Embed Size (px)
DESCRIPTION
WebFOCUS 8: Technical Overview. Jim Thorstad Technical Director, WebFOCUS Product Management. Agenda. WebFOCUS 8 Architecture Security Model Enhancement Highlights Demo Q & A. WebFOCUS 8 Architecture. What is WebFOCUS 8? Understanding Middle-tier vs. Server-tier Components. - PowerPoint PPT Presentation
Citation preview
Jim ThorstadTechnical Director, WebFOCUS Product Management
WebFOCUS 8: Technical Overview
1
Agenda
WebFOCUS 8 ArchitectureSecurity ModelEnhancement HighlightsDemoQ & A
2
WebFOCUS 8 Architecture
9
What is WebFOCUS 8?Understanding Middle-tier vs. Server-tier Components
10
WebFOCUS Client
Managed Reporting
ReportCaster
BI Portal/Dashboard
WebFOCUS Report Server
Report Server 7.7.04+
Users Data
WebFOCUS 8.0
WebFOCUS 8 Updates the Middle-tier
Report Server 8.0.01+WebFOCUS 8.0.01
WebFOCUS 8 ArchitectureIntegrated Repository
11
Application Directories
MetadataUploaded Data
WebFOCUS 8 Repository
WebFOCUS Client
Managed Reporting
BI Portal
ReportCaster
WebFOCUS Report Server
UsersGroupsSecurity
ReportsSchedules
Content
Information Builders File SystemWebFOCUS 8 Architecture Is Built Around IBFS IBFS Service Layer – Internal Subsystem IBFS Path – an Object Addressing Scheme
12
IBFS paths used in drill-down links, schedules, security rulesFor backward compatibility, migrated content can still be accessed via HREF properties
Information Builders File SystemIBFS is All-EncompassingIBFS Used to Reference
Reports, portal pages Schedules, outputUsers, groupsReport Servers
13
IBFS governs access to everything
IBFS is Hierarchical and EnablesSecurity policy inheritanceGroup nestingFull control over content
organization
Information Builders File SystemIBFS Enables Full Control of Content Organization
14
Mandatory folders in 7x are migrated “as is”
… but are no longer required in 8.0
Reports, reporting objects, and library
output can be deployed in the
same folder
Folder depth not limited to one sub-folder
RC Distribution
Server
WebFOCUS 8 ArchitectureAll Content is Accessed via the IBFS Service Layer
WebFOCUS 8 Repository
IBFS Service LayerHT
TP S
ervi
ce
15
Core WFMR/BIP/RC
ReportCaster uses an IBFS Service API to access report procedures in the repository
Eliminates problematic HTTP requests to the web tier
WebFOCUS 8 High-level ArchitectureRunning Report Requests
WebFOCUS 8 Repository
IBFS Service LayerHT
TP S
ervi
ce
WebFOCUS Report Server
Web Requests
16
Core WFMR/BIP/RC
User ID and Groups can be passed to the Server:• Connection=Trusted/IBIMR_user• IBI_WFRS_Passthrough_Groups=ALL
WebFOCUS runs interactive requests through IBFS
u=jim, g=Tenant22
WebFOCUS 8 Security Model
19
Why a New Security Model?Customer Feedback Related to WebFOCUS 7xManaged Reporting Role Security was Limiting
Only 5 base roles and 9 permissions One role for all Domains
Domain Security Model was Limiting Couldn’t customize security on sub-folders
Content Sharing was Limiting Couldn’t share with specific people
Challenging for Multi-tenancy SaaS Deployments Couldn’t allow sharing in a common Domain—user’s would
see content from other tenants Dilemma: abandon common domain or drop sharing?
20
WebFOCUS 8 Addresses These Challenges!
WebFOCUS 8 Security ModelBasic Security ConceptsSecurity Rules Connect…
Subjects – groups/users to authorize Roles – collection of privileges Resources – objects to secure Access – type of rule: permit, deny, ... Apply To – scope of rule: folder, folder & children, ...
