SAP NetWeaver Master Data Management - SAP Help Portal .Application Server Java Security Guide SAP

  • View
    219

  • Download
    0

Embed Size (px)

Text of SAP NetWeaver Master Data Management - SAP Help Portal .Application Server Java Security Guide SAP

  • Security Guide

    SAP NetWeaver Master Data Management GDS 2.1

    Document Version: 1.05 2017-03-24

    CUSTOMER

    SAP NetWeaver Master Data Management Global Data Synchronization Option 2.1

  • 2

    CUSTOMER

    2017 SAP AG or an SAP affiliate company. All rights reserved

    SAP NetWeaver Master Data Management

    Typographic Conventions

    Typographic Conventions

    Type Style Description

    Example Words or characters quoted from the screen. These include field names, screen titles,

    pushbuttons labels, menu names, menu paths, and menu options.

    Textual cross-references to other documents.

    Example Emphasized words or expressions.

    EXAMPLE Technical names of system objects. These include report names, program names,

    transaction codes, table names, and key concepts of a programming language when they

    are surrounded by body text, for example, SELECT and INCLUDE.

    Example Output on the screen. This includes file and directory names and their paths, messages,

    names of variables and parameters, source text, and names of installation, upgrade and

    database tools.

    Example Exact user entry. These are words or characters that you enter in the system exactly as

    they appear in the documentation.

    Variable user entry. Angle brackets indicate that you replace these words and characters

    with appropriate entries to make entries in the system.

    EXAMPLE Keys on the keyboard, for example, F2 or ENTER .

  • SAP NetWeaver Master Data Management

    Document History

    CUSTOMER

    2017 SAP AG or an SAP affiliate company. All rights reserved. 3

    Document History

    Version Date Change

    1.04 2015-11-12 Added content from SAP Note 1905286 stating that the modification of

    initial passwords is mandatory.

    Moved the document content to a new template.

    1.05 2017-03-24 Updated for SP05.

    Added section Digital Asset Management.

    https://launchpad.support.sap.com/#/notes/1905286/E

  • 4

    CUSTOMER

    2017 SAP AG or an SAP affiliate company. All rights reserved

    SAP NetWeaver Master Data Management

    Table of Contents

    Table of Contents

    1 Introduction ................................................................................................................................... 5

    2 Before You Start ............................................................................................................................ 7

    3 Technical System Landscape ...................................................................................................... 9

    4 User Administration and Authentication ................................................................................. 10 4.1 User Management ............................................................................................................................... 10 4.2 User Data Synchronization .................................................................................................................. 13 4.3 Integration into Single Sign-On Environments .................................................................................. 13

    5 Authorizations ............................................................................................................................. 14

    6 Network and Communication Security ..................................................................................... 17 6.1 Communication Channel Security ...................................................................................................... 17 6.2 Network Security ..................................................................................................................................18 6.3 Communication Destinations ..............................................................................................................19

    7 Data Storage Security ................................................................................................................ 22

    8 Digital Asset Management ......................................................................................................... 23

    9 Security for Additional Applications ........................................................................................24 9.1 AS2 Adapter for SAP NetWeaver Exchange Infrastructure 3.0 / Process Integration ................ 24

    10 Other Security-Relevant Information ....................................................................................... 26

    11 Security-Relevant Logging and Tracing ................................................................................... 27

    12 Appendix ....................................................................................................................................... 28

  • SAP NetWeaver Master Data Management

    Introduction

    CUSTOMER

    2017 SAP AG or an SAP affiliate company. All rights reserved. 5

    1 Introduction

    Caution

    This guide does not replace the administration or operation guides that are available for productive

    operations.

    Target Audience

    Technology consultants

    Security consultants

    System administrators.

    This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation

    Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas

    the Security Guides provide information that is relevant for all life cycle phases.

    Why Is Security Necessary?

    With the increasing use of distributed systems and the Internet for managing business data, the demands on

    security are also on the rise. When using a distributed system, you need to be sure that your data and processes

    support your business needs without allowing unauthorized access to critical information. User errors,

    negligence, or attempted manipulation of your system should not result in loss of information or processing time.

    These demands on security apply likewise apply to the Global Data Synchronization (GDS) business scenario. To

    assist you in securing the business scenario, we provide this Security Guide.

    About this Document

    The Security Guide provides an overview of the security-relevant information that applies to the business

    scenario. If the business scenario consists of several application components, then it contains an overall overview

    as well as the individual guides for each of the underlying application components.

    Overview of the Main Sections

    The Security Guide comprises the following main sections:

    Before You Start

    This section contains information about why security is necessary, how to use this document and references

    to other Security Guides that build the foundation for this Security Guide.

    Technical System Landscape

  • 6

    CUSTOMER

    2017 SAP AG or an SAP affiliate company. All rights reserved.

    SAP NetWeaver Master Data Management

    Introduction

    This section provides an overview of the technical components and communication paths used by the

    business scenario.

    User Administration and Authentication

    This section provides an overview of the following user administration and authentication aspects:

    o Recommended tools to use for user management

    o User types that are required by the business scenario

    o Standard users that are delivered with business scenario

    o Overview of the user synchronization strategy, if several components or products are involved

    o Overview of how integration into Single Sign-On environments is possible.

    Authorizations

    This section provides an overview of the authorization concept that applies to the business scenario.

    Network and Communication Security

    This section provides an overview of the communication paths used by the business scenario and the security

    mechanisms that apply. It also includes our recommendations for the network topology to restrict access at

    the network level.

    Data Storage Security

    This section provides an overview of any critical data that is used by the business scenario and the security

    mechanisms that apply.

    Security for Third-Party or Additional Applications

    This section provides security information that applies to third-party or additional applications that are used

    with the business scenario.

    Dispensable Functions with Impacts on Security

    This section provides an overview of functions that have impacts on security and can be disabled or removed

    from the system.

    Other Security-Relevant Information

    This section contains information about:

    o Using a Web browser as a user front end.

    Security-Relevant Logging and Tracing

    This section provides an overview of the trace and log files that contain security-relevant information, for

    example, so you can reproduce activities if a security breach occurs.

    Appendix

    This section provides references to further information.

  • SAP NetWeaver Master Data Management

    Before You Start

    CUSTOMER

    2017 SAP AG or an SAP affiliate company. All rights reserved. 7

    2 Before You Start

    Fundamental Security Guides

    The global data synchronization (GDS) business scenario is built from the component applications. Therefore, the

    corresponding Security Guides also apply to the business scenario. Pay particular attention to the most relevant

    sections or specific re