Architecture

General

MyPM is compliant with Neptune Software component 400_700 releases 0003 and 0004, under SAP ECC 6 (ERP) Unicode systems. Please check with Soltius NZ Ltd for specific compliance queries on other releases.

There are a variety of systems landscape options which can be impacted by a number of factors – including existing infrastructure, data, network and mobile security policies and standards. In general we highly recommend that:

  • MyPM be accessed through a secure HTTPs connection.
  • SAP Web Dispatcher, or an equivalent security device, be used as part of a properly architected DMZ for external exposure.

The following summarily illustrates a selection of deployment options. Your SAP Basis and Network Security personnel should be able to recognise options specific to your site and security requirements from within these examples. In addition there are authentication options with Neptune using Microsoft ADFS; SAP Portal; or SAP Mobile Cloud – see Neptune Our Architecture for more on this. Also see the FAQ What about Application and Data Security.

Architectural Model Example 1 – SAP Web Dispatcher

Under this model the SAP ERP system serves the MyPM Neptune content through SAP Web Dispatchers.

For some customers:

  • There may not be a firewall between their Internal Users and the Server zone
  • There may be a different security appliance used instead of SAP Web Dispatcher
  • SAP ERP 6 and Plant Maintenance
  • SAP Web Dispatcher

Architectural Model Example 2 – SAP Web Dispatcher and VPN

Under this model the SAP ERP system serves the MyPM Neptune content through SAP Web Dispatchers and a VPN. The activation of the VPN on device can be a frustrating step for end users. So while technically viable, this option may not provide a viable long term functional solution.

Some cellular providers also provide options for customer encrypted connections or offer an alternative VPN option.

Architectural Model Example 3 – SAP Gateway via Web Dispatcher

Under this model the SAP ERP system and Gateway systems have the Neptune Add On installed. The UI traffic is served by the Gateway server with the connection to the ERP system using the RFC protocol.

The advantages of this option are:

  • You can use a single destination for SAP Fiori and Neptune traffic from Gateway
  • You have an added layer of protection and a protocol shift between Gateway and your ERP system.

Security Assessment

If this is the first time that you’ve exposed SAP services to the internet then we strongly recommend the use of a security services company to test and mitigate your vulnerability to external attack.