SQL Server Reporting Services: IT Best Practices
52
Think Bigger About BI
description
SQL Server Reporting Services: IT Best Practices from BI Conference 2008 by Lukasz Pawlowski and Denny Lee
Transcript of SQL Server Reporting Services: IT Best Practices
Think Bigger About BI
SQL Server Reporting Services: IT Best PracticesLukasz Pawlowski, Denny LeeMicrosoft Corporation
DBP210
Objectives
• Learn how to ensure a predictable Reporting Services deployment in your environment
• Learn about the following as relates to Reporting Services• Backup/restore • Security/authorization • Scale/performance/high availability • Upgrade
• Approach:• Provide the technical knowledge needed to make sound
decisions• Provide lessons learned from Real Customers
Takeaways
IT Pros who are new to Reporting ServicesExamples of how to use Reporting ServicesUnderstanding architecture & deploymentsProvide the knowledge building blocks needed to understand Reporting Services
IT Pros with existing deployment of Reporting ServicesMake SSRS more efficient and predictableLearn from othersValidate your workFill in any gaps in your knowledge of how SSRS works
Slide deck that is a valuable reference toolContains many tips & tricks
Detailed understanding of SSRS = sleep better at night
Agenda•Reporting Services 101
•Backup/Restore
•Security
•Monitoring and Planning
•Deployment Topology
•Upgrade
•Tribal Knowledge
Pick the right tool for the job!
People lack understanding of BI solutionsNeed to understand key requirements of the user base
E.g. ‘…they replaced pivots with SSRS, and then stumbled during deployment…’
Business Intelligence quick guideManaged & Ad-hoc Reports = Reporting ServicesDashboards = Windows SharePoint Services
Use SSRS, Excel Services, PPS to provide content
Scorecards = Performance Point Server (PPS)Analysts = Pivots = Excel Services
Reporting Services 101
Report Server
SQL Server Catalog
Report Engine
Scheduling & DeliveryRendering
Data Processing Security Delivery Targets(E-mail, SharePoint, Custom)
Security Services
Output Formats
Data Sources
RDCE
Customized RDL
Custom Report ItemCustom Visualization
SSMSReport Viewer
Web Service Proxy
Report Viewer Web Part
SharePoint
Web Services & URL Access
Reporting Services Architecture (1 of 6)
Client Application
Report Server
PublishingCreateReport
RDL
Compiled Definition
Managed Propertie
s
Report Catalog
RDL
Compiled Definition
Managed Propertie
s
RDL
Reporting Services 101How Report Publishing & Management Works
Client Application
Report Server Report Catalog
Reporting Services 101 How Report Execution Works
RSDB
Report Metadata
RDL
Compiled Definition
Managed Propertie
s
Client Application
Report Server Report Catalog
Reporting Services 101 How Report Execution Works
RSDB
RSTempDB
Report Metadata
Session
Session
Compiled Definition
“Get & Run Report”
Execution Snapshot
Report Data
Report Data
Word/Excel/HTML/PDF
Reporting Services 101 How Configuration Works
WMI Report Server Report Catalog
SSRS WMI
Provider
IIS/HTTP.SYS
Config Files
SSRS Configuration Manager
Setup
Client Application
Report Server Report Catalog
Reporting Services 101 How Secrets Management Works
RSDB
UserNamePassword
Connection StringSecret
Symmetric Key (SK)
Service Credentials (C1)
Public Key, (PubK1)
Private Key (PriK1)
PubK1(SK)
SK(Secret)
Reporting Services 101
demo
Backup/Restore
Backup/RestoreImportance Items to Backup
Critical • Report Server Databases• Symmetric Key• SharePoint Databases• Custom Extensions
Important • Configuration Files• RSTempDB• IIS Settings for RS 2005
Nice to Have • RDLs• SSL Certificates
Report Server DatabasesStandard backup/restore SQL database techniquesDo not need the content of RSTempDBDon’t forget to backup your SharePoint databases as well!Ensure RSExec Role is created when restoring DBs
Backup/Restore
Configuration files
Recover by COPYING settings into default .config filesUse RS Configuration Tool or WMI to recover:
RSDB connection information (stored encrypted)URL & SSL Settings (stored also in HTTP.SYS)
Symmetric KeyEncrypts report data source settingsUse Report Services Configuration Tool or rskeymgmt.exe to backup/restoreKeep backup in secure place and do not forget the password!
