{"id":63224,"date":"2026-03-31T18:32:00","date_gmt":"2026-03-31T16:32:00","guid":{"rendered":"https:\/\/xiting.com\/?post_type=sap-knowledge&#038;p=63224"},"modified":"2026-06-12T11:30:39","modified_gmt":"2026-06-12T09:30:39","slug":"cloud-connector","status":"publish","type":"sap-knowledge","link":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/","title":{"rendered":"Securing Hybrid Landscapes with the SAP Cloud Connector"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"63224\" class=\"elementor elementor-63224 elementor-62842\" data-elementor-post-type=\"sap-knowledge\">\n\t\t\t\t<div class=\"elementor-element elementor-element-42cd9ac9 e-flex e-con-boxed e-con e-parent\" data-id=\"42cd9ac9\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t<div class=\"elementor-element elementor-element-63a61d4c elementor-hidden-mobile e-flex e-con-boxed e-con e-child\" data-id=\"63a61d4c\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-712f4e73 elementor-widget-mobile__width-initial elementor-widget elementor-widget-button\" data-id=\"712f4e73\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-xs\" href=\"https:\/\/xiting.com\/en\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-home\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-42162add elementor-widget elementor-widget-text-editor\" data-id=\"42162add\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\/<\/p>\n<p><\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7c1ac619 elementor-widget-mobile__width-initial elementor-widget elementor-widget-button\" data-id=\"7c1ac619\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-xs\" href=\"https:\/\/xiting.com\/en\/sap-knowledge\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">SAP Knowledge<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-50e4d1e4 elementor-widget elementor-widget-text-editor\" data-id=\"50e4d1e4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\/<\/p>\n<p><\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1f0b031a elementor-widget-mobile__width-initial elementor-widget elementor-widget-button\" data-id=\"1f0b031a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-xs\" href=\"https:\/\/xiting.com\/en\/sap-knowledge\/identity-and-access-management-iam-in-sap\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Identity &amp; Access Management<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7af8bc46 elementor-widget elementor-widget-text-editor\" data-id=\"7af8bc46\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\/<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1172fecd elementor-widget-mobile__width-initial elementor-widget elementor-widget-button\" data-id=\"1172fecd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-xs\" href=\"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">SAP S\/4HANA<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-553ca9d5 elementor-widget elementor-widget-text-editor\" data-id=\"553ca9d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\/<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6d894b76 elementor-widget-mobile__width-initial elementor-widget elementor-widget-button\" data-id=\"6d894b76\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-size-xs\" role=\"button\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">SAP Cloud Connector<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-78aa14b9 animated-fast e-flex e-con-boxed elementor-invisible e-con e-parent\" data-id=\"78aa14b9\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;animation&quot;:&quot;fadeInUp&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-69bc293e elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"69bc293e\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Securing Hybrid Landscapes with the SAP Cloud Connector<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-4994b807 e-con-full e-flex e-con e-child\" data-id=\"4994b807\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7098fad8 elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"7098fad8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-calendar-alt\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">March 31, 2026<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2b4a7583 elementor-widget__width-auto elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"2b4a7583\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-equals\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">SAP Cloud<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1463a1a7 elementor-widget__width-auto elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"1463a1a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-user\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Carsten Olt<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3e220f8d e-con-full e-flex e-con e-child\" data-id=\"3e220f8d\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7ca7c04d elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"7ca7c04d\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"elementor-heading-title elementor-size-default\">A 2026 Perspective<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-187af190 elementor-widget elementor-widget-text-editor\" data-id=\"187af190\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>How today\u2019s enterprises must evolve their hybrid connectivity, avoid technical user risks, and embrace next-gen operations<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7e5e870d elementor-widget elementor-widget-text-editor\" data-id=\"7e5e870d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"auto\">In an era of hybrid cloud adoption, enterprises rely on robust connectivity bridges between cloud platforms and on-prem systems. The <strong>SAP Cloud Connector (SCC)<\/strong>\u00a0remains\u00a0a cornerstone of this architecture, enabling secure, controlled access from the <a href=\"https:\/\/xiting.com\/en\/identity-and-access-management\/btp-security-id-lifecycle-management\/\"><strong>SAP Business Technology Platform (BTP)<\/strong><\/a> to backend landscapes such as <strong><a href=\"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/\">SAP S\/4HANA<\/a><\/strong>, BW\/4HANA, or other internal services.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p><span data-contrast=\"auto\">However, many organizations\u00a0operate\u00a0with older architectures, under-configured instances, or outdated practices that expose them to avoidable risks. Drawing on recent audit findings, upgrade requirements, and security best practices, this article delivers a current (2026) perspective of SCC operations &#8211;\u00a0what\u2019s\u00a0new, what\u00a0remains\u00a0critical, and how to\u00a0establish\u00a0a sustainable foundation for the years ahead.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e8d938d e-con-full e-flex e-con e-child\" data-id=\"e8d938d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5c9e6b8e elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"5c9e6b8e\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">SAP Cloud Connector: The essential at a glance<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4e830b06 elementor-widget elementor-widget-text-editor\" data-id=\"4e830b06\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2192 The SAP Cloud Connector (SCC) securely links your on\u2011premise systems with the SAP Business Technology Platform (BTP) in the cloud.<\/p><p>\u2192 Principal Propagation replaces technical users with real end\u2011user identities, ensuring end\u2011to\u2011end traceability and preventing over\u2011privileged system accounts.<\/p><p>\u2192 Enforce strict access control: expose only the resources that are truly required, and rely on targeted allowlists instead of broad, unrestricted access.<\/p><p>\u2192 Use separate signed certificates for UI and system communication, choose strong algorithms (RSA 4096 \/ ECDSA), and proactively monitor certificate expiration dates.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3db52f1f hs-popup-btn elementor-widget elementor-widget-button\" data-id=\"3db52f1f\" data-element_type=\"widget\" data-e-type=\"widget\" data-portal=\"25088517\" data-form=\"ff252bfb-c4f8-4db5-8993-e6ecb87579a0\" data-region=\"eu1\" data-title=\"Kontaktieren Sie unsere Experten.\" data-success-close=\"1500\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-size-sm\" role=\"button\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Contact our experts now!<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5cc2275a elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"5cc2275a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What is the SAP Cloud Connector?