ERP SAP infratsructrure and it's security

We are into finalising RFP details for rolling an ERP (SAP/Oracle) for operations ranging from usual backend (HR, Accounts, Administration) to front end business largely associated with engineering and construction business.

Now, does anyone here have any experience relating to the security needs of SAP or oracle implementation on the infrastructural level? I have heard that recently NOvell had a tie up with SAP and microsoft and guys are talking about SuSe linux Enterprise server as a robost alternative to windows
underlying platform. Is this an alternative that can be explored?

What other things you guys might want to be considered at the RFP level from technology (and not functionality/features) perspective, for we already have too many people on board mapping out business needs at this point in time, but very few, looking at the underlying infrastructure, storage and redundancy planning, disaster recovery etc., on which the whole initiative will run.

Any/all suggestions are welcome.

Who is Participating?
bhanukir7Connect With a Mentor Commented:

Whether be it oracle or SAP as a ERP solution, You would need to hire consultants at different level to get the implementatin going and you can also sign up for enterprise support Which would take care of the major issues or major upgrades.

Coming to usability, for your day to day administration of users which you are currently doing it with AD, you can have the same windows logon mapped to the SAP logons and make it seamless.

Normally majority of the SAP or ORACLE installs are on Linux/Unix as they are more scalable and robost. And maybe it is time to some unix/linux admins onboard for the day to day management especially when running such critical applications.

Ofcourse unix/linux and sap/oracle are like you designed them correctly then you might never need to touch them. So you may also entrust that to a consultant.

Suse linux has the ability to integrate with AD otherwise you can install Novell eDirectory which is available in Suse Linux Called now Novell OES (Netware modules running on Linux) . So you can consider the unix/linux platform as SUSE linux for you SAP/Oracle and have the AD users logon seamlessly.

Hardware :

Well Storage and backup are the things majority of plans go haywire. Because when we try to estimate how much would the data grow to and how much would be the backup size. Have a SAN in place with options to add additional space would be the best way for your storage requirements. You can implement Veritas cluster for high availability of your SAP systems for data replication or you can consider CA Wansync Which is a high availability Replication solution which can bring up the applications in real-time. You can otherwise use Oracle Datagaurd Technology which would replicate your data in real-time for high availability.

For your backup needs it would be better to consider (VTL)virtual tape librarys  ADIC has VTL which are enterprise Class and you can have all your backups run to the VTLs. The data transfer rate is faster than that on a TAPE device. Adding additional disk space would be cost-effective compared to purchasing additional tapes.You can migrate the backs from the VTL to the Physical tapes to move to off-site location.

To summarise :

SAP/Oracle  : your organisations requirement
OS               : SUSE Linux Better AD integration
Storage       : SAN with option to Add more space
Backup        : VTLs cost of adding more disks is less compared to purchasing tapes and adding additional tape drives

With regards to EMC Documentum i think that is a good option you can also consider windows sharpoint portal for your content management.


When you say security do you mean integrating the sap access with single sign-on or what is the requirement.

When you say or looking at SUSE linux enterprise server this kind of recomendation is primarily made for single sign on access to resources.

AKA ldap/active directory thing.

So if its about single sign on and further access to resources then you can have microsoft active directory integration and the users acces the sap recources with the user log on credentials or  you can have the same kind of integration with suse linux server

revert back


It all depends on your how big and critical your business is. Do you need the ERP 24/24 7/7 ? How much does downtime for this system cost your company ?

If you're serious about reliability and redundancy, consider this:

System landscape: SAP can run on a single server or you can build a SAP landscape with several application and Oracle servers. It all depends on how business ciritical this system is and if you can afford downtime. You'll probably need different servers for development & testing, quality assurance and production, but you can split this into more servers if you want more reliability or performance.

Big, critical systems can often be found on Unix systems. Unix systems are more mature than on any other 64-bit OS, and for SAP you need 64-bit. Linux is proably a worthy alternative if you need to keep costs low or for somewhat smaller systems. Also consider what your system admins know and support. If Unix or Linux is new to them, you're probably better off with a Windows implementation.

For the servers, buy the most redundancy you can get. Hardware is cheap compared to the total cost of your ERP implementation. SAP needs a lot of resources. You can never have enough resources for an SAP system, but SAP can help you size the system pretty accurately.

Get a serious storage system (NetApp, EMC, ...) that offers lots of redundancy and performance. Consider your backups, as you databases could grow to terrabytes. Can you afford to loose any data at all ? Professional storage systems allow remote mirroring for disaster recovery purposes, and are the backbone of any disaster recovery solution.

fahimAuthor Commented:
Bhanu..thanks for the reply.
The decision is yet to be made about Oracle or SAP, but I want to plan for technology hoping the infrastructure needs would not differ much.

The consultants are saying that Windows isn't a good option and we should go for Unix/linux based solution and so I thought SuSe might be an option. You brought identity management aspect and that's a point to consider as we would have to look at means of seamlessly integrating our current user base on windows AD with ERP and not to have two places for user ID management. Which one is better in this case? Solaris or SuSe? I am looking at some Unix flavour to host my SAP/Oracle appliacion as well as backend database and integrate that with EMC Documentum for docs storage.
we are currently debating on this aspect of SAP landscape, vis a vis Oracle's Single/Multiple instance. Downtime should be minimal and going by your posting, seems like distributing Application and databases over a few servers would be affordable. That also involves infratsructure security design I guess?

OS: None of our guys have a hang of Unix/Linux. Should this be a decision to compromise on system performance by going for Windows implementation? Wouldn't local support agreement with some Unix guys compensate? Yur thoughts!!?

Hardware: I agree..we would try to scale it well, the main costs I see would occur in providing storage and backup.

We are currently running a 5 yr old backup system by Symantec Veritas on an ADIC scalar tape drive which falling way too short of required efficiency ina  non-ERp environemnt. I was wondering if we can go for a comprehensive solution that would cater to both my running Windows AD/Exchange infratsructure with blowing mailboxes and be suitable for backing up the ERP databases too.

Do you have something in mind, Enterprise class, that would scale well to such needs?
Pls advise!!

Point increased!! :)

robocatConnect With a Mentor Commented:

>I was wondering if we can go for a comprehensive solution that would cater to both my running Windows AD/Exchange infratsructure with blowing mailboxes and be suitable for backing up the ERP databases too.
>Do you have something in mind, Enterprise class, that would scale well to such needs?

High end storage systems like NetApp will offer this. These storage systems can provide FC/iSCSI based storage to your Windows servers and FC/iSCSI/NFS based storage to Unix/Linux servers.

These systems allow snapshot backups (e.g. a backup each hour of the day) and disk-to-disk backup from fast disks to slower SATA disks. The storage systems take care of the backup (serverless backup) and can handle backups of hundreds of TB if needed. We backup 500GB databases in a few minutes using these systems.

The disk-to-disk backups can also be used to create an offsite backup on your disaster recovery site. The data is always instantaneously available for use without the need to restore it from tape first.

All Courses

From novice to tech pro — start learning today.