Transport Layer Security (SAP Library - SAP NetWeaver CE Security Guide)

Transport Layer Security

For an overview of the communication protocols and the corresponding security mechanisms for the AS Java, see the figure below.

This graphic is explained in the accompanying text

AS Java Communication Paths and Protocols.

Depending on the underlying communication protocol of the AS Java, you can use either the Internet standard Secure Socket Layer (SSL) or Secure Network Communications (SNC). The transport layer security functions on the AS Java use the security provider libraries and the AS Java security environment. You specify the security provider and the secure store security options during the AS Java installation. For more information, see Transport Layer Security in the Administration Manual.

Caution

SSL on the AS Java is not configured by default. For more information about enabling the use of SSL, see Configuring the Use of SSL on the AS Java.

For information specific to each of the communication protocols used by the AS Java, see the table below.

Protocol	Security Mechanism	Comment
HTTP	Secure Socket Layer (SSL)	P4 is the transfer protocol for Java specific Remote Method Invocation (RMI) communication. This protocol is used for remote deployment, as transport layer for JMS (Java Message Service) protocol, and remote method invocations of custom remote objects bind in naming.. For more information, see Configuring the Use of SSL on the AS Java in the Administration Manual.
P4	Secure Socket Layer (SSL)	P4 is the transfer protocol for Java specific Remote Method Invocation (RMI) communication. This protocol is also used for communication between the SDM server and the AS Java. P4 supports HTTP tunneling and can also be used with proxies. For more information, see Using P4 Protocol Over a Secure Connection in the Administration Manual.
IIOP	Secure Socket Layer (SSL)	IIOP is an alternative transfer protocol to use for RMI communication requests. You can also use IIOP for communication with CORBA application servers. Transport Layer Security for the IIOP protocol is provided by SSL. For more information, see Configuring the AS Java for IIOP Security in the Administration Manual.
LDAP	Secure Socket Layer (SSL)	You can use an LDAP directory server as the persistence layer for the UME user store. You can use SSL for the Transport Layer Security in this case.
RFC	Secure Network Communications (SNC)	SNC is an SAP proprietary layer used with the SAP communication protocols RFC and DIAG. For more information, see Secure Network Communications (SNC) in the SAP NetWeaver Security Guide
JDBC	driver-dependent	JDBC is a communication protocol for connecting to databases. Transport Layer Security for database connectivity is provided by the driver used to connect to the database.
Telnet	Virtual Private Network (VPN)	Telnet is used for remote administration using Shell Admin tool. We recommend establishing a virtual private network to secure the connection. For more information, see Remote Administration Using Telnet in the Administration Manual
Session	N/A	Session is a type of communication protocol that is used only between the Internet Communication Manager (ICM) and the server processes in the AS Java cluster. These elements exist in the same security context of an AS Java instance and, therefore, no transport security is necessary.

See also:

Administration Manual:

● Configuring the Use of SSL on the AS Java

● Using SSL to the AS Java via the ICM

● Using SSL With an Intermediary Server

● Configuring SNC: AS Java -> AS ABAP