SAP Single Sign On

SAP Single Sign On is a security product from SAP that allows users to have secure access to SAP and non-SAP applications with a single password. This is intended to increase company security and efficiency by providing access to applications on all systems.

According to SAP, SAP Single Sign On provides benefits in security, reducing costs and IT efficiency. Which will strengthen corporate security by using advanced authentication and encryption technology, and all passwords are stored in one centralized and protected storage area. Costs can be reduced by limiting the number of password-related calls that have to be handled by help desks, and by minimizing manual authentication and password resetting. IT efficiency can be improved because there is no need to provide, protect, or reset passwords or manage password policies on various systems.

According to the vendor, SAP Single Sign On works for SAP and non-SAP applications. It was developed by Secude, SAP's technology partner, and was acquired by SAP in 2011. It is based on standard security technologies, including Kerberos, X.509 digital certificates, and SAML (Security Assertion Markup Language).

The security features of Single Sign On SAP include:
Integration by implementing existing public key infrastructure (PKI), allows the use of a single PKI if the company already has a previous one;

Automatic certificate availability cycle management for SAP NetWeaver Application Server for ABAP, which can reduce manual certificate renewal efforts, prevent downtime and limit human errors in certificate renewal;

Secure Login Server that allows several ways to provision X.509 certificates for mobile devices;

An encryption-only mode that allows network encryption for SNC protocols that communicate with other SAP systems even when a user's specific security token is not available or has not been configured;

Secure Client Web Login allows business processes to run via the browser, either on prem or in the cloud; and

Supports "Perfect Forward Secrecy" for SNC Communication, which reduces the risk of "compromised keys" that hackers normally use to decrypt data from previously recorded sessions.

SAP Single Sign On is available under license and can be downloaded from the SAP Support Portal.

OPENSHIFT VS CLOUD FOUNDRY

There are currently OpenShift and Cloud Foundry which have the same basis as the PaaS platform. OpenShift is a system developed by RedHart, while Cloud Foundry by VMWare. To help you make the right choice, Datacomm Cloud Business will provide a brief comparison of the two systems.

PaaS vs Container ecosystem

OpenShift and Cloud Foundry emerged when cloud service providers began providing services in the form of cloud infrastructure and platform or software as a service (PaaS). Both are open source and focus on container technology as a container to accommodate applications that are developed, especially those classified as PaaS.

Cloud Foundry has a way of working with containers and container technology as part of a series of large and complex systems. Cloud Foundry is termed a development environment, with reference to the predefined PaaS application framework. Users can host Cloud Foundry in their chosen environment, Cloud Foundry also has its own orchestrator, Diego. While OpenShift has GearD as its orchestrator. Now Openshift is no longer a PaaS, but is shifting OpenSHift to a common platform that can be used to develop all applications based on containers and Kubernetes.

ARCHITECTURE

At the architecture level, all users who use Cloud Foundry are required to develop systems that are in accordance with the platform used. Because the framework of Cloud Foundry is tested, users can deploy applications using Kubernetes. While OpenShift is used by the developer team to deploy applications that have been written in their respective environments.

INTEGRATION

Each company will not necessarily move the entire system used to the cloud, therefore it is needed an integration between applications that are in the cloud with those that are on corporate premise. Cloud Foundry supports monitoring and management, hybrid and multi-cloud, and service work-flow management. But all of these tools cannot be integrated automatically, because all PaaS elements are stateless, requiring harmonization with applications developed with the test. Applications developed in the OpenShift ecosystem tend to be more easily integrated with one another, because the existing ecosystem is able to "embrace" almost all existing applications. That is because OpenShift is a Kubernetes ecosystem, so it is possible to carry out container deployment, monitoring and management, service discovery and security, and workflow management.

FRONT-END APP DEVELOPMENT

It is not uncommon for companies to make front-end separately from the application development process. Cloud Foundry relies on stateless deployment, where stateless is one of the best models for cloud-native application front-end deployment. Infrastructure virtualization can harmonize the development between public cloud and data center resources, thus making Cloud Foundry can be placed in a portable hosting environment. While Openshift does not have support for front-end cloud development, but does not limit the choice of users in choosing a development model or platform tools.

