BusinessObjects Enterprise
Administrator's Guide
BusinessObjects Enterprise XI 3.0
Copyright
© 2008 Business Objects, an SAP company. All rights reserved. Business Objects
owns the following U.S. patents, which may cover products that are offered and
licensed by Business Objects: 5,295,243; 5,339,390; 5,555,403; 5,590,250;
5,619,632; 5,632,009; 5,857,205; 5,880,742; 5,883,635; 6,085,202; 6,108,698;
6,247,008; 6,289,352; 6,300,957; 6,377,259; 6,490,593; 6,578,027; 6,581,068;
6,628,312; 6,654,761; 6,768,986; 6,772,409; 6,831,668; 6,882,998; 6,892,189;
6,901,555; 7,089,238; 7,107,266; 7,139,766; 7,178,099; 7,181,435; 7,181,440;
7,194,465; 7,222,130; 7,299,419; 7,320,122 and 7,356,779. Business Objects and
its logos, BusinessObjects, Business Objects Crystal Vision, Business Process
On Demand, BusinessQuery, Cartesis, Crystal Analysis, Crystal Applications,
Crystal Decisions, Crystal Enterprise, Crystal Insider, Crystal Reports, Crystal
Vision, Desktop Intelligence, Inxight and its logos , LinguistX, Star Tree, Table
Lens, ThingFinder, Timewall, Let There Be Light, Metify, NSite, Rapid Marts,
RapidMarts, the Spectrum Design, Web Intelligence, Workmail and Xcelsius are
trademarks or registered trademarks in the United States and/or other countries
of Business Objects and/or affiliated companies. SAP is the trademark or registered
trademark of SAP AG in Germany and in several other countries. All other names
mentioned herein may be trademarks of their respective owners.
Third-party
Contributors
Business Objects products in this release may contain redistributions of software
licensed from third-party contributors. Some of these individual components may
also be available under alternative licenses. A partial listing of third-party
contributors that have requested or permitted acknowledgments, as well as required
notices, can be found at: http://www.businessobjects.com/thirdparty
2008-12-04
Contents
Getting Started 23Chapter 1
About this help...........................................................................................24
What's new in BusinessObjects Enterprise XI 3.0?...................................25
Where should I start?.................................................................................28
BusinessObjects Enterprise guides...........................................................31
Architecture 35Chapter 2
Architectural overview................................................................................36
Client tier components...............................................................................39
Application tier components.......................................................................49
Who should use this help?...................................................................24
About BusinessObjects Enterprise.......................................................24
Planning or performing your first deployment......................................28
Configuring your deployment...............................................................29
Changing your deployment's architecture............................................29
Improving your system's performance.................................................30
Working with objects in the CMC.........................................................30
Architecture basics...............................................................................36
Browser-based web applications ........................................................40
Installed desktop client applications ....................................................43
Web application servers.......................................................................50
Java software development kit (SDK) support.....................................51
.NET software development kit (SDK) support....................................54
BusinessObjects Web Services...........................................................55
Query as a Web Service......................................................................56
Packaged applications.........................................................................57
BusinessObjects Enterprise Administrator's Guide 3
Contents
Intelligence tier...........................................................................................58
Server classifications............................................................................59
Central Management Server (CMS).....................................................63
Event Server.........................................................................................65
File Repository Servers........................................................................65
Cache servers......................................................................................66
Processing tier...........................................................................................67
Job servers...........................................................................................67
Report and Processing servers ...........................................................69
Crystal Reports page server ................................................................72
Multi-Dimensional Analysis Server (MDAS) ........................................72
Dashboard and Analytics servers .......................................................73
Data tier ....................................................................................................74
Semantic layers ...................................................................................74
Connection Server ...............................................................................75
Security management................................................................................76
Central Management Server (CMS) security.......................................76
Security plug-ins...................................................................................77
Information flow ........................................................................................77
What happens when you schedule an object?.....................................78
What happens when you view a report?..............................................79
Security Concepts 83Chapter 3
Security overview.......................................................................................84
Authentication and authorization...............................................................85
Primary authentication..........................................................................86
Single sign-on support..........................................................................88
Security plug-ins...................................................................................92
Processing extensions.........................................................................94
Active trust relationship..............................................................................95
Logon tokens........................................................................................96
4 BusinessObjects Enterprise Administrator's Guide
Contents
Ticket mechanism for distributed security............................................97
Sessions and session tracking..................................................................97
Session tracking...................................................................................98
CMS session tracking...........................................................................98
Environment protection..............................................................................99
Web browser to web server..................................................................99
Web server to BusinessObjects Enterprise........................................100
Auditing web activity................................................................................100
Protection against malicious logon attempts......................................100
Password restrictions.........................................................................101
Logon restrictions...............................................................................101
User restrictions.................................................................................102
Guest account restrictions..................................................................102
Configuring Third-Party Authentication 105Chapter 4
Using NT Authentication .........................................................................106
Using NT user accounts and groups..................................................106
Windows NT security plug-in..............................................................106
NT user account and group administration........................................107
Mapping NT user accounts and groups.............................................108
Using LDAP authentication......................................................................113
Managing LDAP accounts..................................................................114
Using AD with NTLM...............................................................................135
Using AD users and groups...............................................................136
Using AD and Kerberos with Java application servers............................141
Configuring Kerberos for Java application servers............................142
Using AD with SiteMinder........................................................................181
AD and SiteMinder workflow..............................................................181
Configuring AD and SiteMinder workflow...........................................181
Trusted Authentication.............................................................................188
Enabling Trusted Authentication........................................................188
BusinessObjects Enterprise Administrator's Guide 5
Contents
Managing Licenses 197Chapter 5
Overview..................................................................................................198
Managing license information..................................................................198
To view license information......................................................................198
Adding a license key................................................................................198
To add a license key................................................................................198
Viewing current account activity..............................................................199
To view current account activity...............................................................199
Managing and Configuring Servers 201Chapter 6
Server management overview.................................................................202
BusinessObjects Enterprise administrative tools...............................202
Working with the Servers management area in the CMC..................203
About Server Intelligence...................................................................208
Server management: what's new in this version of BusinessObjects
Enterprise...........................................................................................209
Working with nodes.................................................................................213
To add a node.....................................................................................214
To remove servers from a new node..................................................216
Recreating a Server Intelligence Agent on a local machine...............216
Viewing and changing the status of servers............................................218
To view a server's status....................................................................218
Starting, stopping, and restarting servers..........................................219
Stopping a Central Management Server............................................222
Enabling and disabling servers..........................................................223
Adding, cloning, and deleting servers......................................................224
Adding a server..................................................................................225
Cloning servers..................................................................................226
Deleting a server................................................................................227
6 BusinessObjects Enterprise Administrator's Guide
Contents
Server groups..........................................................................................227
Creating a server group......................................................................228
Working with server subgroups..........................................................229
Modifying the group membership of a server.....................................230
User access to servers and server groups.........................................231
Configuring server settings......................................................................233
To change a server's properties.........................................................234
Working with configuration templates.................................................234
Changing the connect port used by Tomcat.......................................237
Configuring port numbers...................................................................237
Copying data from one CMS system database to another................242
Deleting and recreating the CMS system database...........................248
Selecting a new or existing CMS database........................................250
Setting root directories and idle times of the File Repository Servers.252
Modifying performance settings.........................................................253
Configuring destinations for job servers.............................................254
Configuring Windows processing servers for your data source.........261
Configuring UNIX processing servers for your data source...............261
Configuring a multihomed machine.........................................................268
Configuring the CMS to bind to a network address............................269
Configuring the remaining servers to bind to a network address.......269
Adding and removing Windows server dependencies.............................269
Changing the system user account.........................................................270
Configuring servers for SSL.....................................................................271
Creating key and certificate files........................................................271
Configuring the SSL protocol.............................................................274
Clustering Central Management Servers................................................276
Adding a CMS to a cluster..................................................................278
Adding a new node to a cluster..........................................................278
Adding clusters to the web.xml file.....................................................279
Preparing to copy a CMS system database.......................................280
BusinessObjects Enterprise Administrator's Guide 7
Contents
Changing the name of a CMS cluster................................................281
Backing up and restoring server configuration settings...........................282
To back up server configuration settings to a BIAR file......................283
To restore server configuration settings.............................................284
To import nodes from one cluster to another .....................................296
Working with Federation 299Chapter 7
Federation................................................................................................300
Federation terms......................................................................................302
BI application .....................................................................................302
Destination site ..................................................................................302
Local...................................................................................................302
Locally run completed instances .......................................................302
Multiple Origin sites ...........................................................................303
One-way replication ...........................................................................303
Origin site ..........................................................................................303
Remote...............................................................................................303
Remote Connection............................................................................303
Remote Scheduling............................................................................303
Replication..........................................................................................304
Replication Job...................................................................................304
Replication List...................................................................................304
Replication Object..............................................................................304
Replication package...........................................................................304
Replication refresh.............................................................................305
Two-way replication............................................................................305
Replication Lists.......................................................................................305
Creating a Replication List.................................................................306
Managing a Replication List...............................................................311
Viewing a Remote Connection................................................................312
Creating a Remote Connection..........................................................312
8 BusinessObjects Enterprise Administrator's Guide
Contents
Modifying a Remote Connection........................................................315
Viewing a Replication Job........................................................................315
Creating a Replication Job.................................................................316
Scheduling a Replication Job.............................................................319
Modifying a Replication Job...............................................................320
Viewing a log after a Replication Job.......................................................320
Managing security rights..........................................................................322
Rights required on the Origin site.......................................................322
Rights required on the Destination site..............................................323
Federation specific objects.................................................................324
Replicating security on an object.......................................................325
Replicating security on an object using access levels.......................326
Replicating third-party users and groups.................................................326
Managing Object Cleanup.......................................................................327
How to use Object Cleanup................................................................328
Object Cleanup limits.........................................................................329
Object Cleanup frequency..................................................................329
Replication types and mode options........................................................330
One-way replication ...........................................................................330
Two-way replication ...........................................................................331
Refresh from Origin or Refresh from Destination...............................331
Managing conflict detection and resolution.............................................333
One-way replication conflict resolution...............................................334
Two-way replication conflict resolution...............................................336
Using Web Services in Federation..........................................................340
Session variable.................................................................................340
File caching........................................................................................340
Custom deployment...........................................................................341
Remote scheduling and locally run instances.........................................342
Remote scheduling.............................................................................342
Locally run instances..........................................................................344
BusinessObjects Enterprise Administrator's Guide 9
Contents
Instance share....................................................................................345
Managing migration and promotion.........................................................346
Best practices..........................................................................................349
Current release limitations..................................................................353
Troubleshooting error messages........................................................354
Working with Firewalls 357Chapter 8
Understanding communication between BusinessObjects Enterprise
components.............................................................................................358
Overview of BusinessObjects Enterprise servers and communication
ports...................................................................................................358
Communication between BusinessObjects Enterprise components ..360
Configuring BusinessObjects Enterprise for firewalls..............................371
To configure the system for firewalls..................................................371
Examples of typical firewall scenarios.....................................................375
Example - Application tier deployed on a separate network..............375
Example - Rich client and database tier separated from BusinessObjects
Enterprise servers by a firewall..........................................................379
Modifying Default Security Behavior 383Chapter 9
BusinessObjects Enterprise and reverse proxy servers .........................384
Introduction to reverse proxy servers.................................................384
Supported reverse proxy servers ......................................................385
Understanding how BusinessObjects Enterprise web applications are
deployed ............................................................................................385
Configuring reverse proxy servers for BusinessObjects Enterprise web
applications..............................................................................................386
To configure the reverse proxy server ...............................................387
Detailed instructions for configuring reverse proxy servers for
BusinessObjects Enterprise...............................................................387
Configuring Apache 2.2 reverse proxy server for BusinessObjects
Enterprise...........................................................................................389
10 BusinessObjects Enterprise Administrator's Guide
Contents
Configuring WebSEAL 6.0 reverse proxy server for BusinessObjects
Enterprise...........................................................................................390
Special configuration for BusinessObjects Enterprise in reverse proxy
deployments............................................................................................391
Enabling reverse proxy for Developer Suite Web Services...............391
Enabling reverse proxy for BusinessObjects Live Office...................395
Enabling reverse proxy for Business Process BI Web Services........396
Enabling reverse proxy for the Voyager application ..........................397
Improving Performance 399Chapter 10
Improving performance............................................................................400
Assessing your system's performance....................................................400
Assessing user needs........................................................................401
Analyzing server metrics....................................................................402
Resolving performance issues................................................................412
Performance risks and solutions........................................................414
Managing Auditing 443Chapter 11
How does auditing work?.........................................................................444
Configuring auditing.................................................................................450
Which events can I audit?..................................................................453
Enabling auditing of user and system events..........................................469
To enable auditing events for client applications................................472
To use the configuration template......................................................472
Configuring the universe connection.......................................................473
Using sample auditing reports.................................................................475
Controlling synchronization of auditing actions.......................................476
Optimizing system performance while auditing.......................................477
BusinessObjects Enterprise Administrator's Guide 11
Contents
Auditing Reports 479Chapter 12
Using auditing reports..............................................................................480
Why are reports important?................................................................480
Auditor report names..........................................................................483
Viewing sample auditing reports..............................................................495
Creating custom auditing reports.............................................................496
Auditing database schema reference......................................................496
Audit_Event........................................................................................496
Audit_Detail .......................................................................................497
Server_Process..................................................................................498
Event_Type........................................................................................499
Application_Type................................................................................500
Detail_Type tables..............................................................................500
Event and Detail reference tables...........................................................501
Server Command Lines 521Chapter 13
Command lines overview.........................................................................522
Standard options for all servers...............................................................523
UNIX signal handling..........................................................................528
Central Management Server...................................................................529
Central Configuration Manager (CCM)....................................................533
Crystal Reports Processing Server and Crystal Reports Cache Server...534
Job servers..............................................................................................537
Report Application Server........................................................................540
Web Intelligence Processing Server........................................................544
Input and Output File Repository Servers...............................................546
Event Server............................................................................................549
12 BusinessObjects Enterprise Administrator's Guide
Contents
UNIX Tools 551Chapter 14
Script utilities............................................................................................552
ccm.sh................................................................................................552
cmsdbsetup.sh...................................................................................558
configpatch.sh....................................................................................558
serverconfig.sh...................................................................................558
uninstallBOBJE.sh..............................................................................560
Script templates.......................................................................................560
startservers.........................................................................................560
stopservers.........................................................................................561
silentinstall.sh.....................................................................................561
Scripts used by BusinessObjects Enterprise...........................................562
bobjerestart.sh....................................................................................562
env.sh.................................................................................................562
env-locale.sh......................................................................................562
initlaunch.sh.......................................................................................563
patchlevel.sh......................................................................................563
postinstall.sh.......................................................................................564
setup.sh..............................................................................................564
setupinit.sh.........................................................................................564
BIAR Command Line Tool 565Chapter 15
Biar Command Line Tool.........................................................................566
The Biar Engine Command Line Tool's Properties File ..........................569
To use the BIAR Command Line Tool......................................................575
Working with the Central Management Console 577Chapter 16
Overview..................................................................................................578
Using the CMC........................................................................................578
