Encryption can take place in any layer of the storage stack. In a SAP NetWeaver Portal environment the storage architecture is extended by an extra layer in form of the Repository Framework.

Storage Stack Layers

• Physical Disk - full disk encryption (FDE)

• Logical disk – encryption of logical disks
• Filesystem - encryption of files
• Application  - application based encryption (for example by the text editor)

SAP NetWeaver Specific Storage Stack Layers

• SAP NetWeaver Portal KM Repository Manager
• SAP NetWeaver Portal KM Content Filter

At which layer you implement encryption depends on your customer requirements. Third party solutions for encryption are readily available for the non-SAP NetWeaver storage stack layers listed above.

The advantages of a SAP NetWeaver based content encryption over encryption at lower layers would be better application integration and the possibility to leverage the SAP NetWeaver user management and security infrastructure.

An encryption at lower layers has the advantage of application transparency and lower implementation costs (due to existing third party solutions).

SAP NetWeaver based content encryption can be implemented in the Repository Manager or as a content filter using the Repository Framework Java API’s. Depending on user interaction and key handling requirements, an implementation can take anything from a week to several months.

Since encryption / decryption happen on the server side additional measures need to be taken to securely transmit content from the server to the client. Typically setting up SSL would address this requirement.

If you decide to implement encryption yourself either as part of a KM Repository Manager or as a KM Content filter the following links might be useful to you:

• http://javadoc.iaik.tugraz.at/iaik_jce/3.13/iaik/security/provider/IAIK.html
  
• Automatic Duplicate Check for Resources in KM Repositories (The source code has an example on how to use the IAIK security library).