OUTLOOK AND EVOLUTION VENDORS

Pivotal, which initially strongly supported the development of Cloud Foundry, is now acquired by VMware. So the future development is very questionable, whether Cloud Foundry will be incorporated in vSphere or not. Red Hat, which was acquired by IBM, has the popular BlueMix framework application, which also includes Cloud Foundry. Red Hat itself is one of the largest open source providers.

SAP HANA Studio Trace Configuration

This page introduces the various system traces available with SAP HANA which can be used to collect diagnostic information.

SAP HANA Studio Trace Configuration  

SAP HANA Studio provides a graphical user interface for enabling and configuring a number of the most common and important traces.

To access the trace configuration in SAP HANA Studio, open the HANA System in the SAP HANA Administration Console  Perspective and click onto the Trace Configuration tab.

 

Prerequisites

To configure traces, you must have the system privilege TRACE ADMIN. To configure the kernel profiler, you must have the SAP_INTERNAL_HANA_SUPPORT standard role.

The table below shows the list of traces which can be configured from within SAP HANA Studio, their default status and the primary distinguishing purpose of that trace.

Available Traces

Trace	Default Status	Purpose	Related Content
Database Trace	Active	The database trace records information about activity in the components of the SAP HANA database. You can use this information to analyze performance and to diagnose and debug errors. <more>
SQL Trace	Inactive	The SQL trace collects information about all executed SQL statements and saves it in a trace file for further analysis. It is inactive by default. Information collected includes overall execution time of each statement, the number of records affected, potential errors (for example, unique constraint violations) that were reported, the database connection being used, and so on. <more>	HANA Academy - Using SQL Tracing in SAP HANA Studio SAP HANA Academy - Administration: Using SQL Trace
User-Specific Trace	Inactive	The user specific trace is used to trace activity through the available components (i.e. IndexServer, NameServer) for a specific application or database user.
Performance Trace	Inactive	The performance trace is a performance tracing tool built into the SAP HANA database. It records performance indicators for individual query processing steps in the database kernel. It is inactive by default. Information collected includes the processing time required in a particular step, the data size read and written, network communication, and information specific to the operator or processing-step-specific (for example, number of records used as input and output). <more>	How to use HDBAdmin to analyze performance traces in SAP HANA
End-To-End Traces	Inactive	The predefined end-to-end traces are used by applications to trace activity through all the available trace components. i.e. IndexServer, NameServer
Expensive Statements Trace	Inactive	Expensive statements are individual SQL statements whose execution time exceeded a configured threshold. <more>	SAP HANA Academy - Using the Expensive Statements Trace
Kernel Profiler	Inactive	The kernel profiler is a sampling profiler built into the SAP HANA database. It can be used to analyze performance issues with systems on which third-party software cannot be installed, or parts of the database that are not accessible by the performance trace. <more> Caution To be able to use the kernel profile, you must have the SAP_INTERNAL_HANA_SUPPORT role. This role is intended only for SAP HANA development support.

Locating the Trace/Diagnostic Files

Diagnosis files include log and trace files, as well as a mixture of other diagnosis, error, and information files. In the event of problems with the SAP HANA database, you can check these diagnosis files for errors.

You can access diagnosis files on the Diagnosis Files tab of the Administration editor.

 

To access the files from the operating system level, they are stored at the following default location: /usr/sap/<SID>/HDB<instance>/<host>/trace.

Get to know SAP S/4HANA and SAP S/4HANA Cloud

SAP S/4HANA  is a series of ERP businesses that are based on a database in SAP HANA memory that allows companies to conduct transactions and analyze business data in real-time.

SAP released S/4HANA  in February 2015. S/4HANA  aims to provide ease of use and management, as well as help solve more complex problems and handle a much larger amount of data than its predecessor. It is available in on premise, cloud, and hybrid with SAP strongly encouraging its customers towards cloud options.

History of S/4HANA  and the difference between HANA and S/4HANA

SAP S/4HANA  is short for SAP Business Suite 4 SAP HANA, which means that this is the fourth version of SAP Business Suite, but is designed to run only on SAP HANA. S/4HANA  comes from SAP HANA, a database in memory that was released in 2011. SAP HANA makes it possible to process large-capacity operational and transactional business data in real time. In 2013, SAP launched the SAP Business Suite at HANA, an HANA-based ERP system that includes modules for CRM, SRM, PLM and SCM. The suite on HANA is basically a front end SAP ERP business application that runs on a database in HANA memory.

