Network and Transport Layer Security
Provide for security at the transport layer for securing connections between SAP NetWeaver components, for example, by using secure protocols such as Secure Sockets Layer (SSL).
We offer two types of transport layer security for connections with SAP systems. For connections that use Internet protocols such as HTTP or LDAP, we recommend using the Secure Sockets Layer (SSL) protocol. For SAP protocols such as RFC or dialog, use Secure Network Communications (SNC). See the table below.
|
Server Component |
Protocol |
Security Mechanism |
Comment |
|---|---|---|---|
|
SAP NetWeaver AS for ABAP |
HTTP LDAP |
SSL |
SSL is a quasi-standard protocol developed by Netscape. It is used with an application protocol, for example, HTTP. |
|
Dialog RFC |
SNC |
SNC is an interface that you can use to secure connections between SAP system components. |
|
|
SAP NetWeaver AS for Java |
HTTP P4 LDAP |
SSL |
See above |
|
RFC |
SNC |
See above |
If your product includes SAP Web Dispatcher, see the SAP Web Dispatcher documentation, for more information about transport layer security with that component.
Using transport layer security provides for the following protection:
-
Authentication
The communication partners can be authenticated. The following modes are possible:
-
Server-side authentication
With server-side authentication, the server identifies itself to the client when the connection is established, which reduces the risk of using fake servers to gain information from clients.
-
Client-side authentication
With client-side authentication, the client identifies itself when the connection is established. For example, you can use SSL or SNC for client-side authentication to authenticate users instead of using user IDs and passwords.
-
Mutual authentication
In this case, both the server and the client are authenticated.
-
-
Data integrity and privacy
The data being transferred between the client and the server is encrypted, which provides for integrity and privacy protection. An eavesdropper cannot access or manipulate the data.
We provide encryption software that is necessary for using SSL and SNC.
-
For SSL and SNC on SAP NetWeaver AS for ABAP, use the SAP Cryptographic Library.
-
For SSL on SAP NetWeaver AS for Java, use the SAP Java Cryptographic Toolkit
The distribution of the cryptographic software used with SAP systems is subject to and controlled by German export regulations and is not available to all customers. In addition, the software may be subject to local regulations of your own country that may further restrict the import, use, and (re)export of cryptographic software. If you have any further questions on this issue, contact your local SAP subsidiary.
The SAP Java Cryptographic Toolkit is delivered with the SAP NetWeaver AS for Java, however, to be able to use the software, you must download and install the corresponding jurisdiction policy files. This is part of the installation procedure.
The SAP Cryptographic Library is available for download on the SAP Software Download Center. It is available free-of-charge to customers for securing server-to-server connections. If you want to use SNC for front-end components (for example, SAP GUI for Windows), then you must purchase an SNC-certified partner product.
The table below shows how these products are used for the different components.
|
Security Product |
Security Mechanism |
Server Component |
|---|---|---|
|
SAP Cryptographic Library |
SSL |
SAP NetWeaver AS for ABAP |
|
SAP Cryptographic Library |
SNC |
SAP NetWeaver AS for ABAP (for server-to-server connections) |
|
Partner product |
SNC |
SAP NetWeaver AS for ABAP (for SAP GUI or other client-to-server connections) |
|
SAP Java Cryptographic Toolkit |
SSL |
SAP NetWeaver AS for Java |
|
SAP Cryptographic Library |
SNC |
SAP NetWeaver AS for Java (for connections to SAP NetWeaver AS for ABAP) |
