a secure it infrastructure with sap netweaver
TRANSCRIPT
A Secure IT Infrastructure with SAP NetWeaver
Product Management Security
SAP AG
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 2
Summary of SAP Today (Status: June 2004)
SAP AG in 2003 revenues: € 7.0 billion
� 79,800 installations
� More than 23,400 companies run SAP
� Providing more than 25 Industry Solutions
� 30,945 SAP employees (June 2004)
12 million users in 120+ countries team with us to
� Integrate their business processes
� Extend their competitive capabilities
� Get a better return on investment at a lower total cost of ownership
Unique Partner Ecosystem
� More than 1,500 partners
� Overall more than 180,000 SAP partner certificates
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 3
SAP´s Product Strategy
Without compromising on robustness, integration,
and functionality
From Here to ESA: Securely
News and Where to Find Information
SAP NetWeaver – The Platform
The Trouble with Security…
From Here to ESA: Securely
News and Where to Find Information
The Trouble with Security…
SAP NetWeaver – The Platform
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 6
Integration is the Key Challenge
Business Drivers� Extended Value Network
� Increased Market Dynamics
Integration costs are high� Lots of heterogeneous systems
� Long integration projects
� IT environments becomeincreasingly rigid
Pressure on IT increases� Must leverage existing investments
� Must support new businessprocesses quicker
� Must reduce total cost of ownership (TCO)
CallCenter
ERP
Technical systems
PLM
Market Analysis
Trading
SCM
Document Mgmt
e-Sales
E-Procurement
Shai‘s Office, 2:29 AM
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 7
How to Address the Integration Challenge
Reduce complexity� Minimize the number of
connections through hubs
� Use only 1 platform to integrate allpeople, information, and systems
Reduce custom integration� Deliver .NET and J2EE
interoperability
� Deliver adaptors for ISV products
� Deliver products, not projects!
Increase company performance� Increase ease of use, scalability
and adaptability
� Increase business process flexibilityby using an Enterprise ServicesArchitecture
CallCenter
ERP
Technical systems
PLM
Market Analysis
Trading
SCM
Document Mgmt
e-Sales
E-Procurement
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 8
SAP NetWeaver – The Platform
DB and OS Abstraction
.NET WebSphere…
People Integration
Com
posite A
pplication F
ram
ew
ork
Process IntegrationIntegration
BrokerBusiness Process
Management
Information Integration
BusinessIntelligence
KnowledgeManagement
Life
Cycle
Managem
ent
Portal Collaboration
J2EE ABAP
Application Platform
Multi-Channel Access
SAP NetWeaverSAP NetWeaver
DB and OS Abstraction
Master Data Management
SAP NetWeaver is
the application andintegration platform
to unify and align
people,information and
business processes
across
technologies andorganizations.
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 9
DB and OS Abstraction
People Integration
Com
posit
e A
pplication F
ram
ew
ork
Process Integration
Integration Broker
Business ProcessManagement
Information Integration
BusinessIntelligence
KnowledgeManagement
Life
Cycle
Managem
ent
Portal Collaboration
J2EE ABAP
Application Platform
Multi-Channel Access
SAP NetWeaverSAP NetWeaver™™
DB and OS Abstraction
Master Data Management
SAP Mobile Infrastructure� Tight coupling and alignment
with SAP business solutions
SAP Enterprise Portal� Optimized Aggregation engine
� Roles
� KM & Collaboration
SAP Business Warehouse� Tight integration to SAP
� Open architecture (Crystal, Ascential)
� Business content
Master Data Management� Enables information integrity
across the business network
SAP Exchange Infrastructure� Proxy generation and mapping tools
� Integration directory
� SAP’s ability to execute
SAP Web Application Server� Proven, scalable, comprehensive toolsets
� Modernize existing infrastructure/skillets
SAP NetWeaver in Detail Product components and killer features
Integration Broker
Business ProcessManagement
