WebFOCUS 8: Technical Overview
Jim ThorstadTechnical Director, WebFOCUS Product Management
1
Agenda
Introducing WebFOCUS 8ArchitectureSecurity ModelEnhancement HighlightsMigrating to WebFOCUS 8
2
Introducing WebFOCUS 8
3
What is WebFOCUS 8?Understanding Middle‐tier vs. Server‐tier Components
WebFOCUS 8 Updates the Middle‐tier
WebFOCUS Client
Managed Reporting
WebFOCUS Report Managed Reporting
ReportCaster
BI P l/D hb d
pServer
BI Portal/DashboardUsers Data
Report Server 7.7.04+WebFOCUS 8.0
4
Why Did We Create WebFOCUS 8?A Strategic Platform Initiative
WebFOCUS 8 Supports Information BuildersCustomers Across Four Key Markets
Enterprise Small
Customers Across Four Key Markets
EnterpriseBI SaaS
SmallBusiness
W bFOCUS IBM DB2
OEM
WebFOCUS ExpressTMWebFOCUS Version 8
IBM DB2 Web QueryTM
WebFOCUS Version 8 Platform
5
Why Did We Create WebFOCUS 8?What’s Common Across these Markets?
E t i BIA rich customizable portalA rich customizable portal
Enterprise BI
SaaSEasy to use toolsEasy to use tools
SaaS
WF ExpressA fine‐grained security modelA fine‐grained security model
Web QueryIntegrate with external systemsIntegrate with external systems
WebFOCUS 8 Platform
Easy to administerEasy to administer
A migration pathA migration pathA migration pathA migration path
6
What is Included in WebFOCUS 8Marquee Features
WebFOCUS Client and Managed Reporting Integrated repositoryg p yFine‐grained security modelExternal security integration
Business Intelligence PortalRich interface for content & collaborationDrag‐and drop and live previewPage‐level security
7
What is Included in WebFOCUS 8Marquee Features
InfoAssistRich interface for creating reports & graphsg p g pRibbon‐style interface replaces Java appletHTML5 charts and a dozen new features
ReportCasterFull integration with WebFOCUS 8gRibbon‐style interface replaces Java appletGroup schedule administration
8
What’s New in WebFOCUS Report Server 7.7.04Released April 2012
Ribbon‐based ConsoleOver 110 Enhancements Language (22)Active Technology (6)Server and Console (29)Server and Console (29)Adapters (30)DataMigrator (19)Resource Analyzer/Gov (5)
Required by WebFOCUS 8.0
http://documentation informationbuilders com/
9
http://documentation.informationbuilders.com/masterindex/html/html_wf_7704/snfhilit/snfhilit.pdf
WebFOCUS 8 Architecture
10
WebFOCUS 8 ArchitectureIntegrated Repository
WebFOCUS Client WebFOCUS Report ServerManaged Reporting
BI Portal
Report Server
ReportCaster
MetadataUploaded Data
UsersGroups
ReportsSchedules
Application WebFOCUS 8
Security Content
11
DirectoriesRepository
WebFOCUS 8 ArchitectureContent is Accessed via the IBFS Service Layer
RC Distribution Server
ervice Core WF
MR/BIP/RC
IBFS Service Layer
HTTP
Se
ReportCaster uses an IBFS Service API to
H access report procedures in the repository
WebFOCUS 8
Eliminates problematic HTTP requests to the web tier
Repository
1
web tier
Information Builders File SystemWebFOCUS 8 Architecture Is Built Around IBFS IBFS Service Layer – Internal Subsystem IBFS Path – an Object Addressing Scheme
IBFS paths used in drill‐down links, schedules, security rules
F b k d ibili i d
13
For backward compatibility, migrated content can still be accessed via HREF properties
Information Builders File SystemIBFS is All‐Encompassing
IBFS Used to ReferenceReports, portal pages Schedules outputSchedules, outputUsers, groupsReport Servers
IBFS governs access to
everythingpIBFS is Hierarchical and EnablesSecurity policy inheritanceGroup nestingFull control over content organizationorganization
14
Information Builders File SystemIBFS Enables Full Control of Content Organization
Mandatory folders in 7x are migrated “as is”migrated as is
… but are no longer required in 8.0
