WebFOCUS 8 Repository - Information Builders

advertisement
WebFOCUS 8: Technical Overview
Jim Thorstad
Technical Director, WebFOCUS
Product Management
July 2012 Update
1
Agenda
 Introducing WebFOCUS 8
 Architecture
 Security Model
 Enhancement Highlights
 Migrating to WebFOCUS 8
2
Introducing WebFOCUS 8
3
What is WebFOCUS 8?
Understanding Middle-tier vs. Server-tier Components
WebFOCUS 8 Updates the Middle-tier
WebFOCUS Client
Managed Reporting
WebFOCUS
Report
Server
ReportCaster
Users
BI Portal/Dashboard
Data
WebFOCUS 8.0.00 + Report Server 7.7.04
4
Why Did We Create WebFOCUS 8?
A Strategic Platform Initiative
WebFOCUS 8 Supports Information Builders
Customers Across Four Key Markets
Enterprise
BI
SaaS
WebFOCUS Version 8
Small
Business
OEM
WebFOCUS
ExpressTM
IBM DB2
Web QueryTM
WebFOCUS Version 8 Platform
5
Why Did We Create WebFOCUS 8?
What’s Common Across these Markets?
A rich customizable portal
Enterprise BI
Easy to use tools
SaaS
A fine-grained security model
WF Express
Integrate with external systems
Web Query
Easy to administer
A migration path
WebFOCUS 8
Platform
6
What is Included in WebFOCUS 8
Marquee Features
WebFOCUS Client and Managed Reporting
 Integrated repository
 Fine-grained security model
 External security integration
Business Intelligence Portal
 Rich interface for content & collaboration
 Drag-and drop and live preview
 Page-level security
7
What is Included in WebFOCUS 8
Marquee Features
InfoAssist
 Rich interface for creating reports & graphs
 Ribbon-style interface replaces Java applet
 HTML5 charts and a dozen new features
ReportCaster
 Full integration with WebFOCUS 8
 Ribbon-style interface replaces Java applet
 Group schedule administration
8
What’s New in WebFOCUS Report Server 7.7.04
Released April 2012
 Ribbon-based Console
 Over 110 Enhancements
 Language (22)
 Active Technology (6)
 Server and Console (29)
 Adapters (30)
 DataMigrator (19)
 Resource Analyzer/Gov (5)
 Required by WebFOCUS 8.0
http://documentation.informationbuilders.com/
masterindex/html/html_wf_7704/snfhilit/snfhilit.pdf
9
WebFOCUS 8 Architecture
10
WebFOCUS 8 Architecture
Integrated Repository
WebFOCUS Client
Managed Reporting
WebFOCUS
Report Server
BI Portal
ReportCaster
Reports
Schedules
Content
Users
Groups
Security
WebFOCUS 8
Repository
Metadata
Uploaded Data
Application
Directories
11
WebFOCUS 8 Architecture
HTTP Service
Content is Accessed via the IBFS Service Layer
Core WF
MR/BIP/RC
RC Distribution
Server
IBFS Service
Layer
ReportCaster uses an
IBFS Service API to
access report
procedures in the
repository
WebFOCUS 8
Repository
Eliminates problematic
HTTP requests to the
web tier
1
Information Builders File System
WebFOCUS 8 Architecture Is Built Around IBFS
 IBFS Service Layer – Internal Subsystem
 IBFS Path – an Object Addressing Scheme
IBFS paths used in drill-down links,
schedules, security rules
For backward compatibility, migrated
content can still be accessed via HREF
properties
13
Information Builders File System
IBFS is All-Encompassing
 IBFS Used to Reference
 Reports, portal pages
 Schedules, output
 Users, groups
 Report Servers
IBFS governs
access to
everything
 IBFS is Hierarchical and Enables
 Security policy inheritance
 Group nesting
 Full control over content
organization
14
Information Builders File System
IBFS Enables Full Control of Content Organization
Mandatory folders
in 7x are
migrated “as is”
