traditional ABAP programming setting with objects that enable the direct handling of low-level HTTP requests. This supplies an infrastructure for extending SAP Internet performance even outdoors the BSP application. Truly, the BSP run time is nothing greater than a giant ABAP program (the BSP processor) utilizing these Net objects. This extension of the ABAP language is the ICF (Internet Management Framework).

This development model has been introduced within the SAP system, adopting the applied sciences for Net improvement which were proven in other environments, notably the Microsoft IIS (Internet Info Server) ASP (Software Service Supplier) improvement mannequin and the JSP ( Java Server Pages) technology present in most modern Internet server programs.My SAP Web Application Server GIVES control over the flow in the best ERP.

Related posts

sap internet transaction architecture
SAP internet transaction application components

SAP authorization and client administration in mysap.com
SAP Authorization and ALE
SAP SCRIPTS PART 6
SAP SCRIPTS PART 7
SAP SCRIPTS PART 8
No comments :
Labels: ERP , MySAP , MySAP Market Place

Safety within mySAP Office and SSO

There is good safety features with in MySAP office structure using the SSO technology .Protecting the mySAP.com Office in opposition to attacks requires safety measures that must be based mostly on the Office structure and components installed.The mySAP.com Office gives customers a single point of access to all capabilities, information, and companies wanted to accomplish their each day tasks. Hyperlinks to back end and legacy applications, self-service functions, firm intranet providers, and Web providers are all available within the user’s Workplace. As a outcome of the borders between company intranets and the Internet are blurring, complete safety is vital to guard the companies’ businesses.

The security features used in the mySAP.com Workplace include:

  1. SSO, using both person identification and passwords or X.509 consumer certificates with the SSL Web protocol
  2. Position-primarily based authorization idea
  3. Simplified maintenance using central user administration
  4. Knowledge encryption utilizing the SSL protocol and the SAP SNC layer
  5. Secure business document trade with digital signatures

mySAP Office Role-Based Authorization Concept

The mySAP.com role idea relies on the SAP authorization concept.When users go online to their Office, they obtain the personalized LaunchPad, containing hyperlinks to the data and providers for his or her day by day work and MiniApps containing data from accessible applications. Right here, accessible purposes means functions that the person has the best to access. The customers’ personalized menus and the corresponding authorizations are assigned based mostly on the roles they have in the company. Central person administration helps in creating, assigning, and distributing roles and authorizations. Present activity teams might be assigned to roles. Users can individually design the content material of the Launch Pad and the MiniApps, but they cannot change the function definition for security reasons. Only directors can change the function definition to set actions and related MiniApps.

SAP Trust Center Providers

The focus of the SAP Belief Heart Service is to supply global one-step authentication and digital signature know-how for enabling collaborative enterprise scenarios.The trust infrastructure relies on already existing business relationships between SAP and its customers. The SAP Belief Middle supplies more belief than another existing trust heart as a outcome of others don't usually depend on current business relationships. This service supplies a smooth migration from password based authentication to certificate-primarily based authentication.

The Trust Center Service works with the customer’s inside mySAP Workplace to distribute digital certificates-referred to as SAP Passports-to individual users. The SAP Passport relies on the X.509 certificate commonplace and allows data to be encrypted and transmitted safely over intranets and open Internet connections. mySAP.com clients using the Belief Center Companies can ensure that solely licensed companions and workers are accessing information and conducting business in mySAP Marketplaces.

If SAP users wish to apply for a SAP Passport once they go surfing to their Workplace, their UID (person identification) and password is used. The Workplace server transfers the consumer as effectively as the company’s identification to the Internet browser of the user. The Web browser then automatically generates an asymmetric public/private key pair. After receiving and verifying the certificate request containing the user’s and the corporate’s id and the general public key from the Web browser, the Workplace Server approves the certificates request with its digital signature. The Internet browser then sends the accredited certificate request to the SAP Trust Center Service.

mySAP Workplace SSO

As was extensively defined , the mySAP Workplace provides an intranet and Internet portal, which drastically facilitates a large amount of providers, business processes, and knowledge for users. These companies and knowledge are offered by methods that could be each mySAP and non-SAP and would possibly every have different entry and administration policies.

One of the major benefits of the mySAP Workplace is the possibility of logging in solely once (SSO) to entry all services. This log in course of takes places within the Office system, and from there, the customers can work with the providers and functions as outlined of their role and that is perhaps distributed across completely different systems.Which means with the SSO, the customers can navigate by way of the totally different capabilities and providers from the Workplace without requiring to log in every time they access the completely different techniques that may be supporting the functions or providers provided.

This has obvious security considerations for techniques and for access restrictions. mySAP Office can resolve this security challenge with several totally different strategies:
SSO primarily based on user ID and password This method has the advantage of utilizing the prevailing authentication process in SAP R/3 systems. The customers log in to the Office and identify themselves utilizing the same username and password. Once accurately authenticated, the customers receive their personalized function-based menus. They do not have to further determine
themselves (in SAP systems).The mySAP Office supports two different SSO mechanisms based on user ID and password.

  1. SSO cookies
  2. SSO Tickets
  3. SSO primarily based on certificates (X.509). This method uses digital certificates to determine the person logging on to the Workplace.

The Workplace can be custom-made so that the SSO feature will not be enabled. In this case, the customers must authenticate in each system that they want to access.

SSO Cookies

To configure the SSO surroundings, the Workplace server gives the person identification to the rest of component techniques that make up the company portal. This is finished by utilizing a cookie that the system locates in the user’s Web browser. This cookie will doubtless be obtainable for the remainder of the techniques and is used to correctly establish the customers as they navigate through the element systems.When users log off of the Workplace, the cookie is removed and is not accessible for the Workplace anymore. When the customers need to join again, they should authenticate first.

