NTserver
NTserver
NTserver
Server Guide
TM
Version 6.0
for Windows NT
Copyright © 1999 Brio Technology, Inc., all rights reserved.
Revised and edited by Gary Sloane.
Brio Technology, Inc.
3460 West Bayshore Road
Palo Alto, CA 94303
(650) 856-8000
Refer to the Brio Technology License Agreement in this package before
installing or using the product.
If you find any errors or problems with this documentation, please notify
Brio Technology. Brio Technology does not guarantee that this document
is without error. The information in this document is subject to change
without notice.
For corrections and updates to this manual, see www.brio.com/
documentation.
Trademarks
Brio® Enterprise, BrioQuery™, BrioQuery Designer™, BrioQuery
Explorer™, BrioQuery Navigator™, Brio.Quickview™, Brio.Insight™,
BrioQuery.Server™, Brio OnDemand Server™, Brio Broadcast Server™,
and Brio Enterprise Server™ are trademarked or registered names. All
trade names of companies and products used in this book are registered
trademarks or trade names of their respective holders and are used in an
editorial fashion only, with no intention of infringement of any kind.
Apple, Macintosh, Mac, and the Macintosh OS logo are registered
trademarks of Apple Computer, Inc. and used under license. Microsoft,
Windows 95, Windows NT, and Microsoft SQL Server are registered
trademarks and Windows is a trademark of Microsoft Corporation. Sun
Solaris and Sun Sparc are registered trademarks of Sun Microsystems.
HPUX is a registered trademark of Hewlett Packard. AIX is a registered
trademark of IBM. Motif is a registered trademark of Open Software
Foundation, Inc. ORACLE and SQL*Net are registered trademarks of
Oracle Corporation. SYBASE and Open Client are registered trademarks
of Sybase, Inc. Red Brick is a trademark of Red Brick Systems. Informix is
a registered trademark of Informix Software, Inc. Essbase is a registered
trademark of Arbor Software Corporation.
Acknowledgments
This software is based in part on the work of the Independent JPEG
Group.
Part number 1200031 (Rev May 99)
Contents
Preface .......................................................................................................xi
iv Contents
Appendix A Intranet Security Considerations .............................................113
Security Recommendations .......................................................................... 113
External Security .................................................................................... 113
Internal Security ..................................................................................... 114
xi
NOTE Don’t forget to register your product online at
www.brio.com/registration.
xii Preface
1 Concepts
1
Broadcast Server
Broadcast Server is a batch processing server that automates information
processing and delivery. Broadcast Server runs documents at off-hours
and pushes the results through various distribution channels.
Centralized Processing
Broadcast Server routes query processing to a central server. This
eliminates the need to maintain redundant middleware connections on
the user desktop.
2 Chapter 1: Concepts
Off-hours Processing
Broadcast Server runs scheduled queries automatically, at appointed
times and at intervals, keeping published reports up to date. Frequently-
run queries can be off-loaded to Broadcast Server to reduce hits to the
database and conserve network bandwidth during peak periods.
Report Bursting
Broadcast Server can leverage processes to retrieve data sets based on
different needs or access privileges. Scheduled documents can run in
multiple cycles, each constrained to receive a specific data set. Documents
that require wide distribution can be scheduled once and deliver the
correct information to diverse audiences from different regions or
divisions.
Enterprise Distribution
Broadcast Server delivers reports through a wide variety of network
resources. Printers, email, network, FTP, and internet file servers can all
be configured as distribution options for reports and data sets in multiple
file formats.
Database Repository
Broadcast Server has traditionally stored documents and scheduling
information in a job repository of nine database tables. It is now possible
to store documents either in the database repository or on the BCServer
machine’s file system.
BC Listener
BC Listener is a new Java Runtime Environment (JRE) that “listens” for
client requests to schedule documents directly to the BCServer machine’s
file system.
Brio Daemon
The Brio Daemon is the component that connects to databases and
processes queries at the request of BCServer. In earlier releases, the Brio
Daemon was also known as the BrioQuery Daemon. For a more detailed
description, see “Brio Daemon” on page 8.
