Symantec has issued an advisory about a crtical flaw in the SAP MaxDB database that could be targeted by hackers to execute arbitrary code. Researcher Oliver Karow of Symantec is credited with finding the database vulnerability.
The flaw was fixed in the latest version of MaxDB 7.6.00.31. "It is possible to execute arbitrary code with the privileges of the 'wahttp' process by sending a malformed HTTP request. Authentication is not required for successful exploitation to occur," according to a security advisory issued by Symantec.
As a temporary workaround, MaxDB customers can disable the SAP-DB WWW Service or restrict access to it, according to Symantec. SAP customers can download the latest version at www.service.sap.com. In 2004, SAP entered into an agreement with open source database maker mySQL to cross-license SAP DB.
The open source database was then rebranded MaxDB. It is optimized to run in conjunction with the mySAP Business Suite and the mySQL database management system.
What do real-life SAP users think about Duet? We recently asked our readers to share their two cents on the new product. The vast majority of the 100+ readers who were kind enough to submit comments to us were overwhelmingly positive. No doubt about it — the buzz we saw around the Duet booth at Sapphire 2006 is alive and well.
However, buzz does not automatically translate into actual implementations — at least not this year.
"I think Duet looks like a great way to deliver SAP functionality to end users," said Paul Krier from Johnsonville Sausage, Sheboygan, Wisc. "We may be able to use Duet in the Portal we are putting together, but at this point we use Lotus Notes as our email server, so I think we are a ways off from implementing Duet into our systems."
Colin Ross from Austrialian steel firm OneSteel echoes the positive sentiment. He considers the ability to run quick and easy reports directly in MS Outlook as the biggest benefit of Duet, and foresees his company getting on the Duet bandwagon in 2007.
"[This is a] nice product. I think it will be especially useful for users who only interact occasionally with SAP," Ross said.
Dan Amend from Tuthill corp., Burr Ridge, Ill. likes what he has heard so far but isn't ready to get in the game quite yet.
"We do not use much of the HR functionality in SAP," Amend said. "Most of the early Duet demos focused on T&E-type functions, so we have not gone too far with it. As it moves more into the financial arena with budgeting and analytics, we will get more interested in it."
Based on the responses we've seen, it seems many have choosen a slow and careful approach to Duet — but they'll probably get Duet with it in the end. This cautious angle has the proven benefit of having the early adopters clear the inevitable land mines before they take the plunge in 2007 and beyond. There were some downsides to Duet, however.
Bryan Beasley from CMC Steel Group is currently working the blue-printing of their SAP implementation. He works largely with Microsoft development, so this is a natural area of interest to him. Still, he has some reservations about Duet at this point in time.
"Based on reading and nothing hands-on, from what I can tell, the feature set is still somewhat limited," Beasley said. "In other words, it seems it may be hard for enterprise to cough up the bucks for a product that will have limited impact and will probably increase support costs in the short term.
What I have not seen from SAP is really how is it cost effective to develop something in Duet versus other environments such as Sharepoint, VS.NET or something more custom to SAP. And what about distribution and management of Duet solutions?"
Fellow SAP professional Sunil Aghi is generally very positive to Duet, but he did point to the Achilles heel of cost. This was something of a common thread as cost and excessive upgrade requirements on the SAP end appears to be the most frequently mentioned concern for SAP professionals.
"I see the success coming gradually, over a medium term horizon of 2-3 years," Aghi said. "[However,] cost, and upgrades, could be a deterrant."
Another question that came up was that of Exchange. What if you don't want to use Exchange? Many companies don't because of security concerns, one reader pointed out.
General distrust of Microsoft and its history of occasionally playing hardball with customers is another sticking point. The old Microsoft vs. Open Source debate appears to be alive and well.
"My biggest worry is that Duet is tied into Microsoft and does not allow for any latitude in the Open Source area (e.g. open office)," said Carl Cavendish-Davies from Barloworld Equipment. "This will heavily influence our decisions here as we are in a three-year cycle of migrating and proving the use of an Open Source Operating System."
So what's the final verdict on Duet? You be the judge! Check out our Special Report: Duet in a nutshell for a rundown of the benefits and technical specs you need to know. Tune into our latest podcast for an interview with Duet skeptic Jim Murphy of AMR Research. Then test your Duet knowledge in our Quiz: Duet 101.
Matt Danielsson, Editor
I recently interviewed Jim Murphy, a research director at Boston-based AMR Research Inc. about his recent survey of SAP customers on the jointly developed SAP-Microsoft Duet software. Overall, respondents saw the value that could be gained using the software, which melds SAP data with the familiar front-end Microsoft Office tools. Still, 27 out of 74 survey respondents – had reservations about adopting Duet, according to the AMR survey.
In this podcast, Murphy explains why he believes customers should be cautious about the costs and long-term viability of Duet.
We are pleased to bring to you the SAP Exchange Infrastructure (XI) All-In-One guide. SAP XI is one of the mandatory four components that make up the NetWeaver platform. SAP XI is used for B2B and application-to-application integration. Consider it a superhighway for all enterprise advanced communications. Not only does SAP XI connect systems within an organization and among third-party vendors, but it also houses SAP's Business Process Management (BPM) unit and is a launching point for the service-oriented architecture. Check out some examples:
My version of 'XI 3.0 for Dummies'
What is the future of ALE/EDI and IDocs, in light of XI
Why BPM is good for you
This SAP XI All-In-One guide is your one-stop reference for all things SAP XI. Bookmark this guide because as NetWeaver and XI continue to grow, so will this guide.
AMR Research recently surveyed a group of SAP customers who were familiar with the new Microsoft-SAP Duet software and came out with some interesting albeit very preliminary results.
There aren’t a lot of users because Duet has only been made generally available for less than a year. But already Lotus Notes users are debating the viability of the product as well as SAP’s integration with Notes. Notes has many of the same scenarios covered by Duet.
The AMR survey found that at best only about 29% of customers surveyed have the software and hardware requirements in place for specific Duet scenarios. The Lotus folks are arguing that Notes can be installed and integrated with SAP at a lower cost and without upgrading to the latest version of SAP.
In addition, 27 out of 74 survey respondents – had reservations about adopting Duet, however. Some cited the need to upgrade to the latest version of SAP, some saw substantial hidden costs, and others were using IBM's Lotus Notes for groupware processes.
SAP clearly isn’t yet making the case that Lotus users should even consider Duet. The majority of its user base are Microsoft Outlook users. And I’m not sure it’s SAP’s aim to target IBM’s Lotus Notes users with Duet.
I asked the question of whether a Lotus Notes user would see enough value in Duet to make the switch. SAP’s Kevin Fliess said that it would be an evaluation over groupware and went on to tout the various Duet scenarios. I don’t think it’s a question of which integrates better with SAP – Duet or Notes. If you are an SAP-Lotus shop, chances are you’ll look into its SAP integration features. If you are a Microsoft shop, you’ll look into Duet.
Over the years, we've taken our fair share of jabs at SAP for being overly complex, bogged down with acronyms and seemingly always being a few steps ahead and out of sync with many customers. Sure enough, SAP has always been somewhat intimidating, and we did some head-scratching over how SAP was going to accomplish it's very ambitious small- and midmarket push that was announced earlier this year. How are you going to convince a small mail order firm or local coffee shop chain that SAP will make life better than, say a Microsoft Dynamics solution?
Well, it seems like SAP is starting to get it. Yesterday, a Business Week story reported on the simplification of Business One, where both implementation and management have been streamlined enough that we now seem to be hitting that magic tipping point where the practical benefits of SAP outweighs the hassle. Costs are being pushed down too — less than $10,000 for a complete Business One installation is not out of reach for a small company once you factor in the productivity gains and overhead savings. Business One's big brother, All-in-One, is also making rapid strides.
So SAP is making headway on its aggressive downstream push. That's fine and dandy, but the obvious question is, what's going to happen with the Microsoft relationship? In the top end of the market, SAP and Microsoft are quite chummy. Duet is gaining a lot attention. Rightfully so, if you ask me, since it's a cool technology and it seems like a strategically correct path at least for SAP. When asked whether there are more joint SAP-Microsoft products on the horizon, Shai Agassi wouldn't commit to anything but clearly left the door open: "We'll see how Duet plays out — if it's successful, we may look into other areas." That sounds pretty promising to me.
For the small- and midsize market, things get more interesting. Joshua Greenbaum wrote about this in a recent column, pointing to the cautious dance the two are currently engaged in. What's going to happen when Dynamics GP, AX, NAV and so forth get rolled into one single product in 2008? Will Microsoft continue to sit idly by watching SAP bag the fattest account? Doesn't seem like the 'softie style. We're already seeing some headlines pop up hinting of things to come. Microsoft was careful to use diplomatic wording when it ditched SAP in favor of Dynamics for it's Home and Entertainment division, but they couldn't resist plugging the" two-to-four times cheaper" angle in their announcement. Shortly thereafter, military supplier BlackHawk chose Dynamics over SAP because of simplicity and ease of integration. When the new version of Dynamics AX was released in June this year, cost and ease of use came up once again.