The requirements for SSO are:

  1. The users will must have the identical username and password in each of the element methods accessed from the Workplace. If this is not the case, the customers must determine themselves in each of the methods they need to access.
  2. Users should configure their Web browsers in order that they will accept cookies. Normal Net browser configurations have this default setting. Nonetheless, if the safety options within the browser are set to excessive, then usually the browser doesn't settle for cookies.

There are also some restrictions to be considered:

  1. The SSO cookie is held on the person’s Internet browser memory. If the consumer closes the browser, the cookie is lost and the consumer has to establish if she or he desires to connect once more to the Workplace.
  2. The cookie expires after some time (default value is 60 hours). If it expires whereas linked, the system would require the person to authenticate once more within the Workplace.
  3. The SSO method using cookies works throughout the similar area (the Internet). It signifies that the cookies established by a Web server are only dispatched to Web servers which are in the same domain.
For safety reasons and ease of upkeep, SAP recommends that the Workplace Net servers be configured using the HTTPS protocol.

When a person first connects to the Office, the corresponding Net server (as defined within the Workplace structure) units a cookie in the user’s Internet browser. When the consumer accesses any of the component programs that are integrated within the Office (and for which he or she has access), the cookie saved in the Web browser is sent to the system. This cookie provides the goal system with the required consumer credentials for authentication and therefore for logging in (executing the report, transaction, or service).

The method circulate for identification utilizing SSO cookies is covered here.Two phases may be established:

Initial connection

1. The user enters the Office URL in the Internet browser or clicks on a link to it.
2. The request is sent to the Workplace server by the Workplace

Middle ware (Net server)

  1. The server requests the user to establish with username and password.
  2. The Office server validates the information. After validation, the
  3. Workplace sends the user its personalized role-primarily based menu, which is displayed in the Net browser, and the Net server sends the SSO cookie to the consumer’s Net browser.
  4. Access to the part techniques after initial connection:
  5. The Web browser sends the cookie to the system the person needs to access (it could possibly be utilizing each ITS and SAPGUI for Home windows).
  6. The target system verifies the person info that's contained in the cookie. If the knowledge is appropriate, the system allows the consumer to access without needing to authenticate once more . If the information is not right, then the system requests the person for log in information (username and password).
  7. Cookies are not dispatched to systems whose area is completely different from the domain of the Web server of the Workplace.
  8. Some safety settings which are out there and some default work for protecting cookies include:
  9. The cookies are solely sent to systems within the identical area as the Workplace.
  10. Cookies aren't persistent, which implies that they are not held on the workstation hard disk however in memory.
  11. Cookies include an expiration time (default is 60 hours). The parameter that sets this limit is user timeout. This parameter is set within the world service file of the Office Middle ware (ITS). This file is global.srvc.
  12. The cookies’ content is encrypted.
SSO Tickets

SSO Tickets enhance the safety of the SSO environment and get rid of some of the restrictions that apply to SSO cookies. SSO Tickets are cookies which can be saved in the browser as effectively, but the knowledge saved within the Ticket is completely different from the info stored in SSO cookies. If you're using SSO Tickets, customers must have the identical consumer ID in the entire techniques, however they aren't required to have the same password for these accounts.

In contrast to SSO cookies, SSO Tickets do not retailer the password of the user. The tickets include the ID of the consumer and extra session information. This information is digitally signed with the non-public key of the Office system. The part methods can use the public key of the Workplace server to examine the signature of the ticket.

The SSO Administration Wizard (transaction SSO2) assists you in organizing SSO with Tickets and may mechanically import the public key of the workplace server by means of RFC.

The method flow for identification using SSO Tickets entails two phases.

Initial connection:

  1. The consumer enters the Workplace URL within the Internet browser or clicks on a hyperlink to it.
  2. The request is sent to the Workplace server by approach of the Office Middle ware (Internet server).
  3. The server requests the person to establish with username and password.
  4. The Workplace server validates the information. After validation, the Office sends the consumer its customized position-based menu, which is displayed within the Net browser. The Office server creates the shopper’s log on Ticket, signs it with its personal key, and sends it by the Workplace Middle ware to the person’s Net browser.
Entry to the component programs after preliminary connection:

  1. The Web browser sends the Ticket to the system the user wants to access.
  2. The goal system verifies the Ticket with the general public key of the Workplace server. If the Ticket is correct, the user ID saved within the Ticket is used for logging on without having to authenticate again. If the information will not be right (for instance, the user has a distinct consumer ID within the system being accessed), the system requests the person for log in information (username and password).

SSO Primarily based on Digital Certificates (X.509)

Digital certificates work like digital signatures, as beforehand explained on this chapter. The public key certificates acts as the digital identification that authenticates a person or application.The certificates of a holder contains all of the required data for figuring out the digital signature (the normal public key) and the algorithm that can be used.

The data contained within the X.509 standard is:

  1. Normal info
  2. Version
  3. Serial quantity
  4. Validity period
  5. Certificate proprietor’s data
  6. Owner’s title
  7. Proprietor’s distinguished title
  8. Owner’s public key
  9. Hash algorithm used for the owner’s signature
  10. CA data
  11. CA’s identify
  12. CA’s distinguished identify
  13. CA’s public key
  14. Hash algorithm used for the CA’s signature
  15. CA’s signature

As a reminder to create a digital signature, the signatory has a pair of keys: one public, which is equipped to all goal or accomplice techniques, and one non-public, which is utilized by the signatory to generate the digital signature. Not one in all the keys must be obtained in any mathematical method from the other.The public key should be recognized to these methods or receivers in which the digital signature needs to be verified. Usually there is a particular entity referred to as the CA that securely generates and distributes these keys and assign them to users, servers, or signatories. It can be in comparability with the public administration in charge of offering passports to citizens. To digitally sign a document, the signatory makes use of her or his non-public key and the mathematical algorithm to process the document to be signed. The receiver of the digitally signed doc must verify the authenticity of the signature by using the signatory public key, which will have to have been previously received. Each the signature and the document integrity are verified in order to test that the content has not been modified in the transfer process.