SAP S/4HANA  needs to rethink the concept of database and rewrite 400 million lines of code. According to SAP, these changes make the ERP system easier to understand and use and faster for developers. SAP sees S/4HANA  as an opportunity for businesses to rediscover business models and generate new revenue by utilizing the internet from various things and Big Data by connecting people, devices, and business networks.

Also, because S/4HANA  does not require batch processing, businesses can simplify their processes and direct them in real time. This means that business users can get information about data from anywhere in real time for planning, implementing, predicting and simulating, according to SAP.

S/4HANA  and SAP Fiori UX

One of the keys to S/4HANA  is that it uses SAP Fiori UI rather than the traditional SAP GUI. SAP Fiori is a collection of commonly used S/4HANA  functions displayed in simple tile designs that are ready for consumer use and that can be accessed on a variety of devices, including desktops, tablets, and mobile devices.

S/4HANA  Module

One of the main components of S/4HANA  is SAP Finance (formerly Simple Finance) which aims to streamline financial processes and enable real-time analysis of financial data. SAP Finance helps companies adapt their financial and non-financial data into what SAP calls a source of truth. Some Business Suite users use SAP Finance as a first step towards S/4HANA . SAP has added more modules and functionality for the next release, such as:

S/4HANA  1511 - released November 2015 - which introduces a logistics module called Materials Management and Operations (MMO).

S/4HANA  1610 - released in October 2016 - which includes modules for supply chain management, including Advanced Available-to-Promise (aATP); Inventory Management (IM); Material Requirements Planning (MRP); Extended Warehouse Management (EWM); and Environment, Health and Safety (EHS).

In January 2018, SAP announced S/4HANA  HCM, an alternative on-premise Human Capital Management (HCM) application for SAP SuccessFactors, the company's HCM SaaS application. SAP describes S/4HANA  HCM as a companion application that runs side by side or integrated with S/4HANA , but is not a module that is included. S/4HANA  HCM will be available in 2023 and will be supported by at least 2030, according to SAP.

s4hana sap

SAP S/4HANA  Cloud

In March 2017, SAP released S/4HANA  Cloud, a cloud-based version of S/4HANA . S/4HANA  Cloud is best suited for organizations with 1,500 or more employees who might want to run a two-tier ERP system, where corporate entities run a complete business chain such as SAP ERP Central Component or S/4HANA  on-premise and implement S/4HANA  Cloud at the level division or subsidiary.

HANA S / 4 Cloud includes new generation technologies such as machine learning through a tool called SAP Clea, and a conversational digital assistant bot called CoPilot.

S/4HANA  Cloud is a SaaS application with a new edition released every quarter. The naming follows the local model year and month of release, so SAP S/4HANA  Cloud 1709 was released in September 2017.

SAP S/4HANA  embedded analytics

S/4HANA  includes embedded analytics that allow users to carry out analytics in real-time on direct transactional data. This is done through Virtual Data Models, prebuilt models, and reports based on the SAP HANA Core Data Services that analyze HANA operational data without requiring a data warehouse. Analytic functions are equipped with S/4HANA  software and do not require a separate installation or license.

SAP S/4HANA  Cloud

SAP S/4HANA  Cloud is the SaaS version of SAP S/4HANA  ERP, a series of integrated business applications. SAP S/4HANA  Cloud was launched in February 2017. According to SAP, the aim is to provide a "Next Generation Intelligent ERP" system that enables companies to achieve digital transformation. SAP S/4HANA  Cloud is built on SAP HANA and utilizes processing in HANA memory and data accessibility in real-time, but makes it available in the SaaS model.

Implementing SaaS means users can access all S/4HANA  functionality without committing resources to hardware, databases, or IT staff. S/4HANA  Cloud includes technology that can help bring "intelligence" into ERP applications, including machine learning, virtual and augmented reality, blockchain, and technology that supports sound. The main functions of the S/4HANA  Cloud include finance, procurement, sales, professional services and manufacturing.

