Data Transport and Migration Tool for Fashion Release 1

Administrator's GuideData Transport and Migration Tool for Fashion Release 1.0Document Version: 1.0 – 2014-12-05

CUSTOMER

Data Transport and Migration Tool for FashionRelease 1.0

2CUSTOMER© 2014 SAP SE or an SAP affiliate company. All rights reserved.

Data Transport and Migration Tool for Fashion Release 1.0Typographic Conventions

Typographic Conventions

Type Style Description

Example Words or characters quoted from the screen. These include field names, screen titles,pushbuttons labels, menu names, menu paths, and menu options.

Textual cross-references to other documents.

Example Emphasized words or expressions.

EXAMPLE Technical names of system objects. These include report names, program names,transaction codes, table names, and key concepts of a programming language when theyare surrounded by body text, for example, SELECT and INCLUDE.

Example Output on the screen. This includes file and directory names and their paths, messages,names of variables and parameters, source text, and names of installation, upgrade anddatabase tools.

Example Exact user entry. These are words or characters that you enter in the system exactly as theyappear in the documentation.

<Example> Variable user entry. Angle brackets indicate that you replace these words and characterswith appropriate entries to make entries in the system.

EXAMPLE Keys on the keyboard, for example, F2 or ENTER .

Data Transport and Migration Tool for Fashion Release 1.0Document History

CUSTOMER© 2014 SAP SE or an SAP affiliate company. All rights reserved. 3

Document History

Version Date Change

1.0 2014-12-05 Version 1.0


Data Transport and Migration Tool for Fashion Release 1.0Table of Contents

Table of Contents

1 Getting Started ........................................................................................................................................ 51.1 About this Guide ...................................................................................................................................................... 51.2 Related Documentation .......................................................................................................................................... 6

1.2.1 Planning Information .............................................................................................................................. 61.2.2 Further Useful Links ................................................................................................................................ 61.2.3 Related Guides ........................................................................................................................................ 7

1.3 Global Definitions ..................................................................................................................................................... 71.4 Important SAP Notes .............................................................................................................................................. 8

2 SAP DTMT Framework .............................................................................................................................92.1 Product Overview .................................................................................................................................................... 92.2 The Tool Part ............................................................................................................................................................ 9

2.2.1 Data Migrations with DTMT.................................................................................................................. 102.2.2 Adaptations and Enhancements ......................................................................................................... 102.2.3 Summary of Data Migration Process .................................................................................................. 102.2.4 Testing Migration Results ..................................................................................................................... 102.2.5 Data Migration Versus Data Transport ................................................................................................ 112.2.6 DTMT Architecture ............................................................................................................................... 122.2.7 Generation Approach............................................................................................................................ 122.2.8 Migration Object .................................................................................................................................... 132.2.9 Migration Scope .................................................................................................................................... 132.2.10 Summary of Data Migration Process .................................................................................................. 13

2.3 DTMT Content for AFS to FMS Migration............................................................................................................ 142.4 Release 1 of the AFS to FMS data migration consists of the following migration objects: ............................. 14

3 Installation Information ......................................................................................................................... 163.1 Recommended System Landscape for an AFS2FMS Migration Project .......................................................... 16

4 Security Information .............................................................................................................................. 184.1 User Administration and Authentication ............................................................................................................. 184.2 User Management ................................................................................................................................................. 184.3 User Data Synchronization ................................................................................................................................... 194.4 Integration into Single Sign-On Environments ................................................................................................... 194.5 Authorizations........................................................................................................................................................204.6 Session Security Protection .................................................................................................................................204.7 Network and Communications Security ............................................................................................................. 214.8 Communication Channel Security ....................................................................................................................... 224.9 Network Security ................................................................................................................................................... 224.10 Communications Destinations ............................................................................................................................. 234.11 Data Storage Security ........................................................................................................................................... 23

Data Transport and Migration Tool for Fashion Release 1.0Getting Started


1 Getting Started

This guide does not replace the daily operations handbook that we recommend customers create for theirspecific production operations.

