Host SAP Landscape Management in a separate network segment with limited access for SAP Landscape Management users, SAP Landscape Management administrators, and infrastructure administrators.

Use special mechanisms within your network to secure your infrastructure components. These include repositories, name server, central user management, custom hooks, custom operations, and external applications.

To increase security, do not use any default passwords or default user names. We highly recommend that you use a different password for each agent. Make sure that your passwords are very strong especially if you use a default encryption password.

We recommend that you make independent system backups of your managed systems on a regular basis. Decouple the backup mechanism from any SAP Landscape Management authorization. Ensure that the backup jobs or infrastructure components used to store the backups cannot be accessed by SAP Landscape Management or any of its related components.

You can use the SAP Landscape Management SAP Test Data Migration Server (TDMS) feature to anonymize data after a system refresh procedure. This process copies the data from the source system and then scrambles it. During this time interval users have access to the original data. We recommend that you restrict access to the system until SAP Landscape Management completes the process without any errors or warnings. Depending on your scenario we also recommend that you manually check if the data was scrambled successfully.

SAP Landscape Management allows you to log operations and configuration changes in monitoring. Security-relevant events are written to the NW application and trace log files.