Upload
ashlynn-strickland
View
233
Download
3
Tags:
Embed Size (px)
Citation preview
Jim ThorstadTechnical Director, WebFOCUS Product Management
WebFOCUS 8: Technical Overview
1
July 2012 Update
Agenda
Introducing WebFOCUS 8ArchitectureSecurity ModelEnhancement HighlightsMigrating to WebFOCUS 8
2
Introducing WebFOCUS 8
3
What is WebFOCUS 8?Understanding Middle-tier vs. Server-tier Components
4
WebFOCUS Client
Managed Reporting
ReportCaster
BI Portal/Dashboard
WebFOCUS Report Server
Report Server 7.7.04+
Users Data
WebFOCUS 8.0.00
WebFOCUS 8 Updates the Middle-tier
Why Did We Create WebFOCUS 8?A Strategic Platform Initiative
5
EnterpriseBI SaaS
SmallBusiness
WebFOCUS ExpressTM
WebFOCUS 8 Supports Information BuildersCustomers Across Four Key Markets
WebFOCUS Version 8
WebFOCUS Version 8 Platform
IBM DB2 Web QueryTM
OEM
Why Did We Create WebFOCUS 8?What’s Common Across these Markets?
WebFOCUS 8 Platform
Enterprise BI
SaaS
WF Express
Web Query
A rich customizable portal
Easy to use tools
A fine-grained security model
Integrate with external systems
Easy to administer
A migration path
6
WebFOCUS Client and Managed Reporting Integrated repositoryFine-grained security modelExternal security integration
What is Included in WebFOCUS 8Marquee Features
Business Intelligence PortalRich interface for content & collaborationDrag-and drop and live previewPage-level security
7
InfoAssistRich interface for creating reports & graphsRibbon-style interface replaces Java appletHTML5 charts and a dozen new features
What is Included in WebFOCUS 8Marquee Features
ReportCasterFull integration with WebFOCUS 8Ribbon-style interface replaces Java appletGroup schedule administration
8
What’s New in WebFOCUS Report Server 7.7.04Released April 2012
Ribbon-based ConsoleOver 110 Enhancements
Language (22)Active Technology (6)Server and Console (29)Adapters (30)DataMigrator (19)Resource Analyzer/Gov (5)
Required by WebFOCUS 8.0
9
http://documentation.informationbuilders.com/masterindex/html/html_wf_7704/snfhilit/snfhilit.pdf
WebFOCUS 8 Architecture
10
WebFOCUS 8 ArchitectureIntegrated Repository
11
Application Directories
MetadataUploaded Data
WebFOCUS 8 Repository
WebFOCUS Client
Managed Reporting
BI Portal
ReportCaster
WebFOCUS Report Server
UsersGroupsSecurity
ReportsSchedules
Content
RC Distribution
Server
WebFOCUS 8 ArchitectureContent is Accessed via the IBFS Service Layer
WebFOCUS 8 Repository
IBFS Service LayerHTT
P Se
rvic
e
12
Core WFMR/BIP/RC
ReportCaster uses an IBFS Service API to access report procedures in the repository
Eliminates problematic HTTP requests to the web tier
Information Builders File SystemWebFOCUS 8 Architecture Is Built Around IBFS IBFS Service Layer – Internal Subsystem IBFS Path – an Object Addressing Scheme
13
IBFS paths used in drill-down links, schedules, security rules
For backward compatibility, migrated content can still be accessed via HREF properties
Information Builders File SystemIBFS is All-Encompassing
IBFS Used to ReferenceReports, portal pages Schedules, outputUsers, groupsReport Servers
14
IBFS governs access to
everything
IBFS is Hierarchical and EnablesSecurity policy inheritanceGroup nestingFull control over content
organization
Information Builders File SystemIBFS Enables Full Control of Content Organization
15
Mandatory folders in 7x are migrated “as is”
… but are no longer required in 8.0
Reports, reporting objects, and library
output can be deployed in the
same folder
Folder depth not limited to one sub-folder
RC Distribution Server
WebFOCUS 8 High-level ArchitectureRunning Report Requests
WebFOCUS 8 Repository
IBFS Service LayerHTT
P Se
rvic
e
JLINK
WebFOCUS Report Server
Scheduled Jobs
Web Requests
16
Core WFMR/BIP/RC
ReportCaster runs scheduled reports through JLINKWebFOCUS runs interactive requests through IBFS
RC Distribution Server
WebFOCUS 8 High-level ArchitectureMoving ReportCaster Distribution Server Off JLINK
IBFS Service Layer
WebFOCUS Report Server
Scheduled Jobs
17
On the Roadmap (post 8.0.01)Enables Passing of WF8 Groups to
the ServerUse server group profiles with
scheduled jobs IBI_WFRS_Passthrough_Groups=ALL
Enables site.wfs Processing <set> wfvariable (pass) Use WF Variables in scheduled jobs
WebFOCUS 8 Security Model
18
Why a New Security Model?Customer Feedback Related to WebFOCUS 7x
Managed Reporting Role Security was LimitingOnly 5 base roles and 9 permissionsOne role for all Domains
Domain Security Model was LimitingCouldn’t customize security on sub-folders
Content Sharing was LimitingCouldn’t share with specific people
Challenging for Multi-tenancy SaaS DeploymentsCouldn’t allow sharing in a common Domain—user’s
would see content from other tenantsDilemma: abandon common domain or drop sharing?