4 Chapter 1: Concepts
OnDemand Server
The OnDemand Server is a Web-based application server that uses pull
technology to allow users to view and select from a list of available
documents as well as to build and process new queries through the Web.
OnDemand Server documents may contain one or more completed
reports, or they may simply contain the components that allow users to
build their own queries and reports. Each document is assigned a
privilege level, for pertinent groups of users, to define permissible levels
of interactivity with the document. Interactivity levels range from simple
viewing privileges to drill-down, formatting, and data manipulation
capability, to authorization to build and process new queries.
Centralized Control
The administrator of the OnDemand Server controls
• Who can access the OnDemand Server
• Which documents a specific user can see
• What interactivity level the user has with a particular document
Access information is stored centrally, in the OnDemand Server’s
repository. Centralization simplifies access control, backup, and
widespread distribution of the information.
Users can process queries against the database without establishing
separate connections to it from their own desktops. This eliminates the
need for each user machine to install connectivity software, since the
OnDemand Server’s connectivity engine queries the database.
Security
The OnDemand Server requires users to log into the server with one of
several methods of authentication. Users connected to the OnDemand
Server are presented with only those documents to which they have been
granted access. This ensures that users see only the information the
administrator wishes them to see. Additionally, each document is
controlled by five Adaptive Reporting functionality levels to provide
more granular control of the user interaction.
Adaptive Reports
Some users may need only to view reports, not to re-query the database.
Other users may need to modify a report format to meet their specific
analysis needs, and others may need true ad hoc access to the database.
With Adaptive Reports, every document is tagged with an Adaptive
Report level. Mark a report as view only, and users can only view it online.
Mark a the same report as allowed to query, and users can reach back to the
database to refresh their data using the same tool.
Zero-Administration Clients
The OnDemand Server also verifies and version-controls the users’
desktop applications. Upgrades to the Brio Enterprise Web clients are
posted on the server and automatically installed when users connect to
the OnDemand Server. The first time a user accesses the OnDemand
Server, the web client software is downloaded to the user’s machine.
When a new version of the software is placed on the server, the user’s
software is upgraded automatically.
6 Chapter 1: Concepts
OnDemand Server Components
The OnDemand Server consists of:
• Web components
• OnDemand Server
• Database Repository
Web Components
Users access the OnDemand Server through their Web browsers. Several
OnDemand Server components are installed on the same physical
machine as the customer’s Web server:
Communication Module
Attached to the Web server is a small communications module that
transfers requests and information between the Web server and the
OnDemand Server. This communication module is available in three
forms:
• CGI for use with Apache or Netscape Web servers
• ISAPI module for use with Microsoft IIS Web servers
• NSAPI module for use with Netscape Web servers
OnDemand Server
The OnDemand Server itself is a combination of components that perform
authentication, document retrieval, and document processing requests.
Because some of the components are written in the Java language, the Brio
installer includes a version of the Java Runtime Environment (JRE).
Brio Daemon
All database transactions are routed to a Brio Daemon for processing.
Multiple daemons may be running at any one time, each servicing a
request from a single user. Each user login to the OnDemand Server
triggers a database transaction that authenticates the user and returns the
user’s document list. The node instructs the Brio Daemon to perform this
database access. User requests to process a document for new information
are also passed to a Brio Daemon. The OnDemand Server allows the
system administrator to specify the maximum number of Brio Daemons
that can run at one time. Any requests in excess of this maximum are
queued until another currently running process is completed.
8 Chapter 1: Concepts
OnDemand Server NT Service
On NT servers, the default is for the NT service to load automatically
when the machine is started. The NT Service runs the OnDemand Server
as a service, which allows it to run in the background.
NOTE Users can change the default in the Services Control Panel.
10 Chapter 1: Concepts
How the OnDemand Server Communicates
The OnDemand Server components communicate with each other
through three different communications protocols:
• HTTP or HTTPS
• TCP/IP Sockets
• Database connectivity API
HTTP or HTTPS
HTTP is used for communications between the Web browser and the Web
server.
TCP/IP Sockets
Communication between OnDemand Server components is handled by
TCP/IP Sockets. The Web Server uses built-in mechanisms to pass and
receive information from the CGI/ISAPI/NSAPI module, which in turn
makes a TCP/IP Socket connection to the manager. Communications
between the manager, the node, the ODS Process Factory, and the Brio
Daemons all use TCP/IP Sockets.