BusinessIntelligence
KnowledgeManagement
Portal Collaboration
J2EE ABAP
Multi-Channel Access
DB and OS Abstraction
Master Data Management
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 10
SAP Enterprise PortalUnify and Align People Across Technologies and Organizations
Openness
� Any source, any audience
� Interfaces for Java and .NET
� Platform independent
� Extensible Unification across Oracle, Siebel, Psft, SAP, …
Lower TCO
� Rapid content deployment
� High performance
� Lower development costs
� Simpler to admin
Built for
Business
� Business packages
� Role-based
� Robust security
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 11
SAP Enterprise PortalKnowledge Management and Collaboration
1st KM solution that abstracts from multiple sources
� Authoring, Feedback/ Ratings, Publish & Subscribe, Document Workflow, Versioning and Archiving, Indexing & Searching, Taxonomies for unstructured information
Real-time & asynchronous collaboration
� Enable team-driven business processes
� Fully integrated with portal user and role management
WE
BD
AV
SE
RV
ER
WE
BD
AV
SE
RV
ER
MS
EX
CH
AN
GE
MS
EX
CH
AN
GE
LOT
US
NO
TE
SLO
TU
S N
OT
ES
XM
L F
EE
DS
XM
L F
EE
DS
CR
M B
RO
CH
UR
EC
RM
BR
OC
HU
RE
FIL
E S
ER
VE
RF
ILE
SE
RV
ER
DO
CU
ME
NT
UM
DO
CU
ME
NT
UM
Knowledge Management
MicrosoftMicrosoft IBMIBM AndersenAndersen KPMGKPMG
PartnersPartners
TechnologyTechnology ConsultingConsulting
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 12
SAP Business Information WarehouseAggregate, Analyze Information Across Technologies and Orgs
Openness
� Information accessvia open standards
� 95% extract non-SAP data
Lower TCO
� Portal-based info delivery
� PSFT, Siebel, SAP, ...extractors
� Openhub to transport datato other systems
Built for Business
� End-to-end solution forenterprise-wide BI
� Business content for rapiddeployment
� Proven at 6000+ customer sites
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 13
SAP Master Data ManagementManage “The Business Network Environment”
SAP MDM enables information integrity
across the business network
� Services and support toconsolidate content, harmonize andcentrally manage master data
� Master data is defined through thebusiness environment, based ongeneric and industry specificelements (product data, customerdata, etc.)
� MDM is a vital part of SAPNetWeaver™
� Business Partner� Product� Product Structure� Assets� ...
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 14
SAP Exchange InfrastructureModel, Execute, Monitor Processes Across Technologies & Orgs
Integration ServerIntegration Server
IntegrationEngine
Integr.Repository
(Design TimeKnowledge)
Integr.Directory
(ConfiguredKnowledge)
AdditionalIntegrationServices
to business partners,marketplaces, ...
to internal 3 rd party or SAP components
ShareCollaborationKnowledge
Execute CollaborativeBusiness Processes
EnsureColl.Reliability
IntegrationMonitor
Openness� Based on open Java
and XML standards
� Supporting J2EE, ABAP and .Net
Lower TCO� One infrastructure
covering both internal and external integration (with SAP and non-SAP)
� A reliable and scalable infrastructure
� Separates integration from application code
Built for Business� Complete solution lifecycle covering design, develo p, deploy, and change
� Prepackaged SAP – SAP collaboration knowledge
� Ecosystem of non-SAP collaboration content
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 15
SAP Web Application ServerOpen System Architecture
Shared facilities� Common connectivity
� Common persistence
Shared benefits� Multi tier architecture
� Highly scalable andreliable
� Platform independence
Common connectivity� Different protocols
(SOAP, HTTP, SMTP,RFC, FTP)
� Expandable
� Advanced caching
Common persistence� Database independence
� Scalable transaction handling
� Caching
SAP Web Application ServerSAP Web Application Server
Persistence
Connectivity
Internet Communication Manager
Database Abstraction
Web Dynpro
Browser / PortalBrowser / Portal3rd party apps /exchange infr.
3rd party apps /exchange infr.