The three pillars of smart S/4HANA Cloud ERP

SAP S/4HANA Cloud includes three technologies that form the foundation of intelligent ERP, according to SAP:

Digital Assistant. SAP S/4HANA Cloud uses SAP CoPilot, a digital conversation assistant (or virtual assistant) for companies that allows users to interact with ERP applications and functions. SAP CoPilot uses contextual data about users and the tasks they perform to provide information relevant to that task.

Machine Learning. SAP S/4HANA Cloud includes technology that automates repeated actions or tasks, which can be repeated and error-prone when done manually, and learn how to do it more efficiently.

Predictive Analytics. S/4HANA Cloud has included analytics that can help predict the outcome of actions. Analysis tools can be configured for user needs and can be developed into applications, such as inventory management applications that can predict when stock will arrive or sales quotation applications that allow sales managers to determine the probability of converting sales quotas.

Implement, configure and run SAP S/4HANA Cloud

SAP S/4HANA Cloud is available as SaaS with various subscription options from SAP, which owns and operates the platform. This is intended to reduce implementation time, costs and risks. SAP handles all back-end management, including upgrading, security and governance. All users generally need to do is integrate their data, then turn on the processes they need and turn off what they don't need.

SAP S/4HANA The cloud version is scheduled to be updated quarterly, according to SAP. Users access SAP S/4HANA Cloud from a web browser, and all business applications are launched from SAP Fiori Launchpad. To access it, users only need an internet connection, URL and access rights.

Benefits of SAP S/4HANA Cloud

SAP identifies five ways companies can benefit from implementing S/4HANA Cloud, including faster ROI, increased business agility, lower total cost of ownership, better governance, and smarter ERP that increases efficiency.

As a series of next generation cloud ERP business suites, S/4HANA Cloud prepares businesses for the digital future. This is expected to be able to integrate business processes, be able to turn real-time data into actions and increase employee productivity, thus enabling companies to change existing business processes and develop new things.

Configuring Single Sign-On for the SAP HANA Cockpit

This guide provides detailed instructions on how to set up Single Sign-On user authentication for a resource through the cockpit. Enabling Single Sign-On allows a a cockpit user to log on to a resource without being prompted for database user credentials.

Note that SSO is only possible for the following SAP HANA monitored resources:

• SAP HANA 1.0 SPS 12 revision 14 or later
• SAP HANA 2.0 SPS 01 or later

Enabling Single Sign-On

Prerequisites

1. You already have a database user with the CATALOG READ, TRUST ADMIN, CERTIFICATE ADMIN, and USER ADMIN privileges granted to it. 
   • • In this guide, the username for the example database user is "SSO_USER". You can choose a different username if desired. 
     • To assign the necessary system privileges to an existing user, you can execute the following SQL statements:
       • • GRANT TRUST ADMIN TO TESTUSER; 
         • GRANT CERTIFICATE ADMIN TO TESTUSER;
         • GRANT USER ADMIN TO TESTUSER;
         • GRANT CATALOG READ TO TESTUSER;
     • Alternatively, you can also use the UI to assign system privileges to a role, and then assign the role to multiple users. For detailed instructions on how to create a new role through the UI, please refer to the appendix in The SAP HANA Cockpit Security Model
       
2. You already have a cockpit user with the Cockpit User Role role assigned to it. 
   • • • In this guide, the username for the example database user is "COCKPIT_USER". You can choose a different username if desired. 
     • For a detailed guide of how to create a cockpit user, please refer to the Creating a New Cockpit User section in The SAP HANA Cockpit Security Model article.
       
3. You already have a database user with the USER ADMIN system privilege 
   • • The username for this user is irrelevant to the two other users in prerequisite #1 and prerequisite #2. 
     • In this guide, this username for this database user is "USER_ADMIN". You can choose a different username if desired. 

Procedure

Step 1) From the Cockpit Manager home page, click on Registered Resources tab to see your list of registered resources.

Step 2) Select the resource you want to enable SSO for and click the Edit button to edit the details.

• • • Note: SSO can only be setup with a previously registered resource.
      
      • • If you want to setup SSO for a resource you have not previously registered in the cockpit, simply register the resource first, and then click edit after. It is currently not possible to enable SSO during the initial registration of a resource.

