Managing Encryption Keys for SAP HANA Express - by...
Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
In this playlist you will find video tutorials about miscellaneous topics; some included in the Getting Started with SAP HANA express edition guide (PDF) that comes with the download, others not (yet). Some examples:
In this blog, I will provide some background about an important security topic: managing encryption keys.
SAP HANA uses the same technology as ABAP systems to protect encryption root keys, namely, the secure store in the file system (SSFS).
This technology is used for two different purposes:
Secure internal communication channels (PKI SSFS)
Server-side data encryption (instance SSFS)
All internal SAP HANA communication can be secured using TLS/SSL and for this a public-key infrastructure (PKI) is set up during installation. These keys are stored in the PKI SSFS.
The figure below shows some examples where this is used. For SAP HANA, express edition, this applies to localhost, multitenant database container system (MDC), and smart data access communication. Multiple hosts, dynamic tiering and system replication are not in the feature scope but, as stated in the Feature Scope Description document, they 'are subject to change without prior notice'.
For server-side data encryption, another SSFS is used. This store protects the root keys for data volume encryption and for the internal data encryption service, currently used for:
Database-internal secure credential store for outbound connections (for example, smart data access)
The SAP HANA Academy provides free online video tutorials for the developers, consultants, partners and customers of SAP HANA.
Topics range from practical how-to instructions on administration, data loading and modeling, and integration with other SAP solutions, to more conceptual projects to help build out new solutions using mobile applications or predictive analysis.