SAP Landscape Management 3.0, Enterprise Edition

Assets SAP Landscape Management Relies On

This section provides a non-comprehensive overview of security requirements of SAP Landscape Management.

The secure operation of SAP Landscape Management highly depends on the secure and trustworthiness of the consumed services and the infrastructure beneath.

SAP Landscape Management depends on secure communication for all communication channels as well as a secure runtime environment of the actual SAP Landscape Management components such as SAP NetWeaver Application Server for Java, operating systems, client browsers, network storages, managed systems hosts, and managed systems. SAP Landscape Management relies on a correct host name resolution and existing users for its operations. The users and host name resolution may also exist on the managed host only.

Asset

Rationale

Relevant Agents and Storages

Externally called services

SAP Landscape Management may call external services via web interfaces to trigger custom operations and hooks. SAP Landscape Management transfers internal data to these services that must be trustworthy.

  • SAP Landscape Management
  • Custom hooks
  • Custom operations
  • Communication channels

External event sources to SAP Landscape Management

SAP Landscape Management offers different web based interfaces to execute operations such as the REST API. Components calling SAP Landscape Management may run with very high privileges against SAP Landscape Management and thus must be secured accordingly.

  • SAP Landscape Management
  • External application channels
  • External communication channels

SAP Landscape Management repositories content

SAP Landscape Management relies on different repository types. Repositories serve as source to load executables that run on the managed hosts. Thus, the integrity of the executables must be guaranteed. In addition, when SAP Landscape Management mounts the storage configured or loads data from the repositories, authenticity must be ensured by the environment.

  • SAP Landscape Management repositories

  • SAP Landscape Management and managed resource including SAP Host Agents and connection to the repositories.

Integrity of partner adapters

Partner implementations are added to the runtime environment. SAP Landscape Management uses these implementations for managing the infrastructure.

  • SAP Landscape Management
  • Partner adapters

Custom operations and custom hooks

Custom operations and custom hooks may run on the managed hosts with SAPadm and root privileges. Depending on the operation, confidential data is transferred to them. Custom operations may trigger independent operations executed by SAP Landscape Management.

  • SAP Landscape Management
  • Custom operations
  • Custom hooks

Java post-copy automation

Java post-copy automation (Java PCA) is integrated as additional service. Since the Java PCA access the managed system with high privileges its integrity is of relevance.

 
Related Information