Download
1 / 29
E N D
1. Designing an Identity Management Portal Integrating Identity and Access with SharePoint Welcome to our DEC 2008 proposal, this is the culmination of several weeks worth of research and slide-smithing. Although it may not look like much from the deck perspective we hope that the lecture version of this presentation is both thought provoking and informative. In the end we had to omit much of the material we had planned from the start (to auspicious I know) but it has been redirected to our blogs instead. So instead of demoing a complete portal experience that might look good on screen but not apply to anything you personally need we chose to focus on the fundamental elements of introducing SharePoint into an IDA managed environment. Look for related content there…Welcome to our DEC 2008 proposal, this is the culmination of several weeks worth of research and slide-smithing. Although it may not look like much from the deck perspective we hope that the lecture version of this presentation is both thought provoking and informative. In the end we had to omit much of the material we had planned from the start (to auspicious I know) but it has been redirected to our blogs instead. So instead of demoing a complete portal experience that might look good on screen but not apply to anything you personally need we chose to focus on the fundamental elements of introducing SharePoint into an IDA managed environment. Look for related content there…
2. In the end we chose a simple “People, Process, Technology” approach to quantifying our objectives:
People – from a people perspective this deck is intended to help those likely skilled in MIIS/ILM but relatively new to SharePoint.
Process – from a process perspective this deck is intended to identify some of the common problems you may face when installing WSS 3.0 for the first time.
Technology – from a technology perspective this deck is intended to identify two areas of concern:
Security – issues surrounding the addition and removal of users or groups (basic access control) within SharePoint is the number one incident for Microsoft Support. This deck will concentrate on the back-end security aspects of introducing SharePoint to new environments or, as the IDA steward in your company, what you might expect when adding future IDA portals to an existing MOSS infrastructure.
Content – the focus here is on the items and elements you may use to assemble an IDA portal with attention on dashboarding and custom reporting for identity and workflow objects.In the end we chose a simple “People, Process, Technology” approach to quantifying our objectives:
People – from a people perspective this deck is intended to help those likely skilled in MIIS/ILM but relatively new to SharePoint.
Process – from a process perspective this deck is intended to identify some of the common problems you may face when installing WSS 3.0 for the first time.
Technology – from a technology perspective this deck is intended to identify two areas of concern:
Security – issues surrounding the addition and removal of users or groups (basic access control) within SharePoint is the number one incident for Microsoft Support. This deck will concentrate on the back-end security aspects of introducing SharePoint to new environments or, as the IDA steward in your company, what you might expect when adding future IDA portals to an existing MOSS infrastructure.
Content – the focus here is on the items and elements you may use to assemble an IDA portal with attention on dashboarding and custom reporting for identity and workflow objects.
3. ILM “2” Architecture Overview This section will cover, at a high level, the anticipated changes in ILM “2” as they relate to the newly developing requirements for WSS 3.0 and how IDA related portals have been cropping up for some time now to host various identity or access related applications. In the past, MIIS deployments consisted of three key areas of required knowledge: 1) Directory, 2) SQL, 3) .NET. This triumvirate of skills is now expanding to include new technologies the ILM Architects, Engineers, and Administrators must know like: Windows Workflow Foundation, Windows SharePoint Services, and even Windows Communication Framework.This section will cover, at a high level, the anticipated changes in ILM “2” as they relate to the newly developing requirements for WSS 3.0 and how IDA related portals have been cropping up for some time now to host various identity or access related applications. In the past, MIIS deployments consisted of three key areas of required knowledge: 1) Directory, 2) SQL, 3) .NET. This triumvirate of skills is now expanding to include new technologies the ILM Architects, Engineers, and Administrators must know like: Windows Workflow Foundation, Windows SharePoint Services, and even Windows Communication Framework.
4. ILM “2” Architecture Traditional MIIS and ILM deployments will go from determining “local or remote SQL install, clustered or not” to “how many servers to scale the new components?” Scalability in ILM “2” will likely follow the same model on the database side; however now there are two additional components to scale:
ILM Resource Management Service – designed to be scalable
WSS Portal – most commonly scaled by using MOSS 2007 farm
It is unknown as to whether or not the workflow engine will be scalable or not to multiple systems but it will likely follow the instance of the ILM “2” data store (formerly the Raven store).Traditional MIIS and ILM deployments will go from determining “local or remote SQL install, clustered or not” to “how many servers to scale the new components?” Scalability in ILM “2” will likely follow the same model on the database side; however now there are two additional components to scale:
ILM Resource Management Service – designed to be scalable
WSS Portal – most commonly scaled by using MOSS 2007 farm
It is unknown as to whether or not the workflow engine will be scalable or not to multiple systems but it will likely follow the instance of the ILM “2” data store (formerly the Raven store).
5. SharePoint Database As of ILM “2” Beta 2, only the Windows Internal Database is supported for hosting the ILM portal application
This isn’t going to be acceptable for most deployments Installing WSS with the “typical” install option has the benefit of creating the default site collection for you; however it forces you to use the Windows Internal Database which most organizations will not support for distributed “enterprise” applications.Installing WSS with the “typical” install option has the benefit of creating the default site collection for you; however it forces you to use the Windows Internal Database which most organizations will not support for distributed “enterprise” applications.
6. IDA Evolving Skill Sets MIIS had it’s triumvirate of skills necessary to deploy the product, a basic knowledge of directory service, .NET Framework development and SQL/DMBS skills. In today’s ILM and ILM “2” landscapes not only has the individual “lobes” expanded but a new one has emerged – SharePoint. In the ILM “2” timeframe IDA Architects and Administrators will need to understand the ramifications of introducing WSS 3.0 in their environment or what steps are necessary to integrate it with an existing deployment of MOSS 2007.MIIS had it’s triumvirate of skills necessary to deploy the product, a basic knowledge of directory service, .NET Framework development and SQL/DMBS skills. In today’s ILM and ILM “2” landscapes not only has the individual “lobes” expanded but a new one has emerged – SharePoint. In the ILM “2” timeframe IDA Architects and Administrators will need to understand the ramifications of introducing WSS 3.0 in their environment or what steps are necessary to integrate it with an existing deployment of MOSS 2007.
7. Directory Services Working with Directory MA’s mostly consisted of AD/ADAM skill sets and occasionally e-Directory, OpenLDAP or iPlanet. Some engagements involved GAL synchronization between Exchange organizations and even password synchronization from AD to other LDAP or XMA targets. Most engagements involved provisioning of LDAP based mail solutions like Exchange.Working with Directory MA’s mostly consisted of AD/ADAM skill sets and occasionally e-Directory, OpenLDAP or iPlanet. Some engagements involved GAL synchronization between Exchange organizations and even password synchronization from AD to other LDAP or XMA targets. Most engagements involved provisioning of LDAP based mail solutions like Exchange.
8. .NET Framework All deployments involve some measure of MA rules extensions for custom join and attribute flow logic and code has always been required to do any measure of custom provisioning. Extensible Management Agents have been used to extend the reach of MIIS or improve the efficiency of access to existing systems to provide a more tailored solution. In the ILM “2” landscape additional attention will be focused on WCF and WF capabilities.
ILM “2” introduces an SDK that now allows things such as:
A managed interface for reads and writes of data in AD
Reporting interfaces
A managed interface for configuration of MA’s and server
All deployments involve some measure of MA rules extensions for custom join and attribute flow logic and code has always been required to do any measure of custom provisioning. Extensible Management Agents have been used to extend the reach of MIIS or improve the efficiency of access to existing systems to provide a more tailored solution. In the ILM “2” landscape additional attention will be focused on WCF and WF capabilities.
