Once the new configurations are deployed, the SSH Tectia Client software on the workstations transparently captures the SAP GUI traffic and forwards it in an authenticated and encrypted tunnel to the SSH Tectia Server software running on the SAP Application Server. See Figure 5.17.
SSH Tectia Server then decrypts the traffic and forwards it to the SAP Server software on the server host. All return traffic is also routed through the tunnel. No configuration changes need to be made in the SAP software running on the workstations or on the SAP Application Server host. Connections other than those defined in the SAP application definition are not affected and they are transmitted as plaintext.
SSH Tectia Server status monitoring and log gathering are described in SSH Tectia Server Status Monitoring and Log Gathering.