Show TOC

Configuration of the TREX Security SettingsLocate this document in the navigation structure


TREX finds information in unstructured and structured data. TREX provides SAP applications with services for searching and classifying large collections of documents and for searching and aggregating business objects.

Search and Classification (TREX) is based on a client/server architecture. The TREX client software (TREX ABAP client and TREX Java client) is integrated into the Application Servers ABAP and JAVA. The application using TREX can access the TREX functions through the TREX clients that allow access to the TREX servers (name server, preprocessor, Web server, and index server). The TREX servers execute requests from the clients: They index and classify documents and answer search queries.

Secure Communication Between TREX Components and the Application

You can configure secure communication between TREX and the application using it (for example, SAP Enterprise Portal or SAP Customer Relationship Management). Depending on the two type of applications that use TREX and the communication with TREX, the configuration of secure communication comprises the following areas:

  • Access to TREX through the ABAP client

    ABAP applications communicate with the TREX servers through the TREX ABAP client using the RFC/SNC protocol. Communication takes place using an Gateway and an RFC server.

  • Access to TREX Through the JAVA Client

    Java applications communicate with the TREX servers through the TREX Java client using the HTTP or HTTPS protocol. This communication takes place using a Web server that is enhanced with TREX-specific functions.

    • TREX Preprocessor and the Web Server of the Application (HTTPS)

      The TREX preprocessor requests the documents to be indexed via a Web server using HTTP. You can configure a secure HTTPS connection for this.

    • Specifying a Password for the Proxy Server

      If the TREX preprocessor request documents via a proxy server, you can specify a password that the preprocessor can use to authenticate itself with the proxy server.

    • TREX Web Server and TREX Java Client (HTTPS)

      The TREX Web server communicates with the TREX Java client in the J2EE Engine using HTTP. You can configure a secure HTTPS connection for transmitting search requests and results, commands, and entire document content.

    • TREX Web Server and TREX Name Server (HTTPS)

      The name server offers a watchdog function that serves to monitor the active TREX servers – in this case, the TREX Web server. If the TREX Java client and Web server are to communicate using the HTTPS protocol, you have to configure the name server for secure communication with the TREX Web server.

    • Secure Communication Between the TREX Servers (TREXNet)

      The TREX servers (name server, queue server, index server, preprocessor, and Web servers) communicate with each other using TREXNet. TREXNet is a communication protocol that was developed for TREX-internal communication.  Like HTTP and HTTPS, it is based on TCP/IP. You can configure the TREXNet communication protocol for secure communication.


Before configuring TREX security, read Using Cryptography Tools. This section contains fundamental information on the cryptography tools that you need for the configuration.

Secure Use of TREX Admin Tools

You can use various admin tools to monitor, administrate, and configure TREX. To use the TREX admin tools securely, use the SAP_BC_TREX_ADMIN role that is delivered together with the TREX ABAP client as part of the SAP NetWeaver Application Server ABAP. On the basis of this role, you can create users with predefined authorizations for the TREX admin tool in the SAP system and the TREX admin tool (standalone).

More Information:

Secure Use of TREX Admin Tools


You can protect the TREX admin tool (standalone) against unauthorized use by a TREX admin tool on another machine by using two root certificates when configuring secure communication:

  • One root certificate for the application that uses TREX, for example, SAP NetWeaver™ Enterprise Portal
  • One additional TREX-specific root certificate

    For information about how to proceed, see SAP Note 819143 TREX 6.1/7.0: Using TREX specific root certificate.

Important SAP Notes on Security

SAP Note Number




TREX 6.1/7.0: Netegrity SiteMinder Authentication


TREX 6.1/7.0 on Windows Server 2003 with non administrator user


TREX 6.1/7.0: Authorization object for TREX Admin Tool


TREX 6.1/7.0 Security: Using TREX specific root certificate


TREX 6.0/6.1/7.0: Cryptographic Software Apache Web Server