… but are no longer
required in 8.0
Reports, reporting
objects, and library
output can be
deployed in the
same folder
Folder depth not limited to
one sub-folder
15
WebFOCUS 8 High-level Architecture
Running Report Requests
HTTP Service
WebFOCUS runs interactive requests through IBFS
ReportCaster runs scheduled reports through JLINK
Core WF
MR/BIP/RC
RC Distribution
Server
IBFS Service
Layer
JLINK
Scheduled
Jobs
Web
Requests
WebFOCUS 8
Repository
WebFOCUS
Report Server
1
WebFOCUS 8 High-level Architecture
Moving ReportCaster Distribution Server Off JLINK
 On the Roadmap (post 8.0.01)
 Enables Passing of WF8 Groups to
the Server
 Use server group profiles with
scheduled jobs
 IBI_WFRS_Passthrough_Groups=ALL
 Enables site.wfs Processing
 <set> wfvariable (pass)
 Use WF Variables in scheduled jobs
RC Distribution
Server
IBFS Service
Layer
Scheduled
Jobs
WebFOCUS
Report Server
1
WebFOCUS 8 Security Model
18
Why a New Security Model?
Customer Feedback Related to WebFOCUS 7x
 Managed Reporting Role Security was Limiting
 Only 5 base roles and 9 permissions
 One role for all Domains
 Domain Security Model was Limiting
 Couldn’t customize security on sub-folders
 Content Sharing was Limiting
 Couldn’t share with specific people
 Challenging for Multi-tenancy SaaS Deployments
 Couldn’t allow sharing in a common Domain—user’s
would see content from other tenants
 Dilemma: abandon common domain or drop sharing?
WebFOCUS 8 Addresses These Challenges!
19
WebFOCUS 8 Security Model
Key Concepts
 Security Rule, which Binds Together…
 Subjects – objects that can be authorized
 Permissions – capabilities that can be assigned
 Resources – objects that can be secured
 Access – type of the rule: permit, deny, etc.
 Apply To – scope of the rule: folder, folder & children,
children only
 Permission Set – Collection of Permissions
 Simplifies Rule Creation
 Security Policy – Collection of Security Rules
 Effective Policy – Evaluation of the Security Policy
 Bob has permissions A, B, C on resource X
20
WebFOCUS 8 Security Model
Understanding Group Membership
 Policy Evaluation Includes Processing of a User’s:
 Explicitly assigned groups
 Implicit groups
• Bob is assigned to the
Sales Basic Users group
• Sales Basic Users is
nested under Sales
• Bob implicitly belongs
to Sales
• Rules associated with
both groups apply to Bob
Bob
21
WebFOCUS 8 Security Model
Simple Security Policy with 3 Rules
Subject
Action
Permission Set
Resource
Scope
Sales Group
Permitted
ShareWithGroup Sales Group
Folder & Children
Sales
Developers
Permitted
Developer Role
Sales Folder
Folder & Children
Sales Group
Administrators
Permitted
Manage Groups
Sales Group
Folder & Children
Note that groups (and users) are unique
in that they can be both Subjects and
Resources
22
WebFOCUS 8 Security Model
WebFOCUS 8 Security Center – Users & Groups Tab
23
WebFOCUS 8 Security Model
WebFOCUS 8 Security Center – Permission Sets Tab
24
WebFOCUS 8 Security Model
Creating Security Rules
Select any IBFS resource
and then click
Security > Rules…
25
WebFOCUS 8 Security Model
Creating Security Rules – Security Rules Dialog
Dialog shows
the resource
You select a
subject
Then the
permission set,
access type and
scope
Click OK to
create the rule(s)
26
WebFOCUS 8 Security Model
Security > Rules on this Resource…
Rules on this Resource dialog answers the question:
“Who has access to this resource?”
