SAP PI - Securing Objects
For transferring information in the form of objects from one Enterprise Service Repository to other, you can select from the three means of transport −
- File System Based Transport
- Change Management Service (CMS)
- Change and Transport System (CTS)
The illustration shows two software components — Version A and Version B that have been transferred from ESRep_1 and ESRep_2 to other ESRep’s.
Transport Level Security
Transport Level Security includes the security of design objects while transferring over the network. While transferring objects you perform authentication and encryption at the transport level and authorization at end point. For internal communication you use Secure Socket Layer (SSL) for encryption and decryption of data across a secure connection. For external communication between SAP and non-SAP system, the type of encryption depends on the type of adapter used for communication.
SAP PI Adapters and Security Mechanism −
| Adapter |
Protocol |
Security Mechanism |
| HTTP based Adapter |
HTTP |
HTTPS |
| RFC based Adapter |
RFC |
Secure Network Communication |
| Mail Adapter |
SMTP, IMAP4, POP3 |
HTTPS |
| File Adapters |
FTP |
FTP over SSL |
Transport Level Authorization
To achieve transport level authorization, you can use HTTP with client authentication. HTTP transport level authentication can use user name and password, X.509 certificates or SAP logon tickets.
Message Level Security
Message level security can be achieved using encryption techniques and digital signatures. Message to be sent over network is first encrypted by an encryption algorithm that includes a session key and a public key for encryption. Same session key and public key is used at the receiver’s side for decryption of message to see the content.
HTTP Transport Level
You can use the following mechanisms for HTTP Transport Level −
- User Id and Password
- X.509 certificates
- SAP Logon tickets
- Message Level Security
- S/MIME
- WS Security
- XML Signature
- XML Encryption
