Recently, we had a case in which a set of SAP portal that are external facing, hence placed in DMZ, required to have one of the server, SAP2, to access a shared folder on another server, SAP1.
We had trashed it out with the SAP documentation and the implementation team, but it seems like SAP only have documents pertaining to campus usage. There are no documentation describing how you can secure SAP within a DMZ and it insists that SAP only works if you have file sharing enabled. There are no other more secure mechanism as a alternative to SMB. This is just plain lazy design, if you ask me. Read the rest of this entry »