Assets SAP Landscape Management Relies On
This section provides a non-comprehensive overview of security requirements of SAP Landscape Management.
The secure operation of SAP Landscape Management highly depends on the secure and trustworthiness of the consumed services and the infrastructure beneath.
SAP Landscape Management depends on secure communication for all communication channels as well as a secure runtime environment of the actual SAP Landscape Management components such as SAP NetWeaver Application Server for Java, operating systems, client browsers, network storages, managed systems hosts, and managed systems. SAP Landscape Management relies on a correct host name resolution and existing users for its operations. The users and host name resolution may also exist on the managed host only.
Asset |
Rationale |
Relevant Agents and Storages |
---|---|---|
Externally called services |
SAP Landscape Management may call external services via web interfaces to trigger custom operations and hooks. SAP Landscape Management transfers internal data to these services that must be trustworthy. |
|
External event sources to SAP Landscape Management |
SAP Landscape Management offers different web based interfaces to execute operations such as the REST API. Components calling SAP Landscape Management may run with very high privileges against SAP Landscape Management and thus must be secured accordingly. |
|
SAP Landscape Management repositories content |
SAP Landscape Management relies on different repository types. Repositories serve as source to load executables that run on the managed hosts. Thus, the integrity of the executables must be guaranteed. In addition, when SAP Landscape Management mounts the storage configured or loads data from the repositories, authenticity must be ensured by the environment. |
|
Integrity of partner adapters |
Partner implementations are added to the runtime environment. SAP Landscape Management uses these implementations for managing the infrastructure. |
|
Custom operations and custom hooks |
Custom operations and custom hooks may run on the managed hosts with SAPadm and root privileges. Depending on the operation, confidential data is transferred to them. Custom operations may trigger independent operations executed by SAP Landscape Management. |
|
Java post-copy automation |
Java post-copy automation (Java PCA) is integrated as additional service. Since the Java PCA access the managed system with high privileges its integrity is of relevance. |