Академический Документы
Профессиональный Документы
Культура Документы
Further, a directory service acts as the 1. Simplifies management tasks: Integration Highlights
main switchboard of the network operating
system. It is the central authority that The mySAP.com system can use directory ■ Using SAP Central User Account
manages the identities and brokers the services to detect SAP R/3 systems and Management in conjunction with
relationships between these distributed their services such as the application Active Directory enhances security
resources, enabling them to work together. servers, message servers, database, concepts
Because a directory service supplies these gateway service, and ITS instances. This
fundamental network operating system enables enterprise-wide information about ■ Active Directory for both the
functions, it must be tightly coupled with installed systems to be viewed and "Corporate" and the "Portal"
the management and security mechanisms accessed at a single central location. directory server saves management
of the operating system to ensure the The SAP R/3 Version 4.6 C MMC snap-in and implementation costs
integrity and privacy of the network. It also is the first component to use information
plays a critical role in an organization's provided by directory services. In addition ■ SAP systems can share information
ability to define and maintain the network to providing a central view of all SAP with other systems by using the SAP
infrastructure, perform system administra- systems in your landscape, the MMC LDAP connector
tion, and control the overall user experience snap-in provides interfaces to stop/start
of a company's information systems. and monitor the systems. SAPGUI for ■ SAP LDAP connector enabled SAP
Windows can use the Active Directory programs can read information from
Active Directory integration with server to obtain a list of SAP systems. This and write information to Active
mySAP.com offers customers many advan- saves the trouble of having to manually Directory
tages. maintain SAP destinations and files like
■ Simplifies management tasks SAPLogon.ini.
■ Strengthens network security
■ Makes use of existing systems through Using the Active Directory group policy
interoperability feature, administrators can update and
deploy the SAPGUI and other SAP appli-
cations to user desktops. For organizations
wishing to use Single sign on with SAP
GUI, a special MSI package is delivered
Single Sign on SAP System by SAP. This package can be automatically
Management
deployed to all relevant users automatically.
SAP Central user SAP Portal roles
Administration and context
Using Active Directory with Central Using the Active Directory with
User Administration 6.10 SAPGUI
SAP Central User Administration (with SAPGUI (version 4.6D and above) can be
Web Application Server 6.10) allows the configured to find SAP R/3 systems and
administration of the whole system land- its message servers from the directory
scape from one single central system. All instead of using a fixed list of systems
user data is maintained centrally although and message servers in the sapmsg.ini
Active Directory Manageability local maintenance is still possible. configuration file. If SAPGUI is configured
to use the LDAP directory, it will query
■ Active Directory centrally manages the directory each time Server or Group
Windows users, clients and servers Central User Microsoft Active
selection is used to get up to date infor-
through a single consistent Administration Directory Services mation about SAP R/3 systems.
management interface, reducing
redundancy and maintenance 2. Strengthens Network security:
LDAP
costs synchronization
One of the most important architectural
■ Group Policy allows administrators advantages of Windows 2000 Server is
to define and control the policies the integration of Active Directory and its
governing groups of computers advanced security features that enable a
and users within their organization new level of data protection.
■ Active Directory lets administrators Single Sign-On for seamless and secure
automatically distribute applications network authentication
to users based on their role in the SAP supports various single sign-on
company mySAP.com Applications:
options for the Microsoft platform includ-
R/3, CRM, BW ing Kerberos, NTLM and X.509 certificates.
■ Active Directory Service Interfaces These single sign on options are
greatly simplifies the development supported by the SAPGUI for Windows,
of directory-enabled applications, In Central user administration, the SAP the mySAP™ Enterprise Portal, SAP
as well as the administration of HR system can use directory services to Internet Transaction Server and the new
distributed systems make personnel data in the mySAP.com SAP.NET Connector.
components available to other appli-
cations. Employee information that may The following are some of the ways in
Active Directory Security be of interest can be stored on the which Active Directory strengthens security
directory server and retrieved by other in an SAP environment:
■ Supports logon via smart cards for applications as necessary. For example, ■ It improves password security and
strong authentication to sensitive the HR application stores employee data management – SAP systems can take
resources (name and position) on the directory advantage of the built-in Kerberos
server. A different application such as integration in Active Directory. Not only
■ Full support for Kerberos 5 protocol project management can access this is the need for a separate SAP pass-
provides fast, single sign-on to information for its own purposes. word eliminated but the data channel
Windows 2000-based resources, between the SAP client and application
as well as to other environments Microsoft Active Directory is SAP server is encrypted.
that support this protocol BC-LDAP-USR certified ■ It speeds e-business deployment –
SAP certification indicates that the third- Both SAP and Microsoft are committed
■ Support for x.509 certificates and party interface has been tested for to providing built-in support for secure
public key infrastructure (PKI) Internet-standard protocols and
quality and approved at one of SAP’s
ensures interoperability with and authentication mechanism such as
Integration and Certification Centers (ICC).
deployment of extranet and Kerberos, public key infrastructure
e-commerce applications. Customers are assured to get: (PKI) and lightweight directory access
■ A product technically verified to work protocol (LDAP) over secure sockets
with SAP Business integrations, layer (SSL).
■ An interface that is ready to use and
release-stable,
■ Proof of verification with full documen-
tation and a corresponding certifica-
tion test procedure.
factsheet_Active 21.08.2002 11:31 Uhr Seite 3
Portal
Directory
R/3
System 1
Single
Authentication Sign on
R/3
System 2
Windows 2000
Domain others
Datacenter
Corporate
Directory
factsheet_Active 21.08.2002 11:31 Uhr Seite 4