WebFOCUS 8: Technical Overview

sunfloweremryologistData Management

Oct 31, 2013 (3 years and 11 months ago)

765 views

Jim Thorstad

Technical Director, WebFOCUS
Product Management

WebFOCUS 8: Technical Overview

1

July 2012 Update

Agenda


Introducing WebFOCUS 8


Architecture


Security Model


Enhancement Highlights


Migrating to WebFOCUS 8

2

Introducing WebFOCUS 8

3

What is WebFOCUS 8?

Understanding Middle
-
tier vs. Server
-
tier Components

4

WebFOCUS Client

Managed Reporting

ReportCaster

BI Portal/Dashboard

WebFOCUS
Report
Server

Report Server 7.7.04

+

Users

Data

WebFOCUS 8.0.00

WebFOCUS 8 Updates the Middle
-
tier

Why Did We Create WebFOCUS 8?

A Strategic Platform Initiative

5

Enterprise

BI

SaaS

Small

Business

WebFOCUS
Express
TM

WebFOCUS 8 Supports Information Builders

Customers Across Four Key Markets

WebFOCUS Version 8

WebFOCUS Version 8 Platform




IBM DB2
Web Query
TM

OEM

Why Did We Create WebFOCUS 8?

What’s Common Across these Markets?














WebFOCUS

8
Platform

Enterprise BI

SaaS

WF Express

Web Query

A rich customizable portal

Easy to use tools

A fine
-
grained security model

Integrate with external systems

Easy to administer

A migration path

6


WebFOCUS Client and Managed Reporting


Integrated
repository


Fine
-
grained security
model


External security integration


What is Included in WebFOCUS 8

Marquee Features


Business Intelligence Portal


Rich interface for content
&
collaboration


Drag
-
and
drop and live
preview


Page
-
level
security



7


InfoAssist


Rich interface for creating reports & graphs


Ribbon
-
style
interface replaces Java applet


HTML5 charts and a dozen new features


What is Included in WebFOCUS 8

Marquee Features


ReportCaster


Full
integration with WebFOCUS 8


Ribbon
-
style interface replaces Java applet


Group schedule administration



8

What’s New in WebFOCUS Report Server 7.7.04

Released April 2012


Ribbon
-
based Console


Over 110 Enhancements


Language (22)


Active Technology (6)


Server and Console (29)


Adapters (30)


DataMigrator

(19)


Resource Analyzer/
Gov

(5)


Required by WebFOCUS 8.0

9

http://documentation.informationbuilders.com
/



masterindex
/html/html_wf_7704/
snfhilit
/snfhilit.pdf

WebFOCUS 8 Architecture

10

WebFOCUS 8 Architecture

Integrated Repository

11

Application
Directories

Metadata

Uploaded Data

WebFOCUS 8
Repository

WebFOCUS Client

Managed Reporting

BI Portal

ReportCaster

WebFOCUS
Report Server

Users

Groups

Security

Reports

Schedules

Content





RC Distribution
Server

WebFOCUS 8 Architecture

Content is Accessed via the IBFS Service Layer

WebFOCUS 8
Repository



IBFS Service
Layer

HTTP Service

1
2

Core WF

MR/BIP/RC

ReportCaster uses an
IBFS Service API to
access report
procedures in the
repository

Eliminates problematic
HTTP
requests to
the
web tier

Information Builders File System

WebFOCUS 8 Architecture Is Built Around IBFS


IBFS Service Layer


Internal Subsystem


IBFS
Path


an Object Addressing Scheme

13

IBFS paths used in drill
-
down links,
schedules, security rules

For backward compatibility, migrated
content can still be accessed via HREF
properties

Information
Builders File System

IBFS is All
-
Encompassing


IBFS Used to Reference


Reports, portal pages


Schedules
,
output


Users, groups


Report Servers

14

IBFS governs
access to
everything


IBFS is Hierarchical and Enables


Security policy inheritance


Group nesting


Full control over content
organization

Information
Builders File System

IBFS Enables Full Control of Content Organization

15

Mandatory folders
in 7x are
migrated “as is”