There are a quantity of questions that can be deduced from this process. For instance:

  1. How do you know which public key belongs to whom?
  2. How do we obtain the normal public key from communication companions?

The answer is basically that the normal public secret's normally generated by a CA and supplies the pair of keys to a signatory by issuing a digital certificate, which accommodates the required information to ensure that the public key belongs to the correct person. This certificates is utilized by senders to identify themselves to other partners. The public secret's usually distributed by mail or through the use of other companies just like the X.500 Listing Services.

Use of Certificates in the mySAP Office

The user certificates utilizing the X.509 standard for connecting to the Workplace is processed and verified by the Internet server using the SSL protocol.With this kind of connection, there is not any want for getting into a username and password. Within the mySAP atmosphere, the CA is identified as a Belief Center. SAP has enabled its own Trust Center. As a outcome of the protocol used is SSL, the connection between the Net browser and the Web server must be HTTPS.When certificates are used for connecting different SAP system parts, such because the ITS W-Gate, the ITS A-Gate, and the Utility Server, it is essential to use the SNC protocol. The necessities are as follows:
  1. Set up a PKI or use a Belief Heart (CA) for getting the certificates.
  2. Configure the Web servers for managing HTTPS connections.
  3. Configure the Net servers for accepting person certificates.
  4. Activate and configure the techniques for utilizing SNC.
  5. Configure the mySAP systems for utilizing X.509 certificates.
  6. Establish the mapping between the person certificates and the usernames (identification) within the SAP systems.
  7. The users additionally should import or install their certificates within the
  8. Net browser.

Related posts

sap internet transaction architecture
SAP internet transaction application components

SAP authorization and client administration in mysap.com
SAP Authorization and ALE
CREATION OF SMART FORMS
CREATION OF SMART FORMS PART TWO
CREATION OF SMART FORMS PART THREE
No comments :
Labels: MySAP , MySAP Market Place , SAP , sap security

SAP Network Level Security

SAP Network Level Security gives enough protection for your network and data that is there in the world best ERP.Networks are the de facto backbones of computing. There is not any enterprise or collaborative software that may work without one. SAP programs based mostly on a client/server architecture aren't any exception. Starting with release 3.1G, SAP Foundation (R/3) systems now include the SNC interface, which may and, most often,ought to be complemented with third-party security products to additional protect community communications.When security fails at this degree, it is typically as a consequence of:

  1. There are too many unprotected network services.
  2. Network topology is poorly designed.
  3. There's little or no community monitoring.
  4. Routers, filters, or firewalls aren't appropriately configured.
  5. SAP router configuration isn't properly set.
  6. There is no automatic intrusion detection system.
  7. Data is simply not traveling in encrypted form.

Consequently, you see users, like hackers, or applications attempting to go browsing to unauthorized systems, users logging on to the improper servers, unbalanced system hundreds, or even sniffing. One instance of security violations in the community atmosphere is when end users go browsing on to the database server when it has an administrative instance. Another one is when the rlogin service is utterly unprotected and customers have logged on by way of the community and stopped the fallacious servers.It's the network directors’ duty to design and implement a safety community topology that takes into consideration an computerized monitoring and intrusion detection system.

Transport System Level Security

SAP has provided the CTS as an environment for coordinated customizing and group growth that protects the modification of objects and settings throughout an SAP landscape. Sadly, CTS is a facet of the SAP enterprise that is often under secured.When safety fails at this stage, it is typically because:
  1. System landscape settings aren't correctly configured.
  2. Repairs are freely allowed.
  3. There are no filters that management which objects are being transported.
  4. Authorizations aren't utterly implemented.
  5. Transport monitoring is simply not a periodic task.

Because of this, you see software failures, transport of copied packages without safety checks, or problems when upgrading your system.It's the process of the Foundation administrator, together with customers in charge of customizing and developers, to correctly set the system to primary security requirements and to define a safety policy that makes certain that there is some sort of filtering and monitoring throughout the CTS.

Secure Network Communications (SNC)

SAP’s standard SNC supplies safety for the communication links between the distributed elements of an R/3 system. SNC is built on the R/3 kernel primarily based on standard GSS API V2 and allows you to improve the level of your SAP security with external security merchandise: for instance, SSO, good card authentication,and encrypted communications. SNC can elevate your system to high security standards as a consequence of it may possibly cowl a number of layers, such because the presentation (authentication and SSO) layer, the distant communications layer, the community layer, and even the Web layer.

Distant Communications Level Security

The natural openness of the SAP methods and the limitless potentialities of speaking with and exchanging data between SAP and other programs requires stringent security evaluation from the viewpoint of exterior or remote communications primarily in the areas of the RFC and CPIC protocols, which are used in other interfacing strategies comparable to ALE (Software Link Enabled) or BAPIs. When safety fails at this degree, it is typically as a consequence of:
  1. The authorization system is poorly implemented for distant communications.
  2. RFC communications embrace the passwords in their definitions.
  3. There's scarce monitoring at the gateways.
  4. OS and community security is also weak.
  5. No encryption software has been used.

Consequently, you see surprising connections or program executions from different programs,software program failures, or entry to confidential information.It is the job of Foundation directors, together with network directors and builders, to implement normal security measures to keep away from leaving holes on the remote communication level.

Some commonplace measures embrace: don't create more RFC destinations than those mandatory, include AUTHORITY-CHECK within the programs that can be remotely known as, protect desk RFCDES, use customary interface strategies, periodically monitor the gateway server, be sure that the secinfo file exists, and others.

Document Transfer Level Safety

SAP security providers must assure the integrity, confidentiality, and authenticity of any sort of business documents corresponding to digital information, mail messages, and others. At this degree, SAP gives SSF mechanisms, which embody digital signatures and digital envelopes based mostly on public key technology. These mechanisms could be deployed using external security providers like digital certificates and digital envelopes.

