Entering content frame

Background documentation Measures Under Microsoft Windows Locate the document in its SAP Library structure

The following sections describe the measures that you need to take for the database system under Microsoft Windows operating systems.

General Security Measures for Software Installation

The default values fort he installation are based on the assumption that the Web Tools will be operated in a secure environment behind a firewall. If you have particularly strict security requirements for your systems, you should change the default configuration as soon as you have installed the Web Server and Web Tools software as part of the standard software installation.

See: Installation Manual, section Software Configuration for Using Web Tools

Security Measures for the Operating System User <SID>ADM

To protect the operating system user <SID>ADM, change his/her password.

Access Privileges for Database-Related Resources

If you are using a Microsoft Windows operating system, the volumes of the database instance are automatically protected. Only the administrator group has full access privileges for the volumes, and all other users have no access.

However, you must protect the database directory <independent_data_path>\config, which contains the configuration files for the database instance. Set the following access privileges for the directory <independent_data_path>\configand all the files it contains:

·        Full Control access privileges for the local group Administrators

·        No access privileges for other groups or users

If you want to exclude all other users from access to the database instance using database tools, set the following privileges for the directory <independent_data_path> and all its subdirectories.

·        Full Control access privileges for the local group Administrators

·        No access privileges for other groups or users

Caution

Since the communication path between a liveCache server and its application server has not yet been secured with encryption technology (SSL), it is very important that you run the liveCache server and the application server in the same (secure) subnetwork.

You must secure the communication path between a liveCache server and an application server using external tools. We recommend setting up a virtual private network tunnel (VPN tunnel) between the application server and liveCache server. There are various standard products available – ranging from pure software solutions to special hardware.

The solution you choose should be IPSec-compatible and work in accordance with a modern standard, such as Triple DES (3DES) or Advanced Encryption Standard (AES). The somewhat older Data Encryption Standard (DES) is now considered outdated.

You can now encrypt all other communication paths using SAP’s own tools so that there is no eavesdropping. However, for these communication paths too, you should consider using VPN instead of SNC or SSL technology. You can thus connect all communication paths with each other using a global VPN system.

In general, you should take a careful look at the entire installation and, in particular, the network technology. A VPN-based infrastructure is a recommendable option that can optimize the entire system when using additional hardware for encryption.

 

 

Leaving content frame