SNC protects the logical link between the end points of a communication. The link is initiated from one side (the initiator) and accepted by the other side (the acceptor). For example, when a SAPGUI starts a dialog with the SAP System, the SAPGUI is the initiator of the communication and the application server is the acceptor. Both sides of the communication link need to specify SNC options.
The initiator must specify:
Whether the communication should use SNC protection.
The SNC name of the communication partner (the target name).
The location of its own external library.
The data protection level to apply.
The acceptor must specify:
Whether or not it should only accept SNC-protected communications.
Its own SNC name.
The location of its own external library.
The data protection levels to accept.
When SNC is initialized, the system dynamically loads the functions provided by the external library. Afterwards, when two components communicate using SNC, the SNC layer first processes the messages being sent and then sends them over the network using the SAP Network Interface. During this step, the SNC layer uses the functions provided by the external library to process the messages accordingly (for example, to apply encryption). The SNC layer accesses the external library using the GSS-API V2 interface. After processing the messages, the system sends them over the SAP Network Interface in the usual manner. Upon receipt, the SAP System component receiving the messages applies the corresponding external library functions in a similar manner, but reverses the process (for example, decryption)
For example when secure network communication occurs between SAPGUI and the SAP Server (where SNC is already enabled) sapgui.exe hs0017 01 SNC_PARTNERNAME="p:CN=sap01.hs0017, OU=TEST01, O=SAP, C=DE" SNC_QOP=9 SNC_LIB="C:\SECUDE\LIB\SECUDE.DLL"
The connection is established to the application server hs0017. The application server's SNC name is: p:CN=sap01.hs0017, OU=TEST01, O=SAP, C=DE. The level of protection is 9, indicating that the maximum level of protection should be applied to the connection, and the shared library is located at: C:\SECUDE\LIB\SECUDE.DLL.