… but are no longer
required in 8.0

Reports, reporting
objects, and library
output can be
deployed in the
same folder

Folder depth not limited to
one sub
-
folder




RC Distribution
Server

WebFOCUS 8 High
-
level Architecture

Running Report Requests

WebFOCUS 8
Repository



IBFS Service
Layer

HTTP Service

JLINK

WebFOCUS
Report Server

Scheduled


Jobs

Web
Requests

1
6

Core WF

MR/BIP/RC

ReportCaster runs scheduled reports through JLINK

WebFOCUS runs interactive requests through IBFS




RC Distribution
Server

WebFOCUS 8 High
-
level Architecture

Moving ReportCaster Distribution Server Off JLINK

IBFS Service
Layer

WebFOCUS
Report Server

Scheduled


Jobs

1
7


On the Roadmap (post 8.0.01)


Enables Passing of WF8 Groups to
the Server


Use server group profiles with
scheduled jobs


IBI_WFRS_Passthrough_Groups
=ALL


Enables
site.wfs

Processing


<set>
wfvariable

(pass)


Use WF Variables in scheduled jobs

WebFOCUS 8 Security Model

18

Why a New Security Model?

Customer Feedback Related to WebFOCUS 7x


Managed Reporting Role Security was Limiting


Only 5 base roles and 9 permissions


One role for all Domains


Domain Security Model was Limiting


Couldn’t customize security on sub
-
folders


Content Sharing was Limiting


Couldn’t share with specific people


Challenging for Multi
-
tenancy SaaS Deployments


Couldn’t allow sharing in a common Domain

user’s
would see content from other tenants


Dilemma: abandon common domain or drop sharing?

19

WebFOCUS 8 Addresses These Challenges!



WebFOCUS 8 Security Model

Key Concepts


Security
Rule, which Binds Together…


Subjects


objects that can be authorized


Permissions


capabilities that can be assigned


Resources


objects that can be secured


Access


type of the rule: permit, deny, etc.


Apply To


scope of the rule: folder, folder & children,
children only


Permission Set


Collection of Permissions


Simplifies Rule Creation


Security Policy


Collection of Security Rules


Effective Policy


Evaluation

of the Security Policy


Bob has permissions A, B, C on resource X

20

WebFOCUS 8 Security Model


Understanding Group Membership


Policy Evaluation Includes Processing of a User’s:


Explicitly assigned

groups


Implicit

groups

21


Bob is assigned to the
Sales Basic Users
group

Bob


Sales Basic Users
is
nested under
Sales


Bob
implicitly

belongs
to Sales


Rules associated with
both groups apply to Bob

WebFOCUS 8 Security
Model


Simple Security Policy with 3 Rules

22

Subject

Action

Permission Set

Resource

Scope

Sales Group

Permitted

ShareWithGroup

Sales Group

Folder &

Children

Sales

Developers

Permitted

Developer Role

Sales Folder

Folder &

Children

Sales Group
Administrators

Permitted

Manage Groups

Sales Group

Folder &

Children

Note that groups (and users) are unique
in that they can be both
Subjects

and
Resources

WebFOCUS 8 Security
Model


WebFOCUS 8 Security Center


Users & Groups Tab

23

WebFOCUS 8 Security
Model


WebFOCUS 8 Security
Center


Permission Sets Tab

24

WebFOCUS 8 Security Model


Creating Security Rules

25

Select any IBFS resource
and then click

Security > Rules…

WebFOCUS 8 Security Model


Creating Security Rules


Security Rules Dialog

26

You select a
subject

Dialog shows
the resource

Then the
permission
s
et,
access type and
scope

Click OK to

create the rule(s)

WebFOCUS 8 Security
Model


Security > Rules on this Resource…

27

Rules on this Resource
dialog answers the question:
“Who has access to this resource?”

