Application Gateway with Apache
|
|
- Eustace Fletcher
- 8 years ago
- Views:
Transcription
1 Application Gateway with Apache Multi-backend scenarios Nghia Nguyen SAP NetWeaver RIG Americas, SAP Labs, LLC
2 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
3 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
4 Enterprise Security Requirements Enterprise applications need protection for proprietary and confidential information and systems. These requirements are driven not only by the desire to protect against unwanted access, but also by regulatory constraints regarding personal privacy. SAP AG 2006, RAFP20 - EFP / 4
5 Acronym SAP ERP SAP Enterprise Resource Planning SAP CRM SAP Customer Relationship Management SAP SRM SAP Supplier Relationship Management ITS Internet Transaction Server ICF Internet Communication Framework ICM Internet Communication Manager IAC Internet Application Component SAP AG 2006, RAFP20 - EFP / 5
6 Data and Application Security Data security is required to protect proprietary or personal information from unauthorized access. This includes: Restricting application users from accessing data they are not authorized to see. It also includes Encryption of data to prevent unauthorized access to the data by users outside the application Application security is required to ensure that: Only authorized users are allowed to access the system Data security is maintained inside the application SAP AG 2006, RAFP20 - EFP / 6
7 Safeguards Versus Threats Alice Social Engineering TRAINING Masquerading Penetration Network AUTHENTICATION FIREWALL Application Level Vulnerabilities PATCHES APP.-GATEWAY Application Client ENCRYPTION Eavesdropping Tampering Denial of Service AUTHENTICATION FIREWALL Spoofing OS OS-HARDENING OS-Cracking Server VIRUS DETECTION Planting SAP AG 2006, RAFP20 - EFP / 7
8 Data Flow Why we need proxies. Browser 1 2 Portal 3 4 SAP System Browser 1 iview Request Portal 2 Compute Target URL 3 Target Request SAP System t 4 Run Web-Application SAP AG 2006, RAFP20 - EFP / 8
9 What is an Application Gateway? Application that acts as a middle man between your computer and the Internet resources you are accessing (e.g. Web sites, FTP archives) No direct connection between client of the local network & server on the Internet (or vice versa) Relays traffic between actual client and actual server while doing checks and access controls that typical client & server SW do not support SAP AG 2006, RAFP20 - EFP / 9
10 Possible Features of an Application Gateway Pre-authentication and authentication Is the user permitted to access the server / service / URL? Validity of a service request / URL Is access to the requested URL via the Internet permitted? Does the request contain no known exploits? Is the source of the request permitted (sender address)? Integrity and correctness of the message (for example SOAP) Is the destination for the SOAP message known and is access to it via the Internet permitted? Is the sender permitted? Auditing Other (non-security related) Combining different information sources under one external name (content unification) SAP AG 2006, RAFP20 - EFP / 10
11 URL Generation A common issue with proxies is the matter of URL generation by the backend (proxied) applications. When applications generate URLs to other applications or to themselves, you must ensure that all hostnames can be resolved by the client browser. Proxies such as Apache provide the ProxyPreserveHost directive that ensures the hostname requested by the client is passed all the way through to the application. Generated URL s will be based on the proper hostname, which is resolvable to the client. SAP NetWeaver 04 and 2004S systems have configuration capabilities that provide a mechanism for controlling what hostname is returned to the client. SAP AG 2006, RAFP20 - EFP / 11
12 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
