General Comments Pertaining to the SNC Configuration
SNC protects the logical link between the end points of a communication. The link is initiated from one side (the initiator) and accepted by the other side (the acceptor). For example, when a SAP GUI starts a dialog connection to the SAP system application server, the SAP GUI is the initiator of the communication and the application server is the acceptor.
Both sides of the communication link need to specify SNC options.
The initiator must specify:
Whether the communication should use SNC protection
The SNC name of the communication partner (the target name)
The location of its own external library
The data protection level to apply
The acceptor must specify:
Whether or not it should only accept SNC-protected communications
Its own SNC name
The location of its own external library
The data protection levels to accept
Depending on the communication partners and types of communication you want to apply, you need to configure the settings in various places in the SAP system environment. You define the configuration either in the profile parameters, in initializing files, or by using the appropriate maintenance transactions. The sections Configuring SNC on the Application Server for ABAP and Configuring the Communication Partners to Use SNC explain in detail the steps you need to take to activate and configure each of the communication partners.
Before proceeding, you should be familiar with the following key words:
SNC Keywords for Parameterization
| Keyword | Description | Value |
|---|---|---|
|
SNC_MODE |
SNC activation indicator |
0: Do not apply SNC to connections 1: Apply SNC to connections |
|
SNC_MYNAME |
Initiator's SNC name |
<own_snc_name> |
|
SNC_PARTNERNAME |
Communication partner's SNC name |
<partner_snc_name> |
|
SNC_QOP |
Quality of Protection (security level) |
1: Apply authentication only 2: Apply integrity protection (includes authentication) 3: Apply privacy protection (includes integrity protection and authentication) 8: Apply the default protection 9: Apply the maximum protection |
|
SNC_LIB |
External security product's library |
Path and file name of the library |
The SNC Quality of Protection, (SNC_QOP, QoP) indicates the level of protection to apply to a communication path. Some external security products do not support all levels of protection. If you request a quality of protection level that is higher than that which is supported by your security product, then the system uses the highest available protection level of your product instead.