Rsreportserver.configRswebapplication.configReportingservicesservice.exe.configWeb.config (for RS & RM)
Rssvrpolicy.configRsmgrpolicy.config Machine.config
Security
Security Data and Data Sources
Start with focusing on data securityDo not expose sensitive data in data centersExpose the minimum set of data requiredAudit data access
Report data sourcesBe careful which credentials are stored in report data sources
Use read-only accounts!We wary of unnecessary use of Windows IntegratedReview credentials options to ensure report authors are not abusing user’s credentials
Use Shared Data SourcesControl connection strings & credentialsMinimize management overhead
Data level securityUse Kerberos delegation if you need end to end data security Use User!UserId in reports to identify the user within a reportParameters are not a security mechanism!
SecurityNetwork Security
Use SSLProtects report contents & credentialsPerformance is not an issue
Limit which machines can access your serverConsider IPSecBlock undesired IP address ranges
Do not use AnonymousIdentify the abusive users and prevent future abuseMinimally have one user id for each network entry point
Proxies and Authentication Persistence do not mixDisable authentication persistence if using proxies
Watch out for common cross server authentication issueshttp://support.microsoft.com/kb/871179http://support.microsoft.com/kb/896861 (Detailed blog post)
Lukasz Pawlowski
merge with subsequent
SecurityAuthentication, Authorization, & Credentials User authentication
Kerberos is better than NTLMKerberos requires setting SPNs and is harder to configure
Authentication is extensible ASP.NET Forms authentication sample Any custom authentication scheme is availableConsider infrastructure solutions like Forefront or IAG
Implement various authentication protocols (e.g. SSO)
AuthorizationUse Active Directory groups to minimize churn as users SSRS Security Roles are customizable - make them relevant to your user baseAuthorization is extensible
Credentials – Lowest Privilege PossibleService Account should be a low privilege domain accountSet the Unattended Execution Account
Allow users only the minimal permissions they needDon’t manage reports from the SSRS server box…
SecurityAuditing and Repudiation
Auditing Report AccessUse the Execution Log Table (ELT)Copy information from ELT to your own databasesStores the user, report & parameter combination as well as success/failure
Auditing all operationsUse SSRS Trace Logs with Verbose settingData Access use data source auditing
Save off Log Files to secure locationLogFile location is configurable is SSRSUse a write only location Archive log files so they are not automatically deleted
Monitoring and Planning
Lukasz Pawlowski
shrink...
Monitoring and PlanningConfiguration & Maintenance
Keep configuration settings in synchTools like IIS Manager or Service Control Manager easily get settings out of synchUse SSRS Configuration Manager or WMI Provider instead Keep a meticulous backup of IIS & ASP.NET settings that work
Extensions & Custom AssembliesDeploying extensions is tricky – back up config filesTrust authors; do security reviews
Moving reports between serversRS Scripter is widely used
Log FilesExecution Log, Trace Log, HTTP Log, Application Event Logs
Monitoring & Planning Capacity Planning & Optimization
Understand your scenarios and reportsScenarios are defined by user personas & usage patternsReports are either test reports or actual reports Tests should isolate Report Server from other systems
Reports can overload underlying data sourceDetermine which reports are most impactfulOptimize these reports – retrieve only required data
Execute Performance Tests – before production!Using Visual Studio 2005 to Perform Load Testing on a SQL Server 2005 Reporting Services Report ServerDatabase tools (SQL Profiler, sqlcmd scripts, SQL Scaler, etc.)Synthetic test tools (e.g. VSTS, Precise Insight, etc.)
Use appropriate execution options for reportsReports run “live” by defaultEnable caching for frequently run reportsExecution Snapshots are often overlooked
Can be scheduled to run in off peak hours
Monitoring & PlanningMonitoring Report Server Performance
Monitoring Report Server Performance
Task Manager, Event Viewer, Performance console
Record performance numbers for later follow up
Common AnalysisReport by user type – e.g. is the CEO’s report running quickly?Rate of failed reports and aggregate # of failuresLow usage reports should be retiredPoor performing reports should be optimized Aborted or internal errors
Windows Performance CountersCPU, Memory, disk space
Performance CountersCPU (total & service usage)I/O (page faults, read/write on disk)Memory utilization (total & service)Network I/O (read/write, send/receive, bandwidth)
RS Performance ObjectsMSRS 2008 Web Service: monitors RS performanceMSRS 2008 Windows Service: monitors scheduled operations and report deliveryReportServer:Service: monitor HTTP-related events and memory management (new)SharePoint Integrated Mode: monitor RS events in SharePoint integrated mode
System Center Operations Manager
Monitoring & Planning Execution Log Reporting
Report Catalog (RSDB) contains ExecutionLog and
ExecutionLog2Which reports are long running?Subscriptions/Interactive?Live Data or Snapshots?Balanced?Patterns for a reportHealth of Reports
Server Management Report SamplesPopulates separate tables / databaseProvides SSIS package to extract and populate dataFollow instructions to setup schema and create jobProvides three reports for you to view report activity
Server Management and Execution Log Reports
demo
Deployment Topology
Deployment TopologyConsiderations
Most common deployment is One-BoxSSRS and SQL Server Relational EngineGreat for developing and building something quick (and budget!)