13 Session Objectives As a result of this session, you will be able to: Provide an alternative solution for multi-backend system Understand the basic role of an Application Gateway Understand the current limitation for this solution SAP AG 2006, RAFP20 - EFP / 13
14 Requirements Have the Apache HTTP Server? Have access to the httpd.conf for modification Have permission to restart the web server Understand basic regular expression Have multiple SAP NetWeaver Usage Type install Have permission to create/change system definition SAP AG 2006, RAFP20 - EFP / 14
15 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
16 Common Use Cases Supplier Portal / Customer Portal It is very common that applications such as mysap SRM or mysap CRM are used in Internet-facing scenarios to facilitate direct access to company data by that companies suppliers or customers. Business Process Integration The continued evolution of process integration between companies and business units further moves the requirement for access to backend applications from direct person to application access to more complex interactions which often invoke transactional business processes between these entities. SAP AG 2006, RAFP20 - EFP / 16
17 Internet-facing Scenario Basic Basic scenarios allow direct access from the Internet to backend systems. A more secure configuration is to place an application gateway between the user and the backend system see the SAP TechED session SAP AG 2006, RAFP20 - EFP / 17
18 Internet-facing Scenario Advanced multiple entry points multiple protocols multiple applications SAP AG 2006, RAFP20 - EFP / 18
19 Configuration Scenarios 1/2 Case 1: Single SAP NetWeaver Portal Case 2: Multiple SAP NetWeaver Portal SAP AG 2006, RAFP20 - EFP / 19
20 Configuration Scenarios 2/2 Case 3: Single SAP NetWeaver Portal with multiple SAP ERP/CRM/SRM Case 4: Multiple SAP NetWeaver Portal with multiple SAP ERP/CRM/SRM SAP AG 2006, RAFP20 - EFP / 20
21 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
22 Limitations Not able to hide all aspect of sap hostname In the Request Method and Referer URL Examples: Request Method URL /sap(cz1tsuqlm2fbtk9ojtnhse9tve5btuvfv0fkxzawjtnhttq4mmrgt2diwu1lcfltt GdQS0RSWUNtMHpvcm9mZGdXX1lxUXl1eC1BVFQ=)/bc/gui/sap/its/it13/~flNUQVRFPTE4N TI2LjAwMi4wMS4wMQ== HTTP/1.1 Referer URL NNDgyZEZPZ0hZTWVwWW1MZ1BLRFJZQ20wem9yb2ZkZ1dfWXFReXV4LUFUVA==)/bc/gu i/sap/its/it13/~flnuqvrfpte4nti2ljawmi4wms4wmq== Result (Base64 Decode) s=sid%3aanon%3ahostname_waj_00%3am482dfoghymepymlgpkdrycm0zorofdg W_YqQyux-ATT SAP AG 2006, RAFP20 - EFP / 22
23 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
24 Enterprise Portal System Configuration Using Proxies Instead of Direct Connection in the Landscape Manager We typically build R3 connections using the REAL HOST information! When we use proxies to access these back-end systems we use the hostname of the proxy instead of the SAP NetWeaver AS when we define the system connection SAP AG 2006, RAFP20 - EFP / 24
25 Accessing ITS Services with a Proxy Without any configuration of ITS services or HTTPURLLOC, a client who requests an ITS service through a proxy will simply be redirected to the real SAP NetWeaver AS host. The URLs generated by the ICF will use the SAP NetWeaver AS hostname. Once the configuration is maintained, the client will never see information regarding the actual hostname of the SAP NetWeaver AS. This should be the hostname of your proxy server! SAP AG 2006, RAFP20 - EFP / 25
26 Apache Proxy Tip Apache configuration is fairly trivial: You simply modify the httpd.conf to include a proxy rule for the backend system. ProxyPass /sap ProxyPassReverse /sap But there s a twist... This rule falls over when the ICM puts session information into the URLs; then you need to add a rewrite rule. RewriteRule ^/(sap\(.*) [P,L] SAP AG 2006, RAFP20 - EFP / 26
