Network security for EP server

Hi,
If i have a portal server which talks to SAPR3 systems how should the network security be achieved, if the portal has to open to internet?
where all will the firewall come into picture? How many DMZs to be there? Is there any SAP recommendation document on this...any info would be of great help
regards,
Sujesh

Hi Sujesh,
Normally SAP recommend (on their courses) that you have a reverse proxy in the DMZ, then a firewall, then portal, then a firewall, then backend SAP etc.
However, it also depends on what you already have network architecture wise.
Paul

Similar Messages

  • MS Forefront Server Security for Exchange Server 2007 SP1 - License Expired - Unable to update

    Hi
    1. My Windows SBS 2008 Server Console shows:
    Virus Protection for e-mail STATUS alert CRITICAL (Forefront Security for Exchange Server)
    Details: None of the engines enabled for updates have been updated in the last week.
    Forefront Security for Exchange Server SP 1
    2. Event Viewer
    Error GetEngineFiles
    Event ID 6012
    Generation: Microsoft Forefront Server Security encountered an error while performing a scan engine update.
    Scan Engine: vBuster (same for microsoft, Kespersky5, Wormlist, etc.)
    Error Code: 0x80004005
    Description: The product license has expired.
    Error Microsoft Forefront Security
    Event ID 7007
    General: None of the engines enabled for updates have been updated in the last week.
    3. About forefront
    Opened Forefront Server Security Administrator > Help > About Forefront
    Forefront Server:
    Version: 10.1.0746
    Service Pack: 1
    Product Id:
    Licensed Components:
    Component: Forefront, License Type: Evaluation, Expiration Date: 16 Dec 2013
    DO I HAVE TO BUY THIS PRODUCT or DO I HAVE TO INSTALL Forefront Security for Exchange Server SP2 or SP3?
    Can please someone advise in this regard,
    Thanks

    -->Component: Forefront, License Type: Evaluation, Expiration Date: 16 Dec 2013
    Evaluation version? didn't activate this product? You
    can convert an evaluation license to a subscription license by activating the product. Be sure to have the product key available when activating FPE. After the product is activated, you can also align when the product expires with your license agreement, and
    easily renew your license by entering a new expiration date.
    Best,
    Howtodo

  • Manual Updates for Forefront Security for Exchange server

    Hello Team
    I have installed forefront security for exchange server 2007 in  CCR  and but there is no internet connectivity as it is in my test lab, 
    I would like to enable the below scan engine and update the scan engine in weekly basis as i cannot do it on daily, (No Internet Connection)
    MS Antimalware engine
    Kaspersky
    and Norman 
    Where can i get / download  the scan engine updates  for the above each  scan engines...and how to installed them manually  without internet connection . Could someone please help

    Hi Quan, and Christian,
    Thanks for that.
    My Query is that,, where can i download the updates , i mean which website can i can download the udpate for the scan engines,
    Since it my testlab environment., i don't have internet connection
    i need to download the updates from external (out of my test lab) and transper those udpates via pendire / hard drive to the test lab and from there i need to update.
    first of all , i would like know which website any source can provide  the updates for these separate scan engine updates.
    Hope you all understand

  • Just FYI, new blog post "New and Revised Networking Technologies for Windows Server Technical Preview"

    Just FYI, new blog post "New and Revised Networking Technologies for Windows Server Technical Preview" at
    http://aka.ms/xb9l0w
    Thanks -
    James McIllece

    Hi,
    Thanks for your good sharing.
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Network requirements for SQL Server Replication

    Hi,
    Can any one tell me what is network requirements for SQL Server replication.
    I have successfully configured the replication on LAN with active directory but I am unable to configure it on WAN.
    Can anyone tell me how WAN can be configured for sql server replication. 
    Any help in this regard will be highly appreciated.
    Regards,
    Muhammad Imran

    Hi Muhammad,
    In addition to Prashanth’s post, please also check the following things  to optimize SQL Server replication with a WAN link.
    • Initialize the Subscriber from a backup.
    Publishing the execution of stored procedures as opposed to replicating each operation performed by the stored procedure.
    Leveraging Subscription Streams.
    For more information, please review the following blog:
    http://sqlblog.com/blogs/argenis_fernandez/archive/2011/05/31/transactional-replication-and-wan-links.aspx
    Thanks,
    Lydia Zhang
    Lydia Zhang
    TechNet Community Support

  • Network Security for amateurs

    Hey!
    I've had my Macbook for about a year and a half and I've just started learning more about network security. I realized the other day that my IP doesn't match the one given back to me by websites; as I understand it, this might mean that my network security has been compromised.
    I don't know yet what exactly is causing that, but I want to make sure no one can get into my system. I can't turn on FireVault because I don't have enough space on my hardrive. Do encryption softwares protect against proxies and ARP poisoning? Should I go through the effort of setting up static IPs?
    I know this is very general and probably quite simple, but I want to make sure I'm going in a good direction before I take the time to set up Ettercap. My apartment is set up with Roger's wireless and uses a WEP password. Any ideas?
    Message was edited by: Chessire

