GRC Sizing

Similar Messages

• SAP GRC Sizing guidelines

  Hi,
  Is there any sizing tools available for a GRC installation on Windows and Oracle? I have used the quicksizer tool to size core components such as ERP, however I have not come across any tools or documentation that give guidance for sizing GRC.
  Regards.

  Here is the link to the preliminary sizing guidelines:
  https://community.wdf.sap.corp/sbs/message/73966#73966
  Best, Jürgen

• SAP GRC Installation

  Dears,
  We are planning to install GRC.Beinf new to GRC I have some doubts for it.
  1- When searching for installation guide I found several components Like Access Control,Risk Managament..
  We want to install all these component so I want to know do I need to install all these components sepratley on server or they can be install on a server and these components are independent of each other or do i need to install a common platform and on that i can install all required componenets.
  2-I have searched a lot but not found any sizing guide for it,So please what should be hardware configuration for it.
  Please Suggest.
  Shivam

  Hi Shivam,
  GRC AC5.3 contains four components called
  1)Risk Analysis and Remediation ( Previous Name Compliance Calibrator)
  2) Compliant User Provisioning     (Previous Name Access Enforcer)
  3)Enterprise Role Management     (Previous Name Role Expert)
  4) Superuser Privilege Management (Previous Name Fire Fighter)
  Depending upon your organisation requirement you have to install these components.
  You can deploy these component in one netweaver server.
  For Installation guides click on the links of SAP service marketplace below,
  https://websmp207.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000718186&
  Then click on SAP GRC Access Control 5.3 and you will get the list of documents of GRC AC5.3 which is the latest version of GRC.
  And the GRC Sizing guide is available in the marketplace.
  If you require any other info then let me know.
  Reagrds,
  Sudip.

• PRELIMIARY SIZING GUIDELINE - GRC V 10

  Hi,
  I was able to find Sizing details for GRC AC Version 10.0 Beta Release/Ramp-Up.
  Could anyone help me in getting  latest document on the same if any.
  Regrds,
  Shree

  Yes, As Simon Said, according to the note 1243085 - Available Documentation for GRC Access Control
  The guide is here:https://websmp206.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000738725&
  Cheers!

• GRC Access Control licensing and Sizing

  Dear All,
  I am putting up a proposal for GRC Access Control. Could someone please help me with the calculation of licensing cost and the hardware requirements?
  1. Is the license cost totally driven by revenue ?
  2. Is there a flat base price plus number of user accounts?
  3. What sort of hardware config is required?
  Thanks,
  Aj

  Please ask your SAP account contact for pricing information.
  Frank.

• Instalação GRC independente do NetWeaver atual

  Olá Experts,
  Necessito instalar o GRC para implantação da NF-e v2.00. Atualmente temos um ambiente ECC 6.0 que será atualizado via Notas até o SP necessário (aprox. 351 notas). Temos também um ambiente NetWeaver PI que se comunica com este ECC e possui diversas Interfaces via ABAP Proxy, IDOC e RCF.
  Queria saber se é possível a instalação de um novo ambiente NetWeaver PI para o GRC, independente do PI atual. E se é possível que o ECC se comunique normalmente com os dois Integration Servers.
  Desde já agradeço.