27 Possible Options Option A - Multiple Apache ports Assign an Apache port to each system Administration and Security Must monitor and open more port for the WAN Option B - Multiple Apache Virtual Host Assign a virtual host to each system Administration and Security More system alias to maintain for the WAN * SAP does not endorse or promote these configuration settings. These possible solutions will only provide an option to some of the common issues. SAP AG 2006, RAFP20 - EFP / 27
28 Case 1: Single SAP NetWeaver Portal Application Server Proxy Portal Simple configuration level requires simple rules Apache s Rule ProxyPass /irj hostname>:<port>/irj ProxyPass /logon hostname>:<port>/logon ProxyPass /webdynpro hostname>:<port>/webdynpro ProxyPassReverse /irj hostname>:<port>/irj ProxyPassReverse /logon hostname>:<port>/logon ProxyPassReverse /webdynpro hostname>:<port>/webdynpro RewriteRule ^/(sap.*) hostname>:<port>/$1 [P,L] SAP AG 2006, RAFP20 - EFP / 28
29 Case 2: Multiple SAP NetWeaver Portal Portal Proxy Moderate configuration level requires moderate rules Apache s Rule RewriteCond %{HTTP_HOST} ^.*?<alias hostname>.* RewriteRule ^/(.*) hostname>:<port>/$1?%{query_string} [P,L] RewriteCond %{HTTP_HOST} ^.*?<alias hostname>.* RewriteRule ^/(.*) hostname>:<port>/$1?%{query_string} [P,L] SAP AG 2006, RAFP20 - EFP / 29
30 Case 3: Single SAP NetWeaver Portal with multiple SAP ERP/CRM/SRM Application Server Proxy Portal Complex configuration level requires complex rules Apache s Rule RewriteCond %{HTTP_HOST} ^.*?<alias hostname>.* RewriteRule ^/(.*) hostname>:<port>/$1?%{query_string} [P,L] RewriteCond %{HTTP_HOST} ^.*?<alias hostname>.* RewriteRule ^/(.*) hostname>:<port>/$1?%{query_string} [P,L] ProxyPass /irj hostname>:<port>/irj ProxyPass /logon hostname>:<port>/logon ProxyPass /webdynpro hostname>:<port>/webdynpro ProxyPassReverse /irj hostname>:<port>/irj ProxyPassReverse /logon hostname>:<port>/logon ProxyPassReverse /webdynpro hostname>:<port>/webdynpro SAP AG 2006, RAFP20 - EFP / 30
31 Case 4: Multiple SAP NetWeaver Portal with multiple SAP ERP/CRM/SRM Portal Application Server Proxy Complex configuration level requires complex rules Apache s Rule Almost the same as case 3 just add more rules for each system SAP AG 2006, RAFP20 - EFP / 31
32 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
33 Common Issues Hostname and Domains Don t blame SAP for issues with cookies and certificates if you do not maintain your servers with real hostnames and in the same domain. The rules for cookie and certificate handling are defined in RFC 2616 for HTTP/1.1 The configuration isn t trivial Setup is the most common source of connectivity issues Users and Authorizations Double check all users and ensure they can logon interactively prior to testing the same action through SSO Protocols Validate your SSL separately! SAP AG 2006, RAFP20 - EFP / 33
34 Tracing the Security Communication Several SAP Notes address the topic of tracing and logging for Security Communication: Note Gathering Security Trace Information Note Trace Analysis for Logon Problems Note Error Codes for Logon (list) Note Single Sign-On Using SAP Logon Tickets You need to trace the communication through all components: Client browser based such as httpwatch Proxy native tools/capabilities of the proxy Portal enable http tracing in the http provider service of the dispatcher ABAP sm50 and related methods described in the above notes SAP AG 2006, RAFP20 - EFP / 34
35 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
36 SAP Notes Note Supported Application Gateway Configurations Note Recommendations for the security of ITS services Note Security: ITS, security-relevant settings for IACs Note EP 6.0: Session Release Agent - Typical Problems Note SAP ITS Release 6.40: SAP Integrated ITS Note Gathering Security Trace Information Note Trace Analysis for Logon Problems Note Error Codes for Logon (list) Note Single Sign-On Using SAP Logon Tickets SAP AG 2006, RAFP20 - EFP / 36
