E-Recruiting Security Landscape (Different Clients)

Hi,
Our customer is discussing about E-Recruiting Security Landscape and now they are asking me if we can have the following landscape: One ERP having one client for HCM and another one for E-Recruiting.
They are asking me this because the application (we still don't know if will be the BSP or WDA)will be on the internet and they don't like the idea to have the ERP client (on the background) on the internet.
As far as I know we have just these scenarios to implement:
- E-Recruiting integrated with the ERP
- E-Recruiting and ERP with separated servers exchanging data trough ALE
- E-Recruiting integrated with the ERP but with the frontend for the External Candidate on a different server.
Here we are on ERP 6.0 and Enhancement Package 4.
I think that the customer scenario isnt't supported.
Also, has anyone used the scenario with the frontend for the External candidate(Constellation III with WDA) separated from the E-Recruiting system?
Thanks,
Daniel Kiel
HCM Consultant

Hello Daniel,
the two server scenario using a frontend server as a kind of additional proxy is a quite common, if you use web dynpro for candidates. Even for the standalone installations where e-recruiting is not on the hr server it is used very often due to security issues.
As said before I only know one e-recruiting 600 integrated installation which i rolled out on my own. The customer also uses the frontend server. I still would not recommend the integrated solution although it brings a lot of possibilities for contacs with the walldorf guys ;o).
For EhP4 it is a documented way to setup a sap e-recruiting standalone system on an ERP installation (erp installed but just e-recruiting run). This scenario is called I2B. It should be possible to implement it on a server which runs HR in another client but just as it might be possible it does not mean it is a good idea. I bet I could even run a standalone like e-recruiting setting within the HR server itself with EhP4 by using some kind of self ALE with broad renumbering of objects - my server admin just refuses to give me a server to prove it.
Even if you use another client the server is still open to the internet. Most security teams will not care that it is another client as it is the same server. Already the standalone installation is too open for some of my customers. As it uses some direct pull accesses to the hr server in standard. As this is a call from a less secure to a more secure network region this is a no go for some of them. One had all of these pull functions changed to a push system where HR server sends the information to e-recruiting otherwise security had not allowed the system. Bringing the HR server anywhere near Internet is completely out of imagination.
Best Regrads
Roman
Best regards
Roman

Similar Messages

  • E-Recruiting Secure Landscape

    Hi all,
    We have a scenario in this customer with ERP 6.0 running with HCM and other modules.
    We are starting to design a landscape for the E-Recruiting EHP4 and, for some reasons, we can't count with another machine to run standalone so we will have on the same server ERP with HCM and E-Recruiting.
    The customer will have external candidates and they will be able to fill their data trough customer website using the BSP (or WD, we still don't know what is better) page.
    The question is about the security thinking that the user are accessing trough the Website, the same server that has sensitive data such as Payroll and Controlling... What kind of firewall or similar can we have to avoid external access to the ERP. Is there any customer with this scenario?
    Thanks,
    Daniel Kiel

    Hello Daniel,
    the number of real production running integrated e-recruiting systems must be quite low. Last time i talked to sap sales guys here Q3 last year there was only one intergrated production system in DACH area (germany, austria, switzerland) - and that was the one I rolled out myself.
    Putting the HR Core server to the internet is a security nightmare. At least here you will probably be shot if you tell this idea to the IT security guys or the data security guys or the work concil - no i am not kidding, data security for employees is nothing to be joked about.
    SAP introduced the 2 server landscape where you put a WebAS as proxy into the DMZ to protect teh HRC Core server. But if you need another server anyways, use it for a standalone installation.
    And always remeber:
    - E-Rec < EhP4 no support for for CE at all, same for reference employee Id
    - E-Rec = EhP4 support for CE only documented for standalone scenario
    - E-Rec no support for structural authorization
    - E-Rec no support for structured user management
    => if you have the future need or already find one of these topics in the HR core server, standalone installation is your only choice.
    Kind Regards
    Roman

  • Request TRNK900700 (IDADMIN) belongs to a different client

    the system prompt me that "Request TRNK900700 (IDADMIN) belongs to a different client" when i transfer datasource 2LIS_11_VAITM. i never created the request TRNK900700 , which is default ,so i ask why defaut request is TRNK900700 ?

