Configuration Guide SAP Information Collaboration Hub for Life Sciences Document Version: 1.1 Final Date: SAP Information Collaboration Hub for Life Sciences
Typographic Conventions Type Style Example Description Words or characters quoted from the screen. These include field names, screen titles, pushbuttons labels, menu names, menu paths, and menu options. Textual cross-references to other documents. Example EXAMPLE Example Example <Example> EXAMPLE Emphasized words or expressions. Technical names of system objects. These include report names, program names, transaction codes, table names, and key concepts of a programming language when they are surrounded by body text, for example, SELECT and INCLUDE. Output on the screen. This includes file and directory names and their paths, messages, names of variables and parameters, source text, and names of installation, upgrade and database tools. Exact user entry. These are words or characters that you enter in the system exactly as they appear in the documentation. Variable user entry. Angle brackets indicate that you replace these words and characters with appropriate entries to make entries in the system. Keys on the keyboard, for example, F2 or ENTER. 2017 SAP SE or an SAP affiliate company. All rights reserved. 2
Document History Version Status Date Change 1.0 Final 2016-06-08 Initial release 1.1 Final 2017-12-18 Updated for new name SAP Information Collaboration Hub for Life Sciences 2017 SAP SE or an SAP affiliate company. All rights reserved. 3
Table of Contents 1 About This Document... 5 1.1 Purpose and Scope... 5 1.2 Target Audience... 5 1.3 Glossary... 5 1.4 Related Information... 7 2 Minimum Requirements... 8 2.1 Push/Pull Communication Scenario... 8 2.2 Push/Push Communication Scenario... 9 3 Important Disclaimers and Legal Information... 11 3.1 Coding Samples... 11 3.2 Accessibility... 11 3.3 Gender-Neutral Language... 11 3.4 Internet Hyperlinks... 11 2017 SAP SE or an SAP affiliate company. All rights reserved. 4
1 About This Document 1.1 Purpose and Scope This guide contains information to validate if a participant backend system meets minimum requirements to onboard to the SAP Information Collaboration Hub for Life Sciences, referred to as the hub. 1.2 Target Audience This document is for members of the technical implementation team involved in integration and onboarding to the SAP Pharma Network, including: Implementation and integration teams System Administrators Information Security Officers Network Administrators 1.3 Glossary Term Abbreviation Definition Certificate Authority CA A certificate authority or certification authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. In the Hub integration scenario, any certificate must be signed by an SAP-Trusted CA. Certificates are listed in the SAP Information Collaboration Hub for Life Sciences Administrator Guide. Domain Name System DNS Hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. Associates various information with 2017 SAP SE or an SAP affiliate company. All rights reserved. 5
Term Abbreviation Definition domain names assigned to each of the participating entities. Hypertext Transfer Protocol Secure HTTPS Communication over HTTP within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer Protocol for secure communication over a computer network. Hypertext Transfer Protocol HTTP Protocol for distributed, collaborative, hypermedia information systems. Foundation of data communication for the World Wide Web. Message Level Security MLS Summarizes the security settings that can be applied to protect the content of a message. Depending on the chosen standard, message level security can imply digitally signing or verifying, and encrypting and decrypting the content of a message. Onboarding Process of connecting a participant to the Hub. Onboarding covers all tasks necessary to configure the connection and data exchange between a participant system and the Hub. Participant Company or organization that onboards to the Hub Transport Level Security TLS Summarizes settings that can be applied in order to secure the transfer on the communication path between two communication partners. Web Services WS Service offered by an electronic device to another electronic device, communicating with each other over the World Wide Web. In the Hub integration scenario, Web Services are the preferred integration method. 2017 SAP SE or an SAP affiliate company. All rights reserved. 6
Term Abbreviation Definition Whitelist List or register of entities provided access. Entities on the list are accepted, approved or recognized. 1.4 Related Information Introduction to the SAP Information Collaboration Hub for Life Sciences SAP Information Collaboration Hub for Life Sciences Administrator Guide s for non-sap backend systems 2017 SAP SE or an SAP affiliate company. All rights reserved. 7