37 Guides and Documentation SAP NetWeaver Security Guide 14a67d628925a9/frameset.htm Enable SAP GUI for HTML with Integrated ITS df SAP AG 2006, RAFP20 - EFP / 37
38 Resources Public Web: SAP Developer Network: SAP Customer Services Network: Related SAP Education Training Opportunities SAP AG 2006, RAFP20 - EFP / 38
39 Resources (cont.) Related Workshops/Lectures from SAP TechEd 2005 AGS200 Increasing Infrastructure Security Using Application Gateways AGS250 Authentication use the SAP NetWeaver User Management Engine SAP AG 2006, RAFP20 - EFP / 39
40 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
41 Demo Landscape Host: cdphl827 Alias: ssphlrig600-1 Host: ssphlrig600 Host: ssphlrig602 Host: cdphl607 Alias: ssphlrig600-2 Note: Click on the Reference link on the top right corner of this Articulate session and select Demo Session to start the demo SAP AG 2006, RAFP20 - EFP / 41
42 Introduction Session Objectives and Requirements Use Cases and Scenarios Limitations Configuring the Applications Troubleshooting Security Configuration Resources Demo Wrap-Up
43 Your Turn! Questions? How to contact me: SAP AG 2006, RAFP20 - EFP / 43
SCUR204 Strong Infrastructure and Network Security for Heterogeneous Applications
SCUR204 Strong Infrastructure and Security for Heterogeneous s Patrick Hildenbrand PM Security, SAP AG Germany Learning Objectives As a result of this workshop, you will be able to: List security goals,
More informationDEPLOYMENT GUIDE DEPLOYING F5 WITH SAP NETWEAVER AND ENTERPRISE SOA
DEPLOYMENT GUIDE DEPLOYING F5 WITH SAP NETWEAVER AND ENTERPRISE SOA Table of Contents Table of Contents Introducing the F5 Deployment Guide for SAP NetWeaver and Enterprise SOA Prerequisites and configuration
More informationHardening of SAP HTTP- and Webservices
Hardening of SAP HTTP- and Webservices Frederik Weidemann Nürnberg 20.10.2010 Virtual Forge GmbH frederik.weidemann (at) virtualforge.de Copyright The Foundation Permission is granted to copy, distribute
More informationHardening of SAP HTTP- and Webservices
Hardening of SAP HTTP- and Webservices Sebastian Schinzel (Slides shamelessly stolen from by colleague Frederik Weidemann) Virtual Forge GmbH University of Mannheim Hardening of SAP HTTP- and Webservices
More informationCRM WebClient UI & Netweaver Enterprise Portal Integration
CRM WebClient UI & Netweaver Enterprise Portal Integration Contents INTRODUCTION... 4 External Integration... 4 Architecture... 4 Tight/Classic Integration... 5 Architecture... 5 Integration via OBN...
More informationATTACKS TO SAP WEB APPLICATIONS
ATTACKS TO SAP WEB APPLICATIONS by Mariano Nuñez Di Croce mnunez@onapsis.com BlackHat DC 2011 Briefings Abstract "SAP platforms are only accessible internally". While that was true in many organizations
More informationStep-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x
Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x Sverview Trust between SharePoint 2010 and ADFS 2.0 Use article Federated Collaboration with Shibboleth 2.0 and SharePoint 2010 Technologies
More informationSAP SECURITY AND AUTHORIZATIONS - RISK MANAGEMENT AND COMPLIANCE WITH LEGAL REGULATIONS IN THE SAP ENVIRONMENT
SAP SECURITY AND AUTHORIZATIONS - RISK MANAGEMENT AND COMPLIANCE WITH LEGAL REGULATIONS IN THE SAP ENVIRONMENT Foreword by Prof. Wolfgang Lassmann... 15 Foreword by Dr. Sachar Paulus... 17 1 Introduction...
More informationPROXY SETUP WITH IIS USING URL REWRITE, APPLICATION REQUEST ROUTING AND WEB FARM FRAMEWORK OR APACHE HTTP SERVER FOR EMC DOCUMENTUM EROOM
White Paper PROXY SETUP WITH IIS USING URL REWRITE, APPLICATION REQUEST ROUTING AND WEB FARM FRAMEWORK OR APACHE HTTP SERVER FOR EMC DOCUMENTUM EROOM Abstract This white paper explains how to setup Proxy
More informationSAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.
Exam : P_ADM_SEC_70 Title : SAP Certified Technology Professional - Security with SAP NetWeaver 7.0 Version : Demo 1 / 5 1.Which of the following statements regarding SSO and SAP Logon Tickets are true?