  Entao, sao 2 coisas diferentes:
  1 - usar o PI atual como PI apenas e criar um novo ABAP Stack 7.0 para o client do GRC
  2 - usar o PI atual tanto como PI quanto como ABAP stack para o client do GRC.
  A 1 eu nao vejo problemas, até facilita a manutencao de seu landscape.
  Para a 2, eu nao recomendaria por diversos motivos, principalmente:
  a) complicacao da manutencao de um PI que já é central em sua empresa.
  b) a proxima versao do NFE, a ser liberada no fim do ano, vai demandar que o ABAP Stack do client do GRC seja atualizado para o NW 7.02 (7.0 EhP 2), o que poderá gerar impactos em seu ambiente PI.
  Eu vejo o modelo 2 como um modelo aceitável caso você ache que o ambiente PI atual nao vai conseguir te dar o SLA necessário para processar as NFes, pois vocês já enfrentam muitos problemas com as outras interfaces. Contudo, se você tem problemas de administração em um PI, a tendência é que vc terá os mesmos problemas no outro PI também, ou seja, a empresa precisa aprender a ter uma cultura de gestão pró-ativa e não reativa do PI de qualquer maneira, o que meio que acaba por eliminar a necessidade de ter o 2o... Mas se mesmo assim a empresa acha que seria mais fácil, no curto prazo, instalar um novo do que "limpar" o atual, é possível sim. Mas sempre com o objetivo de migrar isso pra um PI único no médio/longo prazo.
  Abs,
  Henrique.
  PS: seja para o modelo 1 ou 2, o sizing necessário para atender ao cenário NFe é relevante. Seja em um servidor separado ou adicionando capacidade ao servidor existente, você precisa de mais hardware (memoria, processador, disco) para o processo de NFes. E isso é tão mais crítico quanto maior for seu volume de NFes.

• GRC 10.0 - Transport Connector Relevant Settings

  Hi Gurus,
  Many of you have already completetd GRC 10.0 implementaion. One of the Key advantage of GRC 10.0 stated as "Changes can be transported".
  While carrying out configuration settings under nodes SPRO -->GRC --> Common Component Settings --> Integration Framework and other Subsequent nodes in Access Control, we find many steps involve Connector, Connector Mappings, Actions related Settings which are connector dependent.
  Further, there are relevant sub-nodes viz. User Defaults, User data sources, HR Triggers etc., which involve connector values as part of configuration steps.
  We have created Back end test / Development related connectors and carried out the relevant configuration settings. We find that all these settings are getting collected in the transport request.
  Once we move this transport request to GRC QAS / Production landscape all the back-end Test / Development /QAS related connector settings will also move. Further this will also call for defining back-end Production systems related Connector Settings in GRC Development System itself.
  Looking forward for inputs with respect best practices for managing the GRC 10.0 config / workflow related transports across Dev / QAS / landscape.
  Regards
  Hemant

  Hi Hemant
  SAP has made a lot of the transport functionality in GRC10. I find that they hereby created a huge expectation with the customer, that in fact is not true.
  For instance Exclusion Objects and Mitigation Controls are NOT transported. What about Organizations? Critical Roles and Profiles are also not transportable.
  As for the Connectors - system specific parameters are transported. Therefore you end up having to delete the DEV and QA connectors in the PRD GRC system.
  On this question, has anyone used CLM yet? It seems that only Functions and Risks will be extracted to CLM and then deployed in the other system (DEV to QA for example). Does CLM even work?
  SAP provide not guidance on all of these important issues. I agree that it is about time that SAP takes some leadership and produce a proper best practise guide for this software. By the way, an offical sizing document from SAP is still to be delivered.
  Thanks
  Will

• GRC 10.0 Database average size

  Hello everybody,
  A customer has asked me how to size their disks for their new GRC 10.0 Risk Management installation.
  Installation guides and sizing guidelines provide information for software space occupation, but the size of the database should depend on the specific customer project, I believe.
  Therefore, I know that a precise answer is not possible but in your experience what "order of magnitude" could a GRC RM database reach? Several MB? Some GB? Hundreds of GB? TB?
  Many thanks in advance
  Marco

  Hi Marco,
  Size of the database depends upon the on:
  1. No of systems you are going to connect
  2. Users in each system
  3. Roles and authorizations in each system
  4. Risks in each system
  Approx databse size for GRC installation is around 120 GB.
  Regards
  Rajan Arora

• GRC AC 5.3 Hardware RAM specification of 1 J2EE system.

  Hello,
  I have a hardware doubt... We want to install the SAP GRC AC 5.3. The four application in the same SAP NW 7.0 AS Java instance.
  I have read some specification about each application, it talked about the SAPs that it need it each one.
  The question is... Do I have tu add all the RAM of each application, or do I have to get only the bigger RAM application???
  What I mean is do I have to add the RAR, ERM, CUP & SPM RAM of each other, or do I have to get the bigger RAM to use in the J2EE system???.
  Best Regards...
  pablo Mortera.