    I realized the other day that my IP doesn't match the one given back to me by websites; as I understand it, this might mean that my network security has been compromised.
    Your understanding is wrong
    There's nothing wrong or unusual with having a machine address different from your public address that other sites see. It typically means is that you're running in a NAT (Network Address Translation) environment which is generally a GOOD thing.
    NAT uses a series of private IP addresses (such as 192.168.x.x or 10.x.x.x) that exist only on your LAN. Your router translates that address to a separate public IP address provided by your ISP.
    In this setup, by default, no external user can get to your machine at all since the private address can't be routed over the internet. The only way someone can get to your machine is if you configure your router to permit specific traffic into your network (e.g. if you were running a web server in your LAN you could configure the router to permit incoming web traffic).
    So don't stress over your machine having one address while other sites see a different one.
    Do encryption softwares protect against proxies and ARP poisoning?
    No. I'm not sure what you think there is about 'proxies' that you need to protect against. They serve a useful purpose in certain network configurations. Even if you use one it's unlikely to be a valid attack vector against your machine.
    Should I go through the effort of setting up static IPs?
    Set up static IPs where? If you mean on your LAN it makes no difference since no one can get to your machine anyway. If you're talking about your public IP you'd need to involve your ISP.
    Either way, having a static vs. dynamic IP address doesn't necessarily improve your security.
    My apartment is set up with Roger's wireless and uses a WEP password
    Well, for one, switch to WPA. WEP has been proven to be insecure, with an average hacker being able to compromise the wireless network password within a few minutes.

  • Security for HTTP server

    hi
    i want to disable the Administration Page for being seen by the users and want that, to see the main page of HTTP server where we have links for configuration of our HTTP server, a user must supply a username and pasword. So how do i create users to use my HTTP server's main page?
    i have searched in the documentaion but couldnot find it
    Can anyone guide me?
    Regards

    There's new security updates with a link to the PPC version at [Security Update 2008-008|http://www.apple.com/downloads/macosx/apple/security_updates/securityupdate20080 08serverppc.html]. Note, however, that this says it is for PPC Server.
    That link is for the server version. You need
    <http://support.apple.com/downloads/SecurityUpdate_2008_008__Client_PPC>
    The [Apple security updates|http://support.apple.com/kb/HT1222] page provides information that Security Update 2008-008 is released for "Mac OS X 10.4.11, Mac OS X 10.5 - 10.5.5" on 15 Dec 2008, with more information on [this page|http://support.apple.com/kb/HT3338] which is entitled, "About the security content of Security Update 2008-008 / Mac OS X v10.5.6" Note that while the referring page says this is for 10.5-10.5.5 and is a security update, the referred page seems to treat it as an OS update to Leopard to 10.5.6 There's embedded reference to 10.4.11 but it's not obvious this is for Tiger too.
    The same security fixes are in this update and the Leopard 10.5.6 update/
    I'm assuming that because Software Update notified me of this update that it thinks I should install it (and it took me ages to find the actual links to it on Apple's download pages). I'm just confused that it doesn't say outright that this is for plain old Tiger too instead of just Server versions and/or no mention of Tiger at all in the header and just Leopard and even then it seems all messed up as to the Leopard versions.
    Why not let Software Update ginstall it? It would get the correct version.

  • Network Security for a department

    Hi all ,
           Please go through my network diagram
    I am using ospf in the network .I only mentioned some of the routers in the diagram .
    Consider a Department A which is having a branch connected to Router R3 and to some other routers through E1 links   which is no mentioned here .
    Department A is having servers in the DMZ Zone of the firewall .
    I need to add security features(Ipsec) to the department A network either though firewall or through routers .Here consider 192.168.2.0/24 in the R3 as department A network .Need to provide ipsec or any other security features to 192.168.2.0/24 network only not to the whole R3 network .
    Routers Cisco  7206 ,7204

    Hi jennifer ,
       I understood the router part configuration .
      Let me clear a point
    In the pix ,servers are in the server zone whose security Level  is 95 and wan network in W AN zone and security level is 91. The ipsec is to be enable in WAN zone interface  for a particulaR traffic .
    interface Ethernet4
    speed 100
    duplex full
    nameif WAN
    security-level 91
    ip address x.x.x.x y.y.y.y
    interface Ethernet5
    speed 100
    duplex full
    nameif SERVER
    security-level 95
    ip address X.X.X.X Y.Y.Y.Y
    I had read the following link
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805e8c80.shtml
    I had totally confused with PIX  part .
    crypto ipsec transform-set avalanche esp-des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 3600
    crypto ipsec df-bit clear-df outside
    crypto map forsberg 21 match address Ipsec-conn
    crypto map forsberg 21 set peer 172.17.63.230
    crypto map forsberg 21 set transform-set avalanche
    crypto map forsberg interface outside
    tunnel-group 172.17.63.230 type ipsec-l2l
    tunnel-group 172.17.63.230 ipsec-attributes
    pre-shared-key *
    The above configuration is mentioning about one branch router and its ip 172.17.63.230.
    But i had 14 branch routers .Then what is the change in the network configuration also what is the significance of
    access-list nonat extended permit ip 10.1.1.0 255.255.255.0 10.2.2.0 255.255.255.0
    .Here my traffic is not to the outside interface but only to the intranet .

