Highly secure remote maintenance of SAP systems to existing customers

The Rendezvous concept for the maintenance of production environments was transferred to the remote maintenance of an SAP system.

The idea for developing Advanced Secure Connect arose from a cross-company co-innovation with SAP's existing customer Bundesdruckerei and is currently being introduced there.

The core of the solution is a secure connector: both SAP's maintenance service and the existing customer establish encrypted connections to this "gateway".

Only when both meet on the hardware connector for the rendezvous, the continuous maintenance connection to the SAP system is created. In this way, the customer always has control over external maintenance access to its network and can thus achieve a high level of security.

The new solution is a joint development of SAP and Genoa.

"Thanks to the intensive exchange with Bundesdruckerei and the good cooperation with Genoa, we were able to develop an innovative remote maintenance solution within a short period of time.

Advanced Secure Connect provides the highest level of security and expands our support offering."

says Bernd Leukert, Member of the Executive Board for Products and Innovation at SAP.

Christian Helfrich, Managing Director of Bundesdruckerei, adds:

"Strict policies apply to the remote maintenance of our central SAP systems; we always want to retain control over external access.

The new solution from SAP and Genoa meets our high security requirements - and shows how innovative networking can work."

Matthias Ochs, Managing Director of Genoa, explains:

"In the cross-company development, the close cooperation between SAP and its existing customer Bundesdruckerei was particularly helpful - a great example of how customer projects can create intelligent products that are also of interest to other customers."

The Advanced Secure Connect remote maintenance solution offers numerous security options. At the heart of the solution is the Secure Connector hardware.

SAP Support and the existing customer generate encrypted and authenticated connections to the connector at the agreed time. Only when the connections meet on the connector can SAP Support access the supported system in the customer network.

No maintenance access is established without the connection being established by the customer, thus preventing misuse by unauthorized persons. Users always have control over the maintenance connection at the end point in the customer network.

Another component of the security solution is a service box, which shields the serviced SAP system from the rest of the customer network during maintenance.

As a result, the maintenance connection leads exclusively to the SAP applications; access to other systems in the customer network is not possible.