QlikView Security Overview. Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication.

Slides:

Advertisements

Similar presentations

Chapter 17: WEB COMPONENTS

Advertisements

Module 5: Configuring Access to Internal Resources.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Introduction To Windows NT ® Server And Internet Information Server.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Web services security I

ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Access Gateway Operation

WEB-ENHANCED INFORMATION MANAGEMENT (COMS E6125) SPRING 2008 (CVN) NAVID AZIMI (NA2258) Web Platforms, or: How I Learned To Stop Worrying And Love Facebook.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Grid Chemistry System Architecture Overview Akylbek Zhumabayev.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.

Configuring and Deploying Web Applications Lesson 7.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.

Deck off cards Draft 2 Insert Your Name. Product Overview QlikView Developer Development tool to create data model and graphical interface QlikView Server.

QlikView Architecture Overview

QlikView Integration Overview June Agenda Data Source Integration Web & Application Integration Security Integration Integration with 3rd party.

BE-com.eu Brussel, 26 april 2016 EXCHANGE 2010 HYBRID (IN THE EXCHANGE 2016 WORLD)

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

E-commerce Architecture Ayşe Başar Bener. Client Server Architecture E-commerce is based on client/ server architecture –Client processes requesting service.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

1 Copyright © 2008, Oracle. All rights reserved. Repository Basics.

QlikView Security Overview Marcus Spitzmiller. EXCELSQLSAPERP ORACLE SALESFORCE DATA WAREHOUSE INFORMATICA Finance Marketing Sales Operations Presentation.

ArcGIS for Server Security: Advanced

Alain Bethuyne Web Security Architect BNPParibas Fortis

Mobile Security for QlikView

QlikView and Salesforce.com Integration

Distributed Control and Measurement via the Internet

Data Virtualization Tutorial… SSL with CIS Web Data Sources

Stop Those Prying Eyes Getting to Your Data

Contents Software components All users in one location:

Mobile Security for QlikView

CIIT-Human Computer Interaction-CSC456-Fall-2015-Mr

What are they? The Package Repository Client is a set of Tcl scripts that are capable of locating, downloading, and installing packages for both Tcl and.

Federation made simple

Netscape Application Server

CONFIGURING A MICROSOFT EXCHANGE SERVER 2003 INFRASTRUCTURE

Securing the Network Perimeter with ISA 2004

Principles of Network Applications

Radius, LDAP, Radius used in Authenticating Users

Server Concepts Dr. Charles W. Kann.

Virtual Private Networks (VPN)

Introduction to J2EE Architecture

Goals Introduce the Windows Server 2003 family of operating systems

SharePoint Online Authentication Patterns

Building Security into Your System

NetChat Communications Framework

Designing IIS Security (IIS – Internet Information Service)

Introduction of Week 5 Assignment Discussion

Presentation transcript:

QlikView Security Overview

Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

Trust - What safeguards are in place to ensure only the correct access to data and applications? - Can you comply with my corporate security standards? Complexity - How easy or difficult is it to understand your approach to security? - How flexible is your solution to coping with my security architecture? Most Common Security-related challenges a new vendor faces

Do you follow standard protocols? (e.g. HTTPs, restricted port access, encryption). Answer: Yes Do you have at least the same security as the data source that you are loading from? Answer: Yes Can you directly connect to my existing directory service and Single Sign- On (SSO) solutions? Answer: Yes Does your solution adopt a multi-tier approach to application and data security? Answer: Yes Do you require plug-ins to be installed on the client side? Answer: No Common questions about QlikView security from a CIO (or their staff)…

Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

Let’s explain what our core products do and how they fit together in a ‘tiered’ deployment The QlikView platform: a basis for understanding Security

QlikView DeveloperQlikView ServerQlikView Publisher Development tool to create: 1)Data extract and transformation model 2)Graphical User Interface (presentation layer) Windows desktop or server based Creates QVW (.qvw) files QlikView Server (QVS) combined with QlikView Web Server. Contains Management Console and Access Point In-Memory analytics engine Handles QlikView Client/Server communication Client Authorization against directory providers (AD, eDirectory..) Performs 2 main functions: 1)Loading data directly from data sources using QVW files 2)Distribution service to reduce and distribute data and documents

QlikView Developer QVP

QlikView architecture: Back-end Contains QlikView Source Documents created by QlikView Developer The Windows file system is always in charge of security. QlikView Publisher is the main component in the back-end QlikView Developer

QlikView architecture: Front-end Contains User Documents, created from Publisher distributed documents. QlikView Server (QVS) is in charge of client security.

