Since its inception, most of the SAP HANA security model has been developed and maintained using SAP HANA Studio, a client tool installed on an SAP HANA developer or administrator workstation. However, in November 2016, SAP announced and released SAP HANA 2.0, including a new administration tool called the SAP HANA cockpit.

The SAP HANA cockpit provides monitoring, configuration, performance optimization, security, platform lifecycle management, and other administration capabilities. Unlike SAP HANA Studio, the SAP HANA cockpit does not provide application or content development tools. These tools have been migrated to SAP Web IDE for SAP HANA, another independent, web-based development tool in the SAP HANA 2.0 portfolio.

The SAP HANA cockpit is a standalone, web-based HTML5 application server, not a desktop-based client tool. It operates in SAP HANA extended application services, advanced model (SAP HANA XSA) and also requires an SAP HANA 2.0, express edition, database or an SAP HANA 2.0 tenant database to operate. The architecture of the SAP HANA cockpit is designed to centralize and simplify the management and administration of SAP HANA throughout an IT landscape. Given its importance in the realm of SAP HANA security, the goal of this chapter is to introduce you to the various security workflows and security options that you can manage in the SAP HANA cockpit. However, this chapter is not intended as a comprehensive guide to using the SAP HANA cockpit.

References to the SAP HANA cockpit will be prominent throughout this book, so you’ll require a basic understanding of it and its security-related interfaces. In this chapter, we’ll provide an overview of the SAP HANA cockpit, introducing its architecture, basic navigation steps, and specific security management interfaces. We’ll also introduce the SAP HANA database explorer and the SQL console, in which security-related SQL commands are executed, and we’ll outline the key user interfaces you’ll use to administer security-related items, including the graphical interfaces for user and role administration. We’ll also discuss other interfaces used to manage data encryption, authentication, and database security.

In this section, we’ll provide an overview of the architecture of the SAP HANA cockpit, show you how to access it the first time, review the SAP HANA cockpit manager, and walk you through the steps required for registering SAP HANA databases within the SAP HANA cockpit.

Architecturally, the SAP HANA cockpit is an SAP HANA XSA multi-target application (MTA) that requires an SAP HANA database to operate. SAP provides several deployment options, as shown in Figure 1.1.

As shown in Figure 1.1, you can deploy the SAP HANA cockpit on a supported standalone server using SAP HANA, express edition. The SAP HANA cockpit can also be installed alongside your existing SAP HANA instance or within an existing instance by using separate tenant databases sharing the same instance. In all cases, the software must be deployed to a supported Linux operating system (OS). Be sure you size your hardware properly based on the deployment option you choose.

Both a standalone installation and an installation as a separate instance require the use of SAP HANA, express edition. Fortunately, the installation media for the SAP HANA cockpit includes every required component and deploys the enti...