Would you like to have your incidents resolved quicker? Set up remote access so that support can quickly diagnose and solve incidents you report, without needing to be at your desk or on the phone. This is especially helpful when dealing with different time zones.
In addition to solving your incidents faster, setting up a remote connection between your company and SAP will also allow you to receive services, such as Early Watch, and Continuous Quality Checks, that you may be entitled to through the Support Programs your company has purchased.
If you want to gain more insight on how remote connectivity works at SAP, please have a look at our Remote Connectivity Infrastructure document.
SAProuter is a software application that provides a remote connection between a customer's network and SAP. This remote connection enables secure unattended root cause analysis of incidents and secure delivery of SAP support services.
GoToAssist is a web-based remote-support technology that enables SAP support professionals to analyze and resolve technical issues online using screen sharing, mouse and keyboard control and other tools.
Recommendations for the use of cryptographic mechanisms in the IPsec and IKE protocols (SAP Note 2800846)
The German Federal Office for Information Security (BSI) has released a technical guideline regarding cryptographic mechanisms which consists of recommendations regarding key lengths and other parameters for the use of Internet Protocol Security (IPsec) and Internet Key Exchange (IKEv2).
IKEv2 has many advantages, to name a few: IKEv2 provides better network attack resilience, increases interoperability between different VPN products, has less overhead, reduces SA delay and has faster rekey time.
Please refer to the BSI website for the IKEv2 technical guideline:
Based on the technical guideline, SAP plans to support our customers in making a timely transition within the coming months by utilizing IKEv2-based connectivity. We have therefore already started migrating customers' IPsec connections to IKEv2 in late 2018. In addition, SAP has further updated the Remote Connection Data Sheet (SAP Note 28976) based on the latest information from major VPN vendors and security researchers regarding IKEv2 parameterization.
Further Information can also be found in the SAP Trust Center document called “Recommendations for the use of cryptographic mechanisms in the IPsec and IKE protocols“.
SAP recommends customers to open an incident on component XX-SER-NET-SHA2, whenever customer is ready to plan and/or start the project with the help of the related SAP teams. This will allow SAP to do a proper resource planning and capacity assignment for transition projects. Customers can also get additional information as well as migration support via this component.
To mitigate any potential risk for its customer SAP will start in October, 2021 to automatically deactivate IKEv1-based connections. SAP will only touch such connections which have been identified by SAP network monitoring as inactive for a longer period of time.
In the rare event, that such connections needs to be reactivated, SAP offers the possibility to open a reactivation request on the incident component XX-SER-NET-SHA2. The request requires justification reason for reactivation, SAP will validate the reason before taking any action. Additional information could be found in SAP Note 3069083.