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-24c1e315 elementor-widget elementor-widget-text-editor\" data-id=\"24c1e315\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"auto\">The SAP Cloud Connectivity service and the SAP Cloud Connector (SCC) are essential components when implementing hybrid architectures. If an application or service running on SAP BTP needs to access data from an on-prem backend system (e.g., S\/4HANA, BW, or HANA), the Cloud Connector is the go-to tool.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p><span data-contrast=\"auto\">Technically, the SCC is a small on-prem software agent that acts as a reverse-invoke proxy. Once paired with a BTP subaccount, it opens a secure tunnel to the cloud &#8211; without requiring inbound\u00a0firewall\u00a0rules and without exposing backend systems to the internet. A single SCC instance can even be linked to multiple subaccounts.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p><span data-contrast=\"auto\">It provides fine-grained <strong><a href=\"https:\/\/xiting.com\/en\/governance-risk-compliance\/connectors-for-sap-access-control-grc\/\">access control<\/a><\/strong>, role-based access via LDAP, and comprehensive audit logging. Furthermore, it enables integration of internal endpoints such as BAPIs, RFCs, and OData services by using BTP Destinations.<\/span>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-182aed2b elementor-widget elementor-widget-image\" data-id=\"182aed2b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"850\" height=\"462\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2026\/03\/what-is-the-sap-cloud-connector_xiting.png\" class=\"attachment-full size-full wp-image-59751\" alt=\"Diagram showing the architecture of SAP Business Technology Platform with a cloud app connecting through Destination &amp; Connectivity Services to an on\u2011premise SAP NetWeaver system via a secure tunnel through SAP Cloud Connector.\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2026\/03\/what-is-the-sap-cloud-connector_xiting.png 850w, https:\/\/xiting.com\/wp-content\/uploads\/2026\/03\/what-is-the-sap-cloud-connector_xiting-300x163.png 300w, https:\/\/xiting.com\/wp-content\/uploads\/2026\/03\/what-is-the-sap-cloud-connector_xiting-768x417.png 768w\" sizes=\"(max-width: 850px) 100vw, 850px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Figure 1: SAP BTP &amp; Cloud Connector Architecture<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-480edcc5 e-grid e-con-full e-con e-child\" data-id=\"480edcc5\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6efab01f elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"6efab01f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: #cd1316;\"><strong>Note!<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-797250fa e-con-full e-flex e-con e-child\" data-id=\"797250fa\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-69dc18c elementor-icon-list--layout-inline elementor-align-start elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"69dc18c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items elementor-inline-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-inline-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-exclamation-triangle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Destinations are central configuration artifacts within SAP BTP that define connection parameters (URLs, virtual hosts, authentication types) and can be reused across multiple applications.\u00a0<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-639b56de elementor-widget elementor-widget-text-editor\" data-id=\"639b56de\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"auto\">Finally, SCC also supports <a href=\"https:\/\/xiting.com\/en\/identity-and-access-management\/single-sign-on\/\"><strong>Single Sign-On (SSO)<\/strong> <\/a>by generating short-lived X.509 certificates to propagate user identities from the cloud to the on-prem system &#8211; a mechanism known as <strong>Principal Propagation<\/strong>.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-11baf810 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"11baf810\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Why the SAP Cloud Connector still matters <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-375cebe9 elementor-widget elementor-widget-text-editor\" data-id=\"375cebe9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In hybrid SAP landscapes, the Cloud Connector occupies a unique position:<\/p><ul><li>It acts as a reverse-proxy and secure tunnel into the on-prem or private cloud network, so that cloud applications can access backend systems without direct exposure to the internet.<br \/><br \/><\/li><li>It bridges authentication and authorization contexts, supporting user-based and service-based access between BTP and on-prem landscapes.<br \/><br \/><\/li><li>It enables advanced patterns like principal propagation, single-sign-on bridging, and high availability.<br \/><br \/><\/li><li>From a security perspective, SCC sits at the frontline of hybrid connectivity &#8211; its configuration determines who and what can access internal systems, and how.<\/li><\/ul><p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-35f0f55e e-con-full e-flex e-con e-child\" data-id=\"35f0f55e\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a17bef9 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"a17bef9\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Did you know that? <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-82c9b88 elementor-widget elementor-widget-text-editor\" data-id=\"82c9b88\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Based on our security reviews at Xiting, <strong>more than 80%<\/strong> of customers operate SCC with outdated patches, incorrect TLS configurations, or inactive monitoring. Treating SCC as a \u201cset-and-forget\u201d component is no longer sustainable.<\/p><p>It must be maintained as an operational service: continuously patched, monitored, and governed like any critical part of the hybrid infrastructure.<\/p><p><b><span data-contrast=\"auto\">Quick Self-Check:<\/span><\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6286f3de elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"6286f3de\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">SCC host hardened, encrypted, dedicated\u00a0<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Clear segregation of duties between OS, SCC, and SAP admins\u00a0<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Keystores restricted and monitored\u00a0<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">STRUST trust store clean, no legacy CAs\u00a0<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Precise CERTRULE mappings\u00a0<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Audit logs centralized in SIEM\u00a0<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e033362 elementor-widget elementor-widget-text-editor\" data-id=\"2e033362\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>If three or more are \u201cNo\u201d,\u00a0it\u2019s\u00a0time for an SCC health check.\u00a0<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7040f9d5 hs-popup-btn elementor-widget elementor-widget-global elementor-global-59815 elementor-widget-button\" data-id=\"7040f9d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-portal=\"25088517\" data-form=\"ff252bfb-c4f8-4db5-8993-e6ecb87579a0\" data-region=\"eu1\" data-title=\"Kontaktieren Sie unsere Experten.\" data-success-close=\"1500\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"#elementor-action%3Aaction%3Dpopup%3Aopen%26settings%3DeyJpZCI6NTQ1NTksInRvZ2dsZSI6ZmFsc2V9\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Contact us now!<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-35e9b036 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"35e9b036\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Core Architecture and Functional Overview <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-211fdc29 elementor-widget elementor-widget-text-editor\" data-id=\"211fdc29\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Before we dive into the security\u2011related aspects, we\u2019ll first give you an overview of the SAP Cloud Connector\u2019s core architecture.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-73ba818 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"73ba818\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Typical Deployment Scenario <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7875474 elementor-widget elementor-widget-text-editor\" data-id=\"7875474\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"auto\">In a standard hybrid setup, the SCC is installed on-prem (or in a private cloud) and registered as a connector to one or multiple BTP subaccounts. It creates a secure outbound tunnel, enabling authorized cloud services to communicate with internal systems without inbound\u00a0firewall\u00a0openings.