Click here for our home page Click here to find out about us Click here for products & services Click here for support Click here for news Click here for details of our partners Click here for our contact details
CyberSafe logo
Solutions • TrustBroker™ • SAP® SNC

 

 

 

 

If you have SAP® R/3 and/or SAP® NetWeaver® Web Application Servers deployed in your network, and would like one, or more of the following :

  • Improved SAP® system, and network security;
  • A SAP® Certified, and Commercially Supported SNC Kerberos Library which can be used for Secure Single SignOn ("SSSO") and Integrated Windows Authentication ("IWA") with SAPgui on Windows and SAP® Applications deployed on Windows, UNIX or Linux Servers;
  • Allow secure SAPrfc connections between SAP® Application Servers;
  • A solution which allows IWA and SSSO for users logging onto SAP® Applications accessible via SAP® Front End software (e.g. SAPlogon, SAPgui, SAPlpd, SAPrfc);
  • Avoid transmission of passwords across the network between SAP® Application components, or during a user logon session;
  • Allow user authentication to use a method of authentication stronger than a user account name and password (e.g. using a smart card, or two-factor token device);
  • Allow user mapping, so that an authenticated identity can be mapped onto a SAP® User ID;
  • Implement data privacy, by encrypting network communication sessions between application components, as well as providing data integrity to detect any tampering of data as it is transmitted across the network;
  • Centralised user password policy management, and common authentication;
  • A strategic authentication solution, which is complementary when used with other SAP® security products, e.g. When used with a SAP® user provisioning product, and/or when SAP® Web Application Server has been configured to use Microsoft Active Directory as a user store.

Then, this is the security solution you need. More details are provided below :

 

 

 
 
Operating Systems

 

The following operating systems are supported by the TrustBroker™ Security Solution, for SAP® R/3.

 

SAP® Front End software for Windows (e.g. SAPlogon, SAPgui, SAPrfc, SAPlpd) :

  • Microsoft® Windows® 2000, XP & 2003 on x86 (32-bit)

SAP® Application Server :

  • Microsoft® Windows® 2000 & 2003 on x86 (32-bit)
  • SUN Solaris™ Versions 8, 9 & 10 on Sparc (32-bit & 64-bit)
  • SUN Solaris™ Version 10 on x86 (32-bit)
  • SUN Solaris™ Version 10 on x86_64 (AMD64) (32-bit & 64-bit)
  • Compaq Tru64™ Versions 4.0D, 5.0, 5.1, 5.1A & 5.1B (64-bit)
  • IBM AIX™ Versions 5.1, 5.2 & 5.3 on PowerPC (32-bit & 64-bit)
  • i5/OS v5r3 or later on IBM Series i (32-bit & 64-bit)
  • Hewlett Packard HP/UX™ Versions 11 & 11i v1 or v2 on PA-RISC (32-bit & 64-bit)
  • Hewlett Packard HP/UX™ Version 11i v2 on Itanium (IA-64) (32-bit & 64-bit)
  • Red Hat Linux Version 7.2 or later on x86 (32-bit)
  • Red Hat Enterprise Linux (RHEL) Version 3 on x86 (32-bit)
  • Red Hat Enterprise Linux (RHEL) Version 4 on x86_64 (AMD64 / EM64T) (32-bit & 64-bit)
  • Red Hat Enterprise Linux (RHEL) Version 4 on PowerPC (e.g. IBM iSeries / pSeries) (32-bit & 64-bit)
  • SuSE Linux Enterprise Server (SLES) Version 8 on x86 (32-bit)
  • SuSE Linux Enterprise Server (SLES) Version 9 on x86_64 (AMD64 / EM64T) (32-bit & 64-bit)
  • SuSE Linux Enterprise Server (SLES) Version 9 on PowerPC (e.g. IBM iSeries / pSeries) (32-bit & 64-bit)

 
SAP® SNC Security

 

Many security solutions are possible when using the SAP® SNC library in conjunction with the SAP® Certified, CyberSafe TrustBroker Application Security Runtime Library. Some common use cases are described below :

 

SSSO and IWA for SAPlogon / SAPgui for Windows, with SAP® SNC :

The Kerberos protocol is an ideal security protocol for providing secure access to SAP® Applications. It allows the authentication from the initial Windows Domain logon to be used to authenticate users to SAP® Application Servers via the SAP® Front End Applications, such as SAPgui, SAPlogon and SAPlpd.

 

The SAP® Front End and SAP® Application Server products have an SNC interface layer which is able to interface with the CyberSafe TrustBroker™ Application Security Runtime Library and is a SAP® Certified Integration.

 

The diagram shown below shows the architecture of this use case :

 

 

The diagram below shows how this use case provides IWA and SSSO for a user, in this case the example user is "Lucy Chan".

 

Please click on this picture to see a larger version.

 

Secure Communications, with SAP® SNC :

The Kerberos protocol is an ideal security protocol for ensuring secure communications with, or between SAP® Applications. It allows the authentication using an account in The Windows Domain to securly authenticate your applications to SAP® Application Servers, and can also provide secure communciations between SAP® Application Servers.

 

The SAP® Application Server product has an SNC interface layer which is able to interface with the CyberSafe TrustBroker™ Application Security Runtime Library and is a SAP® Certified Integration.

 

The diagram below shows the architecture of this use case :

 

Please click on this picture to see a larger version.

 

 

TrustBroker Security Solutions, for SAP® R/3

 

The TrustBroker™ Security Solution, for SAP® R/3 can be used to implement a wide range of use cases related to SAP® Application Security. Each use case requires CyberSafe TrustBroker™ products. These products include :

  • TrustBroker™ Application Security Runtime Library - This product is used for SAP® SNC based network security. The Runtime Library is typically used by applications that have been previously developed using the TrustBroker™ Application Security SDK or applications that have been devleoped to the GSS-API v2 standards and need a runtime security library. The SAP® products can be configured to use this TrustBroker™ library for security purposes via the SAP® SNC interface.
  • TrustBroker™ Secure Client for Servers - This product is used on SAP® Application Servers to provide Kerberos key table and credential managament.
  • TrustBroker™ Secure Client for Workstations - This product is required on Windows 95, 98, or NT Workstations to provide Kerberos authentication and credential cache management functionality. On Windows 2000 or XP Workstations the TrustBroker™ Application Security Runtime Library is normally all that is required.
More details ...

 

To download a solution overview document, please click here

 

You will need Adobe Acrobat Reader to view this file after download.

 

  

 

 
 

 

Copyright © 2002-2006 CyberSafe Limited. All rights reserved • Trademarks & Legal InformationPrivacy PolicyReport Email Spam