Jim Thorstad Technical Director, WebFOCUS Product Management WebFOCUS 8: Technical Overview 1

Agenda  WebFOCUS 8 Architecture  Security Model  Enhancement Highlights  Demo 2

WebFOCUS 8 Architecture 3

What is WebFOCUS 8? Understanding Middle-tier vs. Server-tier Components 4 Report Server UsersData WebFOCUS 8.0 WebFOCUS 8 Updates the Middle-tier Report Server WebFOCUS

WebFOCUS 8 Architecture Integrated Repository 5 Application Directories Metadata Uploaded Data WebFOCUS 8 Repository WebFOCUS Client Managed Reporting BI Portal ReportCaster WebFOCUS Client Managed Reporting BI Portal ReportCaster WebFOCUS Report Server Users Groups Security Reports Schedules Content

Information Builders File System WebFOCUS 8 Architecture Is Built Around IBFS  IBFS Service Layer – Internal Subsystem  IBFS Path – an Object Addressing Scheme 6 IBFS paths used in drill-down links, schedules, security rules For backward compatibility, migrated content can still be accessed via HREF properties

Information Builders File System IBFS is All-Encompassing  IBFS Used to Reference  Reports, portal pages  Schedules, output  Users, groups  Report Servers 7 IBFS governs access to everything  IBFS is Hierarchical and Enables  Security policy inheritance  Group nesting  Full control over content organization

Information Builders File System IBFS Enables Full Control of Content Organization 8 Mandatory folders in 7x are migrated “as is” … but are no longer required in 8.0 Reports, reporting objects, and library output can be deployed in the same folder Folder depth not limited to one sub-folder

RC Distribution Server WebFOCUS 8 Architecture All Content is Accessed via the IBFS Service Layer WebFOCUS 8 Repository IBFS Service Layer HTTP Service 9 Core WF MR/BIP/RC ReportCaster uses an IBFS Service API to access report procedures in the repository Eliminates problematic HTTP requests to the web tier

WebFOCUS 8 High-level Architecture Running Report Requests WebFOCUS 8 Repository IBFS Service Layer HTTP Service WebFOCUS Report Server Web Requests 10 Core WF MR/BIP/RC User ID and Groups can be passed to the Server: Connection=Trusted/IBIMR_user IBI_WFRS_Passthrough_Groups=ALL WebFOCUS runs interactive requests through IBFS u=jim, g=Tenant22

WebFOCUS 8 Security Model 11

Why a New Security Model? Customer Feedback Related to WebFOCUS 7x  Managed Reporting Role Security was Limiting  Only 5 base roles and 9 permissions  One role for all Domains  Domain Security Model was Limiting  Couldn’t customize security on sub-folders  Content Sharing was Limiting  Couldn’t share with specific people  Challenging for Multi-tenancy SaaS Deployments  Couldn’t allow sharing in a common Domain—user’s would see content from other tenants  Dilemma: abandon common domain or drop sharing? 12 WebFOCUS 8 Addresses These Challenges!

WebFOCUS 8 Security Model Basic Security Concepts  Security Rules Connect…  Subjects – groups/users to authorize  Roles – collection of privileges  Resources – objects to secure  Access – type of rule: permit, deny,...  Apply To – scope of rule: folder, folder & children,...  Security Policy – Collection of Security Rules  Effective Policy – Evaluation of the Security Policy  Bob has privileges A, B, C on resource X  Takes into account rule inheritance, rule conflicts, group membership, user-specific rules (if any) 13 The Security Model in WebFOCUS 8 Provides Complete Control of Your Security Policies

WebFOCUS 8 Security Model Understanding Group Membership  Policy Evaluation Includes Processing of a User’s:  Explicitly assigned groups  Implicit groups 14 Therefore Bob implicitly belongs to Sales… And the rules associated with both groups apply Bob is assigned to the Sales Basic Users group Bob explicit Sales Basic Users belongs to Sales Group implicit

WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Users & Groups Tab 15

WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Roles Tab 16

WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Role Customization 17 Select all or a portion of the privileges within each category Choose whether users select a Master File or Reporting Object with InfoAssist Choose whether users can upload a spreadsheet to the Reporting Server

WebFOCUS 8 Security Model Creating Security Rules 18 and then Security > Rules… Select any IBFS resource …

WebFOCUS 8 Security Model Creating Security Rules – Security Rules Dialog 19 You select a subject… The resource …role, type, and scope Click OK to create rule(s)

WebFOCUS 8 Security Model Managing Your Security Policies 20 Rules on this Resource answers: “Who can access this?”

WebFOCUS 8 Security Model Managing Your Security Policies 21 Rules for this Group answers: “What does this group have access to?”

WebFOCUS 8 Security Model Understanding the Built-in Global Groups 22  Consider Using Global Groups Carefully Global groups have access to all content through inheritance

WebFOCUS 8 Security Model Benefits 23  Flexible Security Model  Over 150 assignable privileges  You can develop custom roles  Sub-Groups and Inheritance Simplify Policy Creation  Tools simplify Creation and Management of Policies  Possible to Address Enterprise and SaaS Markets  Possible to Address Each Customer’s Unique Needs

WebFOCUS 8 Enhancement Highlights 24

WebFOCUS 8 Enhancement Highlights 25  Resource Templates  Private Content, Publishing, and Content Sharing  Localization  Licensing  Authorization Mapping

Resource Templates The Deployment Challenges Facing Administrators 26  What are our security requirements?  How do I design and implement a security policy?  How long will it take to create security rules?  What best practices should I be aware of?  Where do I start?

