Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jim Thorstad Technical Director, WebFOCUS Product Management WebFOCUS 8: Technical Overview 1.

Published bySuzan Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "Jim Thorstad Technical Director, WebFOCUS Product Management WebFOCUS 8: Technical Overview 1."— Presentation transcript:

1 Jim Thorstad Technical Director, WebFOCUS Product Management WebFOCUS 8: Technical Overview 1

2 Agenda  WebFOCUS 8 Architecture  Security Model  Enhancement Highlights  Demo 2

3 WebFOCUS 8 Architecture 3

4 What is WebFOCUS 8? Understanding Middle-tier vs. Server-tier Components 4 Report Server 7.7.04 + UsersData WebFOCUS 8.0 WebFOCUS 8 Updates the Middle-tier Report Server 8.0.01 + WebFOCUS 8.0.01

5 WebFOCUS 8 Architecture Integrated Repository 5 Application Directories Metadata Uploaded Data WebFOCUS 8 Repository WebFOCUS Client Managed Reporting BI Portal ReportCaster WebFOCUS Client Managed Reporting BI Portal ReportCaster WebFOCUS Report Server Users Groups Security Reports Schedules Content

6 Information Builders File System WebFOCUS 8 Architecture Is Built Around IBFS  IBFS Service Layer – Internal Subsystem  IBFS Path – an Object Addressing Scheme 6 IBFS paths used in drill-down links, schedules, security rules For backward compatibility, migrated content can still be accessed via HREF properties

7 Information Builders File System IBFS is All-Encompassing  IBFS Used to Reference  Reports, portal pages  Schedules, output  Users, groups  Report Servers 7 IBFS governs access to everything  IBFS is Hierarchical and Enables  Security policy inheritance  Group nesting  Full control over content organization

8 Information Builders File System IBFS Enables Full Control of Content Organization 8 Mandatory folders in 7x are migrated “as is” … but are no longer required in 8.0 Reports, reporting objects, and library output can be deployed in the same folder Folder depth not limited to one sub-folder

9 RC Distribution Server WebFOCUS 8 Architecture All Content is Accessed via the IBFS Service Layer WebFOCUS 8 Repository IBFS Service Layer HTTP Service 9 Core WF MR/BIP/RC ReportCaster uses an IBFS Service API to access report procedures in the repository Eliminates problematic HTTP requests to the web tier

10 WebFOCUS 8 High-level Architecture Running Report Requests WebFOCUS 8 Repository IBFS Service Layer HTTP Service WebFOCUS Report Server Web Requests 10 Core WF MR/BIP/RC User ID and Groups can be passed to the Server: Connection=Trusted/IBIMR_user IBI_WFRS_Passthrough_Groups=ALL WebFOCUS runs interactive requests through IBFS u=jim, g=Tenant22

11 WebFOCUS 8 Security Model 11

12 Why a New Security Model? Customer Feedback Related to WebFOCUS 7x  Managed Reporting Role Security was Limiting  Only 5 base roles and 9 permissions  One role for all Domains  Domain Security Model was Limiting  Couldn’t customize security on sub-folders  Content Sharing was Limiting  Couldn’t share with specific people  Challenging for Multi-tenancy SaaS Deployments  Couldn’t allow sharing in a common Domain—user’s would see content from other tenants  Dilemma: abandon common domain or drop sharing? 12 WebFOCUS 8 Addresses These Challenges!

13 WebFOCUS 8 Security Model Basic Security Concepts  Security Rules Connect…  Subjects – groups/users to authorize  Roles – collection of privileges  Resources – objects to secure  Access – type of rule: permit, deny,...  Apply To – scope of rule: folder, folder & children,...  Security Policy – Collection of Security Rules  Effective Policy – Evaluation of the Security Policy  Bob has privileges A, B, C on resource X  Takes into account rule inheritance, rule conflicts, group membership, user-specific rules (if any) 13 The Security Model in WebFOCUS 8 Provides Complete Control of Your Security Policies

14 WebFOCUS 8 Security Model Understanding Group Membership  Policy Evaluation Includes Processing of a User’s:  Explicitly assigned groups  Implicit groups 14 Therefore Bob implicitly belongs to Sales… And the rules associated with both groups apply Bob is assigned to the Sales Basic Users group Bob explicit Sales Basic Users belongs to Sales Group implicit