1.1 About this Guide

This Administrator’s Guide is the central starting point for the technical implementation of SAP DTMT Framework.

Use this guide to get an overview of SAP DTMT Framework, its software units, and its scenarios from a technicalperspective. The Administrator’s Guide is a planning tool that helps you to design your system landscape. It refersyou to the required detailed documentation.

The Administrator’s Guide is a single source of information to support the implementation and operation of SAPDTMT Framework. Therefore, it includes the following information:

Planning Information

The first two sections of the Administrator’s Guide provide you with the most important information regardingthe implementation of SAP DTMT Framework, including an overview of the related planning information, itssoftware units, the system landscape, and the overall implementation sequence.

Installation Overview

This section gives you an overview of the installation components and the sequence in which they areinstalled, as described in detail in SAP Note 1977354.

Operation Information

This section provides you with the information that you require to operate SAP DTMT Framework.

Security Information

This section provides you with the information that you require to operate SAP DTMT Framework securely.

Target Groups

Technical Consultants

System Administrators

Solution Consultants

Business Process Owner

Support Specialist



1.2 Related Documentation

1.2.1 Planning Information

Topic Guide/Tool

Latest versions of installationand upgrade guides

http://service.sap.com/instguides

SAP Business Maps –information about applicationsand business scenarios

http://service.sap.com/businessmaps

Sizing, calculation of hardwarerequirements – such as CPU,disk and memory resource –with the Quick Sizer tool

http://service.sap.com/quicksizer

Released platforms andtechnology-related topics suchas maintenance strategies andlanguage support

http://service.sap.com/platforms

To access the Platform Availablity Matrix directly, enter

http://service.sap.com/pam

Network security http://service.sap.com/securityguide

High Availability http://www.sdn.sap.com/irj/sdn/ha

Performance http://service.sap.com/performance

Information about SupportPackage Stacks, latest softwareversions and patch levelrequirements

http://service.sap.com/sp-stacks

Information about Unicodetechnology

http://www.sdn.sap.com/irj/sdn/i18n

1.2.2 Further Useful Links

The following table lists further useful links on SAP Service Marketplace:

Content Location on SAP Service Marketplace

Information about creating error messages http://service.sap.com/message

SAP Notes search http://service.sap.com/notes

http://service.sap.com/instguides

http://service.sap.com/businessmaps

http://service.sap.com/quicksizer

http://service.sap.com/platforms

http://service.sap.com/pam

http://service.sap.com/securityguide

http://www.sdn.sap.com/irj/sdn/ha

http://service.sap.com/performance

http://service.sap.com/sp-stacks

http://www.sdn.sap.com/irj/sdn/i18n

http://service.sap.com/message

http://service.sap.com/notes



SAP Software Distribution Center (softwaredownload and ordering of software)

http://service.sap.com/swdc

SAP Online Knowledge Products (OKPs) – role-specific Learning Maps

http://service.sap.com/rkt

1.2.3 Related Guides

This guide is based on guides for SAP NetWeaver 7.4 SP05. You can find more information about the relevantapplications in the following documents:

Title Location

SAP Enhancement Package 1 for SAPNetWeaver 7.4 SP05

http://service.sap.com/installNW74

SAP ERP 6.0 EhP 7.0 SP04 http://service.sap.com/erp-inst -> SAP ERP6.0 -> Planning

SAP Enhancement Packages for SAP ERP 6.0 http://service.sap.com/erp-inst -> SAP ERP6.0 -> SAP enhancement package 7 for SAPERP 6.0

SAP for Retail http://help.sap.com/retail

SAP Global Trade Services http://help.sap.com/grc-gts

SAP HANA http://help.sap.com/hana -> SAP HANAAppliance -> System Administration andMaintenance Information > SAP HANATechnical Operations Manual (TOM)

1.3 Global Definitions

SAP Application:

An SAP application is an SAP software solution that serves a specific business area like ERP, CRM, PLM, SRM, andSCM.