Resource Templates Simplifying the Creation of Security Policies 27  Resource Templates Automate the Creation of  Folders, portals, groups, roles, security rules  WebFOCUS Includes Two Resource Templates:  Enterprise Domain template  SaaS Tenant Domain template

Resource Templates Simplifying the Creation of Security Policies 28  The Enterprise Domain Template Creates:  1 Domain-specific Folder, Portal, and Group  4 Sub-groups  21 Domain-specific Rules  8 Configurable Roles

Resource Templates Simplifying the Creation of Security Policies 29  The SaaS Tenant Template Creates the Same Things Plus  A Common folder  The EVERYONE group is hidden

Resource Templates Simplifying the Creation of Security Policies  The template also creates the required security rules 30

Resource Templates Support Site and Roadmap 31  Latest Information on Templates:  Download the Policy Design Worksheet  Use this to plan your custom deployment  Roadmap: Create Your Own Templates /wbf/v8templates/wbf_8_resource_templates.html

Private Content, Publishing, and Sharing Private Content 32  All Content Initially Created as Private  Visible only to owner  Doesn’t inherit security  Administrators with Manage Private Resources can access private content  Authority to Create Private Items Outside of a My Content Folder Can be Assigned In private content is indicated with a grayscale overlay on the icon

Private Content, Publishing, and Sharing Publishing Private Content 33  Authorized Users Can Publish a Private Resource  Published resources inherit security rules from parent  Create, Publish & Un-Publish are separately assignable  Contrast with Formal Change Control Model  Isolated DEV/TEST/PROD environments  Developers don’t have write access to TEST/PROD  But a Useful Alternative in SaaS Deployments  SaaS tenant developers only interact with PROD  Tenant developers can work out of view from users  Publishing completed reports is simple  IBFS paths don’t change  Consider Developing In-Place with Private Content

Private Content, Publishing, and Sharing My Content Folders 34  End-Users Need to Create Resources in Production  This is facilitated by special My Content folders  A Folder Property Enables Support for My Content  Assignable Privilege Determines Who Gets One Private content, created and saved by a user to their My Content folder

Private Content, Publishing, and Sharing Content Sharing 35  Complete Control Over Content Sharing  Share – simple sharing determined by WebFOCUS  Share with – user determines who to share with  Configurable Policy Determines Available Users/Groups Shared content Assignable sharing options  Enhanced Shared Content View  Only Users Sharing Content are Shown

Authorization Mapping Key Requirement for Enterprise & SaaS Deployments 36  What if you Manage Authorizations in LDAP/AD via…  The user’s group memberships  A custom attribute on the user entry Groups in AD/LDAP User Attribute in Oracle LDAP  Authorization Mapping is Built-in to WebFOCUS 8

Authorization Mapping Key Requirement for Enterprise & SaaS Deployments 37  Administrator Maps the Value to a WebFOCUS Group  Resource Templates Can Configure the Mapping Group DN or user attribute value is mapped to WF group

LDAP Authorization Mapping Key Requirement for Enterprise & SaaS Deployments 38 User accounts are automatically created during sign-on Mapped WebFOCUS groups have a link icon

Other Security Enhancements Password Policies, Auditing  For Customers Using Internal Authentication  Strong encryption for password hashes  Configurable password policies  Built-in Protection from Web Vulnerabilities  Built-in User and Administrative Activity Auditing 39 [ :30:13,267] INFO groups ed214e45667f0f1 thoja13 addUserToGroup SUCCESS user:smija03 ( ) group:IBFS:/SSYS/GROUPS/Retail/Developers ( ) This user Used this API To move this user Into this group

Localizable Content Titles A Complete Solution for Localized Applications 40 User sees label based on their language preference Repository data can be localized

WebFOCUS 8 Client License New for WebFOCUS 8 41  Enforces Licensed Options  Features: BI Portal, InfoAssist, ReportCaster, etc.  Managed Reporting user count  InfoAssist user count (future release)  Work with Customer Support/Account Team  Make sure your site code ( XXXX.nn ) reflects your products

Migrating to WebFOCUS 8 42

Migrating to WebFOCUS 8 Built-in Utilities to Simplify the Process  Utility Migrates 7x Content  ReportCaster Content  Managed Reporting Content  Dashboards  Dashboard Conversion to BI Portals  Not Automatic  User Experience and Policies Preserved  Identical folder structure  Identical security policy 43

44 Understanding a Migrated Policy MR7x to WF8  MR 7x users had only a single role and optionally a few extra privileges  The role was defined on the user  Migration creates a policy with this same behavior  Requires the User Default Role (UDR) Setting

45 Understanding a Migrated Policy MR7x to WF8  Sets special system Roles between migrated Groups and Domain folders

46 Understanding a Migrated Policy MR7x to WF8  Enables Default Role tab on the user account  Here the user’s 7x “role” and “privileges” are defined  They apply to all Domain folders

Summary 47

WebFOCUS 8 Technical Overview Summary  Rich Portal and Tool Interfaces  Replace BI Dashboard and Java Applet UIs  Integrated Repository Based on IBFS  Unified, fully localizable repository for MR, BIP, RC  Full control of content organization and security policy  Resource Templates simplify security policy creation  Enhanced Content Publishing and Sharing  External Authorization Built-in  Migration Utilities Streamline Upgrade  WebFOCUS requires Report Server 48

49