cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Mobility by using PhoneGap and security issues.

Go to solution
Former Member

on ‎11-17-2012 10:23 AM

0 Kudos

Dear Experts,

Our management decide to go with  Sencha/jQuery and PhoneGap for many valid reasons.

but the main concern is the security issues.

Our SAP servers behind a firewall and it is not acceptable to access it directly. VPN was forbidden after virus attack.

So, i am planing to do the following.

We have a server that we can access it from the internet.

We will let the mobile apps to connect "Middleware" hosted in that server over https protocol. and that "Middleware" will communicate with SAP servers to fetch/post all required data.

It looks like this: Mobile Apps <--> "Middleware" <--> SAP ECC

Now, the "Middleware" can be costume web application or any thing else.

But i want something more advanced . so, the mobile apps will communicate and authenticate via it.

What did you think experts?

Regards,

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member184221
Contributor
‎11-19-2012 11:22 PM
0 Kudos

I suggest you use either SAP SUP (Sybase Unwired Platform) or SAP Netweaver Gateway as your mobility middleware.

The SUP middleware can use a Reversed proxy server called a "Relay Server" and this can be placed in a DMZ. For the extreemly paranoid a second DMZ can also be placed between the SAP ECC system and the SUP servers. The SUP server beyond the DMZ based Relay servers are unhackable from the internet because they only use inbound connections.

The SAP NW Gateway provides oData services to your application. It can also use SUP proxy services and Relay servers etc so again is completely safe.

Regarding mobile applicatiosn based on Phone Gap and Sencha/jQuery.

To use SUP alone you need to use the HWC (Hybrid web container), inside this container you can use either Sencha or jQueryMobile HTML5/CSS3/JS etc. Also you can call PhoneGap plugins.

To use NW Gateway (and SUP proxy) you can use PhoneGap with your Sencha or jQueryMobile app.

The choice is yours ....

Show replies
Show replies
Former Member
‎11-21-2012 6:24 PM
0 Kudos

Thanks David.

I am not going to use SUP.

Just to create service in SAP ECC via transaction SICF.

like this blog: http://scn.sap.com/community/mobile/blog/2011/01/17/extend-your-sap-jquery-mobile-web-app-with-html5...

Now i don't want direct connection to the service from phoneGap apps.

Can i use NW gateway ?

i meant , i want to install SAP NW gateway in DMZ and then NW gateway to SAP service.

what is the best practices to do that and how?

Thanks again.

former_member206242
Active Participant
‎11-21-2012 8:53 PM
0 Kudos

There are many questions here.

SUP is the SAP Enterprise Mobility Platform, which gives all mobility services.


The other aspect is your specific case, how will you realize the security & mobility aspects with out SUP? NW Gateway is an on premise solution, should not be exposed in DMZ for security reasons.

You can use a secure reverse proxy or network edge server in DMZ to connect the application to SAP Gateway or Backend services. There are many 3rd party options.

But SUP is the platform to solve all your mobility needs for now or future requirements.But the choice is yours.


Regards,

Nipun

Former Member
‎11-22-2012 9:03 AM
0 Kudos

Thanks Nipun.

SUP is a good platform but due to a lot of SAP customization,specific requirements, and licenses we want to go to with phoneGap for time being.

Can you elaborate more on 3rd party options?

Regards,

former_member184221
Contributor
‎11-22-2012 9:29 AM
0 Kudos

The article says the SICF creates a restful web service. NW Gateway is an alternative and creates an oData web service. Both of these are easily read from Javascript.

Its not the phoneGap that connects to either SICF or NW Gateway its the Javascript inside the phoneGap shell.

I would suggest that if you are rejecting SUP as the mobility middleware, that you consider NW Gateway instead as it has the more support and is part of the roadmap for SAP connection. .... and OData is so easy to connect to

koehntopp
Product and Topic Expert
Product and Topic Expert
‎11-22-2012 9:32 AM
0 Kudos

100% agree - going mobile means exposing ERP services to the world, which cannot be done cautiously enough.

Any kind of reverse proxy without authorization/device management capability will guarantee that ANY request from the internet will hit your ERP system (whether directly or through a reverse proxy in the DMZ does not change that!).

So, is your ERP infrastructure ready for a potential skript kiddy going wild and releasing 100000 http requests per minute against your services? None of these may actually find something vulnerable or get data, but you have to handle them.

Furthermore, if there is ANY kind of vulnerability in your backend service (authorization, buffer overflow, SQL injection, session handling etc.) you're in trouble.
Remember - anybody in the world can try...

You really want a piece of infrastructure between the internet and your ERP system that makes sure that only requests from registered devices _and_ authenticated users get through.

Frank.

former_member206242
Active Participant
‎11-23-2012 4:24 AM
0 Kudos

3rd party reverse proxies like Apache 2, Netscaler etc.


Regards,

Nipun

Answers (0)

Ask a Question