WebFOCUS 8: Technical Overview

Transcription

1 WebFOCUS 8: Technical Overview July 2012 Update Jim Thorstad Technical Director, WebFOCUS Product Management 1

2 Agenda Introducing WebFOCUS 8 Architecture Security Model Enhancement Highlights Migrating to WebFOCUS 8 2

3 Introducing WebFOCUS 8 3

4 What is WebFOCUS 8? Understanding Middle-tier vs. Server-tier Components WebFOCUS 8 Updates the Middle-tier Users WebFOCUS Client Managed Reporting ReportCaster BI Portal/Dashboard WebFOCUS Report Server Data WebFOCUS Report Server

5 Why Did We Create WebFOCUS 8? A Strategic Platform Initiative WebFOCUS 8 Supports Information Builders Customers Across Four Key Markets Enterprise BI SaaS Small Business OEM WebFOCUS Version 8 WebFOCUS Express TM IBM DB2 Web Query TM WebFOCUS Version 8 Platform 5

6 Why Did We Create WebFOCUS 8? What s Common Across these Markets? A rich customizable portal Easy to use tools A fine-grained security model Integrate with external systems Easy to administer A migration path Enterprise BI SaaS WF Express Web Query WebFOCUS 8 Platform 6

7 What is Included in WebFOCUS 8 Marquee Features WebFOCUS Client and Managed Reporting Integrated repository Fine-grained security model External security integration Business Intelligence Portal Rich interface for content & collaboration Drag-and drop and live preview Page-level security 7

8 What is Included in WebFOCUS 8 Marquee Features InfoAssist Rich interface for creating reports & graphs Ribbon-style interface replaces Java applet HTML5 charts and a dozen new features ReportCaster Full integration with WebFOCUS 8 Ribbon-style interface replaces Java applet Group schedule administration 8

9 What s New in WebFOCUS Report Server Released April 2012 Ribbon-based Console Over 110 Enhancements Language (22) Active Technology (6) Server and Console (29) Adapters (30) DataMigrator (19) Resource Analyzer/Gov (5) Required by WebFOCUS masterindex/html/html_wf_7704/snfhilit/snfhilit.pdf 9

10 WebFOCUS 8 Architecture 10

11 WebFOCUS 8 Architecture Integrated Repository WebFOCUS Client Managed Reporting BI Portal ReportCaster WebFOCUS Report Server Reports Schedules Content Users Groups Security Metadata Uploaded Data WebFOCUS 8 Repository Application Directories 11

12 WebFOCUS 8 Architecture Content is Accessed via the IBFS Service Layer HTTP Service Core WF MR/BIP/RC IBFS Service Layer RC Distribution Server ReportCaster uses an IBFS Service API to access report procedures in the repository WebFOCUS 8 Repository Eliminates problematic HTTP requests to the web tier 1

13 Information Builders File System WebFOCUS 8 Architecture Is Built Around IBFS IBFS Service Layer Internal Subsystem IBFS Path an Object Addressing Scheme IBFS paths used in drill-down links, schedules, security rules For backward compatibility, migrated content can still be accessed via HREF properties 13

14 Information Builders File System IBFS is All-Encompassing IBFS Used to Reference Reports, portal pages Schedules, output Users, groups Report Servers IBFS governs access to everything IBFS is Hierarchical and Enables Security policy inheritance Group nesting Full control over content organization 14

15 Information Builders File System IBFS Enables Full Control of Content Organization Mandatory folders in 7x are migrated as is but are no longer required in 8.0 Reports, reporting objects, and library output can be deployed in the same folder Folder depth not limited to one sub-folder 15

16 WebFOCUS 8 High-level Architecture Running Report Requests WebFOCUS runs interactive requests through IBFS ReportCaster runs scheduled reports through JLINK HTTP Service Core WF MR/BIP/RC IBFS Service Layer Web Requests RC Distribution Server JLINK Scheduled Jobs WebFOCUS 8 Repository WebFOCUS Report Server 1

17 WebFOCUS 8 High-level Architecture Moving ReportCaster Distribution Server Off JLINK On the Roadmap (post ) Enables Passing of WF8 Groups to the Server Use server group profiles with scheduled jobs IBI_WFRS_Passthrough_Groups=ALL Enables site.wfs Processing <set> wfvariable (pass) Use WF Variables in scheduled jobs RC Distribution Server IBFS Service Layer Scheduled Jobs WebFOCUS Report Server 1

