WebFOCUS 8: Technical Overview Jim Thorstad Technical Director, WebFOCUS Product Management July 2012 Update 1 Agenda Introducing WebFOCUS 8 Architecture Security Model Enhancement Highlights Migrating to WebFOCUS 8 2 Introducing WebFOCUS 8 3 What is WebFOCUS 8? Understanding Middle-tier vs. Server-tier Components WebFOCUS 8 Updates the Middle-tier WebFOCUS Client Managed Reporting WebFOCUS Report Server ReportCaster Users BI Portal/Dashboard Data WebFOCUS 8.0.00 + Report Server 7.7.04 4 Why Did We Create WebFOCUS 8? A Strategic Platform Initiative WebFOCUS 8 Supports Information Builders Customers Across Four Key Markets Enterprise BI SaaS WebFOCUS Version 8 Small Business OEM WebFOCUS ExpressTM IBM DB2 Web QueryTM WebFOCUS Version 8 Platform 5 Why Did We Create WebFOCUS 8? What’s Common Across these Markets? A rich customizable portal Enterprise BI Easy to use tools SaaS A fine-grained security model WF Express Integrate with external systems Web Query Easy to administer A migration path WebFOCUS 8 Platform 6 What is Included in WebFOCUS 8 Marquee Features WebFOCUS Client and Managed Reporting Integrated repository Fine-grained security model External security integration Business Intelligence Portal Rich interface for content & collaboration Drag-and drop and live preview Page-level security 7 What is Included in WebFOCUS 8 Marquee Features InfoAssist Rich interface for creating reports & graphs Ribbon-style interface replaces Java applet HTML5 charts and a dozen new features ReportCaster Full integration with WebFOCUS 8 Ribbon-style interface replaces Java applet Group schedule administration 8 What’s New in WebFOCUS Report Server 7.7.04 Released April 2012 Ribbon-based Console Over 110 Enhancements Language (22) Active Technology (6) Server and Console (29) Adapters (30) DataMigrator (19) Resource Analyzer/Gov (5) Required by WebFOCUS 8.0 http://documentation.informationbuilders.com/ masterindex/html/html_wf_7704/snfhilit/snfhilit.pdf 9 WebFOCUS 8 Architecture 10 WebFOCUS 8 Architecture Integrated Repository WebFOCUS Client Managed Reporting WebFOCUS Report Server BI Portal ReportCaster Reports Schedules Content Users Groups Security WebFOCUS 8 Repository Metadata Uploaded Data Application Directories 11 WebFOCUS 8 Architecture HTTP Service Content is Accessed via the IBFS Service Layer Core WF MR/BIP/RC RC Distribution Server IBFS Service Layer ReportCaster uses an IBFS Service API to access report procedures in the repository WebFOCUS 8 Repository Eliminates problematic HTTP requests to the web tier 1 Information Builders File System WebFOCUS 8 Architecture Is Built Around IBFS IBFS Service Layer – Internal Subsystem IBFS Path – an Object Addressing Scheme IBFS paths used in drill-down links, schedules, security rules For backward compatibility, migrated content can still be accessed via HREF properties 13 Information Builders File System IBFS is All-Encompassing IBFS Used to Reference Reports, portal pages Schedules, output Users, groups Report Servers IBFS governs access to everything IBFS is Hierarchical and Enables Security policy inheritance Group nesting Full control over content organization 14 Information Builders File System IBFS Enables Full Control of Content Organization Mandatory folders in 7x are migrated “as is” … but are no longer required in 8.0 Reports, reporting objects, and library output can be deployed in the same folder Folder depth not limited to one sub-folder 15 WebFOCUS 8 High-level Architecture Running Report Requests HTTP Service WebFOCUS runs interactive requests through IBFS ReportCaster runs scheduled reports through JLINK Core WF MR/BIP/RC RC Distribution Server IBFS Service Layer JLINK Scheduled Jobs Web Requests WebFOCUS 8 Repository WebFOCUS Report Server 1 WebFOCUS 8 High-level Architecture Moving ReportCaster Distribution Server Off JLINK On the Roadmap (post 8.0.01) Enables Passing of WF8 Groups to the Server Use server group profiles with scheduled jobs IBI_WFRS_Passthrough_Groups=ALL Enables site.wfs Processing <set> wfvariable (pass) Use WF Variables in scheduled jobs RC Distribution Server IBFS Service Layer Scheduled Jobs WebFOCUS Report Server 1 WebFOCUS 8 Security Model 18 Why a New Security Model? Customer Feedback Related to WebFOCUS 7x Managed Reporting Role Security was Limiting Only 5 base roles and 9 permissions One role for all Domains Domain Security Model was Limiting Couldn’t customize security on sub-folders Content Sharing was Limiting Couldn’t share with specific people Challenging for Multi-tenancy SaaS Deployments Couldn’t allow sharing in a common Domain—user’s would see content from other tenants Dilemma: abandon common domain or drop sharing? WebFOCUS 8 Addresses These Challenges! 