Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide



Similar documents
SFSF EC to 3 rd party payroll Integration Software and Delivery Requirements

Software and Delivery Requirements

Setting up Visual Enterprise Integration (WM6)

Software and Delivery Requirements

Software Requirements

R49 Using SAP Payment Engine for payment transactions. Process Diagram

SAP 3D Visual Enterprise Rapid-Deployment Solution

Ariba Procure-to-Pay Integration rapiddeployment

Secure IIS Web Server with SSL

SAP HANA Big Data Intelligence rapiddeployment

Rapid database migration of SAP Business Suite to SAP HANA (V4.10): Software and Delivery Requirements. SAP HANA November 2014 English

SAP Fiori Infrastructure rapid-deployment solution: Software and Delivery Requirements

SAP Cloud for Customer integration with SAP ERP: Software and Delivery Requirements

SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015

SAP MII for Manufacturing rapid-deployment solution: Software Requirements

Setting Up SSL on IIS6 for MEGA Advisor

How-to-Guide: SAP Web Dispatcher for Fiori Applications

HP Device Manager 4.7

SAP Fiori Sales Rep & SAP CRM Rapid- Deployment Solution

SAP Project Portfolio Monitoring Rapid- Deployment Solution: Software Requirements

SAP Business Intelligence Adoption V6.41: Software and Delivery Requirements. SAP Business Intelligence Adoption February 2015 English

Mobile Secure Cloud Edition Document Version: ios Application Signing

FTP Server Configuration

How to Configure an Example SAP Cloud Applications Studio (PDI) Solution for SAP Cloud for Customer

WHITE PAPER Citrix Secure Gateway Startup Guide

HP Device Manager 4.6

Mobility Manager 9.0. Installation Guide

Software and Delivery Requirements

etoken Enterprise For: SSL SSL with etoken

Creating the Certificate Request

Secure MobiLink Synchronization using Microsoft IIS and the MobiLink Redirector

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery

Installation Guide Customized Installation of SQL Server 2008 for an SAP System with SQL4SAP.VBS

rapid data load for SAP hybris Marketing: Software and Delivery Requirements

MadCap Software. Upgrading Guide. Pulse

Rapid data migration to cloud solutions from SAP: Software and Delivery Requirements. SAP Data Services 4.2 September 2015 English. Document Revisions

K88 - Additional Business Operations for Loans. Process Diagram

Software and Delivery Requirements

Price and Revenue Management - Manual Price Changes. SAP Best Practices for Retail

Citrix Receiver. Configuration and User Guide. For Macintosh Users

Complementary Demo Guide

Installation Guide. SafeNet Authentication Service

Generating an Apple Push Notification Service Certificate

SAP BusinessObjects Business Intelligence Suite Document Version: 4.1 Support Package Patch 3.x Update Guide

Relay Server Installation (X88)

SolarWinds Technical Reference

FA7 - Time Management: Attendances/Absences/Overtime/Hajj Leave. Process Diagram

GR5 Access Request. Process Diagram

SAP BusinessObjects Business Intelligence 4 Innovation and Implementation

K75 SAP Payment Engine for Credit transfer (SWIFT & SEPA) Process Diagram

e-cert (Server) User Guide For Microsoft IIS 7.0

SAP Business Intelligence Suite Patch 10.x Update Guide

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Lab 05: Deploying Microsoft Office Web Apps Server

PSM-PPM Integration SAP Product Structure Management

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

SM250 IT Service Management Configuration

Manual to Access SAP Training Systems Technical Description for Customer On-Site Training

Multi Channel Sales Order Management: Mail Order. SAP Best Practices for Retail

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N REV A01 January 14, 2011

Installation Guide: Agentry Device Clients SAP Mobile Platform 2.3

SuccessFactors Global Human Capital Management (HCM) Academy and Admin Training Schedule (Q3 Q4 2014)

Scenarios for Setting Up SSL Certificates for View

CA NetQoS Performance Center

INSTALLING YOUR SSL CERTIFICATE ON THE FILEHOLD SERVER ON WINDOWS 2008 X64 ON IIS 7

HTTPS Configuration for SAP Connector

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

SSL Installing your new Certificate

Hardening Guide for EventTracker Server

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

How-To Guide SAP NetWeaver Document Version: How To Guide - Configure SSL in ABAP System