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p><strong>Key elements include:\u00a0<\/strong><\/p><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Registration of on-prem systems via virtual host and port mappings<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Secure TLS tunnel from on-prem to SAP BTP<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Use of BTP Destinations for applications to consume the connection<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Authentication and identity propagation<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">Optional redundancy via a Master\/Shadow Node setup for high availability<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-224f6d60 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"224f6d60\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Master-Shadow High Availability <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-660a2a61 elementor-widget elementor-widget-text-editor\" data-id=\"660a2a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"auto\">In productive environments, <strong>high availability (HA)<\/strong> is essential to avoid single points of failure.\u00a0<br \/><br \/>A Master Node actively manages subaccount connections, tunnels, and configurations.\u00a0<br \/><br \/>A Shadow Node runs in standby mode, continuously synchronizing configuration\u00a0data\u00a0and user context from the Master.\u00a0If the Master becomes unavailable, the Shadow takes over automatically.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p><span data-contrast=\"auto\">\u2192 This architecture ensures fault tolerance, seamless failover, and operational continuity &#8211; critical for productive SAP BTP scenarios.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6b3012eb elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"6b3012eb\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Security and Operations Checklist <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-618b0d04 elementor-widget elementor-widget-text-editor\" data-id=\"618b0d04\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW168775682 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW168775682 BCX8\">Over the past year, we have conducted multiple SCC security reviews across industries. Each environment tells its own story, but the recurring patterns are clear. <br \/><br \/><strong>The following checklist summarizes the most relevant controls.<\/strong><\/span><\/span><strong><span class=\"EOP SCXW168775682 BCX8\" data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3108e735 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"3108e735\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Hardening and Patch-Management<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-68566392 elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"68566392\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Keep SCC at a supported version, as of April 2026, version 2.19.x is the latest available release.  <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Since 2.18.x SAP introduced centralized trust-store management for LDAP and email, plus automated subaccount certificate renewal. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Regularly patch OS, Java runtime, and JVM - older JVMs often reject newer CA roots. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Configure SCC to use TLS 1.2 or 1.3 only, disable legacy ciphers, and enforce certificate validation. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Restrict administrative access to defined personnel, ideally using LDAP authentication. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Periodically review trust-stores and remove expired or unused certificates. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1fdfe4ee elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"1fdfe4ee\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Access Control &amp; Least Privilege <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-683bbb96 elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"683bbb96\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Define exactly which subaccounts can access which on-prem resources. Avoid wildcard mappings. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Use path mapping and host\/port restrictions for precise control. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Enforce IP-based allowlists for cloud access. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Log and review every destination access. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Separate dev\/test from production SCC instances. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-check\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">Regularly validate resource mappings and disable unused entries. <\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-22027db6 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"22027db6\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Identity &amp; Authentication <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2aa938e6 elementor-widget elementor-widget-text-editor\" data-id=\"2aa938e6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW70918954 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW70918954 BCX8\">LDAP integration replaces local admin accounts with centralized user governance, enforcing password complexity and policies.\u00a0<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-71421eb3 e-grid e-con-full e-con e-child\" data-id=\"71421eb3\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5d198705 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"5d198705\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: #cd1316;\"><strong>Note!<\/strong><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-64eb85 e-con-full e-flex e-con e-child\" data-id=\"64eb85\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3484c6aa elementor-icon-list--layout-inline elementor-align-start elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"3484c6aa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items elementor-inline-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-inline-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-exclamation-triangle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">While local accounts may\u00a0suffice for\u00a0small teams, enterprise-scale operations should adopt LDAP or SSO to ensure compliance and auditability.\u00a0<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-20c10b9 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"20c10b9\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Principal Propagation: Identity bridging done right <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-782ab0e6 elementor-widget elementor-widget-text-editor\" data-id=\"782ab0e6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW21920598 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW21920598 BCX8\">Principal Propagation allows an authenticated user in the cloud to be represented by the same identity in the on-prem system. It replaces technical users with <\/span><span class=\"NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW21920598 BCX8\">true<\/span><span class=\"NormalTextRun SCXW21920598 BCX8\">\u00a0end-user context.<\/span><\/span><span class=\"EOP SCXW21920598 BCX8\" data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6b320d94 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"6b320d94\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">How it works<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6e6b8029 elementor-widget elementor-widget-text-editor\" data-id=\"6e6b8029\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ol>\n<li><strong>User Login<\/strong> <br \/>A <strong><a href=\"https:\/\/xiting.com\/en\/sap-knowledge\/sap-user\/management-with-su01\/\">user<\/a><\/strong> signs in to an SAP BTP service (e.g., SAP Analytics Cloud) using their corporate identity provider such as Microsoft Entra ID.<br \/><br \/><\/li>\n<li><strong>Token Exchange<br \/><\/strong>After successful login, BTP issues a SAML or JWT token containing the user\u2019s attributes.<br \/><br \/><\/li>\n<li><strong>Certificate Generation<\/strong><br \/>The SCC converts this assertion into a short-lived X.509 certificate. This certificate contains minimal identifying information (e.g., CN = username or email) and serves purely as an identity token, not for TLS handshake.