BusinessObjects Enterprise Administrator's Guide 13
Contents
Logging on to the CMC......................................................................579
Navigating within the CMC.................................................................580
Setting CMC preferences...................................................................581
Making initial security settings.................................................................583
Setting the Administrator password...................................................583
Disabling a user account....................................................................584
Setting Rights 585Chapter 17
How rights work in BusinessObjects Enterprise......................................586
Access levels......................................................................................587
Advanced rights settings....................................................................587
Inheritance..........................................................................................588
Type-specific rights.............................................................................594
Determining effective rights................................................................596
Managing security settings for objects in the CMC.................................597
Workflow: Viewing rights for a principal on an object.........................598
Workflow: Assigning principals to an access control list for an object.599
Workflow: Modifying security for a principal on an object..................600
Workflow: Setting rights on a top-level folder in BusinessObjects
Enterprise...........................................................................................601
Checking security settings for a principal...........................................602
Working with access levels......................................................................605
Choosing between View and View On Demand access levels..........608
To copy an existing access level........................................................610
To create a new access level.............................................................610
To rename an access level.................................................................610
To delete an access level...................................................................611
To modify rights in an access level.....................................................611
Tracing the relationship between access levels and objects..............613
Managing access levels across sites.................................................613
Breaking inheritance................................................................................615
14 BusinessObjects Enterprise Administrator's Guide
Contents
To disable inheritance.........................................................................616
Using rights to delegate administration...................................................617
Choosing between Modify the rights users have to objects options...619
Owner rights.......................................................................................621
Summary of recommendations for rights administration.........................621
Managing Users and Groups 623Chapter 18
Account management overview..............................................................624
User management..............................................................................624
Group management...........................................................................625
Available authentication types ...........................................................627
Managing Enterprise and general accounts............................................629
To add subgroups...............................................................................633
Adding users to groups......................................................................635
Changing password settings..............................................................637
Enabling Trusted Authentication........................................................639
Granting access to users and groups................................................640
Controlling access to user inboxes....................................................640
Configuring the InfoView logon screen...............................................641
Managing aliases.....................................................................................642
Managing Applications 647Chapter 19
Overview..................................................................................................648
Setting user rights on applications...........................................................648
Managing CMC settings..........................................................................648
To manage settings for the CMC.............................................................649
Managing Discussions settings...............................................................650
To manage Discussions settings in the CMC.....................................650
Searching for a Discussion thread.....................................................650
To search for a discussion thread......................................................650
BusinessObjects Enterprise Administrator's Guide 15
Contents
Sorting search results in Discussions................................................652
To sort your Discussion thread results...............................................652
Deleting a Discussion thread..............................................................652
To delete a discussion thread.............................................................653
Setting user rights....................................................................................653
Managing InfoView settings.....................................................................653
To change display settings for InfoView...................................................654
Managing Web Intelligence settings........................................................654
To modify display settings in Web Intelligence........................................655
Managing BI Widgets settings.................................................................655
Setting rights in BI Widgets................................................................656
Managing Data Sources and Connections 659Chapter 20
Overview..................................................................................................660
Data source connections.........................................................................660
Managing universes.................................................................................661
To view and delete universes..................................................................661
To control access to universes................................................................661
Managing universe connections..............................................................662
To delete a universe connection..............................................................662
Controlling access to universe connections............................................662
To control access to a universe connection.............................................662
To set advanced rights to a universe connection.....................................663
Working with Content Objects 665Chapter 21
Overview..................................................................................................666
General object management...................................................................666
To copy an object...............................................................................666
To move an object..............................................................................667
To create an object shortcut...............................................................667
16 BusinessObjects Enterprise Administrator's Guide
Contents
Relationships......................................................................................673
Report object management.....................................................................675
What are report objects and instances?.............................................675
Setting report refresh options.............................................................676
Setting report processing options.......................................................678
Processing extensions.......................................................................689
Applying processing extensions to reports.........................................690
Working with hyperlinked reports ......................................................694
Program object management..................................................................698
What are program objects and instances?.........................................698
Setting program processing options...................................................700
Authentication and program objects...................................................705
Object package management..................................................................707
What are object packages, components, and instances?..................708
Adding objects to an object package.................................................709
Configuring object packages and their objects..................................710
Authentication and object packages..................................................711
Scheduling Objects 713Chapter 22
Overview..................................................................................................714
Scheduling...............................................................................................714
About the recurrence options and parameters...................................714
Scheduling objects.............................................................................719
Scheduling objects using object packages........................................720
Scheduling an object with events.......................................................721
Setting general scheduling options..........................................................723
Setting notification for the success or failure of a scheduling job.......723
Specifying alert notification.................................................................727
Selecting a destination.......................................................................729
Choosing a format..............................................................................740
Selecting cache options for Web or Desktop Intelligence documents.750
BusinessObjects Enterprise Administrator's Guide 17
Contents
Scheduling an object for a user or group...........................................751
Selecting server group settings..........................................................752
Managing instances.................................................................................753
Managing and viewing the history of instances..................................754
Setting instance limits for an object....................................................760
Using Calendars......................................................................................761
Calendars overview............................................................................761
Creating calendars.............................................................................762
Adding dates to a calendar.................................................................763
Deleting calendars..............................................................................768
Specifying calendar rights..................................................................769
Managing events.....................................................................................769
Managing events overview.................................................................770
File-based events...............................................................................771
Schedule-based events......................................................................772
Custom events...................................................................................774
Specifying event rights.......................................................................775
Running objects instantly.........................................................................775
To run objects now.............................................................................776
Organizing Objects 777Chapter 23
Overview..................................................................................................778
Organizing objects overview....................................................................778
About folders .....................................................................................778
About categories................................................................................779
Working with folders................................................................................779
Creating and deleting folders.............................................................780
Copying and moving folders...............................................................781
Adding new objects to a folder...........................................................782
Specifying folder rights.......................................................................784
Setting limits for folders, users, and groups.......................................784
18 BusinessObjects Enterprise Administrator's Guide
Contents
Managing Personal Folders...............................................................785
Working with categories...........................................................................786
Creating and deleting categories.......................................................786
Moving categories..............................................................................787
Adding an object to a category...........................................................788
Removing or deleting objects from a category...................................789
Specifying category rights..................................................................789
Managing personal categories...........................................................789
Adding Objects to the Repository 791Chapter 24
Overview..................................................................................................792
Options for adding Crystal reports.....................................................792
Publishing Wizard procedures.................................................................793
Saving objects directly to the CMS..........................................................807
Publishing and Publications 809Chapter 25
Overview..................................................................................................810
About Publishing......................................................................................810
What is a publication?........................................................................810
Publishing workflow............................................................................811
Rights required for Publishing............................................................813
Publication concepts................................................................................815
Report bursting...................................................................................815
Delivery rules......................................................................................817
Dynamic recipients.............................................................................820
Destinations........................................................................................821
Formats..............................................................................................825
Personalization...................................................................................828
Subscription........................................................................................829
To create a new publication in the CMC..................................................830
BusinessObjects Enterprise Administrator's Guide 19
Contents
To create a new publication in InfoView...................................................830
Managing Profiles 833Chapter 26
How profiles work....................................................................................834
Profiles and the Publishing workflow..................................................834
Profile targets and profile values.............................................................836
To specify a global profile target.........................................................837
Specifying profile values.....................................................................838
Resolving conflicts between profiles........................................................841
Conflicts between profile values.........................................................842
Specifying profile rights............................................................................843
Content Search 845Chapter 27
Content Search overview.........................................................................846
Searchable document types...............................................................846
Search syntax and interpretation.......................................................848
Multilingual search..............................................................................850
Content Search and instances...........................................................851
Facets and labels...............................................................................851
Prompts and Parameters...................................................................851
Reports with view time security..........................................................852
Suggested queries.............................................................................853
Limited number of search results.......................................................854
Excluding documents from Content Search.......................................854
Servers and architecture..........................................................................855
Deploying the Content Search service....................................................856
Planning your Content Search deployment........................................856
Installation and Upgrade....................................................................858
Configuration...........................................................................................858
Managing Content Search application settings..................................858
20 BusinessObjects Enterprise Administrator's Guide
Contents
Setting rights for the Content Search application...............................862
Disabling and removing Content Search............................................862
Maximum group instances indexed....................................................863
JVM Heap Size...................................................................................864
Understanding and managing the indexing process...............................865
Preparing for the initial indexing.........................................................865
Creating the initial index.....................................................................866
Managing the indexing program object..............................................866
Terminating the indexing process.......................................................869
Troubleshooting.......................................................................................870
To troubleshoot an indexing failure ...................................................870
To clean up after unplanned system downtime .................................871
Rights Appendix 873Chapter 28
About the rights appendix........................................................................874
General rights..........................................................................................874
Rights for specific object types................................................................878
Folder rights.......................................................................................878
Categories..........................................................................................878
Notes..................................................................................................879
Crystal reports....................................................................................880
Desktop Intelligence documents........................................................881
Web Intelligence documents..............................................................882
Users and groups...............................................................................884
Access levels......................................................................................885
Dashboards........................................................................................886
Universes...........................................................................................887
Applications........................................................................................890
BusinessObjects Enterprise Administrator's Guide 21
Contents
Get More Help 915Appendix A
Index 919
22 BusinessObjects Enterprise Administrator's Guide
Getting Started
1
Getting Started
1
About this help
About this help
This help provides you with information and procedures for deploying and
configuring your BusinessObjects Enterprise system. Procedures are provided
for common tasks. Conceptual information and technical details are provided
for all advanced topics.
For daily maintenance tasks and procedures for working with the CMC, see
the BusinessObjects Enterprise Administrator's Guide.
For information about installing BusinessObjects Enterprise, see the
BusinessObjects Enterprise Installation Guide.
Who should use this help?
This help covers deployment and configuration tasks. We recommend
consulting this guide if you are:
• planning your first deployment
• configuring your first deployment
• making significant changes to the architecture of an existing deployment
• improving your system's performance.
This help is intended for system administrators who are responsible for
configuring, managing, and maintaining a BusinessObjects Enterprise
installation. Familiarity with your operating system and your network
environment is beneficial, as is a general understanding of web application
server management and scripting technologies. However, to assist all levels
of administrative experience, this help aims to provide sufficient background
and conceptual information to clarify all administrative tasks and features.
About BusinessObjects Enterprise
BusinessObjects Enterprise is a flexible, scalable, and reliable solution for
delivering powerful, interactive reports to end users via any web
application—intranet, extranet, Internet or corporate portal. Whether it is
used for distributing weekly sales reports, providing customers with
24 BusinessObjects Enterprise Administrator's Guide
Getting Started
What's new in BusinessObjects Enterprise XI 3.0?
personalized service offerings, or integrating critical information into corporate
portals, BusinessObjects Enterprise delivers tangible benefits that extend
across and beyond the organization. As an integrated suite for reporting,
analysis, and information delivery, BusinessObjects Enterprise provides a
solution for increasing end-user productivity and reducing administrative
efforts.
What's new in BusinessObjects Enterprise
XI 3.0?
This version of BusinessObjects Enterprise introduces many new features
and enhancements. The following table briefly describes these features and
where to find more information about them.
Documentation resourcesWhat's New
1
Server Intelligence: Server management is now
handled through the CMC. This enhancement
simplifies many common server management
procedures, and introduces new features that
make it easier to add and configure servers,
monitor server status, and automate server
processes.
Cloning servers: Instead of manually configuring
a new server, you can create a new "cloned"
server based on the configuration settings of
an existing server.
•
About Server Intelligence on page 208
•
Server management:
what's new in this version of BusinessObjects
Enterprise on page 209
•
Cloning servers on
page 226
BusinessObjects Enterprise Administrator's Guide 25
Getting Started
1
What's new in BusinessObjects Enterprise XI 3.0?
Federation: This new feature is an important
cross-site replication tool. Federation allows
you to manage content from a BusinessObjects
Enterprise deployment (Origin site) and replicate
it to other BusinessObjects Enterprise deployments (Destination sites). Both one-way and
two-way replication is possible, as well as setting replication on a recurring schedule. With
Federation, you can manage your content from
one site, streamline global processes and reduce network traffic.
Access levels: This release of BusinessObjects
Enterprise lets you create and maintain access
levels that are customized for your deployment
and security needs. Access levels are groups
of rights that users frequently need. They allow
administrators to set common security levels
quickly and uniformly.
Documentation resourcesWhat's New
• For more information
about Federation, see
the BusinessObjects
Enterprise Administrator's Guide. The latest
version of the PDF is
available on the Business Objects technical
support site.
•
How rights work in BusinessObjects Enterprise
on page 586
•
Working with access
levels on page 605
Publishing: This version features many enhancements to the Publishing feature, including support for Crystal reports and Web Intelligence
documents, new processing capabilities, and
the ability to publish to multiple formats and
destinations and enhanced PDF, as well as
support for customized publication extensions,
dynamic recipients, and delivery rules.
26 BusinessObjects Enterprise Administrator's Guide
•
About Publishing on
page 810
• For more information,
see the BusinessObjects
Enterprise Publisher's
Guide. The latest ver-
sion of the PDF is available on the Business
Objects technical support site.
What's new in BusinessObjects Enterprise XI 3.0?
Instance Manager: This version features a new
area of the CMC called the Instance Manager,
which allows you to manage all of the instances
on BusinessObjects Enterprise from one location. You can multi-select instances to perform
batch operations on them, such as pause, resume, run now, or delete. You can also use the
Instance Manager to request detailed information for a single instance, which is useful when
you need to diagnose and resolve system
problems that cause instances to fail.
Auditing: The range of auditable actions and
details on those actions has been increased.
Administrators can now audit client applications
(including Desktop and Web Intelligence), and
Desktop Intelligence server actions. The auditing Universe has been extended, and a greater
amount of detail will be captured by the auditing
events, including template and instance IDs, as
well as IP addresses and machine names for
client applications.
Getting Started
Documentation resourcesWhat's New
•
Instance Manager on
page 756
•
Managing instances on
page 753
•
Managing Auditing on
page 443
1
Content Search: Content Search is an optimized
search tool that enables InfoView users to
search within the content of objects managed
by BusinessObjects Enterprise. Content Search
can recognise stem and stop words, search
techniques used similar to those used in other
search engines, and enables users to search
in multiple languages. Content Search refines
the search results by grouping them into categories of similar object types, and ranking them
in order of their relevance to the search term.
It can recognise search terms in data structure
and suggest new Web Intelligence queries that
may contain the data users are searching for.
BusinessObjects Enterprise Administrator's Guide 27
•
Content Search
overview on page 846
• Users conduct Content
Searches in InfoView.
For information on conducting Content Searches, see the BusinessOb-
jects Enterprise InfoView
User’s Guide.
Getting Started
1
Where should I start?
Online documentation library
A completely new interface to the full documentation set now has guides for
all Business Objects products. The new online documentation library has
the most up-to-date version of the Business Objects product documentation,
posted upon publication and updated regularly. You can browse the library
contents, run full-text searches, read guides on line, and download PDFs.
http://support.businessobjects.com/documentation/product_guides/default.asp
Where should I start?
Depending on your situation, you may want to focus on specific sections of
this help, and there may be other resources available for you. For each of
the following situations, there is a list of suggested tasks and reading topics.
•
Planning or performing your first deployment on page 28
•
Configuring your deployment on page 29
•
Changing your deployment's architecture on page 29
•
Improving your system's performance on page 30
•
Working with objects in the CMC on page 30
Planning or performing your first deployment
If you are planning or performing your first deployment of BusinessObjects
Enterprise, it is recommended that you perform the following tasks and read
the corresponding sections:
•
To get familiar with the components, read Architectural overview on
page 36.
• To assess your needs and design a deployment architecture that works
best for you, read the BusinessObjects Enterprise Deployment Planning
Guide.
•
Understanding communication between BusinessObjects Enterprise
components on page 358
•
Security overview on page 84
•
If you plan to use third-party authentication, read Configuring Third-Party
Authentication on page 105
28 BusinessObjects Enterprise Administrator's Guide
• For advice about assessing your anticipated performance needs, see
Improving performance on page 400.
• For more information about installing BusinessObjects Enterprise, see
the BusinessObjects Enterprise Installation Guide.
•
After you install, read Server management overview on page 202.
Configuring your deployment
If you have just completed your installation of BusinessObjects Enterprise
and need to perform initial configuration tasks, such as firewall configuration
and user management, it is recommended that you read the following
sections:
•
Server management overview on page 202
•
Understanding communication between BusinessObjects Enterprise
components on page 358
•
Security overview on page 84
Getting Started
Where should I start?
