Architecture

This chapter describes the components of HaloCORE.

Features:

1. HaloCORE Monitor—Logs all exports and downloads of critical SAP data from endpoints like SAP GUI or BO/BI.

2. HaloCORE Block—Classify and block sensitive data right at the moment, it leaves the application that would violate internal data security policy while allowing only authorized users to have access to that data.

3. HaloCORE Protect—Classify, label, and apply strong encryption to sensitive data downloaded from SAP using Microsoft Rights Management.

HaloCORE architecture

SAP NetWeaver AS ABAP 

SAP's NetWeaver Application Server (AS) ABAP is the technological platform on which all of SAP's ABAP-based applications run.

HaloCORE for NetWeaver Add-On

HaloCORE for NetWeaver Add-On is an ABAP Add-On that is installed in each SAP instance in your environment. It plugs into the SAP ABAP function module GUI_DOWNLOAD and intercepts all download requests from users using the SAP GUI. Files that are generated/downloaded/extracted in the background jobs are also classified and protected. All download activity is aggregated into a fully customizable audit log, which can be integrated into the company's existing analytics framework and extracted to powerful tools such as SAP Business Intelligence and Analytics solutions.

HaloCORE for NetWeaver Add-On performs the following functions:

1. Resides in the SAP NetWeaver application server.

2. Responsible for collecting raw attributes (metadata) from the ABAP context.

3. Contains the attribute derivation engine for context analysis (only in the event of pre-classification requested by the HaloENGINE).

4. Responsible for logging the entire download process until the document reaches the destination folder of the end-user.

5. Responsible for forwarding the audit log to the HaloENGINE rule engine for further actions.

HaloENGINE

HaloENGINE is a Java-based Server component that exposes a web service to SAP Add-On. It receives files from SAP clients with the passed action and additional information; it applies the action (Monitor, Block, Label, Protect, Notify). HaloENGINE performs the following technical functions:

1. Responsible for classification & action derivation.

2. Responsible for logging events sent by HaloCORE for NetWeaver Add-On.

3. Create log files for Security Information and Event Management solutions (Microsoft Azure Sentinel, Splunk, RSA, and others) in Common Event Format (CEF), IBM Standard LEEF, and JSON (JavaScript Object Notation).

HaloENGINE Service 

HaloENGINE Service, a Windows service, is responsible for communicating with HaloENGINE via TCP/IP. It is the only component that directly communicates with the Azure Right Management Service (Azure RMS).

1. Applies the classification labels to the document metadata.

2. Protects the content that the HaloENGINE sends to it based on MPIP.

3. Supports protection or label-driven protection. 

4. HaloENGINE Service is operated next to the HaloENGINE. 

Reference Manuals

For a comprehensive description of HaloENGINE and HaloENGINE Service, please refer to the HaloENGINE Installation manual that is shipped along with the product software.

Microsoft Purview Information Protection

HaloCORE solution effortlessly integrates Microsoft Purview Information Protection to protect your sensitive documents. Microsoft Purview Information Protection, an industry document security solution, enables businesses to ensure that only authorized users can open the protected content while also regulating what they can do with it such as print, edit, or save. Even if sensitive data is leaked accidentally or maliciously, unauthorized parties cannot view it in clear text, thus leaving it useless.