<br \/><br \/><\/li>\n<li><strong>TLS Handshake &amp; Forwarding<br \/><\/strong>The SCC\u2019s system certificate handles the TLS channel to the backend. The short-lived user certificate is inserted into the HTTP header (SSL_CLIENT_CERT) of the request.<br \/><br \/><\/li>\n<li><strong>Backend Validation<\/strong><br \/>The SAP backend (S\/4HANA, BW, Web Dispatcher, etc.) validates the certificate via STRUST trust configuration and maps the CN value through transaction CERTRULE.<br \/><br \/><\/li>\n<li><strong>SSO Session Creation<br \/><\/strong>A valid mapping establishes an SSO session under the propagated user identity.<\/li>\n<\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-637ef394 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"637ef394\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Why the system certificate is the real trust anchor <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-65e60719 elementor-widget elementor-widget-text-editor\" data-id=\"65e60719\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW5329095 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW5329095 BCX8\">Contrary to common assumption, the user certificate is not the critical credential.<\/span><\/span><span class=\"LineBreakBlob BlobObject DragDrop SCXW5329095 BCX8\"><span class=\"SCXW5329095 BCX8\">\u00a0<br \/><\/span><br class=\"SCXW5329095 BCX8\" \/><\/span><span class=\"TextRun SCXW5329095 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW5329095 BCX8\">The SCC system certificate, its private key, and the corresponding CA trust in STRUST form the real security foundation.<\/span><span class=\"NormalTextRun SCXW5329095 BCX8\">\u00a0<\/span><span class=\"NormalTextRun SCXW5329095 BCX8\">If the system certificate is compromised, an attacker could impersonate the SCC itself.<\/span><span class=\"NormalTextRun SCXW5329095 BCX8\">\u00a0<\/span><span class=\"NormalTextRun SCXW5329095 BCX8\">Therefore, OS hardening and file-system protection for keystores (JKS\/P12) are essential.<\/span><\/span><span class=\"EOP SCXW5329095 BCX8\" data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7f299914 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"7f299914\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Controls that really matter <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5ea81906 elementor-widget elementor-widget-text-editor\" data-id=\"5ea81906\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Use separate certificates for SCC UI and system communication.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Enforce strong algorithms (RSA 4096 \/ ECDSA) and CAs.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Harden\u00a0<\/span><span data-contrast=\"auto\">CERTRULE<\/span><span data-contrast=\"auto\">\u00a0mapping (no wildcards, use email or UID attributes).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Restrict file access to SCC service users only, encrypt keystore directories, monitor for\u00a0changes.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">Integrate SCC audit logs with SIEM (Sentinel, Splunk, etc.).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"6\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><span data-contrast=\"auto\">Monitor certificate changes and principal propagation settings.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-5d1c855a e-con-full e-flex e-con e-child\" data-id=\"5d1c855a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-70dbf8a5 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"70dbf8a5\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">CA Strategy: SCC Internal CA vs. Secure Login Server (SLS) <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-50c6b0ed elementor-widget elementor-widget-text-editor\" data-id=\"50c6b0ed\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>While SCC includes its own internal CA, some organizations prefer to delegate certificate issuance to <strong><a href=\"https:\/\/xiting.com\/de\/sap-knowledge\/migration-sap-sso-3-0-zu-sap-secure-login-service\/\">SAP Secure Login Server (SLS)<\/a><\/strong> for compliance or HSM integration.<\/p><p>However, Secure Login Server (SLS) runs on AS Java, introduces extra operational complexity, and will reach end of life in 2027. If HSM integration is mandatory, SLS may still be justified; otherwise, the built-in SCC CA offers an excellent balance between simplicity and security.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2c0df53a elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"2c0df53a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Observations from recent SCC security reviews <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7dfed0d4 elementor-widget elementor-widget-text-editor\" data-id=\"7dfed0d4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW116072335 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW116072335 BCX8\">Our field experience across multiple hybrid SAP landscapes revealed common findings:<\/span><\/span><span class=\"EOP SCXW116072335 BCX8\" data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-76e8a2c3 e-grid e-con-full e-con e-child\" data-id=\"76e8a2c3\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-45da9e15 elementor-widget elementor-widget-text-editor\" data-id=\"45da9e15\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">Technical Hygiene<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"7\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">SCC v2.18.1, SLES 15 SP5, <br \/>SAP JVM 8.1.105<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"7\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Proper DMZ segmentation<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"7\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Non-root service user operation<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"7\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">High-availability\u00a0<br \/>(Master\/Shadow) implemented<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c8c440c elementor-widget elementor-widget-text-editor\" data-id=\"3c8c440c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">Identity &amp; Access Weaknesses<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"8\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Local admin users\u00a0<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"8\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">No central password policy<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"8\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Missing LDAP integration<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1f27be74 elementor-widget elementor-widget-text-editor\" data-id=\"1f27be74\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">Certificate &amp; Trust Issues<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">&nbsp;<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"9\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Internal 2-tier PKI used<br>(Root CA + Issuing CA)<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">&nbsp;<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"9\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Local CA missing&nbsp;<\/span><span data-contrast=\"auto\">KEYCERTSIGN<\/span><span data-contrast=\"auto\">&nbsp;flag (non-blocking)<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">&nbsp;<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"9\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Expired backend <br>trust entries<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">&nbsp;<\/span><\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1956468b elementor-widget elementor-widget-text-editor\" data-id=\"1956468b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">BTP Neo Allowlist Misconfiguration<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Empty\u00a0allowlist = <br \/>everything trusted.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"10\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Always explicitly whitelist known applications.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-34240af2 elementor-widget elementor-widget-text-editor\" data-id=\"34240af2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">Subaccount Certificate Renewal<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"11\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Manual renewal caused downtime.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"11\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Since v2.18: auto-renewal via SCC UI + BTP-Cockpit <br \/>(~30 days before expiry).