cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 10.1 Access Request - Connecting up to 100 systems

Go to solution
Former Member

on ‎02-25-2016 12:27 PM

0 Kudos

Hi everyone,

I would like to ask fo a piece of advice from you.

We are working on a Proof of Concept to configure GRC Access Request Management for the non-production provisiong within our project.

Currently we use a custom program to provision all the systems across our landscape and we would like to move all this process to GRC.

We manage around 100 systems (sandbox+development+QA), including HANA and BPC systems.

All the information we came across refers to a couple of systems, so we would like to ask for your advice here.

Creating 100 connectors doesn't seem feasible, it could be possible to connect these environments using RFCs? How are those connections usually managed in this kind of situations?

Thanks a lot in advance,

Bea

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

kevin_tucholke1
Contributor
‎02-25-2016 4:55 PM
0 Kudos

Bea:

Not sure I understand the question.  All SAP AC connectors start at the point of an RFC Destination.

I have implemented SAP AC with as many as 80 sytems and 11 landscapes with no issue.  But each one has to have its own RFC Destination.

Let me know if that helps.

Kevin Tucholke

SAP America

Show replies
Show replies
Former Member
‎02-25-2016 5:08 PM
0 Kudos

Hi Kevin,

Thanks for your response. So you mean that you have created 80 connectors (with their corresponding RFC), one per system, and it's still manegable from GRC standpoint?

Regards,

Bea

kevin_tucholke1
Contributor
‎02-25-2016 10:52 PM
0 Kudos

Bea:

Yes, this is managable.  As always, the more systems, the more data needs to be entered so from a functional standpoint there must be a realization of the amount of support required to 'keep the lights on" if you will.

Thanks.

Kevin.

Former Member
‎02-26-2016 9:13 AM
0 Kudos

Thank you very much Kevin, your reply has been really helpful

Answers (1)

Answers (1)

Former Member
‎02-26-2016 1:50 PM
0 Kudos

Hi Bea,

Just to echo what Kevin said, this is definitely feasible. I've had GRC manage 400+ end point connected systems and it stood up to the work load.  A few items to consider when connecting such a high # of systems:

  • SM59 RFCs - Consider scripting to load these in an automated fashion especially since they aren't transportable
  • Connector Group strategy - map out you design here ahead of time. It can go a long way towards streaming data & maintenance across so many connectors. If you are on a transport path, I feel like setting up all the SM59s in dev (you can leave connection info blank in dev if you don't want them "on") is important so you can do all the connector-specific config one time & transport
  • Prioritize & monitor background jobs - make sure your important / highly utilized end points are staying on schedule with repository syncs
  • Provisioning Failures - Inevitably if some of your requests end up containing 100+ systems across a non-prod landscape, something will be down or unreachable for GRC.  Plan the approach for handling these failures in GRC
  • Business Roles - great way to grant "Security Admin" access across a ton of connected systems within 1 role

-Nate

Show replies
Show replies
Former Member
‎03-04-2016 11:45 AM
0 Kudos

Thanks for the suggestions Nate, we'll take them into account for our project

Ask a Question