Business Scenario:

From a microeconomic perspective, a business scenario is a cycle that consists of several differentinterconnected logical processes in time. Typically, a business scenario includes several company departmentsand involves other business partners. From a technical point of view, a business scenario needs at least one SAP

http://service.sap.com/swdc

http://service.sap.com/rkt

http://help.sap.com/hana



application (SAP ERP, SAP SCM, or others) for each cycle, and possibly other third-party systems. A businessscenario is a unit that can be implemented separately and reflects the customer’s prospective course of business.

Component:

A component is the smallest individual unit considered within the Solution Development Lifecycle; componentsare separately produced, delivered, installed, and maintained.

1.4 Important SAP Notes

Check regularly for updates available for the Application Operations Guide.

SAP NoteNumber

Title Comment

1977354 Release strategy for the ABAP add-onEAFASH

Contains information about planning theinstallation and upgrades of the ABAPadd-on EAFASH.

1971859 Fashion specific features in MD01N Automatic correction instructions toenable specific behavior for SAP DTMTFramework, in the standard transactionMD01N.

1983386 SAP DTMT Framework 1.0 - ReleaseRestriction Note

Summary of functional restrictions inrelease 1.0

2001155 Release Information Note: SAP DTMTFramework 1.0

Release information note

Data Transport and Migration Tool for Fashion Release 1.0SAP DTMT Framework


2 SAP DTMT Framework

2.1 Product Overview

DTMT Framework is a migration solution to allow Apparel & Footwear (AFS) customers to use SAP’s new DTMTFramework Solution (FMS). It consists of a tool part and a content part.

2.2 The Tool Part

DTMT stands for Data Transport & Migration Tool. It is a new ETL tool specifically developed to migrate businessobject data between ABAP-based SAP systems. The focus on ABAP- based SAP applications and the closeintegration into the source and target systems make several aspects much easier than would be possible withgeneric ETL tools. Direct access to the respective metadata (dictionary) and detailed knowledge of the systemarchitecture allows SAP to provide DTMT users with convenient solutions to common migration problems.The first use case where DTMT is used is the AFS (Apparel and Footwear Solution) to FMS (DTMT FrameworkSolution) data migration. In this scenario, AFS customers need to migrate a large portion of their ERP data toFMS. From a technical point of view, this requires a tool that is able to deal with very complex structural mapping(to cover the large architectural differences between AFS and FMS), and to handle a huge data volume within an



acceptable timeframe. Therefore SAP decided to build DTMT based on the principles and methods of theextremely successful R/2 – R/3 migration, since this was a comparable scenario. Most of the old capabilities andsome new ones that are today state of the art in modern ETL tools have been implemented in a new SAP GUI-based application.

2.2.1 Data Migrations with DTMT

Unlike generic ETL tools, DTMT does not depend on the availability of standard data import interfaces (IDocs,BAPIs, and so on) since DTMT allows you to bypass the application logic and to write data directly to the targettables if necessary. This expands the scope of the data transfer beyond only master data and open businesstransactions, unlike normal legacy data migrations. However, in some cases it might be necessary to use functionmodules, BAPIs, or IDocs for the final data import (for example, for audit reasons).

2.2.2 Adaptations and Enhancements

DTMT is an open tool that can be used to change provided content, expand the content, or add your ownmigration content to cover custom objects. The fact that DTMT does not have to be so generic, since its use isrestricted to SAP systems, means that several convenient functions are integrated into the tool. This makescontent development easier, and would not be possible in heterogeneous scenarios using external ETL tools.Since DTMT acts on table level, users who want to change or develop content should have in-depth knowledge ofthe actual data model.

2.2.3 Summary of Data Migration Process

Simply put, data migrations carried out with DTMT read data directly from the relevant source tables, and it isthen written to a CSV file. From here, it is read by the corresponding migration and import program on the targetside and transferred to the migration rule set. Once the conversion is complete, the data is either written to therelevant tables in the target system, or handed over to BAPIs or function modules that will perform the final datainsert (see also figure 2).

