Ibn Yousuf

SAP SNC (Secure Network Communications) Key Concepts

An integral portion of my job revolves around provisioning users with SAP SNC names. The SNC (Secure Network Communication) name is the software layer within the SAP system architecture. It’s the backbone to providing the interface to an external facing security application. SAP applications are capable of providing very baseline security controls such as SAP authorization and password-based authentication. SNC is also responsible for safeguarding the end points of all communication. Links are initiated on one side and accepted on the other side. For instance, when a SAP GUI session begins a dialog connection to the SAP system application server, the SAP GUI session is the initiator of the communication and the SAP system application server is the accepter. SNC is one of those things which is configured uniquely based on the SAP system environment. Configurations are defined in a number of places. For example, they can be defined in initializing files, maintenance transactions, or profile parameters. For me, the profile parameters are the most efficient and simple way in defining SNC parameters.

When creating an SNC name, there are a number of important things to keep in mind. Firstly, a prefix with the external user name must be assigned. The <product> indicator can be also used in the prefix, however this is not required. The below list shows some of the various SNC formats that are possible:

  • Normal format – <name type>:<external name>
  • Extended format – <name type>/<product>:<external name>…where:
    • <name type> Name type syntax. Can be “p” for product specific default printable name, “s” for a host based service name form, or “u” for user name.
    • <product> This simply denotes the security product that was used and can also be a number of different values:
      • krb5 – Kerberos
      • secude – SECUDE
      • sapntlm – An SAP provided indicator for Windows LAN Manager Security Service Provider (NTLMSSP) on Win32 platforms.
    • <external name> This simply indicates the external name of the user as it’s known by the security product

When provisioning users, the SNC name format that I most commonly deal with and interact with, is the “p:CN=hyousuf@SAP.CORP.gov/org/com.” The alias name is actually also the same in 99.9% of cases. From a security controls perspective, it is not recommended to the SNC names > 80 printable characters.

Assigning or editing the SNC name in SAP GUI
Location 20147 Phone 703-622-8321 E-mail hammadyousuf1@gmail.com Hours 24/7
search previous next tag category expand menu location phone mail time cart zoom edit close