Protect4S - VM User Guide
  • Protect4S - VM User Guide
  • Introduction
    • Quick setup
    • Support
    • Protect4S VM place in SAP system landscape
  • Pre-conditions and installation
    • Supported operating system and database types
    • Software version requirements
    • Recommendations
    • Heterogeneous database connections
  • Protect4S VM Software Installation
    • Add-On Installation, import support packages and upgrade
    • Installation post-processing
  • Create Protect4S VM users and roles
    • Distribution of satellite roles
    • satellite system ABAP RFC user using wizard
    • satellite system ABAP RFC user MANUAL SETUP
    • satellite system JAVA user
    • satellite system database user
    • satellite system operating system user
    • Operating system user other than <sid>adm
    • Satellite system BusinessObjects user
  • Check and set Application settings
  • Protect4S VM Menu
  • Execute the Quick setup
    • Company
    • Systems
      • Creating an ABAP system
      • Creating a JAVA system
      • Creating a BusinessObjects BI system
      • Creating a HANA standalone system
      • Creating a SAP Web Dispatcher system
      • Creating a SAProuter system
      • Creating a SAP Cloud Connector system
      • SAPControl security settings
  • Create a project
    • New project
    • New Scan
  • Check Template
  • Contact persons and Scan subscription
    • Contact persons
    • Scan subscriptions
  • Reports
    • Scan result
    • Scan results information
    • System tab
    • Company tab
    • Scan statistics tab
    • Check overview
    • Risk history
    • Scan statistics
    • Scan export
    • Mitigation report
    • Scan comparison
    • Management overview
    • Connection map
  • Mitigation of Vulnerabilities
    • Mitigation menu
  • Check exemptions
  • SIEM Interface
  • Integration
    • Incident Management
  • Information and support
    • Welcome menu
    • Product information
    • Check information
    • Change log
    • User Guide
    • Report a software defect
    • Feature request
  • Deinstallation
  • Appendix A: Troubleshooting Satellite System connection issues
    • SAPControl connections
    • Database connection
    • JAVA connection
    • HTTPS certificate errors
  • Appendix B: Installation database libraries
    • IBM DB2
    • MSSQL
    • MaxDB
    • Oracle
    • SAP Sybase
    • SAP HANA
  • Appendix C: satellite system Communication Ports
  • Appendix D: Protect4S VM SICF Services
  • Appendix E: using a server group
  • Appendix F System context
  • Appendix G DNS resolving
  • Appendix H Dump in Scan subsciptions
  • Appendix I HTTPURLLOC table
  • Appendix J - Risk Matrix
  • Appendix K - Short dump function module "PFL_GET_SINGLE_PARAMETER" not found
  • FAQs
    • General
    • Installation
    • Configuration
    • Projects and scans
  • Contact us
Powered by GitBook
On this page
  • Managed Service Providers (MSP)
  • Multi client support
  • Server groups
  • Protect4S central system

Was this helpful?

  1. Pre-conditions and installation

Recommendations

PreviousSoftware version requirementsNextHeterogeneous database connections

Last updated 2 years ago

Was this helpful?

In order to get the most out of Protect4S VM, we recommend the following:

Managed Service Providers (MSP)

For MSP's we provide a demo-license to demonstrate the Protect4S VM solution to prospects. It is advised to have a separate Protect4S system for demo purposes that is separated from productive Protect4S VM installations to scan customer systems. This is to prevent mixing of sensitive data with demo scenarios.

We support the use of a single Protect4S system for multiple customer's systems, provided:

  • This system has been hardened (e.g. network separation)

  • Is kept up-to-date with the SAP Security notes

  • Access to it is strictly regulated

  • The customers are separated per system or per client.

Multi client support

If you are an MSP and want to use a single Protect4S system for multiple customers, then it is necessary to separate these customers per client to separate the data for these customers. For every customer it is required to:

  • Create a new client using a customizing-only (profile UCUS) copy from client 000 with transaction SCCL.

In the new client:

  • Execute the

  • In the new client, follow the VM User guide starting from

No support for strict data separation in Protect4S system with single client and multiple customers

We do not support data separation in a Protect4S system that has a single client for multiple different SAP customer systems.

This is because some Protect4S VM functionality would be merged and different SAP customers could see details of each other's SAP systems and security related information. Both the Connection map and Management overview would show the SAP systems of all customers, for example. If you want to use one Protect4S system for multiple customers where data of these customers is separated, then it is necessary to create a separate client per customer.

Server groups

  • Protect4S VM has no specific hardware requirements because its memory and CPU consumption is very low. But when running a project containing more than 10 scans, it is advised to monitor the use of system resources and make use of the server group settings in order to control the number of active work processes.

Protect4S central system

For best insight and visibility over the complete landscape (e.g. the connection map) it is advised to connect as much systems in the landscape as possible to one central Protect4S VM installation. (provided there are no hard boundaries like network separation, security restrictions, etc).

Also it is advised to install the Protect4S solution on a Productive system rather than a Development system for productive use. This to avoid connections from low security zones (Development, Sandboxes, etc) to high security zones (Production for example).

See , "Using a Server group".

In order to fully utilize the Protect4S VM notification functionality, we recommend to configure the sending of emails from the Protect4S system. See the in SAP Help for additional information.

When using the functionality it might be considered to set the parameter rdisp/max_alt_modes to a value higher than the default value of "6" to not run into issues when running multiple mitigation runs at the same time.

Installation post-processing
Create Protect4S users and roles
Check and set Application settings
Execute the Quick Setup
Create a project
Appendix E
Quick Guide to SMTP Configuration
Mitigation of SAP Notes