1 / 56

WebFOCUS 8: Technical Overview

WebFOCUS 8: Technical Overview. Jim Thorstad Technical Director, WebFOCUS Product Management. July 2012 Update. Agenda. Introducing WebFOCUS 8 Architecture Security Model Enhancement Highlights Migrating to WebFOCUS 8. Introducing WebFOCUS 8.

badu
Download Presentation

WebFOCUS 8: Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WebFOCUS 8: Technical Overview Jim Thorstad Technical Director, WebFOCUS Product Management July 2012 Update

  2. Agenda • Introducing WebFOCUS 8 • Architecture • Security Model • Enhancement Highlights • Migrating to WebFOCUS 8

  3. Introducing WebFOCUS 8

  4. What is WebFOCUS 8?Understanding Middle-tier vs. Server-tier Components WebFOCUS 8 Updates the Middle-tier WebFOCUS Client Managed Reporting ReportCaster BI Portal/Dashboard WebFOCUS Report Server Users Data WebFOCUS 8.0.00 + Report Server 7.7.04

  5. Why Did We Create WebFOCUS 8?A Strategic Platform Initiative WebFOCUS 8 Supports Information BuildersCustomers Across Four Key Markets EnterpriseBI IBM DB2 Web QueryTM SaaS SmallBusiness WebFOCUS ExpressTM OEM WebFOCUS Version 8 WebFOCUS Version 8 Platform

  6. Why Did We Create WebFOCUS 8?What’s Common Across these Markets? WebFOCUS8 Platform A rich customizable portal Enterprise BI Easy to use tools SaaS A fine-grained security model WF Express Integrate with external systems Web Query Easy to administer A migration path

  7. What is Included in WebFOCUS 8Marquee Features WebFOCUS Client and Managed Reporting • Integrated repository • Fine-grained security model • External security integration Business Intelligence Portal • Rich interface for content & collaboration • Drag-and drop and live preview • Page-level security

  8. What is Included in WebFOCUS 8Marquee Features InfoAssist • Rich interface for creating reports & graphs • Ribbon-style interface replaces Java applet • HTML5 charts and a dozen new features ReportCaster • Full integration with WebFOCUS 8 • Ribbon-style interface replaces Java applet • Group schedule administration

  9. What’s New in WebFOCUS Report Server 7.7.04Released April 2012 • Ribbon-based Console • Over 110 Enhancements • Language (22) • Active Technology (6) • Server and Console (29) • Adapters (30) • DataMigrator (19) • Resource Analyzer/Gov (5) • Required by WebFOCUS 8.0 http://documentation.informationbuilders.com/masterindex/html/html_wf_7704/snfhilit/snfhilit.pdf

  10. WebFOCUS 8 Architecture

  11. WebFOCUS 8 ArchitectureIntegrated Repository WebFOCUS Client Managed Reporting BI Portal ReportCaster WebFOCUS Report Server Reports Schedules Content Users Groups Security Metadata Uploaded Data Application Directories WebFOCUS 8 Repository

  12. WebFOCUS 8 ArchitectureContent is Accessed via the IBFS Service Layer RC Distribution Server IBFS Service Layer HTTP Service Core WFMR/BIP/RC ReportCaster uses an IBFS Service API to access report procedures in the repository Eliminates problematic HTTP requests to the web tier WebFOCUS 8 Repository

  13. Information Builders File SystemWebFOCUS 8 Architecture Is Built Around IBFS • IBFS Service Layer – Internal Subsystem • IBFS Path – an Object Addressing Scheme IBFS paths used in drill-down links, schedules, security rules For backward compatibility, migrated content can still be accessed via HREF properties

  14. Information Builders File SystemIBFS is All-Encompassing • IBFS Used to Reference • Reports, portal pages • Schedules, output • Users, groups • Report Servers IBFS governs access to everything • IBFS is Hierarchical and Enables • Security policy inheritance • Group nesting • Full control over content organization

  15. Information Builders File SystemIBFS Enables Full Control of Content Organization Mandatory folders in 7x are migrated “as is” … but are no longer required in 8.0 Reports, reporting objects, and library output can be deployed in the same folder Folder depth not limited to one sub-folder

  16. WebFOCUS 8 High-level ArchitectureRunning Report Requests WebFOCUS runs interactive requests through IBFS ReportCaster runs scheduled reports through JLINK RC Distribution Server IBFS Service Layer HTTP Service Core WFMR/BIP/RC JLINK Scheduled Jobs Web Requests WebFOCUS Report Server WebFOCUS 8 Repository