Good performance & scale if not mission critical
But not so good when it comes to production deployments
Test environment should be as close to production as possibleReplicate security, configuration, hardware, software, networkClustering / High availability scenarios
Emphasize the need for performance testing Identify bottlenecks (e.g. Report Catalog, large drop downs, large reports, etc.)Do Massive Data volume testingUsing Visual Studio 2005 to Perform Load Testing on a SQL Server 2005 Reporting Services Report Server
Protect your underlying data sources!Reports can cause significant load on report data sourcesPlanning for reporting load up front will save you time
Report Catalog
Reporting Data
Deployment TopologyOne Box Deployment
RSDB
Flat Files,OLE DB,ODBC
SQL, AS,DB2, Oracle,
Teradata, etc.
Report Server
RS Server
Clients
Clients
Clients
Report Catalog
Reporting Data
Deployment TopologyRemote Report Catalog = Higher Scalability
SSRS
RSDB
Flat Files,OLE DB,ODBC
SQL, AS,DB2, Oracle,
Teradata, etc.
RS Server
Report Server
Clients
Clients
Clients
Report Catalog
RSDBPassive
Reporting Data
Deployment TopologyScale-Out & High Availability Architecture
SSRS
Sca
le O
ut D
eplo
ymen
tRSDB
Flat Files,OLE DB,ODBC
SQL, AS,DB2, Oracle,
Teradata, etc.
RS Server
RS Server
RS Server
Report Server
NLB
Clients
Clients
Clients
1
2
N
1
Failover Cluster
Cust
om A
pplic
ation
Far
m
RS Server
RS Server
RS Server
Report Catalog
Reporting Data
Deployment TopologyCustom Application Tiered Architecture
SSRS
Sca
le O
ut D
eplo
ymen
tRSDB
Flat Files,OLE DB,ODBC
SQL, AS,DB2, Oracle,
Teradata, etc.
RS Server
RS Server
RS Server
Report Server
Clients
Clients
Clients
1
2
N
1
NLB NLB
App
App
App
Deployment TopologyDisaster Recovery
RSDB
Content Switch
RSDBAsyncMirroring
Passive
RSDB
Primary Data Center DR Site
SSRSSSRS
Manual Failover
Automatic Failover
Failover ClusterAutomatic
Failover
Deployment TopologyScale, High Availability, and Disaster Recovery
ScalabilityRemote Report Catalog SSRS 2008 can scale up significantly before needing to scale out
Scale up SSRS 2008 to 16 cores; Scale up SSRS 2005 to 4 cores
Scale-out SSRS 2008 or 2005 to increase throughputVirtualization works well on larger hardware
Scaling Up Reporting Services 2008 vs. Reporting Services 2005: Lessons Learned
High Availability Scale-out Report ServerFailover Cluster Report Catalog
Disaster RecoveryScale-out Report Servers to include a DR site
Stop/disable the Report Server services to prevent them doing work
Mirror/Log Ship Report Catalog data to the DR siteWill need to manually fail over to this database serverDatabase Mirroring and Log Shipping Working Together
Deployment TopologySharePoint Integrated Mode
Great for overall portal and collaboration experienceInformation Workers access reports like any Office document
Reports, data sources, report models are stored in document librariesShared security model Features Supported by Reporting Services in SharePoint Integrated Mode
Supports Windows SharePoint Services 3.0 or Office SharePoint Server 2007
Report Metadata is stored in WSS Content DB
Configuration can be a challengeRead the White Paper: SQL Server Reporting Services integration with SharePoint Products and TechnologiesRead the documentation: Configuring Reporting Services
Use Trusted Account modeAllows Windows users to access SharePoint DOES NOT require Kerberos delegation for the deploymentNo loss of functionality if using stored credentials in data sources
Lukasz Pawlowski
add link to TA mode definition
Report Catalog
Reporting Data
Deployment TopologySharePoint Integrated Mode
SSRS
RSDB
Flat Files,OLE DB,ODBC
SQL, AS,DB2, Oracle,
Teradata, etc.
