Issue: Using the SAP Portal as a single point of access for employees in the company’s intranet, the following issue appears. Once the employee has accessed the Intranet Portal (SAP NetWeaver Portal 7.0), the MDC functionality is sending the SSO Cookie against all Backend Systems (domain relaxation) to get the backend access immediately. It is easy for hijackers to catch the Portal SSO Cookie and use it for their needs.
New functions are only available in the SAP CRM Web UI with new transaction types.
As it is not possible to use the old service desk transaction types with the new 7.1 features (e.g. Web Client UI) we have to plan a transition phase. During this time the customer has to complete all already existing tickets with the old functionality. At the same time he can start using the new functionalities for all new tickets. Until now there is no standard migration tool from old to new tickets available.
As it is not possible to use the new ChaRM features (e.g. Web UI) from Solution Manager 7.1 with the old ChaRM Change Documents (SDMJ, SDHF, SDTM etc.) customers have to complete all corrections via CRMD_ORDER first. Nevertheless you can start using the new functionalities with every Change Document (SSMJ, SMHF, SMTM etc.) created under 7.1. After all of the older corrections are completed, it is not necessary to use transaction CRMD_ORDER anymore, since it is recommended to use the new Web Client UI.
Single Sign-On is a very efficient way to reduce IT costs due to a lower number of help desk calls concerning passwords AND to enhance end user productivity and authentication security.
In SAP landscapes SSO implementations can be done using either a consulting solution (with Kerberos based Windows authentication) or the support by Single Sign-On software like SAP NetWeaver Single Sign-On.
SAP AGS has released a new overview presentation of Security Tools and Services to enhance SAP system security.
The presentation ‘AGS Security Services’ is available on https://service.sap.com/sos (Login required) -> ‘Media Library’ and covers topics like ‘EarlyWatch Alert (EWA) – Security Chapter’, ‘Security Notes Report (RSECNOTE)’, ‘System Recommendations’, ‘Configuration Validation’ and ‘Security Optimization Service (SOS)’.
Customers using SUN Identity Manager as their Identity Management solution should start and evaluate other solutions like SAP NetWeaver Identity Management.
The End of Service Life for Software Support ends in May 2014: http://docs.oracle.com/cd/E19225-01/820-5592/ahwbl/index.html
You think that this date is still far away? It seems, but depending on the complexity of your identity management implementation in place, it could be worth to start the migration to a supported solution soon to avoid a last-minute implementation.
In larger SAP system environments it is difficult to get a central overview of the implementation state of security relevant SAP notes.
Three useful ABAP reports support customers to create this central overview:
- ZSECNOTE_CENTRAL – Remote analysis about missing Security Notes
- ZSECNOTE_RECOMMENDATIONS – Show definition on Online Recommendations (complements ZSECNOTE_CENTRAL)
- ZSYSREC_NOTELIST – Show results of System Recommendation
Details can be found here: https://cw.sdn.sap.com/cw/groups/cross-system-check-for-security-notes
SAP System Recommendation can be used to identify all security related SAP Notes relevant for your SAP systems!
System Recommendations is a functionality in SAP Solution Manager, focusing on SAP Notes (Security-relevant notes, Performance notes, HotNews, Legal change notes, Correction notes (for ABAP and Java)). It provides a tailored recommendation of notes which should be applied to a selected managed system, and this recommendation is calculated based on the actual “notes status” of this system.
Hello, this is a complex theme.
In very short: So far it is not required, but strongly recommended. By SAP and by REALTECH. Do the Unicode conversion while upgrading – you spare yourself for another project some time down the road.
Out of SAP Note 73606:
With SAP NetWeaver 7.0 support for existing MDMP systems is stopped. [...]
With a default portalapplication within the PCD (Portal Content Directory), you can change quick and easy the default portal-theme and fit the colours to your corporate identity.
After installation your portal is displayed in the standard SAP-Colours. Be sure you are provided with the “Content-Admin-Role” (or Super-Admin-Role). Navigate to ‘Content Administration’ -> ‘Portal Content Administration’. Open the tree for ‘Portalapplications’ –> ‘com.sap.portal.navigation.afp.themestudio’ -> ‘ThemeStudio’. Right-Klick on ‘ThemeStudio’ and ‘Preview’