Security Considerations and Certificate Requirements. SAP Business One Cloud Landscape Workshop

Similar documents
SAP Cloud Reference Systems. Scenario Outline. Cash and Liquidity Management (Processing Receivables and Payments)

SAP Cloud Reference Systems. Scenario Outline. Over-the-Counter Sales

SAP Cloud Reference Systems. Scenario Outline. Cash and Liquidity Management (Processing Payables and Payments)

Time Recording. SAP Best Practices

SAP Cloud Reference Systems. Scenario Outline. Procure-to-Pay (Stock)

SAP Cloud Reference Systems. Scenario Outline. Make-to-Stock

SAP Cloud Reference Systems. Scenario Outline. Marketing-to-Opportunity

SAP Cloud Reference Systems. Scenario Outline. Workforce Administration

Consulting Solution. Batch Management Batches on plant level + EWM. Contact: Matthias Nater for questions & contract details

SAP BusinessObjects BI 4.x & SAP NetWeaver BW. Mapping BEx Query Elements to SAP BusinessObjects BI4 Query Panel

SAP Cloud Reference Systems. Scenario Outline. Quality Assurance

GRC Risk Management for Mining and Metal. Paul Petraschk, SAP September 2012

SAP Transportation Management. Visual Business Configuration with SAP TM

Configuring Substitution in MSS

SAP Forum UK&I. Run like never before FORUM #SAPFORUM

Order to Cash (Standardized Services) SAP Business ByDesign

How does all this work together BW, BW on HANA, Suite on HANA, HANA Live. Part 5: Customer Landscape #5

SAP BusinessObjects BI 4.x - Comparing interface options to SAP NetWeaver BW & SAP NetWeaver BW on SAP HANA - Ingo Hilgefort, SAP May 2013

How the University of Kentucky is Leveraging SAP HANA to Increase Student Success. David Ditzel D&T Account Executive SAP Public Sector

Accelerated Profitability Analysis (CO-PA) Reporting Using Virtual InfoProvider. Jeffrey Holdeman January 2013

Hear How Bose Overcomes the Challenges of a Multichannel World. Matthias Göhler, VP, Product Management Multi Channel, SAP AG November 2012

Stop and Stage modeling in TOR

Customer Contract Management. SAP Business ByDesign

Time and Labor Management. SAP Business ByDesign

Cash and Liquidity Management (Processing Payables and Payments) SAP Business ByDesign

Cash and Liquidity Management (Processing Receivables and Payments) SAP Business ByDesign

AUSAPE - Webcast Disabling Hierarchical Access for Pricing. Jose Rausell, SAP Iberia Quality Director 21 st March 2013

SIS201 All You Need to Know About Security with SAP HANA Andrea Kristen, Holger Mack / TIP In-Memory Platform SAP TechEd 2012

Stock Transfer. SAP Business ByDesign

SAP HANA Real-World Transformative Business Cases. Sajal Agarwal, Solution Marketing May 15, 2012

SIS104 Identity Service from SAP Identity Provider for the Cloud Martin Raepple / SAP NetWeaver Cloud Platform Marko Sommer / SAP NetWeaver Identity

Order-to-Cash (Specified Products) SAP Business ByDesign

IS-UT: Country-Specific Functions for Slovenia

Quality on Submit. Asaf Saar, SAP AG Area Product Owner CPO I2M Software Engineering Romanian Testing Conference nd Edition, May 16, 2013

Extending SAP NetWeaver Portal with Personalized Mobile App Gallery. Aviad Rivlin, Senior Product Manager, SAP October, 2013

Marketing-to-Opportunity. SAP Business ByDesign

Order-to-Cash (Project based Services) SAP Business ByDesign

Idea to Performance Connected Process Optimization. Executive Overview Presentation May 2013

Strategic Sourcing. SAP Business ByDesign

WebDAV & remote support platform for SAP Business One

ASUG Influence: SAP BusinessObjects Analysis Update Session #4210

Customer Center of Expertise Advanced Certification Guidelines Structure of Material Customer. Customer COE Program. January 2014

Make-to-Stock. SAP Business ByDesign

Session: 0909 Big Data Velocity- Leveraging High Speed Event Streams with ESP and SAP HANA

Finding the right WMS: A guide to the different types, the value, and your options to improve efficiency, throughput and cost.

