Tip

How to secure an SAP installation with disaster recovery

Bert Vanstechelman, Contributor
There are two crucial questions which every SAP technical consultant or administrator should ask and answer regularly. How do I keep my SAP implementation

    Requires Free Membership to View

safe from unauthorized access, and what should I do in case that happens?

Network Security
SAP security reaches many things. You will need to talk to your networking team for the securing of the network. Next is the operating system and database access on which the SAP system is running. For this, consult your system and database administrator. The most common mistake is leaving standard passwords of the SAP database schema users.

Finally, there is SAP. Books have been written on SAP roles and authorizations. Many SAP customers have dedicated authorization administrators who spend their entire day modifying and assigning the proper authorizations and roles to the correct people. The best starting point would be the Security pages in the Service Marketplace. How-to guides with SAP security guidelines exist for almost all SAP components.

For more detailed information on SAP roles and authorizations, I warmly recommend SAP Security and Authorizations and The SAP Authorization System, both published by SAP-PRESS.

Disaster Recovery
If you do not have a suitable backup strategy, external factors, physical errors, and logical errors can cause system downtime and may lead to data loss. If data is lost due to external factors such as water damage to your hardware, physical errors such as hardware failure, or logical errors such as an unintentionally deleted table, you must recover the database up to the point in time when the database crashed. If a full recovery is possible, only the data of uncommitted transactions before the error will be lost.

Your backup strategy must be designed according to the needs of your company. To ensure the availability of your SAP R/3 system, your backup strategy must be carefully tested before the R/3 system goes live, and after any changes to your backup strategy.

Consider the following when you set up your backup strategy:

  • Consider how long you can afford to shut down the SAP R/3 system for each of the above scenarios.

  • Consider how much production data you can afford to lose. This determines the point-in-time recovery needed.

To ensure that the correct actions are performed for each of the scenarios, create a document containing organizational descriptions of procedures and an escalation plan. This document must be approved by management and understood by the person who performs the database restore and recovery.

You should evaluate and implement the most suitable backup type and method for your company. SAP recommends a 28-day backup cycle. In my experience, every company should define its own.

For a starting point, have a look at the system management pages on the SAP Service Marketplace and the backup/recovery section in the SAP NetWeaver documentation.

This was first published in March 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.