ILM “2” introduces an SDK that now allows things such as:
A managed interface for reads and writes of data in AD
Reporting interfaces
A managed interface for configuration of MA’s and server
9. SQL/DBMS As implementation teams gain more experience with the product the value of pre-processing data in SQL becomes apparent in the ability to process data through the engine more effectively. Strategies for adapting DBMS data sources for delta processing become essential elevating the need for basic Transact/SQL experience. Custom group management solutions often depend on the ability to design and build SQL processes to act as the authoritative source for Groups or specialized entitlements like admin or service accounts. Gaining access to data in the metaverse leads to involvement with SQL components such as Reporting Services, automation through Integration Services, and advanced analysis and data mining through Analysis Services. Advanced SQL DBA’s are able to apply techniques in database and table partitioning to extract additional performance.As implementation teams gain more experience with the product the value of pre-processing data in SQL becomes apparent in the ability to process data through the engine more effectively. Strategies for adapting DBMS data sources for delta processing become essential elevating the need for basic Transact/SQL experience. Custom group management solutions often depend on the ability to design and build SQL processes to act as the authoritative source for Groups or specialized entitlements like admin or service accounts. Gaining access to data in the metaverse leads to involvement with SQL components such as Reporting Services, automation through Integration Services, and advanced analysis and data mining through Analysis Services. Advanced SQL DBA’s are able to apply techniques in database and table partitioning to extract additional performance.
10. Certificate Lifecycle Manager
11. Windows SharePoint Services ILM “2” introduces a new competency to list of skills necessary in future ILM deployments which is the focus of this presentation. Instead of multiple web sites with their own look and feel, a unified experience can be achieved through the use of Windows SharePoint Services (WSS 3.0). Existing web parts within WSS or new web parts introduced as part of ILM “2” can be leveraged to customize the user and administrative experiences for managing identity. For the first time, a full identity self service ability will be available and customizable. Reporting and Workflow integration available through WSS allow for a richer experience and SharePoint search capability extends into MOSS deployments allowing identity data to be searchable.ILM “2” introduces a new competency to list of skills necessary in future ILM deployments which is the focus of this presentation. Instead of multiple web sites with their own look and feel, a unified experience can be achieved through the use of Windows SharePoint Services (WSS 3.0). Existing web parts within WSS or new web parts introduced as part of ILM “2” can be leveraged to customize the user and administrative experiences for managing identity. For the first time, a full identity self service ability will be available and customizable. Reporting and Workflow integration available through WSS allow for a richer experience and SharePoint search capability extends into MOSS deployments allowing identity data to be searchable.
12. Office Integration ILM “2” will integrate several features into the Office 2007 suite such as Workflow approvals and Group self-service through Outlook. The new web service will be able to expose information for reporting or custom Ribbon Extensions of your own.
Combining Exchange 2007 and Office Communication Server 2007 features it’s not much of a stretch to see how features like Presence could factor into running Workflows and take advantage of IM services or the presence status of an identity.ILM “2” will integrate several features into the Office 2007 suite such as Workflow approvals and Group self-service through Outlook. The new web service will be able to expose information for reporting or custom Ribbon Extensions of your own.
Combining Exchange 2007 and Office Communication Server 2007 features it’s not much of a stretch to see how features like Presence could factor into running Workflows and take advantage of IM services or the presence status of an identity.
13. Sharepoint Portal security MIIS took its lumps back during the InfoWorld Identity Shootout for not having a cohesive management experience. In this section we’ll talk about why SharePoint is the logical choice for consolidating the Identity and Access Management user experience and we’ll look at common configuration challenges – namely common configuration mistakes and Kerberos authentication with Active Directory. This section will also detail a solution for ILM that will provide a method for the management of delegated Kerberos rights for key service and computer accounts. This section should leave the audience better equipped to integrate ILM “2” portals with existing SharePoint deployments.MIIS took its lumps back during the InfoWorld Identity Shootout for not having a cohesive management experience. In this section we’ll talk about why SharePoint is the logical choice for consolidating the Identity and Access Management user experience and we’ll look at common configuration challenges – namely common configuration mistakes and Kerberos authentication with Active Directory. This section will also detail a solution for ILM that will provide a method for the management of delegated Kerberos rights for key service and computer accounts. This section should leave the audience better equipped to integrate ILM “2” portals with existing SharePoint deployments.
