Start of Content Area

Component documentation Configuration of the TREX Security Settings  Locate the document in its SAP Library structure

Purpose

TREX finds information in unstructured and structured data. TREX provides SAP applications with services for searching and classifying large collections of documents and for searching and aggregating business objects.

Search and Classification (TREX) is based on a client/server architecture. The TREX client software (TREX ABAP client and TREX Java client) is integrated in the Application Server ABAP and JAVA. The application using TREX can access the TREX functions through the TREX clients that allow access to the TREX servers (name server, preprocessor, Web server, and index server). The TREX servers execute requests from the clients: They index and classify documents and answer search queries.

 

This graphic is explained in the accompanying text

 

Secure Communication Between TREX Components and the Application

You can configure secure communication between TREX and the application using it (for example, SAP Enterprise Portal or SAP Customer Relationship Management). Depending on the two type of applications that use TREX and the communication with TREX, the configuration of secure communication comprises the following areas:

      Access to TREX through the ABAP client

ABAP applications communicate with the TREX servers through the TREX ABAP client using the RFC/SNC protocol. Communication takes place using an instance of the SAP Gateway and an RFC server.

       Configuring SNC on TREX Side

       Configuring SNC on Application Side (SAP Web AS)

       Joining TREX and Application Security Information

      Access to TREX through the JAVA client

Java applications communicate with the TREX servers through the TREX Java client using the HTTP or HTTPS protocol. This communication takes place using a Web server that is enhanced with TREX-specific functions.

       TREX Preprocessor and the Web Server of the Application (HTTPS)

The TREX preprocessor requests the documents to be indexed via a Web server using HTTP. You can configure a secure HTTPS connection for this.

       Specifying a Password for the Proxy Server

If the TREX preprocessor request documents via a proxy server, you can specify a password that the preprocessor can use to authenticate itself with the proxy server.

       TREX Web Server and TREX Java Client (HTTPS)

The TREX Web server communicates with the TREX Java client in the J2EE Engine using HTTP. You can configure a secure HTTPS connection for transmitting search requests and results, commands, and entire document content.

       TREX Web Server and TREX Name Server (HTTPS)

The name server offers a watchdog function that serves to monitor the active TREX servers – in this case, the TREX Web server. If the TREX Java client and Web server are to communicate using HTTPS protocol, you have to configure the name server for secure communication with the TREX Web server.

       Secure Communication Between the TREX Servers (TREXNet)

The TREX servers (name server, queue server, index server, preprocessor, and Web servers) communicate with each other using TREXNet. TREXNet is a communication protocol that was developed for TREX-internal communication.  Like HTTP and HTTPS, it is based on TCP/IP. You can configure the TREXNet communication protocol for secure communication.

Note

For an overview of the TREX security concepts, see Search and Classification (TREX) Security Guide and Network and Communication Channel Security.

Caution

Before configuring TREX security, read Using Cryptography Tools. This section contains fundamental information on the cryptography tool that you need for the configuration.

Secure Use of TREX Admin Tools

You can use various admin tools to monitor, administrate, and configure TREX. To use the TREX-Admin-Tools in secure form, you use the SAP_BC_TREX_ADMIN role, which is delivered together with the TREX ABAP client as part of the SAP NetWeaver Application Server ABAP. On the basis of this role, you can create users with predefined authorizations for the TREX admin tool in the SAP system and the TREX admin tool (stand-alone).

More Information

Secure Use of TREX Admin Tools

Note

You can protect the TREX admin tool (stand-alone) against unauthorized use by a TREX admin tool on another machine by using two root certificates when configuring secure communication:

       A root certificate for the application that uses TREX, for example, SAP NetWeaver™ Enterprise Portal

       An additional TREX-specific root certificate

Note

For a description of how to proceed, see SAP Note 819143 TREX 6.1/7.0: Using TREX-specific root certificate.

Important SAP Notes on the subject of security

SAP Note Number

Title

Comments

671568

TREX 6.1/7.0: Netegrity SiteMinder Authentication

 

752950

TREX 6.1/7.0 on Windows Server 2003 with non administrator user

 

766516

TREX 6.1/7.0: Authorization object for TREX Admin Tool

 

819143

TREX 6.1/7.0 Security: Using TREX-specific root certificate

 

620169

TREX 6.0/6.1/7.0: Cryptographic Software for Apache Web Server

 

 

 

 

 

 

 

End of Content Area