There's potential for great things, and there's potential for war. Only time will tell how this is going to play out, but there's potential upside for SAP and Microsoft users alike. In the mean time, we're going to look into the more practical aspects of just how Dynamics stack up against SAP's All-in-One.
In October this year, we will have two experts argue the case for All-in-One vs. Dynamics in a side-by-side face-off column. Those of you who followed the SAP vs. Oracle face-off between Josh Greenbaum and Faun deHenry earlier this year will recognize the format; we aim to move beyond marketing dogma and take a hard look at the practical, real-life pros and cons of either solution so that users can make the best choice for their companies. We have veteran expert Axel Angeli spearheading the All-in-One side of the argument, so expect the gloves to be off. Stay tuned!
Additional pay for IT certifications and non certified skills is being incorporated into workers’ base salaries, according to the latest research from New Canaan, Conn.-based job research firm, Foot Partners. David Foote, CEO of Foote Partners, said such salary-based tech skills pay allows employers to pay employees for skills that match actual on the job responsibilities.
Foote is well known for his firm’s hot technical skills and certification pay index. So far, 51% of 54,000 IT pros surveyed are receiving technology-related skill pay in their compensation packages, according to Foote’s firm.
Every category of non certified skills showed positive annual growth, according to Foote. The firm’s latest quarterly research covers the period of April 1 through July 1.
Among the fastest growing non certified skill areas:
- Enterprise business applications
- Application development tools
- Networking and communications
Some specific areas that are hot: NetWeaver; SAP modules: Payroll, PS, HR, SD, CA, CO, FI; and Oracle enterprise applications. WebSphere, SUN Java System Messaging Server and Microsoft .NET skills were also big performers.
Certifications are also paying well according to Foote. “Certifications continue to be worth more on average for IT workers who choose to make the effort to obtain them,” Foote said in his report.
Among the fastest growing certified skill areas:
- Apps development
Non certified skills are growing at a faster rate than certified skills. Still, employers are looking at how an applicant has used his or her skills. To get that job, you have to demonstrate you can use the skills you place on your resume.
SearchSAP will be covering Foote's research over the next week or so. Stay tuned.
Our ever-popular mySAP HR Learning Guide just had a makeover. The layout scheme has been overhauled for easier navigation and readability, valuable content was re-positioned for a more top-down approach and, of course, new content has been added to keep you sharp and up to date. Take a peek:
- Certification Tip: SAP Human Resources (HR) Configuration Course
- White Paper: Handling the challenges of change management in SAP HCM implementations
- Tip: Structural Authorizations in HR
Human resource management is never going to get smaller or easier. In fact, human capital is the most valuable raw material we have. Take advantage of our comprehensive HR Learning Guide and keep your personnel professional.
Juli – Assistant Editor
SAP jobs and certifications have always been hot topics on SearchSAP.com. Our veteran career guru Jon Reed receives hundreds of questions from readers every month about everything from future job trends and ways for getting into a new functional area to basic certifications and tips on how to avoid the outsourcing ax. We also have a number of helpful guides and resources on how to break into SAP, how to become an independent consultant, where to turn for finding that special niche and so on.
Well, now we've gathered it all in a one-stop-shop feature: the SAP Jobs info center! Here you have fresh tips, relevant news stories, guides and of course the ever-present wisdom of Jon Reed to help you move up the SAP ladder. Browse it today, and check back as we're adding new features every day!
A number of job recruiters and SAP consultancies say they are having trouble finding their clients the right experts to manage SAP projects.
Activity is picking up with some SAP customers choosing to upgrade to take full use of NetWeaver and mySAP ERP 2005. Other SAP firms are adding a variety of SAP applications, fueling a need for SAP pros with customer relationship management knowledge, master data management expertise and SAP Exchange Infrastructure (SAP XI) skills.
The result could be costly project delays for some companies, according to AMR Research.
Some firms thought they could rely on India to fill in the gap of qualified experts, but a job recruiter and SAP consultant told me the number of qualified personnel in India is also limited. Another job recruiter said that SAP projects seem to come in waves throughout the year, making tracking down the right qualified applicants for positions all the more difficult.
I’ll update this post with a link to a news story on this issue at SearchSAP.com.
I’m interested in hearing your experiences here. Has the SAP job market for consultants made a full turnaround? What areas are hot? And why do SAP pros appear to be falling behind the latest SAP technologies?
****Update: Check out the latest news story: SAP firms struggle to find experts