14. Getting Started with WSS 3.0 “What do I need to know to get started?”
Windows SharePoint Services 3.0 Technical Library
Getting started for Windows SharePoint Services 3.0 technology
Microsoft SharePoint Products and Technologies Team Blog
Microsoft E-Learning Collections: 5403
Microsoft E-Learning Courses: 5244, 5245, 5246, 5247
Microsoft Windows SharePoint Services 3.0 Step by Step
15. WSS Common Problems “I can’t find the database” – you installed using “Typical” mode and now you have Windows Internal Database
“How do I create a portal” – create a new Web Application first and then create a new Site Collection
“Trouble accessing the site” – check your Alternate Access Mappings, these should match the URL you’re attempting as well as your host headers; also make sure Anonymous access is disabled and that these sites are in the Intranet zone in IE Some of the first problems I encountered installing WSS 3.0 for the first time and doing a Typical installation was that I expected to find the SharePoint databases in SQL but they just weren’t there. This is of course, a consequence of doing the “Typical” installation which defaults to the Windows Internal Database. Doing a Custom installation leaves you with the db in SQL but now you don’t have an initial web application or site collection so you have to navigate that terminology in Central Admin and attempt to figure that out.
The other issues I had here had to do with accessing the portal from other systems – the first challenge of course is getting IE to pass the credentials so a quick change add to the Intranet zone resolves that. Next on the list of culprits are your Alternate Access Mappings – these are the URL’s you expect to contact the site over and they need to match your host headers in IIS. You will only get the ‘default’ zone with the shortname first and you’ll have to manually create the other zones.Some of the first problems I encountered installing WSS 3.0 for the first time and doing a Typical installation was that I expected to find the SharePoint databases in SQL but they just weren’t there. This is of course, a consequence of doing the “Typical” installation which defaults to the Windows Internal Database. Doing a Custom installation leaves you with the db in SQL but now you don’t have an initial web application or site collection so you have to navigate that terminology in Central Admin and attempt to figure that out.
The other issues I had here had to do with accessing the portal from other systems – the first challenge of course is getting IE to pass the credentials so a quick change add to the Intranet zone resolves that. Next on the list of culprits are your Alternate Access Mappings – these are the URL’s you expect to contact the site over and they need to match your host headers in IIS. You will only get the ‘default’ zone with the shortname first and you’ll have to manually create the other zones.
16. WSS Common Problems (contd) “Occasionally it takes ‘forever’ for the portal to respond” – this is IIS shutting the process down after it becomes idle A default setting in IIS for the application pool causes the pool to be recycled periodically. However, SharePoint does not instantiate itself until the first request is made for a given portal, so occasionally (especially after an IISRESET) this results in extended load times which is really cumbersome to deal with in testing. You can remove this setting as indicated in the picture above.
In some cases the .NET Framework does not register properly with IIS and you’ll get an annoying message that claims you don’t have the rights to a certain temp directory. While this masquerades as a security issue it can only be solved by running “aspnet_regiis –I” from the appropriate framework directory. This will re-register the Framework.
Default install uses NTLM, not Kerberos; you’re not really protecting content via NTFS permissions like with typical web sites since SharePoint retrieves its content from SQL. Configuring WSS for Kerberos authN is very tricky and way harder than it needs to be! Refer to the blog for more information on the Kerberos issues.
A default setting in IIS for the application pool causes the pool to be recycled periodically. However, SharePoint does not instantiate itself until the first request is made for a given portal, so occasionally (especially after an IISRESET) this results in extended load times which is really cumbersome to deal with in testing. You can remove this setting as indicated in the picture above.
In some cases the .NET Framework does not register properly with IIS and you’ll get an annoying message that claims you don’t have the rights to a certain temp directory. While this masquerades as a security issue it can only be solved by running “aspnet_regiis –I” from the appropriate framework directory. This will re-register the Framework.
Default install uses NTLM, not Kerberos; you’re not really protecting content via NTFS permissions like with typical web sites since SharePoint retrieves its content from SQL. Configuring WSS for Kerberos authN is very tricky and way harder than it needs to be! Refer to the blog for more information on the Kerberos issues.
17. ILM Proof of Concept Check 1dent1y cHa0s for the release this week:
ADMA configured to read AzMan store from AD
Sample attribute flow code to set SPN’s and delegation on service accounts
Walkthrough for configuring AzMan to model the application, service class, and URI’s. All of the following supplemental content has been moved to a series of blarticles describing this in detail. Please refer to http://www.identitychaos.com for more information.All of the following supplemental content has been moved to a series of blarticles describing this in detail. Please refer to http://www.identitychaos.com for more information.
