Optimization of the SAP infrastructure
Quick check of your SAP security settings with the Xiting Authorizations Management Suite (XAMS)
You can reduce the Queue selection. To do this, select the Support Package that should be the last in the queue. After that, the queue is recalculated. You can also start the recalculation explicitly with Queue. Note that you can only select Support Packages that are part of the software component you have selected (the mouse cursor will change its appearance accordingly). The support packages associated with the calculated queue are green. The highest support package of the previously selected software component is additionally marked with a green tick. The support packages that are no longer part of the queue are still visible in the list and can be selected again. If you want to set the queue for another software component, select New Component. Result You have defined a queue. Now insert the support packages in the queue [page 20]. Rules for the Queue The following rules apply to creating a Queue: If it is an FCS system, the first step is an FCS Support Package. If it is missing from the queue, it cannot be defined. Instead, you will receive an error message telling you the name of the missing FCS Support Package. You cannot insert an FCS support package in a non-FCS system (official state of delivery). Support packages for a selected component are queued in order. If support packages in the queue have connections to support packages of another component (further predecessor relationship, required CRT), the queue will be extended by additional support packages until all predecessor relationships are fulfilled. Note that the SAP Patch Manager takes into account the configuration of your SAP system and only adds support packages to the queue that can be inserted into your system.
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
Add-ons
Permanent and proactive technical support in the SAP Basis area ensures a stable, secure and high-performance environment. Our international team of experienced and certified Basis consultants supports our customers in all phases with a wide range of services, both nearshore and on-site or remote.
Reduce resources: depending on the agreement of the contract, you can ask for the service resources only when needed. This will save you some costs.
"Shortcut for SAP Systems" makes many tasks in the area of the SAP basis much easier.
Checks whether the queue is fully processed.
Confirm Queue Usage Confirm the successful insertion of the Queue in your system.