cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sharing The SAP Solution Manager Among Other Customers

Go to solution
Former Member

on ‎10-04-2013 10:04 PM

0 Kudos

Hi Experts,

My company is planning to tie-up with a hosting company to host all our existing SAP Systems,

The hosting company is offering the SAP Solman by sharing their existing solution manager system,

Is there any risk for the data security, if we use shared solution manager or give the control on Solution manager to the Hosting company?

(as solution manager can  access all the Satellite Systems.)

Please let me know the advantages and disadvantages with the Shared Solution manager system.

Thanks and Regards

Kishore.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Lluis
Active Contributor
‎10-07-2013 11:18 AM
0 Kudos

Hello Kishore,

You can do that but with limitations, check that link that has more information about solution manager hosting service.

http://scn.sap.com/community/it-management/alm/solution-manager/blog/2012/12/14/no-more-excuses-for-...

You have to take care bout usage rich and license agreement before to do that, you have to contact your PSA, on the link you can read that:

"..This service is delivery exclusively by Run SAP partners who have certified consultants who can operate this innovative service to the highest standards, and, of course, will be in direct communication with SAP, to bring you the benefits of your SAP Enterprise Support contract, with a minimum investment...."

Regards,

Luis

Show replies
Show replies
Former Member
‎10-08-2013 8:23 PM
0 Kudos

Hi Luis,

The link is helpful....

But my question is how secure this solution of Hosting the Solution Manager  with SAP Solution Manager partner?

Thanks For your Response,

Kishore

Lluis
Active Contributor
‎10-08-2013 8:59 PM
0 Kudos

Hello Kishore,

What are the security requirements that solution manager has to fulfill ?

Regards,

Luis

Former Member
‎10-09-2013 1:08 AM
0 Kudos

Hi,

Do you know details about where they might be hosting all of your system.

All the system hosted by that company will be in different domain or have firewall between the solman? Is solution manager in a secure zone so that only those teams can have access which are open for solman?

If no firewall then who all can access to the solution manager? Who would be doing the config of the SOLMAN related to your system. can they restrict the access of your system by only that team who is maintaining your system. If you dont maintain access restriction you might have risk that some one who is not authorized for your system might change some details of your system.

If firewall then you will only have to burn the specific ports for solution manager to connect to satellite system and SMD agents. If solman in secure zone that you can restrict the access to some teams only.

You need to check who all will have access to the solution manager?So depending on your company policy

Above we are taking about two firewall.

users accessing solman ---> firewall------ > SOLMAN --------> Firewall -----> manage system.

Hope it helps.

Thanks

Rish abrol

Former Member
‎10-10-2013 3:13 PM
0 Kudos

Hi Luis,

As i was mentioning , the Solman System can talk to all the satellite systems via RFC connections, obviously we can remote login to those systems with RFC Connections.

Though we restrict these users with standard roles, as they can access the satellite systems, i suspect the security vulnerability there.

Can you suggest...

Kishore

prakhar_saxena
Active Contributor
‎10-10-2013 3:28 PM
0 Kudos

Hi Kishore

When we do remote logon the user id is switched from solman to satellite system

and if user exists with authorization then only i can access that system

e.g. from solar02 i click on VA02 transaction which can only open or run if i have a user id in ECC with VA02 authorization if not i will authorization error message

hope this clarifies

Regards

Prakhar

Lluis
Active Contributor
‎10-10-2013 6:23 PM
0 Kudos

Hello Kishore,

I understand that you ask about how secure is the RFC connection from your solution manager to other systems.

you can make that connection in different ways, from solman to managed system:

1.- RFC LOGIN

( that option is as well secure as when you are allowed to acces to a remote system trough login screen; someone give you an user and a password, so here no problems in secure )

2.- RFC TRUSTED and SSO

( with trusted connection and SSO  yo don't need to know user, and or password; for TRUSTED rfc connection there is an especial sao note that indicated that this option may not fulfil all secure conditions and can hava gap in vurnerability; the same for SSO but never see a confirmation fron SAP)

Found in SM100 course:

So, for managed system remote connection to solution manager, if you use RFC's with login screen all landscpae (solman and managed system) will be secure (as soon as a hacker read this ).

beside you can use trusted rfc connection trough saprouter vpn option, and that will give you more secure options trough saprouter -> vpn -> firewall -> dmz -> ba bla bla

hope that can help you,

Regards,

Luis

Former Member
‎10-11-2013 12:57 AM
0 Kudos

Hi,

If you are looking Connection wise you need to considerer all the details like.

READ,TWV,Trustes connection for Monitoring

SDM user password for CTS+ if any.

Are you going to use DBACOCKpit for database. You will have to share the sapsr3 password to cerate database connection.

Thanks

Rishi abrol

Answers (1)

Answers (1)

Former Member
‎10-06-2013 1:48 PM
0 Kudos

Hi,

As you have already said that your company is saying to give all the hosting to another company so they any how have all the system data .

The advantage is that one solution manager to manage all the system. I dont know what SLD setup they will have but usually they have Solman as central sld in this case. One transport management system. One system to send do all kind of monitoring.

Disadvantage is as this is collecting all the data performance issues as it collecting all the system data. If this solution manager is down or has error all the system are affected. If you want to get CHARM implemented then thing might be complex.

Thanks

Rishi Abrol

Show replies
Show replies
Ask a Question