Xi4 ips admin_en

3,226 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,226
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Xi4 ips admin_en

  1. 1. Information platform services Administrator Guide■ Information platform services 4.0 Feature Pack 32012-03-14
  2. 2. © 2011 SAP AG. All rights reserved.SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAPBusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein asCopyrightwell as their respective logos are trademarks or registered trademarks of SAP AG in Germany andother countries.Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports,Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and servicesmentioned herein as well as their respective logos are trademarks or registered trademarks of BusinessObjects Software Ltd. Business Objects is an SAP company.Sybase and Adaptive Server, iAnywhere,Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well astheir respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAPcompany. All other product and service names mentioned are the trademarks of their respectivecompanies. Data contained in this document serves informational purposes only. National productspecifications may vary.These materials are subject to change without notice. These materials areprovided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only,without representation or warranty of any kind, and SAP Group shall not be liable for errors oromissions with respect to the materials. The only warranties for SAP Group products and servicesare those that are set forth in the express warranty statements accompanying such products andservices, if any. Nothing herein should be construed as constituting an additional warranty.2012-03-14
  3. 3. ContentsGetting Started......................................................................................................................13Chapter 1About this help.......................................................................................................................131.1Who should use this help?.....................................................................................................131.1.1About Information platform services.......................................................................................131.1.2Variables................................................................................................................................141.1.3Before you start.....................................................................................................................141.2Key concepts.........................................................................................................................151.2.1Key administrative tools.........................................................................................................151.2.2Key tasks...............................................................................................................................161.2.3Architecture...........................................................................................................................19Chapter 2Architecture overview............................................................................................................192.1System overview....................................................................................................................192.1.1Databases..............................................................................................................................202.1.2Servers..................................................................................................................................212.1.3Web application servers.........................................................................................................222.1.4Language support..................................................................................................................232.1.5Authentication and single sign-on...........................................................................................242.1.6SAP integration......................................................................................................................262.1.7Lifecycle management (LCM).................................................................................................272.1.8Integrated version control.......................................................................................................272.1.9Upgrade path.........................................................................................................................272.1.10Conceptual tiers.....................................................................................................................282.2Services and servers..............................................................................................................292.3Services.................................................................................................................................312.3.1Service categories.................................................................................................................332.3.2Server types..........................................................................................................................342.3.3Server categories...................................................................................................................352.3.4Client applications..................................................................................................................372.4Central Configuration Manager (CCM)...................................................................................372.4.1Upgrade management tool.....................................................................................................372.4.2Web application clients..........................................................................................................382.4.32012-03-143
  4. 4. Process Workflows................................................................................................................392.5Startup and authentication.....................................................................................................392.5.1Program objects.....................................................................................................................412.5.2Managing Licenses...............................................................................................................43Chapter 3Managing License keys..........................................................................................................433.1To view license information....................................................................................................433.1.1To add a license key...............................................................................................................433.1.2To view current account activity.............................................................................................443.1.3Measuring licenses................................................................................................................443.2To run a license audit.............................................................................................................453.2.1Managing Users and Groups................................................................................................47Chapter 4Account management overview..............................................................................................474.1User management..................................................................................................................474.1.1Group management...............................................................................................................494.1.2Available authentication types ...............................................................................................504.1.3Managing Enterprise and general accounts............................................................................524.2To create a user account........................................................................................................524.2.1To modify a user account.......................................................................................................534.2.2To delete a user account........................................................................................................544.2.3To create a new group...........................................................................................................544.2.4To modify a groups properties...............................................................................................554.2.5To view group members.........................................................................................................554.2.6To add subgroups..................................................................................................................554.2.7To specify group membership................................................................................................564.2.8To delete a group...................................................................................................................564.2.9To enable the Guest account.................................................................................................574.2.10Adding users to groups..........................................................................................................574.2.11Changing password settings..................................................................................................594.2.12Granting access to users and groups.....................................................................................604.2.13Controlling access to user inboxes.........................................................................................614.2.14Configuring BI launch pad options..........................................................................................614.2.15Managing aliases...................................................................................................................654.3To create a user and add a third-party alias............................................................................654.3.1To create a new alias for an existing user...............................................................................664.3.2To assign an alias from another user......................................................................................664.3.3To delete an alias...................................................................................................................674.3.4To disable an alias..................................................................................................................674.3.52012-03-144Contents