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a73a8b7 elementor-widget elementor-widget-text-editor\" data-id=\"5a73a8b7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">TLS Cipher Suites<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Only modern ECDHE\u00a0<br \/><\/span>+ AES-GCM ciphers active<span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"12\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">TLS 1.3 support may depend on the underlying JVM and configuration; many <br \/>productive setups still <br \/>rely on hardened TLS 1.2 configurations).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-78ea8b3f elementor-widget elementor-widget-text-editor\" data-id=\"78ea8b3f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">Logging &amp; Alerting<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Audit level set to \u201cALL\u201d<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Forwarding\u00a0to SIEM for long-term retention<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"13\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Alerts for CPU, disk, <br \/>cert expiry<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5598d186 elementor-widget elementor-widget-text-editor\" data-id=\"5598d186\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">RFC-SNC Encryption <br \/>Missing<\/span><\/b><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"14\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">RFC between SCC and <br \/>backend unencrypted<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"14\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Introduce SNC to secure identity propagation and<br \/>meet compliance.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5e47b461 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"5e47b461\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What\u2019s new in 2026 <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4aa680dc elementor-widget elementor-widget-text-editor\" data-id=\"4aa680dc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"padding-left: 40px;\"><span data-contrast=\"auto\">\u2192 While version 2.18 introduced major functional improvements (e.g. certificate automation), version\u00a0<\/span><b><span data-contrast=\"auto\">2.19.x (released April 2026)\u00a0<\/span><\/b><span data-contrast=\"auto\">focuses on operational stability.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<br \/><\/span><\/p><p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">\u2192 SCC v2.18 (March 2025)<\/span><\/b><span data-contrast=\"auto\">: Adds Windows Server 2025 support, automated subaccount certificate renewal, and central trust-store for LDAP\/email.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">\u2192 Root CA Migration (July 2025)<\/span><\/b><span data-contrast=\"auto\">:\u00a0Let\u2019s\u00a0Encrypt Root X1 \u2192 X2. Update JVM trust stores.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">\u2192 SAP Security Patch Day (June 2025)<\/span><\/b><span data-contrast=\"auto\">: 14 new notes affecting proxy\/connectivity components.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">\u2192 DigiCert G5\/G3 readiness (2026 migration)<\/span><\/b><span data-contrast=\"auto\">: Prepare backend trust stores early.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">\u2192 Growing Focus on Principal Propagation:<\/span><\/b><span data-contrast=\"auto\">\u00a0Supported for HTTP and RFC scenarios.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p><p style=\"padding-left: 40px;\"><b><span data-contrast=\"auto\">\u2192 Integration Trends:<\/span><\/b><span data-contrast=\"auto\">\u00a0Microsoft Fabric and other multi-cloud platforms increasingly reference SAP connectivity best practices.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-796dce0c elementor-widget elementor-widget-image\" data-id=\"796dce0c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/elementor\/thumbs\/en_scc-rlb9snezhlzk2lz3ysdbrhde0mg2q14qu11cre421c.png\" title=\"sap-cloud-connector-evolution-scc\" alt=\"Graphic illustrating the SAP Cloud Connector evolution across versions SCC 2.16, SCC 2.18, and SCC 2.19.x, highlighting security enhancements, automation and trust management, and improved stability with BTP integration.\" loading=\"lazy\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Figure 2: SAP Cloud Connector Evolution (Versions 2.16 \u2013 2.19.x)<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-674fd373 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"674fd373\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Governance and strategy <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3a81348f elementor-widget elementor-widget-text-editor\" data-id=\"3a81348f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Moving from a \u201cfunctional\u201d SCC to a \u201cstrategically managed\u201d one\u00a0requires\u00a0a clear governance framework:\u00a0<\/strong><\/p><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Assign ownership (one responsible team for operations, monitoring, patching).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Maintain lifecycle policies (upgrade cadence, version tracking).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Avoid shared technical users; enforce principal propagation.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Document mappings, trust links, and certificate renewals.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">Include SCC in central monitoring (certificate expiry, version drift, failed tunnels).<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul><ul><li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"6\" data-aria-level=\"1\"><span data-contrast=\"auto\">Align SCC strategy with broader integration and zero-trust architecture.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-1b1764e4 e-con-full e-flex e-con e-child\" data-id=\"1b1764e4\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-346264c2 e-con-full e-flex e-con e-child\" data-id=\"346264c2\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-70a4e33f elementor-widget elementor-widget-html\" data-id=\"70a4e33f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<script src=\"https:\/\/fast.wistia.com\/player.js\" async><\/script><script src=\"https:\/\/fast.wistia.com\/embed\/albqrieiay.js\" async type=\"module\"><\/script><style>wistia-player[media-id='albqrieiay']:not(:defined) { background: center \/ contain no-repeat url('https:\/\/fast.wistia.com\/embed\/medias\/albqrieiay\/swatch'); display: block; filter: blur(5px); padding-top:56.25%; }<\/style> <wistia-player media-id=\"albqrieiay\" aspect=\"1.7777777777777777\"><\/wistia-player>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-1c2bb32a e-con-full e-flex e-con e-child\" data-id=\"1c2bb32a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-7b3aa479 e-con-full e-flex e-con e-child\" data-id=\"7b3aa479\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-683ebdbf elementor-widget elementor-widget-heading\" data-id=\"683ebdbf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Contact<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6ffb7d15 elementor-widget elementor-widget-image\" data-id=\"6ffb7d15\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"640\" src=\"https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/carsten_olt_xiting.jpg\" class=\"attachment-large size-large wp-image-28806\" alt=\"\" srcset=\"https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/carsten_olt_xiting.jpg 700w, https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/carsten_olt_xiting-300x300.jpg 300w, https:\/\/xiting.com\/wp-content\/uploads\/2023\/02\/carsten_olt_xiting-150x150.jpg 150w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-77626a20 elementor-widget elementor-widget-heading\" data-id=\"77626a20\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"elementor-heading-title elementor-size-default\">Carsten Olt<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4a9dc543 elementor-widget elementor-widget-heading\" data-id=\"4a9dc543\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h5 class=\"elementor-heading-title elementor-size-default\">Head of Identity &amp; Access Management<\/h5>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-758988fc elementor-align-center elementor-widget__width-initial elementor-widget elementor-widget-button\" data-id=\"758988fc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-size-md\" role=\"button\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Contact us!<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-48cbe055 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"48cbe055\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Conclusion<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-42f4f8b9 elementor-widget elementor-widget-text-editor\" data-id=\"42f4f8b9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The SAP Cloud Connector remains the unsung <strong>hero of hybrid SAP landscapes<\/strong>. It\u2019s the silent enabler that secures your cloud-to-ground communication &#8211; until it fails or goes unpatched.