Tuesday, September 15, 2015

How to recognize whether SNC is installed in SAP system?

SNC is very often used by SAP customers to secure the data exchange between SAP and external systems. Also communication form SAP GUI to SAP backend by default is not encrypted. To secure communication like these and SNC needs to be implemented in SAP systems landscape.

The SNC or Secure Network Communication is an interface securing communications between two secure SAP systems; it provides application-level, end-to-end level of security. Protection is usually provided by an external security product that is available to SAP system using SNC interface. The interface complies with internet standard Generic Security Services Application Programming Interface (GSS API) version 2. The default product provided by SAP is the SAP Cryptographic Library, which you can use for SNC between SAP System server components.

Sometime there is a question form customers whether they do have the SNC in place. How to quickly check this? There are couples of ways…

1. By running Function Module SNC_CHECK_ACTIVE: The FM has no import parameters. Therefore just open the tcode SE37 put the name of the FM and run it. In case the SNC is enabled in particular SAP system there is export parameter ACTIVE set to X returned.

2. table USRACL: it stored SNC Access Control List (ACL)for users. In case the SNC is enabled every user recognized in field BNAME has field PNAME populated. In that field a canonical name is stored in format:

3. t-code SU01: in case the SNC is enabled an particular user has following data in tab strip called SNC:
SNC Status: SNC is active on this application server
SNC Data: SNC Name: p:CN=@company_domain

No comments: