MANAGED SERVICES
Determine bottlenecks
In order to cope with the digital transformation in general, but also to cope with the changing demands on the SAP basis and its scope of responsibility, it is necessary to revise existing roles and define and establish new roles. These include the roles of the technology architect, new features of the Subject Matter Expert (SME), and the role of the Expert Team Lead in leading a group of experts. Further information can be found in chapter 7.1 and 9.3 of the Master's thesis.
The security of an SAP system requires protection against unauthorised access, e.g. through the secinfo and reginfo files. A cleanly implemented authorisation concept protects against attacks within the SAP system. However, it is also possible to attack your SAP system via the network. Through the RFC Gateway Server, your system communicates with external servers and programmes. One particularly effective way to protect against this are so-called Access Control Lists (ACL). Find out what this is and how you can use it to better protect your SAP system. The SAP Standard offers different approaches for gate protection. All methods combined can provide even greater safety. For example, it is possible to use Access Control Lists (ACL) to monitor exactly which external programmes and which hosts can communicate with the gateway. Another option is to configure the gateway to support Secure Network Communication (SNC). Finally, there are various security parameters for the gateway. This article focuses on the use of ACL files such as secinfo and reginfo files. What is an ACL? Access control lists are files in which permitted or prohibited communication partners can be recorded. For the gateway to use these ACL files, parameters must be set in the default profile of the SAP system and of course the files must be maintained accordingly. With the help of logs and traces, which can be configured for this purpose, a precise investigation can be made in advance of the activation, which connections currently run via the gateway. This allows them to prevent important applications with which your system communicates from being blocked by the ACL files. The rules in the ACL files are read from top to bottom of the gateway to decide whether to allow a communication request. If none of the rules matches the requesting programme, it will be blocked. Network-based ACL The network-based ACL file contains permitted and prohibited subnets or specific clients.
Operating systems and databases
By correctly assessing your own applications for suitability for operation with an external service provider or in the cloud, the enterprise risk of the chosen service form is minimised. Also, possible weak points or aspects that require special attention are known and can be dealt with proactively. A negative consequence during the operational operation can be largely excluded.
The positioning depends strongly on the previously identified target groups and must be justified accordingly. Positioning is extremely important for the SAP basis. It is primarily a matter of positioning within the IT organisation and defining or positioning the other IT departments that can be considered as competitors in the context of this step. STEP 6: OWN EMPLOYEES This step will identify the necessary skills and training of their own employees necessary to fulfil the objectives and provide the service. The necessary skills and roles for the SAP basis are explained in detail in the recommendation Skills & Roles.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
All risks known for a normal SAP system also apply to a SAP-HANA system.
SAP Basis Plug-In and SAP R/3 Plug-In must always have the same release level, for example PI 2004.1 and PI Basis 2004.1.