Automotive Consulting Solution. CHEP - EDI- Container Data

SAP Payroll Processing control center rapiddeployment

HP LaserJet Pro Devices Installing 2048 bit SSL certificates

Upgrade: SAP Mobile Platform Server for Windows SAP Mobile Platform 3.0 SP02

Certificates for computers, Web servers, and Web browser users

How to Schedule Report Execution and Mailing

How To Configure MDM to Work with Oracle ASM-Based Products

Downport to SAP GUI for documents Access Control Management

How to Configure Access Control for Exchange using PowerShell Cmdlets A Step-by-Step guide

FI Localization for Ukraine. Asset Accounting (FI-AA) SAP Library CUSTOMER Document Version: 6774 September 2013

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Installing and Configuring vcenter Multi-Hypervisor Manager

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Zenprise Device Manager 6.1

BT Office Anywhere Configuring Mobile Outlook Synchronisation with Exchange Server

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

Partner Certification to Operate SAP Solutions and SAP Software Environments

SAP Sales and Operations Planning

webmethods Certificate Toolkit

Creating an Apple APNS Certificate

QMX ios MDM Pre-Requisites and Installation Guide

How to configure BusinessObjects Enterprise with Citrix Presentation Server 4.0

Microsoft IIS Integration Guide

How-To Guide SAP Cloud for Customer Document Version: How to Configure SAP HCI basic authentication for SAP Cloud for Customer

RSA Security Analytics

BASIC CLASSWEB.LINK INSTALLATION MANUAL

SAP Business One, version for SAP HANA Platform Support Matrix

How-To Guide for SAP Advanced Planning and Optimization, Demand Planning Add-In for Microsoft Excel

Transcription:

SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English Afaria Network Configuration (X87) Building Block Configuration Guide SAP SE Dietmar-Hopp-Allee 16 69190 Walldorf Germany

Copyright 2014 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE s or its affiliated companies strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions. SAP SE Page 2 of 14

Icons Icon Meaning Caution Example Note Recommendation Syntax Typographic Conventions Type Style Example text Example text EXAMPLE TEXT Example text EXAMPLE TEXT Example text <Example text> Description Words or characters that appear on the screen. These include field names, screen titles, pushbuttons as well as menu names, paths and options. Cross-references to other documentation. Emphasized words or phrases in body text, titles of graphics and tables. Names of elements in the system. These include report names, program names, transaction codes, table names, and individual key words of a programming language, when surrounded by body text, for example, SELECT and INCLUDE. Screen output. This includes file and directory names and their paths, messages, source code, names of variables and parameters as well as names of installation, upgrade and database tools. Keys on the keyboard, for example, function keys (such as F2) or the ENTER key. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Pointed brackets indicate that you replace these words and characters with appropriate entries. SAP SE Page 3 of 14

Contents Afaria Network Configuration: Configuration Guide... 5 1 Purpose... 5 2 Preparation... 5 3 Solution Option... 6 3.1 Windows... 6 3.2 Linux... 6 4 Windows-based Certificate Request... 7 4.1 Create a Certificate Signing Request (CSR)... 7 4.2 Send CSR for Signing... 8 4.2.1 Trusted Root Certificate Authority... 8 4.2.2 Internal Root Certificate Authority... 8 4.3 Import the Signed Certificate File... 9 4.4 Import the Certificate Authority Root Certificate... 9 4.5 Microsoft IIS Web Server SSL Binding... 10 5 Linux-based Certificate Request... 10 5.1 Create a Certificate Signing Request (CSR)... 10 5.2 Send the CSR for Signing... 12 5.2.1 Trusted Root Certificate Authority... 12 5.3 Import the Signed Certificate File... 12 5.4 Apache Web Server SSL Binding... 13 6 Bind Enrollment Server to SSL Certificate... 14 SAP SE Page 4 of 14

