a secure it infrastructure with sap netweaver

A Secure IT Infrastructure with SAP NetWeaver

Product Management Security

SAP AG

SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 2

Summary of SAP Today (Status: June 2004)

SAP AG in 2003 revenues: € 7.0 billion

� 79,800 installations

� More than 23,400 companies run SAP

� Providing more than 25 Industry Solutions

� 30,945 SAP employees (June 2004)

12 million users in 120+ countries team with us to

� Integrate their business processes

� Extend their competitive capabilities

� Get a better return on investment at a lower total cost of ownership

Unique Partner Ecosystem

� More than 1,500 partners

� Overall more than 180,000 SAP partner certificates


SAP´s Product Strategy

Without compromising on robustness, integration,

and functionality

From Here to ESA: Securely

News and Where to Find Information

SAP NetWeaver – The Platform

The Trouble with Security…


Integration is the Key Challenge

Business Drivers� Extended Value Network

� Increased Market Dynamics

Integration costs are high� Lots of heterogeneous systems

� Long integration projects

� IT environments becomeincreasingly rigid

Pressure on IT increases� Must leverage existing investments

� Must support new businessprocesses quicker

� Must reduce total cost of ownership (TCO)

CallCenter

ERP

Technical systems

PLM

Market Analysis

Trading

SCM

Document Mgmt

e-Sales

E-Procurement

Shai‘s Office, 2:29 AM


How to Address the Integration Challenge

Reduce complexity� Minimize the number of

connections through hubs

� Use only 1 platform to integrate allpeople, information, and systems

Reduce custom integration� Deliver .NET and J2EE

interoperability

� Deliver adaptors for ISV products

� Deliver products, not projects!

Increase company performance� Increase ease of use, scalability

and adaptability

� Increase business process flexibilityby using an Enterprise ServicesArchitecture

CallCenter

ERP

Technical systems

PLM

Market Analysis

Trading

SCM

Document Mgmt

e-Sales

E-Procurement



DB and OS Abstraction

.NET WebSphere…

People Integration

Com

posite A

pplication F

ram

ew

ork

Process IntegrationIntegration

BrokerBusiness Process

Management

Information Integration

BusinessIntelligence

KnowledgeManagement

Life

Cycle

Managem

ent

Portal Collaboration

J2EE ABAP

Application Platform

Multi-Channel Access

SAP NetWeaverSAP NetWeaver


Master Data Management

SAP NetWeaver is

the application andintegration platform

to unify and align

people,information and

business processes

across

technologies andorganizations.



People Integration

Com

posit

e A

pplication F

ram

ew

ork

Process Integration

Integration Broker

Business ProcessManagement

Information Integration


KnowledgeManagement

Life

Cycle

Managem

ent


J2EE ABAP

Application Platform


SAP NetWeaverSAP NetWeaver™™



SAP Mobile Infrastructure� Tight coupling and alignment

with SAP business solutions

SAP Enterprise Portal� Optimized Aggregation engine

� Roles

� KM & Collaboration

SAP Business Warehouse� Tight integration to SAP

� Open architecture (Crystal, Ascential)

� Business content

Master Data Management� Enables information integrity

across the business network

SAP Exchange Infrastructure� Proxy generation and mapping tools

� Integration directory

� SAP’s ability to execute

SAP Web Application Server� Proven, scalable, comprehensive toolsets

� Modernize existing infrastructure/skillets

SAP NetWeaver in Detail Product components and killer features

Integration Broker

Business ProcessManagement


KnowledgeManagement


J2EE ABAP





SAP Enterprise PortalUnify and Align People Across Technologies and Organizations

Openness

� Any source, any audience

� Interfaces for Java and .NET

� Platform independent

� Extensible Unification across Oracle, Siebel, Psft, SAP, …

Lower TCO

� Rapid content deployment

� High performance

� Lower development costs

� Simpler to admin

Built for

Business

� Business packages

� Role-based

� Robust security


SAP Enterprise PortalKnowledge Management and Collaboration

1st KM solution that abstracts from multiple sources

� Authoring, Feedback/ Ratings, Publish & Subscribe, Document Workflow, Versioning and Archiving, Indexing & Searching, Taxonomies for unstructured information

Real-time & asynchronous collaboration

� Enable team-driven business processes

� Fully integrated with portal user and role management

WE

BD

AV

SE

RV

ER

WE

BD

AV

SE

RV

ER

MS

EX

CH

AN

GE

MS

EX

CH

AN

GE

LOT

US

NO

TE

SLO

TU

S N

OT

ES

XM

L F

EE

DS

XM

L F

EE

DS

CR

M B

RO

CH

UR

EC

RM

BR

OC

HU

RE

FIL

E S

ER

VE

RF

ILE

SE

RV

ER

DO

CU

ME

NT

UM

DO

CU

ME

NT

UM

Knowledge Management

MicrosoftMicrosoft IBMIBM AndersenAndersen KPMGKPMG

PartnersPartners

TechnologyTechnology ConsultingConsulting


SAP Business Information WarehouseAggregate, Analyze Information Across Technologies and Orgs