19 WebFOCUS 8 Security Model Key Concepts Security Rule, which Binds Together… Subjects – objects that can be authorized Permissions – capabilities that can be assigned Resources – objects that can be secured Access – type of the rule: permit, deny, etc. Apply To – scope of the rule: folder, folder & children, children only Permission Set – Collection of Permissions Simplifies Rule Creation Security Policy – Collection of Security Rules Effective Policy – Evaluation of the Security Policy Bob has permissions A, B, C on resource X 20 WebFOCUS 8 Security Model Understanding Group Membership Policy Evaluation Includes Processing of a User’s: Explicitly assigned groups Implicit groups • Bob is assigned to the Sales Basic Users group • Sales Basic Users is nested under Sales • Bob implicitly belongs to Sales • Rules associated with both groups apply to Bob Bob 21 WebFOCUS 8 Security Model Simple Security Policy with 3 Rules Subject Action Permission Set Resource Scope Sales Group Permitted ShareWithGroup Sales Group Folder & Children Sales Developers Permitted Developer Role Sales Folder Folder & Children Sales Group Administrators Permitted Manage Groups Sales Group Folder & Children Note that groups (and users) are unique in that they can be both Subjects and Resources 22 WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Users & Groups Tab 23 WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Permission Sets Tab 24 WebFOCUS 8 Security Model Creating Security Rules Select any IBFS resource and then click Security > Rules… 25 WebFOCUS 8 Security Model Creating Security Rules – Security Rules Dialog Dialog shows the resource You select a subject Then the permission set, access type and scope Click OK to create the rule(s) 26 WebFOCUS 8 Security Model Security > Rules on this Resource… Rules on this Resource dialog answers the question: “Who has access to this resource?” 27 WebFOCUS 8 Security Model WebFOCUS 8 Global Groups Consider Using Global Groups Carefully Through inheritance global groups have access to everything in the repository 28 WebFOCUS 8 Security Model Benefits Flexible Security Model Over 150 assignable permissions Can develop custom permission sets Sub-Groups and Inheritance Simplify Policy Creation Easy to Use Tools to Create and Verify Security Policies Makes it Possible to Support Many Different Deployment Requirements 29 WebFOCUS 8 Enhancement Highlights 30 WebFOCUS 8 Enhancement Highlights Resource Templates Private Content, Publishing, and Content Sharing Localization Licensing Authorization Mapping 31 Resource Templates The Deployment Challenges Facing Administrators What are our security requirements? How do I design and implement a security policy? How long will it take to create security rules? What best practices should I be aware of? Where do I start? 32 Resource Templates Simplifying the Creation of Security Policies Resource Templates Automate the Creation of Groups, resources, permission sets, security rules Information Builders Provides Sample Templates Predefined policies for specific business requirements Best practice policy design Good place to start The Domain templates prompt for name & title Select a template 33 Resource Templates Simplifying the Creation of Security Policies The template creates predefined folders, groups, and permission sets 34 Resource Templates Simplifying the Creation of Security Policies … and security rules 35 Resource Templates Support Site and Roadmap Latest Templates Available on Support: https://techsupport.informationbuilders.com/tech /wbf/v8templates/wbf_8_resource_templates.html Available Templates Updated Domain templates SaaS-oriented templates Each Template Includes Release Notes with installation steps, limitations Policy design worksheet that describes rule definitions and permission sets Create Your Own Templates Plan to document the process in 8.0.01 36 Private Content, Publishing, and Sharing Fully Configurable My Content Folders Folder Property Enables Support for My Content Assignable Permission Determines Who Gets One Private content, created and saved by a user to their My Content folder 37 Private Content, Publishing, and Sharing Private Content: Simplified Content Deployment All Content Initially Created as Private Doesn’t inherit security rules from above Visible only to owner Administrators with Manage Private Resources can access private content Authorized Users Can Create New Content “In-Place” In 8.0.00 private content, created by a developer is displayed in a non-bold font 38 Private Content, Publishing, and Sharing Private Content: Simplified Content Deployment All Content Initially Created as Private Doesn’t inherit security rules from above Visible only to owner Administrators with Manage Private Resources can access private content Authorized