1 / 49

WebFOCUS 8: Technical Overview

WebFOCUS 8: Technical Overview. Jim Thorstad Technical Director, WebFOCUS Product Management. Agenda. WebFOCUS 8 Architecture Security Model Enhancement Highlights Demo Q & A. WebFOCUS 8 Architecture. What is WebFOCUS 8? Understanding Middle-tier vs. Server-tier Components.

keahi
Download Presentation

WebFOCUS 8: Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. WebFOCUS 8: Technical Overview Jim Thorstad Technical Director, WebFOCUS Product Management

  2. Agenda • WebFOCUS 8 Architecture • Security Model • Enhancement Highlights • Demo • Q & A

  3. WebFOCUS 8 Architecture

  4. What is WebFOCUS 8?Understanding Middle-tier vs. Server-tier Components WebFOCUS 8 Updates the Middle-tier WebFOCUS Client Managed Reporting ReportCaster BI Portal/Dashboard WebFOCUS Report Server Users Data WebFOCUS 8.0 + Report Server 7.7.04 WebFOCUS 8.0.01 + Report Server 8.0.01

  5. WebFOCUS 8 ArchitectureIntegrated Repository WebFOCUS Client Managed Reporting BI Portal ReportCaster WebFOCUS Report Server Reports Schedules Content Users Groups Security Metadata Uploaded Data Application Directories WebFOCUS 8 Repository

  6. Information Builders File SystemWebFOCUS 8 Architecture Is Built Around IBFS • IBFS Service Layer – Internal Subsystem • IBFS Path – an Object Addressing Scheme IBFS paths used in drill-down links, schedules, security rules For backward compatibility, migrated content can still be accessed via HREF properties

  7. Information Builders File SystemIBFS is All-Encompassing • IBFS Used to Reference • Reports, portal pages • Schedules, output • Users, groups • Report Servers IBFS governs access to everything • IBFS is Hierarchical and Enables • Security policy inheritance • Group nesting • Full control over content organization

  8. Information Builders File SystemIBFS Enables Full Control of Content Organization Mandatory folders in 7x are migrated “as is” … but are no longer required in 8.0 Reports, reporting objects, and library output can be deployed in the same folder Folder depth not limited to one sub-folder

  9. WebFOCUS 8 ArchitectureAll Content is Accessed via the IBFS Service Layer RC Distribution Server IBFS Service Layer HTTP Service Core WFMR/BIP/RC ReportCaster uses an IBFS Service API to access report procedures in the repository Eliminates problematic HTTP requests to the web tier WebFOCUS 8 Repository

  10. WebFOCUS 8 High-level ArchitectureRunning Report Requests WebFOCUS runs interactive requests through IBFS • User ID and Groups can be passed to the Server: • Connection=Trusted/IBIMR_user • IBI_WFRS_Passthrough_Groups=ALL IBFS Service Layer HTTP Service Core WFMR/BIP/RC u=jim, g=Tenant22 Web Requests WebFOCUS Report Server WebFOCUS 8 Repository

  11. WebFOCUS 8 Security Model

  12. Why a New Security Model?Customer Feedback Related to WebFOCUS 7x • Managed Reporting Role Security was Limiting • Only 5 base roles and 9 permissions • One role for all Domains • Domain Security Model was Limiting • Couldn’t customize security on sub-folders • Content Sharing was Limiting • Couldn’t share with specific people • Challenging for Multi-tenancy SaaS Deployments • Couldn’t allow sharing in a common Domain—user’s would see content from other tenants • Dilemma: abandon common domain or drop sharing? WebFOCUS 8 Addresses These Challenges!

