SAProuter is an SAP program that acts as an intermediate station (proxy) in a network connection between SAP systems, or between SAP systems and external networks. SAProuter controls the access to your network (application level gateway), and, as such, is a useful enhancement to an existing firewall system (port filter).
Figuratively, the firewall forms an impenetrable wall around your network. However, since particular types of connections need to penetrate this wall, a hole has to be made in the firewall. SAProuter assumes the control of this hole.
In short, SAProuter provides you with the means of controlling access to your SAP system.
Implementation Considerations
You can use SAProuter to do the following:
Control and log the connections to your SAP system, for instance from an SAP service center
Set up an indirect connection when programs involved in the connection cannot communicate with each other due to the network configuration
Address conflicts when using non-registered IP addresses
Restrictions arising from firewall systems
Improve network security by means of the following:
A password, which protects your connection and data from unauthorized external access
Allowing access from only particular SAProuters
Only allowing encrypted connections from a known partner (using the SNC layer)
Increase performance and stability by reducing the SAP system workload within a local area network (LAN) when communicating with a wide area network (WAN)
The following graphic illustrates your network (LAN) using a firewall as protection against access from outside. SAProuter runs on the firewall host, and serves as a "door" to your network. This door is only opened for connections you specify.
This is often useful if, for example, there is a support connection from SAP to your SAP system that SAP staff use to access your system in the case of problems. SAProuter controls and monitors these connections.
Caution
Note that installing SAProuter without the use of a firewall does not protect your network against access from external networks. You must ensure that all incoming SAP connections go through the SAProuter "hole".
Increasing Network Security with SAProuter
The SAProuter running on your firewall host should be configured to allow the following:
Only the NI protocol (SAP-Protokoll) is accepted from external systems
Not just any number of SAProuters are allowed before and after this one in a route station.
Only SAProuters that you trust are allowed access
Recommendation
Under UNIX, we do not recommend starting the SAProuter on a port reserved for root.
1 comment:
For a Excellent Online Resource for SAP EP and SAP Web Dynpro ABAP, Visit Learn SAP Online
SAP EP - Standard Portal Services
Portal Eventing and Navigation
Portal Look and Feel - Branding the Portal
How to Develop Portal Applications
SAP EP-Developing portal content and assigning permissions
SAP EP-Role maintenance
SAP EP-How to make Enterprise Portal highly available
Implement Single Sign On
SAP EP-J2EE architechture
What is SAP Enterprise Portal
And Many More...
Basics of Web Dynpro ABAP
ABAP Data Types and Objects
ABAP Statements
WD4A - Introduction WDA - SAP Logon Procedures
WD4A-Format the Values appearing on value Axis of Business Graphic
WD4A-Navigate from one view to another and back to previous view
WD4A - How to Calculate next 12 months from current month in web dynpro ABAP
WD4A - Validate Inputs in a web dynpro ABAP Application
And Many More...
Post a Comment