TIP Once each local machine is configured, you can use the Server
Administrator to administer the OnDemand Server remotely.
However, you cannot use the Server Administrator to administer
Broadcast Server remotely. For this reason, you may want to keep
one copy of Brio Enterprise Server Administrator on each Broadcast
Server machine.
12 Chapter 1: Concepts
The Administrative Tree Control
The Broadcast Server window contains controls for setting up and
managing the activities and privileges of the server, and a tree control that
describes the entire server configuration. The tree control reflects the
hierarchical structure of privileges, options, and resources available for
each database polled by Broadcast Server.
You can use the tree control to navigate to any specification in the
hierarchy. Once you select an item heading in the tree (such as Processing
Connections or Groups), you can add new options underneath the
heading, modify existing options, or remove the option using the controls
in the options panel at right. Click Apply All to apply all changes made in
the current session.
15
System Requirements
Brio Enterprise Server requires the following hardware and software
configuration.
Table 2-1 System Requirements for Broadcast Server on NT
64MB of RAM
RAM (minimum, based on scheduling requirements)
Disk Space 20MB (minimum)
2. If you plan to use email with Brio Enterprise Server, create an email
account for it on your mail server.
Brio recommends a unique, dedicated account, such as BEServer.
3. Install and configure email client software on the Brio Enterprise
Server machine.
The email client need not run concurrently with Broadcast Server.
If you are using a MAPI email system, verify that it sends email
correctly.
4. If necessary, install printer drivers for each network printer you plan
to use with Brio Enterprise Server.
• Use the NT Printers control panel to add all network printers you
will provide for end-users to print reports.
• Verify printing from an application such as Notepad.
5. You may want to use the File Manager to map network drives and
directory paths you will provide for end-users to save documents and
reports.
TIP It is helpful to use the same user ID and password for each database,
where possible. If you plan to connect to different kinds of
databases, however, please consult each vendor’s documentation to
confirm the conventions used for naming, case-sensitivity, and
security.
If the Brio installation splash screen does not launch, navigate to the
\server directory on the CD and double-click SETUP.EXE.
If you are running a earlier version of Brio Enterprise Server, the
installation script will automatically stop and restart the NT service
for you.
3. If your are upgrading from an earlier version of Broadcast or
OnDemand Server, you will be asked to select one of the following
choices, none of which removes any user documents:
NOTE For upgrades, the installer automatically installs the new files in
the same location as the old files.
If you enter an install key for Brio Enterprise Server, you will see two
additional choices:
• Install Broadcast Server only
• Install All Components
NOTE The Port Number is the TCP/IP port number where the
OnDemand Server will listen for requests. The Manager’s default
port number is 5500. The Node uses the manager’s port number
+1. Thus, if the Manager uses port number 5500, the Node will use
port number 5501.
NOTE There is a separate install key for Brio Insight; the install keys for
other components will not install Brio Insight.
This is where your users can find the Server Administrator. You can
accept the default location for the folder or specify a different
location.
39
Configuration and Administration Checklist
This checklist summarizes what you need to do when you install
Broadcast Server on a new machine, reconfigure your hardware
environment, or add new users.
Equivalent information on setting up OnDemand Server is located in
Chapter 4, “Configuring and Administering OnDemand Server”.
A unique,
Installs/Un- descriptive name
installs a Brio for an instance
Service to/ of Broadcast
from the Server. This field
Services is required, even
under the NT if you have only
control panel one instance of
Broadcast Server
in operation.
Toggles
automatic The maximum
beep on number of jobs
polling Broadcast Server
is allowed to
process
concurrently
Path to the
directory Path to Brio
of connections Daemon,
(.oce’s) used by which
Broadcast Server connects to
databases
and
Path to a processes
working queries
directory for
storing
temporary and Path to the
log files (temp Broadcast
files are erased Server’s
on completion of Windows NT
a job run) service
The IP address
or DNS name of
the internet
mail server.
The return
address that
appears on all
email sent from
Broadcast
Server.
