Copyright © 2003 Americas’ SAP Users’ Group Session 4904 SAPConsole an End-to-End Security Implementation Chris Kralovansky NIBCO INC. Technical Analyst.

Slides:

Advertisements

Similar presentations

Distributed Data Processing

Advertisements

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

Netcentives Inc. 475 Brannan St. San Francisco, CA NASDAQ: NCNT Netcentives Inc. 475 Brannan St. San Francisco,

Chapter 15: Packaged Software and Enterprise Resource Planning

PROFITABLE INVENTORY CONTROL SYSTEMS Your Complete Software System Integrator VICSSQL – Visual Inventory Control System – SQL.

DEPARTMENT OBJECTIVES 1. To Identify and deploy information technology to meet business objective at CKPL. 2.To Provide support to users for systems usage.

SAP Support Costs Am I Paying too Much?. Agenda  Company Background  SAP System Details & Support Model  Base Line Cost Assessment  Evaluate the Options.

3108: Enterprise Upgrade Lessons Learned

Experiences with EP 5.0 Lessons Learned. Johnson & Johnson - J&J Consumer - Neutrogena - ROC - McNeil Consumer Healthcare Co. - McNeil Specialty - Ethicon.

ASUG Annual Conference Session 4711

Release Management in SAP David Osborne, Planning & Release Management, Canada Customs and Revenue Agency May 20, 2003 Session 2909.

#4502 – Streamlining the Physical Inventory Process Using a Custom Solution.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Copyright © 2003 Americas’ SAP Users’ Group Integrating Managed Services into SAP EH&S Jürgen Schwab CEO, TechniData AG John Torgerson Market Development.

Implementation Audit and Control Background Internal Audit Role Go-Live Criteria Audit Approach - Systems Audit Approach - People Summary Agenda.

SM Extension at Hyundai Uses SAPConsole Session 4009 Joe Preski – Hyundai Translead Jim Farkas – The Baer Group

SE 464: Industrial Information systems Systems Engineering Department Industrial Information System LAB 02: Introduction to SAP.

1 Meeting the Reporting Challenges at International Paper.

Bringing an Acquisition onto SAP: A Supply Chain Perspective Session: 2809.

Selecting and Implementing an LMS for your Company Session Code #2411.

SAP on Handheld Challenges in Implementing WM with RF Praveer Punera Varian Medical Systems, Inc. May 20, 2003.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

PROFITABLE INVENTORY CONTROL SYSTEMS Your Complete Software System Integrator ProcessTrakker – Visually Tracking your Manufacturing Process.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

National Finance Center’s 2008 Customer Forum EmpowHR 9.0 Billy Dantagnan Teracore.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Windows 2003 and 802.1x Secure Wireless Deployments.

Windows ® Powered NAS. Agenda Windows Powered NAS Windows Powered NAS Key Technologies in Windows Powered NAS Key Technologies in Windows Powered NAS.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

SOA Landscape Recommendations By >. Who we are  Team Members  Company History  Current & Past Client Projects  Note: have fun here. Make up your history.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

IS 466 ADVANCED TOPICS IN INFORMATION SYSTEMS LECTURER : NOUF ALMUJALLY 3 – 10 – 2011 College Of Computer Science and Information, Information Systems.

Making the Internet a Better Place for Business NIST PKI Steering Committee March 14, 2002.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 Cisco Learning Credits A Solid Business Value Proposition.

Copyright © 2001 Espial Group Inc. All rights reserved. Evolution of the Pervasive Internet Ella Mar VP Operations Dilshan De Silva Director, Product Development.

Putting a Face on Electronic Commerce Kathy Warden.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Chapter 6 Supporting Processes with ERP Systems Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall 6-1.

XPand your capabilities with Citrix ® MetaFrame XP ™ for Windows ®, Feature Release 2.

Empowering the User Custom Web Reporting M. Keener & R. Kolatalo | Thursday, March 1, 2012.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

UPS Case Study Mark Charleston Dave Donahue Shawn Wagner.

Classical Development Methodology Waterfall Method.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

SAP Decision Support Environments in Higher Education

4 - 1 Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved. Computer Software Chapter 4.

Copyright© 2002 Avaya Inc. All rights reserved Anna Dorcey Director, Avaya DeveloperConnection Program August 4, 2004 Partnering in the VOIP World Anna.