More informationPass Through Proxy. How-to. Overview:..1 Why PTP?...1
Pass Through Proxy How-to Overview:..1 Why PTP?...1 Via an SA port...1 Via external DNS resolution...1 Examples of Using Passthrough Proxy...2 Example configuration using virtual host name:...3 Example
More informationSAP Secure Operations Map. SAP Active Global Support Security Services May 2015
SAP Secure Operations Map SAP Active Global Support Security Services May 2015 SAP Secure Operations Map Security Compliance Security Governance Audit Cloud Security Emergency Concept Secure Operation
More informationGateway Apps - Security Summary SECURITY SUMMARY
Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference
More informationImplementation Guide SAP NetWeaver Identity Management Identity Provider
Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before
More informationEnabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver
Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management
More informationDeveloping Applications for Integration between PI and SAP ERP in Different Network Domains or Landscapes
Developing Applications for Integration between PI and SAP ERP in Different Network Domains or Landscapes Applies to: SAP NetWeaver Process Integration 7.1+ SAP NetWeaver 7.02 (ABAP) Summary This document
More informationSo far in the first three chapters of this book we have studied an overview of SAP
4 CHAPTER SAP ERP Integration Overview with Other Systems So far in the first three chapters of this book we have studied an overview of SAP business suite applications and the NetWeaver Application Server
More informationSecurity and Your SAP System When Working with Winshuttle Products
Security and Your SAP System When Working with Winshuttle Products 2014 Winshuttle, LLC. All rights reserved. 2/14 www.winshuttle.com Background Companies running SAP systems are accustomed to configuring
More informationMembers of the UK cyber security forum. Soteria Health Check. A Cyber Security Health Check for SAP systems
Soteria Health Check A Cyber Security Health Check for SAP systems Soteria Cyber Security are staffed by SAP certified consultants. We are CISSP qualified, and members of the UK Cyber Security Forum. Security
More informationDeploying the BIG-IP System v10 with SAP NetWeaver and Enterprise SOA: ERP Central Component (ECC)
DEPLOYMENT GUIDE Deploying the BIG-IP System v10 with SAP NetWeaver and Enterprise SOA: ERP Central Component (ECC) Version 1.1 Table of Contents Table of Contents Deploying the BIG-IP system v10 with
More informationSAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS
SAML 2.0 Configurations at SAP NetWeaver AS ABAP and Microsoft ADFS Applies to: SAP Gateway 2.0 Summary This guide describes how you install and configure SAML 2.0 on Microsoft ADFS server and SAP NetWeaver
More informationThe course will be run on a Linux platform, but it is suitable for all UNIX based deployments.
Linux Apache Web Server Administration Course Description: The Linux Apache Web Server Administration course is aimed at technical staff who will be responsible for installing, configuring and maintaining
More informationEnabling Single Signon with IBM Cognos 8 BI MR1 and SAP Enterprise Portal
Guideline Enabling Single Signon with IBM Cognos 8 BI MR1 and SAP Enterprise Portal Product: IBM Cognos 8 BI Area of Interest: Security 2 Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationAuthentication and Single Sign-On. Patrick Hildenbrand NW PM Security, SAP AG
Authentication and Single Sign-On Patrick Hildenbrand NW PM Security, SAP AG Agenda Authentication and Identities Authentication with SAP in a Web Based Scenario At the SAP GUI for Windows Summary SAP
More informationEnabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal
Guideline Enabling Single Signon with IBM Cognos ReportNet and SAP Enterprise Portal Product(s): IBM Cognos ReportNet Area of Interest: Security 2 Copyright Copyright 2008 Cognos ULC (formerly Cognos Incorporated).
More informationMaster Data Governance Security Guide
Master Data Governance Security Guide PUBLIC Document Version: 01.08 2014 Master Data Governance Security Guide 70 1 Copyright Copyright 2013 SAP AG. All rights reserved. Portions Copyright 2014 Utopia
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationDell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0
Dell One Identity Cloud Access Manager 8.0.1 - How to Configure for SSO to SAP NetWeaver using SAML 2.0 May 2015 About this guide Prerequisites and requirements NetWeaver configuration Legal notices About
More informationSAP SECURITY OPTIMIZATION
SAP SECURITY OPTIMIZATION Java Checks This documents shows the description of all checks which are executed by the SAP Security Optimization Service for an Java system (Version from May 2014). Author:
More informationSAP Master Data Governance
SAP Master Data Governance Operations Guide for Utopia EAM Solutions for MDG CUSTOMER Document Version: 710 V2.0 14-AUG-2015 Table of Contents Document History... 3 Getting Started... 4 Monitoring of Utopia
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationHow to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On
How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On How to implement the X.509 certificate based Single Sign-On solution from SAP Page 2 of 34 How to
More informationSAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation
A BasisOnDemand.com White Paper SAP WEB DISPATCHER Helps you to make decisions on Web Dispatcher implementation by Prakash Palani Table of Contents 1. Purpose... 3 2. What is Web Dispatcher?... 3 3. Can
More informationSecurity and Risk Management
Mario Linkies and Horst Karin SAP Security and Risk Management Bonn Boston Contents at a Glance PART I Basic Principles of Risk Management and IT Security... 31 1 Risk and Control Management... 33 2 Enterprise
More information1 of 24 7/26/2011 2:48 PM
1 of 24 7/26/2011 2:48 PM Home Community Articles Product Documentation Learning Center Community Articles Advanced Search Home > Deployments > Scenario 3: Setting up SiteMinder Single Sign-On (SSO) with
More informationSAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011
NetWeaver Single Sign-On Product Management NetWeaver Identity Management & Security June 2011 Agenda NetWeaver Single Sign-On: Solution overview Key benefits of single sign-on Solution positioning Identity
More informationHow-to-Guide: Apache as Reverse Proxy for Fiori Applications
How-to-Guide: Apache as Reverse Proxy for Fiori Applications Active Global Support North America Document History: Document Version Authored By Description 1.0 Kiran Kola Architect Engineer 2 www.sap.com
More informationSetup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1. Active Global Support February 2011
Setup Guide Central Monitoring of SAP NetWeaver Proces Integration 7.3 with SAP Solution Manager 7.1 Active Global Support February 2011 Agenda Overview Landscape Setup Recommended Setup SLD/LMDB Synchronization
More informationHow-to-Guide: SAP Web Dispatcher for Fiori Applications
How-to-Guide: SAP Web Dispatcher for Fiori Applications Active Global Support North America Document History: Document Version Authored By Description 1.0 Kiran Kola Architect Engineer 2 www.sap.com Table
More informationDeploying RSA ClearTrust with the FirePass controller
Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you
More informationSAP Netweaver Application Server and Netweaver Portal Security
VU University Amsterdam SAP Netweaver Application Server and Netweaver Portal Security Author: Nick Kirtley Supervisors: Abbas Shahim, Frank Hakkennes Date: 28-09-2012 Organization: VU University Amsterdam,
More informationCentrify Cloud Connector Deployment Guide
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
More informationImprove Security, Lower Risk, and Increase Compliance Using Single Sign-On
SAP Brief SAP NetWeaver SAP NetWeaver Single Sign-On Objectives Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On Single sign-on in the SAP software architecture Single sign-on
More informationInterwise Connect. Working with Reverse Proxy Version 7.x
Working with Reverse Proxy Version 7.x Table of Contents BACKGROUND...3 Single Sign On (SSO)... 3 Interwise Connect... 3 INTERWISE CONNECT WORKING WITH REVERSE PROXY...4 Architecture... 4 Interwise Web
More informationUsing SAP Logon Tickets for Single Sign on to Microsoft based web applications
Collaboration Technology Support Center - Microsoft - Collaboration Brief March 2005 Using SAP Logon Tickets for Single Sign on to Microsoft based web applications André Fischer, Project Manager CTSC,
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationHow to Create Web Dynpro-Based iviews. Based on SAP NetWeaver 04 Stack 09. Jochen Guertler
How to Create Web Dynpro-Based iviews Based on SAP NetWeaver 04 Stack 09 Jochen Guertler Copyright Copyright 2004 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationInternet Banking System Web Application Penetration Test Report
Internet Banking System Web Application Penetration Test Report Kiev - 2014 1. Executive Summary This report represents the results of the Bank (hereinafter the Client) Internet Banking Web Application
More informationINSTANT MESSAGING SECURITY
INSTANT MESSAGING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part
More informationWhite Paper Secure Reverse Proxy Server and Web Application Firewall
White Paper Secure Reverse Proxy Server and Web Application Firewall 2 Contents 3 3 4 4 8 Losing control Online accessibility means vulnerability Regain control with a central access point Strategic security
More informationSynology QuickConnect
Synology QuickConnect Based on DSM 5.2 Synology Inc. Table of Contents Chapter 1: Introduction What is QuickConnect?... 3 Chapter 2: How QuickConnect Works Overview... 4 QuickConnect Connectivity Test...
More informationTenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.
Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,
More informationAdobe Document Service Configuration and Troubleshooting Guide
Adobe Document Service Configuration and Troubleshooting Guide Applies to: SAP NetWeaver 7.0. For more information, visit the Application Management homepage. Summary This document is intended to guide
More informationDirectory and File Transfer Services. Chapter 7
Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major
More informationAA enabling a closed source legacy application
AA enabling a closed source legacy application Jan Du Caju ICT security officer K.U.Leuven Belgium AA enabling a closed source legacy application Introduction: context association K.U.Leuven Case: AA enabling
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationTopics in Web Application Security BlackHat Seattle, 2003. 2002 by WhiteHat Security, Inc.