Afaria Network Configuration: Configuration Guide 1 Purpose This purpose of this document is to provide a step-by-step configuration guide to help configure a secure network for the SAP Mobile Secure rapid-deployment solution. All of Afaria communications are Hypertext Transfer Protocol (HTTP). In most cases, HTTP communications are not encrypted. To ensure a secure communication, HTTP can be configured with the Secure Sockets Layer (SSL) protocol. The SSL is a cryptographic protocol that provides communication security over the Internet. SSL encrypts the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality and message authentication codes for message integrity. To establish network security over the Internet with SSL, combinations of public and private keys are needed for the handshake between the server behind the corporation's firewall and the client on the other side. Trusted Root Certificate Authorities provide for publicly recognized signatures for keys. To establish SSL for Afaria, the following steps are required: 1. Create a Certificate Signing Request and send it to the Certificate Authority. 2. Once you receive the signed certificate file, import it to the server. 3. Then bind the web server to enable SSL communication between the device and the server. Once HTTP is configured with SSL, the communication protocol becomes known as Hypertext Transfer Protocol Secure (HTTPS). The goal of this document is to configure HTTPS communication on the web server for the Afaria Server/Relay Server. 2 Preparation Audience This document is intended for system administrators and mobility consultants and assumes the administrator/consultant is familiar with Afaria, Microsoft IIS Web Server, the supported database platform (MS SQL Server or SQL Anywhere), and the device types you plan to support. Prerequisites The following table describes the requirements before implementing this configuration document: Document Prerequisites and Prequalification Checklist for Afaria 7 Quick Guide Afaria System Description Completion Required this document is provided before the service engagement Completion required Completion required SAP SE Page 5 of 14

Configuration (X86) Project Team and Roles The following table outlines the required project team for the SAP Mobile Secure rapiddeployment solution: Roles Customer Program Executive Customer Project Manager Time required during implementation Must be available at all times Must be available at all times Responsibilities Make executive decisions Oversees the Afaria implementation Customer Afaria Lead Full-time Works with the SAP Afaria Lead to implement the Afaria solution. Customer Network Administrator Must be available at all times Provides networking and security infrastructure assistance SAP Afaria Lead Full-time Works with the Customer Afaria Lead to implement the solution SAP BusinessObjects Lead (if applicable) Full-time Implements SAP Afaria Analytic Package BOBJ content for Afaria 3 Solution Option This document considers two processes for configuring HTTPS; Windows-based and Linuxbased. Follow the procedure that is relevant to the scope of your Afaria solution. 3.1 Windows This solution provides the necessary procedure to secure Microsoft IIS Web Server with SSL for the Relay Server and/or Afaria Server. To access the Windows-based procedure section quickly, click here. 3.2 Linux This solution provides the necessary procedure to secure Linux Apache Web Server with SSL for the Relay Server. To access the Linux-based procedure section quickly, click here. SAP SE Page 6 of 14

4 Windows-based Certificate Request The following section describes the complete steps to request a SSL certificate and configure HTTPS for Microsoft IIS Web Server. This procedure is specific to Windows-based server only. 4.1 Create a Certificate Signing Request (CSR) The purpose of this activity is to create a certificate signing request. Prerequisite Microsoft IIS Web Server role is installed. 1. Logon to the server that you plan to configure HTTPS. 2. Open Server Manager. 3. Expand Roles Web Server IIS Internet Information Services (IIS) Manager. 4. On the Connections pane, from the <server name> Home pane, choose the name of the server and double-click Server Certificates. 5. From the Actions pane, choose Create Certificate Request... 6. Enter all of the following information about your company and then choose Next. Parameters Common Name: Value <Fully Qualified Domain Name> Organization: Organization Unit: Common Name must match the Fully Qualify Domain Name (FQDN) that points from the Internet to the Afaria Server/Relay Server/Load Balancer, for example mdm.companyname.com <Company Name> <Department> City/locality <City Name> State/province: <State or Province Name> Country/region: <Country 2-letter code> 7. Leave the default Cryptographic Service Provider as Microsoft RSA Channel Cryptographic Provide. 8. Increase the bit length to 2048 bit or higher and choose Next. 9. Browse to a location and save the CSR 10. Choose Finish. You have generated a certificate signing request. SAP SE Page 7 of 14