‘Tiered’ approach to data security QlikView Developer QlikView Publisher Sales_US.qv w Sales_CAN.qvwSales_UK.qvwSales_FRA.qvwSales_GER.qvwSales_SWE.qvw QlikView Server Back End Front End QlikView Access Point Sales.qvw

Important QlikView security considerations The back and front-end are often in different network zones The front-end does not have any open ports to the back-end The front-end does not send any queries to data sources in the back-end The end users can only access QlikView documents in the front-end, never in the back-end. The QlikView documents in front-end are a result of Publisher tasks. It does not contain any overhead or redundant data It does not contain any connection strings, they are safe in the back-end To recreate all the qvw documents just run the Publisher task QVW files are only secure when behind a QlikView Server

Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

Authentication and Authorization Authentication: Who are you and how do you prove it? Authorization: What are you allowed to see? What are you allowed to do?

Authentication and Authorization – an analogy John Doe Dep: Boston Arr: Dublin Are you John Doe? D UB LA X OR D LH R Are you flying to Dublin?

Authentication and Authorization - QlikView Are you John Doe? Sales_GER.qvw Sales_USA.qvw Sales_UK.qvw Sales_JAP.qvw Do you have authorization to view Germany’s sales data?

Authentication QlikView does not handle Authentication. It relies on other sources to accomplish this: 1.Microsoft Active Directory; 2.Single Sign-On solutions like: CA SiteMinder, IBM WebSeal, Oracle Oblix

Authentication using Active Directory (default) Desktop using QVP QVS will communicate with Active Directory and authentication is handled purely by windows Web clients User hits web server authentication using Active Directory Accesspoint receives group info from AD for the current user AccessPoint sends user/group info to QVS to receive document list When a document is opened user/group info is also sent to QVS to receive a ticket. Depending on client, this ticket is either linked to a session id (Ajax) or sent to the client to be attached to the qvp-protocol (Plugin)

Authentication using HTTP Header and Third Party Identity Manager Desktop using QVP N/A Web clients User hits web server. Authentication performed against third party Identity Manager HTTP Header (UID) info set by third-party HTTP Header (UID) sent in request to AccessPoint AccessPoint sends UID to DSC DSC selects correct DSP based on specified prefix in UID AccessPoint receives group info from DSC (DSC must be properly configured to resolve groups from a DSP) AccessPoint sends UID/group info to QVS to receive document list (based on authorization, NTFS or DMS) When a document is opened user/group info is also sent to QVS to receive a ticket. Depending on client, this ticket is either linked to a session id (Ajax) or sent to the client to be attached to the qvp-protocol (Plugin)

Authentication using HTTP Header in non-trust scenarios

Authorization QlikView handles authorization itself (i.e. the QlikView Server handles this) 1.It uses already assigned Windows privileges (i.e. NTFS mode) 2.It uses its own assigned privileges (i.e. DMS mode) Governed in Windows by NT File System (NTFS) Managed in Windows by Access Control Lists (ACL) Every authorized access to an object requires authentication. Even anonymous users are authenticated, i.e. IUSR_ is used by anonymous users in IIS (access is done in the context of this account) Governed in QlikView Server by Document Meta Service (DMS) Managed in QlikView Server by metadata files attached to a document (qvwdocument.meta)

Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

QlikView Server communication protocols The QlikView Protocol (QVP) Overview QVP is a proprietary protocol developed by QlikTech. The protocol lays down a specification for passing data between QlikView Server and installed clients, like QlikView Plug-in and Developer open in server. QVP runs natively over TCP port 4747 or may be encapsulated over HTTP by use of the QVP tunnel. Use QVS Tunnel and SSL for extra security (NB this may have performance implications)

QlikView Server communication protocols The QlikView AJAX Protocol (QVPX) QVPX is proprietary and developed by QlikTech. QVPX is used by the AJAX and mobile clients. This is not really a protocol, but rather a framework how QlikView communicates in AJAX (xml and Java Script). The actual protocol is HTTP or HTTPS. Encryption is done with certificates and SSL The advantages with QVPX is that HTTP/HTTPS is a standard protocols well known and trusted by IT departments.

Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

QlikView Security Materials Security Overview White Paper Security Overview Video Series Dev and Deployment Tech Brief

QlikView Security - Summary It’s important to remember that QlikView: 1.Complies with standard security protocols 2.Supports a tiered approach to deployment security 3.Can integrate with existing security infrastructures (e.g Single Sign On) 4.Has an understandable and compliant approach to Security 5.Has content that can be referenced to provide a deeper understanding (e.g. White Papers)

Thank You... Q&A