IMPORTANT Always use the BEServer account (or the domain user
account you have set up for this purpose if you have given
it a different name). Running server components with the
System account will cause problems.
• Enter the database and owner names (if applicable) under which
you want to create the tables.
If you specify both database and owner, separate them using a
period (for example, Sales.GKL).
• Check Grant Tables to Public to grant general (scheduling) access
to the job repository tables at the database level.
Leave this unchecked only if you want to maintain very tight
database security or permit scheduling access to only a very small
group of users. You can grant public access to the tables and still
restrict user access to scheduling; however, if you do not grant
public access, you will need to grant access to all authorized users
manually using a database administration tool.
TIP If table creation fails, make sure the server’s database logonID has
been granted Table Create privileges.
• Change default data types for column fields to match data types
of your database server. If your DBMS and middleware support
a large binary data type, use it for VarData columns. If not, use
the largest character data type.
3. Once the options are set correctly, click Create All to create the nine job
repository tables under the specified user.
NOTE Broadcast Server can poll a job repository on one database and
process documents built either from the same database or from
different databases. While it is not necessary to create more than
one job repository, you can use multiple repositories to set up
different options and privileges.
IMPORTANT Broadcast Server must have at least one connection for the
database used to process a scheduled document, or else the
job will not run. Make sure you create or copy all the
connection (.oce) files Broadcast Server needs before
adding processing connections.
IMPORTANT The user groups feature does not enforce database security.
Administrators Group
Users added to the Administrators group can access all Broadcast Server
resources and options when scheduling a Broadcast Server job. In
addition, Administrators can monitor all jobs in a given job list. (Users
view only the jobs scheduled under their own database user ID.)
The Administrators group should contain Broadcast Server’s dedicated
database user ID for the polling database as well as user IDs for those
administrative or IT personnel who belong in the Administrators group.
Custom Groups
When a user schedules a Brio document, only the resources available to
that user’s group appear as scheduling options. To assign specific
privileges to a group of users, add a custom group for them. Each group
added is initially named Default; you can rename the group and add as
many custom groups as you like.
Public Group
Users not assigned to a custom group can view resources and schedule
documents with the privileges of the Public group.
• If you do not want to establish different levels of user privilege, use
the Public group.
• If you do not want to provide any form of general access to Broadcast
Server, delete the Public group. This will create secured access by
ensuring that only members of a custom group have access to
Broadcast Server.
To create a User Group:
1. Select the Groups heading in the Administrative Tree Control and
click the Add Group button.
2. Enter a name for the group in the Group Name field and click the
Groups header to add another group. The new group appears in the
tree control.
You can select existing groups and rename them using the same
procedure.
NOTE This step assumes you are implementing the User Groups feature.
If you are not adding custom groups, skip this step and add
default directories for the Public group.
1. Select the Users heading in the tree control and click Add User. The
Database logonID and User Name fields appear.
2. Enter a database user ID and optional descriptive name and click the
Users heading.
The user appears in the tree control under the specified group.
1. Select the Directories heading under a group in the tree control and
click Add Directory in the panel at right.
2. Enter a descriptive alias for the end user in the Directory Alias field
and a complete network path to the directory in the Directory Path
field. Click the Directories heading in the tree control to add another
directory. The directory appears in the tree control.
You can select existing directories and change specifications using the
same procedure.
FTP Debugging
Broadcast Server cannot verify or report the failure of an FTP action. If
jobs fail on FTP, you can debug your FTP connection by adding a Brio
Daemon to the Broadcast Server’s working directory (see “Set Default
Directory and File Preferences” on page 42) and placing the following
commands in a script file:
open (ftp server name)
user
(userid) (password)
cd (remote ftp directory name)
lcd (Broadcast Server's working directory)
verbose
binary
prompt
put (name of file from BCS working directory)
quit
Run the file from the command line using the following syntax:
ftp -n -s:<script filename>
IMPORTANT Make sure that drivers for each output printer are installed
on the NT server machine and that each output printer is
installed to the NT Printers Control Panel.
NOTE Brio Enterprise Server assumes that dates with a year value of less
than 30 are in the twenty-first century; thus, the 6-digit date 06/
01/01 is translated to the 8-digit date 06/01/2001.
