Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

E-Recruiting implementation

Former Member

on ‎2012 Feb 23 10:05 AM

0 Likes
240

Dear experts,

We are about to implement e-Recruiting and we are still doubtful about which scenario to implement

Roughly we would like to use our portal to give internal access to employee and implement integrated e-recruiting on our ERP HR system (EHP5) and use a distributed wed dynpro scenario (split between internal & external access)

For external access, we would like to reuse a reverse proxy we have in our DMZ but then my question is

Do we need to put in place E-Recruiting UI frontend in the DMZ, or is it reasonable to put it in the intranet ?

My question is for sure related to security criteria as we do not want to take any risk. But here we have no idea if we take any risk by installing the frontend UI server in the LAN rather than in the DMZ with the reverse proxy...

Then for sure, whatever the solution chosen, the external frontend UI server will then be linked via RFC to the backend.

Question is to combine security and ease our administration activities (as it is a bit more fastidious to maintain a landscape in the DMZ rather than in the intranet zone, at least for us

Thank you in advance for any advice and support !

Regards,

Yvan

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member131723
Advisor
Advisor
‎2012 Feb 23 7:04 PM
0 Likes

The PDF in note 997181 will give you the architecture for single instance scenario and integrated scenario

Regardless of which scenario you choose though, there will always be even in standalone instance some personal data stored such as name, email address, alias etc although "no security relevant data' meaning that the candidate data (sensitive

protected data like address) is stored on the backend E-Recruiting system which is in the secure area (protected by firewall). The front-end system is outside that area but doesn't have any data stored and is only used by the candidates to logon and start the services BUT the data is always called from the backend via RFC calls.

The front-end is essentially starting the services in this particular scenario.

There was another thread on this in SDN also;

http://forums.sdn.sap.com/message.jspa?messageID=8063683

Plus notes 128447 (regarding trusted connection) and also 1147882 in E-Recruiting context might help you here too.

Hope its useful

Sally

Edited by: Sally Redmond on Feb 23, 2012 8:05 PM

Show replies
Show replies
Former Member
‎2012 Feb 24 10:44 AM
0 Likes

Hello Sally,

Thank you for your answer, really appreciated !

Looking at your explanation and all provided info clarified a lot.

Finally can we also argue that even if we use a reverse proxy as a network component to access the E-Recruiting frontend for external access, putting this E-Recruiting server in the trusted Lan is more or less as allowing anonymous access / unregistered user to sit in the trusted Lan ? Even if from that point everyting is done to restrict acceess to the HR backend via trusted RFC (even SNC secured) and based on authorization objects to prevent an attempt to call any other RFC-capable module in the backend.

What do you think ?

Kind Regards,

Yvan

Ask a Question