18. Modeling SPN Relationships Whatever method you ultimately decide to use to model the relationships between an application, it’s service accounts and the required SPN’s the important thing to consider is which delegation model you’re attempting to implement.
Normal Delegation – pretty simple, you only need to build a relationship between the service account and the SPN’s
Constrained Delegation – more complex, you also need to have a relationship between service accounts as the SPN’s assigned to the SQL account will also need to be added to the service account used for the web application in the msDS-AllowedToDelegateTo attribute
NOTE: It’s not necessary for the SQL service account to be trusted for delegation unless it is also delegating requests to other servers on behalf of the same account. Whatever method you ultimately decide to use to model the relationships between an application, it’s service accounts and the required SPN’s the important thing to consider is which delegation model you’re attempting to implement.
Normal Delegation – pretty simple, you only need to build a relationship between the service account and the SPN’s
Constrained Delegation – more complex, you also need to have a relationship between service accounts as the SPN’s assigned to the SQL account will also need to be added to the service account used for the web application in the msDS-AllowedToDelegateTo attribute
NOTE: It’s not necessary for the SQL service account to be trusted for delegation unless it is also delegating requests to other servers on behalf of the same account.
19. AzMan as an Application Model Authorization Manager (AzMan) provides a functional way to model an application in AD or XML
AzMan alone isn’t designed to represent complex relationships required to automate Constrained Delegation – we need some help from SQL or custom SharePoint lists to do this
The entire relationship to model includes:
Application<->Svc Accts<->Svc Classes<->URL:Port
20. Simple Delegation Modeling with AzMan
21. POC: Designing a Portal Solution for the Kerberization problem Built as SharePoint application and leverage AzMan itself for authorizations
Possible Roles for the Portal Application:
Domain Users – no access
App Admins – developers, delegated ability to create and modify apps without the need for the AzMan MMC
Infrastructure Admins – ability to assign AD principals and publish the application
The Portal Application should leverage AzMan AD store to express the modeled applications once published
Web Applications and their associated security principals should be automatically configured for Kerberos delegation by ILM
Workflows should be leveraged whenever tasks change hands or require approval
SharePoint provides all of the tools necessary to build the Portal Application and logic within ILM can complete the modifications to the security principals
22. BUILDING THE ilm Portal Content Once the supporting infrastructure is up and running we have the foundation we need to start building the portal content itself.Once the supporting infrastructure is up and running we have the foundation we need to start building the portal content itself.
23. Elements of a Portal SRS Reports
Shortcuts / Menus For Navigation
Dashboards
Documentation
External Tools
Direct Links
Embedded (<iframe> or otherwise)
Anything Your Little Heart Desires… The elements of a portal are not specific to ILM. In general it’s a gateway to a collection of functionality specific to a technology or application. In our case, we’ll be using items such as SRS reports, Shortcuts and Menus, Dashboards for summaries and related subsets of functionality and SharePoint wrapped presentations of external tools.The elements of a portal are not specific to ILM. In general it’s a gateway to a collection of functionality specific to a technology or application. In our case, we’ll be using items such as SRS reports, Shortcuts and Menus, Dashboards for summaries and related subsets of functionality and SharePoint wrapped presentations of external tools.
24. SharePoint Elements For the most part, the portal is constructed of standard SharePoint (WSS) elements. It how we combine the elements that makes the presentation and interaction worthwhile. Document libraries are generally used to hold related items. A doc lib for pages that contain external applications, for instance, or for reports. Link lists are used to present menus of short cuts to the various applications and reports. Web parts, obviously, are used on the web part pages, which are used to present all of the functional elements: external applications, reports, dashboards.
WSS provides a certain level of customizability, but if it’s not as flexible as requirements dictate, you can use a tool like Microsoft SharePoint Designer to make changes that the WSS interfaces can’t accommodate. There are only a certain number of web part page templates available, for instance. But with Microsoft SharePoint Designer you can create almost any layout you want.For the most part, the portal is constructed of standard SharePoint (WSS) elements. It how we combine the elements that makes the presentation and interaction worthwhile. Document libraries are generally used to hold related items. A doc lib for pages that contain external applications, for instance, or for reports. Link lists are used to present menus of short cuts to the various applications and reports. Web parts, obviously, are used on the web part pages, which are used to present all of the functional elements: external applications, reports, dashboards.