1
•
If you plan to use third-party authentication, read Configuring Third-Party
Authentication on page 105
• For advice about assessing and improving your system's performance,
see Improving performance on page 400.
•
If you want to monitor your existing system, read Managing Auditing on
page 443 and Auditing Reports on page 479.
Changing your deployment's architecture
Are you expecting a significant increase in server traffic? Do you need to
accommodate a sudden influx of users? Do you need to incorporate new
kinds of content from new sources? Or do you need to update a deployment
that didn't adequately anticipate the volume of objects being processed on
a daily basis?
If you need to revise your deployment to account for significant changes in
how you use the system, it is recommended that you read the following
sections:
BusinessObjects Enterprise Administrator's Guide 29
Getting Started
1
Where should I start?
• For advice about assessing and improving your system's performance,
see Improving performance on page 400.
•
If you are installing new server components, see Server management
overview on page 202.
•
If you are importing or configuring new users, see Account management
overview on page 624.
• For information about installing new components, you can find more
information in the BusinessObjects Enterprise Installation Guide.
Improving your system's performance
If you want to assess your deployment's efficiency and fine-tune it in order
to maximize resources, it is recommended that you read the following
sections:
• For advice about assessing and improving your system's performance,
see Improving performance on page 400.
•
If you want to monitor your existing system, read Managing Auditing on
page 443 and Auditing Reports on page 479.
• For daily maintenance tasks and procedures for working with servers in
the CMC, see Server management overview on page 202.
Working with objects in the CMC
If you are working with objects in the CMC, read the following sections:
•
To get started with the CMC, see Using the CMC on page 578.
• For information about setting up users and groups in the CMC, see
Account management overview on page 624.
•
To publish objects to BusinessObjects Enterprise, see About Publishing
on page 810
•
To set security on objects, see How rights work in BusinessObjects
Enterprise on page 586.
30 BusinessObjects Enterprise Administrator's Guide
BusinessObjects Enterprise guides
•
For general information about working with objects, see General object
management on page 666.
•
To organize objects, see Organizing objects overview on page 778.
•
To schedule objects in BusinessObjects Enterprise, see Scheduling on
page 714
BusinessObjects Enterprise guides
The following table provides a list of BusinessObjects Enterprise guides and
their contents.
Getting Started
1
BusinessObjects Enterprise Administrator's Guide 31
Getting Started
1
BusinessObjects Enterprise guides
DescriptionGuide
BusinessObjects Enterprise
Deployment Planning Guide
BusinessObjects Enterprise Installation and Configuration
Guide
BusinessObjects Enterprise
Administrator's Guide
This guide covers the key concepts you
should consider before you begin deploying BusinessObjects Enterprise. This
guide includes an overview of the architecture, tips for assessing your existing environment, determining your organization's
needs, and preparing for the installation.
Leads you through the steps required to
run the setup program and complete your
installation of BusinessObjects Enterprise.
There are UNIX and Windows versions of
this guide available.
Provides content for server administration
and content administration. The server
administration topics includes server configuration, managing authentication, configuring firewalls, and measuring system
performance. The content administration
topics include working with the CMC,
configuring rights and access levels,
managing users, and working with Business Objects applications and objects.
BusinessObjects Enterprise
Publisher's Guide
32 BusinessObjects Enterprise Administrator's Guide
Provides an overview of the publishing
process, working with publications, publishing Crystal reports, publishing web intelligence documents, publishing desktop
intelligence documents, and publishing
security.
Getting Started
BusinessObjects Enterprise guides
DescriptionGuide
1
BusinessObjects Enterprise Migration Guide
BusinessObjects Enterprise
Upgrade Guide
BusinessObjects Enterprise InfoView User's Guide
For a complete list of all of our product documentation please visit our support
site: http://support.businessobjects.com/documentation/product_guides/de
fault.asp
Details content migration from legacy
Business Objects software, such as Classic or Enterprise 5 or 6, to BusinessObjects Enterprise XI 3.0.
Information for upgrades from BusinessObjects Enterprise XI to BusinessObjects
Enterprise XI 3.0.
Provides an overview of InfoView and
working with Crystal Reports, Web Intelligence, objects, discussions, encyclopedia,
and Voyager workspaces.
BusinessObjects Enterprise Administrator's Guide 33
Getting Started
BusinessObjects Enterprise guides
1
34 BusinessObjects Enterprise Administrator's Guide
Architecture
2
Architecture
2
Architectural overview
Architectural overview
This section outlines the overall platform architecture, system tiers, and
individual services and components that make up the business intelligence
(BI) platform. This information will help administrators understand the
essentials of BusinessObjects Enterprise and how to plan the deployment,
management, and maintenance of the system.
BusinessObjects Enterprise includes specialized services including Web
Intelligence, Desktop Intelligence, and Crystal Reports components, and a
set of Dashboard and Analytics services for metrics management, predictive
analysis, and process analysis. These services are available to software
created by your own organization through several application programming
interfaces (APIs).
BusinessObjects Enterprise is designed for high performance across a broad
spectrum of user and deployment scenarios. For example, specialized
platform services are included that handle either on-demand data access
and report generation or time- or event-based report scheduling. You can
offload processor intensive scheduling and processing to dedicated servers
to improve performance. The architecture is designed to meet the needs of
virtually any BI deployment, and is flexible enough to grow from several users
with a single tool, to tens of thousands of users with multiple tools and
interfaces.
Architecture basics
The BusinessObjects Enterprise technical architecture is composed of a set
of tiers optimized for specific tasks and operations. The five tiers are:
• Client: web browser and rich clients.
• Application: Java web application servers and tools.
• Intelligence: system server processes.
• Processing: data analysis and report generation.
• Data: source repositories.
36 BusinessObjects Enterprise Administrator's Guide
Architecture
Architectural overview
2
Developers can access the platform using a set of web services and Java
APIs to integrate BusinessObjects Enterprise into other enterprise systems,
and to share dynamically updated documents with users on separate
networks.
BusinessObjects Enterprise Administrator's Guide 37
Architecture
2
Architectural overview
End users can access, create, edit, and interact with reports using specialized
tools and applications that include:
• Crystal Reports.
• Web Intelligence.
• Desktop Intelligence.
• Voyager.
• Dashboard and Analytics.
• Dashboard Builder.
IT departments can use data and system management tools that include:
• Central Management Console.
• Central Configuration Manager.
• Import Wizard.
• Publishing Wizard.
• Universe Designer.
• Repository Diagnostic Tool.
To provide flexibility, reliability, and scalability, the components that make
up BusinessObjects Enterprise can be installed on one or many machines.
You can even install two BusinessObjects Enterprise deployments
simultaneously on the same hardware, although this configuration is
recommended only for upgrade or testing purposes.
Server processes can be "vertically scaled" (where one computer runs
several, or all, server-side processes) to reduce cost, or "horizontally scaled"
(where server processes are distributed between two or more networked
machines) to improve performance. It is also possible to run duplicate
instances of a server process on the same machine, or across several
networked machines.
Note:
Server processes run as "services" on Windows machines, and as "daemons"
on UNIX machines. While it is possible to deploy a mixture of Windows and
UNIX platforms at the tier level (such as a UNIX web application server with
a Windows CMS), it is recommended that you do not mix operating systems
for server processes (such as a cluster of two CMS systems where one runs
Windows and the other runs UNIX).
38 BusinessObjects Enterprise Administrator's Guide
Client tier components
Two application categories are available in the client tier: operating system
independent web applications that run in web browsers, like Internet Explorer,
Firefox, or Safari; and rich desktop applications installed on a Microsoft
Windows operating system.
Browser-based web applications
The first category is made up of light-weight, web browser-based client
front-ends that run on all supported operating system platforms. A web
application server receives client requests and interfaces with the
BusinessObjects Enterprise intelligence and processing tiers to return data
to the users' web browsers. This approach allows you to provide business
intelligence (BI) access to large groups of users through your intranet or the
web, without the challenges of deploying desktop software products.
Communication is conducted over HTTP and can be secured with SSL by
enabling HTTPS encryption on the web application server. Examples of this
type of application include the InfoView, Web Intelligence, Central
Management Console (CMC), and report viewers.
Architecture
Client tier components
2
Desktop applications
The second category is made up of locally installed, rich-client applications
installed on a supported Microsoft Windows operating system. This approach
allows you to offload BI processing from BusinessObjects Enterprise onto
individual client computers. Most desktop applications directly access your
organization's data through middleware drivers installed on the desktop, and
communicate with your BusinessObjects Enterprise deployment through
CORBA or encrypted CORBA SSL. Examples of this type of application
include Crystal Reports, Desktop Intelligence, and Live Office clients.
Note:
Although Live Office is a desktop application, it communicates with
BusinessObjects Enterprise web services over HTTP. You can configure
BusinessObjects Enterprise so that Microsoft Office documents containing
Live Office components dynamically update, even when sent to recipients
outside your organization's secured network.
BusinessObjects Enterprise Administrator's Guide 39
Architecture
2
Client tier components
Browser-based web applications
Browser-based web applications use web technologies such as, Active X,
Flash, Ajax framework, J2EE, and .NET web components (framework and
reporting services) to integrate with BusinessObjects Enterprise.
These web applications also act as an effective demonstration of how
BusinessObjects Enterprise software development kits (SDKs) can be used
to create custom web applications for end users or administrators.
InfoView
InfoView can access, interact with, and export, any type of business
intelligence including reports, analytics, dashboards, scorecards, and strategy
maps.
InfoView allows users to manage:
• BI catalog browsing and searching.
• BI content access (creating, editing, and viewing).
• BI content scheduling and publishing.
Central Management Console (CMC)
The Central Management Console (CMC) is a web-based tool to perform
day-to-day administrative tasks, including user management, content
management, and server management. It also allows you to publish, organize,
and set security levels for all of your BusinessObjects Enterprise content.
Because the CMC is a web-based application, you can perform all of these
administrative tasks remotely.
All users can log on to the CMC to change their user preference settings.
Only members of the Administrators group can change management settings,
unless explicitly granted the rights to do so.
The CMC also demonstrates how you can use the administrative objects
and libraries in the BusinessObjects Enterprise software development kit
(SDK) to create custom web applications for administering BusinessObjects
Enterprise.
40 BusinessObjects Enterprise Administrator's Guide
Architecture
Client tier components
Server Intelligence
Server Intelligence is a component of the Central Management Console
(CMC) that simplifies administrative procedures previously carried out by
the Central Configuration Manager (CCM), such as the management of CMC
server processes. This includes the addition and removal of server processes,
server process configuration, and the automatic restart or shutdown of servers
that encounter unexpected conditions.
Server Intelligence also archives server process information in the CMS
database so you can easily restore default server settings, or create
redundant instances of server processes with the same settings.
Note:
The CCM is a tool that allows you to configure and manage the Server
Intelligence Agent. The Server Intelligence Agent is the component that
allows you to manage all servers through the CMC.You can also use the
CCM to create and manage nodes in your deployment.
Dashboard and Analytics
Dashboard and Analytics integrates all performance data and processes,
enabling CFOs, finance departments, and business managers to track and
analyze key business metrics and goals via management dashboards,
scorecards, and alerting.
2
Business Objects dashboard and scorecard products consist of an integrated
dashboard, scorecard, and dashboard builder, as well as a catalog of analytic
templates and five integrated analytic engines. The five analytic engines
(metrics, rules, sets, predictive, and process analysis) provide the processing
power to monitor performance, alert to exceptions, track customer segments,
forecast, and analyze business processes.
Web Intelligence
Web Intelligence is a scalable online query and analysis tool for knowledge
workers to build queries and analyze business information through a user
friendly drag-and-drop interface. The patented Business Objects semantic
layer hides the complexity of underlying data sources. Reports can be
published to the BusinessObjects Enterprise web portal, or to Microsoft Office
applications using BusinessObjects Live Office.
BusinessObjects Enterprise Administrator's Guide 41
Architecture
2
Client tier components
Voyager
Voyager is an AJAX-based online analytical processing (OLAP) web client
designed for business and financial analysts. It not only provides access to
a wide range of OLAP databases, but also allows users to combine
information from different systems within a single workspace. Voyager offers
a comprehensive range of business and time calculations, and includes
features such as time sliders to make the analysis of OLAP data as simple
as possible.
The Voyager OLAP feature set complements both Crystal Reports (for direct
data access to OLAP cubes for production reporting) and Web Intelligence
(for ad hoc analytic reporting with universes built on OLAP data sources).
Xcelsius
Xcelsius is a data visualization tool that transforms BI data into engaging
presentations and dashboards. It enables the integration of dynamically
updated data into Microsoft Office, PDF, and web documents with Business
Objects queries and reports. Xcelsius is comprised of designer and viewing
extensions leveraging Business Objects web services.
BusinessObjects Mobile
BusinessObjects Mobile allows your organization access to information from
any wireless device. Management and information workers can stay
up-to-date and make decisions with access to the latest information. Sales
and field service staff can provide the right customer, product, and work order
information, where and when it's needed, helping to shorten sales cycles,
and increasing customer satisfaction.
Report viewers
BusinessObjects Enterprise includes report viewers that support different
platforms and different browsers in the client tier, and which have different
report viewing functionality.
Report viewers fall into two categories:
• Client-side viewers (Active X viewer, Java viewer)
Client-side viewers are downloaded and installed in the user's browser.
When a user requests a report, the application server processes the
request, and retrieves the report pages from the BusinessObjects
42 BusinessObjects Enterprise Administrator's Guide
Architecture
Client tier components
Enterprise framework. The application server then passes the report
pages to the client-side viewer, which processes the report pages and
displays them directly in the browser.
• Zero-client viewers (DHTML viewer)
Zero-client viewers reside on the application server. When a user requests
a report, the application server processes the request, and then retrieves
the report pages from the BusinessObjects Enterprise framework. The
application server processes the report and creates DHTML pages that
the viewer displays in the user's web browser.
All report viewers help process requests for reports, and present report pages
that appear in the user's browser.
For more information on the specific functionality or platform support provided
by each report viewer, see the BusinessObjects Enterprise InfoView User's
Guide or the Crystal Reports Developer's Guide, available at the customer
support portal: http://support.businessobjects.com/documentation/prod
uct_guides/default.asp.
2
Installed desktop client applications
The installed desktop client applications interact with the BusinessObjects
Enterprise intelligence or processing servers. They do not communicate with
the Java web application server. Communication between the clients and
the servers can be secured with SSL encryption (CORBA SSL).
Desktop products are installed client applications that run on Microsoft
Windows operating systems. They can store resources locally and access
your organization's data through locally installed database driver middleware
or the Central Management Console (CMC).
Business Views Manager
Business Views is a multi-tier system that enables companies to build
comprehensive and specific Business Views objects that help report designers
and end users access the information they require.
Administrators use the Business View Manager—a thick-client designer,
which runs as a Microsoft Windows application. This designer provides a
wide range of capabilities for creating Data Connections, Dynamic Data
BusinessObjects Enterprise Administrator's Guide 43
Architecture
2
Client tier components
Connections, Data Foundations, Business Elements, and Business Views.
The Business View Manager allows you to design relational views of
information. This designer also allows you to set detailed column and
row-level security for various objects in a report.
Crystal Reports Designer
Crystal Reports Designer allows database experts or application developers
to create and integrate detailed reports that can be easily shared with others
using Crystal Reports Viewer or a web browser.
Crystal Reports Viewer
The Crystal Reports Viewer is available as a free download from
http://www.businessobjects.com/product/catalog/crystalreports, and allows
users to open reports created in read-only mode. Reports cannot be
refreshed, as the data used is saved within the report itself.
Central Configuration Manager (CCM)
The CCM is a server troubleshooting and node configuration tool provided
in two forms. In a Microsoft Windows environment, the CCM allows you to
manage local and remote servers through its graphical user interface (GUI)
or from a command line. In a UNIX environment, the CCM shell script
(ccm.sh) allows you to manage servers from the command-line.
