In many scenarios, the EWM server is hosted outside the customer's local area network, while the PLCs remain within the LAN. This setup poses a security risk as communication between the Material Flow System (MFS) and PLCs is vulnerable to interception.

To address this concern, implementing message encryption becomes essential. With the release of S4 2022, SAP introduced Transport Layer Security (TLS) communication between MFS and PLCs.

TLS, or Transport Layer Security, is a cryptographic protocol specifically designed to ensure secure communication over computer networks. It provides robust protection by guaranteeing data integrity, confidentiality, and authentication between client-server applications. Through encryption, TLS safeguards data transmissions, thwarting unauthorized access and tampering. Consequently, it has become a cornerstone technology for securing online transactions, communication, and data exchange.

To enable TLS communication between MFS and PLCs, specific configurations are required when defining PLCs. The "Use TLS" flag must be enabled, and the SSL client identity needs to be updated. The setup of the SSL client can be performed by the Basis Team.

When utilizing TLS, it's important to note that communication may necessitate either a fixed-length telegram or designated start and end characters. These configurations significantly enhance the security of communication channels.

However, implementing TLS encryption presents a challenge, particularly regarding PLCs' ability to decrypt encrypted messages. Most PLCs lack the capability to decrypt such messages internally, requiring the involvement of an external device for decryption. One viable solution is leveraging the SAP Web Dispatcher for this purpose.

It's crucial to position the Web Dispatcher as close as possible to the PLC from a network perspective.

For more detailed information refer to SAP Note 3132199.