WebFOCUS 8 Security Model

WebFOCUS 8 Global Groups

28


Consider Using Global Groups Carefully




Through inheritance
global groups have
access to everything
in the repository

WebFOCUS 8 Security Model


Benefits

29



Flexible Security Model


Over 150 assignable permissions


Can develop custom permission sets


Sub
-
Groups and Inheritance Simplify Policy Creation


Easy to Use Tools to Create and Verify Security Policies


Makes it Possible to Support Many Different
Deployment Requirements






WebFOCUS 8 Enhancement Highlights

30

WebFOCUS 8 Enhancement Highlights

31


Resource Templates


Private Content, Publishing, and Content Sharing


Localization


Licensing


Authorization Mapping





Resource Templates

The
Deployment Challenges
Facing Administrators

32


What are our security requirements?


How do I design and implement a security policy?


How long will it take to create security rules?


What best practices should I be aware of?


Where do I start?




Resource Templates

Simplifying the Creation of Security Policies

33


Resource Templates Automate the Creation of


Groups, resources, permission sets, security rules


Information Builders Provides Sample Templates


Predefined policies for specific business requirements


Best practice policy design


Good place to start



The
Domain

templates
prompt for
name & title

Select a
template

34

Resource Templates

Simplifying the Creation of Security Policies

The template creates predefined folders, groups, and
permission sets

35

Resource Templates

Simplifying the Creation of Security Policies

… and security rules

Resource Templates

Support Site and Roadmap

36


Latest Templates Available on Support:




Available Templates


Updated Domain templates


SaaS
-
oriented templates


Each
T
emplate Includes


Release Notes with installation steps, limitations


Policy design worksheet that describes rule definitions
and permission sets


Create Your Own Templates


Plan to document the process in 8.0.01

https://
techsupport.informationbuilders.com/tech



/
wbf
/v8templates/wbf_8_resource_templates.html

Private Content, Publishing, and Sharing

Fully Configurable My Content Folders

37


Folder Property Enables Support for My Content



Assignable Permission Determines Who Gets One

Private content, created
and saved by a user to
their
My Content
folder

Private Content, Publishing, and Sharing

Private Content: Simplified Content Deployment

38


All Content Initially Created as
Private


Doesn’t inherit security rules from above


Visible only to owner


Administrators with
Manage Private Resources
can
access private content


Authorized Users Can Create New Content “In
-
Place”

In 8.0.00 private content,
created by a developer is
displayed in a
non
-
bold font

Private Content, Publishing, and Sharing

Private Content: Simplified Content Deployment

39


All Content Initially Created as
Private


Doesn’t inherit security rules from above


Visible only to owner


Administrators with
Manage Private Resources
can
access private content


Authorized Users Can Create New Content “In
-
Place”

In 8.0.
01

all content is non
-
bold
and private content is indicated
with a
grayscale overlay

on the
icon

Private Content, Publishing, and Sharing

Publishing Private Content

40


Published Items Become System
-
Managed


Inherit security rules from above


Create, Publish
&
Un
-
Publish

are separately assignable


Offers Flexible Alternatives to Formal Change Control


That require isolated
DEV/TEST/PROD

environments


Particularly Useful in SaaS Deployments


Formal change control not practical


Tenant developers can work out of view from users


Publishing to users is simple


IBFS paths don’t change


Consider
Developing In
-
Place with Private Content


Private Content, Publishing, and Sharing

Content Sharing Enhancements

41


Complete Control Over Content Sharing


Share



simple sharing determined by WebFOCUS


Share with


user determines who to share with


Configurable Policy Determines Available Users/Groups

Shared
content

Assignable
sharing
options


Enhanced
Shared Content View


Only Users with Shared Content are Displayed

Other Security Enhancements


For Customers Using Internal Authentication


Strong Encryption for Passwords


Configurable Password Policies


Built
-
in User and Administrative Activity Auditing

42

[2012
-
05
-
30 08:30:13,267] INFO groups
ed214e45667f0f1



thoja13
addUserToGroup

SUCCESS user:smija03 (314568704)



group:IBFS
:/SSYS/GROUPS/Retail/Developers (614187006)

This
user

Used
this API

To move
this user

Into this group

Authorization Mapping

Key Requirement for Enterprise & SaaS Deployments

43


What If We Use LDAP/AD for Authorization?