The CCM allows you to view and to modify server settings only while Business
Objects server processes are offline. The Central Management Console
(CMC) is used to stop server processes, then the CCM is used to modify
performance settings or change server port numbers.
Note:
Most server management tasks are now handled through the CMC, not in
the CCM. The CCM was the primary tool for server management in previous
versions, but the CCM is now used only for troubleshooting and node
configuration.
Desktop Intelligence
Desktop Intelligence is an integrated query, reporting and analysis tool that
allows you to access data using familiar business terms, rather than using
technical database query methods, like SQL. The complexity of the underlying
44 BusinessObjects Enterprise Administrator's Guide
Architecture
Client tier components
data storage is abstracted in the semantic data layer known as the Business
Objects Universe.
Data Source Migration Wizard
The Data Source Migration Wizard allows you to migrate reports that are
based on Crystal Reports queries, dictionaries, or InfoViews, to a
BusinessObjects Enterprise deployment.
You can migrate two types of objects: reports and data sources. The wizard
converts the data source of each report into an object that is usable in
BusinessObjects Enterprise, and then resets the data source location of the
report to point to the new object. The result is that you can use the new
features of BusinessObjects Enterprise while keeping the functionality of the
reports and data sources from your previous installation.
Repository Diagnostic Tool
The Repository Diagnostic Tool (RDT) is new for BusinessObjects Enterprise
XI 3.0. This tool can scan, diagnose, and repair inconsistencies that may
occur between the Central Management Server (CMS) system database
and the File Repository Servers (FRS) filestore.
2
RDT scans the CMS system database and identifies inconsistencies. It can
also repair the logged inconsistencies, and report the repair status and
completed actions. To determine synchronization between the file system
and database, RDT should be used after the user first completes a hot
back-up. Or the customer can use the RDT after a restoration and prior to
starting their BusinessObjects Enterprise services. The user can set a limit
for the number of errors the RDT will find and repair before stopping.
Import Wizard
The Import Wizard guides administrators through the process of importing
universes, reports, users, groups, and folders, from a previously released
version of BusinessObjects Enterprise to the latest version. It also allows
administrators to export to BIAR (Business Intelligence Archive Resource)
files.
The Import Wizard runs on Microsoft Windows platform, but can be used to
import information into BusinessObjects Enterprise systems running any
supported Windows or UNIX operating system.
BusinessObjects Enterprise Administrator's Guide 45
Architecture
2
Client tier components
Live Office
BusinessObjects Live Office integrates with the Microsoft Office environment,
allowing for dynamically updated data to be embedded within Microsoft
PowerPoint, Excel, and Word documents. Plus, you can share your
documents with others over the web for collaborative decision-making. From
within Microsoft Office, you can use intuitive wizards and toolbars to easily
connect to a Crystal report, Web Intelligence document, or use ad hoc data
selections. Then format your data using familiar Microsoft Office tools.
Using Live Office, you can publish "live" documents to BusinessObjects
Enterprise for sharing with your coworkers through a business intelligence
portal. Or, take it outside the firewall and email it to an off-site partner or
coworker.
Note:
Web services applications are currently only supported with the following
load balancer configurations:
1. Source IP address persistence.
2. Source IP and destination port persistence (available only on a Cisco
Content Services Switch).
3. SSL persistence.
Note:
SSL persistence may cause security and reliability issues on some web
browsers. Check with your network administrator to determine if SSL
persistence is appropriate for your organization.
For information on configuring web services to work with Live Office, see the
BusinessObjects Enterprise Web Services Administrator Guide.
Publishing Wizard
The Publishing Wizard enables both administrators and end users to create
and publish reports to BusinessObjects Enterprise. By assigning object rights
to individual folders on a given server, you control who can publish reports
and where they are published.
Use the Publishing Wizard if you have access to the application and you
want to add multiple objects or an entire directory of objects to
BusinessObjects Enterprise. Once an object is added, it appears in the folder
that you specified in InfoView (or your customized web desktop) and in the
Folders management area of the CMC.
46 BusinessObjects Enterprise Administrator's Guide
Architecture
Client tier components
For more information, see the Adding Objects to the Repository chapter of
BusinessObjects Enterprise Administrator's guide.
Query as a Web Service
Query as a Web Service provides new and easy ways to analyze information
through user-driven client solutions for businesses. Business Intelligence
(BI) content is usually bound to a specific user interface of BI tools. Query
as a Web Service changes this by allowing BI content to be delivered to any
user interface that can process web services.
Using Query as a Web Service, business users define their own query from
a universe, and then easily and securely publish that query as a standalone
web service.
Query as a Web Service provides new client solutions for businesses. For
example, it enables Crystal Xcelsius to aggregate multiple disparate data
sources into a trusted BI view.
Query as a Web Service also enables a range of client-side solutions in tools
such as:
• Microsoft Office, Excel, and InfoPath.
• SAP Application Server.
• OpenOffice.
• Business rules and process management applications.
• Enterprise Services.
2
Report Conversion Tool
The Report Conversion Tool converts Desktop Intelligence reports to the
Web Intelligence format and publishes the converted reports to the CMS.
It retrieves reports from the CMS, in the Public, Favorites, or Inbox folders.
Once converted, you can publish to the same folder as the original Desktop
Intelligence report or to a different folder. The tool does not convert all
Desktop Intelligence features and reports. The level of conversion depends
on the features in the original report. Some features prevent the report from
being converted. Other features are modified, reimplemented, or removed
by the tool during conversion.
The tool assigns one of three statuses to each report:
• Fully Converted.
• Partly Converted.
BusinessObjects Enterprise Administrator's Guide 47
Architecture
2
Client tier components
• Not Converted.
The Report Conversion Tool also lets you audit your converted reports. This
helps identify reports that cannot be fully converted by the Report Conversion
Tool and explains why.
Translation Manager
BusinessObjects Enterprise provides support for multilingual documents and
universes. A multilingual document contains localized versions of universe
metadata and document prompts. A user can create reports, for example,
from the same universe in their chosen languages.
The Translation Manager is the tool that defines the multilingual universes
and manages translation of universes and their Web Intelligence documents
and prompts.
Translation Manager:
• Translates universe or a Web Intelligence documents for a multilingual
audience.
• Defines the metadata language parts of the document and the appropriate
translation. It generates external XLIFF format and imports XLIFF files to
get translated information.
• Lists the universe or Web Intelligence document structure to be translated.
• Lets you translate the metadata through the interface.
• Lets you translate the metadata using external translation tools by
exporting and importing XLIFF files.
• Creates a multilingual document where several languages can be saved.
Universe Builder
A universe is a semantic layer of abstraction that exists between
BusinessObjects Enterprise and the data in your organization's database.
Universe Builder allows you to create universes from XML metadata and
Oracle Analytic Services.
Universe data sources can be multi-dimensional objects (dimensions,
measures, details), enabling the end user to analyze the data without needing
to know the details of the underlying database structure.
Once you start Universe Builder, you connect to a metadata source, then
using a universe creation wizard, map metadata structures to equivalent
48 BusinessObjects Enterprise Administrator's Guide
Architecture
Application tier components
classes, objects, dimensions, and details, used in a standard BusinessObjects
universe.
You can create universes from metadata sources with both Universe Builder
and Designer. Universe Builder is a stand-alone product that provides an
independent user interface for universe creation from metadata sources.
Designer is used for the universe generation at the end of the creation
process.
Universe Designer
Universe Designer provides a connection wizard that allows you to connect
to your database middleware. You can create multiple connections with
Designer, but only one connection can be defined for each universe. This
database connection is saved with the universe.
Designer provides a graphical interface to select and view tables in a
database. The database tables are represented as table symbols in a schema
diagram. You can use this interface to manipulate tables, create joins between
tables, create alias tables, create contexts, and solve loops in your schema.
Web Intelligence users do not see this schema.
2
Web Intelligence rich client
Web Intelligence can be used offline as a Web Intelligence rich client, as a
standalone Microsoft Windows application equivalent to the Java Report
Panel. Web Intelligence rich client allows you to continue to work with Web
Intelligence documents (WID) when you are unable to connect to a CMS,
when you want to perform calculations locally rather than on the server, and
when you want to work with Web Intelligence documents without installing
a CMS or application server.
Web Intelligence rich client can also be used when connected to a CMS.
Application tier components
The application tier acts as the translation layer between the end user and
the processing tier. A third-party web application server hosts Java SDK
modules to process requests from the user tier, then communicates those
requests to the appropriate service in BusinessObjects Enterprise.
BusinessObjects Enterprise Administrator's Guide 49
Architecture
2
Application tier components
The following third-party J2EE web application servers can be used with
BusinessObjects Enterprise.
• WebSphere 6.1.
• WebSphere Community Edition 2.0.
• WebLogic 10.
• WebLogic 9.2.
• Tomcat 5.5 (bundled with BusinessObjects Enterprise).
• SAP Application Server 7.0.
• Oracle 10G R3.
• JBoss 4.04.
Note:
For specific version compatibility, refer to the BusinessObjects Enterprise
supported platform document guide online on our support web site:
http://support.businessobjects.com/documentation/supported_platforms.
The web and application services tier communicate with the following
BusinessObjects Enterprise :
• The BusinessObjects Enterprise SDK.
• BusinessObjects Enterprise web services.
Web application servers
BusinessObjects Enterprise requires a Java web application server to process
the server-side scripts that make up web applications. You can install the
Tomcat web application server during the BusinessObjects Enterprise
installation, or use a supported third-party web application server and Java
Development Kit (JDK).
The following web application servers are supported in BusinessObjects
Enterprise.
• WebSphere 6.1.
• WebSphere Community Edition 2.0.
• WebLogic 10.
• WebLogic 9.2.
• Tomcat 5.5 (bundled with BusinessObjects Enterprise).
• SAP Application Server 7.0.
• Oracle 10G R3.
• JBoss 4.04.
50 BusinessObjects Enterprise Administrator's Guide
Application tier components
Note:
For specific version compatibility, refer to the BusinessObjects Enterprise
supported platform document guide online on our support web site:
http://support.businessobjects.com/documentation/supported_platforms.
Java software development kit (SDK) support
The BusinessObjects Enterprise Java 2 Enterprise Edition (J2EE) software
development kit (SDK) allows you to create Java web applications that run
on the web application server in your BusinessObjects Enterprise deployment.
SDKs give you the ability to create web applications that integrate powerful
reporting features, such as those offered by Web Intelligence or InfoView.
The following Java SDKs are included with BusinessObjects Enterprise.
• BusinessObjects Enterprise Java SDK.
• Report Engine Java SDK.
• Report Application Server (RAS) Java SDK.
• Viewers Java SDK.
• Web services Java SDK.
• JavaServer Faces Components (JSF) for BusinessObjects Enterprise
SDK.
Architecture
2
BusinessObjects Enterprise Java SDK
The BusinessObjects Enterprise SDK allows you to incorporate
BusinessObjects Enterprise functionality into your own web applications.
1. Authentication and session management.
Users can be authenticated by using the BusinessObjects Enterprise
authentication protocol or some other protocol, such as LDAP or Kerberos.
Once the user is authenticated, a user session is created. The user
session maintains state information as the user performs actions and
navigates to different pages within the BusinessObjects Enterprise web
application.
2. Working with repository objects.
BusinessObjects Enterprise Administrator's Guide 51
Architecture
2
Application tier components
The information entity in BusinessObjects Enterprise is the InfoObject.
All operations involve the retrieval and manipulation of InfoObjects from
the Central Management Server (CMS).
3. Report operations.
The BusinessObjects Enterprise SDK supports many types of report
documents: Crystal reports, Web Intelligence and Desktop Intelligence
documents, as well as Microsoft Excel, and Adobe's Portable Document
Format (PDF), among others.
4. Administering BusinessObjects Enterprise.
Many aspects of a BusinessObjects Enterprise deployment can be
administered programmatically, such as managing server process and
server process groups, and server auditing.
Report Engine SDK
The Report Engine SDK includes libraries that you can use to build a web
report design tool. Applications built with this SDK can view, create, or modify,
a variety of different Web Intelligence and Desktop Intelligence documents.
Users can modify documents by adding, removing, and modifying objects
such as tables, charts, conditions, and filters.
Report Application Server (RAS) Java SDK
The Report Application Server (RAS) Java SDK is an API for developing
Java web applications with advanced report creation and modification
functionality. With the RAS Java SDK, you can create Java client applications
that interact with the RAS server from a web application server.
Web application users can create or modify Crystal reports by adding,
removing, or modifying tables, charts, parameters, and fields.
Viewers Java SDK
The Viewers SDK is an API that lets you incorporate reports in a range of
different formats within your web application.
Viewers are a 'thin-client' technology - users of your web application don't
need to install any additional software in order to view the reports. Two Java
viewers are available:
1. DHTML report page viewer.
52 BusinessObjects Enterprise Administrator's Guide
Architecture
Application tier components
This viewer provides basic thin-client report viewing capabilities to present
data and allow drill-down, page navigation, zooming, prompting, text
searching, highlighting, exporting, and printing.
2. Report parts viewer.
This viewer provides the ability to view individual report parts including
charts, text, and fields.
Web services Java SDK
See BusinessObjects Web Services on page 55.
JavaServer Faces (JSF) SDK
The JavaServer Faces (JSF) SDK consists of JavaServer Faces components
and managed Java beans built on top of the BusinessObjects EnterpriseJava
SDK. The components encapsulate common BusinessObjects Enterprise
functionality, such as logging on to the system, navigating through folders
and categories, listing managed content, and viewing Crystal reports.
JSF component functionality can be divided into several main areas of
BusinessObjects Enterprise application development.
1. Identifying end users in a BusinessObjects Enterprise system.
2
Individual users can be associated with their actions, such as logging on
or off, and changing a password.
2. Listing and navigating managed content.
Users can navigate repetitive information using nested lists rendered from
a data source.
3. Scheduling of managed content.
Your application's users can schedule reports to run at custom intervals
if you create pages that enable a user to set scheduling options.
4. Viewing managed content.
The ReportPageViewer component lets you quickly add the ability to
view reports on a page.
BusinessObjects Enterprise Administrator's Guide 53
Architecture
2
Application tier components
.NET software development kit (SDK) support
The following .NET SDKs are included with BusinessObjects Enterprise.
• Report Application Server (RAS) .NET SDK.
• Crystal Reports .NET SDK.
• Web services .NET SDK.
Report Application Server (RAS) .NET SDK
The Report Application Server (RAS) SDK is a API for developing .NET web
applications with advanced report creation and modification functionality.
With the RAS .NET SDK, you can create .NET client applications that interact
with the RAS server from a web application server.
Web application users can create or modify Crystal reports by adding,
removing, or modifying tables, charts, parameters, and fields.
Crystal Reports .NET SDK
The Crystal Reports .NET SDK allows you to incorporate BusinessObjects
Enterprise functionality into your own web applications, including:
1. Core functions.
Embed Crystal Reports Designer in your applications for report creation.
2. Database connections.
Log on to a database server and access data.
3. Report data manipulation.
Filter, group, sort, and total report data.
4. Report appearance and report objects.
Format, work with field and text objects, and enhance report presentation.
5. Printing and Exporting.
Export reports to other formats, and print reports.
54 BusinessObjects Enterprise Administrator's Guide
BusinessObjects Web Services
Business Objects Web Services provide a Java and .NET API accessed by
rich clients in the user interaction tier, such as Live Office and Crystal Reports.
Web Services consists of software components that can be called remotely
using the Simple Object Access Protocol (SOAP). SOAP is a protocol for
exchanging information that is not dependent on a specific platform, object
model, or programming language.
BusinessObjects Enterprise Web Services includes functionality in the
following areas:
• Session
Authentication and user privilege management.
• BI platform
Exposes advanced platform features such as scheduling, search, user
and group administration, server administration, platform events, and
calendars.
Architecture
Application tier components
2
• Report Engine
Displays Web Intelligence and Crystal Reports in HTML, PDF, Excel, and
XML format.
