SAP HANA 2.0 Securing Data Communications

SAP HANA 2.0 Securing Data Communications

You can use the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocol to secure communication for client-server and internal communication.

All internal SAP HANA communication will be secured with the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocol.A simple public-key infrastructure (PKI) is configure for securing the communications.

The following internal communication channels will be secured with the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocol:

• Communication between the processes of individual databases in a MDC 
• Communication between the hosts in a scale out - multiple-host system and between processes in the database 
• Communication between the primary site and secondary side with HANA system replication 
• Communication between the SAP HANA database and additional server components, such as an extended storage server (SAP HANA dynamic tiering) or a smart data streaming server (SAP HANA smart data streaming). 

A dedicated PKI is made for internal communication mechanically throughout system installation.
Each component (host, database, additional server, and so on) receives a public/private key pair and a public-key certificate for mutual authentication. The certificates are signed by a dedicated trusted certificate authority (CA), which is unique for each SAP HANA system. The certificates are automatically renewed. Common CryptoLib is used as the cryptographic library.

SAP HANA database uses X.509 client certificates for securing internal and external communication channels, as well as for several user authentication mechanisms. Certificates can be stored and managed in the file system or directly in the SAP HANA database.