15 WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Users & Groups Tab 15

16 WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Roles Tab 16

17 WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Role Customization 17 Select all or a portion of the privileges within each category Choose whether users select a Master File or Reporting Object with InfoAssist Choose whether users can upload a spreadsheet to the Reporting Server

18 WebFOCUS 8 Security Model Creating Security Rules 18 and then Security > Rules… Select any IBFS resource …

19 WebFOCUS 8 Security Model Creating Security Rules – Security Rules Dialog 19 You select a subject… The resource …role, type, and scope Click OK to create rule(s)

20 WebFOCUS 8 Security Model Managing Your Security Policies 20 Rules on this Resource answers: “Who can access this?”

21 WebFOCUS 8 Security Model Managing Your Security Policies 21 Rules for this Group answers: “What does this group have access to?”

22 WebFOCUS 8 Security Model Understanding the Built-in Global Groups 22  Consider Using Global Groups Carefully Global groups have access to all content through inheritance

23 WebFOCUS 8 Security Model Benefits 23  Flexible Security Model  Over 150 assignable privileges  You can develop custom roles  Sub-Groups and Inheritance Simplify Policy Creation  Tools simplify Creation and Management of Policies  Possible to Address Enterprise and SaaS Markets  Possible to Address Each Customer’s Unique Needs

24 WebFOCUS 8 Enhancement Highlights 24

25 WebFOCUS 8 Enhancement Highlights 25  Resource Templates  Private Content, Publishing, and Content Sharing  Localization  Licensing  Authorization Mapping

26 Resource Templates The Deployment Challenges Facing Administrators 26  What are our security requirements?  How do I design and implement a security policy?  How long will it take to create security rules?  What best practices should I be aware of?  Where do I start?

27 Resource Templates Simplifying the Creation of Security Policies 27  Resource Templates Automate the Creation of  Folders, portals, groups, roles, security rules  WebFOCUS 8.0.01 Includes Two Resource Templates:  Enterprise Domain template  SaaS Tenant Domain template

28 Resource Templates Simplifying the Creation of Security Policies 28  The Enterprise Domain Template Creates:  1 Domain-specific Folder, Portal, and Group  4 Sub-groups  21 Domain-specific Rules  8 Configurable Roles

29 Resource Templates Simplifying the Creation of Security Policies 29  The SaaS Tenant Template Creates the Same Things Plus  A Common folder  The EVERYONE group is hidden

30 Resource Templates Simplifying the Creation of Security Policies  The template also creates the required security rules 30

31 Resource Templates Support Site and Roadmap 31  Latest Information on Templates:  Download the Policy Design Worksheet  Use this to plan your custom deployment  Roadmap: Create Your Own Templates https://techsupport.informationbuilders.com/tech /wbf/v8templates/wbf_8_resource_templates.html

32 Private Content, Publishing, and Sharing Private Content 32  All Content Initially Created as Private  Visible only to owner  Doesn’t inherit security  Administrators with Manage Private Resources can access private content  Authority to Create Private Items Outside of a My Content Folder Can be Assigned In 8.0.01 private content is indicated with a grayscale overlay on the icon

33 Private Content, Publishing, and Sharing Publishing Private Content 33  Authorized Users Can Publish a Private Resource  Published resources inherit security rules from parent  Create, Publish & Un-Publish are separately assignable  Contrast with Formal Change Control Model  Isolated DEV/TEST/PROD environments  Developers don’t have write access to TEST/PROD  But a Useful Alternative in SaaS Deployments  SaaS tenant developers only interact with PROD  Tenant developers can work out of view from users  Publishing completed reports is simple  IBFS paths don’t change  Consider Developing In-Place with Private Content

34 Private Content, Publishing, and Sharing My Content Folders 34  End-Users Need to Create Resources in Production  This is facilitated by special My Content folders  A Folder Property Enables Support for My Content  Assignable Privilege Determines Who Gets One Private content, created and saved by a user to their My Content folder