• Query
Builds ad-hoc queries based on the Business Objects universe semantic
layer.
Business Objects web services uses standards such as XML, SOAP, AXIS
2.0 and WSDL. The platform follows WS-Interoperability Basic Profile
1.0 web services specification.
Note:
Web Services applications are currently only supported with the following
load balancer configurations:
1. Source IP address persistence.
2. Source IP and destination port persistence (available only on a Cisco
Content Services Switch).
3. SSL persistence.
BusinessObjects Enterprise Administrator's Guide 55
Architecture
2
Application tier components
Note:
SSL persistence may cause security and reliability issues on some web
browsers. Check with your network administrator to determine if SSL
persistence is appropriate for your organization.
For information on installing and configuring Web Services, see the
BusinessObjects Enterprise Web Services Administrator Guide.
Query as a Web Service
Business Objects Query as a Web Service is a wizard-based application that
allows queries to be made into a web service and integrated with web-ready
applications. Queries can be saved to create a catalog of standard queries
that application builders can select as required.
Business Intelligence (BI) content is usually bound to a specific user interface
of BI tools. Query as a Web Service changes this by allowing BI content to
be delivered to any user interface that can process web services.
Query as a Web Service is designed to work on top of any Microsoft Windows
application the same way as other web services. Query as a Web Service
is based on the W3C web service specifications SOAP, WSDL, and XML. It
has two main components:
1. Server component
The server component (included in BusinessObjects Enterprise) stores
the Query as a Web Service catalog and hosts the published web services.
2. Client tool
This is how business users create and publish their queries as a web
service on the server. You can install the client tool on several machines
that can access and share the same Query as a Web Service catalog
stored on the server. The client tool communicates with the server
components via web services.
Query as a Web Service allows web queries to be used as part of a range
of client-side solutions.
• Microsoft Office, Excel, and InfoPath.
• SAP Application Server.
• OpenOffice.
56 BusinessObjects Enterprise Administrator's Guide
• Business rules and process management applications.
• Enterprise Service Bus platforms.
Packaged applications
This section describes the tools that are installed with BusinessObjects
Enterprise.
Dashboard and Analytics
Dashboard and Analytics is a suite of products that helps users track and
analyze key business metrics via management dashboards, scorecards, and
alerting. These products allow goals to be set around metrics and assigned
to owners; they also support group decision-making and analysis via
integrated collaboration and workflow capabilities. Dashboard and Analytics
includes the following products:
• Dashboard Builder
• Performance Manager
• Set Analysis
• Predictive Analysis
• Process Analysis
Architecture
Application tier components
2
The Dashboard and Analytics repository stores the metrics, goals, sets and
calendar definitions, used by Dashboard and Analytics users to create
dashboards and analytics. Each time users refresh a metric, the values for
the metric refresh are written to the Dashboard and Analytics repository.
Note:
To use Dashboard and Analytics features, you must purchase a
BusinessObjects Enterprise license that includes Dashboard and Analytics
as part of the software license agreement.
Voyager
Voyager is an online analytical processing (OLAP) tool for working with
multi-dimensional data. Users access Voyager from within the
BusinessObjects Enterprise InfoView portal. Users can create new analysis
workspaces, and view and edit workspaces that have been saved to the
BusinessObjects Enterprise repository.
BusinessObjects Enterprise Administrator's Guide 57
Architecture
2
Intelligence tier
Voyager is accessed from BusinessObjects InfoView in a web browser, which
can be distributed to a large number of users, including those outside of your
secure network, on the internet.
Voyager requires a connection to a supported OLAP data source, such as
Microsoft Analysis Services, SAP BW, or Oracle Hyperion Essbase.
Therefore, you must create a connection to data before analysts can begin
using Voyager to analyze data.
Note:
The Voyager web application is available only as a Java web application.
There is no corresponding Voyager application for .NET.
Deploying web applications with wdeploy
BusinessObjects Enterprise ships with a tool to ease the deployment of web
applications on supported web application servers. Based on the Apache
Ant scripting tool, wdeploy allows you to deploy WAR files to a web
application server in two ways:
1. Standalone mode.
All web application resources are deployed together on a web application
server that serves both dynamic and static content.
2. Distributed mode.
The application's dynamic and static resources are separated: static
content is deployed to a web server; dynamic content is deployed to a
web application server.
For more information about wdeploy, see the Post Installation Web
Application Deployment chapter of the BusinessObjects Enterprise Installation
guide.
Intelligence tier
The Intelligence tier manages the BusinessObjects Enterprise system. It
maintains all of the security information, sends requests to the appropriate
servers, manages audit information, and stores report instances.
This tier contains the following components:
58 BusinessObjects Enterprise Administrator's Guide
• Central Management Server (CMS).
• Event Server.
• File Repository Servers (FRS).
• Cache Server instances.
Server classifications
The Central Management Console (CMC) web application provides the ability
to add, remove, enable, or disable, BusinessObjects Enterprise servers.
These processes are grouped into three categories: Framework servers,
Processing servers, and Performance Management servers. For more
information about server management , see Chapter 6: Managing and
Configuring Servers in the BusinessObjects Enterprise Adminstrator's Guide
.
Framework servers
Framework servers provide back-end core system services that form the
foundation of the BusinessObjects Enterprise Business Intelligence platform.
Architecture
Intelligence tier
2
BusinessObjects Enterprise Administrator's Guide 59
Architecture
2
Intelligence tier
Central Management
Server
Event Server
File Repository Servers
Adaptive
Processing
Servers
DescriptionServer kind
Primary server process that provides services for all other servers in the Business
Intelligence (BI) platform, including management of:
• security
• objects
• servers
• auditing
events, and notifying the CMS of these
events.
Responsible for the creation of file system
objects, such as exported reports, and imported files in non-native formats.
Generic server that hosts multiple services
responsible for processing requests from
various sources. It can host services like
the Publishing Service and the Client Auditing Proxy Service.
Server instance(s)
managed by CMC
CentralManage
mentServer
EventServerResponsible for monitoring file based
InputFileReposi
tory, OutputFil
eRepository
AdaptiveProcess
ingServer
Processing servers
Processing servers are the back-end components that handle requests from
Web Intelligence, Desktop Intelligence, Crystal Reports, and Voyager.
60 BusinessObjects Enterprise Administrator's Guide
Architecture
Intelligence tier
2
Connection Server
Crystal Reports
Cache Server
Crystal Reports
Processing Server
Desktop Intelligence Cache
Server
Desktop Intelligence Processing Server
DescriptionServer kind
connection and interaction
with the various datasources
and providing a common feature set to its clients, by emulating the missing features if
necessary.
Caches recently executed
Crystal reports to reduce
database requests.
Runs Crystal report queries
and returns data to Crystal
Reports Cache Server.
Caches recently executed
Desktop Intelligence reports
to reduce database requests.
Runs Crystal report queries
and returns data to Crystal
Reports Cache Server.
Server instance(s) managed
by CMC
ConnectionServerResponsible for handling
CrystalReportsCacheServ
er
CrystalReportsProcess
ingServer
DesktopIntelligence
CacheServer
DesktopIntelligencePro
cessingServer
Job Servers
Processes scheduled actions
on objects at the request of
the CMS. When you add a
Job server to the BusinessObjects Enterprise system, you
can configure the Job server
to:
• Process report and docu-
ment objects
• Process program objects
• Process publication ob-
jects
• Send objects or instances
to specified destinations.
BusinessObjects Enterprise Administrator's Guide 61
AdaptiveJobServer, Crys
talReportsJobServer,
DesktopIntelligenceJob
Server, DestinationJob
Server, ListOfValuesJob
Server, ProgramJobServer,
PublicationJobServer
Architecture
2
Intelligence tier
DescriptionServer kind
Report Application Server
Web Intelligence
Processing Server
al Analysis Services (MDAS)
Server
Performance Management servers
to page requests by processing reports and generating
Encapsulated Page Format
(EPF) pages.
Runs Web Intelligence
queries and returns data to
the user.
OLAP framework server.Multi Dimension-
Server instance(s) managed
by CMC
ReportApplicationServerResponsible for responding
WebIntelligenceProcess
ingServer
MultiDimensionalAnaly
sisServicesServer
Performance Management servers are the back-end servers for the
Performance Management product suite. Performance Management is only
enabled if you purchase the appropriate BusinessObjects Enterprise software
license.
DescriptionServer kind
PM Metrics
Server
PM Repository
Server
PM Rules
Server
Sets Profile
Server
Sets Query
Server
62 BusinessObjects Enterprise Administrator's Guide
Creates and populates metrics for the
Metric Engine.
Manages repository-specific performance
information.
agement rules and alerts.
Manages Performance Management profile
information.
Runs Performance Management set
queries.
Server instance(s) managed by CMC
PMMetricsServ
er
PMRepository
Server
PMRulesServerCreates and monitors Performance Man-
SetsPro
cessServer
SetsQueryServ
er
Architecture
Intelligence tier
2
DescriptionServer kind
KXEN data mining engine and forecaster.Predictive
Analysis Server
Process Analysis Server
Dashboard
Server
Dashboard Analytics Server
Automate tracking of of variables through
BusinessObjects Enterprise.
Used by the Dashboard Builder to create
and manipute dashboards.
Used by the Dashboard Builder to create
and manipute analytic content.
Central Management Server (CMS)
The Central Management Server (CMS) maintains a database of information
about your BusinessObjects Enterprise system. This is known as the CMS
database. All the platform services are managed and controlled by the CMS.
The CMS also manages access to the system file store where the physical
documents are managed. The system repository database is maintained
using the provided MySQL database, or by using the supported database
of your choice.
Server instance(s) managed by CMC
PredictiveAnal
ysisServer
ProcessAnaly
sisServer
DashboardServ
er
DashboardAna
lyticsServer
CMS data includes information about users and groups, security levels,
content, and services. The CMS can also maintain an optional auditing
database of information about user actions, and files with the File Repository
Servers. This data allows the CMS to perform four main tasks:
• Maintaining security
The CMS enforces the application of rights at both the folder and object
level, and supports inheritance at the user and group level. It also supports
aggregation through a flexible, group-user membership model.
An integrated security system is available for customers who do not
currently use an entitlement database, although BusinessObjects
Enterprise is designed for integration with multiple concurrent third-party
BusinessObjects Enterprise Administrator's Guide 63
Architecture
2
Intelligence tier
security systems, such as LDAP, Siteminder, or Microsoft Active Directory.
When a change is made to a user in the entitlement database, the change
is then propogated to BusinessObjects Enterprise.
• Managing objects
The CMS keeps track of the object location and maintains the folder
hierarchy. "InfoObjects" are system metadata objects that contain contain
index information, and the actual documents or objects are stored in a
file store. The separation of the object definition (metadata) from the
document allows for fast object processing as only the required information
is retrieved from the system’s repository. The CMS also runs scheduled
report jobs.
• Managing servers
Server process are monitored by the CMS and allocates work to less
busy processes. It will also add or remove service instances as work
loads change or services become unavailable.
The CMS handles load balancing and automated clustering to avoid
bottlenecks and maximize hardware efficiency. In some multi-server
environments, BusinessObjects Enterprise may not require a separate
third-party load balancing system.
• Managing auditing
User actions can be monitored and written to a central audit database.
This information allows system administrators to better track and manage
their BusinessObjects Enterprise deployment.
The auditing functionality allows administrators to better understand which
users accessed the enterprise system, which documents they interacted
with, and the overall system metrics for system optimization. Usage data
is collected from the system interactions recorded in the auditing database.
A sample universe and sample auditing reports are also available to
provide fast access to information such as the most accessed reports,
peak system use times, and average user session times.
Note:
It is strongly recommended that you back up and audit the CMS system
database frequently.
64 BusinessObjects Enterprise Administrator's Guide
Caution:
The CMS database should not be accessed directly. System information
should only be retrieved using the calls that are provided in the
BusinessObjects Enterprise software development kit (SDK).
Restriction:
You may access the optional audit database in read-only mode to create
custom audit reports.
On Windows, the Setup program can install and configure its own MySQL
database if you do not already have a database server allocated for the
deployment. You can switch to a different database later if your deployment
needs change.
Event Server
The Event Server manages file-based events. When you set up a file-based
event within BusinessObjects Enterprise, the Event Server monitors the
directory that you specified. When the appropriate file appears in the
monitored directory, the Event Server triggers your file-based event: that is,
the Event Server notifies the CMS that the file-based event has occurred.
The CMS can then start any jobs that are dependent upon the file-based
event.
Architecture
Intelligence tier
2
Note:
Schedule-based and custom events are managed through the CMS.
File Repository Servers
Input and Output File Repository Server (FRS) processes run on each
BusinessObjects Enterprise server machine.
The Input FRS manages report and program objects that have been published
to the system by administrators or end users (using the Publishing Wizard,
the CMC, the Import Wizard, or a Business Objects designer component
such as Crystal Reports, or Web Intelligence report panels).
BusinessObjects Enterprise Administrator's Guide 65
Architecture
2
Intelligence tier
Note:
Objects with associated files, such as text files, Microsoft Word files, or PDFs,
are stored on the Input File Repository Server.
The Output FRS manages all of the report instances generated by the Report
Job Server or the Web Intelligence Processing Server, and the program
instances generated by the Program Job Server.
Tip:
If you use the BusinessObjects Enterprise SDK, you can also publish reports
from within your own code.
The FRSes are responsible for listing files on the server, querying for the
size of a file, querying for the size of the entire file repository, adding files to
the repository, and removing files from the repository.
Caution:
To avoid conflicts between input and output objects, the Input and Output
FRSes cannot share the same file system directory. In larger deployments,
there may be multiple Input and Output FRSes. However, only one set is
active at any given time. In this case, all Input File Repository Servers share
the same directory. Likewise, all Output File Repository Servers share the
same directory.
Cache servers
Cache servers handle report view requests. A cache server intercepts report
requests and checks if it can fulfill the request with a cached report page
before requesting new data from the database. This avoids accessing the
database each time a report is requested, which accelerates viewing
performance and reduces network traffic.
A cache server intercepts report requests sent from clients to the page server.
If the cache server cannot fulfill the request with a cached report page, it
passes the request on to the page server, which runs the report and returns
the results. The cache server then caches the report page for future use,
and sends the report to the viewer.
BusinessObjects Enterprise also performs active data sharing to reduce
database access request. Reports that are different, but which use the same
data, can be rendered from the same cache.
66 BusinessObjects Enterprise Administrator's Guide
Two different types of cache servers are:
• Crystal Reports cache server, which handles requests for Crystal Reports.
• Desktop Intelligence cache server, which handles requests for Desktop
Intelligence reports.
Processing tier
The BusinessObjects Enterprise processing tier accesses the data tier and
generates reports for clients. It is the only tier that directly interacts with the
reporting database.
The processing tier includes the following server types.
Related Topics
• Job servers on page 67
• Report and Processing servers on page 69
• Crystal Reports page server on page 72
• Multi-Dimensional Analysis Server (MDAS) on page 72
• Dashboard and Analytics servers on page 73
Architecture
Processing tier
2
Job servers
A job server processes scheduled actions on objects at the request of the
Central Management Server (CMS). When you add a job server to the
BusinessObjects Enterprise system, you can configure the job server to:
• Process reporting or document objects.
• Process publication objects.
• Process program objects.
• Send objects or instances to specified destinations.
If you configure a job server to process Crystal Reports objects, it becomes
a Crystal Reports job server. If you configure a job server to process program
objects, it becomes a program job server, and so on. The Processing tier
includes:
• Crystal Reports job server.
• Program job server.
• Web Intelligence job server.
BusinessObjects Enterprise Administrator's Guide 67
Architecture
2
Processing tier
• Desktop Intelligence job server.
• Destination job server.
• List of Values job server.
• Adaptive job server.
