SAP PI - Securing Objects


For transferring information in the form of objects from one Enterprise Service Repository to other, you can select from the three means of transport −

  • File System Based Transport
  • Change Management Service (CMS)
  • Change and Transport System (CTS)
Enterprise Service Repository

The illustration shows two software components — Version A and Version B that have been transferred from ESRep_1 and ESRep_2 to other ESRep’s.

Transport Level Security

Transport Level Security includes the security of design objects while transferring over the network. While transferring objects you perform authentication and encryption at the transport level and authorization at end point. For internal communication you use Secure Socket Layer (SSL) for encryption and decryption of data across a secure connection. For external communication between SAP and non-SAP system, the type of encryption depends on the type of adapter used for communication.

SAP PI Adapters and Security Mechanism −

Adapter Protocol Security Mechanism
HTTP based Adapter HTTP HTTPS
RFC based Adapter RFC Secure Network Communication
Mail Adapter SMTP, IMAP4, POP3 HTTPS
File Adapters FTP FTP over SSL

Transport Level Authorization

To achieve transport level authorization, you can use HTTP with client authentication. HTTP transport level authentication can use user name and password, X.509 certificates or SAP logon tickets.

Message Level Security

Message level security can be achieved using encryption techniques and digital signatures. Message to be sent over network is first encrypted by an encryption algorithm that includes a session key and a public key for encryption. Same session key and public key is used at the receiver’s side for decryption of message to see the content.

HTTP Transport Level

You can use the following mechanisms for HTTP Transport Level −

  • User Id and Password
  • X.509 certificates
  • SAP Logon tickets
  • Message Level Security
  • S/MIME
  • WS Security
  • XML Signature
  • XML Encryption