  13. WebFOCUS 8 Security ModelBasic Security Concepts • Security Rules Connect… • Subjects – groups/users to authorize • Roles – collection of privileges • Resources – objects to secure • Access – type of rule: permit, deny, ... • Apply To – scope of rule: folder, folder & children, ... • Security Policy – Collection of Security Rules • Effective Policy – Evaluation of the Security Policy • Bob has privileges A, B, C on resource X • Takes into account rule inheritance, rule conflicts, group membership, user-specific rules (if any) The Security Model in WebFOCUS 8 Provides Complete Control of Your Security Policies

  14. WebFOCUS 8 Security Model Understanding Group Membership • Policy Evaluation Includes Processing of a User’s: • Explicitly assigned groups • Implicit groups • Bob is assigned to the Sales Basic Users group • Sales Basic Users belongs to Sales Group • Therefore Bob implicitly belongs to Sales… • And the rules associated with both groups apply implicit Bob explicit

  15. WebFOCUS 8 Security Model WebFOCUS 8 Security Center – Users & Groups Tab

  16. WebFOCUS 8 Security ModelWebFOCUS 8 Security Center – Roles Tab

  17. WebFOCUS 8 Security ModelWebFOCUS 8 Security Center – Role Customization Select all or a portion of the privileges within each category Choose whether users select a Master File or Reporting Object with InfoAssist Choose whether users can upload a spreadsheet to the Reporting Server

  18. WebFOCUS 8 Security Model Creating Security Rules Select any IBFS resource … and then Security > Rules…

  19. WebFOCUS 8 Security ModelCreating Security Rules – Security Rules Dialog The resource You select a subject… …role, type, and scope Click OK to create rule(s)

  20. WebFOCUS 8 Security Model Managing Your Security Policies Rules on this Resource answers: “Who can access this?”

  21. WebFOCUS 8 Security Model Managing Your Security Policies Rules for this Group answers: “What does this group have access to?”

  22. WebFOCUS 8 Security ModelUnderstanding the Built-in Global Groups • Consider Using Global Groups Carefully Global groups have access to all contentthrough inheritance

  23. WebFOCUS 8 Security Model Benefits • Flexible Security Model • Over 150 assignable privileges • You can develop custom roles • Sub-Groups and Inheritance Simplify Policy Creation • Tools simplify Creation and Management of Policies • Possible to Address Enterprise and SaaS Markets • Possible to Address Each Customer’s Unique Needs

  24. WebFOCUS 8 Enhancement Highlights

  25. WebFOCUS 8 Enhancement Highlights • Resource Templates • Private Content, Publishing, and Content Sharing • Localization • Licensing • Authorization Mapping

  26. Resource TemplatesThe Deployment Challenges Facing Administrators • What are our security requirements? • How do I design and implement a security policy? • How long will it take to create security rules? • What best practices should I be aware of? • Where do I start?

  27. Resource TemplatesSimplifying the Creation of Security Policies • Resource Templates Automate the Creation of • Folders, portals, groups, roles, security rules • WebFOCUS 8.0.01 Includes Two Resource Templates: • Enterprise Domain template • SaaS Tenant Domain template

  28. Resource TemplatesSimplifying the Creation of Security Policies • The Enterprise Domain Template Creates: • 1 Domain-specific Folder, Portal, and Group • 4 Sub-groups • 21 Domain-specific Rules • 8 Configurable Roles

  29. Resource TemplatesSimplifying the Creation of Security Policies • The SaaS Tenant Template Creates the Same Things Plus • A Common folder • The EVERYONE group is hidden

  30. Resource TemplatesSimplifying the Creation of Security Policies • The template also creates the required security rules

  31. Resource TemplatesSupport Site and Roadmap • Latest Information on Templates: • Download the Policy Design Worksheet • Use this to plan your custom deployment • Roadmap: Create Your Own Templates https://techsupport.informationbuilders.com/tech /wbf/v8templates/wbf_8_resource_templates.html

  32. Private Content, Publishing, and SharingPrivate Content • All Content Initially Created as Private • Visible only to owner • Doesn’t inherit security • Administrators with Manage Private Resources can access private content • Authority to Create Private Items Outside of a My Content Folder Can be Assigned In 8.0.01 private content is indicated with a grayscale overlay on the icon

