Best Practices for Deploying HP-UX Secure Resource Partitions (SRP) for SAP Whitepaper

Executive summary

Consolidation of several SAP systems on one host might lead to questions like “How are resources

distributed?” or “How can the SAP instances be secured from each other?” In addition to offering HP

Virtual Machines (HP VM) or HP-UX Virtual Partitions (vPar), HP also offers another answer to this

question: HP-UX Secure Resource Partitions (SRP).

With SRP, it is possible to create compartments to isolate processes or restrict access to directories on

a host from each other, restrict port usage with the help of IPFilter and assign resources with the help

of HP Process Resource Manager (PRM).

SRP offers lightweight partitioning. It is deployed easily, has a low performance overhead and it

leaves a small footprint on the system. Only one operating system (OS) has to be maintained.

SRP uses components of the operating system such as PRM, IPFilter and HP-UX Security Containment

and provides a simple configuration template. No additional support or license costs are required

when using SRP in the HP-UX operating system.

This document gives an overview of how to use SRP for SAP and how to adapt a standard SAP system

to make it run within an SRP compartment. Compartment rule files for installing an SAP system,

running it and blocking other SAP systems are provided here. For easier configuration, a script is

offered in this document that simplifies adding the SAP specific rules for an SRP compartment.

Target audience: SAP consultants responsible for SAP consolidation or SAP technicians responsible to

implement new OS features.

This white paper describes the tests performed in October 2009.