WSS provides a certain level of customizability, but if it’s not as flexible as requirements dictate, you can use a tool like Microsoft SharePoint Designer to make changes that the WSS interfaces can’t accommodate. There are only a certain number of web part page templates available, for instance. But with Microsoft SharePoint Designer you can create almost any layout you want.
25. Reporting Basics: The SRS Web Part SRS Web Part Overview When installed in SharePoint integration mode, SRS adds a Report Viewer web part to the web part gallery. You configure the web part to host a specific report and can even pre-assign values to parameters. You have control over all the standard web part look and feel items, such as title and chrome, etc. The SRS Report Viewer web part is basically an HTML iframe that points to an .rdl file in a WSS document library.When installed in SharePoint integration mode, SRS adds a Report Viewer web part to the web part gallery. You configure the web part to host a specific report and can even pre-assign values to parameters. You have control over all the standard web part look and feel items, such as title and chrome, etc. The SRS Report Viewer web part is basically an HTML iframe that points to an .rdl file in a WSS document library.
26. Dashboards Provide an Overview of System or Identity Status
Use SRS Reports and Other Web Parts as Building Blocks
Advanced Dashboard Techniques
Might Involve HTML and/or JavaScript knowledge
SRS Report Linking
(Not the same thing as drill down reports.) Dashboards provide a collection of information related to a particular entity. Could be the complete ILM system (our typical landing page is such a dashboard), or perhaps a specific entity or identity. Our dashboards are generally comprised of a collection of SRS reports, along with links to tools related to the entity in question. More advanced dashboards take advantage of the web page structure by using HTML and JavaScript to connect reports and pass information between embedded web parts.Dashboards provide a collection of information related to a particular entity. Could be the complete ILM system (our typical landing page is such a dashboard), or perhaps a specific entity or identity. Our dashboards are generally comprised of a collection of SRS reports, along with links to tools related to the entity in question. More advanced dashboards take advantage of the web page structure by using HTML and JavaScript to connect reports and pass information between embedded web parts.
27. Landing Page The basic purpose of the ILM portal is to provide easily accessible, useful information along with access to the tools required to manage the system. Here, we have a branded landing page that immediately shows us the most recent status of our MA run profiles, along with links to additional information and tools. The landing page is essentially a system summary dashboard.
It’s very simple composition includes an Image Web part, A Report Viewer Web part and List Web Part displaying the items from a Links List.The basic purpose of the ILM portal is to provide easily accessible, useful information along with access to the tools required to manage the system. Here, we have a branded landing page that immediately shows us the most recent status of our MA run profiles, along with links to additional information and tools. The landing page is essentially a system summary dashboard.
It’s very simple composition includes an Image Web part, A Report Viewer Web part and List Web Part displaying the items from a Links List.
28. Links and Menus Use Standard SharePoint Lists
Group By Category
Portal navigation is primarily driven through menus of hyperlinks. The menus are based on the standard SharePoint lists of links or documents in a SharePoint Document Library. Again, not a complicated setup. In this example we’ve got two items in an Administrative Tools list. The first links to an external application hosted within a SharePoint page and the other is a complex SRS report-based dashboard.Portal navigation is primarily driven through menus of hyperlinks. The menus are based on the standard SharePoint lists of links or documents in a SharePoint Document Library. Again, not a complicated setup. In this example we’ve got two items in an Administrative Tools list. The first links to an external application hosted within a SharePoint page and the other is a complex SRS report-based dashboard.
29. External Application Example One external application that we always present in our portal solutions is the Camelogic Configuration system. We had a need for a hierarchy based configuration system and we wanted to make it as easy as possible for the clients to use after we’d handed over the system. It’s tightly integrated into Visual Studio for the developer and has a web based editor for the system administrators.
Configuration items are defined in an XML file. Code behind is automatically generated through a Visual Studio custom tool, resulting in a strongly typed configuration object that can be used in your code. Description attributes in the XML file are turned into Intellisense hints displayed in the code editor. The current release supports Boolean, String and enumerated values. String items can hold multiple values so you can swithc between them while testing without having to retype the values.