4.2 Send CSR for Signing The purpose of this activity is to send the CSR to a Root Certificate Authority for signing. The CSR is recommended to be signed by a Trusted Root Certificate Authority such as Verisign, GoDaddy, Entrust, and so on, for production environment. Trusted Root Certificate Authority Root Certificates are pre-installed in most mobile devices and thus the mobile devices already have a trusting relationship. In the event where an Internal Root Certificate Authority is used to sign the CSR, you need to import the Internal Root Certificate Authority root certificate into the mobile devices to establish a trusting relationship. 4.2.1 Trusted Root Certificate Authority 1. Find a Trusted Root Certificate Authority vendor. 2. Place an SSL order with the vendor. 3. Follow and complete the vendor s SSL order procedure. 4. Once the order is validated, the SSL certificate file is received along with the Trusted Root certificate file. 4.2.2 Internal Root Certificate Authority 1. Logon to the Internal Certificate Authority server. 2. Open Server Manager. 3. Expand Roles Web Server IIS Internet Information Services (IIS) Manager. 4. From the Connections pane, expand the <server name> Sites Default Web Site and choose CertSrv. 5. From the Actions pane, choose Browse *:80(http) or Browse *:443 (https). 6. On the Welcome screen, from the Select a task section, choose Request a certificate. 7. On the Request a Certificate screen, choose advance certificate request. 8. On the Advance Certificate Request screen, choose Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64- encoded PKCS #7 file. 9. Using Windows Notepad program, open the CSR file. 10. On the Submit a Certificate Request or Renewal Request screen, copy and paste content of the CSR to the Saved Request text box. 11. Choose Submit. Depending on the Certificate Authority configuration you may need to approve the signing request manually. Follow the procedure: a. Open Server Manager. b. Expand Roles Active Directory Certificate Services <Certificate Authority Name> Pending Requests. c. Right-click on the <Request ID> All Tasks Issue. d. Expand Roles > Web Server IIS Internet Information Services (IIS) Manager. e. From the Connections pane, expand the <server name> > Sites Default Web Site. f. Choose CertSrv, from the Actions pane, choose Browse. g. On the Welcome screen, select View the status of a pending certificate request. h. From the View the status of a pending certificate request screen, select Saved- Request Certificate <date stamp>. SAP SE Page 8 of 14

12. On the Certificate Issued screen, select DER encoded and choose Download certificate chain. 13. Save the signed SSL certificate file. 14. Copy the file to the server that initiated the CSR. You have completed the signing process for the CSR. 4.3 Import the Signed Certificate File The purpose of this activity is to import the signed SSL certificate into the server. 1. Logon to the server that generated the CSR. 2. Locate signed SSL certificate file, right-click the file, and select Install Certificate. 3. On the Certificate Import Wizard > Welcome screen, choose Next. 4. On the Certificate Import Wizard > Certificate Store screen, select Automatically select the certificate store based on the type of certificate and choose Next. 5. On the Completing the Certificate Import Wizard screen, choose Finish. If the certificate is signed by an Internal Root Certificate Authority, a security warning may display. Choose Yes to install the certificate. 6. Open Server Manager. 7. Expand Roles Web Server IIS Internet Information Services (IIS) Manager. 8. From the Connections pane, choose <server name>, from the <server> Home pane, doubleclick Server Certificates. 9. From the Actions pane, select Complete Certificate Request... 10. On the Complete Certificate Request screen, browse to the signed certificate file. 11. Enter a <Friendly Name>, and choose OK. You have imported the signed certificate file into the server. 4.4 Import the Certificate Authority Root Certificate The purpose of this activity is to import the Root Certificate Authority root certificate. Prerequisite You have obtained the Root Certificate Authority root certificate. 1. Logon to the server that generated the CSR. 2. Locate Root Certificate Authority root certificate file, right-click the file, and select Install Certificate. 3. On the Certificate Import Wizard > Welcome screen, choose Next. 4. On the Certificate Import Wizard > Certificate Store screen, select Automatically select the certificate store based on the type of certificate and choose Next. 5. On the Completing the Certificate Import Wizard screen, choose Finish. You have imported the Root Certificate Authority root certificate file onto the server. SAP SE Page 9 of 14

4.5 Microsoft IIS Web Server SSL Binding The purpose of this activity is to bind the Microsoft IIS web server to the signed SSL certificate. 1. Logon to the server that generated the CSR. 2. Open Server Manager. 3. Expand Roles Web Server (IIS) and select Internet Information Services (IIS). 4. On Connections pane, expand <server> Sites, and choose Default Web Site. 5. On the Actions pane, select Bindings 6. On the Site Bindings dialog box, select Add 7. On the Add Site Binding dialog box, enter all of the following: Parameters Type pull-down menu IP address pull-down menu Value https All Unassigned Port 443 SSL certificate pull-down menu <Select the Friendly Name> 8. Choose OK and Close. You have bound the signed SSL certificate to the web server. 5 Linux-based Certificate Request The following section describes the complete steps to request a SSL certificate and configure HTTPS for Linux Apache web server. This procedure is specific to Linux-based server only. 5.1 Create a Certificate Signing Request (CSR) The purpose of this activity is to create a certificate signing request. 1. Logon to the Linux server. 2. Initiate the CSR process with openssl with the following command: openssl req -new -newkey rsa:2048 -nodes -keyout <server_name>.key -out <server_name>.csr 3. Enter the following information: Parameters Country Name State or Province Name Locality Name Value <Country 2-letter code> <State or Province Name> <City Name> SAP SE Page 10 of 14

