Show TOC Start of Content Area

Background documentation Network and Communication Security  Locate the document in its SAP Library structure

Your network infrastructure is extremely important in protecting your system. Your network needs to support the communication necessary for your business needs without allowing unauthorized access. A well-defined network topology can eliminate many security threats based on software flaws (at both the operating system and application level) or network attacks such as eavesdropping. If users cannot log on to your application or database servers at the operating system or database layer, then there is no way for intruders to compromise the machines and gain access to the back-end system’s database or files. Additionally, if users are not able to connect to the server LAN (local area network), they cannot exploit well-known bugs and security holes in network services on the server machines.

The communication between all components of the SAP NetWeaver Development Infrastructure (NWDI) uses HTTP. The network topology for the NWDI is based on the topology used by the SAP NetWeaver platform. Therefore, the security guidelines and recommendations described in the SAP NetWeaver Security Guide also apply to the NWDI.

For more information, see the following sections in the SAP NetWeaver Security Guide:

      Network and Communication Security

      Security Guides for Connectivity and Interoperability Technologies

If you are developing sensitive software, use the Secure Socket Layer (SSL) protocol to secure the communication routes between the server components of the development infrastructure and SAP NetWeaver Developer Studio. Activate SSL for HTTP communications in the Developer Studio and also on the AS Javas on which the components of the NWDI run. Specify URL for HTTPS for the following connections:

      URL of the CMS and the SLD in the CMS domain definition

      URL of the DTR and the CBS in the CMS track definition

      URL of the Name Server in the DTR configuration

      URL of the SLD in the Developer Studio

Note

As an alternative to SSL, you can set up Virtual Private Networks (VPNs) for the communication routes. These also help to secure communications.

Caution

If you download local copies of the objects to your workstation to process the resources, then these objects are no longer protected by the security features of the DTR. If you download objects, back up your local work directory at the operating system level.

Recommendation

We recommend you operate the NWDI in the high-security area of your network zone because confidential data is handled. For more information, see Network Topology. The same applies to the ports used. For more information, see Network Services.

Setting Up the SSL Protocol

To secure your communications with SSL, proceed as follows:

      Configuring the Use of SSL on the AS Java,

      For information about how to set up an SSL connection from the DTR client in the SAP NetWeaver Developer Studio to a DTR, see Setting Up an SSL Connection to a DTR.

      If you are working with development configurations, set up these development configurations for SSL. See Setting Up a Development Configuration for SSL.

End of Content Area