Skip to Content
avatar image
Former Member

Agentry, DMZ settings/VPN

Hello Agentry followers. We have several implementations pending on Agentry. Our client is looking into an agentry DMZ deployment option. Is there a document, on top of admin and configuration guides, which described the different pro and cons for such a set up, versus for example a VPN connection of  mobile clients into the corporate network.

thanks

Stephan

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Nov 25, 2013 at 07:27 PM

    Stephan,

    It was not clear from your  question whether your questions were related to  Agentry on SMP 3.0 platform or Agentry as a standalone server.   in SMP 3.0 Agentry client uses Web sockets which is https based  protocol.

    We don't have any specify documents which  lists out pros and cons of  Agentry in DMZ verus non-DMZ.I think lot of customers have concerns about security and  data that gets transmits  between  Agentry client and SAP.  We need to explain the architecture of Agentry and how it works.

    a)    Typically we have seen customers putting Agentry Server in DMZ zone. Since Agentry uses Angel  protocol  in Agentry  6.0 and  earlier versions,  Your data is encrypted from client to Server. if data needs to be encrypted all the way to SAP we have to modify some Java classes to use  SAP SNC encryption from Agentry to SAP server. The Agentry server communicates with SAP systems using the SAP Java Connector. 

    b)  Yes in future all Agentry based products will be closely  aligned with other  SAP  products when it comes to SSO.   by default OOB Agentry products comes with client/server certificates to meet  basis  security needs. You can always create your own self signed certificates depending on your requirements.

    c) You can look at some security settings that can be done on Agentry client side  like   lockout time, idle time , password retry -  such that after 3 incorrect passwords, data on client can be wiped out.

    d) I'm not clear with questions.... This could be more of  VPN connection settings on device than Agentry client requirements or settings.

    Let me know if i have answered  your question.

    Thanks - Manju

    SAP Rapid Innovation Group - RIG

    Add comment
    10|10000 characters needed characters exceeded

    • Stephan,

      All the security settings Manju mentioned are exposed with the Agentry Editor under the Application | Application Security.  As Manju mentioned you can idle and lockup behavior for your appilcation and for the newer devices (iOS / Android) you can also chose to have the local database on the device encrypted to further protect your data in the event of a device being lost or stolen.  The Engineering team is also further working on enhancing the security options available with respect to the certificate handling and options for these devices as well.

      In terms of your question d) around VPN, many customers do choose to leverage their existing VPN infrastructure to also protect the connections to the Agentry serer.  The user simply esatblishes the VPN connection on the device (outside of Agentry) and the Agentry traffic automatically routes over the connection based on the host connection / routing defined by the VPN.  We don't need to make any special configuraiton in Agentry to have it utilze the VPN.

      --Bill Froelich

        Global Mobility Services

  • Nov 06, 2013 at 05:31 AM

    Hi Stephan,

    I would first take a look at the new Agentry Landing page (should bookmark it) which links to most all things Agentry. 

    As you probably noticed, there is more Agentry traffic here than even as little as two months ago.  Partly this is due to the Forums in the Syclo Resource Center being shutdown, partly due to some proselytizing (not just by me either), and partly due to the greatly increasing amount of documents being posted in this community and in the SAP Mobility Wiki (link in the Landing Page). 

    Good to hear from you!

    Cheers, Mike

    SAP Rapid Innovation Group - RIG

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Stephan,

      No, just leave it here.  This is pretty much the main Agentry Forum (Community) going forward.  Not that it couldn't change, but for now...

      I would have to defer to the real Agentry experts to answer the security/DMZ questions.  Will try to steer a few folks to respond directly to this Discussion.

      Regards, Mike

      SAP Rapid Innovation Group - RIG