Reports, reporting objects, and library
output can be pdeployed in the
same folder
Folder depth not limited to one sub‐folder
15
WebFOCUS 8 High‐level ArchitectureRunning Report Requests
ReportCaster runs scheduled reports through JLINKWebFOCUS runs interactive requests through IBFS
RC Distribution Server
ervice Core WF
MR/BIP/RC
IBFS Service LayerTT
P Se JLINK
Layer
HT ScheduledJobs
Web R t
W bFOCUS 8 W bFOCUS
Requests
WebFOCUS 8 Repository
WebFOCUS Report Server
1
WebFOCUS 8 High‐level ArchitectureMoving ReportCaster Distribution Server Off JLINK
RC Distribution S
On the RoadmapEnables Passing of WF8 Groups to
Server
IBFS Service the ServerUse server group profiles with scheduled jobs
Layer
Scheduled
sc edu ed jobs IBI_WFRS_Passthrough_Groups=ALL
Enables site.wfs Processing ScheduledJobs
g <set> wfvariable (pass) Use WF Variables in scheduled jobs
WebFOCUSWebFOCUS Report Server
1
WebFOCUS 8 Security Model
18
Why a New Security Model?Customer Feedback Related to WebFOCUS 7x
Managed Reporting Role Security was LimitingOnly 5 base roles and 9 permissionsOne role for all DomainsOne role for all Domains
Domain Security Model was LimitingCouldn’t customize security on sub‐foldersCouldn t customize security on sub‐folders
Content Sharing was LimitingCouldn’t share with specific peopleCouldn t share with specific people
Challenging for Multi‐tenancy SaaS DeploymentsCouldn’t allow sharing in a common Domain—user’s would see content from other tenantsDilemma: abandon common domain or drop sharing?
19
WebFOCUS 8 Addresses These Challenges!
WebFOCUS 8 Security ModelKey Concepts
Security Rule, which Binds Together…Subjects – objects that can be authorizedPermissions capabilities that can be assignedPermissions – capabilities that can be assignedResources – objects that can be securedAccess – type of the rule: permit, deny, etc.yp p , y,Apply To – scope of the rule: folder, folder & children, children only
Permission Set – Collection of PermissionsSimplifies Rule Creation
S it P li C ll ti f S it R lSecurity Policy – Collection of Security RulesEffective Policy – Evaluation of the Security PolicyBob has permissions A B C on resource XBob has permissions A, B, C on resource X
20
WebFOCUS 8 Security ModelUnderstanding Group Membership
Policy Evaluation Includes Processing of a User’s:Explicitly assigned groups I li it Implicit groups • Bob is assigned to the
Sales Basic Users group• Sales Basic Users is• Sales Basic Users is nested under Sales
• Bob implicitly belongs p y gto Sales
• Rules associated with both groups apply to Bobboth groups apply to Bob
21
Bob
WebFOCUS 8 Security ModelSimple Security Policy with 3 Rules
Subject Action Permission Set Resource ScopeSubject Action Permission Set Resource Scope
Sales Group Permitted ShareWithGroup Sales Group Folder & Children
SalesD l
Permitted Developer Role Sales Folder Folder & ChildrenDevelopers
Sales Group Administrators
Permitted Manage Groups Sales Group Folder & Children
Note that groups (and users) are unique i th t th b b th S bj t din that they can be both Subjects and Resources
22
WebFOCUS 8 Security ModelWebFOCUS 8 Security Center – Users & Groups Tab
23
WebFOCUS 8 Security ModelWebFOCUS 8 Security Center – Permission Sets Tab
24
WebFOCUS 8 Security ModelCreating Security Rules
Select any IBFS resource and then clickSecurity > Rules…
25
WebFOCUS 8 Security ModelCreating Security Rules – Security Rules Dialog
Dialog shows the resourceYou select a
subject
the resource
j
Then the permission set, access type and yp
scope
Click OK to
26
Click OK tocreate the rule(s)
WebFOCUS 8 Security ModelSecurity > Rules on this Resource…
Rules on this Resource dialog answers the question:
27
g q“Who has access to this resource?”
