Show TOC Start of Content Area

Background documentation Enabling Application-to-Application Processes: Security Aspects

About This Document

All security aspects relevant to generic application-to-application (A2A) processes are already described in detail in the SAP NetWeaver Process Integration Security Guide. Therefore, this document only focuses on specific security aspects that apply when the Adapter Engine (Java SE) is used.

Note

The Adapter Engine (Java SE) is only supported for compatibility reasons and you should only use it if it is a precondition in your environment. You should not use it in B2B environments.

Target Groups

      Technical consultants

      System administrators

Overview

SAP NetWeaver Process Integration (PI) can be used for two main purposes:

      Intra-enterprise application integration (EAI) where company-internal heterogeneous applications communicate using PI. This is also known as A2A (application-to-application) communication.

      Inter-enterprise integration where companies exchange XML messages. This is also known as B2B (business-to-business) communication.

The variant A2A Integration of the scenario Enabling Application-to-Application Processes covers the A2A communication.

A2A Integration

Within this variant, the use of the Adapter Engine (Java SE) as an endpoint for A2A communication is described. For generic A2A processes, refer to the security guide for SAP NetWeaver PI.

The Adapter Engine (Java SE) is one of the PI messaging components responsible for message processing and protocol handling. This type of adapter engine was already available with XI 2.0 and merely requires a Java Virtual Machine to run. It can be used as a non-central adapter engine, but it hosts only a subset of the adapter functions and does not support standard security features such as security logs or integrated user management.

The following security aspects apply:

      Technical communication

The Adapter Engine (Java SE) does not access the exchange profile, because the connection data is kept locally. It does, however, register itself in the System Landscape Directory (SLD).

More information: Technical Communication

      User store

The Adapter Engine (Java SE) does not use the SAP user administration. Instead, it keeps user information in property files. Although sensitive data such as passwords is stored in an obfuscated form, we recommend that you also secure these property files by using the functions of your operating system.

More information: User Store

      Securing adapters running in the Adapter Engine (Java SE)

For a summary of how to secure adapters for running in this Adapter Engine, refer to Adapters Running in the Adapter Engine (Java SE).

 

End of Content Area