  • ACL - ILS (Item Level Security) for Content Server & WebCenter Spaces

    We're trying to implement Item Level Security (ILS / ACL) for Webcenter spaces. We're following the instructions from the Oracle® Fusion Middleware Administrator's Guide for Oracle WebCenter 11g Release 1 (11.1.1.5.0) http://docs.oracle.com/cd/E15586_01/webcenter.1111/e12405.pdf
    After making the configuration changes, we're unable to see the "Security" option from the "File" menu in the Document explorer. Has anyone else implemented this feature and ran into similar issues?
    I made the following configuration changes:
    UseEntitySecurity=1
    SpecialAuthGroups=SecurityGroups (comma separated list with no spaces and the application name is included)
    CS: Version:11gR1-11.1.1.5.0
    DB: 11.2.0.2.0 ---Oracle Database 11g Enterprise Edition
    WebCenter: 11.1.1.4.0 (in a clustered environment)
    Also, we're looking at the document properties in webcenter spaces via document explorer and do not see the "security group" or "accounts" metadata fields. We can see the "Content ID" and a whole bunch of fields and do not see "security groups" and "accounts". However, when we log into the content server and look at the folder or file "info" we can clearly see the security group and account values...not sure what is required to make these two fields show up in webcenter spaces.

    Hi ,
    Do you upload the documents from spaces or from UCM side ?
    When you say the security and account field are not displayed , is that when viewing the content or during update ?
    When the ACL features are turned off do you see the above fields ?
    Thanks
    Srinath

  • Various network setups for media serving and backups

    Are there any good sites, blog posts, etc that show different home network configurations with a Time Capsule, external HDs and Macs for handling backups and media serving? Right now I have a simple Setup where my TC backs up my MBP. I also have a couple externals HDs w a lot of music and video that's not in my iTunes library on the MBP, the HD of which is at capacity. I know I want to be able to easily access all of that content on my MBP, AppleTV, iPhone, iPad. I also want to have a good backup solution (possibly even a backup of the backup for redundancy). I just don't know the simplest way to do it and haven't found a good resource to see the alternatives and/or pros/cons of different configurations. Any suggestions would be greatly appreciated!

    This is as I posted a Self help forum the only BT presence are the forum moderators your very likely to get help from other forum users it is just a matter of waiting until some one with gaming knowledge reads your post
    If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

  • "Normal" Network Usage for MacMini Server

    I have a 2011 MMS with a Corei7 proc and 16 GB of ram.  I also have approximately 30 workstations - all mac.  Everything is running Mavericks (server is running server 3.0).
    All of my users run network accounts.  I've noticed what I would consider substantial network traffic from each machine directly to the server on port 445 (I use SMB home shares).  Using the "nettop" command, I determined this traffic is mostly from "kernel_task" and on the low side is around 8 GB for a couple of days, upwards of 80 GB on some machines for a couple of days.  The machines generally appear to run fine and there is no significant CPU usage.  Sometimes, a machine will occasionally "forget" to delete a file on logout and I get some funky errors until I clean it up (a lock file for firefox or the .mcmlx file) 
    The question is, is this a "normal" (i know relative...) amount of traffic?  It seems that whenever I open safari or firefox, the "kernel_task" network usage starts to climb rapidly.
    I guess I am concerned that this traffic could be causing some issues with the server so that it is "missing things" on logout of each user.  I did not have any of these issues prior to Mavericks and the SMB updates.  I previously used AFP, however when I use AFP firefox (required for a special internet school management application) goes crazy. 

    There was a big issue in school Servers (10.6 and previous) where the computers were almost all Network Users, often operating from computer clusters (not one user per computer).
    For Network Users:
    /Users/user-short_name/Library/Caches ...
    ... is a file on the SERVER. That is where cached firefox and safari stuff is sent! [from the Web to the WorkStation, copied to the cache on the Server, copied back to the workstation when the User changes pages, and on and on. It beats up your network, while the drive on the workstation is nearly idle. Some Admins advocated turning off Browser Caching entirely as their solution.]
    WorkGroup Manager eventually provided a work-around in an additional MCX manifest that could be added to any user:
    com.apple.MCXRedirector.manifest ...
    that had several different options for ways to deal with the Caches. The most popular was to delete the Cache in the User's Home folder, and link to:
    /private/tmp/short-User_name/Library/caches ...
    ...This folder is on the WorkStation where the User is logged in, and will be inaccessible or deleted by the time the next user logs in at that computer.
    There are articles online that contain recipes for converting the MCX manifests to use them as Profile manager xml files to support that feature indirectly, but I have not seen direct support for the feature mentioned as yet.