  17. WebFOCUS 8 High-level ArchitectureMoving ReportCaster Distribution Server Off JLINK • On the Roadmap (post 8.0.01) • Enables Passing of WF8 Groups to the Server • Use server group profiles with scheduled jobs • IBI_WFRS_Passthrough_Groups=ALL RC Distribution Server IBFS Service Layer • Enables site.wfs Processing • <set> wfvariable (pass) • Use WF Variables in scheduled jobs Scheduled Jobs WebFOCUS Report Server

  18. WebFOCUS 8 Security Model

  19. Why a New Security Model?Customer Feedback Related to WebFOCUS 7x • Managed Reporting Role Security was Limiting • Only 5 base roles and 9 permissions • One role for all Domains • Domain Security Model was Limiting • Couldn’t customize security on sub-folders • Content Sharing was Limiting • Couldn’t share with specific people • Challenging for Multi-tenancy SaaS Deployments • Couldn’t allow sharing in a common Domain—user’s would see content from other tenants • Dilemma: abandon common domain or drop sharing? WebFOCUS 8 Addresses These Challenges!

  20. WebFOCUS 8 Security ModelKey Concepts • Security Rule, which Binds Together… • Subjects – objects that can be authorized • Permissions – capabilities that can be assigned • Resources – objects that can be secured • Access – type of the rule: permit, deny, etc. • Apply To – scope of the rule: folder, folder & children, children only • Permission Set – Collection of Permissions • Simplifies Rule Creation • Security Policy – Collection of Security Rules • Effective Policy – Evaluation of the Security Policy • Bob has permissions A, B, C on resource X

  21. WebFOCUS 8 Security Model Understanding Group Membership • Policy Evaluation Includes Processing of a User’s: • Explicitly assigned groups • Implicit groups • Bob is assigned to the Sales Basic Users group • Sales Basic Users is nested under Sales • Bob implicitly belongs to Sales • Rules associated with both groups apply to Bob Bob

  22. WebFOCUS 8 Security Model Simple Security Policy with 3 Rules Note that groups (and users) are unique in that they can be both Subjects and Resources

  23. WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Users & Groups Tab

  24. WebFOCUS 8 Security ModelWebFOCUS 8 Security Center – Permission Sets Tab

  25. WebFOCUS 8 Security Model Creating Security Rules Select any IBFS resource and then clickSecurity > Rules…

  26. WebFOCUS 8 Security ModelCreating Security Rules – Security Rules Dialog Dialog shows the resource You select a subject Then the permission set, access type and scope Click OK to create the rule(s)

  27. WebFOCUS 8 Security ModelSecurity > Rules on this Resource… Rules on this Resource dialog answers the question: “Who has access to this resource?”

  28. WebFOCUS 8 Security ModelWebFOCUS 8 Global Groups • Consider Using Global Groups Carefully Through inheritance global groups have access to everything in the repository

  29. WebFOCUS 8 Security Model Benefits • Flexible Security Model • Over 150 assignable permissions • Can develop custom permission sets • Sub-Groups and Inheritance Simplify Policy Creation • Easy to Use Tools to Create and Verify Security Policies • Makes it Possible to Support Many Different Deployment Requirements

  30. WebFOCUS 8 Enhancement Highlights

  31. WebFOCUS 8 Enhancement Highlights • Resource Templates • Private Content, Publishing, and Content Sharing • Localization • Licensing • Authorization Mapping

  32. Resource TemplatesThe Deployment Challenges Facing Administrators • What are our security requirements? • How do I design and implement a security policy? • How long will it take to create security rules? • What best practices should I be aware of? • Where do I start?

