Help Center> SAP Cloud> SAP on Cloud Solution Feature Tree> High Security

High Security

Description

HUAWEI CLOUD full-stack security services help you to ensure the proper running of service systems and improve security maintenance efficiency. Especially, when you manage a distributed system environment, the security services can further enhance security control over SAP service systems, improve network and SAP system security, and secure the running of various applications.

Secure Network Access
- All SAP systems are deployed in a VPC (dedicated network) on the cloud. All system IP addresses are intranet addresses, and other tenants' access is shielded.
- The HANA Studio/NAT/SAProunter is installed in the access server on the public subnet and bound to an elastic IP address. SAP engineers can access the SAP system on the private subnet through this server to provide technical support.
SAP System Network Isolation and Access Control
Security groups and network ACL features enable intranet access control policies to be implemented under the minimum and default failure principles. You can open only the required IP addresses and ports to access form specific sources.
SAP System Security Boundary
The production environment needs to provide services for the public network and interconnect with other IDCs. Therefore, set up VPN channels between the production environment and enterprise intranets (IDCs). You can configure access control policies between the cloud and the on-premises system and between the cloud and the Internet.

Take border protection measures in the DMZ, internal network application, and management zones because they can be accessed from external networks.
SAP System Host Security
- To hardening the security of cloud servers that communicate with the public network, you can refer to the HUAWEI CLOUD Brute Force Attack Prevention for Cloud Hosts. Host security protection includes OS security hardening and the use of host security products, such as HIDS and antivirus software.
- To ensure the running reliability of key ECSs, you can add key similar nodes (when creating ECSs) to an ECS group and allocate ECSs in an ECS group to different physical servers using anti-affinity policies. For example, you can add backend ECSs monitored by ELB listeners to an ECS group and add SAP DB ECSs to an ECS group.
Security Maintenance Channel
- Provides the SAP Support channel for security maintenance.
- Provides a security maintenance channel for Huawei maintenance personnel.

For details, see SAP Security White Paper.

Customer Benefits

Your SAP system is protected from heavy-traffic DDoS attacks, viruses, and hackers. The service stability and reliability are ensured with tier-3 data centers and carrier-level security architecture. HUAWEI CLOUD never collects tenant data.

Constraint

No application constraint

Specifications

No special specifications

Configuration

For the configuration of related cloud services, see the SAP on Cloud Security Architecture.

Release History

None

Last Article: High-Performance Network

Next Article: HA and DR

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English