Crystal Reports job server
The Crystal Reports job server processes scheduled reports, as requested
by the Central Management System (CMS), and generates report instances
(instances are versions of a report object that contain saved data). To
generate a report instance, the Crystal Reports job server obtains the report
object from the Input File Repository Server (FRS) and communicates with
the database to retrieve the current data. Once it has generated the report
instance, it stores the instance on the Output FRS.
Program job server
Program objects allow you to write, publish, and schedule custom
applications, including scripts, and Java programs that run against, and
perform maintenance on, BusinessObjects Enterprise.
The Program job server processes scheduled program objects, as requested
by the CMS. To run a program, the Program job server first retrieves the files
from storage on the Input File Repository Server (FRS), and then runs the
program. By definition, program objects are custom applications. Therefore,
the outcome of running a program is dependent on the program object that
is run.
Unlike report instances, which can be viewed in their completed format,
program instances exist as records in the object history. BusinessObjects
Enterprise stores the program’s standard out and standard error in a text
output file. This file appears when you click a program instance in the object
History.
Web Intelligence job server
The Web Intelligence job server processes scheduling requests it receives
from the Central Management System (CMS) for Web Intelligence documents.
It forwards these requests to the Web Intelligence Report Server, which will
generate the instance of the Web Intelligence document. The Web Intelligence
job server does not actually generate object instances.
68 BusinessObjects Enterprise Administrator's Guide
Architecture
Processing tier
Desktop Intelligence job server
The Desktop Intelligence job server processes scheduling requests it receives
from the CMS for Desktop Intelligence documents and generates the instance
of the Desktop Intelligence document.
Destination job server
If you configure a job server to send objects or instances, it becomes a
Destination job server. A Destination job server processes requests that it
receives from the CMS and sends the requested objects or instances to the
specified destination:
• If the request is for an object, it retrieves the object from the Input File
Repository Server.
• If the request is for a report or program instance, it retrieves the instance
from the Output File Repository Server.
The Destination job server can send objects and instances to destinations
inside the BusinessObjects Enterprise system, for example, a user’s inbox,
or outside the system. For example, by sending a file to an e-mail address.
2
The Destination job server does not run the actual report or program objects.
It only handles objects and instances that already exist in the Input or Output
File Repository Servers.
List of Values job server
The List of Values job server processes scheduled list-of-value objects.
These objects contain the values of specific fields in a Business View. Lists
of values implement dynamic prompts and cascading lists of values within
Crystal Reports. List-of-value objects do not appear in Central Management
Console (CMC) or InfoView. For more information, see the Business Views
Administrator’s Guide.
Adaptive job server
A generic server that hosts BusinessObjects Enterprise job services.
Report and Processing servers
The processing tier includes the following servers:
BusinessObjects Enterprise Administrator's Guide 69
Architecture
2
Processing tier
• Web Intelligence Report Server.
• Desktop Intelligence Report Server.
• Report Application Server (RAS).
• Crystal Reports Processing Server.
• Web Intelligence Processing Server.
• Desktop Intelligence Processing Server.
• Adaptive Processing Server.
• Dashboard Server.
• Dashboard Analytics Server.
• Predictive Analysis Server.
• Process Analysis Server.
Web Intelligence Report Server
The Web Intelligence Report Server is used to create, edit, view, and analyze
Web Intelligence documents. It also processes scheduled Web Intelligence
documents and generates new instances of the document, which it stores
on the Output File Repository Server (FRS). Depending on the user’s access
rights and the refresh options of the document, the Web Intelligence Report
Server will use cached information, or it will refresh the data in the document
and then caches the new information.
Desktop Intelligence Report Server
The Desktop Intelligence Report service is the core engine that handles the
collection of data, formatting, and layout of a Desktop Intelligence document.
The server communicates with the Central Management Server (CMS) when
a document is requested, manages the connection to the Universe, and
retrieves the data.
Report Application Server (RAS)
The Report Application Server (RAS) provides ad-hoc reporting capabilities
that allow users to create and modify Crystal reports via the RAS Software
Development Kit (SDK). This SDK supports the Java viewer SDKs and does
not require a specific license; it is included with your BOE package.
Note:
The RAS is also used to resolve Dynamic Recipient Lists at runtime or during
the design phase when working with publications.
70 BusinessObjects Enterprise Administrator's Guide
Architecture
Processing tier
Crystal Reports Processing Server
The Crystal Reports Processing Server retrieves data for the report from an
instance or directly from the database (depending on the user's request and
the rights he or she has to the report object). When retrieving data from the
database, the Crystal Reports Processing Server automatically disconnects
from the database after it fulfills its initial request and reconnects if necessary
to retrieve additional data. (This behavior conserves database licenses.)
The Crystal Reports Processing Server responds to page requests made by
the Cache Server. Requests always pass through the Cache Server and go
directly to the Processing Server.) The Processing Server and Cache Server
also interact to ensure cached EPF pages are reused as frequently as
possible, and new pages are generated when required.
Web Intelligence Processing Server
The Web Intelligence Processing Server is used to create, edit, view, and
analyze Web Intelligence documents. It interacts with the Enterprise
framework services like the CMS to list documents and universes, and
communicates with the Input File Repository Server (FRS) to open or save
Web Intelligence documents. It also processes scheduled Web Intelligence
documents for the Web Intelligence Job Server and generates new instances
of documents on the Output FRS. Depending on the user's access rights
and the refresh options of the document, the Web Intelligence Processing
Server will use cached information, or it will refresh the data in the document,
and then cache the new information.
2
The Crystal Report Designer also communicates with the Web Intelligence
Processing Server to create Crystal reports based on universes.
Desktop Intelligence Processing Server
The Desktop Intelligence Processing Server runs queries and generates
reports on behalf of the Desktop Intelligence client.
Adaptive Processing Server
An Adaptive Processing server is a generic server process that hosts
BusinessObjects Enterprise services. It provides a hosting environment,
enables the services to run and manages the life-cycle of the services
including starting and stopping. Furthermore, it can host services such as
the Publishing Service, and the Client Auditing Proxy Service; for a complete
BusinessObjects Enterprise Administrator's Guide 71
Architecture
2
Processing tier
set of available services, please see the Central Management Console
(CMC).
Crystal Reports page server
The Crystal Reports page server is responsible for responding to page
requests by processing reports and generating encapsulated page format
(EPF) pages. The key benefit of EPF is that it supports page-on-demand
access so only the requested page is returned, instead of the entire report.
This enhances performance and reduces unnecessary network traffic for
large reports.
The EPF pages contain formatting information that defines report layout.
The page server retrieves data for the report from an instance or directly
from the database (depending on the user request and the rights he or she
has to the report object). When retrieving data from the database, the page
server automatically disconnects from the database after it fulfills its initial
request and if necessary, reconnects to retrieve additional data. This helps
conserve database traffic and limit the unnecessary use of database licenses.
The Cache Server and Page Server work closely together. Specifically, the
Page Server responds to page requests made by the Cache Server. The
Page Server and Cache Server also interact to ensure cached EPF pages
are reused as frequently as possible, and new pages are generated as
required. BusinessObjects Enterprise takes advantage of this behavior by
ensuring that the majority of report-viewing requests are made to the Cache
Server and Page Server. However, if a user’s default viewer is the DHTML
viewer, the report is processed by the Report Application Server.
Multi-Dimensional Analysis Server (MDAS)
The Multi-Dimensional Analysis Server (MDAS) registers itself with the Central
Management Server (CMS), and its services are available for consumption
by other servers or client applications that communicate via the
BusinessObjects Enterprise framework.
The MDAS provides BusinessObjects Enterprise client applications with an
extensible and efficient framework for accessing multi-dimensional (OLAP)
data. It provides access to multi-dimensional data and also converts the raw
data into XML packages, which the requesting client application renders into
72 BusinessObjects Enterprise Administrator's Guide
a specific presentation format: Excel spreadsheet, PDF, or Voyager crosstabs
and charts.
Note:
OLAP single sign-on (SSO) is only supported for Microsoft Analysis Services
and SAP BW.
Dashboard and Analytics servers
BusinessObjects Enterprise integrates specialized analytic engine services
to support dashboard, scorecard and analytic products. Each of these
services can be configured separately, depending on the license options you
purchase, and your specific implementation requirements. For more
information, consult the Dashboard and Analytics Setup and Administration
Guide.
PM Metrics Server
Dashboard and Analytics server to populate metrics created using the Metric
Engine.
Architecture
Processing tier
2
PM Repository Server
Dashboard and Analytics server to read and store performance information
from the Dashboard and Analytics repository.
PM Rules Server
Dashboard and Analytics server to create rules and alerts. Rules and alerts
automate the process of detecting and interpreting change, and delivering
relevant analysis. Rules enable you to proactively monitor your business and
take appropriate and timely action in response to specific events.
Dashboard Server
Server process used by the Dashboard Builder component to create and
manipute corporate and personal dashboards. Dashboard Builder offers
metric, alert, and dashboard management capabilities to help organizations
monitor and understand their business activities.
BusinessObjects Enterprise Administrator's Guide 73
Architecture
2
Data tier
Data tier
Dashboard Analytics Server
Server process used by the Dashboard Builder component to create and
manipute corporate and personal dashboard analytic content.
Predictive Analysis Server
Server process used for Predictive Analysis (Data Mining) using KXEN
engine, which quickly uncovers key business drivers from your data and
forecasts future business conditions. It helps users make proactive decisions
more easily by providing insight in familiar terms through dashboards across
the organization.
Process Analysis Server
The process analysis server monitors server activity. This helps your
organization to automate the tracking of quality variables by using alarm
rules and control chart types defined by your quality improvement initiatives.
The Data tier is made up of the data sources that contain the information
used in the reports and documents managed by your BusinessObjects
Enterprise XI system, which supports a wide range of corporate databases.
Please review the online BusinessObjects Enterprise supported platforms
document for information related to supported database release versions,
patch levels, or caveats at the Business Objects customer support site:
http://support.businessobjects.com/documentation/supported_platforms.
Semantic layers
The Business Objects semantic layer is a platform-unspecific layer of
abstraction that lies between BusinessObjects Enterprise and the raw source
data contained with a reporting database.
Universes
The Universe abstracts the data complexity by using business language
rather than data language to access, manipulate, and organize data. This
74 BusinessObjects Enterprise Administrator's Guide
Architecture
Data tier
business language is stored as objects in a universe file. Web Intelligence
and Crystal Reports use universes to simplify the user creation process
required for simple to complex end-user query and analysis.
Universes are a core component of BusinessObjects Enterprise. All universe
objects and connections are stored and secured in the central repository by
the Connection Server. Universe designers need to login to BusinessObjects
Enterprise to access the system and create universes. Universe access and
row-level security can also be managed at the group or individual user level
from within the design environment.
The semantic layer allows Web Intelligence to deliver documents, by utilizing
multiple synchronized data providers, including online analytical processing
(OLAP) and common warehousing metamodel (CWM) data sources.
Business Views
Business Views simplify report creation and interaction by abstracting the
complexity of data for report developers. Business Views help separate the
data connections, data access, business elements, and access control.
Business Views can only be used by Crystal Reports and are designed to
simplify the data access and view-time security required for Crystal report
creation. Business Views support the combination of multiple data sources
in a single view. Business Views are fully supported in BusinessObjects
Enterprise.
2
BusinessObjects Enterprise includes a series of dedicated, pre-configured
platform management services for tasks such as password management,
server metrics, and user access control for decentralized management
functions.
Connection Server
The Connection Server provides database access to the raw source data.
It supports relational databases (Oracle, MySQL, Microsoft SQL Server,
DB2, Sybase) as well as OLAP (SAP BW, Microsoft Analysis Services,
Hyperion Essbase). The Connection Server is responsible for handling
connection and interaction with the various datasources and providing a
common feature set to its clients, by emulating the missing features if
necessary.
BusinessObjects Enterprise Administrator's Guide 75
Architecture
2
Security management
The Connection Server can be accessed through a Dynamic Link Library
(inproc), a CORBA server (called through CORBA or HTTP), or by using the
Java API.
Security management
System security is managed by the Central Management Server (CMS),
security plug-ins, and third-party authentication tools, such as SiteMinder or
Kerberos. These components authenticate users and authorize user access
for BusinessObjects Enterprise, its folders, and other objects.
This section discusses key components of system security, including:
• CMS security.
• Third-party security plug-ins.
Note:
Because these components are responsible for additional tasks, several are
described in more detail in other sections.
Central Management Server (CMS) security
The Central Management Server (CMS) manages security information, such
as user accounts, group memberships, and object rights that define user
and group privileges.
When you set up your system, the CMS allows you to create user accounts
and groups within BusinessObjects Enterprise, or reuse existing user
accounts and groups that are stored in a third-party system, such as LDAP
or Windows Active Directory (AD). The CMS supports third-party
authentication, so users can log on to BusinessObjects Enterprise with their
current LDAP, or Windows AD credentials.
When users log on, the CMS coordinates the authentication process with
security plug-ins; the CMS then grants the user a logon token and an active
session on the system. The CMS also responds to authorization requests
made by the rest of the system. When a user requests a list of reports in a
particular folder, the CMS authorizes the request only after it verifies the
user's account or group membership has sufficient privileges.
76 BusinessObjects Enterprise Administrator's Guide
Security plug-ins
Security plug-ins expand and customize how users are authenticated.
BusinessObjects Enterprise ships with the BusinessObjects Enterprise
security plug-in as a default, and with LDAP and Windows Active Directory
(AD) security plug-ins. Each security plug-in offers several key benefits.
Security plug-ins automate account creation and management by allowing
you to map user accounts and groups from third-party systems into
BusinessObjects Enterprise. You can map third-party user accounts or groups
to existing BusinessObjects Enterprise user accounts or groups, or you can
create new Enterprise user accounts or groups that corresponds to each
mapped entry in the external system.
The security plug-ins dynamically maintain third-party user and group listings.
This means once you map an LDAP or Windows AD group into
BusinessObjects Enterprise, all users in group can log on to BusinessObjects
Enterprise. When you make subsequent changes to the third-party group
membership, the list is automatically refreshed.
Architecture
Information flow
2
BusinessObjects Enterprise supports the following security plug-ins:
• BusinessObjects Enterprise security plug-in.
• LDAP security plug-in.
• Windows AD security plug-in.
Information flow
The following workflow information describes what happens at the Enterprise
Framework or Architecture level when an Enterprise process is invoked.
These workflows provide a high-level view of the architecture and how
report-processing is performed. This section covers two different scenarios:
Related Topics
• What happens when you view a report? on page 79
• What happens when you schedule an object? on page 78
BusinessObjects Enterprise Administrator's Guide 77
Architecture
2
Information flow
What happens when you schedule an object?
When you schedule an object, you instruct BusinessObjects Enterprise to
process an object at a particular point in time, or on a recurring schedule.
For example, if you have a report that is based on your web server logs, you
can schedule the report to run every night on a recurring basis.
When a user schedules an object using InfoView, the following happens:
1. InfoView sends the request to the web server.
2. The web server passes the web request directly to the application server,
where it is evaluated by the BusinessObjects Enterprise SDK.
3. The SDK passes the request to the CMS.
4. The CMS checks to see if the user has sufficient rights to schedule the
object.
5. If the user has sufficient rights, the CMS schedules the object to be run
at the specified time(s).
6. When the time occurs, the CMS passes the job to the appropriate job
server. Depending on the type of object, the CMS will send the job to one
of the following job servers:
• If the object is Web Intelligence document, it sends the job to the Web
Intelligence Job Server, which sends the request to the Web
Intelligence Processing Server.
• If the object is a Crystal report, it sends the job to the Report Job
Server.
• If the object is program, it sends the job to the Program Job Server.
7. The job server retrieves the object from the Input File Repository Server
and runs the object against the database, thereby creating an instance
of the object.
8. The job server then saves the instance to the Output File Repository
Server, and tells the CMS that it has completed the job successfully.
If the job was for a Web Intelligence document, the Web Intelligence
Processing Server notifies the Web Intelligence Job Server. The Web
Intelligence Job Server then notifies the CMS that the job was completed
successfully.