  33. Resource TemplatesSimplifying the Creation of Security Policies • Resource Templates Automate the Creation of • Groups, resources, permission sets, security rules • Information Builders Provides Sample Templates • Predefined policies for specific business requirements • Best practice policy design • Good place to start The Domain templates prompt for name & title Select a template

  34. Resource TemplatesSimplifying the Creation of Security Policies The template creates predefined folders, groups, and permission sets

  35. Resource TemplatesSimplifying the Creation of Security Policies … and security rules

  36. Resource TemplatesSupport Site and Roadmap • Latest Templates Available on Support: • Available Templates • Updated Domain templates • SaaS-oriented templates • Each Template Includes • Release Notes with installation steps, limitations • Policy design worksheet that describes rule definitions and permission sets • Create Your Own Templates • Plan to document the process in 8.0.01 https://techsupport.informationbuilders.com/tech /wbf/v8templates/wbf_8_resource_templates.html

  37. Private Content, Publishing, and SharingFully Configurable My Content Folders • Folder Property Enables Support for My Content • Assignable Permission Determines Who Gets One Private content, created and saved by a user to their My Content folder

  38. Private Content, Publishing, and SharingPrivate Content: Simplified Content Deployment • All Content Initially Created as Private • Doesn’t inherit security rules from above • Visible only to owner • Administrators with Manage Private Resources can access private content • Authorized Users Can Create New Content “In-Place” In 8.0.00 private content, created by a developer is displayed in a non-bold font

  39. Private Content, Publishing, and SharingPrivate Content: Simplified Content Deployment • All Content Initially Created as Private • Doesn’t inherit security rules from above • Visible only to owner • Administrators with Manage Private Resources can access private content • Authorized Users Can Create New Content “In-Place” In 8.0.01 all content is non-bold and private content is indicated with a grayscale overlay on the icon

  40. Private Content, Publishing, and SharingPublishing Private Content • Published Items Become System-Managed • Inherit security rules from above • Create, Publish & Un-Publish are separately assignable • Offers Flexible Alternatives to Formal Change Control • That require isolated DEV/TEST/PROD environments • Particularly Useful in SaaS Deployments • Formal change control not practical • Tenant developers can work out of view from users • Publishing to users is simple • IBFS paths don’t change • Consider Developing In-Place with Private Content

  41. Private Content, Publishing, and SharingContent Sharing Enhancements • Complete Control Over Content Sharing • Share – simple sharing determined by WebFOCUS • Share with – user determines who to share with • Configurable Policy Determines Available Users/Groups • Enhanced Shared Content View • Only Users with Shared Content are Displayed Shared content Assignable sharing options

  42. Other Security Enhancements • For Customers Using Internal Authentication • Strong Encryption for Passwords • Configurable Password Policies • Built-in User and Administrative Activity Auditing This user Used this API To move this user [2012-05-30 08:30:13,267] INFO groups ed214e45667f0f1 thoja13 addUserToGroup SUCCESS user:smija03 (314568704) group:IBFS:/SSYS/GROUPS/Retail/Developers (614187006) Into this group

  43. Authorization MappingKey Requirement for Enterprise & SaaS Deployments • What If We Use LDAP/AD for Authorization? • The user’s group memberships • A custom attribute on the user entry • LDAP/AD Authorization Mapping is Built-in to WebFOCUS 8 LDAP/AD Groups User Attribute

  44. Authorization MappingLDAP/AD Authorization Mapping Built-in to WebFOCUS 8 • Administrator Maps the Value to a WebFOCUS Group • Resource Templates Can Configure the Mapping (8.0.01) Group DN or attribute value is mapped to WF group

  45. LDAP Authorization MappingPowerful Integration for Enterprise & SaaS Deployments Mapped WebFOCUS groups have a link icon User accounts are automatically created during sign-on

  46. Localizable Content TitlesA Complete Solution for Localized Applications Repository data can be localized User sees label based on their language preference

  47. WebFOCUS 8 Client LicenseNew for WebFOCUS 8 • Enforces Licensed Options • Features: BI Portal, InfoAssist, ReportCaster, etc. • Managed Reporting user count • InfoAssist user count (future release) • Work with Customer Support/Account Team • Make sure your site code (XXXX.nn) reflects your products

  48. Migrating to WebFOCUS 8

  49. Migrating to WebFOCUS 8Built-in Utilities to Simplify the Process • Utility Migrates 7x Content • ReportCaster Content • Managed Reporting Content • Dashboards • Dashboard Conversion to BI Portals • Not Automatic • User Experience and Policies Preserved • Identical folder structure • Identical security policy 8.0 7x

  50. Migrating to WebFOCUS 8Understanding the Security Policy for Migrated Content • 7x Security Policies are Replicated in WebFOCUS 8.0 • The User Default Role feature is enabled • Special User Default Role (UDR) Rules Connect Migrated Groups to Migrated Domain folders Special permission sets are configured on the user User Default Role tab is enabled

More Related