One external application that we always present in our portal solutions is the Camelogic Configuration system. We had a need for a hierarchy based configuration system and we wanted to make it as easy as possible for the clients to use after we’d handed over the system. It’s tightly integrated into Visual Studio for the developer and has a web based editor for the system administrators.
Configuration items are defined in an XML file. Code behind is automatically generated through a Visual Studio custom tool, resulting in a strongly typed configuration object that can be used in your code. Description attributes in the XML file are turned into Intellisense hints displayed in the code editor. The current release supports Boolean, String and enumerated values. String items can hold multiple values so you can swithc between them while testing without having to retype the values.
30. Integrating External Applications Create Web Parts When Feasible
Use Page Viewer Web Parts
Content Editor Web Parts w/ HTML <iframe>
May Require Some Tweaking w/ SharePoint Designer In order to facilitate administration of the configuration values, we developed a web based editor. It allows a system administrator to change the values associated with configuration items without risk that they will alter the XML structure or naming conventions defined within the configuration file.
This web-based tool is its own ASP .Net application. We integrated it into the portal by embedding it into a SharePoint Web Part page using a content editor web part with an HTML <iframe>. In this case, to get the effect we wanted, we had to use SharePoint Designer to alter the page structure so the interface automatically sized itself to the screen. The web part page was saved into a SharePoint document library and the application is exposed as a link in the Administrative Tools list.In order to facilitate administration of the configuration values, we developed a web based editor. It allows a system administrator to change the values associated with configuration items without risk that they will alter the XML structure or naming conventions defined within the configuration file.
This web-based tool is its own ASP .Net application. We integrated it into the portal by embedding it into a SharePoint Web Part page using a content editor web part with an HTML <iframe>. In this case, to get the effect we wanted, we had to use SharePoint Designer to alter the page structure so the interface automatically sized itself to the screen. The web part page was saved into a SharePoint document library and the application is exposed as a link in the Administrative Tools list.
31. Complex Reporting & Dashboards Moving beyond standard reports, we can create significantly more interesting and interactive dashboards using some more complex reporting techniques. The “complexity” here is in the way we use JavaScript and the nature of HTML and client side rendering to present the information.
In one common example (common in our implementations) we have a report dashboard that displays a significant amount of information about an identity. The dashboard is based on the reports initially developed by Brad Turner and released as the MIIS Community Reporting Pack.Moving beyond standard reports, we can create significantly more interesting and interactive dashboards using some more complex reporting techniques. The “complexity” here is in the way we use JavaScript and the nature of HTML and client side rendering to present the information.
In one common example (common in our implementations) we have a report dashboard that displays a significant amount of information about an identity. The dashboard is based on the reports initially developed by Brad Turner and released as the MIIS Community Reporting Pack.
32. Complex Reporting & Dashboards We start with a simple SRS “Search” report. In the report designer we configure the navigation property of a result textbox to make a JavaScript call.We start with a simple SRS “Search” report. In the report designer we configure the navigation property of a result textbox to make a JavaScript call.
33. Complex Reporting & Dashboards The details report is chained to the search report via that JavaScript call.
In a Content Editor Web Part, we define the JavaScript function that’s being called from the search report. The JavaScript updates an HTML iframe, also defined in the CE Web Part, to point to the details report. As part of the URL for specifying the report, we pass along a few parameters that tell SRS how to display the report (suppressing the toolbar, for instance) as well as the actual query parameters.
When the iframe’s src attribute is updated, the web browser will update the content of the iframe, too.The details report is chained to the search report via that JavaScript call.
In a Content Editor Web Part, we define the JavaScript function that’s being called from the search report. The JavaScript updates an HTML iframe, also defined in the CE Web Part, to point to the details report. As part of the URL for specifying the report, we pass along a few parameters that tell SRS how to display the report (suppressing the toolbar, for instance) as well as the actual query parameters.
When the iframe’s src attribute is updated, the web browser will update the content of the iframe, too.