19
WebFOCUS 8 Addresses These Challenges!
WebFOCUS 8 Security ModelKey Concepts
Security Rule, which Binds Together…Subjects – objects that can be authorizedPermissions – capabilities that can be assignedResources – objects that can be securedAccess – type of the rule: permit, deny, etc.Apply To – scope of the rule: folder, folder & children,
children onlyPermission Set – Collection of Permissions
Simplifies Rule CreationSecurity Policy – Collection of Security RulesEffective Policy – Evaluation of the Security Policy
Bob has permissions A, B, C on resource X
20
WebFOCUS 8 Security Model Understanding Group Membership
Policy Evaluation Includes Processing of a User’s:Explicitly assigned groups Implicit groups
21
• Bob is assigned to the Sales Basic Users group
Bob
• Sales Basic Users is nested under Sales
• Bob implicitly belongs to Sales
• Rules associated with both groups apply to Bob
WebFOCUS 8 Security Model Simple Security Policy with 3 Rules
22
Subject Action Permission Set Resource Scope
Sales Group Permitted ShareWithGroup Sales Group Folder & Children
Sales Developers
Permitted Developer Role Sales Folder Folder & Children
Sales Group Administrators
Permitted Manage Groups Sales Group Folder & Children
Note that groups (and users) are unique in that they can be both Subjects and Resources
WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Users & Groups Tab
23
WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Permission Sets Tab
24
WebFOCUS 8 Security Model Creating Security Rules
25
Select any IBFS resource and then clickSecurity > Rules…
WebFOCUS 8 Security Model Creating Security Rules – Security Rules Dialog
26
You select a subject
Dialog shows the resource
Then the permission set,
access type and scope
Click OK tocreate the rule(s)
WebFOCUS 8 Security Model Security > Rules on this Resource…
27
Rules on this Resource dialog answers the question: “Who has access to this resource?”
WebFOCUS 8 Security ModelWebFOCUS 8 Global Groups
28
Consider Using Global Groups Carefully
Through inheritance global groups have access to everything in the repository
WebFOCUS 8 Security Model Benefits
29
Flexible Security ModelOver 150 assignable permissionsCan develop custom permission sets
Sub-Groups and Inheritance Simplify Policy CreationEasy to Use Tools to Create and Verify Security PoliciesMakes it Possible to Support Many Different Deployment
Requirements
WebFOCUS 8 Enhancement Highlights
30
WebFOCUS 8 Enhancement Highlights
31
Resource TemplatesPrivate Content, Publishing, and Content SharingLocalizationLicensingAuthorization Mapping
Resource TemplatesThe Deployment Challenges Facing Administrators
32
What are our security requirements?How do I design and implement a security policy?How long will it take to create security rules?What best practices should I be aware of?Where do I start?
Resource TemplatesSimplifying the Creation of Security Policies
33
Resource Templates Automate the Creation ofGroups, resources, permission sets, security rules
Information Builders Provides Sample TemplatesPredefined policies for specific business requirementsBest practice policy designGood place to start
The Domain templates
prompt for name & title
Select a template
34
Resource TemplatesSimplifying the Creation of Security Policies
The template creates predefined folders, groups, and permission sets
35
Resource TemplatesSimplifying the Creation of Security Policies
… and security rules
Resource TemplatesSupport Site and Roadmap
36
Latest Templates Available on Support:
Available TemplatesUpdated Domain templatesSaaS-oriented templates
Each Template IncludesRelease Notes with installation steps, limitationsPolicy design worksheet that describes rule definitions
and permission setsCreate Your Own Templates
Plan to document the process in 8.0.01
https://techsupport.informationbuilders.com/tech/wbf/v8templates/wbf_8_resource_templates.html
Private Content, Publishing, and SharingFully Configurable My Content Folders
37
Folder Property Enables Support for My Content
Assignable Permission Determines Who Gets One
Private content, created and saved by a user to their My Content folder
Private Content, Publishing, and SharingPrivate Content: Simplified Content Deployment
38
All Content Initially Created as PrivateDoesn’t inherit security rules from aboveVisible only to ownerAdministrators with Manage Private Resources can
access private contentAuthorized Users Can Create New Content “In-Place”
In 8.0.00 private content, created by a developer is displayed in a non-bold font
Private Content, Publishing, and SharingPrivate Content: Simplified Content Deployment
39
All Content Initially Created as PrivateDoesn’t inherit security rules from aboveVisible only to ownerAdministrators with Manage Private Resources can