Step 3) Enable SSO by clicking the Yes radio button and entering the credentials of a user with the CATALOG READ, TRUST ADMIN, CERTIFICATE ADMIN, and USER ADMIN privileges granted to it. 

Step 4) Click the Save button to save you changes. Exit the Cockpit Manager and navigate to the cockpit.

Step 5) Login to the database as a user with the USER ADMIN system privilege assigned to it (in this example, it is USER_ADMIN),

Step 6) On the Overview page, click the Manage Users link, and select the user from prerequisite #1 (In this example, it is the SSO_USER)

Step 7) To set the JWT mappings, check the checkbox beside "JWT - You must add at least one identity provider" and then click the Add JWT Identity button. Choose one from the Identity Provider drop-down (it's either XSA_APPLICATIONUSER or starts with the name "XS_JWT_XSA_") and turn the Automatic Mapping by Provider off.

Finally, enter the username of the existing cockpit user from prerequisite #2 in the External Identity and click the Save button. 

Step 8)  Log out of cockpit and login as the cockpit user from prerequisite #2. 

Step 9) Go to resources directory and click Choose Authentication. Ensure that the Log on via single sign on radio button is enabled and click Ok. 

Step 10) Click on the resource name to log in. Notice how you are logged into the database as the the user from prerequisite #1 without any prompt for credentials. 

Enforcing Single Sign-On

Enforcing Single Sign-On for a resource removes the option of allowing users to choose between logging on with SSO or logging on with the credentials of a different database user. Instead, users will only be able to log in to a database with SSO. 

Prerequisites

SSO is already enabled for your resource and you have already completed all the steps in the above section. Do NOT enforce SSO until after you have set the JWT mappings for your database user.

Procedure

Step 1) Log into your Cockpit Manager and from the home page, click on the Registered Resources tab. Select the resource you want to enforce SSO  and click the Edit button in the Resource details page. Select the Yes radio button for the Enforce SSO option. 

Step 2) Enter the credentials of the same user that you used to enable SSO. Click the OK button when you are done. 

Step 3) Exit the Cockpit Manager and log in to the cockpit.

Click on the Resources Directory link to see a list of resources that you have access to. Notice that the resource that you enforced SSO for now says "SSO enforced" in the Credentials column. You can now only access the database if you are the cockpit user from prerequisite #2. 

THE FORECASTING METHOD

In the business world predict an event commonly called forecasting. Forecasting itself is a method for managing and controlling production in business. In addition, this method can also be used in assessing the effect of a policy in a company that is determined on the company's future. Generally, the marketing department is the part that most often does forecasting. Based on forecasting carried out by the marketing department, it can determine the number of products to be produced. That way the company can finally reduce expenses by producing the amount of production in accordance with customer demand. Broadly speaking, forecasting is divided into two types, namely qualitative forecasting and quantitative forecasting methods. Quantitative forecasting method involves mathematical calculations while for quality forecasting in the form of an analytical descriptive description.

Quantitative Forecasting Method

There are several quantitative forecasting methods used, namely:

1. Time Series

The time series method is a forecasting method that connects the relationship between the dependent variable (the variable sought) with the independent variable or the variable that affects it then is related to time, weekly, month or year. So in the time series method, the variable sought is time. To use

2. Method of Kasuality (Cause and Effect)

This method is based on the relationship between the estimated variables with other variables that affect it. However, the variable used is not in the form of time. To do forecasting with this method can use the regression method.

Then for qualitative forecasting methods there are several methods used, namely:

1. Market Survey

The method through market survey is done by seeking the opinions of consumers who influence the purchase plan during the survey period. Surveys can be conducted in various ways such as by distributing questionnaires, direct interviews or telephone so that the data obtained is primary data.

2. Jury and Executive Opinion

This method is to solicit opinions from a small group consisting of marketing managers, production managers, engineering managers, financial managers and logistics managers. Then based on the opinion results of the group the results will be combined into a statistical model.

3. Delphi Method

This method is almost similar to the market survey method, but to do this method what needs to be done is to spread the questionnaire. The results of the questionnaire will then be given to professionals for forecasting.

Some of the methods above are methods that can be used when doing forecasting. When you want the company to progress, it is very important for you to do forecasting, both forecasting is used to plan and monitor your business.