  Hi Pablo,
     It depends on which functionalities you will be executing at same time or simulataneously.
  It should be mentioned in the AC 5.3 sizing guide at
  https://websmp208.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000071612&_SCENARIO=01100035870000000112&_OBJECT=011000358700000435122007E
  Did you use T-shirt sizing or Expert sizing? My personal recommendation is to have enough SAPs available for Risk analysis in RAR, CUP and ERM and management report. All other activities are mostly initial synchronization.
  Regards,
  Alpesh

• GRC 5.3 Access Control - Critical Alerts for permissions

  We have successfully configured alerts for transactions, but we have not been able to generate any alerts to indicate when a user executes the transaction and makes a change. 
  Should the risk containing the function be saved as Critical Action or Critical Permission?
  How should the auth object be added to the function?
  I have noticed when adding a transaction to a function 5.3 does not import the auth objects like VIRSA backend clients.  Is this correct or was something missed in the configuration?
  Any help is appreciated.
  Thanks,
  Joe

  Hi Pablo,
       AC 5.3 release will have it's first anniversary in second half of 2009 and it is far better product than AC 5.2. Trust me, and go with AC 5.3, you won't be disappointed. Products in AC 5.2 are very restrictive and you will get frustrated with RE for sure.
      The recommendations you provided came out of installation guide and other documents. These requirements are ok but I would not recommend you to go with them. Insted, it would be better to go through the sizing guiding and size your server accordingly.
     SAP used to have AC 5.2 sizing guide but they have removed it from SMP as they have replaced it with sizing guide for AC 5.3. Here is the link to the guide:
  https://websmp203.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000071612&_SCENARIO=01100035870000000112&_OBJECT=011000358700000435122007E
  If you still want to go with AC 5.2 then open a message with SAP and they can provide you. I even has that guide so if you want it, I can share it with you.
  Regards,
  Alpesh
  SAP GRC Manager (PwC)

• GRC Access Control 5.3 installation

  Hello all,
  I'm planning the installation of SAP GRC Access Control 5.3 and have a few questions. In the software download section of SAP Service Marketplace, the most recent installation files are for Virsa 5.2. Under SAP GRC Access Control, there are no installation files that I can see. (I tried several different OSS IDs including partner ID, so I do not think it is a licensing issue) Could someone please confirm that the Virsa 5.2 files represent GRC Access control 5.3?
  One reason for this question is that in Solution Manager, under Business Blueprint (SOLAR01), SAP GRC Access Control 5.3 is displayed as the default selection for Internal Controls. Is SAP planning to release installation files in the near future for SAP GRC Access Control 5.3? If so, when?
  Thanks in advance,
  Glen Hoaglund
  Capgemini Basis Consultant
  Edited by: Glen Hoaglund on Jun 3, 2008 3:13 PM

  John & Glen-
  Right now Compliance Calibrator 5.3, now Risk Analysis and Remediation, which is part of Access Control 5.3 is currently in Ramp Up, and will be available in October 2008.  
  You can download the User manuals for 5.3 from SAP Marketplace.  That will give you an idea of what functionalities 5.3 has and how it is structured.
  From my observation of 5.3, and having implemented 5.2 for some clients, 5.3 does have some functionalities which are missing in 5.2.  But for setup and sizing, it is always recommended that you allocate GRC on its own server with a lot of space.  The applications are very memory-intensive.
  I believe FireFighter, or Superuser Privileged Access in 5.3, will still reside in the ABAP stack, with the reporting done on both ABAP and Java stacks.  The bulk of the functionality of 5.3 is the same as 5.2.
  Let me know if you have any questions...
  Ankur
  GRC Consultant

• GRC AC 10 on SAP NW 7.3

  Hi,
  Need your valuable input regarding GRC Access control V 10.  I dont have much of knowledge about GRC, but unfortunately I need to collect some information about GRC AC V 10 on SAP NW 7.3.
  From my search I think SAP has not released the GRC Access control V10 for SAP NW 7.3 and as per note 1532805 I think its not released yet. Is my understandign right or if any one has installed please give you valuable input.
  Also I am trying to serach PAM for GRC AC V10 but unfortunately I cant find any. Any link to the same will be of great relief.
  Is there any document related for sizing GRC AC V10? I can find document for 5.3 only.
  Any help in this will be of great help to me.
  Thanks in advance.

