TREX finds information in unstructured and structured data. TREX provides SAP applications with services for searching and classifying large collections of documents and for searching and aggregating business objects.
Search and Classification (TREX) is based on a client/server architecture. The TREX client software (TREX ABAP client and TREX Java client) is integrated in the Application Server ABAP and JAVA. The application using TREX can access the TREX functions through the TREX clients that allow access to the TREX servers (name server, preprocessor, Web server, and index server). The TREX servers execute requests from the clients: They index and classify documents and answer search queries.
You can configure secure communication between TREX and the application using it (for example, SAP Enterprise Portal or SAP Customer Relationship Management). Depending on the two type of applications that use TREX and the communication with TREX, the configuration of secure communication comprises the following areas:
Access to TREX through the ABAP client
ABAP applications communicate with the TREX servers through the TREX ABAP client using the RFC/SNC protocol. Communication takes place using an instance of the SAP Gateway and an RFC server.
Access to TREX through the JAVA client
Java applications communicate with the TREX servers through the TREX Java client using the HTTP or HTTPS protocol. This communication takes place using a Web server that is enhanced with TREX-specific functions.
TREX Preprocessor and the Web Server of the Application (HTTPS)
The TREX preprocessor requests the documents to be indexed via a Web server using HTTP. You can configure a secure HTTPS connection for this.
Specifying a Password for the Proxy Server
If the TREX preprocessor request documents via a proxy server, you can specify a password that the preprocessor can use to authenticate itself with the proxy server.
TREX Web Server and TREX Java Client (HTTPS)
The TREX Web server communicates with the TREX Java client in the J2EE Engine using HTTP. You can configure a secure HTTPS connection for transmitting search requests and results, commands, and entire document content.
TREX Web Server and TREX Name Server (HTTPS)
The name server offers a watchdog function that serves to monitor the active TREX servers – in this case, the TREX Web server. If the TREX Java client and Web server are to communicate using HTTPS protocol, you have to configure the name server for secure communication with the TREX Web server.
Secure Communication Between the TREX Servers (TREXNet)
The TREX servers (name server, queue server, index server, preprocessor, and Web servers) communicate with each other using TREXNet. TREXNet is a communication protocol that was developed for TREX-internal communication. Like HTTP and HTTPS, it is based on TCP/IP. You can configure the TREXNet communication protocol for secure communication.
Note
For an overview of the TREX security concepts, see Search and Classification (TREX) Security Guide and Network and Communication Channel Security.
Caution
Before configuring TREX security, read Using Cryptography Tools. This section contains fundamental information on the cryptography tool that you need for the configuration.
You can use various admin tools to monitor, administrate, and configure TREX. To use the TREX-Admin-Tools in secure form, you use the SAP_BC_TREX_ADMIN role, which is delivered together with the TREX ABAP client as part of the SAP NetWeaver Application Server ABAP. On the basis of this role, you can create users with predefined authorizations for the TREX admin tool in the SAP system and the TREX Admin Tool (Standalone).
Secure Use of TREX Admin Tools
Note
You can protect the TREX Admin Tool (Standalone) against unauthorized use by a TREX admin tool on another machine by using two root certificates when configuring secure communication:
One root certificate for the application that uses TREX, for example, SAP NetWeaver™ Enterprise Portal
An additional TREX-specific root certificate
Note
For a description of how to proceed, see SAP Note 819143 TREX 6.1/7.0: Using TREX-specific root certificate.
SAP Note Number |
Title |
Comments |
---|---|---|
671568 |
TREX 6.1/7.0: Netegrity SiteMinder Authentication |
|
752950 |
TREX 6.1/7.0 on Windows Server 2003 with non administrator user |
|
766516 |
TREX 6.1/7.0: Authorization object for TREX Admin Tool |
|
819143 |
TREX 6.1/7.0 Security: Using TREX-specific root certificate |
|
620169 |
TREX 6.0/6.1/7.0: Cryptographic Software for Apache Web Server |