best practices - change management, enterprise security, disaster recovery & more
TRANSCRIPT
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 1/28
Session 1 –Track 3
Best Practices: Change Management, Enterprise Security, Disaster Recovery &
More
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 2/28
Agenda
• Introductions
• Review standard architecture and identify common points offailure
• Evaluate common clustering and architecture design models to
assess points of failure• Demystify BO Enterprise security design and present security
modeling best practices
• Introduction to auditing in BOE
• Finally review governance processes surrounding BI-DLC (BI
Development Life Cycle)• Q&A
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 3/28
Introductions
• Customer Ambassador: Shahid Iqbal, Program Manager,Scotiabank Enterprise Data Warehouse
• Tom Wolniewicz, Senior BI / DW Solutions Architect,BroadstreetData
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 4/28
Standard Architecture
• Web Server
• Web Application Server
• BOE Enterprise Application (XI 3.1)• CMS
• FRS• Additional Components (PIK, LCM, Metadata Manager, Live
Office, etc.)
• Databases• Repository
• Audit• LCM/Metadata Manager
• Reporting
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 5/28
Standard Architecture
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 6/28
Standard Architecture
All on one server
Pros:
• Ease of initial setup
• Ease of migration (e.g. DEV -> QA -> PROD)
• Ease of patching/installing updates
Cons:
• Lack of fault tolerance (every component is a point of failure)
• Lack of scalability/load balancing
Recommended Use: Non-production environment e.g.Development/QA/Test
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 7/28
Clustering
Main Reasons to Cluster Server Components:
• Fault Tolerance
• Load Balancing
• Process Balancing• Geographical Distribution and Performance
• Disaster Recovery
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 8/28
Clustering
Items which need to be considered when clustering:
• Virtual or Physical Hardware & Locations
• Web/Application Servers
• BOE Services• Licensing
• Databases (Repository, Audit, LCM, Metadata Manager,Reporting)
• AD/LDAP Services (if AD/LDAP authentication is used)
• Network Storage (NAS/SAN)
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 9/28
Clustering
Design Pattern #1: Clustering for Performance Tuning – 1 Server
• 1 x Web/Application Server
• 1 x SIA (Server Intelligence Agent)
• N x BOE Services (e.g. multiple Web Intelligence ProcessingServer)
• Repository & Reporting Databases on dedicated DB Server
• Network Storage (NAS/SAN)
• AD/LDAP Server
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 10/28
Clustering
Design Pattern #1: Clustering for Performance Tuning – 1 Server
User HTTP/App Server
BOE XI 3.1
Databases:• Repository• Reporting
• Other (LCM, etc)
NAS/SAN• FRS
(Input/Output Storage)
Active DiretctoryLDAP
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 11/28
Clustering
Design Pattern #2: Clustering for Fault Tolerance
• N x Web/Application Server
• N x SIA (Server Intelligence Agent)
• N x BOE Services (e.g. multiple Web Intelligence ProcessingServer)
• Repository & Reporting Databases on dedicated DB Server
• Network Storage (NAS/SAN)
• AD/LDAP Server
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 12/28
Clustering
Design Pattern #2: Clustering for Fault Tolerance
User
HTTP/App Server
BOE XI 3.1
Databases:• Repository• Reporting• Other (LCM, etc)
NAS/SAN• FRS
(Input/Output Storage)
Active Diretctory
LDAP
Reverse Proxy/ Load Balancing Appliance
HTTP/App Server
BOE XI 3.1
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 13/28
Clustering
Design Pattern #3: Disaster Recovery
• 1 x Active Web/Application Server w/ Stand-by
• 1 x SIA (Server Intelligence Agent) w/ Stand-by
• N x BOE Services (e.g. multiple Web Intelligence ProcessingServer)
• Repository & Reporting Databases on dedicated DB Server w/ Replication to DR DB
• Network Storage (NAS/SAN) w/ Replication to DR Environment
• AD/LDAP Server w/ Replication to DR Envirionment
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 14/28
Clustering
