You must take appropriate network measures to secure RFC communications between systems (see Network Infrastructure). Operate your systems in a closed, secure LAN or use SAProuters and packet filters to control access to the systems.
The SAP Gateway controls remote RFC and CPI-C communications. It reads queries and sets up work processes for the connection. It includes a monitor that you can use to analyze and administer the SAP Gateway. In the standard system, you can access the gateway monitor locally or from a remote computer. However, we recommend that you deactivate remote monitoring of the SAP Gateway.
To deactivate remote monitoring of SAP Gateways, set the profile parameter gw/monitor to 1 (see also SAP Note 64016).
In a scenario that consists of trusted systems, servers in one system trust servers from another system. Users in the first system (system A) who access the second system (system B), are not authenticated by passwords each time they access system B. System B trusts system A; this trust relationship allows system B to accept the user from system A without any further authentication. The user must have user accounts in both systems and gets the authorizations from the target system, in this case system B.
RFC Trusted System Network
The benefit of this procedure is that users only need to authenticate themselves once when they communicate with trusting systems. No logon information needs to be sent across the network. Users in this network require the authorization object S_RFCACL.
However, to guarantee the security of trusting systems, you must check the following prerequisites, which entail an increased amount of administration:
Only if you meet these requirements do we recommend the implementation of a trusted system concept.
Also read the following SAP Note:
· 128447 (Trusted Systems)