RFC Adapter

The RFC adapter handles native RFC calls to and from the Integration Server. It runs as a registered JCo server program in the Adapter Engine so that the communication is always routed through the SAP gateway.

SAP recommends that you set up the SAP gateway in a secure manner where only authorized programs are allowed to register with the gateway. To ensure this, you have to specify the host name of the Adapter Engine and the program IDs used in RFC sender channel configurations with the gateway.

On the inbound side, the connection from the sender to the adapter is established without user authentication. It can only be secured by network means using the gateway configuration. For detailed configuration instructions, see the documentation for the SAP Gateway.

Moreover, the RFC adapter requires RFC metadata describing the signatures of RFC-enabled functions in the back-end systems. Therefore, the corresponding agreements must have a connection to an SAP system for reading this metadata.

The following table summarizes the security-relevant aspects of the RFC adapter:

Aspect

RFC Adapter

Underlying protocol

RFC

Connections should be secured by SNC.

Inbound configuration

Configuration in sender channel of type RFC.

RFC connection data from Integration Server to back-end system for reading RFC metadata.

SAP gateway registration data.

No user credentials; anonymous logon for messaging.

Outbound configuration

Configuration in receiver channel of type RFC.

RFC connection data from Integration Server to back-end system for messaging.

Messaging user must have appropriate application authorities in receiver system.

Optionally, RFC connection data from Integration Server to another back-end system for reading RFC metadata.