SAP Transportation Management. Integration of SAP TM with Dangerous Goods

SAP Best Practices for Subsidiary Integration in One Client Consolidation Preparation: Intercompany Reconciliation

Device Notifications Troubleshooting the SAP Mobile Platform

SAP Mobile Application Certification Overview. SAP Integration and Certification Center November 2011

Golden Demo. Demo Script. SAP Business ByDesign. Customer Contract Management Classification: Internal and for Partners. SAP Cloud Reference Systems

SAP Enterprise Inventory & Service-Level Optimization (SAP EIS formerly SmartOps) and APO

PLM318: Analytics in Enterprise Asset Management

SAP Best Practices for Subsidiary Integration in One Client Intercompany Revenue Planning and Reporting with CO-PA

Desktop Connection for SAP CRM Professional Edition 2.0 SP02. July 2014

2010 SAP AG. All rights reserved. / Page 2

SCM550. Cross-Functional Customizing in Materials Management COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

AC605 Profitability Analysis

SCM605 Sales Processing in SAP ERP

CR500. CRM Middleware COURSE OUTLINE. Course Version: 10 Course Duration: 2 Day(s)

SAPSCM. Overview of the SAP Supply Chain Management Application COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

AC202. Accounting Customizing II: Special G/L Transactions, Document Parking, Substitutions/Validations, Archiving FI COURSE OUTLINE

SCM525. Consumption-Based Planning and Forecasting COURSE OUTLINE. Course Version: 010 Course Duration: 2 Day(s)

SCM520. Purchasing COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

SCM610. Delivery Processing in SAP ERP COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

BIT600. SAP Business Workflow: Concepts, Inboxes, and Template Usage COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Enterprise Services in SAPTM S AP T r a n s p o r t a t i o n M a n agement 8.1

Enterprise Information Management. Steve Vazzano, SAP Solutions Engineer Matt Iacoviello Jr, SAP Solutions Engineer

Parallel Valuation after Asset Impairment SAP Note Globalization Services, June 4 th, 2012

SMP130. SAP Mobile Platform for Enterprise Architects COURSE OUTLINE. Course Version: 10 Course Duration: 2 Day(s)

SMP140 SAP Mobile Platform 3.0 for Solution Architects

MOB320. SAP Agentry Work Manager for IBM Maximo COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

SAPCRM SAP CRM Solution Overview

HR505. Organizational Management COURSE OUTLINE. Course Version: 010 Course Duration: 4 Day(s)

SMP230 SAP Mobile Platform 3.0 for Enterprise Architects

BOE330. SAP BusinessObjects Business Intelligence Platform: Designing and Deploying a Solution COURSE OUTLINE

AC410 Cost Center Accounting

FS242. Deposits Management in Banking Services from SAP 8.0 COURSE OUTLINE. Course Version: 10 Course Duration: 4 Day(s)

BO100. Reporting with SAP BusinessObjects BI Solutions for SAP NetWeaver BW COURSE OUTLINE. Course Version: 15 Course Duration: 20 Hours

SCM601. Processes in Logistics Execution COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

Sales Quotation. SAP Best Practices

Forecast Level Optimizer Find the best forecast strategy. SAP Consulting August 2011

TCRM10 CRM Fundamentals I

CR100. CRM Customizing Fundamentals COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

TEWM12 SAP Extended Warehouse Mangement II (SAP EWM)

TM430. Strategic Freight Management in SAP Transportation Management COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)8 Hours

Intercompany Cross-Border Central Sourcing SAP Best Practices Baseline Package

EWM110. Extended Warehouse Management - Customizing COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

Managing Business in Times of Volatile Commodity Prices

SAP Mobile Platform: Agentry Support Strategy and Exemplary Walkthrough

Debit Memo Processing. SAP Best Practices

TM215. LSP Based Planning and Execution in SAP Transportation Management COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

SAP Solutions for Information Lifecycle Management Executive Overview. Public

PLM230. SAP Project System Controlling COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

EWM120. Extended Warehouse Management Customizing - Part II COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

SUS300. Product Safety and Stewardship Overview COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

TBW50 SAP BW Data Acquisition

SAPBPM. SAP Business Process Management COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

Asset Acquisition through Direct Capitalization. SAP Best Practices

AC010. Business Processes in Financial Accounting COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

BPC440 SAP Business Planning and Consolidation: Consolidation

Transcription:

Security Considerations and Certificate Requirements SAP Business One Cloud Landscape Workshop

Section Objectives This section of the course will enable you to: Understand the security issues that need to be considered in a SAP Business One Cloud Landscape Understand the role of certificates in the SAP Business One Cloud Landscape 2013 SAP AG. All rights reserved. 2

An Introduction to Security in the SAP Business One Cloud Landscape As we are creating an environment that will store the sensitive, financial data of your customers, we need to take some security precautions to ensure the integrity and security of that data. To do this you should: Ensure the correct configuration of any firewalls that protect your SAP Business One Cloud Landscape and only open ports that are absolutely required. Ensure a suitable password policy is set for cloud users Employ HTTPS/SSL for all network communication Control access to shared folders strictly and without exception Set SAP Business One Managed Authentication in the Cloud Landscape to ensure no direct access to the encrypted SQL database Ensure that employee s of customers have access revoked when their employment terminates (put a policy in place with the customer) 2013 SAP AG. All rights reserved. 3

Firewalls and Ports Firewalls form a barrier between the internet and computers on your network: Can be software or hardware It filters information coming through and only allows it to pass if it isn t flagged by the filters it uses. Filtering can be configured by: IP Addresses Domain Names Protocols, e.g. HTTP, FTP, SMTP etc. Ports With firewalls turned on (either within the network or externally) we will need to configure it for certain SAP Business One Cloud functionality 2013 SAP AG. All rights reserved. 4