  5. 5. Setting Rights........................................................................................................................69Chapter 5How rights work in Information platform services...................................................................695.1Access levels.........................................................................................................................695.1.1Advanced rights settings........................................................................................................705.1.2Inheritance.............................................................................................................................715.1.3Type-specific rights................................................................................................................765.1.4Determining effective rights...................................................................................................775.1.5Managing security settings for objects in the CMC................................................................785.2To view rights for a principal on an object...............................................................................795.2.1To assign principals to an access control list for an object......................................................795.2.2To modify security for a principal on an object........................................................................805.2.3To set rights on a top-level folder in Information platform services.........................................805.2.4Checking security settings for a principal...............................................................................815.2.5Working with access levels....................................................................................................835.3Choosing between View and View On Demand access levels...............................................855.3.1To copy an existing access level............................................................................................865.3.2To create a new access level.................................................................................................875.3.3To rename an access level.....................................................................................................875.3.4To delete an access level.......................................................................................................875.3.5To modify rights in an access level.........................................................................................885.3.6Tracing the relationship between access levels and objects...................................................895.3.7Managing access levels across sites......................................................................................895.3.8Breaking inheritance...............................................................................................................905.4To disable inheritance.............................................................................................................915.4.1Using rights to delegate administration...................................................................................925.5Choosing between Modify the rights users have to objects options.......................................935.5.1Owner rights..........................................................................................................................955.5.2Summary of recommendations for rights administration.........................................................955.6Securing Information platform services................................................................................97Chapter 6Security overview ..................................................................................................................976.1Disaster recovery planning.....................................................................................................976.2General recommendations for securing your deployment.......................................................986.3Configuring security for bundled third-party servers...............................................................996.4Active trust relationship..........................................................................................................996.5Logon tokens.........................................................................................................................996.5.1Ticket mechanism for distributed security.............................................................................1006.5.2Sessions and session tracking.............................................................................................1006.6CMS session tracking..........................................................................................................1016.6.12012-03-145Contents
  6. 6. Environment protection........................................................................................................1016.7Web browser to web server.................................................................................................1026.7.1Web server to Information platform services........................................................................1026.7.2Auditing security configuration modifications........................................................................1026.8Auditing web activity............................................................................................................1036.9Protection against malicious logon attempts.........................................................................1036.9.1Password restrictions...........................................................................................................1036.9.2Logon restrictions................................................................................................................1046.9.3User restrictions..................................................................................................................1046.9.4Guest account restrictions...................................................................................................1046.9.5Processing extensions.........................................................................................................1056.10Overview of Information platform services data security.......................................................1056.11Data processing security modes..........................................................................................1066.11.1Cryptography in Information platform services......................................................................1086.12Working with cluster keys....................................................................................................1086.12.1Cryptographic Officers.........................................................................................................1116.12.2Managing cryptographic keys in the CMC............................................................................1126.12.3Configuring servers for SSL.................................................................................................1166.13Creating key and certificate files..........................................................................................1176.13.1Configuring the SSL protocol...............................................................................................1196.13.2Understanding communication between Information platform services components.............1236.14Overview of Information platform services servers and communication ports.......................1236.14.1Communication between Information platform services components ...................................1266.14.2Configuring BI platform for firewalls......................................................................................1336.15To configure the system for firewalls....................................................................................1336.15.1Debugging a firewalled deployment......................................................................................1366.15.2Examples of typical firewall scenarios...................................................................................1386.16Example - Application tier deployed on a separate network..................................................1386.16.1Example - Thick client and database tier separated from Information platform services serversby a firewall..........................................................................................................................1406.16.2Firewall settings for integrated ERP environments................................................................1436.17Specific firewall guidelines for SAP integration.....................................................................1436.17.1Firewall configuration for JD Edwards EnterpriseOne integration..........................................1456.17.2Specific firewall guidelines for Oracle EBS...........................................................................1476.17.3Firewall configuration for PeopleSoft Enterprise integration .................................................1486.17.4Firewall configuration for Siebel integration..........................................................................1506.17.5Information platform services and reverse proxy servers .....................................................1516.18Supported reverse proxy servers ........................................................................................1526.18.1Understanding how web applications are deployed .............................................................1526.18.2Configuring reverse proxy servers for Information platform services web applications..........1526.19Detailed instructions for configuring reverse proxy servers..................................................1536.19.12012-03-146Contents
  7. 7. To configure the reverse proxy server..................................................................................1536.19.2To configure Apache 2.2 reverse proxy server for Information platform services .................1546.19.3To configure WebSEAL 6.0 reverse proxy server for Information platform services .............1546.19.4To configure Microsoft ISA 2006 for Information platform services .....................................1556.19.5Special configuration for Information platform services in reverse proxy deployments..........1576.20Enabling reverse proxy for Information platform services Web Services...............................1576.20.1Enabling the root path for session cookies for ISA 2006......................................................1586.20.2Enabling reverse proxy for SAP BusinessObjects Live Office...............................................1596.20.3Authentication.....................................................................................................................161Chapter 7Authentication options in Information platform services .......................................................1617.1Primary authentication..........................................................................................................1627.1.1Security plug-ins..................................................................................................................1637.1.2Single sign-on to Information platform services....................................................................1647.1.3Enterprise authentication......................................................................................................1667.2Enterprise authentication overview.......................................................................................1667.2.1Enterprise authentication settings.........................................................................................1667.2.2To change Enterprise settings..............................................................................................1677.2.3Enabling Trusted Authentication...........................................................................................1697.2.4Configuring Trusted Authentication for the web application..................................................1707.2.5LDAP authentication............................................................................................................1797.3Using LDAP authentication..................................................................................................1797.3.1Configuring LDAP authentication..........................................................................................1817.3.2Mapping LDAP groups.........................................................................................................1927.3.3Windows AD authentication.................................................................................................1967.4Overview..............................................................................................................................1967.4.1Preparing for AD authentication (Kerberos)..........................................................................2007.4.2AD authentication single sign-on..........................................................................................2107.4.3Mapping AD groups and configuring AD authentication........................................................2207.4.4Troubleshooting Windows AD authentication.......................................................................2257.4.5SAP authentication...............................................................................................................2277.5Configuring SAP authentication ...........................................................................................2277.5.1Creating a user account for Information platform services....................................................2287.5.2Connecting to SAP entitlement systems..............................................................................2297.5.3Setting SAP Authentication options.....................................................................................2317.5.4Importing SAP roles.............................................................................................................2367.5.5Setting up single sign-on to the SAP system........................................................................2397.5.6PeopleSoft authentication....................................................................................................2437.6Overview..............................................................................................................................2437.6.1Enabling PeopleSoft Enterprise authentication......................................................................2437.6.2Mapping PeopleSoft roles to Information platform services..................................................2447.6.32012-03-147Contents