Security Policy – Collection of Security RulesEffective Policy – Evaluation of the Security Policy
Bob has privileges A, B, C on resource X Takes into account rule inheritance, rule conflicts, group
membership, user-specific rules (if any)
21
The Security Model in WebFOCUS 8 Provides Complete Control of Your Security Policies
WebFOCUS 8 Security Model Understanding Group MembershipPolicy Evaluation Includes Processing of a User’s:
Explicitly assigned groupsImplicit groups
22
• Therefore Bob implicitly belongs to Sales…
• And the rules associated with both groups apply
• Bob is assigned to the Sales Basic Users group
Bob
explicit
• Sales Basic Users belongs to Sales Group
implicit
WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Users & Groups Tab
23
WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Roles Tab
24
WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Role Customization
25
Select all or a portion of the privileges within each category
Choose whether users select a Master File or Reporting Object with InfoAssist
Choose whether users can upload a spreadsheet to the Reporting Server
WebFOCUS 8 Security Model Creating Security Rules
26
and then Security > Rules…
Select any IBFS resource …
WebFOCUS 8 Security Model Creating Security Rules – Security Rules Dialog
27
You select a subject…
The resource
…role, type, and scope
Click OK tocreate rule(s)
WebFOCUS 8 Security Model Managing Your Security Policies
28
Rules on this Resource answers: “Who can access this?”
WebFOCUS 8 Security Model Managing Your Security Policies
29
Rules for this Group answers: “What does this group have access to?”
WebFOCUS 8 Security ModelUnderstanding the Built-in Global Groups
30
Consider Using Global Groups Carefully
Global groups have access to all content through inheritance
WebFOCUS 8 Security Model Benefits
31
Flexible Security ModelOver 150 assignable privilegesYou can develop custom roles
Sub-Groups and Inheritance Simplify Policy CreationTools simplify Creation and Management of PoliciesPossible to Address Enterprise and SaaS MarketsPossible to Address Each Customer’s Unique Needs
WebFOCUS 8 Enhancement Highlights
32
WebFOCUS 8 Enhancement Highlights
33
Resource TemplatesPrivate Content, Publishing, and Content SharingLocalizationLicensingAuthorization Mapping
Resource TemplatesThe Deployment Challenges Facing Administrators
34
What are our security requirements?How do I design and implement a security policy?How long will it take to create security rules?What best practices should I be aware of?Where do I start?
Resource TemplatesSimplifying the Creation of Security Policies
35
Resource Templates Automate the Creation ofFolders, portals, groups, roles, security rules
WebFOCUS 8.0.01 Includes Two Resource Templates:Enterprise Domain templateSaaS Tenant Domain template
Resource TemplatesSimplifying the Creation of Security Policies
36
The Enterprise Domain Template Creates:1 Domain-specific Folder,
Portal, and Group4 Sub-groups21 Domain-specific Rules8 Configurable Roles
Resource TemplatesSimplifying the Creation of Security Policies
37
The SaaS Tenant Template Creates the Same Things PlusA Common folder
The EVERYONE group is hidden
Resource TemplatesSimplifying the Creation of Security PoliciesThe template also creates the required security rules
38
Resource TemplatesSupport Site and Roadmap
39
Latest Information on Templates:
Download the Policy Design WorksheetUse this to plan your custom deployment
Roadmap: Create Your Own Templates
https://techsupport.informationbuilders.com/tech/wbf/v8templates/wbf_8_resource_templates.html
Private Content, Publishing, and SharingPrivate Content
40
All Content Initially Created as Private Visible only to owner Doesn’t inherit security Administrators with Manage Private Resources can access
private contentAuthority to Create Private Items Outside of a My
Content Folder Can be Assigned
In 8.0.01 private content is indicated with a grayscale overlay on the icon
Private Content, Publishing, and SharingPublishing Private Content
41