When safety fails at this degree, it's usually because:
  1. Certificates and encryption aren't used or implemented.
  2. Non-public keys usually are not properly protected.
  3. There is scarce tracing and monitoring.

In consequence, you see paperwork intercepted by unauthorized persons or access to confidential information.It is the job of the Foundation administrators and knowledgeable security consultants with the help of the authorized division to define and implement secure mechanisms, like encryption strategies for protecting the safe transfer of documents.

Introduction to SSF

SAP’s commonplace SSF supplies the required help to protect R/three knowledge and paperwork as unbiased knowledge units. You need to use the SSF functions to “wrap” R/3 data in secure formats earlier than the info is transmitted over insecure communication inks. These safe formats are based on public and private keys using cryptographic algorithms.

Though SAP offers a Safety Library (SAPSECULIB) as a software program answer for digital signatures, in addition to commonplace support for SSF in sure software modules such as PDM or ArchiveLink, a high degree of safety is achieved solely when non-public keys are secured utilizing hardware units such as sensible cards.

Even supposing the communication infrastructure is perhaps well protected,additionally it is necessary to guard the non-public keys that are used in digital signatures and envelopes, because if this info is intercepted, the cryptographically strategy might be useless. This contains SAP components similar to the appliance servers when these act as the senders of the messages and therefore maintain the non-public keys.

In addition to the chance that exists in case the private key's identified to get into the fallacious fingers, it must even be considered that criminals will be focused on sabotaging the communications and could modify the public keys repository for the partners with whom the company programs communicates.

Defending Private Keys

There are two most important methods for storing and defending non-public keys:

Hardware The perfect answer for safeguarding SAP customers’ personal keys is the utilization of a person smart card for each user.With individual sensible playing cards, there is not any approach to reveal the non-public key that it holds. Additionally,the customers must identify in their sensible playing cards utilizing biometric means (such as a fingerprint, the attention print, and so forth ) or by means of a secret quantity similar to a PIN, a password, a query that only the user is conscious of, and so on. Users are accountable for securely preserving their playing cards and avoiding shedding them.

If this technique of defending private keys is selected, the businesses should develop a communication campaign so that users are informed of the importance of not sharing or letting others use their good cards. From the perspective of the server and as a means to improve performance, the advice is the use of a crypto box as a substitute of a sensible card.

Software The software resolution is not as protected as when particular hardware is used. If a file holding the keys is used, it is vitally important to guard this file from unauthorized accesses.

Defending Public Keys

If the safety products use an deal with book for holding the public keys, just as in the case of the personal keys, securely defending the information to avoid unauthorized entry or modifications is required. An alternate is to use certificates which can be issued by a trusted Certification Authority (CA) to grant the authenticity of these certificates.

There are already several countries that have regulated the use of cryptography and digital signatures. Nevertheless, these rules or legal guidelines generated an enormous amount of controversy and even change frequently. Some countries already accept the digital signatures as a valid proof of obligation and due to this fact they can be used for secure business.

Web Level Security




When safety fails at this stage, it is sometimes as a end result of:
  1. Safe protocols should not properly set.
  2. Encryption and certificates will not be used.
  3. Remote debugging of ITS will not be disabled.
  4. Service information are not protected.
  5. Firewalls and authentication might not be correctly configured.
  6. Security measures at Internet servers are weak.
  7. Monitoring is scarce.

Consequently, you see many varieties of attacks on Internet servers which may make methods unavailable or compromise essential information.It is the job of the Foundation administrator, network administrator, and Net administrator to set in place a system design for implementing the best security measures to guard towards attacks to the SAP techniques that are tightly related to the Internet.

A comprehensive security technique limits entry at each of these security layers to only approved customers or licensed exterior systems. It additionally accounts for the overall system panorama: growth methods, the quality assurance system, the productive system, and the CTS that operates between them, along with any connected complementary programs, whether or not they belong to the SAP Business Framework (or Web Enterprise Framework) structure or not. You want to be positive that certain protective procedures are set in place to protect in opposition to insecure packages or Trojan horses which will journey from one system to another.

Logging and Auditing

Finally, a safety infrastructure must include sturdy logging and auditing capabilities,the mechanisms you will want to monitor and enforce your safety policies.Logging and auditing deal with the efficiency of the safety measures and the capacities of the system for detecting weaknesses, vulnerabilities, and some other security problems. There are logging and auditing services in the SAP security infrastructure at each level. These amenities are applied primarily in the Security Audit Log, the AIS (Audit Data System), the safety alerts inside CCMS, and the Customers and Authorization Data System (SUIM). These tools are complemented by other logging services like those obtainable on the operating system level, database auditing statements, network and Web monitoring and management, and others.

The issue of monitoring the entire SAP safety infrastructure is that there is no single instrument for doing it automatically, although the evolution of the CCMS and the AIS tools make us think that it'd happen.Thus SAP Network Level Security gives enough safety for the data and people,companies that are connected through worlds best ERP.

Related posts

sap internet transaction architecture
SAP internet transaction application components
SAP security authentication and authorization
SAP security infrastructure for data productionSAP safety infrastructure
Outbound process with out message control with scenario
With out message control edi with example
EDI with message control scenario with purchase order and part two
No comments :
Labels: MySAP , MySAP Market Place , SAP

SAP Security Infrastructure for Data Protection

SAP security infrastructure gives a good protection for the data that is existing and updated in the database. SAP programs safety typically is just seen as the implementation of the authorization/role concept. However, SAP options based mostly on open multi tiered client/server and Net-primarily based architecture embrace many parts that can alternate or are used for exchanging knowledge and information with other elements, applications, or systems. Each of the weather needed for the communication and change of information is a layer of the SAP safety infrastructure also identified as a safety service.Safety should be addressed in any respect of these layers. Here is an introduction to every of them, which will most likely be further covered in following sections.