    Anil Kumar :
         thanks a lot for your help again.
        1. "By changing the owner of the request , You can make changes to this object"
         could u tell me how changeing the owner step by step
    ,alternatively, gaving me a infomation ?
         2."You have to release the request to next system of the landscape"
           i get a conclusion from your thread that: a object would not belongs to a request if the request to which the object belongs  had been released .
            is my conclusion right?

  • How to connect different clients of same SAP Instance

    Hi,
    I have a question abour CPS 7, Basic- / Free of Charge  Version
    I know that this version is restricted to have only  one SAP Instance per Isolation Goup, but how about different clients of the same Instance ?
    Is it necessary to create an  Isolation Group for each client of the same instance ?
    We actually have 1 isolation group with 1 Instance and 1client .
    Trying to create a second XBP Connection to another client fails then saving the changes with error:
    "JCS-102120: SAP System DI1.DI1_045 should be isolated but is not. Show error details"
    I didnt find a concrete statement in the Installation - and in the Admin Guide.
    Regards
    Frank

    Hi Frank,
    This is correct, there is one client per isolation group. The free version works similar in this respect to SM36/SM37: jobs are defined in each client individually and independently.
    Regards,
    Anton.

  • ERROR WHILE testing WEBSERVICE IN TWO DIFFERENT CLIENTS

    hi all
    i have developed a proxy and try to test  <b>web service in wsadmin tcode</b> through <b>two</b> DIFFERENT CLIENTS.
    FROM <b>CLIENT  1</b> IT IS SHOWING THE SUCCESSFULL RESPONSE
    BUT FROM <b>CLIENT 2</b> IT IS SHOWING THE FOLLOWNG <b>ERROR</b>.
    <b>No implementing class registered for the interface (ABAP interface, request message , request message, namespace )</b>
    THANKS 
    praveen kalwa

    hi marten
    can u describe in brief what i should do in the sxmb_adm in the both client ..
    why because i could not find any thing
    <b>PLS DO THE NEED FULL</b>
    thanks in advance
    PRAVEEN KALWA

  • Different Service Desks in different clients in the same Solution Manager?

    Hi
    Is it possible to place different Service Desks in different clients in the same Solution Manager?
    Concrete we plan the following  scenario:
    - Division 1
      -- System 1,2,3, etc.
      -- Service Desk  in client 100
      -- Monitoring for the whole trust in client 050 (still exists)
    - Division 2
      -- System 4,5,6, etc.
      -- Service Desk in client 200
      -- Monitoring for the whole trust in client 050 (still exists)
    Is it possible to realize this scenario or are there any restrictions?
    Thanks & Regards
    Andreas
    Edited by: Andreas Städler on Mar 19, 2008 5:52 PM
    Edited by: Andreas Städler on Mar 19, 2008 5:54 PM

    hi Neil
           did u solve the problem still Struck  let me know
         we can access the same iview  n no of  clients. let me know any do u have any queries and other infomation
    bvr
    Edited by: bvr on Dec 2, 2008 6:32 AM

  • To check the difference between 2 programs from 2 different clients

    standard program which you can use to compare difference between sources codes of 2 different programs

    Hi,
    use remote comparision to compare the program with two different clients..or use TCODE-SE39
    Regards,
    Nagaraj

  • Enhancements are not visible in different clients

    Hello Experts,
    I am facing a strange issue in my compoenent enhancements for IUICMD.
    I have created an enhancement set ZCRM_IUICMD and assigned it to different clients  thorugh BSPWDV_EHSET_ASG.
    All my enhancements to componenet are attached to the above enhancement. Suddenly i can see that my enhancements
    behave differently in two different clients.
    I have verified the repository objects like classes & methods and also UI configuration. It remains same in both clients.
    Let me know if you have faced similar problem and your solution to that.
    Thanks in advance................
    Best Regards,
    Prabahar

    Hi Saumya,
    I am enhancing the component view IUICMD/DetailAccount. Here i have created a new context node for BuilheaderSearch.
    I am using using context node attribute ID_TYPE in IUICMD/DetailAccount & Provided F4 help for that. Now i can see Input help in client 200 & not able to see that in client 210.
    I have assigned my enhancements to both the clients 200 &210. In both the clients UI Configuration remains the same.
    Hope it gives you the details that you are expecting.
    Best regards,
    Prabahar
    Edited by: Prabahar N.R on Sep 10, 2009 1:10 PM