Introducing… Conferencing Manager. Agenda Citrix MetaFrame Conferencing Manager Solving business challenges Value to our channel Citrix MetaFrame Conferencing.

State of Georgia Release Management Training

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Ellis Paul Technical Solution Specialist – System Center Microsoft UK Operations Manager Overview.

Automation Solutions – Product & Practice

© 2015 Avaya Inc. All rights reserved Introduction Transition + Transform addresses the urgent unified communication and collaboration (UC&C) needs.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Intro movie. Presenter’s name November 2015 Avnet Partner Event 2015 Technology Trends Avnet’s Role Avnet’s Value add  Security  Converged Infrastructure.

History of Windows Operating System. Windows 1.0 Debuted in 1985 First version of Windows that was set up to use bitmap displays and mouse pointing devices.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

SAP NetWeaver Business Intelligence SAP Netweaver Business Warehouse (SAP NetWeaver BW) the name of the Business Intelligence,

Career Oriented SAP BASIS training in India,uk,usa Online | classroom| Corporate Training | certifications | placements| support CONTACT US: MAGNIFIC TRAINING.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING  Magnific Name : SAP GRC/SECURITY 24*7 Technical support  faculty : Real time Experience.

Data and database administration

BANKING INFORMATION SYSTEMS

Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>

Course: Module: Lesson # & Name Instructional Material 1 of 32 Lesson Delivery Mode: Lesson Duration: Document Name: 1. Professional Diploma in ERP Systems.

Enterprise Program Management Office

Workshop: High Level Reporting

Presentation transcript:

Copyright © 2003 Americas’ SAP Users’ Group Session 4904 SAPConsole an End-to-End Security Implementation Chris Kralovansky NIBCO INC. Technical Analyst - SAP Basis & Security Monday, May 19, 2003

Objectives  Share project approach, key questions, and deliverables every customer should think about when undertaking an SAPConsole implementation  Discuss approaches to physical and logical security in an SAPConsole implementation  Develop an understanding of end-to-end security considerations for an SAPConsole implementation in a wireless environment

Agenda  NIBCO company background  NIBCO’s data collection technology evolution  SAPConsole implementation plan  SAPConsole physical and logical security consideration  Lesson learned

Background – NIBCO INC  Founded in Elkhart, IN in 1904  Fourth generation family- owned company  Twelve (12) manufacturing facilities throughout the U.S., Mexico, and Poland  Five (5) distribution centers: (4) U.S. and (1) Poland

Background – NIBCO INC  Employs associates world-wide  Websites:

Manufacturer of: Background – NIBCO INC

NIBCO’s SAP Implementation History  SAP selected as the sole provider of business systems for NIBCO  Oct – Formation of NIBCO’s SAP implementation team (T.I.G.E.R.)  Dec Big-bang implementation  Release 3.0F  19 Locations (manufacturing and distribution)  Modules – FI/CO/CO-PA/PCA/SD/MM/PP/WM/SD  Norgistics (N/3) – Data Collection Middleware

NIBCO’s SAP Implementation History  Upgrades  March Release 4.0B  March 2001 – Release 4.6C  Support Packages 2-3 times per year

NIBCO’s SAP Implementation History  Additional Locations  May International Distribution Center  May 2002 – NIBCO Sp.z.o.o. – Poland Manufacturing, Distribution, Sales, Finance, Payroll In-bond locations  (2) locations in Poland  (2) locations in Hungary  (2) locations in Ukraine

NIBCO’s SAP Implementation History  Additional Functionality  December 1999 – Introduced eNIBCO a suite of customer facing eCommerce offerings  April 2000 – HR-Payroll – U.S.  2000 – Replaced Norgistics (N/3) with CIM Concepts Data Integrator for R/3 – Data Collection Middleware  May 2002 – Localized Polish implementation  December 2002 – SAPConsole goes LIVE  May 2003 – SAP Business Warehouse (Unicode)  June 2003 – HR-Payroll – Reynosa, Mexico  June Time & Attendance – Reynosa, Mexico

NIBCO’s SAP Implementation History  Tolco Support Systems Acquisition – June 2002  Corona, CA  Houston, TX  Sacramento, CA  SAP HRMS Live – June 2002  SAP Operational – November 2002