If you have set default date formats to read the year in a different
position, such as 00/11/31, the date is translated to 2000/11/31.
If this method is not suitable for your site, you have the option of
entering all dates in 8-digit format instead of 6-digit format.
1. Select the Custom Calendars heading in the tree control and click Add
Calendar.
2. Enter a name for a calendar type (e.g., fiscal or model year) in the
Custom Calendar field and click Add Year. Empty date fields for a
calendar appear in the panel.
3. Enter a start date for Quarter 1 using month/day/year format, such
as 06/01/99 or 03/15/00 (or 06/01/1999 or 03/15/2000, if you
prefer), then click in another field. Server Administrator automatically
adds the remaining dates to the calendar.
4. If necessary, edit any of the date fields to fine-tune the calendar. Click
a calendar type or the calendar heading to add more calendars.
Updating Events
To use Brio Enterprise Server Administrator to update the status of an
event manually once it has completed, change the last completion date.
NOTE If an event is disabled, users do not see it when they schedule jobs,
and jobs with schedules based on a disabled event will not run,
even if the Last Completion Date is updated.
TIP If Broadcast Server fails to connect and poll, make sure the
connection software is included in either the path of the system
environment variable or of the BEServer account ‘s environment
variable (see “Adjust Network and Application Settings” on page
19).
You can also schedule and delete jobs using the Job List in Broadcast
Server
67
Configuration and Administration Checklist
This checklist summarizes what you need to do when you install
OnDemand Server on a new machine, reconfigure your hardware
environment, or add new users.
For equivalent information on setting up Broadcast Server, see Chapter 3,
“Configuring and Administering Broadcast Server”.
3. Either select an OCE or click on the Create button in the dialog that
appears to select a connection source.
This invokes a series of dialogs that walk you through the creation of
a standard Connections File (.oce file).
4. Create a connection for the database where you want to keep the
OnDemand Server repository, then log on and save the .oce file.
5. Once you have logged on and saved the OCE, you will see a dialog
stating “No OnDemand Server Repository tables found in this
database”. Press OK to display the Create All dialog, where you can
create the OnDemand Server Repository tables automatically.
Owner
Normally, this is the username you have used to log into the database
server. If you wish to direct the repository tables to a different owner
name, or if you need to supply a database qualifier, type in the owner
name (and database name) you wish. Leaving this field blank creates the
tables with the owner as the username you are currently logged on with.
NOTE You can have only one repository connection per OnDemand
Server, but multiple OnDemand Servers can share one repository.
ODS repository tables constitute an extended set of the Brio
Enterprise document repository; they share several tables.
Server Tab
Some of the fields in this tab, such as ODS Machine Name and Port
Number may display with default values in them; in certain cases, they
may be “display only”.
Server Name
A descriptive name for this instance of the OnDemand Server. The name
can be up to 30 characters long.
Port Number
The port number the Web server uses to communicate with the
OnDemand Server.
This field is populated with the port number you selected during
software installation. The default value is 5500.
Connection
The name of the Brio connection file (an .oce file) the Server
Administrator uses to connect to the OnDemand Server Repository.
Owner Name
The database owner name of the repository tables. The Server
Administrator saves information to these tables, using the connection
specified above.
Administrator ID
The default username for the Administration Account is system; the
password is manager.
NOTE You may change the name and password if you wish, but it is not
recommended.
Database Logon
In this mode, the request to authenticate the username is left to the
database. The OnDemand Server connects to the database, using the
connection named in the Server Repository tab and the username and
password entered on the HTML form. If the username/password
combination logs on to the database successfully, the user is
authenticated, and the OnDemand Server generates the document list.
To facilitate assigning users to privilege groups, the OnDemand Server
keeps a list of users who can access the repository tables, although it does
not store their passwords in the database. This option is generally
recommended as the best choice for authentication.
Directories Tab
• Document Directory
This is the directory where documents registered to the OnDemand
Server are stored.
• Brio Daemon Executable File
This is the directory where the Brio daemon executable is located.
• Working Directory
A directory where OnDemand Server stores temporary files that it
creates.
• Connections Directory
This is the directory where the Brio Connection Files (.oce files) are
stored.
• Database Logon ID
This the OnDemand Server’s UID to the database.
