Enabling and Managing the BI Stack in SharePoint 2010


Published on

Microsoft SharePoint 2010 provides back end services and a rich web front end to support a powerful suite of business intelligence functionality. Tools like SQL Server Reporting Services, Excel Services, KPI’s, scorecards and more are baked right into SharePoint to help you surface rich data for your users. However, getting the SharePoint services up and running to support this can be a challenge. Come to this session to get a tour of the SharePoint BI stack and what it takes to get each tool configured for your developers and power users to start driving data out to the business. Special attention will be given to authentication options for each tool.

Greg Moser has been working with SharePoint and many other development technologies for over 13 years. Greg has specifically enjoyed working with SharePoint since 2003, and has helped many organizations in various industries and sectors with their SharePoint planning and implementation projects. Three random facts about Greg (two true and one false):

Greg was a starting forward on a Class A Minnesota State High School basketball champion (many moons ago).
At age 27, Greg did a one year trip around the world covering four continents and 13 countries.
Before getting into technology, Greg spent two years working as a stage hand on an off Broadway production of “Cats”.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • How many people here are using SharePoint today? What version?
  • Enabling and Managing the BI Stack in SharePoint 2010

    1. 1. Enabling and Managing the BI Stackin SharePoint 2010Greg MoserLead ConsultantMCSD, MCITP SharePoint Administrator, MCPD SharePoint Developergregm@Magenic.com
    2. 2. Agenda• Introduction – SharePoint in the MS BI Stack• Service Applications• Authentication Options• SSRS SharePoint Integration• Secure Store Service• Excel Services• PerformancePoint• Q&A
    3. 3. SharePoint and Business Intelligence• Microsoft SharePoint can do lots of things• Essentially SharePoint is a web based platform to deliver a wide range of content and functionality• Fastest growing product in Microsoft history• Today we are talking about the “Insights” part of the SharePoint wheel
    4. 4. SharePoint as BI Front End – Tools, Tools, Tools!• SSRS SharePoint integration mode• PowerView (SSRS 2012)• Excel Services / PowerPivot• Visio Services• KPI list template• Connected web parts and filtering• PerformancePoint – Scorecards, dashboards, KPIs, Excel and SSRS reportsDEMO: SharePoint BI userexperience
    5. 5. SharePoint Service Applications• Most services in SharePoint (including BI related) are provisioned as Service Applications• Can have unique configuration settings and pages• Vary depending on version of SharePoint (Foundation, Standard, Enterprise)• Can be bundled to target specific sites and audiences• Examples: – Search, Profiles, SSRS (SQL 2012), Excel Services, Secure Store, Business Connectivity Services, Word Automation, etc., etc. …
    6. 6. Service Application BundlingDefault Set – Intranet Site Custom Set – BI PortalSearch SearchProfiles ProfilesAccess Services Excel ServicesBusiness Connectivity Services PerformancePoint ServicesManaged Metadata SQL Reporting ServicesWord Automation
    7. 7. SharePoint 2010 Authentication Options• Classic – NTLM – Kerberos• Claims – Windows • NTLM • Kerberos – FBA (ASP.NET Forms Based Authentication) – Custom Note – some SP 2010 functionality does not work with Claims (such as PowerPivot and FAST Search)
    8. 8. Authentication - The “Double Hop” IssueUsing NTLM Windowsauthentication:• Client browser will authenticate to SharePoint• Authentication to second server is not allowedHow do we solve thisproblem?
    9. 9. Authentication Options for BI• Prompt for credentials (users hate it)• Windows Authentication – Kerberos (NTLM doesn’t cut it)• Trusted Authentication – Shared login credentials (Windows, SQL, Application) – SharePoint handles security at the presentation layer• Secure Store Service – Runs as service application in SharePoint – Can store shared credentials for target applications
    10. 10. Kerberos - Advantages• Faster, more efficient (less calls to domain controller)• Will pass user ticket through to second tier data sources• Easiest for the developer once it is set up on the network and servers• Just set up permissions on your backend database by user or group and everything “just works”• Is more secure than NTLM. Better protection for user tokens against impersonation attacks
    11. 11. Kerberos - Disadvantages• Can be challenging to set up. Must be configured in AD and on all servers in the solution (SharePoint, SQL and LOB servers)• Environment must support it• Doesn’t work in all situations – For example: Running reports on non-Windows tablets. Can not authenticate to a domain controller. – Running reports outside the corporate firewall without a VPN or on a non-domain computer.
    12. 12. Set Up Kerberos in SharePoint• Run web apps and application services under domain user service accounts• Run SharePoint sites in Kerberos mode (classic or claims authentication)• Set up SPNs (Service Principal Names) and delegation on SharePoint and application service accounts – SharePoint Application Pools – SQL Server, SSRS, SSAS service accounts – Other 3rd party data source service accounts For a fun weekend: Check out the SharePoint and Kerberos whitepaper at http://www.microsoft.com/en-us/download/details.aspx?id=23176
