cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Exposing SAP ECC over internet security concerns

Former Member

on ‎05-26-2016 9:58 AM

0 Kudos

Dear All,

We are on SAP ECC 6.0 EHP7 (NW 7.4). We have developed some of the ODATA services in ECC which we need to provide to external mobile application. For this, we need to expose ECC on internet. We have SAP web dispatcher 7.4 available in DMZ zone. Please suggest

1. Routing access from internet(mobile app) via web dispatcher to ECC

2. Allow only Odata services via webdispatcher url filter

Is this safe way or there is any other safer mechanism.

Thank you

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

IanSegobio
Advisor
Advisor
‎05-30-2016 2:22 PM
0 Kudos

Hello Pankaj,

The safest way would be to implement web dispatcher with SSL re-encryption and configuring the permitted request paths through the relevant profile parameter, like mentioned at the following WIKI document:

Configuring the Web Dispatcher for Multiple Systems - Clarifications and Examples - Application Serv...

Cheers,

Ian Segóbio.

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎06-16-2016 12:09 AM
0 Kudos

Hello Pankaj,

The Web Dispatcher as a URL filter - Application Server Infrastructure - SCN Wiki can assist you with the URL filter (e.g., to allow only the OData URLs).

Cheers!

Isaías

Johan_sapbasis
Active Contributor
‎06-16-2016 8:30 AM
0 Kudos

Hi,

What you should do is use the filtering option suggested by isaias as well as the ssl re-encryption from Ian.

This basically means when the https traffic enters the webdispatcher it destructed and re-encrypted before being send onto the ECC backend server. The reverse also holds true when returning traffic hits webdispatcher is is destructed and re-encrypted before being send back out on the web.

The notes you need to look at is:

538405 - SAP Web Dispatcher: composite note

510007 - Setting up SSL on Application Server ABAP

Kind Regards,

Former Member
‎05-30-2016 8:24 AM
0 Kudos

What I would suggest since Webdispatcher is in the DMZ is to configure HTTPS access to web dispatcher and from web dispatcher to ECC

Show replies
Show replies
Ask a Question