  8. 8. Scheduling user updates......................................................................................................2477.6.4Using the PeopleSoft Security Bridge..................................................................................2497.6.5JD Edwards authentication...................................................................................................2607.7Overview..............................................................................................................................2607.7.1Enabling JD Edwards EnterpriseOne authentication..............................................................2607.7.2Mapping JD Edwards EnterpriseOne roles to Information platform services.........................2617.7.3Scheduling user updates......................................................................................................2647.7.4Siebel authentication............................................................................................................2667.8Enabling Siebel authentication..............................................................................................2667.8.1Mapping roles to Information platform services....................................................................2677.8.2Scheduling user updates......................................................................................................2707.8.3Oracle EBS authentication...................................................................................................2727.9Enabling Oracle EBS authentication......................................................................................2727.9.1Mapping Oracle E-Business Suite roles to Information platform services.............................2737.9.2Unmapping roles .................................................................................................................2787.9.3Customizing rights for mapped Oracle EBS groups and users .............................................2797.9.4Automated user updates......................................................................................................2807.10Scheduling user updates......................................................................................................2807.10.1Server Administration..........................................................................................................283Chapter 8Server Administration...........................................................................................................2838.1Working with the Servers management area in the CMC.....................................................2838.1.1Managing servers by using scripts on Windows ..................................................................2878.1.2Managing servers on Unix....................................................................................................2878.1.3Managing License keys........................................................................................................2878.1.4Measuring licenses..............................................................................................................2898.1.5Viewing and changing a servers status................................................................................2908.1.6Adding, cloning, or deleting servers......................................................................................2958.1.7Clustering Central Management Servers..............................................................................2988.1.8Managing server groups.......................................................................................................3028.1.9Assessing your systems performance.................................................................................3068.1.10Configuring server settings..................................................................................................3088.1.11Configuring server network settings.....................................................................................3128.1.12Managing Nodes..................................................................................................................3208.1.13Renaming a computer in an Information platform services deployment.................................3418.1.14Managing server and node placeholders..............................................................................3418.1.15Managing Web Application Container Servers (WACS).....................................................343Chapter 9WACS.................................................................................................................................3439.1Web Application Container Server (WACS).........................................................................3439.1.12012-03-148Contents
  9. 9. Adding or removing additional WACS to your deployment...................................................3469.1.2Adding or removing services to WACS................................................................................3509.1.3Configuring HTTPS/SSL......................................................................................................3519.1.4Supported authentication methods.......................................................................................3559.1.5Configuring AD Kerberos for WACS ...................................................................................3569.1.6Configuring AD Kerberos single sign-on ..............................................................................3629.1.7WACS and your IT environment...........................................................................................3649.1.8Troubleshooting...................................................................................................................3669.1.9WACS properties.................................................................................................................3709.1.10Backing up and Restoring...................................................................................................373Chapter 10Hot backups.........................................................................................................................37310.1Enabling hot backups...........................................................................................................37310.2To enable hot backups.........................................................................................................37410.2.1Copying your system..........................................................................................................375Chapter 11Overview of system copying................................................................................................37511.1Terminology.........................................................................................................................37511.2Use cases............................................................................................................................37511.3Planning to copy your system...............................................................................................37711.4Considerations and limitations..............................................................................................37811.5System copy procedure.......................................................................................................38011.6To perform a system copy export from a source system......................................................38011.6.1To perform a system copy import to a target system...........................................................38311.6.2Lifecycle Management........................................................................................................385Chapter 12About promotion management.............................................................................................38512.1Version Management System settings for Lifecycle Management Console.........................38512.2Version Management System Supported Options ..............................................................39112.2.1Configuring ClearCase on BI Platform..................................................................................39112.2.2Creating and Configuring SubVersion Repository Manually..................................................39212.2.3BIAR Engine Command-Line Tool.........................................................................................39312.3Using a properties file .........................................................................................................39612.3.1To use the BIAR Engine Command-Line Tool.......................................................................40012.3.2Monitoring...........................................................................................................................403Chapter 13About Monitoring.................................................................................................................40313.1Monitoring terms..................................................................................................................40313.2Architecture.........................................................................................................................40413.2.1Cluster support for monitoring server...................................................................................40713.32012-03-149Contents