27
WebFOCUS 8 Security Model
WebFOCUS 8 Global Groups
 Consider Using Global Groups Carefully
Through inheritance
global groups have
access to everything
in the repository
28
WebFOCUS 8 Security Model
Benefits
 Flexible Security Model
 Over 150 assignable permissions
 Can develop custom permission sets
 Sub-Groups and Inheritance Simplify Policy Creation
 Easy to Use Tools to Create and Verify Security Policies
 Makes it Possible to Support Many Different
Deployment Requirements
29
WebFOCUS 8 Enhancement Highlights
30
WebFOCUS 8 Enhancement Highlights
 Resource Templates
 Private Content, Publishing, and Content Sharing
 Localization
 Licensing
 Authorization Mapping
31
Resource Templates
The Deployment Challenges Facing Administrators
 What are our security requirements?
 How do I design and implement a security policy?
 How long will it take to create security rules?
 What best practices should I be aware of?
 Where do I start?
32
Resource Templates
Simplifying the Creation of Security Policies
 Resource Templates Automate the Creation of
 Groups, resources, permission sets, security rules
 Information Builders Provides Sample Templates
 Predefined policies for specific business requirements
 Best practice policy design
 Good place to start
The Domain
templates
prompt for
name & title
Select a
template
33
Resource Templates
Simplifying the Creation of Security Policies
The template creates predefined folders, groups, and
permission sets
34
Resource Templates
Simplifying the Creation of Security Policies
… and security rules
35
Resource Templates
Support Site and Roadmap
 Latest Templates Available on Support:
https://techsupport.informationbuilders.com/tech
/wbf/v8templates/wbf_8_resource_templates.html
 Available Templates
 Updated Domain templates
 SaaS-oriented templates
 Each Template Includes
 Release Notes with installation steps, limitations
 Policy design worksheet that describes rule definitions
and permission sets
 Create Your Own Templates
 Plan to document the process in 8.0.01
36
Private Content, Publishing, and Sharing
Fully Configurable My Content Folders
 Folder Property Enables Support for My Content
 Assignable Permission Determines Who Gets One
Private content, created
and saved by a user to
their My Content folder
37
Private Content, Publishing, and Sharing
Private Content: Simplified Content Deployment
 All Content Initially Created as Private
 Doesn’t inherit security rules from above
 Visible only to owner
 Administrators with Manage Private Resources can
access private content
 Authorized Users Can Create New Content “In-Place”
In 8.0.00 private content,
created by a developer is
displayed in a non-bold font
38
Private Content, Publishing, and Sharing
Private Content: Simplified Content Deployment
 All Content Initially Created as Private
 Doesn’t inherit security rules from above
 Visible only to owner
 Administrators with Manage Private Resources can
access private content
 Authorized Users Can Create New Content “In-Place”
In 8.0.01 all content is non-bold
and private content is indicated
with a grayscale overlay on the
icon
39
Private Content, Publishing, and Sharing
Publishing Private Content
 Published Items Become System-Managed
 Inherit security rules from above
 Create, Publish & Un-Publish are separately assignable
 Offers Flexible Alternatives to Formal Change Control
 That require isolated DEV/TEST/PROD environments
 Particularly Useful in SaaS Deployments
 Formal change control not practical
 Tenant developers can work out of view from users
 Publishing to users is simple
 IBFS paths don’t change
 Consider Developing In-Place with Private Content
40
Private Content, Publishing, and Sharing
Content Sharing Enhancements
 Complete Control Over Content Sharing
 Share – simple sharing determined by WebFOCUS
 Share with – user determines who to share with
 Configurable Policy Determines Available Users/Groups
 Enhanced Shared Content View
 Only Users with Shared Content are Displayed
Shared
content
Assignable
sharing
options
41
Other Security Enhancements
 For Customers Using Internal Authentication
 Strong Encryption for Passwords
 Configurable Password Policies
 Built-in User and Administrative Activity Auditing
This
user
Used
this API
To move
this user
[2012-05-30 08:30:13,267] INFO groups ed214e45667f0f1
thoja13 addUserToGroup SUCCESS user:smija03 (314568704)
group:IBFS:/SSYS/GROUPS/Retail/Developers (614187006)
Into this group
42
Authorization Mapping
Key Requirement for Enterprise & SaaS Deployments
 What If We Use LDAP/AD for Authorization?