NIBCO’s Data Collection Technology Evolution

NIBCO Data Collection Technology Evolution …….so why did NIBCO change data collection middleware solutions????  Business strategy –  Utilize SAP products to solve business problems  Leverage SAP investment and relationship  Architectural & technical strategy  Complete the transition from an off-line, interfaced solution to an on-line, integrated solution  Utilize SAP as the core data repository  Leverage SAP programming language and security skills Manage Total Cost of Ownership

SAPConsole Implementation Scope  Initial implementation was a wireless, manufacturing shop floor application pilot at one NIBCO facility  Develop an understanding of the of SAPConsole technology deployment  Develop support processes required to manage SAPConsole in a 7x24 environment  Develop a robust, secure, infrastructure to support SAPConsole in a wireless environment  Develop security management processes which meet the “real” business requirements of the operation  Develop a training approach for SAPConsole transaction deployment

..... so what is so hard about that????

…………… Well nothing really, but there are challenges that every company needs to consider!!!

SAPConsole Project Considerations What were the challenges? OK, what did we argue over??  How do we adequately secure our wireless infrastructure?  How will we allow terminals to bypass NT authentication?  How will we maintain SAP userids?  How will we support SAP password changes?  What SAP user type will be assigned?  What standards do we use for userids and passwords?  Do we delegate SAP security administration to our remote locations?  How will we add / revoke SAP Console specific security at a moments notice?  How will we support the administration of userid’s needing LM01 access?  How will we manage various data collection device screen sizes?

SAPConsole Physical Security  Wireless security infrastructure  Intermec - DCS300 Controllers, 2100AP, 6400 and 2455 terminals  Changed network name and eliminated broadcasts  Rationalized the use of WEP: 64 bit vs. 128 bit - Understand your devices capabilities Work with your partners –  Worked with Peak Technologies and Intermec to develop an approach (Wireless security whitepaper) If you fail to plan for wireless security your network will be hacked!!  Cisco firewall technology  Authorized the data collection devices through the firewall by IPaddress  Utilized VPN for wireless PC’s  Treat the B wireless infrastructure like internet utilizing WEP encryption and firewall technology to “isolate” the network

SAPConsole Physical Security

SAPConsole Infrastructure Struggles  Implemented SAPConsole Version 620 which fixed many challenges:  Password changes at logon vs. an every 90 day parade  Logoff confirmation  Application messages are complete  User can select a memorable, personal password  Allows user to logon to multiple devices – this can also be prevented  Utilize Georgia SoftWorks for device telnet to SAPConsole application – Manages NT authentication process

SAPConsole Logical Security  Wasted time trying to develop special rules for SAPConsole users because of “special needs”  “We need to use a different userid and password standard for the floor people!”  “We need to develop our own authentication and application security tools for SAPConsole!”  “We can’t make them change their passwords every 90 days!”  “We need userid’s, and activity groups at a moments notice!”  “People come off the street, pick, pack and ship products!” Do not abandon your current security administration processes, if they work today then use them!!!

SAPConsole Logical Security  What did we do?  Utilized existing userid & password standards  Built SAP security roles by location and task  Utilized existing processes for establishing and maintaining userid’s and activity groups  Leveraged PID’s to drive higher transactional efficiencies for the SAPConsole user  Added processes to maintain the table for LM01 security in production client (SM30) Building a transaction for de-centralized table maintenance of LRF_WKQU

Key SAPConsole Information Sources  OSS Note Components  LE-MOB Mobile Devices  BC-FES-CON SAP Console  OSS Note #  Multiple logons in RF transactions  OSS Note #  SAPConsole: Logoff & change password screens  OSS Note #  SAPConsole security problem on WIN NT/2000 server  OSS Note #  Table LRF_WKQU Customizing or Master Data?

SAPConsole - Lessons Learned  SAPConsole implementation is more than about deploying a transaction to a wireless device  Understand and plan a secure, wireless infrastructure before you start  Understand your ”real” security requirements for SAP user administration – if you have solid processes use them  Get and stay current on SAPConsole – SAP continues to enhance the functionality  Track your implementation and validate that your security approach meets your company needs

Copyright © 2003 Americas’ SAP Users’ Group Thank you for attending! Please remember to complete and return your evaluation form following this session. Session Code: 4904