test

Configuring Secure Network Communications for SAP

ProcedureTo Set Additional Parameters

  1. Start transaction RZ10 and select the instance profile used by the server start-up.

    Edit Profiles

  2. Set the parameters as listed in the table below.

    Parameter 

    Description 

    Value 

    snc/enable 

    Activates SNC on the application server. 

    Default value is 1. 

    snc/gssapi_lib 

    The path and file name of the GSS-API V2 shared library. Path and file name where the SAP Cryptographic Library is located. 

    • For UNIX: usr/sap/<SID>/SYS/exe/ run/libsapcrypto.so

    • For Windows NT: D:\usr\sap\<SID> \SYS\exe\run\sapcrypto.dll

    snc/identity/as 

    The SNC name of the application server. 

    Syntax: p:Distinguished_Name> The <Distinguished Name part must match the Distinguished Name that you specify when creating the SNC PSE. For example p:CN=ABC, OU=Test, O=MyCompany, C=US

    snc/data_protection/max 

    The maximum level of data protection for connections initiated by the SAP System. 

    The maximum level of data protection settings: 

    • 1: Authentication only

    • 2: Integrity protection

    • 3: Privacy protection

    snc/data_protection/min 

    The minimum data protection level required for SNC communications. 

    The minimum level of data protection settings: 

    • 1: Authentication only

    • 2: Integrity protection

    • 3: Privacy protection

    snc/data_protection/use 

    Default level of data protection for connections initiated by the SAP System 

    The default level of data protection settings: 

    • 1: Authentication only

    • 2: Integrity protection

    • 3: Privacy protection

    • 9: Use the value from snc/data_ protection/max

    snc/accept_insecure_cpic 

    Determines if unprotected incoming CPIC connections on an SNC-enabled application server will be accepted or not. 

    The settings for accepting CPIC connections: 

    • 0: do not accept

    • 1: accept

    snc/accept_insecure_gui 

    Determines if logon attempts coming from the SAP interface that are not protected with SNC on an SNC-enabled application server will be accepted or not. 

    The settings for accepting logon attempts: 

    • 0: do not accept

    • 1: accept

    snc/accept_insecure_r3int_rfc 

    Determines if unprotected internal RFC-connections on an SNC-enabled application server will be accepted or not. 

    The settings for accepting unprotected internal r3int RFC-connections: 

    • 0: do not accept

    • 1: accept

    snc/accept_insecure_rfc 

    Determines if unprotected internal RFC-connections on an SNC-enabled application server will be accepted or not. 

    The settings for accepting unprotected internal RFC-connections: 

    • 0: do not accept

    • 1: accept

    snc/permit_insecure_start 

    Permits the starting of programs without using SNC-protected communications, even when SNC is enabled. 

    The settings to permit the starting of programs: 

    • 0: do not allow

    • 1: allow

    snc/extid_login_diag 

    		 

    • 0: do not accept

    • 1: allow

    snc/extid_login_rfc 

    		 

    • 0: do not accept

    • 1: allow

    Setting the profile parameter snc/enable to 1 activates SNC on the application server. If this parameter is set but the SNC PSE and credentials do not exist, then the application server will not start. Therefore, setting the SNC parameters should be the last step in the configuration procedure.

    These values will enable you to connect to the system without encryption.

  3. Save the settings.

  4. Restart the application server again.