<\/p><p>In 2026 and beyond, SCC must be treated as an active, monitored component. Version updates, evolving CAs, and stronger identity enforcement make continuous attention essential.<\/p><p>By transforming SCC from a passive connector into a governed, documented, and monitored component, organizations gain not only stability and compliance but also a strategic edge in hybrid operations.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-44d1fed3 elementor-widget__width-initial elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"44d1fed3\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">FAQ<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c67a3b9 elementor-widget elementor-widget-n-accordion\" data-id=\"c67a3b9\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;max_items_expended&quot;:&quot;multiple&quot;,&quot;default_state&quot;:&quot;expanded&quot;,&quot;n_accordion_animation_duration&quot;:{&quot;unit&quot;:&quot;ms&quot;,&quot;size&quot;:400,&quot;sizes&quot;:[]}}\" data-widget_type=\"nested-accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"e-n-accordion\" aria-label=\"Accordion. Open links with Enter or Space, close with Escape, and navigate with Arrow Keys\">\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2080\" class=\"e-n-accordion-item\" open>\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"1\" tabindex=\"0\" aria-expanded=\"true\" aria-controls=\"e-n-accordion-item-2080\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> What minimum SCC version should we run? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2080\" class=\"elementor-element elementor-element-6d866b3b e-con-full e-flex e-con e-child\" data-id=\"6d866b3b\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-105d7c79 elementor-widget elementor-widget-text-editor\" data-id=\"105d7c79\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><p><span class=\"TextRun SCXW109333444 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW109333444 BCX8\">Version 2.18 or higher. Anything below 2.16 should be upgraded due to security note dependencies.<\/span><\/span><\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2081\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"2\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-2081\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Can SCC connect to non-SAP systems?  <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2081\" class=\"elementor-element elementor-element-598cc80a e-con-full e-flex e-con e-child\" data-id=\"598cc80a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-40e45a7f elementor-widget elementor-widget-text-editor\" data-id=\"40e45a7f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><p><span class=\"TextRun SCXW250814550 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW250814550 BCX8\">Yes, it can expose non-SAP backends securely using virtual host\/port mappings and destinations.<\/span><\/span><\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2082\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"3\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-2082\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> What\u2019s the difference between user and system certificates? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2082\" class=\"elementor-element elementor-element-6c5c0830 e-con-full e-flex e-con e-child\" data-id=\"6c5c0830\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7d997b42 elementor-widget elementor-widget-text-editor\" data-id=\"7d997b42\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><p><span class=\"TextRun SCXW216146743 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW216146743 BCX8\">The short-lived user certificate <\/span><span class=\"NormalTextRun SCXW216146743 BCX8\">identifies<\/span><span class=\"NormalTextRun SCXW216146743 BCX8\">\u00a0the end-user; the system certificate authenticates the SCC itself to the backend and is the actual trust anchor.<\/span><\/span><span class=\"EOP SCXW216146743 BCX8\" data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2083\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"4\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-2083\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> How do we avoid outages from certificate expiry?  <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2083\" class=\"elementor-element elementor-element-306a3d9f e-con-full e-flex e-con e-child\" data-id=\"306a3d9f\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-42ff927e elementor-widget elementor-widget-text-editor\" data-id=\"42ff927e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><p><span class=\"TextRun SCXW62451531 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW62451531 BCX8\">Enable auto-renewal,\u00a0<\/span><span class=\"NormalTextRun SCXW62451531 BCX8\">monitor<\/span><span class=\"NormalTextRun SCXW62451531 BCX8\">\u00a0expiry alerts,\u00a0<\/span><span class=\"NormalTextRun SCXW62451531 BCX8\">maintain<\/span><span class=\"NormalTextRun SCXW62451531 BCX8\">\u00a0redundant SCC nodes, and keep JVM trust stores updated.<\/span><\/span><span class=\"EOP SCXW62451531 BCX8\" data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2084\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"5\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-2084\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Should we use SLS for Principal Propagation? <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2084\" class=\"elementor-element elementor-element-41c86100 e-con-full e-flex e-con e-child\" data-id=\"41c86100\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7b98654 elementor-widget elementor-widget-text-editor\" data-id=\"7b98654\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><p><span class=\"TextRun SCXW74590440 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW74590440 BCX8\">Only if required by PKI or HSM policy. For most use cases, SCC\u2019s internal CA is sufficient and easier to\u00a0<\/span><span class=\"NormalTextRun SCXW74590440 BCX8\">maintain<\/span><span class=\"NormalTextRun SCXW74590440 BCX8\">.<\/span><\/span><span class=\"EOP SCXW74590440 BCX8\" data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-2085\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"6\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-2085\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><h3 class=\"e-n-accordion-item-title-text\"> Will SCC remain relevant in the next years?  <\/h3><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-angle-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-angle-right\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-2085\" class=\"elementor-element elementor-element-3565ceba e-con-full e-flex e-con e-child\" data-id=\"3565ceba\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-79caf76e elementor-widget elementor-widget-text-editor\" data-id=\"79caf76e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><div class=\"x_elementToProof\" data-olk-copy-source=\"MessageBody\"><p><span class=\"TextRun SCXW51460788 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW51460788 BCX8\">Absolutely &#8211; SCC continues to be the backbone for hybrid connectivity, even as SAP expands into zero-trust and cloud-to-cloud integrations.<\/span><\/span><span class=\"EOP SCXW51460788 BCX8\" data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true}\">\u00a0<\/span><\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<script type=\"application\/ld+json\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"What minimum SCC version should we run?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Version 2.18 or higher. Anything below 2.16 should be upgraded due to security note dependencies.\"}},{\"@type\":\"Question\",\"name\":\"Can SCC connect to non-SAP systems?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes, it can expose non-SAP backends securely using virtual host\\\/port mappings and destinations.\"}},{\"@type\":\"Question\",\"name\":\"What\\u2019s the difference between user and system certificates?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The short-lived user certificate identifies\\u00a0the end-user; the system certificate authenticates the SCC itself to the backend and is the actual trust anchor.\\u00a0\"}},{\"@type\":\"Question\",\"name\":\"How do we avoid outages from certificate expiry?