18 WebFOCUS 8 Security Model 18

19 Why a New Security Model? Customer Feedback Related to WebFOCUS 7x Managed Reporting Role Security was Limiting Only 5 base roles and 9 permissions One role for all Domains Domain Security Model was Limiting Couldn t customize security on sub-folders Content Sharing was Limiting Couldn t share with specific people Challenging for Multi-tenancy SaaS Deployments Couldn t allow sharing in a common Domain user s would see content from other tenants Dilemma: abandon common domain or drop sharing? WebFOCUS 8 Addresses These Challenges! 19

20 WebFOCUS 8 Security Model Key Concepts Security Rule, which Binds Together Subjects objects that can be authorized Permissions capabilities that can be assigned Resources objects that can be secured Access type of the rule: permit, deny, etc. Apply To scope of the rule: folder, folder & children, children only Permission Set Collection of Permissions Simplifies Rule Creation Security Policy Collection of Security Rules Effective Policy Evaluation of the Security Policy Bob has permissions A, B, C on resource X 20

21 WebFOCUS 8 Security Model Understanding Group Membership Policy Evaluation Includes Processing of a User s: Explicitly assigned groups Implicit groups Bob is assigned to the Sales Basic Users group Sales Basic Users is nested under Sales Bob implicitly belongs to Sales Rules associated with both groups apply to Bob Bob 21

22 WebFOCUS 8 Security Model Simple Security Policy with 3 Rules Subject Action Permission Set Resource Scope Sales Group Permitted ShareWithGroup Sales Group Folder & Children Sales Developers Sales Group Administrators Permitted Developer Role Sales Folder Folder & Children Permitted Manage Groups Sales Group Folder & Children Note that groups (and users) are unique in that they can be both Subjects and Resources 22

23 WebFOCUS 8 Security Model WebFOCUS 8 Security Center Users & Groups Tab 23

24 WebFOCUS 8 Security Model WebFOCUS 8 Security Center Permission Sets Tab 24

25 WebFOCUS 8 Security Model Creating Security Rules Select any IBFS resource and then click Security > Rules 25

26 WebFOCUS 8 Security Model Creating Security Rules Security Rules Dialog Dialog shows the resource You select a subject Then the permission set, access type and scope Click OK to create the rule(s) 26

27 WebFOCUS 8 Security Model Security > Rules on this Resource Rules on this Resource dialog answers the question: Who has access to this resource? 27

28 WebFOCUS 8 Security Model WebFOCUS 8 Global Groups Consider Using Global Groups Carefully Through inheritance global groups have access to everything in the repository 28

29 WebFOCUS 8 Security Model Benefits Flexible Security Model Over 150 assignable permissions Can develop custom permission sets Sub-Groups and Inheritance Simplify Policy Creation Easy to Use Tools to Create and Verify Security Policies Makes it Possible to Support Many Different Deployment Requirements 29

30 WebFOCUS 8 Enhancement Highlights 30

31 WebFOCUS 8 Enhancement Highlights Resource Templates Private Content, Publishing, and Content Sharing Localization Licensing Authorization Mapping 31

32 Resource Templates The Deployment Challenges Facing Administrators What are our security requirements? How do I design and implement a security policy? How long will it take to create security rules? What best practices should I be aware of? Where do I start? 32

33 Resource Templates Simplifying the Creation of Security Policies Resource Templates Automate the Creation of Groups, resources, permission sets, security rules Information Builders Provides Sample Templates Predefined policies for specific business requirements Best practice policy design Good place to start The Domain templates prompt for name & title Select a template 33

34 Resource Templates Simplifying the Creation of Security Policies The template creates predefined folders, groups, and permission sets 34

35 Resource Templates Simplifying the Creation of Security Policies and security rules 35

36 Resource Templates Support Site and Roadmap Latest Templates Available on Support: /wbf/v8templates/wbf_8_resource_templates.html Available Templates Updated Domain templates SaaS-oriented templates Each Template Includes Release Notes with installation steps, limitations Policy design worksheet that describes rule definitions and permission sets Create Your Own Templates Plan to document the process in

37 Private Content, Publishing, and Sharing Fully Configurable My Content Folders Folder Property Enables Support for My Content Assignable Permission Determines Who Gets One Private content, created and saved by a user to their My Content folder 37

38 Private Content, Publishing, and Sharing Private Content: Simplified Content Deployment All Content Initially Created as Private Doesn t inherit security rules from above Visible only to owner Administrators with Manage Private Resources can access private content Authorized Users Can Create New Content In-Place In private content, created by a developer is displayed in a non-bold font 38