J2EE / ABAP
Web ServicesInfrastructure
From Here to ESA: Securely
News and Where to Find Information
SAP NetWeaver – The Platform
The Trouble with Security…
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 17
OpportunityOpportunityOpportunityOpportunityInnovationInnovationInnovationInnovationFlexibilityFlexibilityFlexibilityFlexibility
TimelinessTimelinessTimelinessTimelinessAccuracyAccuracyAccuracyAccuracy
TransparencyTransparencyTransparencyTransparencySecuritySecuritySecuritySecurity
TechnologyTechnologyTechnologyTechnologyManageabilityManageabilityManageabilityManageability CIOCIOCIOCIO CFOCFOCFOCFO
CEOCEOCEOCEO
IT SecurityIT SecurityIT SecurityIT Security ���� IT Risk ManagementIT Risk ManagementIT Risk ManagementIT Risk Management ���� AuditingAuditingAuditingAuditing
The Trouble with Security…
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 18
… Is That There’s No Quick Fix
You probably have� Responsibility split across different divisions
� Different takes on what security means
� Incomplete policy coverage
You need� A holistic approach across the whole organization
� Sound strategy broken down into:� Policies
� Clear responsibilities
� The right technology to support this
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 19
SAP NetWeaver Security …
� … is based on industry standards
� … supports open interfaces to specialized security pro ducts
� … supports five key areas:
� Application security
� Secure user access
� Secure collaboration
� Infrastructure security
� Software lifecycle security
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 20
Application Security
mySAP Business Suite
Com
pone
nts
Custo
m a
pps
Part
ner apps
Virus scanning
Segregation of
duties
Data protection
Auditing
Regulatory
compliance Pla
tform
SAP NetWeaver
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 21
mySAP BusinessSuite: FI, CO, MM, …���� CUA child
systems
LDAPsynchronization
SAP Central UserAdministration
/ Web AS
Enterprise Portal
User ManagementEngine
DirectoryS
erverStorage
UME
EP 6.0
Telephony
Operatingsystem
Otherapplications
Secure User Access - With Integrated User Management
Meta-DirectorySoftware
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 22
Secure User Access – With Company-Wide Single Sign-On
OpenInternet
standards
Enterprise boundary
3.1HR/3 4.6
FIFILOLO
HRHR
CRMCRMKWKW
SRMSRMSEMSEM
APOAPO
BWBW
CFMCFM
mySAP components
Legacy SAP systems3rd
party
Partner
SAPSAP
Inside
Outside
SAP
Internet servicesVarious Internet services
Different ERP
systems
Single Sign-On
SAP EP
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 23
Single Sign-On Mechanisms for SAP Systems
Based on Standards:
� Secure Network Communications (SNC) – GSS-API
� Secure Sockets Layer (SSL) and X.509 client certificat es
� SAP Logon Tickets
� Pluggable Authentication Services (PAS)
� Java Authentication and Authorization Service (JAAS)
� Security Assertion Markup Language (SAML)
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 24
Encryption
Non-Repudiation of receipt
Non-Repudiation of origin
Data Integrity
Signature
XI 3.0
RNIF*
XI 3.0
XI protocol
Availability
Levels of Security
Secure Collaboration - Message Security with XI
����
����
����
����
����
����
����
����
S/MIMEWS-Security (XML-Signature)
Technology
Focus of future security enhancements for XI
* RosettaNet Implementation Framework
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 25
Infrastructure Security - Secure Network Topology
Internet Outer DMZ
Proxies WebAS or otherWebservice
Inner DMZ
Internal workstation network
High security area
Applicationserver farm
FI
SRM
…
…
…
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 26
Internal workstation network
…With Encrypted Communications
Outer DMZ
Proxies
High security area
Applicationserver farm
Internet
FI
SRMWebAS or other
Webservice
Inner DMZ
SSLGSS-API
SSLGSS-API
SSLGSS-API
SSLGSS-API …
…
…
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 27
Software Life-Cycle Security
Security is a quality characteristic of SAP solutions
ITSEC E2 medium certification
� Re-evaluation according to Common Criteria currently underway
� Development and production processes have been eval uated and approved
SAP is the only provider with such a high level of certification for applications
SAP Security Consultant Certification
SAP Security Optimization Service
Coming soon: Security Bulletin Service
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 28
Federation
Policy & Trust
Authorization
SAP applications – Building on Industry Standards
Trust Infrastructure PKI
Transport Security SSL/TLS
Message Security
Authentication
XML Sig XML Enc
XACMLX.509 Certs
GSS
Kerberos
Core Security WS-Security
WS-Policy
SAML XCBF
Supported by SAP
XK
MS
DS
ML
SP
ML
WS-Trust WS-Privacy
WS-SecureConversation
WS-FederationWS-
Authorization
Future Work
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 29
Partners Providing Trust
From Here to ESA: Securely
News and Where to Find Information
The Trouble with Security…
SAP NetWeaver – The Platform
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 31
Enterprise Services
Architectureis a service-oriented
architecture for adaptivebusiness solutions.