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Enable auto-renewal,\\u00a0monitor\\u00a0expiry alerts,\\u00a0maintain\\u00a0redundant SCC nodes, and keep JVM trust stores updated.\\u00a0\"}},{\"@type\":\"Question\",\"name\":\"Should we use SLS for Principal Propagation?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Only if required by PKI or HSM policy. For most use cases, SCC\\u2019s internal CA is sufficient and easier to\\u00a0maintain.\\u00a0\"}},{\"@type\":\"Question\",\"name\":\"Will SCC remain relevant in the next years?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Absolutely &#8211; SCC continues to be the backbone for hybrid connectivity, even as SAP expands into zero-trust and cloud-to-cloud integrations.\\u00a0\"}}]}<\/script>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3628d54e elementor-section-stretched elementor-section-height-min-height elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"3628d54e\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b92176d\" data-id=\"b92176d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6b405e78 elementor-widget elementor-widget-heading\" data-id=\"6b405e78\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Stay up to date!<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2e0feeea elementor-widget elementor-widget-heading\" data-id=\"2e0feeea\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Sign up for the newsletter to receive more information.<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-24a255e4 elementor-align-center elementor-widget elementor-widget-button\" data-id=\"24a255e4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm elementor-animation-grow\" href=\"https:\/\/xiting.com\/en\/subscribe-to-our-newsletter\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t<span class=\"elementor-button-icon\">\n\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-long-arrow-alt-right\"><\/i>\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Newsletter Registration<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-70b8e82a elementor-widget elementor-widget-heading\" data-id=\"70b8e82a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Follow @Xiting and @xiting.global on Social Media<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-6a13151e e-flex e-con-boxed e-con e-parent\" data-id=\"6a13151e\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-72633fc6 elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"72633fc6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<a class=\"elementor-icon\" href=\"https:\/\/www.linkedin.com\/company\/xiting\/\">\n\t\t\t<i aria-hidden=\"true\" class=\"fab fa-linkedin-in\"><\/i>\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4ad9b12 elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"4ad9b12\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<a class=\"elementor-icon\" href=\"https:\/\/www.youtube.com\/@Xiting\">\n\t\t\t<i aria-hidden=\"true\" class=\"fab fa-youtube\"><\/i>\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-197638c1 elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"197638c1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<a class=\"elementor-icon\" href=\"https:\/\/www.instagram.com\/xiting.global\/\">\n\t\t\t<i aria-hidden=\"true\" class=\"fab fa-instagram\"><\/i>\t\t\t<\/a>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>How today\u2019s enterprises must evolve their hybrid connectivity, avoid technical user risks, and embrace next-gen operations<\/p>\n","protected":false},"author":9,"featured_media":55203,"parent":63223,"menu_order":0,"template":"elementor_header_footer","sap-knowledge-category":[1871],"class_list":["post-63224","sap-knowledge","type-sap-knowledge","status-publish","has-post-thumbnail","hentry","sap-knowledge-category-sap-cloud"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SAP Cloud Connector \u2013 Secure Hybrid Landscapes<\/title>\n<meta name=\"description\" content=\"Discover how the SAP Cloud Connector enhances hybrid connectivity, minimizes risks, and helps you future\u2011proof your operations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Hybrid Landscapes with the SAP Cloud Connector\" \/>\n<meta property=\"og:description\" content=\"Discover how the SAP Cloud Connector enhances hybrid connectivity, minimizes risks, and helps you future\u2011proof your operations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiting\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/XitingAG\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-12T09:30:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiting.com\/wp-content\/uploads\/2025\/11\/cloud-security.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/\"},\"author\":{\"name\":\"Carsten Olt\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/person\\\/3c32c7de1132d012e263720a9f3300a2\"},\"headline\":\"Securing Hybrid Landscapes with the SAP Cloud Connector\",\"datePublished\":\"2026-03-31T16:32:00+00:00\",\"dateModified\":\"2026-06-12T09:30:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/\"},\"wordCount\":2190,\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/cloud-security.png\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/\",\"name\":\"SAP Cloud Connector \u2013 Secure Hybrid Landscapes\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/cloud-security.png\",\"datePublished\":\"2026-03-31T16:32:00+00:00\",\"dateModified\":\"2026-06-12T09:30:39+00:00\",\"description\":\"Discover how the SAP Cloud Connector enhances hybrid connectivity, minimizes risks, and helps you future\u2011proof your operations.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/#primaryimage\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/cloud-security.png\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/cloud-security.png\",\"width\":1800,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/cloud-connector\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/xiting.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP S\\\/4HANA\",\"item\":\"https:\\\/\\\/xiting.com\\\/en\\\/sap-knowledge\\\/sap-s4hana\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Securing Hybrid Landscapes with the SAP Cloud Connector\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/\",\"name\":\"Xiting\",\"description\":\"Your Expert for SAP Security\",\"publisher\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/xiting.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#organization\",\"name\":\"Xiting\",\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"contentUrl\":\"https:\\\/\\\/xiting.com\\\/wp-content\\\/uploads\\\/2019\\\/08\\\/xiting-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Xiting\"},\"image\":{\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/XitingAG\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/1345129\\\/\",\"https:\\\/\\\/www.instagram.com\\\/xiting.global\\\/\",\"https:\\\/\\\/www.crunchbase.com\\\/organization\\\/xiting\"],\"description\":\"Xiting wurde 2008 von erfahrenen SAP-Beratern in der Schweiz gegr\u00fcndet. Heute f\u00fchren wir ein engagiertes Team von 140 Mitarbeitenden an mehreren weltweiten Niederlassungen. Unsere hochqualifizierten SAP Security Consultants stehen f\u00fcr einen ausgepr\u00e4gten Qualit\u00e4tsanspruch und unterst\u00fctzen \u00fcber 700 nationale und internationale Kunden mit erstklassigen SAP-Dienstleistungen \u2013 sowohl Remote als auch mit Vor-Ort-Betreuung.\",\"email\":\"info@xiting.ch\",\"telephone\":\"+41 43422 8803\",\"legalName\":\"Xiting AG\",\"foundingDate\":\"2008-06-01\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"51\",\"maxValue\":\"200\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/xiting.com\\\/en\\\/#\\\/schema\\\/person\\\/3c32c7de1132d012e263720a9f3300a2\",\"name\":\"Carsten Olt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g\",\"caption\":\"Carsten Olt\"},\"description\":\"Carsten Olt has been working as a Managing SAP Security Consultant since 2016, responsible for Secure Authentication &amp; SSO and SAP Cloud Security Services at Xiting in Germany. As a member of the IAM team, he is also a team leader who conveys the company's goals and strategies to employees and has organizational responsibility. With a security-minded approach, Carsten has international project and IT security experience in many industries. He has been working in IT-Security since 2001, specializing in SAP security since 2010. He is a subject matter expert for SAP Single Sign-On 3.0 and a trainer for the WDESSO course. His current focus is on supporting customers in solving authentication and security challenges within hybrid SAP landscapes, as well as designing and implementing holistic authentication concepts. Carsten is an ISACA CISA and a former MCP and RHCE with an ISP background, and he looks at security from different angles. He also translates between SAP and IT security vocabulary. Carsten has in-depth experience in multi-vendor architectures and MSFT\\\/Azure components, dealing with all the requirements concerning SAML 2.0, OAuth, OpenID Connect, SCIM, X.509 CBA &amp; PKI, MFA, SAP SSO, and Secure Network Communications, Kerberos\\\/SPNEGO, data security and encryption, as well as digital signatures. Carsten is experienced in SAP on-premises components such as S\\\/4HANA, ABAP, and Java, as well as security solutions like SSO 3.0. Since 2019, he has focused on SAP-Cloudified environments, specifically the SAP Cloud Identity Services and SAP BTP, as well as SaaS integrations concerning IAM. He deals with hybrid SAP security in conjunction with Azure Active Directory, ADDS, ADFS, ADCS, Reverse Proxies\\\/WAF, SAP Web Dispatcher, SAP Cloud Connector, third-party products, and infrastructure components.