• Password
This is the OnDemand Server’s password to the database.
• Confirm Password
Confirmation of the password.
• Owner Name
This is the name of the owner of the Repository tables for this instance
of the OnDemand Server. This should be the owner name specified in
the Server tab of this dialog.
IMPORTANT Always use the BEServer account (or the domain user
account you have set up for this purpose if you have given
it a different name). Running server components with the
System account will cause problems.
NOTE Some lines are too long to fit in this manual without line breaks;
however, they fit perfectly well on one line each in the ODS.ini
þfile. There is no space between the equal sign and the following
characters.
BQ_DOCUMENT_DIRECTORY=
C:\Program Files\Brio\Brio Enterprise Server
\Program\Documents
BQ_OCE_DIRECTORY=
C:\Program Files\Brio\Brio Enterprise Server
\Program\Open Catalog Extensions
BQ_EXEC_PATH=
C:\Program Files\Brio\Brio Enterprise Server
\Program\brioqry.exe
BQ_LOG_DIRECTORY=
C:\Program Files\Brio\Brio Enterprise Server
\Server
BQ_KEEP_TEMP_FILES=(true/false) 2
BQ_FILE_SYNCHRONIZATION_PERIOD=(in minutes)4
BQ_ADMIN_TABLE_OWNER=brio
BQ_ADMIN_USERNAME=system
BQ_ADMIN_PASSWORD=encrypted string
BQ_ADMIN_OCE=brio.oce
BQ_USER_AUTH_MODE=0 5
1. This is the language setting option, the default for which is English. The OnDemand
Server on Windows NT is available in several languages, including Japanese, Chinese,
French, and Italian.
2. This setting, either true or false (the default), instructs the OnDemand Server to either
delete or keep the temp files it uses when processing documents. For debugging pur-
poses, you may want to keep the temp files on the server to verify they are being created
correctly.
3. This setting tells the OnDemand Server whether to generate log files and, if so, what
type:
The “off” setting turns the logging service off.
The “standard” setting generates standard error messages only.
The “trace” setting writes all events that occur to the log file.
The “debug” setting turns on logging for ODS Java.
4. Cleanup and synchronization period parameters cannot be set from the GUI.
5. This setting corresponds to the Authentication mode the OnDemand Server is using. A
value of 0=OnDemand Server authentication, 1=Database authentication, 3=Custom
Method authentication. Do not change this setting manually; always use the GUI.
1. This setting consists of a comma-separated list of .ini file attributes that are not to be syn-
chronized for load balancing.
Process Factory
To turn logging on for the process factory, use the following flag on a
command line:
<process factory exec path> -d[0,1,2] <arguments>
where 0 = off, 1 = standard error messages, and 2 = full tracing.
ODS Logging
To start either an ODSManager.log or an ODSNode.log, change the line
BQ_STARTLOG in the ODS.ini file.
BQ_START_LOG=[off, standard, trace, debug]
See the sample ODS.ini file on page 91.
NOTE You must restart OnDemand Server for these changes to take
effect.
CGI
Add the following entries to the registry, under “Broker”:
Log_Mode:[off, standard, trace]
Log_File_Name:<log file name>
The log file name will usually be something like
þd:\temp\ODSCGI.log
99
Intranet Features
A large portion of the Brio Enterprise solution is Web-based. Broadcast
Server and OnDemand Server components provide complementary
aspects of this solution:
• Broadcast Server allows you to save static documents on your Web
server. These documents can be generated on a scheduled basis in
HTML, txt, and BQY formats.
• OnDemand Server handles requests placed through a Web browser.
It allows users to process queries dynamically for the latest data.
To Install Brio.Insight/Brio.Quickview
TIP If you are using ODS, allow ODS to install and version control the
client.
NOTE You must ensure that the option to append date and cycle name
to the saved document is turned off.
IMPORTANT It is recommended that you use a plain text editor for Web
page modification. GUI-based Web authoring tools may
have adverse affects on the JavaScript code.
Adaptive Privileges
A Web client’s adaptive state is based on a privilege set to a registered
document or Repository Model. The privilege setting applies for the client
user’s group only; other groups may enjoy a different privilege set to the
same document. Five adaptive privilege states may be set for a Web
client.