WebFOCUS 8 Security ModelWebFOCUS 8 Global Groups
Consider Using Global Groups Carefully
Through inheritance global groups have access to everythingaccess to everything in the repository
28
WebFOCUS 8 Security ModelBenefits
Flexible Security ModelOver 150 assignable permissionsC d l t i i tCan develop custom permission sets
Sub‐Groups and Inheritance Simplify Policy CreationfEasy to Use Tools to Create and Verify Security Policies
Makes it Possible to Support Many Different D l t R i tDeployment Requirements
29
WebFOCUS 8 Enhancement Highlights
30
WebFOCUS 8 Enhancement Highlights
Resource TemplatesPrivate Content, Publishing, and Content SharingLocalizationLicensingAuthorization Mapping
31
Resource TemplatesThe Deployment Challenges Facing Administrators
What are our security requirements?How do I design and implement a security policy?How long will it take to create security rules?What best practices should I be aware of?Where do I start?
32
Resource TemplatesSimplifying the Creation of Security Policies
Resource Templates Automate the Creation ofGroups, resources, permission sets, security rulesf ld d l l Information Builders Provides Sample TemplatesPredefined policies for specific business requirementsBest practice policy designBest practice policy designGood place to start
The DomainThe Domaintemplates prompt for
name & titlename & title
33
Select a template
Resource TemplatesSimplifying the Creation of Security Policies
34
The template creates predefined folders, groups, and permission sets
Resource TemplatesSimplifying the Creation of Security Policies
35
… and security rules
Resource TemplatesSupport Site and Roadmap
Latest Templates Available on Support:
https://techsupport.informationbuilders.com/tech
Available Templates
/wbf/v8templates/wbf_8_resource_templates.html
Updated Domain templatesSaaS‐oriented templates h l l dEach Template IncludesDocument with business requirements, installation stepsPolicy design worksheet that describes rule definitionsPolicy design worksheet that describes rule definitions and permission sets
Create Your Own Templates in 8.0.01
36
p
Private Content, Publishing, and SharingFully Configurable My Content Folders
Folder Property Enables Support for My Content
Assignable Permission Determines Who Gets One
Private content, created and saved by a user toand saved by a user to their My Content folder
37
Private Content, Publishing, and SharingPrivate Content: Simplified Content Deployment
All Content Initially Created as PrivateDoesn’t inherit security rules from aboveVisible only to ownerVisible only to ownerAdministrators with Manage Private Resources can access private contentp
Authorized Users Can Create New Content “In‐Place”
Private content, created by a developer is y pdisplayed in a non‐bold font style
38
Private content is not visible to users
Private Content, Publishing, and SharingPublishing Private Content
Published Items Become System‐Managed Inherit security rules from aboveCreate Publish & Un Publish are separately assignableCreate, Publish & Un‐Publish are separately assignable
Offers Flexible Alternatives to Formal Change Control That require isolated DEV/TEST/PROD environmentsThat require isolated DEV/TEST/PROD environments
Particularly Useful in SaaS DeploymentsFormal change control not practicalFormal change control not practicalTenant developers can work out of view from usersPublishing to users is simple IBFS paths don’t change
Consider Developing In‐Place with Private Content
39
Private Content, Publishing, and SharingContent Sharing Enhancements
Complete Control Over Content Sharing Share – simple sharing determined by WebFOCUS Share with user determines who to share withShare with – user determines who to share with
Configurable Policy Determines Available Users/Groups
h d h d iEnhanced Shared Content ViewOnly Users with Shared Content are Displayed
Shared content
Assignable
40
Assignable sharing options
Other Security Enhancements
For Customers Using Internal AuthenticationStrong Encryption for PasswordsConfigurable Password PoliciesConfigurable Password Policies
Built‐in User and Administrative Activity Auditing
This user
Used this API