Design Pattern #3: Disaster Recovery
User
HTTP/App Server
BOEXI 3.1
Databases:• Repository• Reporting• Other (LCM, etc)
NAS/SAN• FRS
(Input/Output Storage)
Active Diretctory
LDAP
HTTP/App Server
BOEXI 3.1
Databases:• Repository• Reporting• Other (LCM, etc)
NAS/SAN• FRS
(Input/Output Storage)
Active Diretctory
LDAP
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 15/28
Security
BOE Security Modeling Approach Case Study
• Using Access Levels (Custom definition) to manage rights
• Functional Security (Applications)
• Content Security (Folders/Universes/Inbox)• Global (root level rights)
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 16/28
Security
Custom User Access Levels:
• All User Rights (Report Consumer)
• Power User Rights (Report Edit/Create)
• Developer User Rights (Full Client/Crystal/Universe)• Delegated Admin User Rights (Manage Folder Content/Schedule)
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 17/28
Security
Group Structure
• Define Global Group with Sub groups for Content Security
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 18/28
Security
Folder Security
• Assign Security using Groups and Custom Access Control List
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 19/28
Security
User Management
• Managing Users by Groups:
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 20/28
Auditing
• Using Audit Database we can Log various activities as defined inthe CMC:
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 21/28
Auditing
• A BO Universe “Activity” can then be utilized on the BOE Audit
Database:
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 22/28
Auditing
BO Enterprise SDK can also be utilized for Security Audits toautomate tasks like the following:
• Group Membership User Mappings
• Group to Folder and Rights Mappings
• Object to Folder Mappings
• Finding Exceptions – Empty Groups
– Empty Folders
– Inactive Users
– Security Group Memberships (Administrators, other secured content groups)
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 23/28
Auditing
SDK Example: Retrieve list of all users:
private static String outputReport(IInfoStore infoStore) {
String out = "UserID,User\n";
String query = "select * from CI_SYSTEMOBJECTS where si_kind='User' order by si_name";
IInfoObjects iList = null;
try {
iList = infoStore.query(query);for (int i=0; i<iList.size(); i++) {
IInfoObject item = (IInfoObject) iList.get(i);
out = out + item.getID() + "," + item.getTitle() + "\n";
}
}
catch (Exception e) {
System.out.println(e.getMessage());
}
return out;
}
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 24/28
Development Life Cycle
SAP BusinessObjects LifeCycle Manager provides a framework forLandscape migration and Versioning
• Can be implemented in one of two models: – Clustered Deployment
– Isolated Deployment
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 25/28
Development Life Cycle
Clustered Deployment Isolated Deployment
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 26/28
Development Life Cycle
5/13/2018 Best Practices - Change Management, Enterprise Security, Disaster Recovery & More - slidepdf.com
http://slidepdf.com/reader/full/best-practices-change-management-enterprise-security-disaster-recovery-more 27/28
Reference ResourcesBusiness Objects XI 3.1 Administrator’s Guide:
http://help.sap.com/businessobject/product_guides/boexir31/en/xi3-1_bip_admin_en.pdf
Business Objects XI 3.1 Pattern Book for Windows:
https://websmp202.sap-ag.de/~sapidb/011000358700000532872009E/xi31_bip_pattern_win_en.pdf
Business Objects Enterprise Sizing Guide:
http://www.sdn.sap.com/irj/boc/go/portal/prtroot/docs/library/uuid/e01588cd-c73e-2b10-018c-
fe083bc6e05e?QuickLink=index&overridelayout=true
Business Objects Enterprise Deployment Planning Guide:
https://websmp202.sap-ag.de/~sapidb/011000358700001647142008E/xi3-1_bip_deploy_plan_en.pdf
Business Objects Backup and Recovery Best Practice Guide:
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c0020482-ca8d-2c10-9bad-d1bd332bbb28?QuickLink=index&overridelayout=true
Business Objects Monitoring Guide:
http://help.sap.com/businessobject/product_guides/boexir3/en/xi3_monitoring_guide_en.pdf