2.2.4 Testing Migration Results

It should also be noted that bypassing the business logic and writing data directly to the target tables is notwithout risk. You risk losing data or changing the data content to such an extent that it can no longer be processedby the application at a later time. Although the risk can be minimized by using the content that SAP provides, the



results of the test migrations have to be thoroughly tested. The success of these migrations can be judged onlyfrom a business perspective. This means that detailed analyses must be available before and after a migration inboth the source and target, to assess the migration.

2.2.5 Data Migration Versus Data Transport

A data migration is any process whereby data from different structures is transferred from A to B, and the sourcedata is adjusted to the target structures. If the source and target structures are identical (that is, there is a 1:1structural relationship between the source and the target), we refer to this as a data transport since notransformation takes place. As far as DTMT is concerned, these two cases differ only in terms of mapping.Mapping can be highly complex or, in the case of a transport, consist of simple assignments between fields of thesame name. However, even in the case of a transport, we refer to the process as an ETL process, where “E”stands for Extract, “T” for Transform, and “L” for Load. DTMT allows you to model and execute these processes.



2.2.6 DTMT Architecture

Even though DTMT is architecturally separated in a source part and a target part, both are bundled together andcan be installed only as one package. This allows you to perform data migrations within one system, for examplebetween two clients, as well as between different systems. You simply have to install and use DTMT on both sidesif the target system is not the source system.

2.2.7 Generation Approach

The source part and the target part of DTMT consist of a design studio and a runtime environment.

The design studio allows the creation of source content and target content, which is stored in DTMT’s controltables. The content serves as input for program generators also embedded in DTMT, which finally generate theactual export programs and import programs within the customers’ environment. The runtime environment ofDTMT takes care of the actual program execution and everything that is related to it, such as logs or filemanagement.

The generation approach has some advantages, which are described below:

Creating content within the design studio of DTMT does not require a great deal of programming knowledge

The direct integration of DTMT into the source and target systems allows the program generators to consider thecustomers’ dictionary during the generation process. The generated data export programs for example, willautomatically extract the field contents of custom fields in migration-relevant tables. As soon as the metadata ofthe customer-specific fields has been entered in the target system, DTMT recognizes that the target systemcontains fields for which a transfer rule has to be defined, and requests this rule.

Since all generated programs are structurally identical, support becomes much easier.



2.2.8 Migration Object

The units in which data is summarized and then migrated are subject to definition. In an SAP ERP environment,they usually contain data that belongs together from a business perspective. Customers, vendors, materialmasters, purchase orders, or sales orders are just some examples of these types of unit. In DTMT, these units arecalled "migration objects" (MO). Within DTMT’s control tables, all data regarding the relevant tables, their keyrelationships to each another, and all of the required mapping instructions to table and field level are stored.

2.2.9 Migration Scope

In most cases, customers will use DTMT for specific use cases for which SAP provides migration content. Oneexample for such a use case is the previously mentioned AFS2FMS migration. Therefore, multiple MOs can bebundled together in a “migration scope”. Simply put, a migration scope is an umbrella above all migration objectsthat belong to a specific migration scenario. Multiple migration scopes can exist side-by-side in one system.

2.2.10 Summary of Data Migration Process

The figure below shows the simplified data migration process for a migration object.

Data of an MO is read from relevant source tables and written to a CSV file by the DTMT extraction runtime objectthat has been generated based on the extraction content (developed in DTMT design time for source content).

In the other direction, the generated DTMT import runtime object reads data from the CSV file, transforms it toNFS needs, and fills the relevant target tables (developed in DTMT design time for target content).



2.3 DTMT Content for AFS to FMS Migration

2.4 Release 1 of the AFS to FMS data migration consists ofthe following migration objects:

Object Description

Customer Customer Master

Vendor Vendor Master

Char_DIM Characteristics for Dimensions

MASTERGRID Master Grid to Characteristic Profile

MAT_HIER Merch. Categories incl. MC-Hierarchy

MAT_CHAR Ass. Charact.Profiles to Merch.Categ.