To move this user
[2012-05-30 08:30:13,267] INFO groups ed214e45667f0f1
thoja13 addUserToGroup SUCCESS user:smija03 (314568704)thoja13 addUserToGroup SUCCESS user:smija03 (314568704)
group:IBFS:/SSYS/GROUPS/Retail/Developers (614187006)
41
Into this group
Authorization MappingKey Requirement for Enterprise & SaaS Deployments
What If We Use LDAP/AD for Authorization?The user’s group membershipsA custom attribute on the user entryA custom attribute on the user entry
LDAP/AD Authorization Mapping is Built‐in to WebFOCUS 8
LDAP/AD Groups User Attribute
42
LDAP/AD Groups User Attribute
Authorization MappingLDAP/AD Authorization Mapping Built‐in to WebFOCUS 8
Administrator Maps the Value to a WebFOCUS GroupResource Templates Can Configure the Mapping (8.0.01)
Group DN or attribute value is mapped tovalue is mapped to WF group
43
LDAP Authorization MappingPowerful Integration for Enterprise & SaaS Deployments
Mapped WebFOCUS gro ps ha e a link icongroups have a link icon
User accounts are automatically created during sign-on
44
Localizable Content TitlesA Complete Solution for Localized Applications
Repository data can be localized
User sees label based on theirbased on their language preference
45
WebFOCUS 8 Client LicenseNew for WebFOCUS 8
Enforces Licensed OptionsFeatures: BI Portal, InfoAssist, ReportCaster, etc.M d R ti tManaged Reporting user count InfoAssist user count (future release)
Work with Customer Support/Account TeamWork with Customer Support/Account TeamMake sure your site code (XXXX.nn) reflects your products
46
Migrating to WebFOCUS 8
47
Migrating to WebFOCUS 8Built‐in Utilities to Simplify the Process
Utility Migrates 7x ContentReportCaster ContentManaged Reporting ContentManaged Reporting ContentDashboards
Dashboard Conversion to BI PortalsDashboard Conversion to BI PortalsNot Automatic
User Experience and Policies Preservedp Identical folder structure Identical security policy
48
Migrating to WebFOCUS 8Understanding the Security Policy for Migrated Content
7x Security Policies are Replicated in WebFOCUS 8.0The User Default Role feature is enabledS i l U D f l R l (UDR) R l C
Special permission sets
Special User Default Role (UDR) Rules Connect Migrated Groups to Migrated Domain folders
Special permission sets are configured on the user
User Default Role tab is
enabled
49
Migrating to WebFOCUS 8Managed Reporting Realm Driver
WebFOCUS 8 Does Not Include Realm Driver External authentication & authorization support is built‐in
U i R l D i f A h i i O l ?Using Realm Driver for Authentication Only? Simply configure authentication in WebFOCUS 8 Console
50
Migrating to WebFOCUS 8Managed Reporting Realm Driver Configurations
Using Realm Driver for Authorization? During migration, external authorization data is read UDR security policies are createdUDR security policies are created Effective security policy is identical after migration However, WebFOCUS 8 no longer looks at external data
51
Migrating to WebFOCUS 8Managed Reporting Realm Driver Migration Planning
What If I Need to Authorizing to External Data?LDAP or Active Directory Switch to the LDAP mapping feature
RDBMS SQL updates to WebFOCUS 8 repository not supported SQL updates to WebFOCUS 8 repository not supported RDBMS mapping feature (8.0.01/.02)Use RESTful web services (8.0.01)
Custom Security Java plug‐in interface for authN/authZ mapping (8.0.01/.02)
Please create a support case to get assistance with any migration topic
52
to get assistance with any migration topic
Summary
53
WebFOCUS 8 Technical OverviewSummary
Rich Portal and Tool InterfacesReplace Dashboard and Java Applet UIs
Integrated Repository Based on IBFSSingle fully localizable repository for MR, BIP, RCFull control of content organization and security policyFull control of content organization and security policyResource templates simplify security policy creation
Enhanced Content Publishing and Sharingg gExternal Authorization Built‐inRequires 7 7 04 Report ServerRequires 7.7.04 Report ServerMigration Utilities Streamline Upgrade
54
Venus Transit Across the Sun Tuesday Night@SunsetNext time to see this is 2117
55
Bring some paper with a pin-hole in it!
56
Top Related