  • Could not get system landscape directory client - NWDS 7.31 SP 09

    Hi Experts,
    We are unable to import development configurations from NWDI 7.4 to NWDS 7.31 for one of the developer's id. Other developers are able to import the
    configuration successfully in NWDS and are able to create projects without any issues. In fact, I am able to import the development configurations from his Id on my machine.
    The error message that is appearing is as follows: Could not get system landscape directory client.
    PFB the NWDS logs:
    null
    Error
    Tue Jan 06 12:48:58 IST 2015
    List Development Configurations failed      [Error: com.sap.ide.dii05.ui.internal.sld.SldContext  Thread[ModalContext,6,main]]
    com.sap.lcr.api.cimclient.LcrException: com.sap.lcr.api.cimclient.CIMClientException: HTTP response code: 407 (Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ))
    at com.sap.lcr.api.cimclient.HttpRequestSender.newClientException(HttpRequestSender.java:719)
    at com.sap.lcr.api.cimclient.HttpRequestSender.processResponse(HttpRequestSender.java:608)
    at com.sap.lcr.api.cimclient.HttpRequestSender.send(HttpRequestSender.java:352)
    at com.sap.lcr.api.cimclient.CIMOMClient.sendImpl(CIMOMClient.java:205)
    at com.sap.lcr.api.cimclient.CIMOMClient.send(CIMOMClient.java:153)
    at com.sap.lcr.api.cimclient.CIMOMClient.enumerateInstancesImpl(CIMOMClient.java:450)
    at com.sap.lcr.api.cimclient.CIMOMClient.enumerateInstances(CIMOMClient.java:754)
    at com.sap.lcr.api.cimclient.CIMClient.enumerateInstances(CIMClient.java:989)
    at com.sap.lcr.api.sapmodel.JavaCIMObjectAccessor.enumerateInstances(JavaCIMObjectAccessor.java:213)
    at com.sap.lcr.api.sapmodel.SAP_DesignTimeConfigurationAccessor.enumerateInstances(SAP_DesignTimeConfigurationAccessor.java:164)
    at com.sap.ide.dii05.lib.internal.sld.SldBasicContext.listRemoteDevConfNames(SldBasicContext.java:197)
    at com.sap.ide.dii05.ui.internal.devconf.wizard.DevConfImportSldPage$6.run(DevConfImportSldPage.java:293)
    at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
    NWDS version: 7.31 SP 09
    Error Screenshot -
    Any pointers will be highly appreciated.
    BR,
    Anurag

    Hi,
    we had some issues recently with this, and the trace also mentions proxy issues. Could you please try direct connection in that preferences  (in other words do not use proxy settings in NWDS) ?
    Is it possible that there is some kind of web-filter application installed that is blocking the request?
    I'd suggest to google for this error:
    407 (Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.  ))
    Perhaps the problem is not even sap related.
    Is Microsoft Forefront TMG (Threat Management Gateway after some googleing) perhaps configured in the way that it is not allowing this request ? Perhaps the IT guys of your company could look into this.
    Microsoft Forefront Threat Management Gateway - Wikipedia, the free encyclopedia
    12209 Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.
    Cheers,
    Ervin

  • Different Client Versions in OWB 9i and 10g

    Hi,
    Our client is using 9i OWB Client Software, and we are planning to use OWB10g Client Software on Windows Platform.
    Will there be any compatability issues while moving from 9i OWB Client Software to 10g Client software.
    And what are other parameters we need to consider, if possible please mention any documents links available.
    Kindly let me know the pros/cons in this model .
    Here my main question is will there be backward compatibility, i.e repository in 9i database need to connect by using the OWB 10g client?
    With Regards,
    Kranth...
    Edited by: user8536050 on Jan 18, 2010 1:44 AM

    Hi,
    you cannot use different client versions on the same repository. If you want to use owb 10g, then you have to upgrade the repository to 10g. Then you can only use 10g clients, owb 9i clients cannot connect to that repository.
    Regards,
    Carsten.

  • Error When Run ABAP Query in Different Client

    Hi ABAPers,
    Currently I develop ABAP Query using SQ01 / SQ02 / SQ03.
    Everything goes well, and I have already test that the query work well. The query can be execute and show the result correctly.
    My peer in same SAP system, but different client, run the same query. As I know that query is same with ABAP program which is client independent, can be execute across client. But then the runtime error show up.
    The error said that
        Exception condition "NO_POSITION_FOUND" raised.
    Can anybody told me what's happened here, and how can I resolve this problem?
    Thank you in advance
    Regards
    Hadi

    Hi,
    Since you are testing it in other client,i think due to data inconsistency you are getting that error.
    Try to  check the corresponding tables in both clients and can verify.
    Cheers,
    KK.

