You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
How to perform security tasks to ensure that your security settings are not known outside your organization. You will learn how to apply the HXE license to ensure your installation keeps working after the default grace period expires.
16
16
17
17
### Time to Complete
18
-
**15 Min**.
18
+
**15-20 Min**.
19
19
20
20
---
21
21
@@ -33,7 +33,7 @@ If you are using the SAP HANA Studio eclipse plugin, you can do the following.
33
33
5. Make a note of the Hardware Key value.
34
34
35
35
#### Order your license key
36
-
1. Go to [sap.com/minisap](http://sap.com/minisap) and fill out all required information.
36
+
1. Go to [SAP Sneak Preview License Key Request](http://sap.com/minisap) page and fill out all required information.
37
37
2. For System ID, select HXE.
38
38
3. For Hardware Key, enter the hardware key value you recorded earlier.
39
39
4. Submit the form. The license key is emailed to you.
@@ -59,7 +59,7 @@ After confirmation, the properties page refreshes with your new license informat
59
59
3. Copy or otherwise record the value returned for `HARDWARE_KEY`
60
60
61
61
#### Order your license key
62
-
1. Go to [sap.com/minisap](http://sap.com/minisap) and fill out all required information.
62
+
1. Go to [SAP Sneak Preview License Key Request](http://sap.com/minisap) page and fill out all required information.
63
63
2. For System ID, select HXE.
64
64
3. For Hardware Key, enter the hardware key value you recorded earlier.
65
65
4. Submit the form. The license key is emailed to you.
@@ -85,49 +85,69 @@ After confirmation, the properties page refreshes with your new license informat
85
85
5. Proceed to **Change the SSFS Master Keys**.
86
86
87
87
88
-
### Change the SSFS Master Keys
89
-
1. Log on to the HANA system as **`hxeadm`** and shut the system down using the `sapcontrol` program:
## <aname="ssfsKeys">Change the SSFS Master Keys</a>
89
+
The secure stores in the file system (SSFS) used by SAP HANA are protected by unique master keys, generated during installation or update. If you installed HXE from an OVA, then it shares master keys with other HXE systems. We recommend that you change the master keys immediately after setup to ensure that your master keys are not known outside your organization. For more information on changing the master keys, see the [Change the SSFS Master Keys](https://help.sap.com/saphelp_hanaplatform/helpdata/en/58/1593c48739431caaccc3d2ef55c23f/frameset.htm) topic in the *SAP HANA Administration Guide*.
90
+
91
+
1. Log on to the HANA system as `hxeadm` and shut the system down using the `sapcontrol` program:
3. Add the following entry to the `global.ini` file using a text editor. (HANA, express edition, comes with the `vi` and `vim` text editors.) The `global.ini` file is located here: `/usr/sap/HXE/SYS/global/hdb/custom/config/global.ini`
102
+
103
+
Add or edit the cryptography section with the following value.
For more information, see the [Change the SSFS Master Keys](https://help.sap.com/saphelp_hanaplatform/helpdata/en/58/1593c48739431caaccc3d2ef55c23f/frameset.htm) topic in the *SAP HANA Administration Guide*.
SAP HANA generates unique root keys on installation. If you installed HXE from an OVA, then it shares a root key with other HXE systems. We recommend that you change the root key of the internal data encryption service to ensure it is not known outside your organization. For more information on this topic, see the [Change the Root Key of the Internal Data Encryption Service](https://help.sap.com/saphelp_hanaplatform/helpdata/en/8f/bb69c47c224b3292ba078684f176e3/frameset.htm) topic in the *SAP HANA Server Installation and Update Guide*.
105
122
106
-
### Change the Root Key
107
-
Change the root key of your installation.
108
123
1. Log on to the HANA system as **`hxeadm`** and shut the system down using the `sapcontrol` program:
6. Change all application keys so that they are encrypted with the new root key by using SAP HANA studio or SAP HANA HDBSQL:
121
-
**ALTER SYSTEM APPLICATION ENCRYPTION CREATE NEW KEY**
122
148
123
-
For more information, see the [Change the Root Key of the Internal Data Encryption Service](https://help.sap.com/saphelp_hanaplatform/helpdata/en/8f/bb69c47c224b3292ba078684f176e3/frameset.htm) topic in the *SAP HANA Server Installation and Update Guide*.
149
+
`hdbsql -u system -p <YourPassword> -d SystemDB "ALTER SYSTEM APPLICATION ENCRYPTION CREATE NEW KEY"`
124
150
125
-
### Deactivate the SYSTEM user
126
-
1. Log in as SYSTEM user to create a user with the USER ADMIN system privilege:
127
-
**/`usr`/sap/HXE/HDB00/`exe/hdbsql -d SystemDB` -u SYSTEM -p <SYSTEM_PWD> "CREATE USER `MyAdminUser` PASSWORD <`MyAdminUserPwd`> NO `FORCE_FIRST_PASSWORD_CHANGE`;"
128
-
/`usr`/sap/HXE/HDB00/`exe/hdbsql` -d `SystemDB` -u SYSTEM -p <SYSTEM_PWD> "GRANT USER ADMIN to `MyAdminUser` WITH ADMIN OPTION ;" **
129
-
2. Log in as **`MyAdminUser`** to deactivate SYSTEM:
130
-
**/`usr`/sap/HXE/HDB00/`exe`/`hdbsql` -d `SystemDB` -u `MyAdminUser` -p <`MyAdminUserPwd`> "ALTER USER SYSTEM DEACTIVATE USER NOW;"**
131
151
132
152
## Next Steps
133
153
- Select a tutorial from the [Tutorial Navigator](http://go.sap.com/developer/tutorial-navigator.html) or the [Tutorial Catalog](http://go.sap.com/developer/tutorials.html)
0 commit comments