Configuring SharePoint 2013 for BI scenarios


Published on

Configuring SharePoint 2013 for BI is not just clicking next in the configuration wizard but it needs some special attention with configuring service applications and of course we cannot forget about configuring Kerberos delegation.

We take a look at configuring PerformancePoint, PowerPivot, Reporting Services in SharePoint integrated mode and everything you need to know to successfully configure BI services.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The xVelocity in-memory analytics engine is the next generation of the VertiPaq™ engine that was introduced in SQL Server 2008 R2, with PowerPivot for Excel 2010 and PowerPivot for SharePoint 2010. Vertipaq™ is an in-memory columnstore engine that achieves breakthrough performance for analytic queries by employing techniques such as columnar storage, state-of-the-art compression, in-memory caching and highly parallel data scanning and aggregation algorithms. In SQL Server 2012, the xVelocity in-memory analytics engine has been enhanced to support both self-service BI (PowerPivot) as well as corporate BI (Analysis Services tabular mode) scenarios.The xVelocity engine has two usage scenarios in the context of Business Intelligence:Information workers can use PowerPivot for Excel to integrate data from a number of sources, cleanse and model the data, enrich the data with business logic, analyze the data and build reports and visualizations. Since PowerPivot uses the xVelocity engine under the covers, information workers are not limited by the restrictions of Excel. They can work with several millions of rows of data and still benefit from split-second response times.BI developers and IT professionals can use SQL Server Data Tools to create an Analysis Services Tabular project and build a BI Semantic Model. The model can contain data from a number of sources, business logic expressed in the form of DAX calculations, role-based security and large data volumes that can be managed using partitions in the xVelocity engine. When the model is deployed to an Analysis Services server, information workers can use tools like Excel and Power View to interact with the model and achieve split-second response times from the xVelocity engine.
  • Configuring SharePoint 2013 for BI scenarios

    2. 2. sponsors
    3. 3. ROBI VONČINA MVP, MCSE, MCT • Degree in economics • Started as MS Office instructor • System administrator • I started working with SharePoint from 2003 version on • Leader of SloSPUG
    4. 4. Agenda Authentication
    5. 5. The Microsoft BI framework Personal BI Team BI Organizational BI My Context Our Context The Org’s Context BI solution created by user. Context is only for user & exists as document. BI Solution created by power user. Context is for a small team & it’s managed on a server. BI Solution created by IT, Established corporate context & is reusable, scalable and backed up.
    6. 6. Yesterday’s challenges • User authentication • Claims vs. Classic mode • Service application architecture • Inconsistencies across BI features • Identity Delegation Authentication Service Application • Constrained delegation limitations • Kerberos • Configuration • Production Support Delegation Kerberos
    7. 7. Today’s opportunity • User authentication • Claims vs. Classic mode • Service application architecture • Inconsistencies across BI features • Identity Delegation • Constrained delegation limitations • Kerberos • Configuration • Production Support
    8. 8. What to know • Claims authentication • Claims first design • BI architecture consistency • SQL reporting services is now a service application • Kerberos RBCD • Resource based constrained delegation across domain & forest • BISM & EffectiveUsername • SQL reporting services is now a service application
    9. 9. Claims in SharePoint 2013 • Web applications are claims enabled by default • Classic mode authentication is now deprecated • New PowerShell commandlets to convert to claims authentication • PowerPivot, SQL reporting services, dashboard designer all work with claims enabled sites • BI service applications require windows-claims for outbound windows identity delegation • Claims-to-Windows Token Services (C2WTS) only leveraged when identity provider is Windows
    11. 11. Excel Services family requirements Office Pro Plus license xVelocity model enabled as required SharePoint Enterprise CAL PowerPivot add-in included, must be enabled Included on SP media PowerView and-in included, enabled as needed Requires AS SP Mode for xVelocity and Power View interactivity Deploys as service application SQL Server BI or Enterprise Deploys as SQL service on independent servers Load balancing performed by Excel Services Requires AS SP Mode and Excel Services Deploys as SP Service application
    12. 12. Reporting Services requirements Integrated Mode Deploys as SP service application Alerting Self service subscriptions Power View Required for BISM/Power View
    13. 13. PerformancePoint requirements Deploys as SP service application For analytic charts/grids
    14. 14. Installing SharePoint BI Components Excel Services PerformancePoint Other Stuff Reporting Services PowerPivot Analysis Services
    15. 15. Standard 2 server farm FE Profile Excel Services Search ……. DB SSAS SSIS SharePoint Foundation SQL Server Server OS Server OS
    16. 16. BI integration – 2 server farm WFE Profile Excel Services Search ……. SSRS PP DB SSAS SSIS SharePoint Foundation SQL Server Server OS Server OS
    17. 17. Demo Environment L-DC01 L-SP03 L-SQL L-W801
    19. 19. Accounts • Application Pool – DEVsp2013_app_pool • Application pool account for web applications (content) • Claims to windows token service account – DEVsp2013_c2wts • Special permissions for this account on SP box • Constrained Kerberos delagation • SharePoint BI Account – DEVsp2013_bi • Constrained Kerberos delegation
    20. 20. Claims to Windows Token Service $accntc2wt = Get-SPManagedAccount -Identity DEVsp2013_c2wts $farm=get-spfarm $c2wt=$farm.Services |where {$ -eq "c2wts"} $c2wt.ProcessIdentity.CurrentIdentityType="SpecificUser" $c2wt.ProcessIdentity.ManagedAccount=$accntc2wt $c2wt.ProcessIdentity.Update() • #Add dependency - bug cmd.exe /c "sc config c2wts depend= CryptSvc"
    21. 21. Claims to Windows Token Service Permissions • Local Admin • Secpol.msc
    22. 22. Microsoft BI light-up story for SharePoint 2013
    23. 23. EXCEL SERVICES
    24. 24. New Excel Services Application $biAppPool=Get-SPManagedAccount -Identity xnetdevsp13_bi $biApplicationPool = New-SPServiceApplicationPool -Name BI_AppPool -Account $biAppPool -Verbose #Excel $ExcelServis=Get-SPServiceInstance |where {$_.TypeName -eq "Excel Calculation Services"} if($ExcelServis.status -eq "Disabled") { $ExcelServis | Start-SPServiceInstance } while(-not($ExcelServis.status -eq "Online")) { write-host -ForegroundColor Yellow $ExcelServis.status;sleep 5; $ExcelServis=Get-SPServiceInstance |where {$_.TypeName -eq "Excel Calculation Services"} } New-SPExcelServiceApplication -Name ExcelService -ApplicationPool $biApplicationPool Verbose -Default
    25. 25. SETUP AND CONFIGURATION Analysis Services SharePoint mode
    26. 26. PowerPivot Analysis Services • Can be installed on SharePoint Server or separate server that has no SharePoint Installed • Install or Uninstall the PowerPivot for SharePoint Add-in •
    27. 27. Instance name must be PowerPivot
    28. 28. SETUP AND CONFIGURATION Reporting Services SharePoint mode
    29. 29. Reporting Services 2012 Architecture • SSRS is now a SharePoint service application • WFE use the SA proxy to communicate with SSRS SA machine instances • You must have the C2WTS running on each machine instance running SSRS
    30. 30. Common issues Install-SPRSService Install-SPRSServiceProxy
    31. 31. Create new SSRS Service Application $ssrs=get-spserviceinstance -all |where {$_.TypeName -like "SQL Server Reporting*"} | Start-SPServiceInstance $biappPool=Get-SPServiceApplicationPool Identity bi_apppool $ssrssa=New-SPRSServiceApplication -Name SSRS_Service -ApplicationPool $biappPool DatabaseName SP13_SA_SA_SSRS -DatabaseServer LSQL -Verbose New-SPRSServiceApplicationProxy -Name SSRS_Proxy -ServiceApplication $ssrssa
    32. 32. Change authentication type "C:Program FilesCommon Filesmicrosoft sharedWeb Server Extensions15WebServicesReportingrsreportserver.config„ • Enable Kerberos Auth <Authentication> <AuthenticationTypes> <RSWindowsNegotiate /> </AuthenticationTypes> <EnableAuthPersistence>true</EnableAuthPersistence> </Authentication> • IISRESET
    33. 33. Service application association
    34. 34. Content Types
    35. 35. SETUP AND CONFIGURATION PowerPivot for SharePoint
    36. 36. spPowerPivot.msi • Install on all SharePoint Servers in farm Download Microsoft® SQL Server® 2012 SP1 PowerPivot® for Microsoft® SharePoint® from Official Microsoft Download Center
    37. 37. Permissions
    38. 38. PowerPivot Gallery
    39. 39. $w = Get-SPWebApplication -Identity http://NTKBI $w.GrantAccessToProcessIdentity("devsp2013_bi")
    40. 40. Using PowerPivot Gallery • Use PowerPivot Gallery •
    41. 41. Enable PowerView Integration
    42. 42. POWERVIEW Demo
    43. 43. SETUP AND CONFIGURATION PerformancePoint
    44. 44. New PerformancePoint Service Application $ppsServis=Get-SPServiceInstance |where {$_.TypeName -eq "PerformancePoint Service"} if($ppsServis.status -eq "Disabled") { $ppsServis | Start-SPServiceInstance } while(-not($ppsServis.status -eq "Online")) { write-host -ForegroundColor Yellow $ppsServis.status;sleep 5; $ppsServis=Get-SPServiceInstance |where {$_.TypeName -eq "PerformancePoint Service"} } $pps=New-SPPerformancePointServiceApplication -name PerformancePoint_Service -ApplicationPool $biApplicationPool DatabaseName "SP13_SA_PerformancePoint" -Verbose New-SPPerformancePointServiceApplicationProxy -Name PerformancePoint_proxy -ServiceApplication $pps -Default -Verbose
    45. 45. Install update • Microsoft SQL Server 2008 Analysis Services ADOMD.NET •
    46. 46. SCALING
    47. 47. Single server with BI FE Profile Indexer Search Metadata Excel Services …. SSRS SharePoint Foundation SQL Server Server OS PP
    48. 48. 2 server farm with BI WFE Profile Excel Services Search ……. SSRS PP DB SSAS SSIS SharePoint Foundation SQL Server Server OS Server OS
    49. 49. Separate roles Profile Excel Service s FE Search ……. SSRS Analysis Services – SharePoint Mode PP SharePoint Foundation SharePoint Foundation Server OS Server OS DB SSA S SQL Server Server OS SSIS SQL Server Server OS
    50. 50. BI integration – mixed roles FE Profile Crawl Metadata Excel Services SSRS PP SSS SharePoint Foundation Server OS Search SharePoint Foundation SQL Server Server OS DB SSA S Analysis Services – SharePoint Mode SSIS SQL Server Server OS Server OS
    51. 51. Scaling the BI Services Reporting Services Add Reporting Services – SharePoint to all application servers Add Reporting Services Add-In to all front end servers (+) xVelocity/Analysis Services/PowerPivot Install on standalone server for AS/SP Install on application server for both Separate PowerPivot Add-in available as a download (SQL Feature Pack)
    53. 53. SharePoint service applications Web Application Service Application Proxy Machine Instance Application Servers (machine instance) Service Instance C2WTS WF E All BI applications are SharePoint service applications
    54. 54. Service App Delegation Claims Bob Windows Claims C2WTS Claims WF E Service App Kerberos SQL
    55. 55. The Claims to Windows Token Service (C2WTS) UPN
    56. 56. C2WTS Service SSRS Example C2WTS S4U Logon SAML Kerb AD SSRS SAML Kerb Claims Bob Kerberos SAML Windows Claims WFE APP SQL
    57. 57. C2WTS Implications on Windows 2008 Act as operating system Requires Constrained Delegation
    58. 58. Kerberos • Use DNS A records for SharePoint portal • Alias/CName does not work
    59. 59. Kerberos • Create SPNs SETSPN SETSPN SETSPN SETSPN SETSPN -S -S -S -S -S MSSQLSvc/ devsql_admin MSSQLSvc/L-SQL:1433 devsql_admin MSSQLSvc/ devsql_admin MSOLAPSvc.3/ devsql_analysis MSOLAPSvc.3/L-SQL devsql_analysis SETSPN -Q HTTP/NTKBI SETSPN -L devsp2013_app_pool SETSPN -S HTTP/NTKBI devsp2013_app_pool SETSPN -S HTTP/ devsp2013_app_pool SETSPN -S SPBI/C2WTS devsp2013_c2wts SETSPN -S SPBI/BI devsp2013_BI SETSPN -X
    60. 60. Kerberos • Set up delegation for NTKBI app pool
    61. 61. Kerberos Restart server
    62. 62. Kerberos • Verify SharePoint connects to SQL with Kerberos Select s.session_id, s.login_name, s.host_name, c.auth_scheme, c.connect_time from sys.dm_exec_connections c inner join sys.dm_exec_sessions s on c.session_id = s.session_id ORDER BY c.connect_time DESC
    63. 63. Kerberos • Verify Kerberos on Windows client using • Klist • Klist purge
    64. 64. Configure Kerberos for PPS, Excel, Visio, C2WT
    65. 65. KERBEROS DEMO
    66. 66. Windows 2012 Kerberos Improvements Large Tickets Claims FAST Armoring RBCD SetSPN And More… KDC Proxy KDC Events Operations Logs Performance Counters
    67. 67. “EffectiveUserName” • EffectiveUserName • Analysis Services Feature • Pass EffectiveUserName in connection (security context) • Requires caller have Admin rights in Analysis Services • RSDS Implements EffectiveUserName
    68. 68. BI Semantic Model (BISM) BIS M
    69. 69. Health Analyzer • Good Tool, but too many false positives • PowerPivot has special rules • Correct the real problems, disable the others • How to •
    70. 70. Office Web Apps • New-SPWOPISuppressionSetting •
    71. 71. questions?