Академический Документы
Профессиональный Документы
Культура Документы
Installation
Database ID
Database system
Database release
SAP release
SAP has embarked on a project to enable its customers to establish secure connections to SAP over the
Internet for support purposes. Currently, SAP offers two alternative ways to connect to the Support
Network over the Internet:
SAP has implemented a functional subset of the Remote Customer Support Network services in an
Internet DMZ (demilitarized zone) in SAP AG, Walldorf. With this infrastructure in place, the suite of
Remote Customer Support Network service offerings is accessible over the Internet.
Property
Internet VPN
Hardware
requirements
Software
Network
1 official static IP address for
addresses
SAProuter
(besides address
of Internet router,
firewall, )
Configuration
issues
firewall
Encryption
By software
Encrypted data
TCP packets
IPsec (IP packets)
Only the data stream between
Encryption is handled on IP layer
SAProuters is encrypted
(OSI network layer 3)
Encryption is handled on Application
layer (OSI network layer 7)
Minimum
required free
bandwidth
Supported
All except FTP (files download)
services on SAP
side
By hardware
64 kbit/s
Key managementDigital certificates being requested via Pre-shared keys provided by SAP,
Service Marketplace Public Key
later Public Key Infrastructure (PKI)
Infrastructure (PKI)
Key storage
In file system
Additional
expertise
Standards
In VPN switch
VPN switch has a very small and
limited operating system, thus no
additional security hardening is
required. The SAProuter machine is
not reachable from the Internet, thus
the risk of hacking is much less.
However, security hardening measures
at the SAProuter operating system
level are also recommended
In this project Internet VPN was selected over SNC for the following reason
VPN using IPsec is industry standard and have better encryption
FTP is not possible with SNC.
Requirement
[Router]
sapserv1=/H/xx.xx.xx.xx/H/yy.yy.yy.yy/H/
Where xx.xx.xx.xx is SAP router at customer site
[Message Server]
O01=oss001.wdf.sap-ag.de
Click groups
System ID O01
Message server oss001.wdf.sap-ag.de
SAP Router for sapserv1