Presentation level This level is represented by all types of front ends used for accessing mySAP systems. This is typically the SAPGUI for Home windows, though different options can be found, such because the SAPGUI for HTML, the short cuts, Session Managers, and other entrance ends that can be programmed with the SAP Automation and different utilities. At the presentation degree, the primary security service is the Person Authentication.

Application level This degree contains the appliance logic that is run by the ABAP programs. The position-based mostly and authorization concept is the foremost security service located at this level.


SAP databases These are the containers of all the business information, as properly as the metadata, data models, and object repository. They should be protected in opposition to unauthorized accesses, which can come from direct or remote accesses. It is extremely important to recognize and defend probably the most crucial system tables. This is the extent of information access protection.

Network The community is the defacto spine of computing, and there isn't a enterprise or collaborative utility that can work without it.mySAP techniques are a posh set of networked servers and purposes each inside and outdoors the companies. As such, the network is the enabler that have to be protected. Since SAP R/3 release 3.1G, the system contains the SNC interface that might be complemented with third-get together security merchandise to additional improve and protect the mySAP community communications. The community is situated at the entry safety level.

Distant communications The natural openness of the mySAP programs and the infinite prospects of communicating and exchanging information between them and other programs requires additionally a safety analysis from the standpoint of exterior or distant communications, mainly in the areas of the RFC and CPIC protocols which are utilized in other interfacing techniques, such because the BAPIs (business utility programming interfaces).

Internet The Web represents the biggest alternative and natural marketplace for e-business and, on the same time, the riskiest place if safety measures aren't in place. mySAP techniques are extensively based mostly on Internet know-how and are Internet enabled. Web safety is very intensive and would require a book on its own. In the case of mySAP systems, care should be particularly taken using firewalls, defending the ITS servers, and utilizing SNC and different cryptographic technologies.

Working system The mySAP answer naturally consists of a large assortment of software applications. Entry protection to SAP records data and directories and the operating system commands should even be correctly in place.Moreover, safety should additionally address the general system panorama: growth system, quality assurance system, productive system, and any linked complementary system, whether belonging to the SAP Enterprise Framework structure or not. Safety also implies the CTS.

All safety facets on mySAP methods elements are based on restricting the access to each of the system’s layers to approved customers or licensed exterior programs only. A safety infrastructure must additionally embody all of the logging and auditing possibilities because these mechanisms are required for monitoring and enforcing the safety policy.

Commonplace Safety on SAP Programs

The mySAP programs embrace many safety features, the majority of which aren't typically utilized in most customers’ installations. On one hand, it is straightforward to suppose that with a function to reach SAP techniques, you have to first leak into the network, the working system, or the database. Although generally that is true, additionally it is true that if inside threats are considered, normal security measures will definitely not be enough.

The SAP Basis Middle ware (R/3) consists of basic and generic security measures primarily based totally on passwords for person authentication, in addition to the authorization concept for person entry to enterprise information and transactions. However SAP Basis comes with other highly effective security features comparable to assist for SNC, SSF, and digital signatures, permitting using exterior security merchandise, SSO options, good playing cards, and plenty of different choices to go properly with the needs of essentially the most exigent companies and chief security officers.

Improving SAP Normal Safety

In the occasion you understand the safety elements and infrastructure, there is a lot you can do to improve the R/3 methods’ safety without compromising the conventional person’s operation. You can enhance security by:

  1. Designing and implementing a safe methods infrastructure by means of firewalls, settings, password insurance policies, and parameters
  2. Setting probably the most appropriate values for security-related instance profile parameters
  3. Using exterior safety products
  4. Establishing a safety policy and effectively communicating it
  5. Making a security guidelines that can be periodically tested both manually or routinely so you'll have the option to consider the efficiency of your safety coverage
  6. Enforcing the security policy by the use of logging and auditing ? Monitoring security alerts and finding threats
  7. Establishing a process for fixed update of the safety policies The Multilayer SAP Safety Infrastructure

These layers should inter operate to type a cohesive security strategy. That cannot happen except you understand what each layer is meant to do.

Security at Presentation Stage

Presentation degree security addresses all types of entrance ends used for accessing SAP systems. That is typically the SAPGUI, although other choices can be found, such because the SAPGUI for HTML, SAPGUI for Java, the short cuts, the mySAP.com Workplace, the Session Supervisor, and different front ends or log on applications that might be programmed with SAP Automation and different utilities. The primary safety service on the presentation stage is person authentication. When safety fails at this degree, it's typically because:

  1. The safety policy is weak, not effectively communicated or enforced, or not existing at all.
  2. The profile parameters that enforce primary safety measures aren't set.
  3. The passwords of standard users have not been changed.
  4. Primary protection measures on the workstation aren't taken.
  5. Superior safety methods resembling SNC, SSO, consumer certificates that allows encryption, or good log in devices have not been implemented.
  6. Safety auditing and monitoring is scarce.

Because of this, you see unauthorized users logging in with privileged person accounts, many unsuccessful log on makes an attempt or users utilizing different people’s accounts. It's primarily the job of the Foundation administrators and user administrators, together with the IT division and the security manager, to define a clear authentication coverage, to set in place all the standard SAP security measures, and if wanted, to add any superior measures to protect the system at the presentation level.

Application Stage Safety

Security at this stage addresses the application logic that's run by the ABAP programs. Here the principle security service is the person authorization idea, which grants or denies entry to business objects and transactions primarily based upon a consumer’s authorization profiles.When safety fails at this degree, it's typically as a outcome of:
  1. The authorization system has been poorly implemented.
  2. Crucial authorizations haven't been defined.
  3. Local development did not embrace appropriate authority checks.
  4. Administration of authorizations and profiles are not correctly distributed and protected.
  5. The person and authorization info system is never used.

Because of this, you see unintentional transaction executions by unauthorized customers, efficiency problems, display or modification of confidential information by unauthorized customers, or even deletion of vital data.

Several occasions, it happened to me that a user who was not imagined to have such an authorization had unintentionally deleted or modified components of the quantity vary table (NRIV), and due to the legal implications of this, we needed to make some extent-in-time recovery of the entire system.

It's the application administrator’s job to define which users have access to what information and transactions. These definitions must later be technically implemented by the consumer and authorization administrators. It is also crucial that every developer follows a programming methodology that includes safety checks.

Security on the Database Level

The SAP methods’ databases are the containers for all the enterprise info and the metadata, data models, and object repository. They have to be protected towards unauthorized accesses. At this level, security providers should grant entry protection to R/three data.When security fails at this degree, it is usually as a consequence of:
  1. Customary passwords have not been changed.
  2. Access to the operating system isn't properly protected.
  3. Distant entry to the database is not secure.
  4. Auditing has not been activated on vital tables.
  5. The authorization system at SAP stage is poorly implemented.

Because of this, you see modifications on the database level that compromise system integrity and consistency, uncontrolled access to confidential information below the appliance stage, or system unavailability. In certainly one of my buyer installations, the operator began a table space reorganization instead of adding a new data file to a table space. The system was stopped for some hours. It is the job of the database administrators, together with the OS system managers and the Foundation directors, to take applicable security measures at this level. A variety of the measures are altering the passwords of privileged database users, protecting SAPDBA with expert mode, proscribing exterior distant access to learn only mode, auditing essential tables, setting the S_TABU_DIS authorization object accurately, and others.

Operating System Stage Security

Safety companies must assure entry safety to SAP information and directories, as well as the operating system instructions and programs. At this level, security providers are provided by the operating system features themselves. When safety fails at this level, it is usually as a consequence of:
  1. Permissions on records data and directories will not be properly set.
  2. The password and consumer coverage at the OS stage is static and widely known.
  3. Logging and monitoring is scarce.

Consequently, you see deletion of essential system and utility information, software program malfunctions, or experience unavailability.It's the job of the working system manager to implement security measures at the operating system and to monitor the principle log record sdata of the audit system. Some measures to incorporate: implementing a security password coverage on the person degree, not creating unnecessary users or providers, monitoring SETUID packages, setting ACLs (Entry Control Lists) in crucial records data and directories, and defending exterior instructions from being executed from SAP.

Related posts

sap internet transaction architecture
SAP internet transaction application components

MySAP environment security solutions
SAP security authentication and authorization
Marketing and erp mysap crm options
Organizational Challenges with crm and mysap crm solutions
No comments :
Labels: MySAP , MySAP Market Place , SAP , sap security

SAP Security Authentication Authorization Cryptography

SAP Security Authentication is the method that's used for verifying that users, applications, or companies are literally who they say they are. Authentication is the cornerstone of any safety infrastructure or technology.SAP’s standard user authentication verifies a consumer’s identification by manner of using log on passwords. Unsuccessful log on makes an attempt will trigger the session to terminate and activate user locks. As normal security measures, SAP supplies a quantity of log in profile parameters and an initial set of password guidelines which you'll be able to increase based on your needs. Normal safety measures already present a average to high degree of protection. Person authentication applies mainly on the presentation degree, but a breach will affect other layers as well.

Limitations on SAP commonplace authentication have to do with the authorized export rules of different countries when together with encryption software program and algorithms. SAP overcame these limits by together with SNC in the kernel.

Extra safety measures to boost your system to the very best safety degree embody:

  1. Utilizing exterior security merchandise that assist encryption. Any such merchandise, nevertheless, should be SNC compliant .
  2. Utilizing techniques equivalent to client certificates or log on tickets for Net consumer authentication security. Nonetheless, these strategies can solely work if other security layers, such because the community and the Web, are also properly protected over secure protocols resembling SSL.

Smart Card Authentication

SAP’s customary good card authentication allows a safer authentication process.The customers use playing cards, sensible playing cards, as an alternative of passwords to go online to the safety system.No password information is transmitted over the communication lines. As a outcome of the smart playing cards are sometimes protected with a password or PIN, it's much more difficult for someone to compromise a user’s authentication information. The utilization of hardware gadgets comparable to sensible playing cards is often configured utilizing an external security system based mostly on the SNC interface. The sensible cards that can be used for log in to the mySAP Office are actually holders of the personal keys of customers, in order that they work as digital certificates that authenticate the holder.

Authorization

Authorization is the method that is used for determining what accesses or privileges are allowed for users. Authorizations are enforced by the use of entry controls, that are in cost of restricting person accesses.

SAP’s Person Authorization Concept

SAP’s normal Consumer Authorization secures consumer access to business knowledge and transactions,making certain that only preauthorized customers gain access to data and processes.Consumer authorizations are outlined by authorization directors in coordination with key enterprise users in authorization profiles which are stored in the SAP user grasp records. An preliminary set of authorization profiles is predefined by SAP; you can modify or add to those profiles and you can use the Profile Generator to create new profiles routinely primarily based on user activity information. Authorization applies mainly to the applying level, but distant communications, operating system instructions, and the CTS (Change and Transport System) should even be taken into account.

The SAP authorization system may be very comprehensive, but it surely arduous to implement totally to attain the strictest safety standards. It is arduous to implement and maintain as a outcome of it has quite quite a bit of organizational tasks the place customers, key customers, managers, and technical consultants are involved. Due to this fact, it's a should to audit and monitor important system authorizations. The SAP online documentation and the SAP safety guide provide a very good basic understanding and methodology for implementing the authorization concept.

You presumably can improve the security stage of SAP’s Person Authorization system by together with well-outlined creating requirements together with a excessive quality management that filters applications that do not implement the mandatory safety and authorization checks.