RS Server
Report Server
Clients
Clients
Clients
SharePoint Content &Configuration
RSDB
Shae
rePo
int F
arm
NLB NLBRS ServerWFE
WSS DBs
Deployment TopologyExtranet or Internet Deployment
Custom Application
Reporting Services
RSDB
Sensitive Data
Corporate
ReplicateNon-sensitive
Data
• Firewalls throughout environment to protect data• Point of entry: custom application• Point of entry: enforce access rights•Internet users can query read-only data replicated and cleansed from original data source• Good reference: Planning for Extranet or Internet Deployment
Read-OnlyData
Upgrade
Upgrade
Pre-Upgrade Check listUpgrade AdvisorBackup/Restore encryption keysBackup configuration filesMove databasesBackup customizations (especially extensions)
SSRS 2008 does not use IISUpgrade automatically ports IIS settings
All published reports continue to run after an upgrade
RS CatalogsUpgrading SSRS usually means DB schema changes
Before upgrading, plan for roll backUpgrading a Reporting Server DatabaseIn a scale-out all servers must be at same patch level
Considerations for Upgrading Reporting Services
Upgrade Extensions & Custom Assemblies
Custom extensionsNot all are supportedNeed to re-write custom rendering extensions using new Rendering Object ModelSecurity and Rendering extensions block upgrade
Unconfigure the extension, upgrade, then reconfigure extensionBlocking behavior prevents broken servers after upgrade and unexpected development costs due to upgrade
Inventory & test extensions before upgradeSave configuration settings for extensionsEnsure reports using extensions are actually workingFind problems with extension configuration quickly
Move extensions & assemblies after upgradeMajor Version upgrade creates a new installation folderExtensions and assemblies are not moved by upgrade
Tribal Knowledge
Tips for Saving You Time
Tribal KnowledgeOverview
Tips & Tricks Blogs & ResourcesFirst steps after installScriptingReport DesignReport Parameters Managing Subscriptions
Blogs & Resources
CodePlex – Samples!http://www.codeplex.com/
Blogshttp://blogs.msdn.com/sqlrsteamblog/ http://blogs.msdn.com/lukaszp/
www.sqlcat.com
MSDN documentationhttp://msdn.microsoft.com/en-us/library/bb545450.aspx
Forumshttp://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=82&SiteID=1
Connect feedbackhttp://connect.microsoft.com/
SSRS White Papershttp://www.microsoft.com/sql/technologies/reporting/whitepapers.mspx
First steps after install Cheat Sheet
Verify configurationUse SSRS Configuration Manager to view settings
Provision users Explicitly grant security roles to users on folders Grant Content Manager and System Admin roles
Required on Vista & Windows Server 2008
Ensure browsers are configured correctly on local boxAdd RS & RM URLs to IE Trusted Sites on SSRS computer
Required for Vista & Windows Server 2008Add NTLM auto send enabled in FireFox & Safari
Verify SSRS is workingView Report Server & Report ManagerCreate a shared data sourceRun a reportLogin as a low privilege user
Execute your backup strategySymmetric key back up is essential
Scripting Utility
Rs.exe is the scripting utility for SSRS
Executes VB.Net scriptsNo need to compile
Exposes the SSRS Web Service endpoints
Allows for automating repetitive tasksEg. Moving reports from one server to another
Sampleshttp://www.codeplex.com/MSFTRSProdSamples
Report Design for IT Pros
Before starting to build reports:Ensure you have the targeted report export formats identified
The design of each report will change how ell it exports to various render formats
Plan your report logicBuild Functions or Custom Assemblies to standardize report logicAllow you to be operationally efficient
Use parameters and filteringFew generic reports = easier maintenance
Page breaks on hidden items are ignored
Report Parameters for IT Pros
Parameter values queries can cause significant load on report
data sourcesDesign materialized views that reduce query loadOptimize data sets used for parameter valuesParameter values queries execute many more times than report queries
Use hidden and internal parameters to validate user inputDesign a report with parameters A & B; B is hidden/internal Let parameter A be set by the userIn the report have all expressions use parameter BSet the value of parameter B based on the value of parameter A
Report Server manages parameter values After a report is deployed, the server stores a copy of parameters and their valuesChanging parameter values in Report Designer and re-deploying DOES NOT update server parameter values
Managing Subscriptions
Use the subscription management reportshttp://blogs.msdn.com/lukaszp/archive/2007/08/01/monitoring-subcription-status-new-reports.aspx
Users will all pick different times to run their
subscriptionsEnsure your system can handle this loadMay want to deploy dedicated subscription processing servers
Sometimes need custom schedulerGenerateEvent API can trigger a subscription
Call the method from an SSIS packageBuild a process to monitor a file location
Build a custom scheduling engine
Delivery failures are in the trace logs
Summary
In the words of our Customers:‘SSRS is easy to deploy and out of the box’‘SSRS 2008 makes deployment easier’‘Web service provides interoperability’“If you want to do things not in the box, there are a lot of ways to extend SSRS.”
“Generally, there is a way to accomplish goals”
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