SEASONS Season Master Data

MAT_GRID AFS GRID Materials

CHAR_NODIM Chacteristis except Dimensions

MAT_ERP ERP Materials

INFO_REC1 Purchasing Info Record 1 (EKORG)

INFO_REC2 Purchasing Info Record 2 (WERKS)

INFO_REC3 Purchasing Info Record 3 (Routing)

INFO_REC4 Purchasing Info Record 4 (Customer/Material)

INFO_REC5 Purchasing Info Record 1 (EKORG + Grid)

PIR Planned Independent Requirement ERP

PIR_AFS Planned Independent Requirement AFS

COND_A004 Conditions: Materials

COND_A005 Conditions: Customer/Materials

COND_A489 Conditions: Material Info Record

COND_A495 Conditions: VKORG/VTW/CUST/MAT/GridVal

COND_A496 Conditions: VKORG/VTWEG/KUNNR/MATNR/Grid

COND_A498 Conditions: VKORG/VTWEG/MATNR/GridValGr

COND_A499 Conditions: VKORG/VTWEG/MATNR/Grid

VAS_K021 VAS Condition records KOTK021



SD_ORDER Sales Order (with grid)

SD_ORDER1 Sales Order (without grid, pure ERP)

MM_ORDER Purchase Order (with grid)

MM_ORDER1 Open Purchase Order (without grid, pure ERP)

GL_ACCOUNT GL/Account - Balances (GLT0..)

GL_ACC_NEW GL/Account - Balances(newGL)

OI_RECEIVA Open Items Receivables

OI_PAYABLE Open Items Payables

OI_GL_ACCO Open Items GL/Accounts

IM_STOCK Inventory Management Stock (+ Batches)

IM_MSKU_ST Special IM-Stock with Customer


Data Transport and Migration Tool for Fashion Release 1.0Installation Information

3 Installation Information

This section gives you an overview of the installation process and the required component versions that must beinstalled before you install DTMT Framework 1.0.

DTMT Framework consists of the following three software components:

DTMT_FW = DTMT Framework

DTMT_CT_IMP = Target Content AFS2FMS

DTMT_CT_EXP = Source Content AFS2FMS

The Framework (DTMT_FW) has to be installed in your AFS system and your FMS system. After the successfulinstallation of the framework, you need to install the target content (DTMTCT_IMP) in your FMS system (targetsystem for migration) and the source content (DTMT_CT_EXP) in your AFS system (source system formigration).

DTMT Framework can be installed in all AFS systems with release AFS 6.0 or higher and in all FMS systems withrelease 1.0 and higher.

3.1 Recommended System Landscape for an AFS2FMSMigration Project

Data Transport and Migration Tool for Fashion Release 1.0Installation Information


The figure above illustrates the recommended system landscape for an AFS to FMS migration project, and showswhich DTM component has to be installed where.


Data Transport and Migration Tool for Fashion Release 1.0Security Information

4 Security Information

This section of the Administrator's Guide provides an overview of the security-relevant information that applies toSAP DTMT Framework.

Reference to General Information

Information in this section is in addition to the general information provided in the following security guides:

http://service.sap.com/securityguide SAP Business Suite Applictions SAP ERP 6.0, EHP7 SAP ERP 6.0Security Guides, EHP7 (Online Version).

4.1 User Administration and Authentication

SAP DTMT Framework uses the user management and authentication mechanisms provided with the SAPNetWeaver platform, in particular SAP NetWeaver Application Server ABAP. Therefore, the securityrecommendations and guidelines for user administration and authentication as described in the SAP NetWeaverApplication Server ABAP Security Guide [SAP Library] also apply to SAP DTMT Framework.

In addition to these guidelines, information about user administration and authentication that specifically appliesto SAP DTMT Framework is included in the following topics:

User Management

This topic lists the tools to use for user management, the types of users required, and the standard users thatare delivered with the SAP DTMT Framework.

User Data Synchronization

SAP DTMT Framework shares user data with other sources. This topic describes how the user data issynchronized with these other sources.

Integration into Single Sign-On Environments

This topic describes how SAP DTMT Framework supports Single Sign-On mechanisms.