Business One Port Diagram 2013 SAP AG. All rights reserved. 5

Password Policies It is crucial to set a suitable password policy for the data that is being accessed: For financial data such as that held in SAP Business One Cloud a strong password policy should be used to ensure the security and integrity of the data. We are using Active Directory to manage our users which allows for many options when it comes to password policies What does a strong password policy consist of? How often the password must change Characters used, length and complexity of the password Minimum and maximum password age Password history enforcement Be careful with the SAP Business One Cloud Service User, it is used across the landscape and password will need to be replicated. 2013 SAP AG. All rights reserved. 6

SSL SSL (Secure Socket Layer) provides security for online communications SSL is designed to establish encryption and identity assurance It creates an encrypted link between a server and a computer that is accessing it Ensures that all data passing over the link is private and secure Computer requests secure socket Server responds with SSL certificate Session key is encrypted with SSL Public Key and sent to server Server indicates all future transmissions are encrypted Server and and computer can can send encrypted messages 2013 SAP AG. All rights reserved. 7

Certificates in the SAP Business One Cloud Landscape To protect communication within the SAP Business One Cloud landscape, and communication to the users the following certificates are needed: Certificates for Windows Remote Desktop Services Required for certain RDS components to operate Certificates for the System Landscape Directory (SLD) On install you can configure the SLD to communicate using the HTTPS (Hypertext Transfer Protocol Secure) 2013 SAP AG. All rights reserved. 8

Security Configuration Recommendations Deploy all network communication using HTTPS/SSL Protects all communication to prevent man-in-the-middle attacks (MITM) Install certificate on all components and enable HTTPS/SSL for all services, e.g. SLD, RDS/Citrix, B1i etc. Only expose the RDS and Mobile/Office Integration scenarios (if using) services to the outside network (using SSL) Expose the least amount of services outside the network as possible to reduce possible entries Install certificate on all RDS/Citrix services, use a Remote Desktop/Citrix Gateway Only allow access to the System Landscape Directory (SLD) from the internal network. 2013 SAP AG. All rights reserved. 9

Security Configuration Recommendations Restrict all administration access to internal network access Use third-party hardware/software to enable a VPN to allow internal access to the SAP Business One Cloud landscape Strictly control shared folder permissions Any mistake in shared folder permissions could mean users would accidentally be able to see other users data. Set and verify folder permissions at the OS level. Select SBO Managed DB authentication approach for tenants in the Cloud Control Center Using SAP Business One managed database authentication provides the most secure option and prevents direct access to the database 2013 SAP AG. All rights reserved. 10

Summary In this section we have: Understood some of the basic principles of security in a cloud landscape Understood the role of certificates in the SAP Business One Cloud Landscape Explored some recommendations for the configuration of the SAP Business One Cloud Landscape 2013 SAP AG. All rights reserved. 11

2013 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, PowerPoint, Silverlight, and Visual Studio are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, z10, z/vm, z/os, OS/390, zenterprise, PowerVM, Power Architecture, Power Systems, POWER7, POWER6+, POWER6, POWER, PowerHA, purescale, PowerPC, BladeCenter, System Storage, Storwize, XIV, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner, WebSphere, Tivoli, Informix, and Smarter Planet are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the United States and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are trademarks or registered trademarks of Adobe Systems Incorporated in the United States and other countries. Oracle and Java are registered trademarks of Oracle and its affiliates. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems Inc. HTML, XML, XHTML, and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Apple, App Store, ibooks, ipad, iphone, iphoto, ipod, itunes, Multi-Touch, Objective-C, Retina, Safari, Siri, and Xcode are trademarks or registered trademarks of Apple Inc. IOS is a registered trademark of Cisco Systems Inc. RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold, BlackBerry Pearl, BlackBerry Torch, BlackBerry Storm, BlackBerry Storm2, BlackBerry PlayBook, and BlackBerry App World are trademarks or registered trademarks of Research in Motion Limited. Google App Engine, Google Apps, Google Checkout, Google Data API, Google Maps, Google Mobile Ads, Google Mobile Updater, Google Mobile, Google Store, Google Sync, Google Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik and Android are trademarks or registered trademarks of Google Inc. INTERMEC is a registered trademark of Intermec Technologies Corporation. Wi-Fi is a registered trademark of Wi-Fi Alliance. Bluetooth is a registered trademark of Bluetooth SIG Inc. Motorola is a registered trademark of Motorola Trademark Holdings LLC. Computop is a registered trademark of Computop Wirtschaftsinformatik GmbH. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, SAP HANA, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, ianywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase Inc. Sybase is an SAP company. Crossgate, m@gic EDDY, B2B 360, and B2B 360 Services are registered trademarks of Crossgate AG in Germany and other countries. Crossgate is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG. 2013 SAP AG. All rights reserved. 12

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback