Scenarios for CTS RFC Communication

In the default scenario, the user TMSADM is set up as the service user for those transport administration tasks that are not security-critical.

Because the user TMSADM has only limited authorizations, the administrator needs to use his or her own user account when performing more critical operations not allowed for TMSADM. In this case, he or she must log on with user ID and a password each time he or she uses TMS to perform these operations. This means you can manage systems with differing security requirements in a single transport domain without the "non-secure" systems endangering the "secure" systems.

For more information about user TMSADM, see CTS User Administration and Authentication.

When using TMS Trusted Services, you set up a "trusted" relationship between the TMS systems. In this case, the user logging on is granted access based on this trust relationship, instead of having to log on with user ID and password. For more information, search for topic Network Security and Communication in the RFC/ICF Security Guide of the SAP NetWeaver Security Guide on SAP Help Portal at http://help.sap.com.

Note the following:

• The user ID in the calling system must be identical to the user ID in the target system.
• The client used in the target system is always 000.
• Authorizations are applied as defined in the target system.
  Caution Because the system with the lowest security requirements determines the level of security for all of the systems in the transport domain, only use TMS Trusted Services if it complies with your security policy.

For more information, see TMS Trusted Services.

If you have high security requirements, you can also use Secure Network Communications (SNC) to protect the RFC connections used by TMS. SNC provides authentication, data integrity protection, and data privacy protection for the communications at the network level.

For more information, see Activating Secure Network Communications and Transport Layer Security on SAP NetWeaver AS for ABAP.