4.2 User Management

User management for SAP DTMT Framework uses the mechanisms provided with the SAP NetWeaver ApplicationServer (ABAP), for example, tools, user types, and password policies. For an overview of how these mechanismsapply to SAP DTMT Framework, see the sections below.

User Administration Tools

The table below shows the tools to use for user management and user administration with SAP DTMT Framework.

User Management Tools




Tool Description

User maintenance for ABAP-based systems(transaction SU01)

For more information about theauthorization objects provided by thesubcomponents of SAP DTMT Framework,see the relevant component in the sectionAuthorizations.

Role maintenance with the profile generatorfor ABAP-based systems (PFCG)

For more information about the rolesprovided by the subcomponents of SAPDTMT Framework, see the relevantcomponent in the section Authorizations.For more information, see User and RoleAdministration of Application Server ABAP.

Central User Administration (CUfofor themaintenance of multiple ABAP-basedsystems

Use the CUA to centrally maintain users formultiple ABAP-based systems.Synchronization with a directory server isalso supported.

4.3 User Data Synchronization

By synchronizing user data, you can reduce effort and expense in the user management of your systemlandscape. Since SAP DTMT Framework is based on SAP NetWeaver, you can use all of the mechanisms for usersynchronization in SAP NetWeaver here. For more information, see the SAP NetWeaver Security Guide on SAPService Marketplace at https://service.sap.com/security SAP NetWeaver.

4.4 Integration into Single Sign-On Environments

The SAP DTMT Framework application supports the Single Sign-On (SSO) mechanisms provided by SAPNetWeaver. Therefore, the security recommendations and guidelines for user administration and authenticationas described in the SAP NetWeaver Security Guide [SAP Library] also apply.

The most widely-used supported mechanisms are listed below.

Secure Network Communications (SNC)

SNC is available for user authentication and provides for an SSO environment when using SAP GUI forWindows or Remote Function Calls.

SAP logon tickets

https://service.sap.com/security



The SAP DTMT Framework application supports the use of logon tickets for SSO when using a Web browseras the frontend client. In this case, users can be issued a logon ticket after they have authenticatedthemselves with the initial SAP system. The ticket can then be submitted to other systems (SAP or externalsystems) as an authentication token. The user does not need to enter a user ID or password forauthentication but can access the system directly after the system has checked the logon ticket.

Client certificates

As an alternative to user authentication using a user ID and passwords, users using a Web browser as afrontend client can also provide X.509 client certificates to use for authentication. In this case, userauthentication is performed on the Web server using the Secure Sockets Layer Protocol (SSL Protocol), andno passwords have to be transferred. User authorizations are valid in accordance with the authorizationconcept in the SAP system.

For more information, about the available authentication mechanisms, see User Authentication and Single Sign-On [SAP Library] in SAP NetWeaver Library.

4.5 Authorizations

SAP DTMT Framework uses the authorization concept provided by the SAP NetWeaver AS ABAP. Therefore, therecommendations and guidelines for authorizations as described in the SAP NetWeaver AS Security Guide ABAPalso apply to SAP DTMT Framework.

The SAP NetWeaver authorization concept is based on assigning authorizations to users, based on roles. For rolemaintenance, use the profile generator (transaction PFCG) on the AS ABAP.

Standard Roles

There are 2 new standard roles delivered with SAP DTMT Framework:

SAP_DTMT_DTT

SAP_DTMT_DTS

Users who need to work with SAP DTMT Framework in the AFS source system need to have the roleSAP_DTMT_DTS assigned, and users who need to work with SAP DTMT Framework in the FMS target systemneed to have the role SAP_DTMT_DTT assigned.

For more information about the standard roles in SAP Retail, see SAP Library (help.sap.com) > SAP BusinessSuite > SAP ERP > Application Help > Industries in SAP ERP > SAP Retail > Basic Principles.

4.6 Session Security Protection

To increase security and prevent access to the SAP logon ticket and security session cookie(s), it isrecommended that you activate secure session management. We also highly recommend using SSL to protectthe network communications where these security-relevant cookies are transferred.

