on 07-31-2008 5:50 AM
Hi ;
I want to give access of my servers to SAP for this i have opened the connection to our servers.
Now when SAP support persons try to connect they receive a message SNC connection failed.
In Marketplace from its showing the connection as open but why the SNC connection is getting failed.
Please help me in rectifying the problem.
Thanks and regards
Tushar Pathak
Hi Tushar,
This will help you.
Hi,
SAProuter/SNC via Internet
u2022 SNC secured SAProuter u2013 SAProuter connections are established between SAP and the customeru2019s SAProuter to provide data confidentiality and integrity services. These SNC connections complement the leased lines in the current SAPNet R/3 Frontend environment. State-of-the-art encryption, authentication, and access control technology will be employed. No additional hardware compared to a leased-line setup is required at either end of the connection.
u2022 Customers are required to install a SAProuter with an official, static IP address (DHCP Addresses will not work) running SNC inbound and outbound connection to SAP at their end of the connection in a Demilitarized Zone. This SAProuter must be accessible from the Internet. All service connections between SAP and the customer must be made over the respective SAProuters.
u2022 Certificates needed are available on the SAP Service Marketplace.
Requirement:-
Internet connection: recommended
minimum bandwidth = 64 kbps
SAProuter machine
Official IP address (static) for the SAProuter host.
SAProuter installation package
SAP SNC libraries and executables.
These may be downloaded from the SAP Service Marketplace.
A Demilitarized Zone at the customer site with a minimal setup as described in the networking section at: http://service.sap.com/SYSTEMMANAGEMENT Choose: Security > Technical Track
SAP Security Guide.
More information on SNC connections is also available in the SAP Service Marketplace.
Since the host running the SAProuter software is a full computer with operating system, the security at the operating system level must be hardened in order to minimise the risk of the machine being hacked from the Internet. One recommendation will be for example to run a C2 security level compliant operating system. SAP takes no liability if the security of the companyu2019s network is compromised.
Other networking equipment (routers and hubs) needed to form the network at the customeru2019s premises
Comparisions
Property SAProuter / SNC via Internet
Hardware requirements Firewall + SAProuter host in DMZ
Software SAProuter starting from NI version 35
SAPSECULIB can be obtained from the Service Marketplace
Network addresses (besides address of Internet router, firewall, u2026) 1 official static IP address for SAProuter
Configuration issues Careful setup of saprouttab necessary for security. Saprouttab influences security strongly as access is controlled via saprouttab and firewall.
Encryption By software
Encrypted data TCP packets
Only the data stream between SAProuters is encrypted
Encryption is handled on Application layer (OSI network layer 7)
Minimum required free bandwidth 64 kbit/s but may work also with
32 kbit/s
Supported services on SAP side All except FTP (files download)
Key management Digital certificates being requested via Service Marketplace Public Key Infrastructure (PKI)
Key storage In file system
Operating system SAProuter resides on a computer
therefore it is necessary to harden the security at the operating system level (for example, C2 level OS) to minimize the risk of the machine being hacked from the Internet
Additional expertise SAProuter knowledge usually available, SNC configuration requires additional knowledge
Standards Based on SNC, SAP proprietary standard
Contributing to costs u2022 Firewall hardware and software
u2022 Firewall administration costs
u2022 No additional license fee for security library based on SECUDE
Regards
Ashok
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Have you installed your SNC Router?
If so check your router start string, Try to download a note from
SNOTE adn see if it works then check your router log or trace file what it says.
Regards,
Vamshi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.