Network and Communication Security

Your network infrastructure is extremely important in protecting your system. Your network needs to support the communication necessary for your business needs without allowing unauthorized access. A well-defined network topology can eliminate many security threats based on software flaws (at both the operating system and application level) or network attacks such as eavesdropping. If users cannot log on to your application or database servers at the operating system or database layer, then there is no way for intruders to compromise the machines and gain access to the back-end system's database or files. Additionally, if users are not able to connect to the server LAN (local area network), they cannot exploit well-known bugs and security holes in network services on the server machines.

The communication between all components of the SAP NetWeaver Development Infrastructure (NWDI) uses HTTP. The network topology for the NWDI is based on the topology used by the SAP NetWeaver platform. Therefore, the security guidelines and recommendations described in the SAP NetWeaver Security Guide also apply to the NWDI.

If you are developing sensitive software, use the Secure Socket Layer (SSL) protocol to secure the communication routes between the server components of the development infrastructure and SAP NetWeaver Developer Studio. Activate SSL for HTTP communications in the Developer Studio and also on the AS Java servers on which the components of the NWDI run. Specify URL for HTTPS for the following connections:

URL of the CMS and the SLD in the CMS domain definition
URL of the DTR and the CBS in the CMS track definition
URL of the Name Server in the DTR configuration
URL of the SLD in the Developer Studio

Note

As an alternative to SSL, you can set up Virtual Private Networks (VPNs) for the communication routes. These also help to secure communications.

End of the note.

Note

If you download local copies of the objects to your workstation to process the resources, then these objects are no longer protected by the security features of the DTR. If you download objects, back up your local work directory at the operating system level.

End of the note.

Note

We recommend you operate the NWDI in the high-security area of your network zone because confidential data is handled.

End of the note.

Setting Up the SSL Protocol

To secure your communications with SSL, proceed as follows:

Configuring the use of SSL on the AS Java.
For information about how to set up an SSL connection from the DTR client in the SAP NetWeaver Developer Studio to a DTR, see Setting Up an SSL Connection to a DTR.
If you are working with development configurations, set up these development configurations for SSL. See Setting Up a Development Configuration for SSL.