  10. 10. Metrics................................................................................................................................40813.4Configuration properties.......................................................................................................41213.5JMX end point URL..............................................................................................................41513.5.1Integrating with other applications........................................................................................41613.6Integrating the monitoring application with IBM Tivoli............................................................41713.6.1Integrating the monitoring application with SAP Solution Manager ......................................42013.6.2Creating Universe for Derby Database.................................................................................42013.7Troubleshooting...................................................................................................................42113.8Dashboard...........................................................................................................................42113.8.1Alerts...................................................................................................................................42213.8.2Watchlist..............................................................................................................................42213.8.3Probes.................................................................................................................................42313.8.4Metrics................................................................................................................................42313.8.5Graph...................................................................................................................................42413.8.6Auditing...............................................................................................................................425Chapter 14Overview..............................................................................................................................42514.1CMC Auditing page.............................................................................................................43114.2Auditing Status Summary.....................................................................................................43114.2.1Configuring Auditing events.................................................................................................43314.2.2Auditing Data Store configuration settings...........................................................................43514.2.3Audit events.........................................................................................................................43614.3Audit events and details.......................................................................................................44514.3.1Supportability......................................................................................................................461Chapter 15Logging traces from components.........................................................................................46115.1Trace log levels....................................................................................................................46115.2Configuring tracing for servers.............................................................................................46215.3To set the server trace log level in the CMC........................................................................46315.3.1To set the trace log level for multiple servers managed in the CMC.....................................46315.3.2To configure server tracing through the BO_trace.ini file......................................................46415.3.3Configuring tracing for web applications...............................................................................46715.4To set the web application trace log level in the CMC..........................................................46715.4.1To manually modify tracing settings through the BO_trace.ini file.........................................46815.4.2Configuring tracing for Upgrade management tool...............................................................47315.5To configure tracing for Upgrade management tool..............................................................47315.5.1Command line administration.............................................................................................475Chapter 16Command lines overview.....................................................................................................47516.1To view or modify a servers command line..........................................................................47516.1.12012-03-1410Contents
  11. 11. Standard options for all servers............................................................................................47516.2UNIX signal handling............................................................................................................47616.2.1Central Management Server................................................................................................47616.3Job servers..........................................................................................................................47816.4Adaptive Processing Server.................................................................................................47916.5Input and Output File Repository Servers.............................................................................47916.6Rights appendix...................................................................................................................481Chapter 17About the rights appendix.....................................................................................................48117.1General rights......................................................................................................................48117.2Rights for specific object types............................................................................................48417.3Folder rights.........................................................................................................................48417.3.1Categories...........................................................................................................................48417.3.2Notes...................................................................................................................................48517.3.3Users and groups.................................................................................................................48517.3.4Access levels.......................................................................................................................48617.3.5Applications.........................................................................................................................48717.3.6Server properties appendix.................................................................................................489Chapter 18About the server properties appendix...................................................................................48918.1Common server properties..................................................................................................48918.1.1Core Services properties.....................................................................................................49218.1.2Server metrics.....................................................................................................................505Chapter 19About the Server Metrics Appendix.....................................................................................50519.1Common Server Metrics .....................................................................................................50519.1.1Central Management Server metrics....................................................................................50819.1.2File Repository Server Metrics.............................................................................................51219.1.3Adaptive Processing Server metrics.....................................................................................51319.1.4Web Application Container Server metrics...........................................................................51919.1.5Adaptive Job Server metrics................................................................................................52019.1.6Nodes and placeholders.....................................................................................................523Chapter 20Server and node placeholders..............................................................................................52320.1Auditing Database Schema Appendix.................................................................................537Chapter 21Overview..............................................................................................................................53721.1Schema diagram..................................................................................................................53721.2Auditing Data Store Tables..................................................................................................53821.32012-03-1411Contents
  12. 12. More Information.................................................................................................................549Appendix AIndex 5512012-03-1412Contents
  13. 13. Getting Started1.1 About this helpThis help provides you with information and procedures for deploying and configuring your Informationplatform services system. Procedures are provided for common tasks. Conceptual information andtechnical details are provided for all advanced topics.For daily maintenance tasks and procedures for working with the CMC, see the Information platformservices Administrators Guide.For information about installing this product, see the Information platform services Installation Guide.1.1.1 Who should use this help?This help covers deployment and configuration tasks. We recommend consulting this guide if you are:• planning your first deployment• configuring your first deployment• making significant changes to the architecture of an existing deployment• improving your systems performance.This help is intended for system administrators who are responsible for configuring, managing, andmaintaining an Information platform services installation. Familiarity with your operating system andyour network environment is beneficial, as is a general understanding of web application servermanagement and scripting technologies. However, to assist all levels of administrative experience, thishelp aims to provide sufficient background and conceptual information to clarify all administrative tasksand features.1.1.2 About Information platform services2012-03-1413Getting Started
  14. 14. Information platform services is a flexible, scalable, and reliable solution for delivering powerful, interactivereports to end users via any web application—intranet, extranet, Internet or corporate portal. Whetherit is used for distributing weekly sales reports, providing customers with personalized service offerings,or integrating critical information into corporate portals, Information platform services delivers tangiblebenefits that extend across and beyond the organization. As an integrated suite for reporting, analysis,and information delivery, Information platform services provides a solution for increasing end-userproductivity and reducing administrative efforts.1.1.3 VariablesThe following variables are used throughout this guide.DescriptionVariableThe directory where Information platform services is installed.On a Windows computer, the default directory is C:Program Files(x86)SAP BusinessObjects.<INSTALLDIR>The name of your Unix operating system. Acceptable values are:• aix_rs6000_64• linux_x64• solaris_sparcv9• hpux_ia64<PLATFORM64DIR>The directory where scripts for administering Information platform services arelocated.On a Windows computer, the directory is <INSTALLDIR>SAPBusinessObjects Enterprise XI 4.0win64_x64scripts.On a Unix computer, the directory is <INSTALLDIR>/sap_bobj/enterprise_xi40/<PLATFORM64DIR>/scripts.<SCRIPTDIR>1.2 Before you start2012-03-1414Getting Started
  15. 15. 1.2.1 Key conceptsSAP BusinessObjects Business Intelligence (BI) platform uses the terms “service” and “server” to referto the two types of software running on a BI platform computer.A service is a server subsystem that performs a specific function. The service runs in the memory spaceof its server, under the process ID of the parent container (server). For example, the SAPBusinessObjects Web Intelligence Scheduling Service is a subsystem that runs on the Adaptive JobServer.A server is a process at the operating system level (on some systems, called a daemon) that hosts oneor more services. For example, the Central Management Server (CMS) and Adaptive Processing Serverare servers. A server runs on a specific operating system account and has its own PID.A node is a collection of BI platform servers running on the same host and managed by the same ServerIntelligence Agent (SIA). One or more nodes can be on a single host.BI platform can be installed on one computer, spread across different computers on an intranet, orseparated over a wide area network (WAN).1.2.2 Key administrative tools1.2.2.1 Central Management Console (CMC)The Central Management Console (CMC) is a web-based tool that you use to perform administrativetasks (including user, content, and server management) and to configure security settings. Becausethe CMC is a web-based application, you can perform all of the administrative tasks in a web browseron any computer that can connect to the web application server.All users can log on to the CMC to change their own preference settings. Only members of theAdministrators group can change management settings, unless a user is explicitly granted rights to doso. Roles can be assigned in the CMC to grant user privileges to perform minor administrative tasks,such as managing users in your group and managing reports in folders that belong to your team.2012-03-1415Getting Started
  16. 16. 1.2.2.2 Central Configuration Manager (CCM)The Central Configuration Manager (CCM) is a server troubleshooting and node configuration toolprovided in two forms. In a Microsoft Windows environment, the CCM allows you to manage local andremote servers through its graphical user interface (GUI) or command line.You use the CCM to create and configure nodes and to start or stop your web application server, if itis the default bundled Tomcat web application server. On Windows, it also allows you to configurenetwork parameters, such as Secure Socket Layer (SSL) encryption. These parameters apply to allservers within a node.Note:Most server management tasks are now handled through the CMC, not through the CCM. The CCMis now used for troubleshooting and node configuration.1.2.2.3 Upgrade management toolUpgrade management tool (formerly Import Wizard) is installed as a part of Information platform services,and guides administrators through the process of importing users, groups, and folders from previousversions of Information platform services. It also allows you to import and upgrade objects, events,server groups, repository objects, and calendars.For information on upgrading from a previous version of Information platform services, see the Informationplatform services Upgrade Guide.1.2.3 Key tasksDepending on your situation, you may want to focus on specific sections of this help, and there maybe other resources available for you. For each of the following situations, there is a list of suggestedtasks and reading topics.Related Topics• Planning or performing your first deployment• Configuring your deployment• Improving your systems performance• Central Management Console (CMC)2012-03-1416Getting Started
  17. 17. 1.2.3.1 Planning or performing your first deploymentIf you are planning or performing your first deployment of Information platform services, perform thefollowing tasks and read the recommended topics:• “Architecture overview”• “Communication between Information platform services components”• “Security overview”• “Authentication options in Information platform services”, if you plan to use third-party authentication• After installation, “Server Administration”For more information about installing this product, see the Information Platform Services InstallationGuide.Related Topics• Architecture overview• Communication between Information platform services components• Security overview• Authentication options in Information platform services• Server Administration1.2.3.2 Configuring your deploymentIf you have just completed your installation of Information platform services and need to perform initialconfiguration tasks, such as firewall configuration and user management, it is recommended that youread the following sections.Related Topics• Server Administration• Security overview• About Monitoring2012-03-1417Getting Started
  18. 18. 1.2.3.3 Improving your systems performanceIf you want to assess your deployments efficiency and fine-tune it to maximize resources, read thefollowing sections and perform the tasks described:• “About Monitoring” if you want to monitor your existing system• “Server Administration” for daily maintenance tasks and procedures for working with servers in theCMCRelated Topics• About Monitoring• Server Administration1.2.3.4 Working with objects in the CMCIf you are working with objects in the CMC, read the following sections:• For information about setting up users and groups in the CMC, see “Account Management Overview”.• To set security on objects, see “How rights work in Information platform services”.• For general information about working with objects, see the Information platform services CMC Help.Related Topics• Account management overview• How rights work in Information platform services2012-03-1418Getting Started
  19. 19. Architecture2.1 Architecture overviewThis section outlines the overall platform architecture, system, and service components that make upthe Information platform services Business Intelligence (BI) platform. The information helps administratorsunderstand the system essentials and help to form a plan for the system deployment, management,and maintenance.Information platform services is designed for high performance across a broad spectrum of user anddeployment scenarios. For example, specialized platform services handle either on-demand data accessand report generation, or report scheduling based on times and events. You can offload processorintensive scheduling and processing by creating dedicated servers to host specific services. Thearchitecture is designed to meet the needs of virtually any BI deployment, and is flexible enough togrow from several users with a single tool, to tens of thousands of users with multiple tools and interfaces.To provide flexibility, reliability, and scalability, Information platform services components can be installedon one or across many machines. You can even install two different versions of Information platformservices simultaneously on the same computer, although this configuration is only recommended aspart of the upgrade process or testing purposes.Server processes can be “vertically scaled” (where one computer runs several, or all, server-sideprocesses) to reduce cost, or “horizontally scaled” (where server processes are distributed betweentwo or more networked machines) to improve performance. It is also possible to run multiple, redundant,versions of the same server process on more than one machine, so that processing can continue if theprimary process encounters a problem.2.1.1 System overviewInformation platform services is a Business Intelligence (BI) platform that provides enterprise levelanalysis and reporting tools. Data can be analyzed from any of a large number of supported databasesystems (including text or multi-dimensional OLAP systems) and BI reports can be published in manydifferent formats to many different publishing systems.The following diagram illustrates how Information platform services fits in with your organizationsinfrastructure.2012-03-1419Architecture
  20. 20. Information platform services reports from a read-only connection to your organizations databases,and uses its own databases for storing its configuration, auditing, and other operational information.The BI reports created by the system can be sent to a variety of destinations, including file systems,and email, or accessed through web sites or portals.Information platform services is a self-contained system that can exist on a single machine (for example,as a small development or pre-production test environment) or can be scaled up into a cluster of manymachines that run different components (for example, as a large-scale production environment).2.1.2 DatabasesInformation platform services uses several different databases.• Reporting databaseThis refers to your organizations information. It is the source information analyzed and reported onby Information platform services. Most commonly, the information is stored within a relationaldatabase, but it can also be contained within text files, Microsoft Office documents, or OLAP systems.• CMS system databaseThe CMS system database is used to store Information platform services information, such as user,server, folder, document, configuration, authorization, and authentication details. It is maintained bythe Central Management Server (CMS), and is sometimes referred to as the system repository.• Auditing Data Store2012-03-1420Architecture
  21. 21. The Auditing Data Store (ADS) is used to store information on trackable events that occur inInformation platform services. This information can be used to monitor the usage of systemcomponents, user activity, or other aspects of day-to-day operation.• Lifecycle Management databaseThe Lifecycle Management database tracks configuration and version information related to anInformation platform services installation, as well as updates.• Monitoring databaseMonitoring uses the Java Derby database to store system configuration and component informationfor SAP supportability.If you do not have a database server in place for use with the CMS system and Auditing Data Storedatabases, the Information platform services installation program can install and configure one for you.It is recommended that you evaluate your requirements against information from your database servervendor to determine which supported database would best suit your organizations requirements.2.1.3 ServersInformation platform services consists of collections of servers running on one or more hosts. Smallinstallations (such as test or development systems) can use a single host for a web application server,database server, and all Information platform services servers.Medium and large installations can have servers running on multiple hosts. For example, a webapplication server host can be used in combination with an Information platform services server host.This frees up resources on the Information platform services server host, allowing it to process moreinformation than if it also hosted the web application server.Large installations can have several Information platform services server hosts working together in acluster. For example, if an organization has a large number of SAP Crystal Reports users, CrystalReports processing servers can be created on multiple Information platform services server hosts toensure that there are plenty of resources available to process requests from clients.The advantages of having multiple servers include:• Improved performanceMultiple Information platform services server hosts can process a queue of reporting informationfaster than a single Information platform services server host.• Load balancingIf a server is experiencing a higher load than the other servers in a cluster, the CMS automaticallysends new work to a server with better resources.• Improved availabilityIf a server encounters an unexpected condition, the CMS automatically re-routes work to differentservers until the condition is corrected.2012-03-1421Architecture
  22. 22. 2.1.4 Web application serversA web application server acts as the translation layer between a web browser or rich application, andInformation platform services. Web application servers running on Windows, Unix, and Linux aresupported.The following web application servers are supported:• JBoss• Oracle Application Server• SAP NetWeaver AS Java• Tomcat• WebLogic• WebSphereFor a detailed list of supported web application servers, consult the Supported Platforms Guide availableat: http://service.sap.com/bosap-support.If you do not have a web application server in place for use with Information platform services, theinstallation program can install and configure a Tomcat 6 web application server for you. It isrecommended that you evaluate your requirements against information from your web application servervendor to determine which supported web application server would best suit your organizationsrequirements.Note:When configuring a production environment, it is recommended that the web application server is hostedon a separate system. Running Information platform services and a web application server on the samehost in a production environment may decrease performance.2.1.4.1 Web Application Container Service (WACS)A web application server is required to host Information platform services web applications.If you are an advanced Java web application server administrator with advanced administration needs,use a supported Java web application server to host Information platform services web applications. Ifyou will be using a supported Windows operating system to host Information platform services, andprefer a simple web application server installation process, or you do not have the resources to administera Java web application server, you can install the Web Application Container Service (WACS) wheninstalling Information platform services.WACS is an Information platform services server that allows Information platform services webapplications, such as the Central Management Console (CMC) and Web Services, to run without theneed for a previously installed Java web application server.2012-03-1422Architecture
  23. 23. Using WACS to provides a number of advantages:• WACS requires a minimum effort to install, maintain, and configure. It is installed and configured bythe Information platform services installation program, and no additional steps are required to startusing it.• WACS removes the need for Java application server administration and maintenance skills.• WACS provides an administrative interface that is consistent with other Information platform servicesservers.• Like other Information platform services servers, WACS can be installed on a dedicated host.Note:There are some limitations to using WACS instead of a dedicated Java web applications server:• WACS is only available on supported Windows operating systems.• Custom web applications cannot be deployed to WACS, as it only supports the web applicationsinstalled with Information platform services.• WACS cannot be used with an Apache load balancer.It is possible to use a dedicated web application server in addition to WACS. This allows your dedicatedweb application server to host custom web applications, while the CMC and other Information platformservices web applications are hosted by WACS.2.1.5 Language supportInformation platform services products are translated into many different languages and supports datain an even broader selection of languages.Product interfaces are available in the following languages:• Czech• Simplified Chinese• Traditional Chinese• Danish• Dutch• English• Finnish• French• German• Italian• Japanese• Korean• Norwegian Bokmal• Polish• Portuguese• Russian2012-03-1423Architecture
  24. 24. • Spanish• Swedish• ThaiIn addition to supporting data in any of the languages available in the interface, the following charactersets are also supported:• Greek• Malaysian• Hebrew• Arabic• Romanian• Vietnamese• Hungarian• Turkish• Hindi2.1.6 Authentication and single sign-onSystem security is managed by the Central Management Server (CMS), security plug-ins, and third-partyauthentication tools, such as SiteMinder or Kerberos. These components authenticate users andauthorize user access for Information platform services, its folders, and other objects.The following user authentication single sign-on security plug-ins are available:• Enterprise (default), including Trusted Authentication support for third-party authentication.• LDAP• Windows Active Directory (AD)When using an Enterprise Resource Planning (ERP) system, single sign-on is used to authenticateuser access to the ERP system so that reports can be against ERP data. The following userauthentication single sign-on for ERP systems are supported:• SAP ERP and Business Warehouse (BW)• Oracle E-Business Suite (EBS)• Siebel Enterprise• JD Edwards Enterprise One• PeopleSoft Enterprise2.1.6.1 Security plug-ins2012-03-1424Architecture
  25. 25. Security plug-ins automate account creation and management by allowing you to map user accountsand groups from third-party systems into Information platform services. You can map third-party useraccounts to existing Enterprise user accounts, or you can create new Enterprise user accounts thatcorrespond to each mapped entry in the external system.The security plug-ins dynamically maintain third-party user and group listings. So, once you map aLightweight Directory Access Protocol (LDAP) or Windows Active Directory (AD) group to Informationplatform services, all users who belong to that group can log into Information platform services.Subsequent changes to the third-party group memberships are automatically propagated.Information platform services supports the following security plug-ins:• Enterprise security plug-inThe Central Management Server (CMS) handles security information, such as user accounts, groupmemberships, and object rights that define user and group privileges. This is known as Enterpriseauthentication.Enterprise authentication is always enabled; it cannot be disabled. Use the system default EnterpriseAuthentication if you prefer to create distinct accounts and groups for use with Information platformservices, or if you have not already set up a hierarchy of users and groups on an LDAP or WindowsAD server.Trusted Authentication is a component of Enterprise authentication that integrates with third-partysingle sign-on solutions, including Java Authentication and Authorization Service (JAAS). Applicationsthat have established trust with the Central Management Server can use Trusted Authentication toallow users to log on without providing their passwords.• LDAP security plug-in• Windows ADNote:Although a user can configure Windows AD authentication for Information platform services andcustom applications through the CMC, the CMC does not support Windows AD authentication withNTLM. The only methods of authentication that the CMC support are Windows AD with Kerberos,LDAP, Enterprise, and Trusted Authentication.2.1.6.2 Enterprise Resource Planning (ERP) integrationAn Enterprise Resource Planning (ERP) application supports the essential functions of an organizationsprocesses by collecting real-time information related to day-to-day operations. SAP BusinessObjectsBusiness Intelligence platform supports single sign-on and reporting from a number of ERP systems.See the SAP BusinessObjects BI 4.0 Product Availability Matrix (PAM) , available at http://service.sap.com/pam.SAP ERP and BW support is installed by default. Use the Custom / Expand installation option to deselectSAP integration support if you do not want support for SAP ERP or BW. Support for other ERP systems2012-03-1425Architecture
  26. 26. is not installed by default. Use the "Custom / Expand" installation option to select and install integrationfor non-SAP ERP systems.To configure ERP integration, see the SAP BusinessObjects Business Intelligence Platform AdministratorGuide.2.1.7 SAP integrationInformation platform services integrates with your existing SAP infrastructure with the following SAPtools:• SAP System Landscape Directory (SLD)The system landscape directory of SAP NetWeaver is the central source of system landscapeinformation relevant for the management of your software life-cycle. By providing a directorycomprising information about all installable software available from SAP and automatically updateddata about systems already installed in a landscape, you get the foundation for tool support to plansoftware life-cycle tasks in your system landscape.The Information platform services installation program registers the vendor and product names andversions with the SLD, as well as server and front-end component names, versions, and location.• SAP Solution ManagerThe SAP Solution Manager is a platform that provides the integrated content, tools, and methodologiesto implement, support, operate and monitor an organizations SAP and non-SAP solutions.Non-SAP software with an SAP-certified integration is entered into a central repository and transferredautomatically to your SAP System Landscape Directories (SLD). SAP customers can then easilyidentify which version of third-party product integration has been certified by SAP within their SAPsystem environment. This service provides additional awareness for third-party products besidesour online catalogs for third-party products.SAP Solution Manager is available to SAP customers at no extra charge, and includes direct accessto SAP support and SAP product upgrade path information. For more information on SLD, see“Registration of Information platform services in the System Landscape” in the Information platformservices Administrator Guide.• CTS Transport (CTS+)The Change and Transport System (CTS) helps you to organize development projects in ABAPWorkbench and in Customizing, and then transport the changes between the SAP systems in yoursystem landscape. As well as ABAP objects, you can also transport Java objects (J2EE, JEE) andSAP-specific non-ABAP technologies (such as Web Dynpro Java or SAP NetWeaver Portal) in yourlandscape.• Monitoring with CA Wily IntroscopeCA Wily Introscope is a web application management product that delivers the ability to monitor anddiagnose performance problems that may occur within Java-based SAP modules in production,2012-03-1426Architecture
  27. 27. including visibility into custom Java applications and connections to back-end systems. It allows youto isolate performance bottlenecks in NetWeaver modules including individual Servlets, JSPs, EJBs,JCO’s, Classes, Methods and more. It offers real-time, low-overhead monitoring, end-to-endtransaction visibility, historical data for analysis or capacity planning, customizable dashboards,automated threshold alarms, and an open architecture to extend monitoring beyond NetWeaverenvironments.2.1.8 Lifecycle management (LCM)Lifecycle management (LCM) refers to a set of processes involved in managing an installations productinformation. It establishes procedures for governing the installation of Information platform services todevelopment, test, production, or maintenance environments.Information platform services Lifecycle Manager is a web-based tool that enables you to move BI objectsfrom one system to another system, without affecting the dependencies of those objects. It also enablesyou to manage different versions, manage dependencies, or roll back a promoted object to its previousstate.The LCM tool is a plug-in for Information platform services. You can promote a BI object from onesystem to another system only if the same version of the application is installed on both the source anddestination systems.For more information, see the Information platform services Lifecycle management console UsersGuide.2.1.9 Integrated version controlThe files that make up SAP BusinessObjects Business Intelligence platform on a server system arenow kept under version control. The installation program will install and configure the Subversion versioncontrol system, or you can enter details to use an existing Subversion or ClearCase version controlsystem.A version control system makes it possible to keep and restore different revisions of configuration andother files, which means it is always possible to revert the system to a known state from any time in thepast.2.1.10 Upgrade path2012-03-1427Architecture
  28. 28. Its possible to upgrade from a previous release of Information platform services, but you must firstinstall Information platform services 4.0, then migrate the settings and data from your existing systemwith the Upgrade management tool.For information on how to upgrade from a previous version, see the Information platform servicesUpgrade Guide.2.2 Conceptual tiersInformation platform services can be thought of as a series of conceptual tiers:• Web tierThe web tier contains web applications deployed to a Java web application server. Web applicationsprovide Information platform services functionality to end users through a web browser. Examplesof web applications include the Central Management Console (CMC) administrative web interfaceand BI launch pad.The web tier also contains Web Services. Web Services provides Information platform servicesfunctionality to software tools via the web application server, such session authentication, userprivilege management, scheduling, search, administration, reporting, and query management.• Management tierThe management tier coordinates and controls all of the components that make up Informationplatform services. It is comprised of the Central Management Server (CMS). The CMS providesmaintains security and configuration information, sends service requests to servers, managesauditing, and maintains the CMS system database.• Processing tier2012-03-1428Architecture
