The Cybersecurity Extension for SAP provides a robust alternative to the SAP Code Vulnerability Analyzer (CVA) for managing SAP vulnerabilities, threat detection, and custom code security. This guide outlines the essential steps to prepare your SAP Solution Manager infrastructure for a smooth transition from SAP CVA.
Executive Summary
Transitioning from SAP Code Vulnerability Analyzer (CVA) to the Cybersecurity Extension for SAP is a strategic move for organizations looking to optimize their vulnerability management. Developed by Layer Seven Security, the Cybersecurity Extension integrates directly into SAP Solution Manager, a platform already utilized by over 12,000 SAP customers for application lifecycle management. Because Solution Manager is included in standard SAP support, this transition allows organizations to leverage existing infrastructure while gaining advanced security capabilities. This fourth part of our transition series focuses on the technical prerequisites for the platform. Specifically, it details the “Infrastructure Preparation” phase within the Solution Manager Configuration. By ensuring your environment meets these requirements, you prepare your landscape for the removal of legacy CVA consoles, sensors, and addons, ensuring a clean and efficient migration path to a modern, supported security framework.
Key Takeaways
- The Cybersecurity Extension for SAP is an addon for SAP Solution Manager, leveraging your existing application lifecycle management platform.
- Transitioning allows you to remove legacy SAP CVA consoles, sensors, users, and addons from your SAP landscape.
- Infrastructure Preparation in Solution Manager (SOLMAN_SETUP) must be fully completed to support the transition.
- Usage rights for SAP Solution Manager are included in your standard SAP support agreement.
How do you prepare your infrastructure for the transition?
To prepare your environment for the Cybersecurity Extension for SAP, you must complete the Infrastructure Preparation steps within the SAP Solution Manager Configuration. Begin by executing transaction SOLMAN_SETUP or navigating to the work center labeled SAP Solution Manager Configuration – Configuration (All Scenarios).
Once in the configuration menu, select Infrastructure Preparation located under Cross Scenario Configuration – Mandatory Configuration. You must ensure that the status of every step in this section is green, indicating successful completion. If any steps are marked as red or yellow, follow the provided guided procedures to resolve the incomplete tasks. Please note that for this specific implementation, the installation of ISAGENT for Wiley Introscope and CA Introscope is not required.
What is the role of SAP Solution Manager in this transition?
SAP Solution Manager serves as the hosting platform for the Cybersecurity Extension for SAP, replacing the standalone architecture often required by legacy tools. By utilizing an existing, widely adopted platform for monitoring and diagnostics, organizations can reduce the complexity of their security stack. Since Solution Manager is a standard component of SAP environments, it provides a familiar and supported foundation for managing custom code security and threat detection without the need for additional external consoles.
Frequently Asked Questions
What happens to SAP CVA components after the transition?
Once you have successfully transitioned to the Cybersecurity Extension for SAP, you should remove all SAP CVA-related assets from your landscape. This includes decommissioning SAP CVA consoles and sensors, as well as removing SAP CVA-specific users and addons from your SAP systems to ensure a clean environment.
Do I need special licensing for SAP Solution Manager?
No, usage rights for SAP Solution Manager are included in your standard SAP support agreement. This makes it a cost-effective and accessible platform for hosting the Cybersecurity Extension for SAP, as most SAP customers already have the infrastructure in place.
Are there specific components I do not need to install?
Yes. When following the Infrastructure Preparation guided procedures in SOLMAN_SETUP, you do not need to perform the installations for ISAGENT for Wiley Introscope or CA Introscope. You can proceed with the required configuration steps while omitting these specific agents.