Session Security Protection on the AS ABAP

The following section is relevant for SAP DTMT Framework in SAP NetWeaver Business Client: To prevent accessin javascript or plug-ins to the SAP logon ticket and security session cookies (SAP_SESSIONID_<sid>_<client>),you can activate secure session management. With an existing security session, users can then start applications



that require a user logon without logging on again. When a security session is ended, the system also ends allapplications that are linked to this security session.

Use the transaction SICF_SESSIONS to specify the following parameter values shown in the table below in yourAS ABAP system:

Session Security Protection Profile Parameters

Profile Parameter Recommended Value Comment

icf/set_HTTPonly_flag_on_cookies 0 Client-dependent

login/ticket_only_by_https 1 Not client-dependent

4.7 Network and Communications Security

Your network infrastructure is extremely important in protecting your system. Your network needs to support thecommunication necessary for your business needs, without allowing unauthorized access.

A well-defined network topology can eliminate many security threats based on software flaws (at both theoperating system and application level) or network attacks such as eavesdropping. If users cannot log on to yourapplication or database servers at the operating system or database layer, then there is no way for intruders tocompromise the machines and gain access to the backend system’s database or files. Additionally, if users arenot able to connect to the server LAN (local area network), they cannot exploit well-known bugs and securityholes in network services on the server machines.

The network topology for the SAP DTMT Framework application is based on the topology used by the SAPNetWeaver platform. Therefore, the security guidelines and recommendations described in the SAP NetWeaverSecurity Guide also apply to the SAP DTMT Framework application. Details that specifically apply are described inthe following topics:

Communication Channel Security

This topic describes the communication paths and protocols used by the SAP DTMT Framework application.

Network Security

This topic describes the recommended network topology for the SAP DTMT Framework application. It showsthe appropriate network segments for the various client and server components, and where to use firewallsfor access protection. It also includes a list of the ports needed to operate the SAP DTMT Frameworkapplication.

Communication Destinations

This topic describes the information needed for the various communication paths, for example, which usersare used for which communications.

For more information, see the following sections in the SAP NetWeaver Security Guide:

Network and Communication Security [SAP Library]

Security Aspects for Connectivity and Interoperability [SAP Library]



4.8 Communication Channel Security

The table below shows the communication channels used by SAP DTMT Framework, the protocol used for theconnection, and the type of data transferred.

Communication Path ProtocolUsed Type of Data Transferred

Data RequiringSpecialProtection

Frontend client using SAPGUI for Windows toapplication server

RFC,HTTP(S)

Integration data Passwords

Frontend client using a Webbrowser to application server

HTTPS All application data Passwords

Application server to third-party application

HTTPSSystem ID, client, and hostname

Systeminformation (thatis, host name)

Application server toapplication server

RFC

Application data(equipment, functionallocations), integrationobjects

Systeminformation

DIAG and RFC connections can be protected using Secure Network Communications (SNC). HTTP connectionsare protected using the Secure Sockets Layer (SSL) protocol.

For more information, see Transport Layer Security in the SAP NetWeaver Security Guide.

4.9 Network Security

Your network infrastructure plays a key role in protecting your system. A well-defined network topology caneliminate many security threats based on software flaws (at the operating system and application level) ornetwork attacks such as eavesdropping. We offer general recommendations to protect your system landscape,based on SAP NetWeaver.

NOTEFor information about network security for SAP NetWeaver, see the SAP NetWeaver Security Guide onSAP Service Marketplace at http://service.sap.com/securityguide. A minimum security demand for yournetwork infrastructure is the use of a firewall for all your services that are provided over the Internet. Amore secure variant is to protect your systems (or groups of systems) by locating the system groups indifferent network segments. Each system group has a firewall that protects it from unauthorized access.External security attacks can also come from the inside, if the intruder has already taken control of one ofyour systems.




