Technical Articles
Data Storage and Network Security for the SAP HANA Service – by the SAP HANA Academy
LATEST UPDATE: September 1, 2020 ========================================= The SAP Cloud Platform, SAP HANA Service will be retired in 2021. For more information, see For the latest information about SAP HANA database-as-a-service, visit our blog post series about SAP HANA Cloud: |
Introduction
We do not have access to the file system or the operating system for the SAP HANA Service, so how we control data storage encryption and network security works differently compared to on-premise SAP HANA.
Root key management, however, still works the same, and to stay in control of how your system is encrypted, it is important to understand encryption root key management. In particular, because if you do not manage your data volume and backup encryption root keys properly, it may be difficult if not impossible to recover your database. Cloud or not.
Encryption is always On for the data and log volume, and for backups.
Tutorial Video
In the video tutorial below, we show how you can create encryption root key backups and how to access your keys. Network security and the Instance and SystemPKI SSFS are also covered.
URL: https://youtu.be/WRK-aMZdRvA
Manage Keys
You can use the Manage Keys app to change the root encryption keys, make a backup, or change the root key backup password.
There are encryption root keys for the data and log volume, for backups, and for the application encryption service. These keys are stored inside the Instance SSFS managed by the cloud provider. The password-protected backup of the root keys is stored and managed by you.
The certificates stored in the system PKI SSFS are also managed by the cloud provider. These certificates are used to encrypt communication between different server processes (indexserver <-> nameserver) or between different sites in case of system replication.
YouTube Playlist(s)
The tutorials has been posted to the following playlists:
References
For the documentation, see
- Managing Server-Side Data Encryption – SAP HANA Security Guide for SAP HANA Service
- Secure Stores in the File System (SSFS) – SAP HANA Security Guide
- 2159014 – FAQ: SAP HANA Security
- SAP HANA Security
Thank you for watching
The SAP HANA Academy provides free online video tutorials for the developers, consultants, partners and customers of SAP HANA.
Topics range from practical how-to instructions on administration, data loading and modeling, and integration with other SAP solutions, to more conceptual projects to help build out new solutions using mobile applications or predictive analysis.
For the full library, see SAP HANA Academy Library – by the SAP HANA Academy.
For the full list of blogs, see Blog Posts – by the SAP HANA Academy.
- Subscribe to our YouTube channel for updates
- Join us on LinkedIn: linkedin.com/in/saphanaacademy
- Follow us on Twitter: @saphanaacademy
- Facebook: @saphanaacademy
Hi Denys,
unfortunately the documentation link Managing Server-Side Data Encryption. Can you please update the link. The only pointer I've found regarding encryption was in the Feature Scope Description for SAP Cloud Platform, SAP HANA Service.
But as SAP HANA Cloud is the way to go can you share some light how encryption is handled there?
Best regards
Gregor
Thanks Gregor,
Updated the URL to point to the LATEST version; I have been informed these URLs remain alive.
Server-side encryption falls under SAP's responsability and is activated for data, log, and backup.
At the time, I recorded some video about the delta on-premises versus cloud (versus service) but never got around the security aspects before other priorities surfaced...