Visual Composer is deployed to a single J2EE Web Application Server (or to a cluster), rather than to a distributed environment. Therefore, there are no specific network security considerations apart from those that apply to SAP NetWeaver Portal, J2EE server, or any NetWeaver Application Server Java and/or application.
The network topology for Visual Composer is based on the topology used by the SAP NetWeaver platform. Therefore, the general security guidelines and recommendations described in the SAP NetWeaver Security Guide also apply to Visual Composer. Details that specifically apply to Visual Composer are described in the following topics.
The following figure illustrates the communication paths used by Visual Composer.
The following table provides detailed information on the communication paths used by Visual Composer, the protocols used for the connection and the type of data transferred.
Communication Path |
Protocol Used |
Type of Data Transferred |
Data Requiring Special Protection |
---|---|---|---|
Storyboard (client) to Visual Composer Server |
XML over HTTP (or HTTPS)* |
Model data, requests from the Visual Composer server |
Model data |
Storyboard (client) to portal |
XML over HTTP (or HTTPS)* |
Deployment data, requests for data services and responses, generated application code |
Generated application code |
Visual Composer portal components to back-end systems For discovery of functions, testing data services and others. |
Using the connector framework |
Application data, function metadata |
Application data |
* HTTPS is highly recommended in order to ensure secure transfer of deployment files.
Caution
With the newly-added feature that enables the definition of web service systems directly from Storyboard, user mapping information is sent to the server without encryption. In this case especially, we recommend that you install a Secure Sockets Layer (SSL) on your HTTP connection.