Openness

� Information accessvia open standards

� 95% extract non-SAP data

Lower TCO

� Portal-based info delivery

� PSFT, Siebel, SAP, ...extractors

� Openhub to transport datato other systems

Built for Business

� End-to-end solution forenterprise-wide BI

� Business content for rapiddeployment

� Proven at 6000+ customer sites


SAP Master Data ManagementManage “The Business Network Environment”

SAP MDM enables information integrity

across the business network

� Services and support toconsolidate content, harmonize andcentrally manage master data

� Master data is defined through thebusiness environment, based ongeneric and industry specificelements (product data, customerdata, etc.)

� MDM is a vital part of SAPNetWeaver™

� Business Partner� Product� Product Structure� Assets� ...


SAP Exchange InfrastructureModel, Execute, Monitor Processes Across Technologies & Orgs

Integration ServerIntegration Server

IntegrationEngine

Integr.Repository

(Design TimeKnowledge)

Integr.Directory

(ConfiguredKnowledge)

AdditionalIntegrationServices

to business partners,marketplaces, ...

to internal 3 rd party or SAP components

ShareCollaborationKnowledge

Execute CollaborativeBusiness Processes

EnsureColl.Reliability

IntegrationMonitor

Openness� Based on open Java

and XML standards

� Supporting J2EE, ABAP and .Net

Lower TCO� One infrastructure

covering both internal and external integration (with SAP and non-SAP)

� A reliable and scalable infrastructure

� Separates integration from application code

Built for Business� Complete solution lifecycle covering design, develo p, deploy, and change

� Prepackaged SAP – SAP collaboration knowledge

� Ecosystem of non-SAP collaboration content


SAP Web Application ServerOpen System Architecture

Shared facilities� Common connectivity

� Common persistence

Shared benefits� Multi tier architecture

� Highly scalable andreliable

� Platform independence

Common connectivity� Different protocols

(SOAP, HTTP, SMTP,RFC, FTP)

� Expandable

� Advanced caching

Common persistence� Database independence

� Scalable transaction handling

� Caching

SAP Web Application ServerSAP Web Application Server

Persistence

Connectivity

Internet Communication Manager

Database Abstraction

Web Dynpro

Browser / PortalBrowser / Portal3rd party apps /exchange infr.

3rd party apps /exchange infr.

J2EE / ABAP

Web ServicesInfrastructure


OpportunityOpportunityOpportunityOpportunityInnovationInnovationInnovationInnovationFlexibilityFlexibilityFlexibilityFlexibility

TimelinessTimelinessTimelinessTimelinessAccuracyAccuracyAccuracyAccuracy

TransparencyTransparencyTransparencyTransparencySecuritySecuritySecuritySecurity

TechnologyTechnologyTechnologyTechnologyManageabilityManageabilityManageabilityManageability CIOCIOCIOCIO CFOCFOCFOCFO

CEOCEOCEOCEO

IT SecurityIT SecurityIT SecurityIT Security �� IT Risk ManagementIT Risk ManagementIT Risk ManagementIT Risk Management �� AuditingAuditingAuditingAuditing



… Is That There’s No Quick Fix

You probably have� Responsibility split across different divisions

� Different takes on what security means

� Incomplete policy coverage

You need� A holistic approach across the whole organization

� Sound strategy broken down into:� Policies

� Clear responsibilities

� The right technology to support this


SAP NetWeaver Security …

� … is based on industry standards

� … supports open interfaces to specialized security pro ducts

� … supports five key areas:

� Application security

� Secure user access

� Secure collaboration

� Infrastructure security

� Software lifecycle security


Application Security

mySAP Business Suite

Com

pone

nts

Custo

m a

pps

Part

ner apps

Virus scanning

Segregation of

duties

Data protection

Auditing

Regulatory

compliance Pla

tform

SAP NetWeaver


mySAP BusinessSuite: FI, CO, MM, …�� CUA child

systems

LDAPsynchronization

SAP Central UserAdministration

/ Web AS

Enterprise Portal

User ManagementEngine

DirectoryS

erverStorage

UME

EP 6.0

Telephony

E-mail

Operatingsystem

Otherapplications

Secure User Access - With Integrated User Management

Meta-DirectorySoftware


Secure User Access – With Company-Wide Single Sign-On

OpenInternet

standards

Enterprise boundary

3.1HR/3 4.6

FIFILOLO

HRHR

CRMCRMKWKW

SRMSRMSEMSEM

APOAPO

BWBW

CFMCFM

mySAP components

Legacy SAP systems3rd

party

Partner

SAPSAP

Inside

Outside

SAP

Internet servicesVarious Internet services

Different ERP

systems

Single Sign-On

SAP EP


Single Sign-On Mechanisms for SAP Systems

Based on Standards:

� Secure Network Communications (SNC) – GSS-API

� Secure Sockets Layer (SSL) and X.509 client certificat es

� SAP Logon Tickets

� Pluggable Authentication Services (PAS)

� Java Authentication and Authorization Service (JAAS)

� Security Assertion Markup Language (SAML)


Encryption

Non-Repudiation of receipt

Non-Repudiation of origin

Data Integrity

Signature

XI 3.0

RNIF*

XI 3.0

XI protocol

Availability

Levels of Security

Secure Collaboration - Message Security with XI

��

��

��

��

��

��

��

��

S/MIMEWS-Security (XML-Signature)

Technology

Focus of future security enhancements for XI

* RosettaNet Implementation Framework


Infrastructure Security - Secure Network Topology

Internet Outer DMZ

Proxies WebAS or otherWebservice

Inner DMZ

Internal workstation network

High security area

Applicationserver farm

FI

SRM

…

…

…


Internal workstation network

…With Encrypted Communications

Outer DMZ

Proxies

High security area

Applicationserver farm

Internet

FI

SRMWebAS or other

Webservice

Inner DMZ

SSLGSS-API

SSLGSS-API

SSLGSS-API

SSLGSS-API …

…

…


Software Life-Cycle Security

Security is a quality characteristic of SAP solutions

ITSEC E2 medium certification

� Re-evaluation according to Common Criteria currently underway

� Development and production processes have been eval uated and approved

SAP is the only provider with such a high level of certification for applications

SAP Security Consultant Certification

SAP Security Optimization Service

Coming soon: Security Bulletin Service


Federation

Policy & Trust

Authorization

SAP applications – Building on Industry Standards

Trust Infrastructure PKI

Transport Security SSL/TLS

Message Security

Authentication

XML Sig XML Enc

XACMLX.509 Certs

GSS

Kerberos

Core Security WS-Security

WS-Policy

SAML XCBF

Supported by SAP

XK

MS

DS

ML

SP

ML

WS-Trust WS-Privacy

WS-SecureConversation

WS-FederationWS-

Authorization

Future Work


Partners Providing Trust


Enterprise Services

Architectureis a service-oriented

architecture for adaptivebusiness solutions.

What is ESA?



Consolidate user managementSAP Web Application ServerConnect the User Management Engine to an LDAP direc tory and Central User Administration for a central point of administratio n

functionality

value

Val

ue

Unify and integrate user authentication SAP Web AS + SAP Enterprise PortalSingle sign-on: One logon to SAP EP provides access to all the information and functionality you need

Implement message security SAP XIDigitally protected business processes (SSF, XMLSig &Enc)

Add controls for modular business processes

SAP NetWeaverSupport for modular business processes and

IAM model with centralized management and decentralized enforcement

Are you Here?


Audit Information System – av. on SAP Web-AS

� The system audit is now available on the SAP Web Application Server and in all applications that runon it. Previously it was only available in the SAP softwarecomponent SAP_APPL (Logistics and Accounting)

� The system audit is part of the SAP auditing tool Audit Information System (AIS).

� This change is effective with:

� SAP Web AS 6.20, Support Package 43� and SAP Web AS 6.40 Support Package 5

For more information see SAP Note 754273

HOT NEWS

in 2004


sdn.s

ap.c

om

Where to Find Free Public Technical Information?

SAP DEVELOPER NETWORK (its free and public)


serv

ice.s

ap.c

om

Where to Find Application and Education Information?

SAP Service Marketplace /security


ww

w.s

ap.c

om

Where to Find Application and Education Information?

SAP Web page /germany/revis


SAP Security Web Information – Link Collection

http://sdn.sap.com

http://service.sap.com/security

http://service.sap.com/securityguide

http://service.sap.com/ais

http://www.sap.com/germany/aboutsap/revis

http://service.sap.com/education

serv

ice.s

ap.c

om


Thank You !

[email protected]


� No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.

� Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.

� Microsoft®, WINDOWS®, NT®, EXCEL®, Word®, PowerPoint® and SQL Server® are registered trademarks of Microsoft Corporation.

� IBM®, DB2®, DB2 Universal Database, OS/2®, Parallel Sysplex®, MVS/ESA, AIX®, S/390®, AS/400®, OS/390®, OS/400®, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere®, Netfinity®, Tivoli®, Informix and Informix® Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries.

� ORACLE® is a registered trademark of ORACLE Corporation.

� UNIX®, X/Open®, OSF/1®, and Motif® are registered trademarks of the Open Group.

� Citrix®, the Citrix logo, ICA®, Program Neighborhood®, MetaFrame®, WinFrame®, VideoFrame®, MultiWin® and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc.

� HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.

� JAVA® is a registered trademark of Sun Microsystems, Inc.

� JAVASCRIPT® is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.

� MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One.

� SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves information purposes only. National product specifications may vary.

Copyright 2004 SAP AG. All Rights Reserved

a secure it infrastructure with sap netweaver

Documents