What is ESA?
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 32
From Here to ESA: Securely
Consolidate user managementSAP Web Application ServerConnect the User Management Engine to an LDAP direc tory and Central User Administration for a central point of administratio n
functionality
value
Val
ue
Unify and integrate user authentication SAP Web AS + SAP Enterprise PortalSingle sign-on: One logon to SAP EP provides access to all the information and functionality you need
Implement message security SAP XIDigitally protected business processes (SSF, XMLSig &Enc)
Add controls for modular business processes
SAP NetWeaverSupport for modular business processes and
IAM model with centralized management and decentralized enforcement
Are you Here?
From Here to ESA: Securely
News and Where to Find Information
SAP NetWeaver – The Platform
The Trouble with Security…
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 34
Audit Information System – av. on SAP Web-AS
� The system audit is now available on the SAP Web Application Server and in all applications that runon it. Previously it was only available in the SAP softwarecomponent SAP_APPL (Logistics and Accounting)
� The system audit is part of the SAP auditing tool Audit Information System (AIS).
� This change is effective with:
� SAP Web AS 6.20, Support Package 43� and SAP Web AS 6.40 Support Package 5
For more information see SAP Note 754273
HOT NEWS
in 2004
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 35
sdn.s
ap.c
om
Where to Find Free Public Technical Information?
SAP DEVELOPER NETWORK (its free and public)
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 36
serv
ice.s
ap.c
om
Where to Find Application and Education Information?
SAP Service Marketplace /security
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 37
ww
w.s
ap.c
om
Where to Find Application and Education Information?
SAP Web page /germany/revis
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 38
SAP Security Web Information – Link Collection
http://sdn.sap.com
http://service.sap.com/security
http://service.sap.com/securityguide
http://service.sap.com/ais
http://www.sap.com/germany/aboutsap/revis
http://service.sap.com/education
serv
ice.s
ap.c
om
SAP AG 2004, A Secure IT Infrastructure with SAP NetWeaver / 40
� No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
� Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
� Microsoft®, WINDOWS®, NT®, EXCEL®, Word®, PowerPoint® and SQL Server® are registered trademarks of Microsoft Corporation.
� IBM®, DB2®, DB2 Universal Database, OS/2®, Parallel Sysplex®, MVS/ESA, AIX®, S/390®, AS/400®, OS/390®, OS/400®, iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere®, Netfinity®, Tivoli®, Informix and Informix® Dynamic ServerTM are trademarks of IBM Corporation in USA and/or other countries.
� ORACLE® is a registered trademark of ORACLE Corporation.
� UNIX®, X/Open®, OSF/1®, and Motif® are registered trademarks of the Open Group.
� Citrix®, the Citrix logo, ICA®, Program Neighborhood®, MetaFrame®, WinFrame®, VideoFrame®, MultiWin® and other Citrix product names referenced herein are trademarks of Citrix Systems, Inc.
� HTML, DHTML, XML, XHTML are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
� JAVA® is a registered trademark of Sun Microsystems, Inc.
� JAVASCRIPT® is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
� MarketSet and Enterprise Buyer are jointly owned trademarks of SAP AG and Commerce One.
� SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves information purposes only. National product specifications may vary.
Copyright 2004 SAP AG. All Rights Reserved