Network & Communication Security



In SAP SRM, data exchange occurs with HTTPS connection using SSL encryption that is used to protect data from unauthorized access. SSL stands for Secure Socket Layer. While performing secure network and communication in SAP system, the following points can be considered −

  • Network topology of SAP system
  • Firewall configuration
  • Transport layer security
  • Using multiple network zones

In SAP SRM system, all the components that use HTTP protocol support encryption of data using SSL protocol and as per the protocol data are transferred. The components include confidential data like system password, etc. As per data transfer and protocol, you can also apply transport level security.

SSL can be used to increase the security between business systems and adapters, business system and integration server.

Destination Delivered Type
SAP ERP (Classic Scenario) No RFCs and SOA Services
SAP ERP (Extended Classic Scenario) No RFCs and IDocs
SAP Customer Relationship Management (SAP CRM) No RFCs and SOA Services
Collaboration Projects (cPro) No XML communication using SAP NetWeaver Process Integration (SAP NetWeaver PI) (Web services)
CFolders No RFCs

This shows the system and components and relevant communication destinations for the SAP SRM system.

To communicate with external systems, you need to activate the following services in SAP SRM system −

  • /sap/bc/webdynpro/sapsrm
  • /sap/bc/srm
  • /sap/bc/bsp/sapsrm
  • /sap/sapsrm/
  • /default_host/sap/bc/srm
  • /default_host/sap/bc/webdynpro/sapsrm
  • /default_host/sap/bc/bsp/sapsrm

To use NetWeaver Business client for SRM, you need to activate the following −

  • /default_host/sap/bc/nwbc/srm

To use Live Auction cockpit, you need to activate the following −

  • /sap/lacmessaging

To activate these services, use T-code — SICF

T-Code SICF

In Hierarchy type, select service and click on Execute button. In the next window, you can maintain service. Select the required ICF service in the ICF tree in transaction SICF.

Activate the ICF service in one of the following ways −

  • Using menu option Service/Host → Activate
  • Using the context menu and choosing Activate Service
Activate Service

Default_host node is inactive in transaction SICF; the HTTP requests could result in ABAP runtime error RAISE_EXCEPTION with the following short text −

Exception condition "HOST_INACTIVE" triggered.

If a service is inactive in transaction SICF, an error text appears when you try to access the service.

To support internet protocols HTTP, HTTPS and SMTP — /default_host/sap/public/icman is activated in transaction.

This service is used to decide how HTTP requests are distributed.

Network and Communication Security

Other Internal Services in SAP

Let us now understand the other internal services in SAP −

default_host/sap/bc/echo

This is used to provide information about the logon procedure in use, header and form fields and the SSO cookie generated for the processed request. This service should be activated only for error analysis.

/default_host/sap/bc/error

This service creates some error situations in the system and should only be activated for error analysis. To activate/deactivate service, you have to right-click on service.

Other Internal Services
Advertisements