11-11-2013 5:28 PM
Hello,
We have our servers hosted at a remote site and we want to use SAPRouter to connect to this location and add SNC to encrypt connections.
The issue is that we don't have an Active Directory implemented and I was wondering if there are any options to implement SNC library for front end connections without using an Active Directory.
Thank you!
11-12-2013 12:01 PM
Hi Maria,
see my answers which are SAP centric.
Encryption of communication of SAP GUI to SAP System
For SCE Client Encryption a MS AD is required for SNC.
For SAP NW SSO you can use also enryption via certificates and without an MS AD.
Encryption of communication from SAP System to SAP System
SAPCRYPTOLIB --> no MS AD required
Regards
Matthias
11-11-2013 5:43 PM
11-11-2013 6:29 PM
Hi Tim,
Thank you for the quick reply. I am talking about using SNC to encrypt the DIAG protocol connection.
Maria
11-11-2013 6:35 PM
ok, thanks.
So, does user on workstation (where SAP GUI is running) logon to a local windows account ?
11-11-2013 8:38 PM
Hi Tim
Yes, they would logon to a local windows account.
Now, if we could possibly implement Active Directory but at our offices without including the servers at the remote site... would this help with the scenario?
Thank you
11-11-2013 11:02 PM
The workstation where SAP GUI is installed would need to be able to connect to Active Directory, but the SAP server where AS for ABAP is running does not need to connect to Active Directory. If you don't have Active Directory, then you will need another server which can be used to issue cryptographic keys for encrypting the session.
Actually, I am wondering why local accounts are used ? Doesn't this cause issues with controlling central password policy and controlling access to the systems ? How many workstations are involved ? Is it a lot ?
11-12-2013 4:07 PM
Hi Tim,
It is a very small business with few users and that's why the administration is minimal but security is still needed.
Thank you
11-12-2013 4:12 PM
ok, makes sense now.
So, you can implement MS AD and use SAP GUI Client Encryption SNC library (which is free). Or you can purchase a license for an SNC library from SAP (part of SAP NW SSO product) or from a SAP partner (such as the one I work for). If you purchase a product then you will also get added benefits such as SSO, not just encryption. As you are a small company, I would guess you want to go with the free option instead of buying licenses.
Thanks,
Tim
11-12-2013 8:49 PM
11-12-2013 12:01 PM
Hi Maria,
see my answers which are SAP centric.
Encryption of communication of SAP GUI to SAP System
For SCE Client Encryption a MS AD is required for SNC.
For SAP NW SSO you can use also enryption via certificates and without an MS AD.
Encryption of communication from SAP System to SAP System
SAPCRYPTOLIB --> no MS AD required
Regards
Matthias