    13. 13. Scenario• CEO comes to IT and says “I want to be able to run my reports and dashboards on my iPad no matter where I am”.• Which solution will work? – NTLM – Kerberos – Trusted with Secure Store Service
    14. 14. SQL Server 2008 R2 Reporting Services• Supports Native mode and SharePoint Integration mode – SP mode reports not as fast as native mode (biggest complaint)• Works with SharePoint Foundation 2010 – this can be a great, low-cost “phase one” BI solution• SSRS runs as a Windows Service and SOAP based web service• SSRS Configuration tool used to manage the service (plus a few integration settings in SP Central Admin)• Authentication options – Windows (Kerberos required for remote data sources) – Trusted (AD accounts or SQL Logins)
    15. 15. SSRS Demo• Configure SSRS SharePoint Integration mode – SSRS Configuration tool, SSRS web service, SharePoint Add-in• Activate SSRS feature, create Reports library and add SSRS content types, create shared connection files• Running reports: – With Windows Authentication (Kerberos or NTLM) – With Trusted Authentication (AD or SQL)
    16. 16. SQL Server 2012 Reporting Services• Supports Native mode and SharePoint integrated mode• SSRS runs as a Service Application in SharePoint with WCF web services• All management is done in SharePoint.• Claims authentication used for server to server communication• PowerView is now available   – Drag and drop UI to build rich visualizations (Silverlight based)
    17. 17. Excel Services• Rich web based rendering of Excel reports• Also used to render PowerPivot reports• Kerberos works well if using Windows devices that can access a domain controller• Secure Store Service is a great option for Trusted authentication• DEMO – Excel Services Service Application set up and configuration options – Trusted connection libraries
    18. 18. Excel Services – Windows Auth• Kerberos required if source data is not on SharePoint server• View Authentication options – Desktop and Excel Services• Run a report from desktop or SharePoint• Data refresh in SharePointDEMO – create, publish and run a report withWindows Authentication
    19. 19. Secure Store Service• Replaces Single Sign On service in MOSS 2007• Provisioned as a Service Application in SharePoint 2010• Great way to solve double hop issues without Kerberos• Supported in Office desktop apps and SharePoint• Can leverage Windows or non-Windows accounts
    20. 20. Excel Services with Secure Store Service• Create ApplicationID for Excel Services – AD User, AD Group, SQL Permissions• Change report to use ApplicationID• Odc files • Save connection info as odc file in Data Connection Library for shared use • Create new reports using odc files• Data connection libraries – need to be trusted by Excel ServicesDEMO – Create Secure Store Service Application ID – Change report to use ApplicationID – Create odc file that leverages Secure Store Service to connect Excel report to source data
    21. 21. PowerPivot• Excel 2010 Add-in that allows cube like manipulation of large datasets• Nice “quick and dirty” data analysis tool if you don’t have time or budget to build OLAP cubes• Can import data from any standard OLEDB or ODBC data source• Includes powerful “slicers” to quickly filter and manipulate data
    22. 22. PowerPivot Set Up• Publishing to SharePoint requires SQL Server 2008 R2 Enterprise or newer• SharePoint must run in Classic mode• Install PowerPivot components on the SQL Server and SharePoint – Creates a special Analysis Services instance on SQL Server• Create and configure Service Application on SharePoint• Leverages Excel Services for web based report viewing• Authentication works the same as Excel Services
    23. 23. PerformancePoint Services• Robust tool to create rich reporting for publication to SharePoint.• Supports charts, grids, strategy maps, KPIs, filters, scorecards, dashboards• All reports and dashboards and published and accessed in SharePoint.• Can target a variety of data sources including OLAP cubes, tabular data sources, Excel files, SharePoint data and more• Can create dashboards that combine many report elements with click through and filtering
    24. 24. PerformancePoint Set Up• Create the Service Application and configure options• Trusted Data Source Locations – All SharePoint sites by default• Trusted Content Locations – All SharePoint sites by default• Set up Unattended Service Account – AD account required - All PP connections will run as this account • Give AD account access to backend data stores – Requires a running Secure Store Service Application – an ApplicationID entry is created automatically• Must give PerformancePoint service account read access to site collections
    25. 25. PerformancePoint Demo• Using the Dashboard Designer from SharePoint – Open from SharePoint by editing an item – Open saved Dashboard Designer project• Create new reporting content – Charts • Edit and save to SharePoint – Dashboards • Create new dashboard and add PP report objects • Publish to SharePoint and view
    26. 26. BI Authentication Best Practice Recommendation• Use Trusted / Secure Store model where possible. It offers the following advantages: – Better support for extranet / remote report access – Better support for tablet / smartphone report access – Simple security management of a few service accounts in the data tier – Site administrators / business users handle report access permissions in the presentation tier
    27. 27. Questions? Greg Moser Magenic Lead Consultant gregm@magenic.com