Topics in Web Application Security BlackHat Seattle, 2003 Introductions Jeremiah Grossman Founder and CEO, WhiteHat Security Bill Pennington Senior Engineer, WhiteHat Security Agenda Web Server Fingerprinting
More information1. Introduction 2. Getting Started 3. Scenario 1 - Non-Replicated Cluster 4. Scenario 2 - Replicated Cluster 5. Conclusion
1. Introduction... 1 1.1. Non-Replicated Cluster... 1 1.2. Replicated Cluster... 2 1.3. Mixing Both Options... 3 2. Getting Started... 5 3. Scenario 1 - Non-Replicated Cluster... 6 3.1. JOSSO Agent Configuration...
More informationNovell Access Manager
Access Gateway Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP2 November 16, 2010 www.novell.com Novell Access Manager 3.1 SP2 Access Gateway Guide Legal Notices Novell, Inc., makes no representations
More informationDEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Application Server 10g
DEPLOYMENT GUIDE Version 1.1 Deploying F5 with Oracle Application Server 10g Table of Contents Table of Contents Introducing the F5 and Oracle 10g configuration Prerequisites and configuration notes...1-1
More informationConfiguring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite. Abstract
Configuring Single Sign-On for Documentum Applications with RSA Access Manager Product Suite Abstract This white paper outlines the deployment and configuration of a Single Sign-On solution for EMC Documentum
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationThe Secure Web Access Solution Includes:
F5 - AppDome Partnership F5 and AppDome share a vision that BYOD users should benefit from secure access to enterprise internal portals for increased productivity. With the exponential growth of mobile
More informationDeploying the BIG-IP System v10 with Oracle Application Server 10g R2
DEPLOYMENT GUIDE Deploying the BIG-IP System v10 with Oracle Application Server 10g R2 Version 1.1 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Oracle s Application Server 10g
More informationCertification Guide Network Connectivity for SAP on Premise and Cloud Solutions Integration
Network Connectivity for SAP on Premise and Cloud Solutions Integration TABLE OF CONTENTS INTRODUCTION... 3 NETWORK PRODUCTS IN SCOPE... 4 CERTIFICATION OVERVIEW... 5 Scenarios... 5 Test Cases... 5 THE
More informationF5 BIG-IP: Configuring v11 Access Policy Manager APM
coursemonster.com/uk F5 BIG-IP: Configuring v11 Access Policy Manager APM View training dates» Overview This three day course gives networking professionals a functional understanding of the BIG-IPÂ APM
More informationDEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server Table of Contents Table of Contents Deploying the BIG-IP LTM with Tomcat application servers and Apache web
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More informationDMZ Network Visibility with Wireshark June 15, 2010
DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ
More informationSAP SECURITY OPTIMIZATION
SAP SECURITY OPTIMIZATION ABAP Checks This documents shows the description of all checks which are executed by the SAP Security Optimization Service for an ABAP system (Version from May 2014). Author:
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationInspection of Encrypted HTTPS Traffic
Technical Note Inspection of Encrypted HTTPS Traffic StoneGate version 5.0 SSL/TLS Inspection T e c h n i c a l N o t e I n s p e c t i o n o f E n c r y p t e d H T T P S T r a f f i c 1 Table of Contents
More informationDMZ Gateways: Secret Weapons for Data Security
A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security EXECUTIVE
More informationResponse Time Analysis of Web Templates
Response Time Analysis of Web Templates Prerequisites To generate trace files that are required for the detailed performance analysis you need to download and unpack the file IEMon.zip. This file can be
More informationHow To Manage Work Mode On An It Calendar On An Apa System
SAP Solution Manager 7.1 Technical Administration Work Center Setup Q2, 2011 Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision.
