This guide does not replace the daily operations handbook that we recommend customers create for their specific productive operations.
· Technical consultants
· System administrators
This document is not part of the Installation Guide, Configuration Guide, the technical handbook, or Upgrade Guide. These guides are only relevant for a certain phase in the software life cycle. The Security Guide, in contrast, provides information that affects all the phases of the life cycle.
The increasing use of distributed systems and of the Internet to manage business data has resulted in an increase in security requirements. With a distributed system, you must ensure that your data and processes support the needs of your enterprise without allowing unauthorized access to critical information. Errors made by users, negligence, or attempts to manipulate your system must not lead to losses in terms of information or processing. These security requirements also apply to SAP MI. This guide has been provided to support you in securing SAP MI.
A mobile device is much more vulnerable than a server. While the server remains in a secure room, the mobile device is used in transit. It is, therefore, relatively easy to physically access the file system of the mobile device. The operating systems of a number of mobile devices (especially PDAs) also provide neither sufficient protection against access nor authorization systems at file level. Its vulnerability is increased when a mobile device is used by multiple users.
The mobile device is threatened, for example, by the following potential dangers:
· Loss of the device
· Unauthorized use by an unauthorized person
· Data manipulation in the file system
The Security Guide provides an overview of the security-relevant information that affects SAP MI.
The Security Guide primarily consists of the following sections:
This section contains information about why security is necessary, how the document is used, and references to other Security Guides that form the basis of this Security Guide.
This section provides an overview of the technical components and communication paths that SAP MI uses.
This section provides an overview of the recommended tools for managing users, the required user types, and the user synchronization strategy.
This section provides an overview of the authentication process, passwords, integration options in Single Sign-On environments and encryption options.
This section provides an overview of the authorization concept that applies to SAP MI.
This section provides an overview of the communication paths used by SAP MI, and the security mechanisms to be applied. It also incorporates our recommendations for the network topology to restrict the access to network level.
This section provides an overview of all the critical data used by SAP MI, and the security mechanisms to be applied.
This section provides an overview of the trace and log files that contain security-relevant information so that you can reproduce activities, for example, if a security violation occurs.