Application layer (application server and message server)
Prerequisites
Hybrid clouds have long been the norm, even if this development has come about rather by accident. Most companies have chosen different cloud software offerings and integrated them accordingly, be it Workday for HCM, SalesForce for CRM, Marketo for marketing automation, Coupa for SRM or Vendavo for pricing. Many have also chosen SAP variants of these solutions with SuccessFactors, Cloud for Customer, Marketing Cloud, Ariba and CPQ.
In the last few years, I have been asked time and again what SAP Basis is and what we SAP Basis administrators do in our daily work. With this blog post I would like to provide a little insight into exactly this area of work.
Configuration and operation of SAP Solution Manager
An SAP HANA system lives on applications. When you develop these applications, you should think about securing them early. Using HTTPS instead of HTTP is one of the basics. In addition, you ensure secure authentication and implement a Secure Software Development Lifecycle to ensure backup in your own developments. In your applications, you better start to check them for risks early on and run this backup process regularly. You can analyse and restrict access to source code later. Create a risk register and address security vulnerabilities in a risk-based manner. The later you discover a risk, the more expensive the fix will be. Further information on SAP Security in addition to the article can be found here. Do you have any further questions or suggestions concerning this topic? Would you like us to go further on the subject? I look forward to your feedback!
Customers with such a case regularly contact us. Creating a Permission Concept from the ground up is often a time-consuming task. Furthermore, the know-how, which aspects should be dealt with in an authorisation concept and how the corresponding processes can look practical and at the same time audit-proof is often lacking. Our solution: tool-based generation of an individual, written authorisation concept In this situation, we have recommended to our customers the tool-based generation of a written authorisation concept directly from the SAP system. We use the XAMS Security Architect tool, with which we have had good experiences. This includes a template for a revision-proof and comprehensible, written authorisation concept. It includes established best practices for role and entitlement management. The template covers all relevant areas in a permission concept. The included text of the authorisation concept is completely customisable, so that the concept can be tailored to your situation without creating a permission concept from scratch. Dynamically update the written authorisation concept One of the biggest challenges after the development of an authorisation concept is to keep it up to date in the long term and to measure the sustainable implementation in the system. This is achieved by integrating live data such as configuration settings and defined rules directly from the connected system. For example, lists of existing roles or user groups and tables are read from the system each time the document is generated and updated in the permission concept. The following screenshot shows an example of what the appearance in the concept document might look like. Automatically check and monitor compliance with the concept To check compliance with the concept, the XAMS Security Architect includes extensive inspection tools. These cover the rules formulated in the concept and are suitable for measuring the extent to which the reality in the system meets the requirements formulated in the concept.
The "Shortcut for SAP Systems" tool is ideal for doing many tasks in the SAP basis more easily and quickly.
Resetting does not mean that the system is at an old state.
Be it on an ad hoc basis (e.g. release upgrade, DB upgrade, optimization of Solution Manager) or on a permanent basis (e.g. monitoring of operations in SLR, fast reactions in defined exceptional cases, planned maintenance), we have the right team, the appropriate procedures (ITIL) and the modern tools to implement your requirements.