More informationStreamServe Persuasion SP5 StreamStudio
StreamServe Persuasion SP5 StreamStudio Administrator s Guide Rev B StreamServe Persuasion SP5 StreamStudio Administrator s Guide Rev B OPEN TEXT CORPORATION ALL RIGHTS RESERVED United States and other
More informationAuthentication Methods
Authentication Methods Overview In addition to the OU Campus-managed authentication system, OU Campus supports LDAP, CAS, and Shibboleth authentication methods. LDAP users can be configured through the
More informationAccess Gateway Guide Access Manager 4.0 SP1
Access Gateway Guide Access Manager 4.0 SP1 May 2014 www.netiq.com/documentation Legal Notice THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS
More informationReverse Proxy Scenarios for Single Sign-On
Sterling Secure Proxy Reerse Proxy Scenarios for Single Sign-On Version 3.4 Sterling Secure Proxy Reerse Proxy Scenarios for Single Sign-On Version 3.4 Note Before using this information and the product
More informationUse FortiWeb to Publish Applications
Tech Brief Use FortiWeb to Publish Applications Replacing Microsoft TMG with a FortiWeb Web Application Firewall Version 0.2, 27 June 2014 FortiWeb Release 5.2.0 Introduction This document is intended
More informationDisclaimer. SAP 2008 / SAP TechEd 08 / SIM202 / Page 2
SIM202 SAML 2.0 and Identity Federation Yonko Yonchev, NW PM Security SAP AG Dimitar Mihaylov, NW Security and Identity Management SAP Labs Bulgaria Tsvetomir Tsvetanov, Active Global Support SAP America
More informationSAP Web Application Server Security
SAP Web Application Server Security HELP.BCSECSWAPPS Release 6.10 Document Version 1.4 01/15/02 Copyright Copyright 2001 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted
More informationDEPLOYMENT GUIDE Version 2.1. Deploying F5 with Microsoft SharePoint 2010
DEPLOYMENT GUIDE Version 2.1 Deploying F5 with Microsoft SharePoint 2010 Table of Contents Table of Contents Introducing the F5 Deployment Guide for Microsoft SharePoint 2010 Prerequisites and configuration
More informationOracle9i Application Server: Options for Running Active Server Pages. An Oracle White Paper July 2001
Oracle9i Application Server: Options for Running Active Server Pages An Oracle White Paper July 2001 Oracle9i Application Server: Options for Running Active Server Pages PROBLEM SUMMARY...3 INTRODUCTION...3
More informationForward proxy server vs reverse proxy server
Using a reverse proxy server for TAD4D/LMT Intended audience The intended recipient of this document is a TAD4D/LMT administrator and the staff responsible for the configuration of TAD4D/LMT agents. Purpose
More informationExternal Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210
More informationEND-TO-END SSL SETUP SAP WEB DISPATCHER Helps you to setup the End-To-End SSL Scenario for SAP Web Dispatcher
A BasisOnDemand.com Guide END-TO-END SSL SETUP SAP WEB DISPATCHER Helps you to setup the End-To-End SSL Scenario for SAP Web Dispatcher by Prakash Palani (Prakash.Palani@basisondemand.com) Table of Contents
More informationSAP NetWeaver AS Java
Chapter 75 Configuring SAP NetWeaver AS Java SAP NetWeaver Application Server ("AS") Java (Stack) is one of the two installation options of SAP NetWeaver AS. The other option is the ABAP Stack, which is
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationSAP SECURITY OPTIMIZATION
SAP SECURITY OPTIMIZATION ABAP Checks This document shows the description of all checks which are executed by the SAP Security Optimization Service for an ABAP system (Version from July 2011). Author:
More informationPerceptive Experience Single Sign-On Solutions
Perceptive Experience Single Sign-On Solutions Technical Guide Version: 2.x Written by: Product Knowledge, R&D Date: January 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark
More informationEnabling SSL and Client Certificates on the SAP J2EE Engine
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs SAP AG 1 Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine
More informationINTRODUCTION AND TERMINOLOGY
SSL, LOAD BALANCERS, REWRITE, REDIRECT AND MORE ADVANCED CONFIGURATION Dan Norris, dnorris(at)piocon.com, Piocon Matt Topper, matt.topper(at)oracle.com, Oracle INTRODUCTION AND TERMINOLOGY Oracle Fusion
More informationFirewall: Getting started
Firewall: Getting started Version 4 SC41-5424-02 Firewall: Getting started Version 4 SC41-5424-02 ii Firewall: Getting started Contents Part 1. Firewall: Getting started... 1 Chapter 1. Print this topic.......
More informationReverse Proxy with SSL - ProxySG Technical Brief
SGOS 5 Series Reverse Proxy with SSL - ProxySG Technical Brief What is Reverse Proxy with SSL? The Blue Coat ProxySG includes the functionality for a robust and flexible reverse proxy solution. In addition
More informationIT Architecture Review. ISACA Conference Fall 2003
IT Architecture Review ISACA Conference Fall 2003 Table of Contents Introduction Business Drivers Overview of Tiered Architecture IT Architecture Review Why review IT architecture How to conduct IT architecture
More informationOracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007
Oracle Identity Management for SAP in Heterogeneous IT Environments An Oracle White Paper January 2007 Oracle Identity Management for SAP in Heterogeneous IT Environments Executive Overview... 3 Introduction...
More information