  We have been communicated that GRC 10.0 was not tested on NW 7.3  We were strongly suggested to use recommended NW 7.02

• Missing App server in GRC Analysis Engine Daemon Manager

  Hi,
  We have two app servers for our GRC AC 5.3.The Analysis Engine Daemon Manager(http://<host>:5<nn>00/sap/CCADStatus.jsp) lists only one of the app servers .If I try the URL for the Daemon manager using the URL with app1 or app2 it lists only the background job workers and web services workers for the app1 only and not the app2.I checked the entry for table VIRSA_CC_CONFIG which has entry for the first app server ('107', 0,http://app1:5<nn>00/webdynpro/dispatcher/virsa/ccappcomp/BgJobStart', 'BgJobStart URL').Do I need to add the other URL for the other app server also.If yes how.If any one has faced this issue please help me.Your help is greatly appreciated.
  Thanks,
  Max

  Since the Instance number (i.e. <nn> ) is a mandatory part of the URL so the URL for two app. server should be different. But first of all what is the necessity for keeping two different Instances (Java) for GRC AC? One is enough with proper hardware and system parameter sizing - right?
  Also, the Batch Jobs are not App server specific stuff.. so it is not correct to say that there are Jobs from only one App server and not from the other.
  regards,
  Dipanjan
  Edited by: Dipanjan Sanpui on Sep 27, 2010 2:51 PM

• SOD violation as per sizing guide

  Hi All,
  I have a query regarding sizing for GRC server. As per sizing guide, there are few inputs like total roles and total users in system landscape, which are to be connected to GRC and total violations during per peak hour etc.
  I want to know what violation count means in this context -
  Is it SOD violation before GRC implementation occuring in system?
  Or is it SOD voilation count when GRC is established and we assume that either most of the risks are mitigated and / or remediations are done.
  Does this count SATs as well?
  Thanks & Regards,
  Sabita

  Hi Experts,
  Please excuse me for re-opening this message. Our client wants clear understaning on sizing and I want confirmation before I can convince them.
  Here are my queries-
  1. When we do sizing for RAR, what activities are covered under " Daily Transactional Sizing per hour". We do incremental Sync and Batch risk Analysis, but they run in nights when system is less loaded. So what does it mean"during peak hour"? What else are under transactional sizing-do webservice calls from ERM or CUP are included in it and does Alert Monitor job also falls under it?
  2. What does it mean voilations in context of Risk Analysis? Does it mean actual violations in daily backend transactions or it is only voilations based upon Role/User authorizations? What kind of voilation it includes-permission level all line items(like ME21N ACTVT 01, 02, 03 are 4 voilations or it is only one for one risk?
  3. Under which criteria or parametr should we do sizing for Adhoc risk analysis ( run from Informer tab) .
  4. There is parameter for "initial load" in RAR and CUP. We would like to know why there are two parameters for "initial load" and "daily transactional". They may overlap for sizing purpose because when we do initial it means system is not ready to perform daily tasks. And when we say " Transactional" it means initial load is done. So in this case, the SAPS used in initial load is released for daily transactional task.
  Thanks in advace.
  Regards,
  Sabita

• AC 5.3 - BW Reporting - Sizing

  Hi All,
  If we have a GRC server that is sized at 120 GB, how big does the BW server need to be sized to store the equivalent data set?
  I can not find any onformation on this subject.
  Regards
  Simon

  Great question. This has initiated a big discussion in our office.
  We would like to know which of the following is correct:
  a)  SP09 will add a data mart component to the GRC Application Server, and the client user would need to install a front end Crystal Reports tool to analyse reports from the data mart on the GRC application server. (This does not require installation of a Crystal Server instance)
  b) SP09 will install a custom connector in the GRC application server allowing data to be extracted to an external Crystal Server box to which users will connect and view reports. (This does require installation of a Crystal Server instance).
  Thanks,
  Babak