Users Can Create New Content “In-Place” In 8.0.01 all content is non-bold and private content is indicated with a grayscale overlay on the icon 39 Private Content, Publishing, and Sharing Publishing Private Content Published Items Become System-Managed Inherit security rules from above Create, Publish & Un-Publish are separately assignable Offers Flexible Alternatives to Formal Change Control That require isolated DEV/TEST/PROD environments Particularly Useful in SaaS Deployments Formal change control not practical Tenant developers can work out of view from users Publishing to users is simple IBFS paths don’t change Consider Developing In-Place with Private Content 40 Private Content, Publishing, and Sharing Content Sharing Enhancements Complete Control Over Content Sharing Share – simple sharing determined by WebFOCUS Share with – user determines who to share with Configurable Policy Determines Available Users/Groups Enhanced Shared Content View Only Users with Shared Content are Displayed Shared content Assignable sharing options 41 Other Security Enhancements For Customers Using Internal Authentication Strong Encryption for Passwords Configurable Password Policies Built-in User and Administrative Activity Auditing This user Used this API To move this user [2012-05-30 08:30:13,267] INFO groups ed214e45667f0f1 thoja13 addUserToGroup SUCCESS user:smija03 (314568704) group:IBFS:/SSYS/GROUPS/Retail/Developers (614187006) Into this group 42 Authorization Mapping Key Requirement for Enterprise & SaaS Deployments What If We Use LDAP/AD for Authorization? The user’s group memberships A custom attribute on the user entry LDAP/AD Authorization Mapping is Built-in to WebFOCUS 8 LDAP/AD Groups User Attribute 43 Authorization Mapping LDAP/AD Authorization Mapping Built-in to WebFOCUS 8 Administrator Maps the Value to a WebFOCUS Group Resource Templates Can Configure the Mapping (8.0.01) Group DN or attribute value is mapped to WF group 44 LDAP Authorization Mapping Powerful Integration for Enterprise & SaaS Deployments Mapped WebFOCUS groups have a link icon User accounts are automatically created during sign-on 45 Localizable Content Titles A Complete Solution for Localized Applications Repository data can be localized User sees label based on their language preference 46 WebFOCUS 8 Client License New for WebFOCUS 8 Enforces Licensed Options Features: BI Portal, InfoAssist, ReportCaster, etc. Managed Reporting user count InfoAssist user count (future release) Work with Customer Support/Account Team Make sure your site code (XXXX.nn) reflects your products 47 Migrating to WebFOCUS 8 48 Migrating to WebFOCUS 8 Built-in Utilities to Simplify the Process Utility Migrates 7x Content ReportCaster Content Managed Reporting Content Dashboards Dashboard Conversion to BI Portals Not Automatic User Experience and Policies Preserved Identical folder structure Identical security policy 49 Migrating to WebFOCUS 8 Understanding the Security Policy for Migrated Content 7x Security Policies are Replicated in WebFOCUS 8.0 The User Default Role feature is enabled Special User Default Role (UDR) Rules Connect Migrated Groups to Migrated Domain folders Special permission sets are configured on the user User Default Role tab is enabled 50 Migrating to WebFOCUS 8 Managed Reporting Realm Driver WebFOCUS 8 Does Not Include Realm Driver External authentication & authorization support is built-in Using Realm Driver for Authentication Only? Simply configure authentication in WebFOCUS 8 Console 51 Migrating to WebFOCUS 8 Managed Reporting Realm Driver Configurations Using Realm Driver for Authorization? During migration, external authorization data is read UDR security policies are created Effective security policy is identical after migration However, WebFOCUS 8 no longer looks at external data 52 Migrating to WebFOCUS 8 Managed Reporting Realm Driver Migration Planning What If I Need to Authorizing to External Data? LDAP or Active Directory Switch to the LDAP mapping feature RDBMS SQL updates to WebFOCUS 8 repository not supported RDBMS mapping feature (roadmap) Use RESTful web services (planned for 8.0.01) Custom Security Java plug-in interface for authN/authZ mapping (roadmap) Please create a support case to get assistance with any migration topic 53 Summary 54 WebFOCUS 8 Technical Overview Summary Rich Portal and Tool Interfaces Replace Dashboard and Java Applet UIs Integrated Repository Based on IBFS Single fully localizable repository for MR, BIP, RC Full control of content organization and security policy Resource templates simplify security policy creation Enhanced Content Publishing and Sharing External Authorization Built-in WebFOCUS 8.0.00 Requires 7.7.04 Report Server Migration Utilities Streamline Upgrade 55 56