access private contentAuthorized Users Can Create New Content “In-Place”
In 8.0.01 all content is non-bold and private content is indicated with a grayscale overlay on the icon
Private Content, Publishing, and SharingPublishing Private Content
40
Published Items Become System-Managed Inherit security rules from aboveCreate, Publish & Un-Publish are separately assignable
Offers Flexible Alternatives to Formal Change Control That require isolated DEV/TEST/PROD environments
Particularly Useful in SaaS DeploymentsFormal change control not practicalTenant developers can work out of view from usersPublishing to users is simple IBFS paths don’t change
Consider Developing In-Place with Private Content
Private Content, Publishing, and SharingContent Sharing Enhancements
41
Complete Control Over Content Sharing Share – simple sharing determined by WebFOCUS Share with – user determines who to share with
Configurable Policy Determines Available Users/Groups
Shared content
Assignable sharing options
Enhanced Shared Content ViewOnly Users with Shared Content are Displayed
Other Security Enhancements
For Customers Using Internal AuthenticationStrong Encryption for PasswordsConfigurable Password Policies
Built-in User and Administrative Activity Auditing
42
[2012-05-30 08:30:13,267] INFO groups ed214e45667f0f1
thoja13 addUserToGroup SUCCESS user:smija03 (314568704)
group:IBFS:/SSYS/GROUPS/Retail/Developers (614187006)
This user
Used this API
To move this user
Into this group
Authorization MappingKey Requirement for Enterprise & SaaS Deployments
43
What If We Use LDAP/AD for Authorization?The user’s group membershipsA custom attribute on the user entry
LDAP/AD Groups User Attribute
LDAP/AD Authorization Mapping is Built-in to WebFOCUS 8
Authorization MappingLDAP/AD Authorization Mapping Built-in to WebFOCUS 8
44
Administrator Maps the Value to a WebFOCUS GroupResource Templates Can Configure the Mapping (8.0.01)
Group DN or attribute value is mapped to WF group
LDAP Authorization MappingPowerful Integration for Enterprise & SaaS Deployments
45
User accounts are automatically created during sign-on
Mapped WebFOCUS groups have a link icon
Localizable Content TitlesA Complete Solution for Localized Applications
46
User sees label based on their language preference
Repository data can be localized
WebFOCUS 8 Client LicenseNew for WebFOCUS 8
47
Enforces Licensed OptionsFeatures: BI Portal, InfoAssist, ReportCaster, etc.Managed Reporting user count InfoAssist user count (future release)
Work with Customer Support/Account TeamMake sure your site code (XXXX.nn) reflects your products
Migrating to WebFOCUS 8
48
Migrating to WebFOCUS 8Built-in Utilities to Simplify the Process
Utility Migrates 7x ContentReportCaster ContentManaged Reporting ContentDashboards
Dashboard Conversion to BI PortalsNot Automatic
User Experience and Policies Preserved Identical folder structure Identical security policy
49
7x
8.0
Migrating to WebFOCUS 8Understanding the Security Policy for Migrated Content
50
7x Security Policies are Replicated in WebFOCUS 8.0The User Default Role feature is enabled
User Default Role tab is
enabled
Special permission sets are configured on the user
Special User Default Role (UDR) Rules Connect Migrated Groups to Migrated Domain folders
Migrating to WebFOCUS 8Managed Reporting Realm Driver
WebFOCUS 8 Does Not Include Realm Driver External authentication & authorization support is built-in
Using Realm Driver for Authentication Only? Simply configure authentication in WebFOCUS 8 Console
51
Migrating to WebFOCUS 8Managed Reporting Realm Driver Configurations
Using Realm Driver for Authorization? During migration, external authorization data is read UDR security policies are created Effective security policy is identical after migration However, WebFOCUS 8 no longer looks at external data
52
Migrating to WebFOCUS 8Managed Reporting Realm Driver Migration Planning
What If I Need to Authorizing to External Data?LDAP or Active Directory
Switch to the LDAP mapping featureRDBMS
SQL updates to WebFOCUS 8 repository not supported RDBMS mapping feature (roadmap) Use RESTful web services (planned for 8.0.01)
Custom Security Java plug-in interface for authN/authZ mapping (roadmap)
53
Please create a support case to get assistance with any migration topic
Summary
54
WebFOCUS 8 Technical OverviewSummary
Rich Portal and Tool InterfacesReplace Dashboard and Java Applet UIs
Integrated Repository Based on IBFSSingle fully localizable repository for MR, BIP, RCFull control of content organization and security policyResource templates simplify security policy creation
Enhanced Content Publishing and SharingExternal Authorization Built-inWebFOCUS 8.0.00 Requires 7.7.04 Report ServerMigration Utilities Streamline Upgrade
55
56
Thank you!