  29. 29. The processing tier analyzes data and produces reports. This is the only tier that accesses thedatabases that contain report data.• Storage tierThe storage tier is responsible to handling files, such as documents and reports. The Input FileRepository Server manages files that contain information to be used in reports. The Output FileRepository Server manages reports created by the system. The storage tier also handles reportcaching to save system resources when users access reports.2.3 Services and serversInformation platform services uses the terms “server” and “service” to refer to the two types of softwarerunning on an Information platform services computer.A service is a server subsystem that performs a specific function. The service runs within the memoryspace of its server under the process ID of the parent container (server). For example, the InteractiveAnalysis Scheduling and Publishing Service is a subsystem that runs on the Adaptive Job Server.A server is used to describe an operating system level process (on some systems, this is referred toas a daemon) hosting one or more services. For example, the Central Management Server (CMS) andAdaptive Processing Server are servers. A server runs under a specific operating system account andhas its own PID.A node is a collection of Information platform services servers running on the same host and managedby the same Server Intelligence Agent (SIA). One or more nodes can be on a single host.Information platform services can be installed on a single computer, spread across different computerson an intranet, or separated over a wide area network (WAN).Services, servers, nodes, and hostsThe following diagram shows a hypothetical installation of Information platform services. The numberof hosts, nodes, servers and services—and the type of servers and services—varies in actualinstallations.2012-03-1429Architecture
  30. 30. Two hosts form the cluster named ProductionBISystem, which has two hosts:• The host named HostAlpha has Information platform services installed and is configured with twonodes:• NodeMercury contains an Adaptive Job Server (NodeMercury.AJS) with services to scheduleand publish reports, an Input File Repository Server (NodeMercury.IFRS) with a service tostore input reports, and an Output File Repository Server (NodeMercury.OFRS) with a serviceto store report output.• NodeVenus contains an Adaptive Processing Server (NodeVenus.APS) with services to providepublishing, monitoring, and translation features, an Adaptive Processing Server (NodeVenus.APS2) with a service to provide client auditing, and a Central Management Server(NodeVenus.CMS) with a service to provide the CMS services.• The host named HostBeta has Information platform services installed and is configured with threenodes:• NodeMars contains a Central Management Server (NodeMars.CMS) with a service to providethe CMS services.Having the CMS on two computers enables load balancing and mitigation and failover capabilities.2012-03-1430Architecture
  31. 31. • NodeJupiter contains a Interactive Analysis Processing Server (NodeJupiter.InteractiveAnalysis) with a service to provide Interactive Analysis reporting, and an Event Server (NodeJupiter.EventServer) to provide report monitoring of files.• NodeSaturn contains an Adaptive Processing Server (NodeSaturn.APS) with a service toprovide client auditing.Related Topics• Server Administration2.3.1 ServicesWhen adding servers, you must include some services on the Adaptive Job Server—for example, theDestination Delivery Scheduling Service.Note:New services or server types may be added in future maintenance releases.Service descriptionServer typeService categoryServiceProvides synchroniza-tion of updates for third-party security pluginsAdaptive Job ServerCore ServicesAuthentication UpdateScheduling ServiceProvides server, user,session management,and security (authoriza-tion and authentication)management. At leastone Central Manage-ment Service must beavailable in a cluster forthe cluster to operate.Central ManagementServerCore ServicesCentral ManagementServiceRuns scheduled jobsand publishes the re-sults to a given outputlocation, such as thefile system, FTP, email,or a users inboxAdaptive Job ServerCore ServicesDestination DeliveryScheduling Service2012-03-1431Architecture
  32. 32. Service descriptionServer typeService categoryServiceMaintains published re-port and program ob-jects that can be usedin the generation ofnew reports when aninput file is receivedInput File RepositoryServerCore ServicesInput Filestore ServiceProvides ClearCasesupport for LCMAdaptive ProcessingServerLifecycle ManagementServicesLifecycle ManagementClearCase ServiceRuns scheduled Lifecy-cle Management jobsAdaptive Job ServerLifecycle ManagementServicesLifecycle ManagementScheduling ServiceLifecycle ManagementCore serviceAdaptive ProcessingServerLifecycle ManagementServicesLifecycle ManagementServiceProvides monitoringfunctionsAdaptive ProcessingServerCore ServicesMonitoring ServiceProvides access tomulti-dimensional On-line Analytical Process-ing (OLAP) data; con-verts the raw data intoXML, which can berendered into Excel,PDF, or AdvancedAnalysis (formerly Voy-ager) crosstabs andchartsAdaptive ProcessingServerAdvanced AnalysisServicesMulti DimensionalAnalysis ServiceMaintains collection ofcompleted documentsOutput File RepositoryServerCore ServicesOutput Filestore Ser-viceProvides scheduledProbe jobs and publish-es the results to a givenoutput locationAdaptive Job ServerCore ServicesProbe Scheduling Ser-viceRuns programs thathave been scheduledto run at a given timeAdaptive Job ServerCore ServicesProgram SchedulingServiceProvides session han-dling for RESTful WebService requests.Web Application Con-tainer Server (WACS)Core ServicesRESTful Web ServiceRuns scheduled Securi-ty Query jobsAdaptive Job ServerCore ServicesSecurity QueryScheduling Service2012-03-1432Architecture
  33. 33. Service descriptionServer typeService categoryServiceSAP Single Sign-OnsupportAdaptive ProcessingServerCore ServicesSecurity Token ServiceWeb Services onWACSWeb Application Con-tainer ServerCore ServicesWeb Services SDK andQaaWSRelated Topics• Service categories• Server types2.3.2 Service categoriesNote:New services or server types may be added in future maintenance releases.Server typeServiceService categoryAdaptive Processing ServerMulti Dimensional Analysis Ser-viceAdvanced Analysis ServicesAdaptive Job ServerAuthentication Update Schedul-ing ServiceCore ServicesCentral Management ServerCentral Management ServiceCore ServicesAdaptive Processing ServerClient Auditing Proxy ServiceCore ServicesAdaptive Job ServerDestination Delivery SchedulingServiceCore ServicesInput File Repository ServerInput Filestore ServiceCore ServicesAdaptive Processing ServerMonitoring ServiceCore ServicesOutput File Repository ServerOutput Filestore ServiceCore ServicesAdaptive Job ServerProbe Scheduling ServiceCore ServicesAdaptive Job ServerProgram Scheduling ServiceCore ServicesWeb Application ContainerServer (WACS)RESTful Web ServiceCore Services2012-03-1433Architecture
  34. 34. Server typeServiceService categoryAdaptive Job ServerSecurity Query Scheduling Ser-viceCore ServicesAdaptive Processing ServerSecurity Token ServiceCore ServicesAdaptive Processing ServerLifeCycle ManagementClearCase ServiceLifecycle Management ServicesAdaptive Job ServerLifecycle ManagementScheduling ServiceLifecycle Management ServicesAdaptive Processing ServerLifecycle Management ServiceLifecycle Management ServicesRelated Topics• Services• Server types2.3.3 Server typesNote:New services or server types may be added in future maintenance releases.Service categoryServiceServer typeCore ServicesAuthentication Update Schedul-ing ServiceAdaptive Job ServerCore ServicesDestination Delivery SchedulingServiceAdaptive Job ServerLifecycle Management ServicesLifecycle ManagementScheduling ServiceAdaptive Job ServerCore ServicesProbe Scheduling ServiceAdaptive Job ServerCore ServicesProgram Scheduling ServiceAdaptive Job ServerCore ServicesSecurity Query Scheduling Ser-viceAdaptive Job ServerCore ServicesClient Auditing Proxy ServiceAdaptive Processing Server2012-03-1434Architecture
  35. 35. Service categoryServiceServer typeLifecycle Management ServicesLifecycle ManagementClearCase ServiceAdaptive Processing ServerLifecycle Management ServicesLifecycle Management ServiceAdaptive Processing ServerCore ServicesMonitoring ServiceAdaptive Processing ServerAdvanced Analysis ServicesMulti Dimensional Analysis Ser-viceAdaptive Processing ServerCore ServicesSecurity Token ServiceAdaptive Processing ServerCore ServicesCentral Management ServiceCentral Management ServerCore ServicesDashboard Analytics ServiceDashboard Analytics ServerCore ServicesInput Filestore ServiceInput File Repository ServerCore ServicesOutput Filestore ServiceOutput File Repository ServerCore ServicesRESTful Web ServiceWeb Application ContainerServer (WACS)Related Topics• Services• Service categories2.3.4 Server categoriesServers are collections of services running under a Server Intelligence Agent (SIA) on a host. The typeof server is denoted by the services running within it. Servers can be created in the Central ManagementConsole (CMC). The following table lists the different types of servers that can be created in the CMC.2012-03-1435Architecture
  36. 36. DescriptionServer categoriesGeneral server that processes scheduled jobs. When you add a Job serverto the Information platform services system, you can configure the Jobserver to process reports, documents, programs, or publications and sendthe results to different destinations.Adaptive Job ServerA generic server that hosts services responsible for processing requestsfrom a variety of sources.Note:The installation program installs one Adaptive Processing Server (APS) perhost system. Depending on the features that youve installed, this APS mayhost a large number of services, such as the Monitoring Service, LifecycleManagement Service, Multi-Dimensional Analysis Service (MDAS), Publish-ing Service, and others.If you are installing a production environment, do not use the default APS.Instead, it is highly recommended that once the installation process iscomplete, you perform a system sizing to determine:• The type and number of APS services.• The distribution of services across multiple APS servers.• The optimal number of APS servers. Multiple APS servers provide re-dundancy, better performance, and higher reliability.• The distribution of APS servers across multiple nodes.Create new APS server instances as determined by the sizing process.For example, if the outcome of your sizing happens to suggest the creationof one APS for each service category, then may end up creating eight APSservers. One for each service category: Advanced Analysis Services,Connectivity Services, Core Services, Crystal Reports Services, DashboardsServices, Data Federation Services, Lifecycle Management Services, andInteractive Analysis Services.Adaptive ProcessingServerMaintains a database of information about your Information platform servicessystem (in the CMS system database) and audited user actions (in theAuditing Data Store). All platform services are managed by the CMS. TheCMS also controls access to the system files where documents are stored,and information on users, user groups, security levels (including authenti-cation and authorization), and content.Central ManagementServer (CMS)Responsible for the creation of file system objects, such as exported reports,and imported files in non-native formats. An Input FRS stores report andprogram objects that have been published to the system by administratorsor end users. An Output FRS stores all of the report instances generatedby the Job Server.File Repository Server2012-03-1436Architecture
