Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 3. Security and SAP Solutions
Enterprises usually have substantial compliance requirements based on the industry, type of customers, geographic location, and more. Such requirements may need specific certifications, cryptographic modules, and support for encryptions. With Red Hat Enterprise Linux for SAP Solutions, Red Hat delivers a stable, security-focused, high-performance foundation for SAP business applications to support such requirements and provide an easy way to set and validate compliance policies.
3.1. SELinux for SAP production environments
SELinux is a security technology for process isolation to mitigate attacks via privilege escalation. SELinux is enabled on RHEL 8 by default and security policies for system processes are maintained by Red Hat. However, this does not apply to 3rd party applications, such as SAP HANA and S/4HANA. In previous releases, it was recommended to completely disable SELinux on RHEL when installing SAP software.
This has now changed with RHEL for SAP Solutions, and customers may use SELinux in the context of production SAP HANA and S/4HANA deployments.
Additional resources
- For more information, see Enabling SELinux with SAP HANA DB.
3.2. SAP HANA disk encryption with NBDE
Red Hat uses the Policy-Based Decryption (PBD) process by using multiple technologies to enable the unlocking of encrypted root and secondary volumes of hard drives.
Network Bound Disk Encryption (NBDE), delivered along with Red Hat Enterprise Linux, is a subcategory of PBD that allows binding encrypted volumes to a special server known as a tang server.
Tested for compliance with SAP HANA, customers of RHEL for SAP Solutions can use NBDE to run SAP HANA DB with encrypted hard drives leveraging automated unlocking capabilities via Tang server.
Additional resources
- For more information, see Setting Up a RHEL System with NBDE and Installing SAP HANA DB with RHEL.
3.3. File access policy Daemon for SAP
File access policy Daemon fapolicyd
is a technology provided in RHEL to determine access rights to files based on a trust database and file or process attributes. It helps customers to ensure data remains protected even in case an attacker has successfully gained control over certain processes.