Organization Name: Organization Unit: Common Name <Company Name> <Department> <Fully Qualified Domain Name> Match the Common Name with the Fully Qualify Domain Name (FQDN) that points from the Internet to the Afaria Server/Relay Server/Load Balancer, for example mdm.companyname.com E-mail Address: A challenge password: A optional company name: <E-mail Address> <Optional, press enter to skip> <Optional, press enter to skip> You have generated a certificate signing request. SAP SE Page 11 of 14

5.2 Send the CSR for Signing The purpose of this activity is to send the CSR to a Root Certificate Authority for signing. The CSR is recommended to be signed by a Trusted Root Certificate Authority such as Verisign, GoDaddy, Entrust, and so on, for production environment. Trusted Root Certificate Authority Root Certificates are pre-installed in most mobile devices and thus already establish have a trusting relationship. In the event where an Internal Root Certificate Authority is used to sign the CSR, you will need to import the Internal Root Certificate Authority Root Certificate into the mobile devices to establish a trusting relationship. 5.2.1 Trusted Root Certificate Authority 1. Find a Trusted Root Certificate Authority vendor. 2. Place an SSL order with the vendor. 3. Follow and complete the vendor s SSL order procedure. Once your order is validated, the SSL certificate file is received along with the Trusted Root certificate file. You have completed the signing process for the CSR. 5.3 Import the Signed Certificate File The purpose of this activity is to import the signed SSL certificate onto the server. 1. Place the signed SSL certificate file the <apache-install-directory>/conf directory 2. Copy and paste the <server_name>.key file that was created earlier to the <apache-install-directory>/conf directory. You have imported the signed certificate file onto the server. SAP SE Page 12 of 14

5.4 Apache Web Server SSL Binding This activity binds the web server to the signed SSL certificate. 1. In the <apache-install-directory>/conf/extra, open the httpd-ssl.conf file. 2. Locate the Secure (SSL/TLS) Connection section and add Listen 443 (shown as follows) # Listen directives: "Listen [::]:443" and # "Listen 0.0.0.0:443" # Listen 443 # 3. Locate the following Server Certificate section and add signed SSL certificate file "<apacheinstall-directory>/conf/<signed_certificate.(crt or cer)>" (shown as follows) # can configure both in parallel (to allow the use of DSA # ciphers, etc.) SSLCertificateFile "<apache-installdirectory>/conf/<signed_certificate.<crt or cer>" # 4. Locate the following Server Private Key section and add SSLCertificateKeyFile "<apacheinstall-directory>/conf/<server_name>.key" (shown as follows) # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile "<apache-installdirectory>/conf/<server_name>.key" # 5. Save the httpd-ssl.conf file. You have bound the signed SSL certificate to the web server. SAP SE Page 13 of 14

6 Bind Enrollment Server to SSL Certificate The purpose of this activity is to bind the Enrollment Server to the signed SSL certificate. This activity is only required if the signed SSL certificate was signed by an Internal Root Certificate Authority. This activity allows the ios device to receive the Internal Root Certificate root certificate during the enrollment process and therefore trust the secure communication. Prerequisite You have imported the signed SSL certificate and Root Certificate Authority root certificate to the server that has the Enrollment Server component installed. 1. Logon to the server where the Enrollment Server component is installed. 2. From the <Afaria Media Directory>, execute setup.exe. Execute setup.exe with Run as Administrator. 3. On the SAP Afaria screen, choose Install Additional Installations and Resources Install Enrollment Server. 4. Follow the wizard to the Specify SSL Certificate screen and select browse. 5. Select the <Friendly Name> and choose OK. 6. Complete the wizard. If you have multiple Enrollment Server components, repeat the process for each one of them. You have bound the Enrollment Server with the SSL certificate. SAP SE Page 14 of 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information