This section provides an overview of the communication paths used by SAP Landscape Management and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.

Your network infrastructure is extremely important for protecting your system. Your network must support the communications necessary for your business requirements without allowing unauthorized access. A well-defined network topology can eliminate many security threats based on software flaws (at both the operating system level and the application level) or prevent network attacks such as eavesdropping. If users cannot log on to your application or database servers at the operating system or database layer, there is no way for intruders to compromise the machines and gain access to the database or files of the backend system. Additionally, if users are not able to connect to the server LAN (local area network), they cannot exploit well-known bugs and vulnerabilities in network services on the server machines.

The network topology for SAP Landscape Management is based on the topology used by the SAP NetWeaver platform. Therefore, the security guidelines and recommendations described in the SAP NetWeaver Security Guide also apply to SAP Landscape Management.

SAP Landscape Management is an add-on to SAP NetWeaver and uses the ports from the SAP NetWeaver Application Server for Java. For more information, see the sections on SAP NetWeaver Application Server for Java Ports in the corresponding SAP NetWeaver Security Guides.

To guarantee the network security for SAP Landscape Management, check if:

• the corporate LAN is firewall-proteced

• separate networks with corresponding firewall rules are used

• communication protocols are used depending on the individual requirements