Architecture

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on all things SAP.

Agile Architecture: Details

The architecture of Security Framework has a number of key components: securityRunTime (secRT), security Broker (secBroker), security policy server and adapters for many different software and hardware applications. This design allows for the maximum amount of flexibility and orchestration by customers while simultaneously minimizing complexity and maintenance.

SecRT is the engine of Security Framework. A comprehensive security infrastructure for service oriented architectures (SOAs), all components and adapters in the Framework sit on top of the same core module using SAMI principles (Security Automation Management Infrastructure). This allows secRT and its adapters to be easily enhanced and adjusted.

At the heart of this comprehensive infrastructure is SAMI (Security, Automation, Management and Infrastructure). SAMI interacts with the adapters (such as Mobile Firewall), allowing you to quickly swap out adapters based on your company’s needs. Adapters are the components that make up the various suites. SecurityRunTime acts as an engine and security Broker acts as a “cockpit” where everything can be controlled. Additional benefit of such modular and standards-based designs is that customer specific solution can be easily assembled by picking and choosing parts from the Security Framework’s product suite. Customers can also choose part of solutions here to incorporate them into their existing application architecture.

- SecurityRunTime

secRT facilitates a number of key functionalities for a open and collaborative environment like Workflow or Identity Management. secRT is designed with SOA standards in mind: XML, Java and Web Services so that all interfaces and communications are based on standards.Read more »

– Security Broker

Security Broker is the central administration cockpit that works closely with securityRunTime and Policy server. Three parts make up its structure: Security Repository, Security Admin RCP, and the Security Connectors.

Security Repository

The repository contains a relational database, where all sensitive data is stored and encrypted, and protected from manipulation.

Security Admin RCP

Configuration and control of the Security Broker is done via decentrally available administration interfaces through the Security Administration (RCP). All functions and services implemented in the Security Broker may be administrated centrally. The communication is done via safe Web Services provided by Remote Access. Authentication of all service calls prevents unauthorized access and enables realization of a dedicated administration.

Security Connectors

A connector is a securityRunTime instance started with an entity and is run as a web application on the application server. Basically, operation and administration differ depending to whether a central administration (Security Broker) is used or the solution is run locally. In both cases each connector may be administrated locally via a web application. Each securityRunTime Connector may be configured via the Workflow Editor after deployment. The Workflow Editor allows to place and configure security functions available via an adapter in a process logic. Security functions may be realized by the workflow engine without programming effort.

– Security Policy Server

The Policy Service generates the system wide Security Rules. These contain all settings, models, policies and software components for realization of the security rules.