Unified Connectivity: Concept
The Unified Connectivity Framework (UCON Framework) provides various scenarios which you can use to optimize the protection of your RFC and HTTP(S) communication against unauthorized access.
RFC
You can use the RFC Basic scenario to increase the security of your RFC communication. This scenario minimizes the number of RFC functions visible externally and so reduces the interface for external access.-
RFMs are only used to a small extent in the ABAP server for communication with other systems or clients. RFMs are mainly called to realize asynchronous scenarios or load balancing/parallelization.
These RFMs must also not be visible to the outside. This is also true for those RFMs that can be reached from the outside that are not necessary for the scenarios in the actual system and can therefore not be used.
-
Until now, external access to the function modules using RFC was restricted/controlled exclusively by special authorization checks and the corresponding roles with purpose-specific assignments to users.
Unified Connectivity also provides more simple and more comprehensive control about which RFMs can be called by other systems: An RFM can only be called externally if it is assigned to a Communication Assembly (CA) that in turn is configured to be linked to a virtual host.
External access is blocked for all other RFMs that are not assigned to a CA. In this way it is possible to control and restrict external access to RFMs independently from the user context.
HTTP/HTTPS
To monitor HTTP(S) calls, the UCON Framework provides a tool for managing HTTP whitelists. You can specify whether certain HTTP(S) calls are to be allowed or blocked by your system.