Authorized Users Can Publish a Private Resource Published resources inherit security rules from parent Create, Publish & Un-Publish are separately assignable
Contrast with Formal Change Control Model Isolated DEV/TEST/PROD environments Developers don’t have write access to TEST/PROD
But a Useful Alternative in SaaS Deployments SaaS tenant developers only interact with PROD Tenant developers can work out of view from users Publishing completed reports is simple IBFS paths don’t change
Consider Developing In-Place with Private Content
Private Content, Publishing, and SharingMy Content Folders
42
End-Users Need to Create Resources in Production This is facilitated by special My Content folders
A Folder Property Enables Support for My Content
Assignable Privilege Determines Who Gets One
Private content, created and saved by a user to their My Content folder
Private Content, Publishing, and SharingContent Sharing
43
Complete Control Over Content Sharing Share – simple sharing determined by WebFOCUS Share with – user determines who to share with
Configurable Policy Determines Available Users/Groups
Shared content
Assignable sharing options
Enhanced Shared Content View Only Users Sharing Content are Shown
Authorization MappingKey Requirement for Enterprise & SaaS Deployments
44
What if you Manage Authorizations in LDAP/AD via…The user’s group membershipsA custom attribute on the user entry
Groups in AD/LDAP User Attribute in Oracle LDAP
Authorization Mapping is Built-in to WebFOCUS 8
Authorization MappingKey Requirement for Enterprise & SaaS Deployments
45
Administrator Maps the Value to a WebFOCUS GroupResource Templates Can Configure the Mapping
Group DN or user attribute value is mapped to WF group
LDAP Authorization MappingKey Requirement for Enterprise & SaaS Deployments
46
User accounts are automatically created during sign-on
Mapped WebFOCUS groups have a link icon
Other Security EnhancementsPassword Policies, Auditing For Customers Using Internal Authentication
Strong encryption for password hashes Configurable password policies
Built-in Protection from Web VulnerabilitiesBuilt-in User and Administrative Activity Auditing
47
[2012-05-30 08:30:13,267] INFO groups ed214e45667f0f1
thoja13 addUserToGroup SUCCESS user:smija03 (314568704)
group:IBFS:/SSYS/GROUPS/Retail/Developers (614187006)
This user
Used this API
To move this user
Into this group
Localizable Content TitlesA Complete Solution for Localized Applications
48
User sees label based on their language preference
Repository data can be localized
WebFOCUS 8 Client LicenseNew for WebFOCUS 8
49
Enforces Licensed Options Features: BI Portal, InfoAssist, ReportCaster, etc. Managed Reporting user count InfoAssist user count (future release)
Work with Customer Support/Account Team Make sure your site code (XXXX.nn) reflects your products
Migrating to WebFOCUS 8
50
Migrating to WebFOCUS 8Built-in Utilities to Simplify the ProcessUtility Migrates 7x Content
ReportCaster ContentManaged Reporting ContentDashboards
Dashboard Conversion to BI PortalsNot Automatic
User Experience and Policies Preserved Identical folder structure Identical security policy
51
7x
8.0
52
Understanding a Migrated PolicyMR7x to WF8MR 7x users had only a single role and optionally a
few extra privilegesThe role was defined on the userMigration creates a policy with this same behaviorRequires the User Default Role (UDR) Setting
53
Understanding a Migrated PolicyMR7x to WF8Sets special system Roles between migrated Groups
and Domain folders
54
Understanding a Migrated PolicyMR7x to WF8Enables Default Role tab on the user accountHere the user’s 7x “role” and “privileges” are definedThey apply to all Domain folders
Summary
58
WebFOCUS 8 Technical OverviewSummary
Rich Portal and Tool Interfaces Replace BI Dashboard and Java Applet UIs
Integrated Repository Based on IBFS Unified, fully localizable repository for MR, BIP, RC Full control of content organization and security policy Resource Templates simplify security policy creation
Enhanced Content Publishing and SharingExternal Authorization Built-inMigration Utilities Streamline UpgradeWebFOCUS 8.0.01 requires 8.0.01 Report Server
59
60
Thank you!