DISTANCE INTERNAL AUDIT SERVICE AWAY WHEN COVID

The spread of the COVID-19 pandemic in all parts of the world is currently forcing everyone to keep their distance to prevent the virus from being transmitted massively. Besides the many victims who died as a result of COVID-19, the other domino effect of the COVID-19 pandemic is the increasingly sluggish economy and business, mass layoffs occur in all parts of the world, millions of people lost their jobs due to COVID-19. Some companies have also implemented work-at-home policies to anticipate the spread of COVID-19.

Then related to the work of internal auditors, how do you respond to this work from home activity? can it be applied? How effective and efficient is it even if it can be applied?

Answering these questions certainly requires a comprehensive understanding of the duties and functions and positions of the internal auditor.

The first relates to internal auditors, internal auditors are auditors under management whose job is to conduct an operational audit of the company, so that the company's operations run according to rules, procedures and are achieved effectively and efficiently, the results of the internal auditor's audit results are used by top management to determine the right decision for the company.

In the condition of work form home, some internal auditor works like this can be done remotely, including examining procedures at the company or other examinations that are administrative in nature, where the auditor will focus on the evidence in the form of documents , because with the current development internal auditors can ask for physical evidence which is then digitized in the form of softcopy files.

Unlike the work of auditors who have to apply physical inspection procedures for goods, for example, stock taking of goods, then also evaluation of services, so for the time being working remotely is still not appropriate.

Then talk about effectiveness, in the process of working long distances the auditor only checks and evaluates evidence in the form of softcopy submitted by the auditee, which is considered to be so ineffective, why is that? because with the growing development of the field of information technology at this time it is not impossible that documents in the form of softcopy can be manipulated or engineered by the auditee.

For efficiency, of course, if the long-distance internal audit service is more efficient, you can imagine how much money can be cut by conducting a remote audit. The cost reduction includes the costs of official travel, such as transportation costs, examination allowances, and then the cost of meals.

From some of the things described above with consideration of the conditions in the midst of the pandemic COVID-19, the option to conduct long-distance internal audits can certainly be considered by management, but of course to maintain the quality of the services of the linternal auditor must also really carry out additional procedures that would need to be applied to the remote audit process.

MANAGEMENT CONTROL SYSTEM AND ITS RELATIONSHIP WITH INTERNAL CONTROL

Management Control System and its Relationship with Internal ControlManagement Control System or MCS is a collection of tools used in organizations and implemented in a coordinated manner (Efferin and Soeherman, 2010). MCS itself consists of 3 important parts namely:

1. Management
2. Control
3. System 

1. Management

Management according to The Liang Gie is an element which is a series of acts of moving employees and directing all work facilities so that the objectives of the organization concerned are actually achieved, Management has 3 basic functions namely:

• Planning

At the planning stage, managers have the task to formulate plans for the company both financially and operationally planning.

• Actuating

Actuating is the stage where all resources (human) endeavor to realize the plan by carrying out the tasks that have been given previously.

• Controlling

Control is the process of ensuring that all activities carried out are in accordance with established plans and when deviations occur can be immediately addressed.

1. Control

Activity monitor to ensure an activity goes according to plan.

• System

System is a series of processes of elements that work together to achieve a goal.

The system can be divided into two namely: Artificial & Natural

Elements in MCS :

In its implementation, MCS is closely related to humans. Human performance is one of the determinants of MCS success in the structural world. As for some of the main problems that occur to humans in carrying out their duties, namely:

• Lack of Direction : Staff do not understand the direction / goals / goals of the company
• Lack of Motivation à Staff lack the incentive to do their jobs
• Personal Limitation à Limitations of expertise

Internal Control is a process designed to achieve internal goals

• Effectiveness and efficiency of operations
• Reliable financial reporting
• Compliance with laws and applicable regulations

Components in Internal Control:

• Control environment
• Risk control
• Control activities
• Information and communication

The relationship between internal control and MCS occurs when there is interaction between humans and the work given. This is very closely related to the Fraud triangle:

Fraud is a fraudulent act aimed at obtaining profits for the individual. To avoid any cheating that might occur, therefore an internal control is needed that can be manifested in the Management Control System.