Configuration of the TREX Security
Settings 
Purpose
Search and Classification (TREX) is based on a client/server architecture. The TREX client software is integrated into the application that uses TREX (as a TREX service the TREX Java client is part of the J2EE Engine). It enables access to the TREX servers (name server, preprocessor, Web server, and index server). The TREX servers execute requests from the clients: They index and classify documents and answer search queries.
Secure Communication Between TREX Components and the Application
You can configure secure communication between TREX and the application using it (for example, SAP Enterprise Portal or SAP Customer Relationship Management).
Before configuring TREX security read Using the Cryptography Tool. This section contains fundamental information on the cryptography tool that you need for the configuration.
The configuration of secure communication comprises the following areas:
· TREX preprocessor and application Web server (HTTPS)
The TREX preprocessor requests the documents to be indexed via a Web server using HTTP. You can configure a secure HTTPS connection for this.
· Specifying the password for the proxy server
If the TREX preprocessor request documents via a proxy server, you can specify a password that the preprocessor can use to authenticate itself with the proxy server.
· TREX Web server and TREX Java client (HTTPS)
The TREX Web server communicates with the TREX Java client in the J2EE Engine using HTTP. You can configure a secure HTTPS connection for transmitting search requests and results, commands, and entire document content.
· TREX Web server and TREX name server (HTTPS)
The name server offers a watchdog function that serves to monitor the active TREX servers – in this case, the TREX Web server. If the TREX Java client and Web server are to communicate using HTTPS protocol, you have to configure the name server for secure communication with the TREX Web server.
· Secure communication between the TREX servers (TREXNet)
The TREX servers (name server, queue server, index server, preprocessor, and Web servers) communicate with each other using TREXNet. TREXNet is a communication protocol developed for TREX-internal communication. Like HTTP/HTTPS, it is based on TCP/IP. You can configure the TREXNet communication protocol for secure communication.
Secure Use of the TREX Admin Tool in the SAP System
You can use various admin tools to monitor, administrate, and configure TREX.
You can configure the TREX admin tool in the SAP system for secure communication by assigning roles and profiles to the authorization object S_TREX_ADM.
Secure Use of the TREX admin tool (Stand-Alone)
You can protect the TREX admin tool (stand-alone) against unauthorized use by a TREX admin tool on another machine by using two root certificates when configuring secure communication:
· A root certificate for the application that uses TREX, for example, SAP NetWeaver™ Enterprise Portal
· An additional TREX specific root certificate
For a description of how to proceed, see SAP Note 819143 TREX 6.1/7.0: Using TREX specific root certificate.
Important SAP Notes on the Subject of Security
SAP Note Number |
Title |
Comments |
671568 |
TREX 6.1/7.0: Netegrity SiteMinder Authentication |
|
752950 |
TREX 6.1/7.0 on Windows Server 2003 with non administrator user |
|
766516 |
TREX 6.1/7.0: Authorization object for TREX Admin Tool |
|
819143 |
TREX 6.1/7.0 Security: Using TREX specific root certificate |
|