2 Minimum Requirements To integrate a non-sap backend system to the Hub, the system must meet minimum requirements. A participant system can onboard to the Hub using Web Services and the following communication scenarios: Push/Pull Push/Push The following sections outline minimum requirements for each of these scenarios. 2.1 Push/Pull Communication Scenario Domain Requirement Description Basic Connectivity Basic Connectivity Basic Connectivity HTTPS Service Set up and active in ICM Participant System must have an available DNS Service. Pharma Network IP Range must be whitelisted. HTTPS must be operational on the participant system. In other words, the participant system must be able to invoke Web Service calls using HTTPS. The participant system must be able to leverage a DNS Service, usually offered by a dedicated DNS Server. The Hub test and productive IP ranges must be whitelisted by the participant network team. The IP ranges for Hub are published on the SAP JAM Platform for each participant. Security TLS - Signed Client Certificates in place To integrate to the Hub, a signed client certificate that has a SAP trusted Root CA is required. This relates to TLS/Authentication. Security MLS - Message Level Security Keys in place The Hub team recommend payload or Message Level Security as best practice for Test and Productive environments. It is SAP best 2017 SAP SE or an SAP affiliate company. All rights reserved. 8
Domain Requirement Description practice to use CA signed MLS keys in Production. 2.2 Push/Push Communication Scenario Domain Requirement Description Basic Connectivity Basic Connectivity Basic Connectivity HTTPS Service Set up and active in ICM Participant System must have an available DNS Service. The Hub IP Range must be whitelisted and allow Web Service calls to be registered from the Hub. HTTPS must be operational on the participant system. In other words, the participant system must be able to invoke Web Service calls using HTTPS. The participant system must be able to leverage a DNS Service, usually offered by a dedicated DNS Server. The Hub test and productive IP ranges must be whitelisted by the participant network team. The IP ranges for Hub are published on the SAP JAM Platform for each participant. In a Push/Push scenario, Web Service calls are made by the Hub to the participant system. The participant system must be configured to receive such calls. Security TLS - Signed Client Certificates in place To integrate to the Hub, a signed client certificate that has a SAP trusted Root CA is required. This relates to TLS/Authentication. Security TLS Server Keystore in place In a Push/Push communication scenario, the participant system also acts in a server capacity. Therefore, there may be the requirement to host a separate server specific keystore on the participant 2017 SAP SE or an SAP affiliate company. All rights reserved. 9
Domain Requirement Description system to handle inbound Web Service calls from the Hub. Security MLS - Message Level Security Keys in place The Hub team recommend payload or Message Level Security as best practice for Test and Productive environments. It is SAP best practice to use CA signed MLS keys in Production. 2017 SAP SE or an SAP affiliate company. All rights reserved. 10
3 Important Disclaimers and Legal Information 3.1 Coding Samples Any software coding and/or code lines/strings ("Code") included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended to better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, unless damages were caused by SAP intentionally or by SAP's gross negligence. 3.2 Accessibility The information contained in the SAP documentation represents SAP's current view of accessibility criteria as of the date of publication; it is in no way intended to be a binding guideline on how to ensure accessibility of software products. SAP in particular disclaims any liability in relation to this document. This disclaimer, however, does not apply in cases of wilful misconduct or gross negligence of SAP. Furthermore, this document does not result in any direct or indirect contractual obligations of SAP. 3.3 Gender-Neutral Language As far as possible, SAP documentation is gender neutral. Depending on the context, the reader is addressed directly with "you", or a gender-neutral noun (such as "sales person" or "working days") is used. If when referring to members of both sexes, however, the third-person singular cannot be avoided or a gender-neutral noun does not exist, SAP reserves the right to use the masculine form of the noun and pronoun. This is to ensure that the documentation remains comprehensible. 3.4 Internet Hyperlinks The SAP documentation may contain hyperlinks to the Internet. These hyperlinks are intended to serve as a hint about where to find related information. SAP does not warrant the availability and correctness of this related information or the ability of this information to serve a particular purpose. SAP shall not be liable for any damages caused by the use of related information unless damages have been caused by SAP's gross negligence or willful misconduct. All links are categorized for transparency (see: http://help.sap.com/disclaimer). 2017 SAP SE or an SAP affiliate company. All rights reserved. 11
www.sap.com/contactsap 2017 SAP SE or an SAP affiliate company. All rights reserved.