  33. Private Content, Publishing, and SharingPublishing Private Content • Authorized Users Can Publish a Private Resource • Published resources inherit security rules from parent • Create, Publish & Un-Publish are separately assignable • Contrast with Formal Change Control Model • Isolated DEV/TEST/PROD environments • Developers don’t have write access to TEST/PROD • But a Useful Alternative in SaaS Deployments • SaaS tenant developers only interact with PROD • Tenant developers can work out of view from users • Publishing completed reports is simple • IBFS paths don’t change • Consider Developing In-Place with Private Content

  34. Private Content, Publishing, and SharingMy Content Folders • End-Users Need to Create Resources in Production • This is facilitated by special My Content folders • A Folder Property Enables Support for My Content • Assignable Privilege Determines Who Gets One Private content, created and saved by a user to their My Content folder

  35. Private Content, Publishing, and SharingContent Sharing • Complete Control Over Content Sharing • Share – simple sharing determined by WebFOCUS • Share with – user determines who to share with • Configurable Policy Determines Available Users/Groups • Enhanced Shared Content View • Only Users Sharing Content are Shown Shared content Assignable sharing options

  36. Authorization MappingKey Requirement for Enterprise & SaaS Deployments • What if you Manage Authorizations in LDAP/AD via… • The user’s group memberships • A custom attribute on the user entry • Authorization Mapping is Built-in to WebFOCUS 8 Groups in AD/LDAP User Attribute in Oracle LDAP

  37. Authorization MappingKey Requirement for Enterprise & SaaS Deployments • Administrator Maps the Value to a WebFOCUS Group • Resource Templates Can Configure the Mapping Group DN or user attribute value is mapped to WF group

  38. LDAP Authorization MappingKey Requirement for Enterprise & SaaS Deployments Mapped WebFOCUS groups have a link icon User accounts are automatically created during sign-on

  39. Other Security EnhancementsPassword Policies, Auditing • For Customers Using Internal Authentication • Strong encryption for password hashes • Configurable password policies • Built-in Protection from Web Vulnerabilities • Built-in User and Administrative Activity Auditing This user Used this API To move this user [2012-05-30 08:30:13,267] INFO groups ed214e45667f0f1 thoja13 addUserToGroup SUCCESS user:smija03 (314568704) group:IBFS:/SSYS/GROUPS/Retail/Developers (614187006) Into this group

  40. Localizable Content TitlesA Complete Solution for Localized Applications Repository data can be localized User sees label based on their language preference

  41. WebFOCUS 8 Client LicenseNew for WebFOCUS 8 • Enforces Licensed Options • Features: BI Portal, InfoAssist, ReportCaster, etc. • Managed Reporting user count • InfoAssist user count (future release) • Work with Customer Support/Account Team • Make sure your site code (XXXX.nn) reflects your products

  42. Migrating to WebFOCUS 8

  43. Migrating to WebFOCUS 8Built-in Utilities to Simplify the Process • Utility Migrates 7x Content • ReportCaster Content • Managed Reporting Content • Dashboards • Dashboard Conversion to BI Portals • Not Automatic • User Experience and Policies Preserved • Identical folder structure • Identical security policy 8.0 7x

  44. Understanding a Migrated PolicyMR7x to WF8 • MR 7x users had only a single role and optionally a few extra privileges • The role was defined on the user • Migration creates a policy with this same behavior • Requires the User Default Role (UDR) Setting

  45. Understanding a Migrated PolicyMR7x to WF8 • Sets special system Roles between migrated Groups and Domain folders

  46. Understanding a Migrated PolicyMR7x to WF8 • Enables Default Role tab on the user account • Here the user’s 7x “role” and “privileges” are defined • They apply to all Domain folders

  47. Summary

  48. WebFOCUS 8 Technical OverviewSummary • Rich Portal and Tool Interfaces • Replace BI Dashboard and Java Applet UIs • Integrated Repository Based on IBFS • Unified, fully localizable repository for MR, BIP, RC • Full control of content organization and security policy • Resource Templates simplify security policy creation • Enhanced Content Publishing and Sharing • External Authorization Built-in • Migration Utilities Streamline Upgrade • WebFOCUS 8.0.01 requires 8.0.01 Report Server

  49. Thank you!

More Related