  • Livecache on different clients

    Hi,
    I am using APO for two different clients. It is working fine for the original one, but I am having different issues (see below) when I CIF the transtactional data.
    What should I consider for Livecache being shared on different clients?
    Issues
    - Multi-level error propagation carried out
    - Error when reading ATP delta records: Error calling function module /sapapo/cif_help_object_show in system AAQCLNT500 : Exception condition "CNTL_ERROR" raised. Message no. XC016
    - Message no. SR053
    - LC error;
    Considerations already done:
    - Logical systems
    - RFC connections
    - Same Business system group.
    Any recommendation will be very valuable for me.
    Thanks a lot.

    Muhammad,
    the installation is done in client 000.
    You then do post-installation and configuration for each client - AC needs to do a connection to each client individually in order to separate the results (risk analysis, provisioning).
    Frank.

  • Create a new branch On same OR different Client

    Dear Experts,
    Can anyone tell me the advantages and disadvantages of same vs different client, from FI & CO view, as we are having a new foreign branch in another country, should we use the same client or a different client?
    For e.g.:
    Client 100 Company A - present
    Client 100 Company B - new
    OR
    Client 100 Company A - present
    Client 200 Company B - new
    Regrads,
    Mohammad

    Hi Mohammed,
    It would be better to choose the first option ie, choosing the same client. Please refer the attachment which deals with this topic.
    Same or different client
    two different organization on one system
    more than one company code
    Warm regards,
    Murukan Arunachalam

  • Comapring the smartform in two different clients!!

    Hi Experts,
                    I have a situation, where I need to compare a same smartform in two different clients. As we can do the Remote comparison for the program, similarly how can we do it for smartform?
    Thanks in advance.

    Hi Ganesh,
    Actually Smartforms are client-independent. So there is no question of same smartform being different in  different clients.
    Just check your SF once again.
    Hope this resolves your query.
    Reward all the helpful answers.
    Regards

  • Dev qas and prd set up with different clients

    good day experts,
    If I have 3 different clients in PRD, is it recommended to have 3 qas and 3 dev clients as well? For instance, 3 clients in PRD which are 500, 510, and 520; do I have to have 300,310,320 for qas and 200, 210, and 220 for dev? for we have difference configurations and settings on difference clients.
    Please suggest! Thank you in advance!

    Hi,
    It is not mandatory that you have three clients in all system. General approach is as below:
    1) Development System- Sandbox Client, Development Client, Golden Master Client
    2) Quality System- Testing Client, Pre-Production client (not require always)
    3) Production System- One Production Client (If there is any special requirement then you can create more client)
    Thanks
    Sunny

Maybe you are looking for

  • I am getting following error when index rebuild

    SQL> ALTER INDEX VECTORMAPLIN_IXS REBUILD; ALTER INDEX VECTORMAPLIN_IXS REBUILD ERROR at line 1: ORA-14086: a partitioned index may not be rebuilt as a whole i have given alter index VECTORMAPLIN_IXS REBUILD partition; but i am getting error plseas s

  • I'm unable to export any slideshow from Iphoto 9.5.1?

    After creating a slide show in the latest version of IPhoto with music attached, i am unable to export the slideshow as standard definition or high definition. The export progress bar pops up with a black screen but never moves or creates the show? A

  • How can I compile in Xcode?

    I'm obviously very new at this. I don't know how to compile my Hello World C++ code. Every option in the Build menu is disabled except for Allow ZeroLink. I'm extremely frustrated. I used TurboC before in Windows when I was studying C and though it's

  • Inputstream.....help me...

    Hi guys, i've a question for you. My Jsf Application allow user to upload a txt file thanks to a Myfaces component. I want manipulate later this file and i know that exist getInputStream function that allow it. My question is that i have to add to my

  • Running FDS2 Express as a service on Linux (Fedora Core)

    Hello, I've just installed the Flex Data Service 2 Express on a dedicated server running on linux (Fedora Core). I can run the server and everything works fine but as soon as I loggout, the server stops running. I believe I need to run as a "backgrou