The user’s group memberships


A custom attribute on the user entry

LDAP/AD Groups

User Attribute


LDAP/AD Authorization Mapping is Built
-
in to WebFOCUS 8


Authorization Mapping

LDAP/AD Authorization
Mapping
Built
-
in
to WebFOCUS
8

44


Administrator Maps the Value to a WebFOCUS Group


Resource Templates Can Configure the Mapping (
8.0.01
)


Group DN or attribute
value is mapped to
WF group

LDAP Authorization Mapping

Powerful Integration for Enterprise & SaaS Deployments

45

User accounts are
automatically
created during
sign
-
on

Mapped WebFOCUS
groups have a link icon

Localizable Content Titles

A Complete Solution for Localized Applications

46

User sees label
based on their
language
preference

Repository data
can be localized

WebFOCUS 8 Client License

New for WebFOCUS 8

47


Enforces Licensed Options


Features: BI Portal, InfoAssist, ReportCaster, etc.


Managed Reporting user count


InfoAssist user count (future release)


Work with Customer Support/Account Team


Make sure your site code (
XXXX.nn
) reflects your products


Migrating to WebFOCUS 8

48

Migrating to WebFOCUS 8

Built
-
in Utilities to Simplify the Process


Utility Migrates 7x Content


ReportCaster Content


Managed Reporting Content


Dashboards


Dashboard Conversion to BI Portals


Not Automatic


User Experience and Policies Preserved


Identical folder structure


Identical security policy

49

Migrating to WebFOCUS 8

Understanding the Security Policy for Migrated Content

50


7x Security Policies are Replicated in WebFOCUS 8.0


The
User Default Role feature is e
nabled

User Default
Role
tab is
enabled

Special permission sets
are configured on the user


Special
User Default Role
(UDR) Rules Connect

Migrated Groups to Migrated Domain folders


Migrating to WebFOCUS 8

Managed Reporting Realm Driver


WebFOCUS 8 Does Not Include Realm Driver


External authentication & authorization support is built
-
in


Using Realm Driver for Authentication Only?


Simply configure authentication in WebFOCUS 8 Console

51

Migrating to WebFOCUS 8

Managed Reporting Realm Driver Configurations


Using Realm Driver for Authorization?


During migration, external authorization data is read


UDR security policies are created


Effective security policy is identical after migration


However, WebFOCUS 8 no longer looks at external data

52

Migrating to WebFOCUS 8

Managed Reporting Realm Driver Migration Planning


What If I Need to Authorizing to External Data?


LDAP

or
Active Directory


Switch to the LDAP mapping feature


RDBMS


SQL updates to WebFOCUS 8 repository not supported


RDBMS mapping feature (roadmap)


Use
RESTful

web services (planned for 8.0.01)


Custom Security


Java plug
-
in interface for
authN
/
authZ

mapping (roadmap)

53

Please create a support case

to get assistance with any migration topic

Summary

54

WebFOCUS 8 Technical Overview

Summary


Rich Portal and Tool Interfaces


Replace Dashboard and Java Applet UIs


Integrated Repository Based on IBFS


Single fully localizable repository for MR, BIP, RC


Full control of content organization and security policy


Resource templates simplify security policy creation


Enhanced Content Publishing and Sharing


External Authorization Built
-
in


WebFOCUS 8.0.00 Requires 7.7.04 Report Server


Migration Utilities Streamline Upgrade



55

56