39 Private Content, Publishing, and Sharing Private Content: Simplified Content Deployment All Content Initially Created as Private Doesn t inherit security rules from above Visible only to owner Administrators with Manage Private Resources can access private content Authorized Users Can Create New Content In-Place In all content is non-bold and private content is indicated with a grayscale overlay on the icon 39

40 Private Content, Publishing, and Sharing Publishing Private Content Published Items Become System-Managed Inherit security rules from above Create, Publish & Un-Publish are separately assignable Offers Flexible Alternatives to Formal Change Control That require isolated DEV/TEST/PROD environments Particularly Useful in SaaS Deployments Formal change control not practical Tenant developers can work out of view from users Publishing to users is simple IBFS paths don t change Consider Developing In-Place with Private Content 40

41 Private Content, Publishing, and Sharing Content Sharing Enhancements Complete Control Over Content Sharing Share simple sharing determined by WebFOCUS Share with user determines who to share with Configurable Policy Determines Available Users/Groups Enhanced Shared Content View Only Users with Shared Content are Displayed Shared content Assignable sharing options 41

42 Other Security Enhancements For Customers Using Internal Authentication Strong Encryption for Passwords Configurable Password Policies Built-in User and Administrative Activity Auditing This user Used this API To move this user [ :30:13,267] INFO groups ed214e45667f0f1 thoja13 addusertogroup SUCCESS user:smija03 ( ) group:ibfs:/ssys/groups/retail/developers ( ) Into this group 42

43 Authorization Mapping Key Requirement for Enterprise & SaaS Deployments What If We Use LDAP/AD for Authorization? The user s group memberships A custom attribute on the user entry LDAP/AD Authorization Mapping is Built-in to WebFOCUS 8 LDAP/AD Groups User Attribute 43

44 Authorization Mapping LDAP/AD Authorization Mapping Built-in to WebFOCUS 8 Administrator Maps the Value to a WebFOCUS Group Resource Templates Can Configure the Mapping (8.0.01) Group DN or attribute value is mapped to WF group 44

45 LDAP Authorization Mapping Powerful Integration for Enterprise & SaaS Deployments Mapped WebFOCUS groups have a link icon User accounts are automatically created during sign-on 45

46 Localizable Content Titles A Complete Solution for Localized Applications Repository data can be localized User sees label based on their language preference 46

47 WebFOCUS 8 Client License New for WebFOCUS 8 Enforces Licensed Options Features: BI Portal, InfoAssist, ReportCaster, etc. Managed Reporting user count InfoAssist user count (future release) Work with Customer Support/Account Team Make sure your site code (XXXX.nn) reflects your products 47

48 Migrating to WebFOCUS 8 48

49 Migrating to WebFOCUS 8 Built-in Utilities to Simplify the Process Utility Migrates 7x Content ReportCaster Content Managed Reporting Content Dashboards Dashboard Conversion to BI Portals Not Automatic User Experience and Policies Preserved Identical folder structure Identical security policy 49

50 Migrating to WebFOCUS 8 Understanding the Security Policy for Migrated Content 7x Security Policies are Replicated in WebFOCUS 8.0 The User Default Role feature is enabled Special User Default Role (UDR) Rules Connect Migrated Groups to Migrated Domain folders User Default Role tab is enabled Special permission sets are configured on the user 50

51 Migrating to WebFOCUS 8 Managed Reporting Realm Driver WebFOCUS 8 Does Not Include Realm Driver External authentication & authorization support is built-in Using Realm Driver for Authentication Only? Simply configure authentication in WebFOCUS 8 Console 51

52 Migrating to WebFOCUS 8 Managed Reporting Realm Driver Configurations Using Realm Driver for Authorization? During migration, external authorization data is read UDR security policies are created Effective security policy is identical after migration However, WebFOCUS 8 no longer looks at external data 52

53 Migrating to WebFOCUS 8 Managed Reporting Realm Driver Migration Planning What If I Need to Authorizing to External Data? LDAP or Active Directory Switch to the LDAP mapping feature RDBMS SQL updates to WebFOCUS 8 repository not supported RDBMS mapping feature (roadmap) Use RESTful web services (planned for ) Custom Security Java plug-in interface for authn/authz mapping (roadmap) Please create a support case to get assistance with any migration topic 53

54 Summary 54

55 WebFOCUS 8 Technical Overview Summary Rich Portal and Tool Interfaces Replace Dashboard and Java Applet UIs Integrated Repository Based on IBFS Single fully localizable repository for MR, BIP, RC Full control of content organization and security policy Resource templates simplify security policy creation Enhanced Content Publishing and Sharing External Authorization Built-in WebFOCUS Requires Report Server Migration Utilities Streamline Upgrade 55

56 56