78 BusinessObjects Enterprise Administrator's Guide
Note:
• The Cache Server and the Page Server do not participate in scheduling
reports or in creating instances of scheduled reports. This can be an
important consideration when deciding how to configure BusinessObjects
Enterprise, especially in large installations. For more information, see the
BusinessObjects Enterprise Deployment Planning Guide.
• When you schedule program objects or object packages, the interaction
between servers follows the same pattern as it does for reports.
What happens when you view a report?
This section describes the viewing mechanisms that are implemented in
InfoView. It contains information on:
• Report viewing with the Crystal Reports Cache Server and Page Server.
• Viewing Web Intelligence documents.
When you view a report through BusinessObjects Enterprise, the processing
flow varies depending upon your default report viewer, the type of report,
and the rights you have to the report. In addition, the processing flow for
custom applications may differ. In all cases, however, the request that begins
at the web server must be forwarded to the application server.
Architecture
Information flow
2
The actual request is constructed as a URL that includes the report's unique
ID. This ID is passed as a parameter to a server-side script that, when
evaluated by the application server, verifies the user's session and retrieves
the logon token from the browser. The script then checks the user's InfoView
preferences and redirects the request to the viewing mechanism that
corresponds to the user's default viewer.
Different report viewers require different viewing mechanisms:
• The zero-client DHTML viewer is implemented through CAF and OpenDoc.
When evaluated by the application server, this script communicates with
the framework in order to create a viewer object and retrieve a report
source from the Cache Server and Page Server.
• The client-side report viewers (the ActiveX and Java viewers) are
implemented through viewrpt.aspx.
BusinessObjects Enterprise Administrator's Guide 79
Architecture
2
Information flow
The Crystal Web Request is executed internally through viewer code on
the application server. The viewer code communicates with the framework
in order to retrieve a report page (in .epf format) from the Cache Server
and Page Server.
If they haven't already done so, users are prompted to download and
install the appropriate viewer software.
Related Topics
• Report viewing with the Crystal Reports Cache Server and Page Server
on page 80
• Viewing Web Intelligence documents on page 81
Report viewing with the Crystal Reports Cache Server and Page Server
This section describes the process for viewing a Crystal report when using
the zero-client DHTML, ActiveX, or Java viewer. This process uses the Crystal
Reports Cache Server and the Crystal Reports Page Server.
1. Upon receiving a report-viewing request, the Cache Server checks to see
if it has the requested pages cached. Cached pages are stored as
Encapsulated Page Format (.epf) files.
2. If a cached page for the report (.epf file) is available:
a. The Cache Server checks with the CMS to see if the user has rights
to view the cached page.
b. If the user is granted the right to view the report, the Crystal Reports
Cache Server sends the cached page (.epf file) to the application
server.
3. If a cached page for the report (.epf file) is unavailable:
a. The Cache Server requests new cached pages (.epf files) from the
Crystal Reports Page Server.
b. The Crystal Reports Page Server checks with the CMS to see if the
user has rights to view the report.
c. If the user is granted the right to view the report, the Crystal Reports
Page Server retrieves the report from the Input File Repository Server.
d. If the report is an instance, and the user only has View rights, the
Crystal Reports Page Server will generate pages of the report instance
80 BusinessObjects Enterprise Administrator's Guide
Architecture
Information flow
using the data stored in the report instance. That is, the Crystal Reports
Page Server will not retrieve the latest data from the database.
If the report is an object, the user must have View On Demand rights
to view the report successfully (because the Crystal Reports Page
Server needs to retrieve data from the database).
e. If the user has sufficient rights, the Crystal Reports Page Server
generates the cached page (.epf files) and forwards them to the Crystal
Reports Cache Server.
f. The Crystal Reports Cache Server then caches the pages (.epf files).
g. The Crystal Reports Cache Server sends the pages (.epf files) to the
application server.
4. The application server sends the report to the user's Web browser in one
of two ways, depending on how the initial request was made:
• If the initial request was made through a DHTML viewer, the CAF, via
OpenDoc, generates HTML that represents both the DHTML viewer
and the report itself. The HTML pages are then returned through the
web server to the user's web browser.
• If the initial request was made through an Active X or Java viewer
(viewrpt.aspx), the application server forwards the cached pages
(.epf files) through the web server to the report viewer software in the
user's web browser.
2
Viewing Web Intelligence documents
This section describes the process for viewing a Web Intelligence document.
1. InfoView sends the request to the web application server.
2. The web application server sends the request to the application server,
which creates a new session with the Web Intelligence Report Server.
3. The Web Intelligence Report Server checks if the user has rights to use
the Web Intelligence application.
4. The web application server then sends the request to the Web Intelligence
Report Server.
5. The Web Intelligence Report Server contacts the CMS to check whether
the user has the right to view the document, and to check when the
document was last updated.
BusinessObjects Enterprise Administrator's Guide 81
Architecture
2
Information flow
6. If the user has the right to view the document, the Web Intelligence Report
Server checks whether it has up-to-date cached content for the document.
7. If cached content is available, the Web Intelligence Report Server sends
the cached document information to the SDK.
If cached content is not available, the following happens:
a. The Web Intelligence Report Server obtains the document information
from the CMS and checks what rights the user has on the document.
b. The Web Intelligence Report Server obtains the Web Intelligence
document from either the Input or Output File Repository Server and
loads the document file.
Note:
Which FRS is used depends on whether the request was for a Web
Intelligence document that was saved to BusinessObjects Enterprise
or for an instance of the document. Documents are stored on the Input
FRS. Instances are generated when an object is run according to a
schedule, and they are stored on the Output FRS.
c. If the document is set to “refresh on open” and the user has the View
on Demand Rights, the Web Intelligence Report Server refreshes the
data in the document with data from the dattabase.
Note:
If the document is set to “refresh on open” but the user does not have
View On Demand rights, an error message is displayed.
d. The Web Intelligence Report Server stores the document file and the
new document information in cache.
e. The Web Intelligence Report Server sends the document information
to the SDK.
8. The viewer script calls the SDK to get the requested page of the document.
The request is passed to the Web Intelligence Report Server.
9. If the Web Intelligence Report Server has cached content for the page,
it returns the cached XML to the SDK.
If the Web Intelligence Report Server does not have the cached content
for the page, it renders the page to XML using the current data for the
document. It then returns the XML to the SDK.
10. The SDK applies an XSLT style sheet to the XML to transform it to HTML.
11. The viewer script returns the HTML to the browser.
82 BusinessObjects Enterprise Administrator's Guide
Security Concepts
3
Security Concepts
3
Security overview
This section details the ways in which BusinessObjects Enterprise addresses
enterprise security concerns, thereby providing administrators and system
architects with answers to typical questions regarding security.
Click the appropriate link to jump to that section:
•
Security overview on page 84
•
Authentication and authorization on page 85
•
Security plug-ins on page 92
•
Active trust relationship on page 95
•
Sessions and session tracking on page 97
•
Environment protection on page 99
•
Auditing web activity on page 100
Security overview
The BusinessObjects Enterprise architecture addresses the many security
concerns that affect today's businesses and organizations. The current
release supports features such as distributed security, single sign-on,
resource access security, granular object rights, and third-party Windows
NT, LDAP, and Windows AD authentication in order to protect against
unauthorized access.
Because BusinessObjects Enterprise provides the framework for an
increasing number of components from the Enterprise family of Business
Objects products, this section details the security features and related
functionality to show how the framework itself enforces and maintains security.
As such, this section does not provide explicit procedural details; instead, it
focuses on conceptual information and provides links to key procedures.
Click the appropriate link to jump to that section:
•
Authentication and authorization on page 85
•
Security plug-ins on page 92
•
Active trust relationship on page 95
•
Sessions and session tracking on page 97
•
Environment protection on page 99
84 BusinessObjects Enterprise Administrator's Guide
Authentication and authorization
•
Auditing web activity on page 100
• For key procedures that show how to modify the default accounts,
passwords, and other security settings, see BusinessObjects Enterprise
Administrator's Guide.
• For procedures that show how to set up authentication for Enterprise
users, see BusinessObjects Enterprise Administrator's Guide. For the
basic information on how to set up third-party authentication to work with
BusinessObjects Enterprise, see the following sections:
•
Using NT Authentication on page 106
•
Using LDAP authentication on page 113
•
Using AD with NTLM on page 135
• For more in depth information on how to use Kerberos with AD
authentication, see Using AD and Kerberos with Java application servers
on page 141.
Authentication and authorization
Security Concepts
3
Authentication is the process of verifying the identity of a user who attempts
to access the system, and authorization is the process of verifying that the
user has been granted sufficient rights to perform the requested action upon
the specified object.
This section describes the authentication and authorization processes in
order to provide a general idea of how system security works within
BusinessObjects Enterprise. Each of the components and key terms is
discussed in greater detail later in this section. The detailed information on
how to implement these different methods of authentication is discussed in
the following section:
The current release supports these methods of authentication:
• Enterprise authentication
• Windows NT authentication
• LDAP authentication
• Windows AD authentication
• Trusted Authentication
BusinessObjects Enterprise Administrator's Guide 85
Security Concepts
3
Authentication and authorization
If you want to use any of the third-party methods of authentication or Trusted
Authentication, you will need to configure them before you use them. See
the following sections, for procedural details on how to implement these
authentication methods:
•
•
•
•
Because BusinessObjects Enterprise is fully customizable, the authentication
and authorization processes may vary from system to system. This section
uses InfoView as a model and describes its default behavior. If you are
developing your own BusinessObjects Enterprise end-user or administrative
applications using the BusinessObjects Enterprise Software Development
Kit (SDK), you can customize the system's behavior to meet your needs. For
complete details, see the developer documentation available on your product
CD.
Note:
Although a user can configure Windows NT authentication for BOE and
custom applications through the CMC, the CMC and InfoView themselves
do not support Windows NT authentication. The CMC and InfoView do not
support Windows AD authentication with NTLM.
Using NT Authentication on page 106
Using LDAP authentication on page 113
Using AD with NTLM on page 135
Using AD and Kerberos with Java application servers on page 141
The only methods of authentication that the CMC and InfoView support are
Windows AD with Kerberos, LDAP, Enterprise, and Trusted Authentication.
Primary authentication
Primary authentication occurs when a user first attempts to access the
system. One of two things can happen during primary authentication:
• If single sign-on is not configured, the user provides their credentials,
such as their user name, password and authentication type.
These details are entered by the users on the logon screen.
• If a method of single sign-on is configured, the credentials for the users
are silently propagated.
86 BusinessObjects Enterprise Administrator's Guide
Security Concepts
Authentication and authorization
These details are extracted using other methods such as Kerberos,
SiteMinder.
• The authentication type may be Enterprise, Windows NT, LDAP, or
Windows AD authentication, depending upon which type(s) you have
enabled and set up in the Authentication management area of the Central
Management Console (CMC). The user's web browser sends the
information by HTTP to your web server, which routes the information to
the CMS or the appropriate BusinessObjects Enterprise server.
Note:
Although Windows NT and AD with NTLM authentication is supported for
BusinessObjects Enterprise applications, they are not supported for the
InfoView or CMC themselves.
The web application server passes the user's information a server-side script.
Internally, this script communicates with the SDK and, ultimately, the
appropriate security plug-in to authenticate the user against the user
database.
For instance, if the user is logging on to the InfoView and specifies Enterprise
Authentication, the SDK ensures that the BusinessObjects Enterprise security
plug-in performs the authentication. The Central Management Server (CMS)
uses the BusinessObjects Enterprise security plug-in to verify the user name
and password against the system database. Alternatively, if the user specifies
LDAP or Windows AD authentication, the SDK uses the corresponding
security plug-in to authenticate the user.
3
If the security plug-in reports a successful match of credentials, the CMS
grants the user an active identity on the system and the system performs
several actions:
• The CMS creates an enterprise session for the user. While the session
is active, this session consumes one user license on the system.
• The CMS generates and encodes a logon token and sends it to the web
application server.
• The web application server stores the user's information in memory in a
session variable. While active, this session stores information that allows
BusinessObjects Enterprise to respond to the user's requests.
Note:
The session variable does not contain the user's password.
BusinessObjects Enterprise Administrator's Guide 87
Security Concepts
3
Authentication and authorization
• The web application server persists the logon token in a cookie on the
Each of these steps contributes to the distributed security of BusinessObjects
Enterprise, because each step consists of storing information that is used
for secondary identification and authorization purposes. This is the model
used in InfoView. However, if you are developing your own client application
and you prefer not to store session state on the web application server you
can design your application such that it avoids using session variables.
Note:
The third-party Windows NT, LDAP, and Windows AD security plug-ins work
only once you have mapped groups from the external user database to
BusinessObjects Enterprise. For procedural details, see the following
sections:
client's browser. This cookie is only used for failover purposes, such as
when you have a clustered CMS or when InfoView is clustered for session
affinity, not as a part of the normal operation of the system.
Note:
Although it is not the default behavior, it is possible to disable the logon
token, However, if you disable the logon token, you will disable failover.
•
Using AD with NTLM on page 135
•
Using LDAP authentication on page 113
•
Using NT Authentication on page 106
Note:
In a single sign-on situation, BusinessObjects Enterprise retrieves users'
credentials and group information directly from Windows AD or SiteMinder.
Hence, users are not prompted for their credentials.
Single sign-on support
The term single sign-on is used to describe different scenarios. At its most
basic level, it refers to a situation where a user can access two or more
applications or systems while providing their log-on credentials only once,
thus making it easier for users to interact with the system.
Single sign-on to the InfoView and the CMC can be provided by
BusinessObjects Enterprise, or by different authentication tools depending
on your application server type and operating system.
88 BusinessObjects Enterprise Administrator's Guide
Security Concepts
Authentication and authorization
These methods of single sign-on are available if you are using a Java
application server on Windows:
• Windows AD with SiteMinder.
• Windows AD with Kerberos
These method of single sign-on support is available on Windows or Unix,
with either any supported web application server for the platform.
• LDAP with SiteMinder.
• Trusted Authentication.
• Windows AD with Kerberos
Note:
Windows AD with Kerberos is supported if the Java application is on UNIX.
However, the BusinessObjects Enterprise services need to run on a Windows
server.
The following table describes the methods of single sign-on support for the
InfoView and CMC that are available.
3
BusinessObjects Enterprise Administrator's Guide 89
Security Concepts
3
Authentication and authorization
Authentication
Mode
Windows
AD
LDAP
Enterprise
Note:
Single sign-on using Windows NT authentication is not supported for the
InfoView or the CMC.
Server
Windows
only
Any supported
platform
Any supported
platform
Windows AD with
Kerberos only.
Supported LDAP directory servers, with
SiteMinder only.
Trusted Authentication
NotesOptionsCMS
Windows AD authentication to the
InfoView and CMC is available
out of the box.
LDAP authentication to the InfoView and CMC is available out
of the box. SSO to the InfoView
and CMC requires SiteMinder.
Enterprise authentication to the
InfoView and CMC is available
out of the box. SSO with enterprise authentication to the InfoView and CMC requires Trusted
Authentication.
Within the context of BusinessObjects Enterprise, we distinguish the following
levels of single sign-on:
•
Single sign-on to BusinessObjects Enterprise on page 90
•
Single sign-on to database on page 91
•
End-to-end single sign-on on page 92
Single sign-on to BusinessObjects Enterprise
Single sign-on to BusinessObjects Enterprise means that once users have
logged on to the operating system (for Windows) or SiteMinder protected
resources (for LDAP), they can access BusinessObjects Enterprise
applications that support SSO without having to provide their credentials
again. When a user logs on, a security context for that user is created. This
90 BusinessObjects Enterprise Administrator's Guide
context can be propagated to BOE in order to perform SSO - resulting in the
user being logged on as a BOE user that corresponds to the user.