Privacy

Privacy is the process that can be utilized for ensuring that data or data sent over a network or communication line is not accessed or read by unauthorized persons. A normal approach of granting privace is by using cryptography technology. Both authorization and privateness ensure the confidentiality of knowledge and information. Within mySAP landscapes, privateness can be thought-about the best security stage that can be set by technological means. It might be enforced via digital signatures, digital envelopes, and the utilization of the SNC and SSF components.

Integrity

Integrity is the process that verifies that nothing or no one modifies data from a supply to a target. Much like the privacy within mySAP landscapes, integrity can be enforced by means of digital signatures, digital envelopes, and the usage of the SNC and SSF components.

Proof of Obligation

Obligation, or proof of obligation, is necessary for confirming and guaranteeing that a enterprise message is appropriate so it can be thought-about a enterprise transaction between business partners. For this reason, in electronic commerce, there have to be enough security mechanisms to ensure the non repudiation of business messages.

Auditing

Auditing is the method of gathering and analyzing security data for verifying that the safety coverage and rules are complied with. Accounting is a method of measuring or restricting the use of system resources and, as such, is a type of authorization.

Cryptography


Cryptography is the technique primarily based on mathematical algorithms and different strategies to encode information, thus stopping it from being learn or disclosed. Cryptography is usually defined because the science of secret writing.SAP’s encrypted communications secure the change of important data. This is an necessary safety aspect in e-commerce communications. You have to use SAP’s SNC or SSF options and the SSL (Safe Sockets Layer) protocol to encrypt the information being transferred over HTTPS connections. Data encryption ensures that the data being exchanged is secured end-to-end and protected against being intercepted. SAP doesn't instantly embrace encryption software within their options, nevertheless it offers the potential of exterior security merchandise that are compliant with SNC and SSF, so it may be used for authentication, Single Signal-On, digital signatures and envelopes, and so on.

If safety measures aren't taken severely, the manipulation and disclosure of info or digital paperwork is comparatively easy with the assist of the current technology. Most of the advanced safety measures are primarily based on cryptography technologies. The following sections focus on common matters in fashionable cryptography utilized to info technology.

Public Key Cryptography

Public key cryptography relies on mathematical functions in a single path, which means that it is not possible to reverse the results. With one of these system, every person who originates communications or messages has two keys:

  1. A personal one that is secret
  2. A public one that's distributed to communication companions

Every message that's dispatched with one key can solely be decrypted using the opposite key.Let’s make an example of how this system works. For example, suppose that these keys are the keys for a wood box. From one of the keys there's solely a master copy that you have stored securely, from the opposite one you will have as many copies as you need and also you give them to all of the individuals who need to talk with you. The messages are bins which have two locks (one opens with the key key and the other one opens with the public one), with the special feature that if the field is closed using one of many keys, it could only be opened using the opposite one. Due to this process each communication associate has its own personal key and the normal public keys from other partners.

If a person (sender A) wants to ship a personal message to a different person (receiver B), the process would be as follows: the sender will introduce the message in a field, which would be locked with the normal public key of the receiver so that solely the receiver will have the flexibility to open it with a private key. Then there is the next query: Once the message is acquired, how does the receiver is aware of that the message comes from the person (sender A) and not from one other person who has the public key? This is the form of drawback that digital signatures attempt to solve.

Digital Signatures

Digital signatures are special appendixes which would possibly be added to the digital paperwork to show the authenticity of the origin and the integrity of these documents. A digital signature is equivalent to the traditional handwritten signatures on paper documents. When someone tries to illegally modify a handwritten signature, it often leaves clues that can be detected by physical means. That is normally what guarantees the authenticity and integrity of data and knowledge contained. The digital signature must guarantee the same elements, though utilizing technological
means. The primary necessary point is that every digital signature can be completely different in each document, in every other case, it could be fairly simple to repeat and falsify them. Because of this the digital signature will depend upon the document that is being signed utilizing a mathematical operate in order that this relationship permits for a later verification of the validity and authenticity of the document.

The impossibility to falsify any sort of digital signature is based on utilizing characteristics or data owned by the sender (the one which signs). Each time a person uses its analogical (handwritten) signature, it generates a really similar graphic using its inherent graphological characteristics. In the case of digital signatures, the signatory uses its secret non-public key. This might be a very secure mechanism, as a end result of even if the message is intercepted and someone wants to modify its content, he or she should additionally modify the signature. That can't be carried out with out knowing the secret personal key.

So as to guarantee the security of the digital signatures, it's required that the digital signatures have the following characteristics:

  1. Unique. Only the signatory can generate digital signatures.
  2. Unfalsifiable. In an effort to distort the signature, the felony should resolve very complicated mathematical algorithms (considered computationally protected).
  3. Verifiable. They should be simply verifiable by the receiver or by a competent authority.
  4. Non deniable. The signatory can't deny its own signature.
  5. Feasible. They need to be easily generated by the signatory.

Several different protocols based on non-public key cryptography had been proposed in normal organizations. Nonetheless, currently it has been concluded that the normal public key cryptography is safer. Digital signatures in use and in protecting with the above traits are based mostly on the RSA signature and the DSS (Digital Signature Standard) signature.

In certain countries, digital signatures can already be used legally as in the event that they have been handwritten. When it comes to security this implies proof of obligation and non repudiation.Because of this, using digital signatures based mostly on PKI can increase the system
to a excessive degree of security.

Cryptography within the SAP Programs

Since release 4.0, the SAP Basis (R/3) systems embrace the SSF mechanisms as mechanisms for protecting a variety of the data inside the system. The SAP functions can use the SSF layer for securing the integrity, authenticity, and privacy of certain data. The key point of the SSF is that the info remains to be protected when it leaves the SAP systems. The first applications using SSF are:

  1. Production Planning-Course of Trade
  2. Product Information Administration
  3. Archive Link II

SAP is committed to providing additional functions that support SSF. SSF makes use of digital signatures and digital envelopes for securing the data. The digital signature identifies the sender and ensures the data integrity, whereas the digital envelope ensures that the message can only be opened by the receiver. Besides these features, the SSF consists of others which are quite related and vital for digital transactions:

  1. SSF is asynchronous. The creation, transmission, reception, processing, and confirmation of business transactions are completely different steps that can happen at totally different instances with out locking or affecting the purposes in cost of the process.
  2. Independence of the transport. It ought to be potential to use completely different switch mechanisms, comparable to public networks, Web, online providers, magnetic disks, and so forth, as well as totally different protocols and communication companies equivalent to HTTP, FTP, e-mail, EDI, and so on.

