To establish the optimum level of security for your landscape, the following scenarios for RFC communication are available:
In the default scenario, the user TMSADM is set up as the service user for those transport administration tasks that are not security-critical.
Because the user TMSADM has only limited authorizations, the administrator needs to use his or her own user account when performing more critical operations not allowed for TMSADM. In this case, he or she must log on with user ID and a password each time he or she uses TMS to perform these operations. This means you can manage systems with differing security requirements in a single transport domain without the "non-secure" systems endangering the "secure" systems.
For more information about user TMSADM, see CTS User Administration and Authentication.
When using TMS Trusted Services, you set up a "trusted" relationship between the TMS systems. In this case, the user logging on is granted access based on this trust relationship, instead of having to log on with user ID and password. For more information, search for topic Network Security and Communication in the RFC/ICF Security Guide of the SAP NetWeaver Security Guide on SAP Help Portal at http://help.sap.com.
Note the following:
For more information, see TMS Trusted Services.
If you have high security requirements, you can also use Secure Network Communications (SNC) to protect the RFC connections used by TMS. SNC provides authentication, data integrity protection, and data privacy protection for the communications at the network level.
For more information, see Activating Secure Network Communications and Transport Layer Security on SAP NetWeaver AS for ABAP.