The term “anonymous single sign-on” also refers to single sign-on to
BusinessObjects Enterprise, but it specifically refers to the single sign-on
functionality for the Guest user account. When the Guest user account is
enabled, which it is by default, anyone can log on to BusinessObjects
Enterprise as Guest and will have access to BusinessObjects Enterprise.
For more information, see the Managing Accounts and Groups chapter of
the BusinessObjects Enterprise Administrator's Guide.
For information on configuring single sign-on to BusinessObjects Enterprise
with LDAP authentication, see Configuring LDAP authentication on page 118
.
Single sign-on to database
Once users are logged on to BusinessObjects Enterprise, single sign-on to
the database enables them to perform actions that require database access,
in particular, viewing and refreshing reports, without having to provide their
logon credentials again. Single sign-on to the database can be combined
with single sign-on to BusinessObjects Enterprise, to provide users with even
easier access to the resources they need. See End-to-end single sign-on on
page 92.
Security Concepts
Authentication and authorization
3
In BusinessObjects Enterprise XI 3.0, single sign-on to the database is
supported through Windows AD using Kerberos. You may want to use single
sign-on to the database rather than end-to-end single sign-on, if you don't
want the account for IIS to be trusted for delegation.
Note:
This only relates to custom-built web applications. Single sign-on to the
InfoView and CMC are not supported with IIS. End-to-End single sign-on to
the InfoView and CMC is available for Java application servers.
See these sections for information on configuring single sign-on to the
database with BusinessObjects Enterprise:
•
Using AD and Kerberos with Java application servers on page 141
•
Configuring Kerberos and single sign-on to the database for Java
application servers on page 162
BusinessObjects Enterprise Administrator's Guide 91
Security Concepts
3
Authentication and authorization
•
Configuring Kerberos and single sign-on for Java InfoView on page 163.
End-to-end single sign-on
End-to-end single sign-on refers to a configuration where users have both
single sign-on access to BusinessObjects Enterprise at the front-end, and
single sign-on access to the databases at the back-end. Thus, users need
to provide their logon credentials only once, when they log on to the operating
system, to have access to BusinessObjects Enterprise and to be able to
perform actions that require database access, such as viewing reports.
In BusinessObjects Enterprise XI end-to-end single sign-on is supported
through Windows AD and Kerberos. For more information, see Configuring
Kerberos for Java application servers on page 142.
Security plug-ins
Security plug-ins expand and customize the ways in which BusinessObjects
Enterprise authenticates users. BusinessObjects Enterprise currently ships
with the system default BusinessObjects Enterprise security plug-in and with
the Windows NT, LDAP, and Windows AD security plug-ins. Each security
plug-in offers several key benefits.
Security plug-ins facilitate account creation and management by allowing
you to map user accounts and groups from third-party systems into
BusinessObjects Enterprise. You can map third-party user accounts or groups
to existing BusinessObjects Enterprise user accounts or groups, or you can
create new Enterprise user accounts or groups that corresponds to each
mapped entry in the external system.
The security plug-ins dynamically maintain third-party user and group listings.
So, once you map a Windows NT, LDAP, or Windows AD group into
BusinessObjects Enterprise, all users who belong to that group can log on
to BusinessObjects Enterprise. When you make subsequent changes to the
third-party group membership, you need not update or refresh the listing in
BusinessObjects Enterprise. For instance, if you map a Windows NT group
to BusinessObjects Enterprise, and then you add a new NT user to the NT
group, the security plug-in dynamically creates an alias for that new user
when he or she first logs on to BusinessObjects Enterprise with valid NT
credentials.
92 BusinessObjects Enterprise Administrator's Guide
Security Concepts
Authentication and authorization
Moreover, security plug-ins enable you to assign rights to users and groups
in a consistent manner, because the mapped users and groups are treated
as if they were Enterprise accounts. For example, you might map some user
accounts or groups from Windows NT, and some from an LDAP directory
server. Then, when you need to assign rights or create new, custom groups
within BusinessObjects Enterprise, you make all of your settings in the CMC.
Each security plug-in acts as an authentication provider that verifies user
credentials against the appropriate user database. When users log on to
BusinessObjects Enterprise, they choose from the available authentication
types that you have enabled and set up in the Authorization management
area of the CMC: Enterprise (the system default), Windows NT, LDAP, or
Windows AD.
Note:
The Windows NT and Windows AD security plug-ins cannot authenticate
users if the BusinessObjects Enterprise server components are running on
UNIX.
BusinessObjects Enterprise supports the following security plug-ins:
•
BusinessObjects Enterprise security plug-in on page 93
3
•
LDAP security plug-in on page 114
•
Windows AD security plug-in on page 136
BusinessObjects Enterprise security plug-in
The BusinessObjects Enterprise security plug-in (secEnterprise.dll) is
installed and enabled by default when you install BusinessObjects Enterprise.
This plug-in allows you to create and maintain user accounts and groups
within BusinessObjects Enterprise; it also enables the system to verify all
logon requests that specify Enterprise Authentication. In this case, user
names and passwords are authenticated against the BusinessObjects
Enterprise user list, and users are allowed or disallowed access to the system
based solely on that information. For details on setting up Enterprise users
and groups, see the BusinessObjects Enterprise Administrator's Guide.
BusinessObjects Enterprise Administrator's Guide 93
Security Concepts
3
Authentication and authorization
Default accounts
When you first install BusinessObjects Enterprise, this plug-in sets up two
default Enterprise accounts: Administrator and Guest. Neither account has
a default password.
Single sign-on
The BusinessObjects Enterprise authentication provider supports anonymous
single sign-on for the Guest account. Thus, when users connect to
BusinessObjects Enterprise without specifying a user name and password,
the system logs them on automatically under the Guest account. If you assign
a secure password to the Guest account, or if you disable the Guest account
entirely, you disable this default behavior. For details, see the
BusinessObjects Enterprise Administrator's Guide.
Processing extensions
BusinessObjects Enterprise offers you the ability to further secure your
reporting environment through the use of customized processing extensions.
A processing extension is a dynamically loaded library of code that applies
business logic to particular BusinessObjects Enterprise view or schedule
requests before they are processed by the system.
Note:
On Windows systems, dynamically loaded libraries are referred to as
dynamic-link libraries (.dll file extension). On UNIX systems, dynamically
loaded libraries are often referred to as shared libraries (.so file extension).
You must include the file extension when you name your processing
extensions.
Through its support for processing extensions, the BusinessObjects
Enterprise administration SDK essentially exposes a "handle" that allows
developers to intercept the request. Developers can then append selection
formulas to the request before the report is processed.
A typical example is a report-processing extension that enforces row-level
security. This type of security restricts data access by row within one or more
database tables. The developer writes a dynamically loaded library that
intercepts view or schedule requests for a report (before the requests are
processed by a Job Server, Processing Server, or Report Application Server).
The developer's code first determines the user who owns the processing
94 BusinessObjects Enterprise Administrator's Guide
Security Concepts
Active trust relationship
job; then it looks up the user's data-access privileges in a third-party system.
The code then generates and appends a record selection formula to the
report in order to limit the data returned from the database. In this case, the
processing extension serves as a way to incorporate customized row-level
security into the BusinessObjects Enterprise environment.
Tip:
In BusinessObjects Enterprise XI, you can also set and enforce row-level
security through the use of Business Views. For more information, see the
Business Views Administrator's Guide.
The CMC provides methods for registering your processing extensions with
BusinessObjects Enterprise and for applying processing extensions to
particular object. For details, see the BusinessObjects Enterprise
Administrators' Guide.
By enabling processing extensions, you configure the appropriate
BusinessObjects Enterprise server components to dynamically load your
processing extensions at runtime. Included in the SDK is a fully documented
API that developers can use to write processing extensions. For more
information, see the developer documentation available on your product CD.
3
Note:
In the current release, processing extensions can be applied only to Crystal
report (.rpt) objects.
Active trust relationship
In a networked environment, a trust relationship between two domains is
generally a connection that allows one domain accurately to recognize users
who have been authenticated by the other domain. While maintaining security,
the trust relationship allows users to access resources in multiple domains
without repeatedly having to provide their credentials.
Within the BusinessObjects Enterprise environment, the active trust
relationship works similarly to provide each user with seamless access to
resources across the system. Once the user has been authenticated and
granted an active session, all other BusinessObjects Enterprise components
can process the user's requests and actions without prompting for credentials.
As such, the active trust relationship provides the basis for BusinessObjects
Enterprise's distributed security.
BusinessObjects Enterprise Administrator's Guide 95
Security Concepts
3
Active trust relationship
Logon tokens
A logon token is an encoded string that defines its own usage attributes and
contains a user's session information. The logon token's usage attributes
are specified when the logon token is generated. These attributes allow
restrictions to be placed upon the logon token to reduce the chance of the
logon token being used by malicious users. The current logon token usage
attributes are:
• Number of minutes
This attribute restricts the lifetime of the logon token.
• Number of logons
This attribute restricts the number of times that the logon token can be
used to log on to BusinessObjects Enterprise.
Both attributes hinder malicious users from gaining unauthorized access to
BusinessObjects Enterprise with logon tokens retrieved from legitimate users.
Note:
Storing a logon token in a cookie is a potential security risk if the network
between the browser and application or web server is insecure – for example
if the connection is made over a public network and is not using SSL or
Trusted Authentication. It is good practice to use Secure Sockets Layer (SSL)
to reduce security risk between the browser and application or web server.
When the logon cookie has been disabled, and the web server or web
browser times out, the user is presented with the logon screen. When the
cookie is enabled, and the server or browser times out, the user is seamlessly
logged back onto the system. However, because state information is tied to
the web session, the user's state is lost. For example, if the user had a
navigation tree expanded and a particular item selected, the tree is reset.
For BusinessObjects Enterprise, the default is to have logon tokens enabled
in the web client, however, you can disable logon tokens for InfoView. When
you disable the logon tokens in the client, the user session will be limited by
the web server or web browser timeout. When that session expires, the user
will be required to log in again to BusinessObjects Enterprise.
96 BusinessObjects Enterprise Administrator's Guide
Sessions and session tracking
Ticket mechanism for distributed security
Enterprise systems dedicated to serving a large number of users typically
require some form of distributed security. An enterprise system may require
distributed security to support features such the transfer of trust (the ability
to allow another component to act on behalf of the user)
BusinessObjects Enterprise addresses distributed security by implementing
a ticket mechanism (one that is similar to the Kerberos ticket mechanism).
The CMS grants tickets that authorize components to perform actions on
behalf of a particular user. In BusinessObjects Enterprise, the ticket is referred
to as the logon token.
This logon token is most commonly used over the Web. When a user is first
authenticated by BusinessObjects Enterprise, he or she receives a logon
token from the CMS. The user's web browser caches this logon token. When
the user makes a new request, other BusinessObjects Enterprise components
can read the logon token from the user's web browser.
Security Concepts
3
Sessions and session tracking
In general, a session is a client-server connection that enables the exchange
of information between the two computers. A session's state is a set of data
that describes the session's attributes, its configuration, or its content. When
you establish a client-server connection over the Web, the nature of HTTP
limits the duration of each session to a single page of information; thus, your
web browser retains the state of each session in memory only for as long
as any single Web page is displayed. As soon as you move from one web
page to another, the state of the first session is discarded and replaced with
the state of the next session. Consequently, Web sites and Web applications
must somehow store the state of one session if they need to reuse its
information in another.
BusinessObjects Enterprise uses two common methods to store session
state:
• Cookies—A cookie is a small text file that stores session state on the
client side: the user's web browser caches the cookie for later use. The
BusinessObjects Enterprise logon token is an example of this method.
BusinessObjects Enterprise Administrator's Guide 97
Security Concepts
3
Sessions and session tracking
• Session variables—A session variable is a portion of memory that stores
Note:
Ideally, the system should preserve the session variable while the user is
active on the system. And, to ensure security and to minimize resource
usage, the system should destroy the session variable as soon as the user
has finished working on the system. However, because the interaction
between a web browser and a web server can be stateless, it can be difficult
to know when users leave the system, if they do not log off explicitly. To
address this issue, BusinessObjects Enterprise implements session tracking.
Click the appropriate link to jump to that section:
•
session state on the server side. When BusinessObjects Enterprise grants
a user an active identity on the system, information such as the user's
authentication type is stored in a session variable. So long as the session
is maintained, the system neither has to prompt the user for the information
a second time nor has to repeat any task that is necessary for the
completion of the next request.
For Java deployments, the session is used to handle .jsp requests; for
.NET deployments, the session is used to handle .aspx requests.
Session tracking on page 98
•
CMS session tracking on page 98
Session tracking
The web application server's idle connection timeout is set to a default of 20
minutes but can changed via the CMC in the properties for all processing
servers. For more information about changing idle connection timeout
settings, see Configuring the processing tier for enhanced performance on
page 422.
CMS session tracking
The CMS implements a simple tracking algorithm. When a user logs on, he
or she is granted a CMS session, which the CMS preserves until the user
logs off, or until the web application server session variable is released.
98 BusinessObjects Enterprise Administrator's Guide
The web application server session is designed to notify the CMS on a
recurring basis that it is still active, so the CMS session is retained so long
as the web application server session exists. If the web application server
session fails to communicate with the CMS for a ten-minute time period, the
CMS destroys the CMS session. This handles scenarios where client-side
components shut down irregularly.
Environment protection
Environment protection refers to the security of the overall environment in
which client and server components communicate. Although the Internet and
web-based systems are increasingly popular due to their flexibility and range
of functionality, they operate in an environment that can be difficult to secure.
When you deploy BusinessObjects Enterprise, environment protection is
divided into two areas of communication:
•
Web browser to web server on page 99
•
Web server to BusinessObjects Enterprise on page 100
Security Concepts
Environment protection
3
Web browser to web server
When data is transmitted between the web browser and the web server,
some degree of security is usually required. Relevant security measures
usually involve two general tasks:
• Ensuring that the communication of data is secure.
• Ensuring that only valid users retrieve information from the web server.
Note:
These tasks are typically handled by web servers through various security
mechanisms, including the Secure Sockets Layer (SSL) protocol, Windows
NT Challenge/Response authentication, and other such mechanisms. It is
good practice to use Secure Sockets Layer (SSL) to reduce security risk
between the browser and application or web server. For procedural
information, see Configuring servers for SSL on page 271.
You must secure communication between the web browser and the web
server independently of BusinessObjects Enterprise. For details on securing
client connections, refer to your web server documentation.
BusinessObjects Enterprise Administrator's Guide 99
Security Concepts
3
Auditing web activity
Web server to BusinessObjects Enterprise
Firewalls are commonly used to secure the area of communication between
the web server and the rest of the corporate intranet (including
BusinessObjects Enterprise). BusinessObjects Enterprise supports firewalls
that use IP filtering or static network address translation (NAT). Supported
environments can involve multiple firewalls, web servers, or application
servers.
For complete details on BusinessObjects Enterprise and firewall interaction,
see Understanding communication between BusinessObjects Enterprise
components on page 358.
Auditing web activity
BusinessObjects Enterprise provides insight into your system by recording
web activity and allowing you to inspect and to monitor the details. The web
application server allows you to select the web attributes—such as time,
date, IP address, port number, and so on—that you want to record. The
auditing data is logged to disk and stored in comma-delimited text files, so
you can easily report off the data or import it into other applications.
Protection against malicious logon attempts
No matter how secure a system is, there is often at least one location that
is vulnerable to attack: the location where users connect to the system. It is
nearly impossible to protect this location completely, because the process
of simply guessing a valid user name and password remains a viable way
to attempt to "crack" the system.
BusinessObjects Enterprise implements several techniques to reduce the
probability of a malicious user achieving access to the system. The various
restrictions listed below apply only to Enterprise accounts—that is, the
restrictions do not apply to accounts that you have mapped to an external
user database (Windows NT, LDAP, or Windows AD). Generally, however,
your external system will enable you to place similar restrictions on the
external accounts.
100 BusinessObjects Enterprise Administrator's Guide
Loading...