With a purpose to perform these features, SSF requires the use of a 3rd-get together safety product. Since launch 4.5 of SAP R/three, the system includes the SAPSECULIB (SAP Security Library) as default supplier for SSF services. SAPSECULIB is a software program answer, however the performance is limited to digital signatures. With a function to help specific cryptographic hardware such as smart playing cards or for supporting digital envelopes, SSF needs to be complemented by an exterior product that must be licensed by SAP.

To make use of digital signatures effectively, it's vital to hold up a PKI. As a result of there's not an accepted worldwide PKI yet, this infrastructure is required to be established in a secure supplier domain. Digital signatures can be found in SAP methods and the SAP Enterprise Connector and can be utilized to safe business paperwork in mySAP.com.

SAP’s standard digital signatures authenticate the R/3 knowledge that's being transmitted and ensures that the senders (signatories) could be clearly determined. The subsequently assigned digital envelope ensures that the data contents will only be visible to the meant recipients. On SAP methods, digital signatures are primarily based on SSF.

SSO (Single Sign-On)

With SAP’s customary SSO answer, customers must enter their passwords only as quickly as after they initially go online to the security system or the working system. The safety system then generates “credential” info in order that the users can later automatically log on to different systems, such as R/3 or other mySAP element programs, with none password information being transmitted over the communication lines.With SAP R/3 and further with the mySAP.com system, there are many possibilities for SSO, though not all of them present the same level of service. Some
of these features are:

  1. Exterior security product that’s compliant with the SNC interface
  2. Makes use of central administration
  3. Trusted systems
  4. Windows NT safety supplier
  5. Cookies
  6. Client certificates (X.509)
  7. Integration with LDAP servers
  8. mySAP log on tickets

LDAP (Light-weight Listing Entry Protocol)

LDAP is a listing entry protocol that provides outlined criteria to search, read, or write inside a directory. Recognized for a really lengthy time (for instance, Novel Listing Services NDS, Netscape Directory Server), directories are having a comeback with the introduction of PKIs that require a LDAP server to retailer the users and certificates and have them accessible for search and verification requests. Additionally, Microsoft launched LDAP performance with the brand new Windows 2000 OS and its capability to use Lively Directory Services.

Single Sign On Protocol

HTTP is the default protocol for transferring files within the World Huge Web. HTTP transports Web sites as plain-text information, so it is doable that a third get together having access to the network can learn or alter the info sent. The protocol has no proper mechanisms to make sure authentication and confidentiality for the data. For that goal, SSL encryption can be used. The HTTPS protocol transfers HTTP over an SSL connection. HTTPS affords choices to encrypt the information and to establish the opposite celebration by its digital certificate.SSL and HTTPS provide confidentiality and integrity of the info transmitted and authentication of the user.

  1. Confidentiality is ensured via strong encryption. The information transmitted can't be decrypted by anyone other than the meant recipient and is unreadable to 3rd parties.
  2. Information integrity ensures that a third celebration did not alter information sent by the network.
  3. Authentication is offered by means of digital certificates, which are very tough to falsify.

When an HTTPS communication is set up, shopper and server first agree on a protocol model and define the encryption algorithms. Then they authenticate every different and use encryption strategies to generate the session information.The following steps present an outline of the steps required to set up a HTTPS connection:

  1. The client sends a request to the SSL-enabled server.
  2. The server sends its public key and its certificate to the client.
  3. The client checks whether the certificate of the server was signed by a certificates authority whom the client trusts. In another case, the shopper will abort the connection to the server.
  4. The shopper compares the data from the certificates with these it just received concerning the server: domain title and public key. If the knowledge matches, the shopper accepts the server as authenticated. At this level, the server would possibly request a certificates from the client as well.
  5. The consumer creates a session key, encrypts it with the basic public key of the server, and sends it the server.
  6. The server receives the session key and decrypts it with its non-public key.
  7. Shopper and server use the session key to encrypt and decrypt the data they send and receive.
Related posts

sap internet transaction architecture
SAP internet transaction application components
MySAP Office Fundamentals
SAP authorization and client administration in mysap.com
SAP Authorization and ALE
Authorization and implementation of SAP
Mysap market place introduction
Customer interface in mysap market place
MySAP environment security solutions

Previous PostsABAP INTERVIEW ROUND ONE FAQ'S PART TWO
ABAP INTERVIEW ROUND ONE FAQ'S PART THREE
ABAP INTERVIEW ROUND ONE FAQ'S PART FOUR
ABAP INTERVIEW QUESTIONS ON INTERNAL TABLE
ABAP INTERVIEW QUESTIONS ON REPORT FORMATION AND EVENTS
ABAP INTERVIEW QUESTIONS ON MODULARIZATION
ABAP INTERVIEW QUESTIONS ON BASIS LAYER
ABAP FAQ'S ON RFC
ABAP OPTIMIZATION
SAP ABAP CROSS APPLICATIONS

Money Investing Issues

Money management techniques debt problems and solutions
Managing debt crisis and bankruptcy solution
Money investing sentiments and brain role
Basics of investing in mortgages
Refinancing mortgage with best loan officer
How much money you need to invest to satisfy goals
Comparison of conventional and roth IRA Invest money in 401k and 403b roth and conventional
401 k and 403 B Minimum distribution rules
No comments :
Labels: MySAP , MySAP Market Place , sap security
Subscribe to: Posts ( Atom )