Like any other release, BI 4.2 SP04 is also packed with new innovations. We have been working on to make the BI platform more secure, and I am happy to announce that a good part of those changes are delivered with BI 4.2 SP04.
I will keep this blog focused on key security updates in BI 4.2 SP04. In case you are interested in all that’s new in BI platform then refer this What’s New Document
OpenSSL cryptographic libraries have been updated with this release. This would enable you to have more secure communication channels.
Support for SAP Secure Logon
SAP Secure logon is a Single Sign on (SSO) solution from SAP that works across products and allows customers to have seamless SSO expereince for their end users across applications.
With this release we support two factor authentication and SSO via Secure logon solution to thin clients of SAP BusinessObjects suite.
RSA and SAP Crypto updates
RSA libraries are gradually being replaced with SAP Crypto libraries, some changes comes with this release, more would follow in subsequent releases. Where we could not already replace RSA we have updated them to later versions. This allows us to provide customers with stronger ciphers, stricter and stronger algorithms and continued FIPS compliance.
And yes, we have now deprecated SSLv3.
Impact of these changes
Any desktop or thin clients using older BI platform libraries to connect to BI platform BI 4.2 SP04 will not connect anymore. This is because the older cryptographic libraries of BI platform do not have matching KeyExchange/ciphers with new cryptographic libraries in BI 4.2 SP04. Hence,
In all cases
- Client tools by partner or customers using older BI platform libraries needs to be updated with latest cryptographic libraries from BI 4.2 SP04. So that they can continue to connect to BI platform
- Patches are planned for add-on clients like Lumira 1.x, Design Studio 1.x etc. to make sure they continue to work once BI platform is upgraded to BI 4.2 SP04.
In case you have SSL enabled for SIA
- BI 4.2 SP04 would connect to older BI platform systems for promoting content via Promotion management. If this is done when SSL is enabled for SIA, it would not work. Following are the options
- Disable SSL on SIA and promote your content to BI 4.2 SP04
- Or, you need to install the right patch released for your BI 4.1 and 4.2 SP lines. This patch makes sure there is a common cipher between two systems and communication can happen. Refer SAP Note 2413907
- No plans to patch BI 3.x systems. Hence, customer’s need to move to BI 4.x system first, before they can move to BI 4.2 SP04
- You need to generate new certificates (minimum Key Size 2048) for older BI platform systems
For more information you can refer SAP Note 2433337