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/jsterr@xiting.de\"],\"url\":\"https:\\\/\\\/xiting.com\\\/en\\\/author\\\/carsten-olt\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAP Cloud Connector \u2013 Secure Hybrid Landscapes","description":"Discover how the SAP Cloud Connector enhances hybrid connectivity, minimizes risks, and helps you future\u2011proof your operations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/","og_locale":"en_US","og_type":"article","og_title":"Securing Hybrid Landscapes with the SAP Cloud Connector","og_description":"Discover how the SAP Cloud Connector enhances hybrid connectivity, minimizes risks, and helps you future\u2011proof your operations.","og_url":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/","og_site_name":"Xiting","article_publisher":"https:\/\/www.facebook.com\/XitingAG","article_modified_time":"2026-06-12T09:30:39+00:00","og_image":[{"width":1800,"height":900,"url":"https:\/\/xiting.com\/wp-content\/uploads\/2025\/11\/cloud-security.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/#article","isPartOf":{"@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/"},"author":{"name":"Carsten Olt","@id":"https:\/\/xiting.com\/en\/#\/schema\/person\/3c32c7de1132d012e263720a9f3300a2"},"headline":"Securing Hybrid Landscapes with the SAP Cloud Connector","datePublished":"2026-03-31T16:32:00+00:00","dateModified":"2026-06-12T09:30:39+00:00","mainEntityOfPage":{"@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/"},"wordCount":2190,"publisher":{"@id":"https:\/\/xiting.com\/en\/#organization"},"image":{"@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2025\/11\/cloud-security.png","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/","url":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/","name":"SAP Cloud Connector \u2013 Secure Hybrid Landscapes","isPartOf":{"@id":"https:\/\/xiting.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/#primaryimage"},"image":{"@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/#primaryimage"},"thumbnailUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2025\/11\/cloud-security.png","datePublished":"2026-03-31T16:32:00+00:00","dateModified":"2026-06-12T09:30:39+00:00","description":"Discover how the SAP Cloud Connector enhances hybrid connectivity, minimizes risks, and helps you future\u2011proof your operations.","breadcrumb":{"@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/#primaryimage","url":"https:\/\/xiting.com\/wp-content\/uploads\/2025\/11\/cloud-security.png","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2025\/11\/cloud-security.png","width":1800,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/cloud-connector\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiting.com\/en\/"},{"@type":"ListItem","position":2,"name":"SAP S\/4HANA","item":"https:\/\/xiting.com\/en\/sap-knowledge\/sap-s4hana\/"},{"@type":"ListItem","position":3,"name":"Securing Hybrid Landscapes with the SAP Cloud Connector"}]},{"@type":"WebSite","@id":"https:\/\/xiting.com\/en\/#website","url":"https:\/\/xiting.com\/en\/","name":"Xiting","description":"Your Expert for SAP Security","publisher":{"@id":"https:\/\/xiting.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiting.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiting.com\/en\/#organization","name":"Xiting","url":"https:\/\/xiting.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiting.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","contentUrl":"https:\/\/xiting.com\/wp-content\/uploads\/2019\/08\/xiting-logo.svg","width":1,"height":1,"caption":"Xiting"},"image":{"@id":"https:\/\/xiting.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/XitingAG","https:\/\/www.linkedin.com\/company\/1345129\/","https:\/\/www.instagram.com\/xiting.global\/","https:\/\/www.crunchbase.com\/organization\/xiting"],"description":"Xiting wurde 2008 von erfahrenen SAP-Beratern in der Schweiz gegr\u00fcndet. Heute f\u00fchren wir ein engagiertes Team von 140 Mitarbeitenden an mehreren weltweiten Niederlassungen. Unsere hochqualifizierten SAP Security Consultants stehen f\u00fcr einen ausgepr\u00e4gten Qualit\u00e4tsanspruch und unterst\u00fctzen \u00fcber 700 nationale und internationale Kunden mit erstklassigen SAP-Dienstleistungen \u2013 sowohl Remote als auch mit Vor-Ort-Betreuung.","email":"info@xiting.ch","telephone":"+41 43422 8803","legalName":"Xiting AG","foundingDate":"2008-06-01","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"51","maxValue":"200"}},{"@type":"Person","@id":"https:\/\/xiting.com\/en\/#\/schema\/person\/3c32c7de1132d012e263720a9f3300a2","name":"Carsten Olt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2c35c3b7ce5d81579234be25ef570938712ba95e2cb8e87f2a79b81be928499a?s=96&d=mm&r=g","caption":"Carsten Olt"},"description":"Carsten Olt has been working as a Managing SAP Security Consultant since 2016, responsible for Secure Authentication &amp; SSO and SAP Cloud Security Services at Xiting in Germany. As a member of the IAM team, he is also a team leader who conveys the company's goals and strategies to employees and has organizational responsibility. With a security-minded approach, Carsten has international project and IT security experience in many industries. He has been working in IT-Security since 2001, specializing in SAP security since 2010. He is a subject matter expert for SAP Single Sign-On 3.0 and a trainer for the WDESSO course. His current focus is on supporting customers in solving authentication and security challenges within hybrid SAP landscapes, as well as designing and implementing holistic authentication concepts. Carsten is an ISACA CISA and a former MCP and RHCE with an ISP background, and he looks at security from different angles. He also translates between SAP and IT security vocabulary. Carsten has in-depth experience in multi-vendor architectures and MSFT\/Azure components, dealing with all the requirements concerning SAML 2.0, OAuth, OpenID Connect, SCIM, X.509 CBA &amp; PKI, MFA, SAP SSO, and Secure Network Communications, Kerberos\/SPNEGO, data security and encryption, as well as digital signatures. Carsten is experienced in SAP on-premises components such as S\/4HANA, ABAP, and Java, as well as security solutions like SSO 3.0. Since 2019, he has focused on SAP-Cloudified environments, specifically the SAP Cloud Identity Services and SAP BTP, as well as SaaS integrations concerning IAM. He deals with hybrid SAP security in conjunction with Azure Active Directory, ADDS, ADFS, ADCS, Reverse Proxies\/WAF, SAP Web Dispatcher, SAP Cloud Connector, third-party products, and infrastructure components.","sameAs":["https:\/\/x.com\/jsterr@xiting.de"],"url":"https:\/\/xiting.com\/en\/author\/carsten-olt\/"}]}},"_links":{"self":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/sap-knowledge\/63224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/sap-knowledge"}],"about":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/types\/sap-knowledge"}],"author":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/users\/9"}],"version-history":[{"count":11,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/sap-knowledge\/63224\/revisions"}],"predecessor-version":[{"id":64637,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/sap-knowledge\/63224\/revisions\/64637"}],"up":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/sap-knowledge\/63223"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/media\/55203"}],"wp:attachment":[{"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/media?parent=63224"}],"wp:term":[{"taxonomy":"sap-knowledge-category","embeddable":true,"href":"https:\/\/xiting.com\/en\/wp-json\/wp\/v2\/sap-knowledge-category?post=63224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}