34. Workflow Integration Use to Incorporate Asynchronous Actions
Allows for Human Interaction in ILM Based Activities
Can be Persisted
Can be Tracked A quick diversion here… An other element we incorporate into out ILM implementations, is workflow. While some of our code may be replaced by the workflow integration capabilities of the next release, the concepts remain the same.
We created a workflow hosting service that uses a SQL Base MA to communicate with MIIS. Here’re the basic on how this works. MIIS provisions a record in a SQL table. Our service scans the table and sees a new record. The service then uses the information in the record to instantiate the proper workflow. The SQL table is used to pass information back to MIIS when required.
If the workflow is long running, it can be persisted - in our case – to a SQL database until it’s time to act again. Along the way, actions taken by the workflow are logged in a tracking database.
We can use the information in the tracking database to report on the status of the workflow.
Bringing us back to our complex report…A quick diversion here… An other element we incorporate into out ILM implementations, is workflow. While some of our code may be replaced by the workflow integration capabilities of the next release, the concepts remain the same.
We created a workflow hosting service that uses a SQL Base MA to communicate with MIIS. Here’re the basic on how this works. MIIS provisions a record in a SQL table. Our service scans the table and sees a new record. The service then uses the information in the record to instantiate the proper workflow. The SQL table is used to pass information back to MIIS when required.
If the workflow is long running, it can be persisted - in our case – to a SQL database until it’s time to act again. Along the way, actions taken by the workflow are logged in a tracking database.
We can use the information in the tracking database to report on the status of the workflow.
Bringing us back to our complex report…
35. Reporting Workflow Status Report linking doesn’t have to be limited to a single master. One of the sub-reports – a list of workflows related to a specific identity – shows the status of a selected workflow.
It’s implemented using almost exactly the same technique. The master report has an embedded JavaScript call and our SharePoint page has an additional Content Editor Web Part with an additional iframe defined.
There are two important differences, though:
One is that since we’re calling from an embedded iframe (our search report is calling from the SharePoint page itself) we have to make sure that we specify that we’re calling a function in the parent page.
Item two is that, in our case, we chose to show the status graphically. In order to do that we had to create a custom report item…Report linking doesn’t have to be limited to a single master. One of the sub-reports – a list of workflows related to a specific identity – shows the status of a selected workflow.
It’s implemented using almost exactly the same technique. The master report has an embedded JavaScript call and our SharePoint page has an additional Content Editor Web Part with an additional iframe defined.
There are two important differences, though:
One is that since we’re calling from an embedded iframe (our search report is calling from the SharePoint page itself) we have to make sure that we specify that we’re calling a function in the parent page.
Item two is that, in our case, we chose to show the status graphically. In order to do that we had to create a custom report item…
36. Custom SRS Report items Provide information in the form of a bitmap
Specific to SRS, not SharePoint
Require advanced .Net coding skills to create.
Drag, Drop and Configure, to use.
Sample Code: To provide some additional flair, custom report items are a great tool. At this point, SRS only supports CRI’s that return an image, so if text manipulation is what you desire, it’s not the best solution. We developed a CRI to provide graphical feedback on the status of a workflow.
CRI’s are an extension to SRS and can be used anywhere you display an SRS report. SharePoint is unaware of their presence, so no SharePoint configuration is necessary.
Developing a CRI requires some advanced .Net coding experience. There’s a design piece used when creating the reports and a run-time piece used when reports are displayed.
Example code for an SRS CRI is available as part of the SQL Server documentation and on MSDN: http://msdn.microsoft.com/msdnmag/issues/06/10/SQLServer2005/
To provide some additional flair, custom report items are a great tool. At this point, SRS only supports CRI’s that return an image, so if text manipulation is what you desire, it’s not the best solution. We developed a CRI to provide graphical feedback on the status of a workflow.
CRI’s are an extension to SRS and can be used anywhere you display an SRS report. SharePoint is unaware of their presence, so no SharePoint configuration is necessary.
Developing a CRI requires some advanced .Net coding experience. There’s a design piece used when creating the reports and a run-time piece used when reports are displayed.
Example code for an SRS CRI is available as part of the SQL Server documentation and on MSDN: http://msdn.microsoft.com/msdnmag/issues/06/10/SQLServer2005/
37. Complex Reporting Live Demo