NOTEFor information about access control using firewalls, see the SAP NetWeaver Security Guide on SAP HelpPortal at http://service.sap.com/securityguide SAP NetWeaverSAP NetWeaver 7.0 EhP3 SecurityGuides (Online Version) SAP NetWeaver Security Guide Network and Communication SecurityUsing Firewall Systems for Access Control.

4.10 Communications Destinations

The use of users and authorizations in an irresponsible manner can pose security risks. You should thereforefollow the security rules below when communicating with other systems:

Employ the user types System and Communication.

Grant a user only the minimum authorizations.

Choose a secure password and do not divulge it to anyone else.

Only store user-specific logon data for users of type System and Communication.

Wherever possible, use trusted system functions instead of user-specific logon data.

4.11 Data Storage Security

For information about the time and storage location for data storage, for the type of access to the data, and forthe protection of the data from unauthorized access, see the application-specific part of this guide under thecomponents that you use.

Using Logical Paths and File Names to Protect Access to the File System

The SAP DTMT Framework component saves data in files in the file system. Therefore, it is important to explicitlyprovide access to the corresponding files in the file system without allowing access to other directories or files(also known as directory traversal). This is achieved by specifying logical paths and file names in the system thatmap to the physical paths and file names. This mapping is validated at runtime, and if access is requested to adirectory that does not match a stored mapping, then an error occurs. In the application-specific part of thisguide, there is a list for each component, of the logical file names and paths, where it is specified to whichprograms these file names and paths apply.

Activating the Validation of Logical Paths and File Names

The logical paths and file names are entered in the system for the corresponding programs. For downwardcompatibility, the validation at runtime is deactivated by default. To activate the validation at runtime, maintainthe physical path using the transactions FILE (client-independent) and SF01 (client-dependent). To determinewhich paths are used by your system, you can activate the appropriate settings in the Security Audit Log.




For more information, see:

Logical File Names

Protecting Access to the File System

Security Audit Logs

For information about data storage security, see the SAP NetWeaver Security Guide at help.sap.com SAPNetWeaverRelease/Language SAP NetWeaver Library Administrator’s Guide SAP NetWeaver SecurityGuide Security Guides for the Operating System and Database Platforms.

More Information

For more information about these services, see:

EarlyWatch Alert: http://service.sap.com/ewa

Security Optimization Service / Security Notes Report: http://service.sap.com/sos

Comprehensive list of Security Notes: http://service.sap.com/securitynotes

Configuration Validation: http://service.sap.com/changecontrol

RunSAP Roadmap, including the Security and the Secure Operations Standard:http://service.sap.com/runsap (See the RunSAP chapters 2.6.3, 3.6.3 and 5.6.3)

http://service.sap.com/ewa

http://service.sap.com/sos

http://service.sap.com/securitynotes

http://service.sap.com/changecontrol

http://service.sap.com/runsap

www.sap.com/contactsap

© 2014 SAP SE or an SAP affiliate company. All rights reserved.No part of this publication may be reproduced or transmitted in anyform or for any purpose without the express permission of SAP SEor an SAP affiliate company.The information contained herein may be changed without priornotice. Some software products marketed by SAP SE and itsdistributors contain proprietary software components of othersoftware vendors. National product specifications may vary.These materials are provided by SAP SE or an SAP affiliate companyfor informational purposes only, without representation or warrantyof any kind, and SAP or its affiliated companies shall not be liable forerrors or omissions with respect to the materials. The onlywarranties for SAP or SAP affiliate company products and servicesare those that are set forth in the express warranty statementsaccompanying such products and services, if any. Nothing hereinshould be construed as constituting an additional warranty.SAP and other SAP products and services mentioned herein as wellas their respective logos are trademarks or registered trademarks ofSAP SE (or an SAP affiliate company) in Germany and othercountries. All other product and service names mentioned are thetrademarks of their respective companies. Please seewww.sap.com/corporate-en/legal/copyright/index.epx foradditional trademark information and notices.

Material Number:

http://www.sap.com/corporate-en/legal/copyright/index.epx

Documents

Data Transport and Migration Tool for Fashion Release 1