Enabling Application-to-Application Processes: Security Aspects

About This Document

All security aspects relevant to generic application-to-application (A2A) processes are already described in detail in the SAP NetWeaver Process Integration Security Guide. Therefore, this document only focuses on specific security aspects that apply when the Plain J2SE Adapter Engine is used.

The Plain J2SE Adapter Engine is only supported for compatibility reasons and you should only use it if it is a precondition in your environment. You should not use it in B2B environments.

Target Groups

?     Technical consultants

?     System administrators

Overview

SAP NetWeaver usage type Process Integration (PI) can be used for two main purposes:

?     Intra-enterprise application integration (EAI) where company-internal heterogeneous applications communicate using PI. This is also known as A2A (application-to-application) communication.

?     Inter-enterprise integration where companies exchange XML messages. This is also known as B2B (business-to-business) communication.

The variant A2A Integration of the scenario Enabling Application-to-Application Processes covers the A2A communication.

A2A Integration

Within this variant, the use of the Plain J2SE Adapter Engine as an endpoint for A2A communication is described. For generic A2A processes, see the security guide for SAP NetWeaver usage type PI.

The Plain J2SE Adapter Engine is one of the PI messaging components responsible for message processing and protocol handling. This type of adapter engine was already available with XI 2.0 and merely requires a Java Virtual Machine to run. It can be used as a non-central adapter engine, but it hosts only a subset of the adapter functions and does not support standard security features such as security logs or integrated user management.

The following security aspects apply:

?     Technical communication

The Plain J2SE Adapter Engine does not access the exchange profile, because the connection data is kept locally. It does, however, register itself in the System Landscape Directory (SLD).

See also: Technical Communication

?     User store

The Plain J2SE Adapter Engine does not use the SAP user administration. Instead, it keeps user information in property files. Although sensitive data such as passwords is stored in an obfuscated form, we recommend that you also secure these property files by using the functions of your operating system.

See also: User Store

?     Securing adapters running in the Plain J2SE Adapter Engine

For a summary of how to secure adapters for running in the Plain J2SE Adapter Engine, see Adapters Running in the Plain J2SE Adapter Engine.