Start of Content Area

Component documentation SAP Security Guide XI Locate the document in its SAP Library structure

This graphic is explained in the accompanying text

This guide does not replace the daily operations handbook that we recommend customers to create for their specific productive operations.

About This Guide

The SAP Security Guide XI explains the security features included in SAP Exchange Infrastructure 3.0 (XI 3.0) and recommends how to apply these features to protect data and to maximize the confidentiality of data that passes through the SAP Exchange Infrastructure.

The Security Guide

·        describes recommended deployment scenarios

·        explains the data protection options offered by each component

·        contains a description of how to configure each component for secure communication

The Security Guide lists the tools that can be used to configure the various security features, but does not include detailed instructions on how to use these tools. For installation and configuration steps, see the references under Related Information in the Appendix.

Related Security Guides

Application

Guide

SAP Web Application Server

Structure linkSAP Web Application Server Security Guide

SAP NetWeaver

Structure linkSAP NetWeaver Security Guide

Why Is Security Necessary?

As the central infrastructure for exchanging business documents, XI has to make sure that the involved processes can be executed in a secure manner. Particular security requirements have to be considered if business partners communicate over the Internet.

XML messages may contain confidential business data. In order to protect them against eavesdropping and unauthorized access, the communication lines as well as the storage locations of XML messages need to be made secure.

In addition to the business data exchanged using XI, the various components of XI need to communicate with each other on a technical level in order to keep the infrastructure running. Security requirements apply to these technical communications as well, because confidential information such as user names and passwords may have to be sent or stored, or both.

Target Groups

·        Technical consultants

·        System administrators

This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereas the Security Guides provide information that is relevant for all time frames.

 

End of Content Area