Show TOC

 Secure Network Communications (SNC)Locate this document in the navigation structure

Secure Network Communications (SNC) integrates SAP Single Sign-On or an external security product with SAP systems. With SNC, you strengthen security by using additional security functions provided by a security product that are not directly available with SAPsystems.

SNC protects the data communication paths between the various client and server components of the SAP system that use the SAP protocols RFC or DIAG. There are well-known cryptographic algorithms that have been implemented by the various security products, and with SNC, you can apply these algorithms to your data for increased protection.

Note

If you are using standard protocols such as HTTP, then you can use the Secure Sockets Layer (SSL) protocol to provide such protection.

Implementation Considerations

There are regulations in various countries that restrict the use of encryption in software applications. Pay close attention to the regulations that apply to your area of application.

Features
  • SNC secures the data communication paths between the various SAP system client and server components. There are well-known cryptographic algorithms that have been implemented by security products supported and with SNC, you can apply these algorithms to your data for increased protection.
  • With SNC, you receive application-level, end-to-end security. All communication that takes place between two SNC-protected components is secured (for example, between the SAP GUI for Windows and the application server).
  • You can use additional security features that SAP does not directly provide (for example, the use of smart cards).
  • You can change the security product at any time without affecting the SAP business applications.
Levels of Protection

There are three levels of security protection you can apply. They are:

  • Authentication only
  • Integrity protection
  • Privacy protection

Authentication only

When using authentication only, the system verifies the identity of the communication partners. This is the minimum protection level offered by SNC.

Note

No actual data protection is provided!

Integrity Protection

When using integrity protection, the system detects any changes or manipulation of the data which may have occurred between the two end points of a communication.

Privacy Protection

When using privacy protection, the system encrypts the messages being transferred to make eavesdropping useless. Privacy protection also includes integrity protection of the data. This is the maximum level of protection provided by SNC.

Constraints

The product that you use must meet the following requirements:

  • The product must provide the entire functionality defined in the GSS-API V2 (Generic Security Services Application Programming Interface Version 2) standard interface. SNC uses this interface to communicate with the security product.
  • The functions must be dynamically loadable.
  • The product must be available on platforms supported by SAP.
  • The product must be certified for use by SAP.
    Note

    The SAP Cryptographic Library is available with this release to be used by customers for SNC connections between system components. For more information, see Using the SAP Cryptographic Library for SNC and SAP Note 1848999 Information published on SAP site.