 The user’s group memberships
 A custom attribute on the user entry
 LDAP/AD Authorization Mapping is Built-in to WebFOCUS 8
LDAP/AD Groups
User Attribute
43
Authorization Mapping
LDAP/AD Authorization Mapping Built-in to WebFOCUS 8
 Administrator Maps the Value to a WebFOCUS Group
 Resource Templates Can Configure the Mapping (8.0.01)
Group DN or attribute
value is mapped to
WF group
44
LDAP Authorization Mapping
Powerful Integration for Enterprise & SaaS Deployments
Mapped WebFOCUS
groups have a link icon
User accounts are
automatically
created during
sign-on
45
Localizable Content Titles
A Complete Solution for Localized Applications
Repository data
can be localized
User sees label
based on their
language
preference
46
WebFOCUS 8 Client License
New for WebFOCUS 8
 Enforces Licensed Options
 Features: BI Portal, InfoAssist, ReportCaster, etc.
 Managed Reporting user count
 InfoAssist user count (future release)
 Work with Customer Support/Account Team
 Make sure your site code (XXXX.nn) reflects your products
47
Migrating to WebFOCUS 8
48
Migrating to WebFOCUS 8
Built-in Utilities to Simplify the Process
 Utility Migrates 7x Content
 ReportCaster Content
 Managed Reporting Content
 Dashboards
 Dashboard Conversion to BI Portals
 Not Automatic
 User Experience and Policies Preserved
 Identical folder structure
 Identical security policy
49
Migrating to WebFOCUS 8
Understanding the Security Policy for Migrated Content
 7x Security Policies are Replicated in WebFOCUS 8.0
 The User Default Role feature is enabled
 Special User Default Role (UDR) Rules Connect
Migrated Groups to Migrated Domain folders
Special permission sets
are configured on the user
User Default
Role tab is
enabled
50
Migrating to WebFOCUS 8
Managed Reporting Realm Driver
 WebFOCUS 8 Does Not Include Realm Driver
 External authentication & authorization support is built-in
 Using Realm Driver for Authentication Only?
 Simply configure authentication in WebFOCUS 8 Console
51
Migrating to WebFOCUS 8
Managed Reporting Realm Driver Configurations
 Using Realm Driver for Authorization?
 During migration, external authorization data is read
 UDR security policies are created
 Effective security policy is identical after migration
 However, WebFOCUS 8 no longer looks at external data
52
Migrating to WebFOCUS 8
Managed Reporting Realm Driver Migration Planning
 What If I Need to Authorizing to External Data?
 LDAP or Active Directory
 Switch to the LDAP mapping feature
 RDBMS
 SQL updates to WebFOCUS 8 repository not supported
 RDBMS mapping feature (roadmap)
 Use RESTful web services (planned for 8.0.01)
 Custom Security
 Java plug-in interface for authN/authZ mapping (roadmap)
Please create a support case
to get assistance with any migration topic
53
Summary
54
WebFOCUS 8 Technical Overview
Summary
 Rich Portal and Tool Interfaces
 Replace Dashboard and Java Applet UIs
 Integrated Repository Based on IBFS
 Single fully localizable repository for MR, BIP, RC
 Full control of content organization and security policy
 Resource templates simplify security policy creation
 Enhanced Content Publishing and Sharing
 External Authorization Built-in
 WebFOCUS 8.0.00 Requires 7.7.04 Report Server
 Migration Utilities Streamline Upgrade
55
56
Download