  • Forefront Security for Exchange Server Porduct Kay

    Just installed Forefront Protection on SBS2008 and is asking for activation Key??? 
    Can't find key to down load on website
    Please advise

    Hi Ed,
    I assume it was a volume license product you purchased? if so you should be able to sign into the Volume License Service Centre and see the product listed along with any required keys. If it isn't showing contact your distributor and get them to ensure they
    have linked it to your account.
    Volume
    Licensing Service Center - Microsoft
    Thanks
    Daniel

  • Network priority for the server

    Hello, I have one computer working as a server/router (two NIC's) and two windows machines in the LAN. All traffic to the internet goes through the server.
    Problem is, that I have few services on the server machine that require a good ping. Sometimes on the windows machines I may end up using the entire download speed (e.g. when downloading something from steam) and thus it may effect (lag) the services on the server. I'd like to give top priority to the server when it comes to downloading/uploading.
    I already found out that I can do traffic shaping with shorewall: https://wiki.archlinux.org/index.php/ro … _shorewall
    Can I use shorewall just to do the traffic shaping and nothing else? I'm already using UFW to forward traffic. Does it conflict with shorewall or require some sort of special configuration to work?

    I recommend you use plain iptables, so you can debug it.
    Here's my traffic shaping, and an alternative method.

  • External or  Internal IP for Database server machine?

    We have a web server machine with firewall controlling our network security. This server gets some critical data from a database server machine located also in the same local network. Which IP is secure for database server, Internal or External IP ?
    regards
    Siyavuş

    Internal IP
    For security reasons, is better if you could use a DMZ, with the web server in the DMZ, and the database server in the internal network
    Something like this:
    Internet <-->external firewall <--> DMZ (web server, mail server, etc) <--> internal firewall <--> LAN (database, pcs, etc)
    If you want more granularity, you could incluse put the internal servers in another DMZ

  • Add security for ITS Integrated

    I'm using the SAP ITS Integrated in the SAP ECC 50, them ITS and SAP ECC are into the same server.
    My user's can access the application from internet.
    --- Server: ECC + ITS -
    > Internet by ITS ---
    What I can do for add security in this scenario

    Hi,
    Service Market Place, SDN and SAP Help Portal contains many security related documents about the Web Application Server. Here just the most important ones:
    SAP Infrastructure Security
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/1095de90-0201-0010-90ae-adbdcd2d569f
    SAP Web Application Server Security Guide
    http://help.sap.com/saphelp_erp2004/helpdata/en/3e/cdad0dedc411d3a6510000e835363f/frameset.htm
    Service Marketplace Security Page
    http://service.sap.com/security
    Strong Infrastructure and Network Security for Heterogeneous Applications
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/9a71c790-0201-0010-1989-ba8660c08c91
    Best regards,
    Klaus

Maybe you are looking for

  • Transferring music from your iPod to your iTunes programme

    Is there anyway you can put the music you have on your iPod back onto your iTunes. I recently had to get my hard-drive replaced in my iMac and i was told i could put my music back on my library by pulling my iPod in but it's only asking me to transfe

  • Mrp - Purchase request split by different storage location

    Dear all, I have a plant with many storage location; One of these , s001, is located in a different street , so have a different address. When user needs material for this storage location s001, he creates a reservation by trx MB21. Storage dispositi

  • BI Content Data Source for  0ACCNT_GRPV Text Data

    Hi Experts   (0ACCNT_GRPV)Vendor Account Group is a attribute of (0VENDOR) Vendor.   Could you please update me wether there is any content data source avaliable to load text data of (0ACCNT_GRPV)Vendor Account Group or atleast where i can check...to

  • I HAVE ONE DOUBT ON DML  OPERATIONS?

    KINDLY GIVE ANSWERS PLZ ANOTHER QUESTION: I AM SELECTED ONE TABLE THAT TIME TABLE WILL BE LOCKED OR NOT? IF I SELECT A TABLE THE OTHER USER CAN ACCESS THE SAME?? ANOTHER QUESTION: I AM OPENED TWO SQL* PLUS IN MY SYSTEM. ARE THEY COMES UNDER SINGE SES

  • Editing Bridge HTML Web Gallery?

    Is it possible to edit the HTML Gallery Web Gallery option in Bridge? I just want it to have file names below the thumbs and preview and it would be perfect for what I want to use it for.