  37. 37. 2.4 Client applicationsYou can interact with Information platform services using two different types of desktop applications:• Desktop applicationsThese applications must be installed on a supported Microsoft Windows operating system, and canprocess data and create reports locally.Desktop clients allow you to offload some BI report processing onto individual client computers.Most desktop applications directly access your organizations data through drivers installed on thedesktop, and communicate with your Information platform services deployment through CORBA orencrypted CORBA SSL.• Web applicationsThese applications are hosted by a web application server and can be accessed with a supportedweb browser on Windows, Macintosh, Unix, and Linux operating systems.This allows you to provide business intelligence (BI) access to large groups of users, without thechallenges of deploying desktop software products. Communication is conducted over HTTP, withor without SSL encryption (HTTPS).2.4.1 Central Configuration Manager (CCM)The Central Configuration Manager (CCM) is a server troubleshooting and node configuration toolprovided in two forms. In a Microsoft Windows environment, the CCM allows you to manage local andremote servers through its graphical user interface (GUI) or command line.You use the CCM to create and configure nodes and to start or stop your web application server, if itis the default bundled Tomcat web application server. On Windows, it also allows you to configurenetwork parameters, such as Secure Socket Layer (SSL) encryption. These parameters apply to allservers within a node.Note:Most server management tasks are now handled through the CMC, not through the CCM. The CCMis now used for troubleshooting and node configuration.2.4.2 Upgrade management toolUpgrade management tool (formerly Import Wizard) is installed as a part of Information platform services,and guides administrators through the process of importing users, groups, and folders from previous2012-03-1437Architecture
  38. 38. versions of Information platform services. It also allows you to import and upgrade objects, events,server groups, repository objects, and calendars.For information on upgrading from a previous version of Information platform services, see the Informationplatform services Upgrade Guide.2.4.3 Web application clientsWeb application clients reside on a web application server, and are accessed on a client machine webbrowser. Web applications are automatically deployed when you install Information platform services.Web applications are easy for users to access from a web browser, and communication can be securedwith SSL encryption if you plan to allow users access from outside your organizations network.Java web applications can also be reconfigured or deployed after the initial installation by using thebundled WDeploy command-line tool, which allows you to deploy web applications to a web applicationserver in two ways:1. Standalone modeAll web application resources are deployed to a web application server that serves both dynamicand static content. This arrangement is suitable for small installations.2. Split modeThe web applications static content (HTML, images, CSS) is deployed to a dedicated web server,while dynamic content (JSPs) is deployed to a web application server. This arrangement is suitablefor larger installations that will benefit from the web application server being freed up from servingstatic web content.For more information about WDeploy, see the Information platform services Web Application DeploymentGuide.2.4.3.1 Central Management Console (CMC)The Central Management Console (CMC) is a web-based tool that you use to perform administrativetasks (including user, content, and server management) and to configure security settings. Becausethe CMC is a web-based application, you can perform all of the administrative tasks in a web browseron any computer that can connect to the web application server.All users can log on to the CMC to change their own preference settings. Only members of theAdministrators group can change management settings, unless a user is explicitly granted rights to doso. Roles can be assigned in the CMC to grant user privileges to perform minor administrative tasks,such as managing users in your group and managing reports in folders that belong to your team.2012-03-1438Architecture
  39. 39. 2.5 Process WorkflowsWhen tasks are performed such as logging in or scheduling an object, information flows through thesystem and the servers communicate with each other. The following section describes some of theprocess flows as they would happen in the Information platform services system.2.5.1 Startup and authentication2.5.1.1 Logging on to Information platform servicesThis workflow describes a user logging on to a Information platform services web application such asthe Central Management Console (CMC) from a web browser.1. The browser (web client) sends the login request via the web server to the web application server,where the web application is running.2. The web application server determines that the request is a logon request. The web applicationserver sends the username, password, and authentication type to the CMS for authentication.3. The CMS validates the username and password against the appropriate database. In this case,Enterprise authentication is used, and user credentials are authenticated against the CMS systemdatabase).4. Upon successful validation, the CMS creates a session for the user in memory.5. The CMS sends a response to the web application server to let it know that the validation wassuccessful.6. The web application server generates a logon token for the user session in memory. For the rest ofthis session, the web application server uses the logon token to validate the user against the CMS.The web application server generates the next web page to send to the web client.7. The web application server sends the next web page to the web server.8. The web server sends the web page to the web client where it is rendered in the users browser.2.5.1.2 SIA start-up2012-03-1439Architecture
  40. 40. A Server Intelligence Agent (SIA) can be configured to start automatically with the host operating system,or can be started manually with Central Configuration Manager (CCM).A SIA retrieves information about the servers it manages from a Central Management Server (CMS).If the SIA uses a local CMS, and that CMS is not running, the SIA starts the CMS. If a SIA uses a remoteCMS, it attempts to connect to the CMS.Once a SIA is started, the following sequence of events is performed.1. The SIA looks in its cache to locate a CMS.a. If the SIA is configured to start a local CMS, and the CMS is not running, the SIA starts the CMSand connects.b. If the SIA is configured to use a running CMS (local or remote), it attempts to connect to the firstCMS in its cache. If the CMS is not currently available, it attempts to connect to the next CMSin the cache. If none of the cached CMSs are available, the SIA waits for one to become available.2. The CMS confirms the SIAs identity to ensure that it is valid.3. Once the SIA has successfully connected to a CMS, it requests a list of servers to manage.Note:A SIA does not store information about the servers it manages. The configuration information thatdictates which server is managed by a SIA is stored in the CMS system database and is retrievedfrom the CMS by the SIA when it starts.4. The CMS queries the CMS system database for a list of servers managed by the SIA. Theconfiguration for each server is also retrieved.5. The CMS returns the list of servers, and their configuration, to the SIA.6. For each server configured to start automatically, the SIA starts it with the appropriate configurationand monitors its state. Each server started by the SIA is configured to use the same CMS used bythe SIA.Any servers not configured to start automatically with the SIA will not start.2.5.1.3 SIA shutdownYou can automatically stop the Server Intelligence Agent (SIA) by shutting down the host operatingsystem, or you can manually stop the SIA in the Central Configuration Manager (CCM).When the SIA shuts down, the following steps are performed.• The SIA tells the CMS that it is shutting down.a. If the SIA is stopping because the host operating system is shutting down, the SIA requests itsservers to stop. Servers that do not stop within 25 seconds are forcefully terminated.b. If the SIA is being stopped manually, it will wait for the managed server to finish processingexisting jobs. Managed servers will not accept any new jobs. Once all jobs are complete, theservers stop. Once all servers have stopped, the SIA stops too.2012-03-1440Architecture
  41. 41. Note:During a forced shutdown, the SIA tells all managed servers to stop immediately.2.5.2 Program objects2.5.2.1 A scheduled program object runsThis workflow describes the process of a scheduled program object running at a scheduled time.1. The Central Management Server (CMS) checks the CMS system database to determine if there isany scheduled SAP Crystal report to be run at that time.2. When scheduled job time arrives, the CMS locates an available Program Scheduling Service runningon an Adaptive Job Server. The CMS sends the job information to the Program Scheduling Service.3. The Program Scheduling Service communicates with the Input File Repository Server (FRS) toobtain the program object.Note:This step also requires communication with the CMS to locate the required server and objects.4. The Program Scheduling Service launches the program.5. The Program Scheduling Service updates the CMS periodically with the job status. The currentstatus is Processing.6. The Program Scheduling Service sends a log file to the Output FRS. The Output FRS notifies theProgram Scheduling Service that the object was scheduled successfully by sending an object logfile.Note:This step also requires communication with the CMS to locate the required server and objects.7. The Program Scheduling Service updates the CMS with the job status. The current status is Success.8. The CMS updates the job status in its memory and then writes the instance information to the CMSsystem database.2.5.2.2 Setting a schedule for a program objectThis workflow describes the process of a user scheduling a program object to be run at a future timefrom a web application such as the Central Management Console (CMC).2012-03-1441Architecture
  42. 42. 1. The user sends the schedule request from the web client via the the web server to the web applicationserver.2. The web application server interprets the request and determines that the request is a schedulerequest. The web application server sends the schedule time, database login values, parametervalues, destination, and format to the specified Central Management Server (CMS).3. The CMS ensures that the user has rights to schedule the object. If the user has sufficient rights,the CMS adds a new record to the CMS system database. The CMS also adds the instance to itslist of pending schedules.4. The CMS sends a response to the web application server to let it know that the schedule operationwas successful.5. The web application server generates the next HTML page and sends it via the web server to theweb client.2012-03-1442Architecture
  43. 43. Managing Licenses3.1 Managing License keysThis section describes how to manage license keys for your Information platform services deployment.Related Topics• To add a license key• To view license information• To view current account activity3.1.1 To view license informationThe License Keys management area of the CMC identifies the number of role-based (BI Viewer andBI Analyst), concurrent, named, and processor licenses that are associated with each key.1. Go to the License Keys management area of the CMC.2. Select a license key.The details associated with the key appear in the License Key Information area. To purchaseadditional license keys, contact your SAP sales representative.Related Topics• Managing License keys• To add a license key• To view license information3.1.2 To add a license key2012-03-1443Managing Licenses

×