cancel
Showing results for 
Search instead for 
Did you mean: 

Access SAP systems via the SAP Portal (EP) over the internet.

saravanan_narayanan
Active Contributor
0 Kudos
107

Hello,

Our SAP systems (ECC 6.0) are behind the firewall while our EP server is in the DMZ zone published on the internet. we want the ECC applications to be accessible in the portal.

By searching this forum, I came to know by using reverse proxy or SAP web dispatcher we can solve this problem. Now my questions is if we use the reverse proxy, then the ECC system will be in DMZ area right? Wont it be a big problem/ threat to the production data?

And if we want to move the ECC system to DMZ area, then what are the precautionary security measures to be considered? Should we need to move the database server also to DMZ area or only the ECC Application server will do?

BR, Saravanan

Accepted Solutions (1)

Accepted Solutions (1)

hofmann
Active Contributor
0 Kudos

if we use the reverse proxy, then the ECC system will be in DMZ area right

You should read the concept of a reverse proxy again. The vantage of using a reverse proxy is that only the reverse proxy will be exposed, while your backend system will stay untouched.

Internet (browser) -


> reverse proxy (DMZ) -


> firewall -


> internal systems (ECC, DB)

The end-user will only work with the FQDNs of the reverse proxy and never connect direclty to the ECC system. The system that connects to the ECC is the reverse proxy.

br,

Tobias

Answers (3)

Answers (3)

Former Member
0 Kudos

Hi,

Best would be to have a reverse proxy ( Apache/MS ISA/Web Dispatcher) in DMZ and set up rules for forwarding the request based on suffixes to SAP systems ( EP, ECC etc) which is within internal firewall. You might want to check SPOF (Single Point of Failures) for reverse proxy and if you can use any load balancer ( BIG IP etc) to redirect your traffic to multilple instances of apache (RP)

Documentations are available for Web Dispatcher, apache, MS ISA as a reverse proxy on SDN.

-JG

Former Member
0 Kudos

Hi,

What you need, is to install a Web Dispatcher for your ECC system inside the DMZ to expose it on the internet.

therefore, the ECC system will stay inside the corporate network shielded by the firewall.

Regards,

Olivier

former_member188632
Active Contributor
0 Kudos

Are you planning to expose ECC Applications via portal or want to bypass the portal? If you can want to extend only applications and not the entire system, need for which I do not foresee, you can easily expose ECC applications via transaction iView. And by this, your ECC system shall not be in DMZ

Hope this help,

Ameya