35 Private Content, Publishing, and Sharing Content Sharing 35  Complete Control Over Content Sharing  Share – simple sharing determined by WebFOCUS  Share with – user determines who to share with  Configurable Policy Determines Available Users/Groups Shared content Assignable sharing options  Enhanced Shared Content View  Only Users Sharing Content are Shown

36 Authorization Mapping Key Requirement for Enterprise & SaaS Deployments 36  What if you Manage Authorizations in LDAP/AD via…  The user’s group memberships  A custom attribute on the user entry Groups in AD/LDAP User Attribute in Oracle LDAP  Authorization Mapping is Built-in to WebFOCUS 8

37 Authorization Mapping Key Requirement for Enterprise & SaaS Deployments 37  Administrator Maps the Value to a WebFOCUS Group  Resource Templates Can Configure the Mapping Group DN or user attribute value is mapped to WF group

38 LDAP Authorization Mapping Key Requirement for Enterprise & SaaS Deployments 38 User accounts are automatically created during sign-on Mapped WebFOCUS groups have a link icon

39 Other Security Enhancements Password Policies, Auditing  For Customers Using Internal Authentication  Strong encryption for password hashes  Configurable password policies  Built-in Protection from Web Vulnerabilities  Built-in User and Administrative Activity Auditing 39 [2012-05-30 08:30:13,267] INFO groups ed214e45667f0f1 thoja13 addUserToGroup SUCCESS user:smija03 (314568704) group:IBFS:/SSYS/GROUPS/Retail/Developers (614187006) This user Used this API To move this user Into this group

40 Localizable Content Titles A Complete Solution for Localized Applications 40 User sees label based on their language preference Repository data can be localized

41 WebFOCUS 8 Client License New for WebFOCUS 8 41  Enforces Licensed Options  Features: BI Portal, InfoAssist, ReportCaster, etc.  Managed Reporting user count  InfoAssist user count (future release)  Work with Customer Support/Account Team  Make sure your site code ( XXXX.nn ) reflects your products

42 Migrating to WebFOCUS 8 42

43 Migrating to WebFOCUS 8 Built-in Utilities to Simplify the Process  Utility Migrates 7x Content  ReportCaster Content  Managed Reporting Content  Dashboards  Dashboard Conversion to BI Portals  Not Automatic  User Experience and Policies Preserved  Identical folder structure  Identical security policy 43

44 44 Understanding a Migrated Policy MR7x to WF8  MR 7x users had only a single role and optionally a few extra privileges  The role was defined on the user  Migration creates a policy with this same behavior  Requires the User Default Role (UDR) Setting

45 45 Understanding a Migrated Policy MR7x to WF8  Sets special system Roles between migrated Groups and Domain folders

46 46 Understanding a Migrated Policy MR7x to WF8  Enables Default Role tab on the user account  Here the user’s 7x “role” and “privileges” are defined  They apply to all Domain folders

47 Summary 47

48 WebFOCUS 8 Technical Overview Summary  Rich Portal and Tool Interfaces  Replace BI Dashboard and Java Applet UIs  Integrated Repository Based on IBFS  Unified, fully localizable repository for MR, BIP, RC  Full control of content organization and security policy  Resource Templates simplify security policy creation  Enhanced Content Publishing and Sharing  External Authorization Built-in  Migration Utilities Streamline Upgrade  WebFOCUS 8.0.01 requires 8.0.01 Report Server 48

49 49

Download ppt "Jim Thorstad Technical Director, WebFOCUS Product Management WebFOCUS 8: Technical Overview 1."

Similar presentations

Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
WebFOCUS 8: Technical Overview

WebFOCUS 8: Technical Overview
System Center Configuration Manager Push Software By, Teresa Behm.

System Center Configuration Manager Push Software By, Teresa Behm.
WebFOCUS 8: Technical Overview

WebFOCUS 8: Technical Overview
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
27. to 28. March 2007 | Geneva, Switzerland. Fabrice Romelard ilem SA Level 200.

27. to 28. March 2007 | Geneva, Switzerland. Fabrice Romelard ilem SA Level 200.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Understanding Active Directory

Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
WebFOCUS 8: Best Practices for Migration

WebFOCUS 8: Best Practices for Migration
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

Similar presentations

Ads by Google