• View
Default-level functionality of the Brio.Quickview application: View
and Print
• View and Process
View with the ability to process a query and refresh the data set
• Analyze
Default-level functionality of the Brio.Insight application: full, active
analysis of reports
• Analyze and Process
Analyze with the ability to process a query and refresh the data set
• Analyze and Query
Analyze with ad hoc query capability. Users can load a BrioQuery
Data Model into the browser, build and limit queries, and add
computed data items before processing.
Security Recommendations
Before publishing from the data warehouse to the intranet, or distributing
files via OnDemand Server, Brio recommends you first consider a few
implications of your intranet strategy. The following recommendations
will serve you well in maintaining the security of your intranet, and assist
you in implementing the right solution for your organization.
External Security
External security of a corporate intranet is a vital consideration to the IT
manager, particularly if the intranet will carry proprietary data
warehouse information.
The best way to limit the risk of security breaches from outside your
organization is to make your intranet a purely internal network. If the
intranet is independent of physical connections to any outside network, it
functions with the complete security of a LAN, and any remaining
security concerns will be focused on internal access.
However, the independent intranet has its disadvantages, including the
difficulty for authorized remote users to connect and enter the network.
Some cost and efficiency benefits are also sacrificed because Internet and
intranet servers use the same technology. A company connected to the
Internet has the opportunity to leverage a single server as both an Internet
node and intranet server, provided they are willing to forego an
independent intranet.
113
Firewalls
The dual-server intranet strategy is fundamentally sound, but does of
course create the potential for an outside security breach. Therefore, in
such situations the connection between Internet and intranet must be
moderated by a firewall, which protects an intranet from penetration by
unauthorized users.
A firewall can be as simple as a packet filter which weeds out
unauthorized IP addresses from external connections, or a proxy server
which provides an independent mediator between outside connections
and your intranet. The latter creates both a physical and logical separation
between internal and external networks, and makes outside penetration
more difficult.
Brio recommends that you carefully consider the architectural and
security options available before distributing proprietary operational
database or data warehouse information over your intranet.
Internal Security
Internally, your intranet server software will support restricted access
based on client user names and passwords. As in a conventional file
server, you can limit access to intranet server directories, thereby
protecting confidential or departmental information. As long as this
simple feature is correctly applied, and sensitive information is posted
only to directories with proper access provisions, the intranet can serve all
enterprise users without compromising security.
Proxy Support
The Brio Web client has its own proxy settings, which you should set
manually. They are the same as your Web browser settings.
SSL
OnDemand Server supports 56-bit Secure Socket Layer encryption by
default, and it is capable of supporting 128-bit encryption. Contact Brio
for information on upgrading to 128-bit encryption.
115
Broadcast Server Tables
Broadcast Server version 6 adds Process to Database Table and FTP
actions, and also allows users to register a document for Brio OnDemand
Server when they schedule it from BrioQuery. Process to Database Table
will use one additional table in the job repository, BRIOSTBL, which logs
the tables created by user-scheduled jobs.
BRIOSOBJ
The BRIOSOBJ table stores the document associated with each scheduled
job.
Table B-3 BRIOSOBJ Table
BRIOOCE
The BRIOOCE table records the polling and processing connections used
by the Broadcast Server to poll the job repository and process documents.
Table B-5 BRIOOCE Table
BRIOPATH
The BRIOPATH table records the default directories available to each
user group.
Table B-7 BRIOPATH Table
BRIOSTBL
The BRIOSTBL table records database tables created through the Process
to Database Table feature. The BRIOSTBL table is not required if you do
not use Process to Database Table.
Table B-9 BRIOSTBL Table
BRIOSERV
The BRIOSERV table allows documents to be scheduled directly to the
Broadcast server machine instead of being stored in a database table. This
makes document retrieval faster and more efficient. When the client
schedules a job, the user selects which server to schedule the job on by
toggling a flag in the ENABLED column. This table is new in version 6.
Table B-11 BRIOSERV Table
BRIOOBJ2
Stores the actual objects loaded in the BrioQuery Repository.
Table B-14 BRIOOBJ2 Table
BRIOUSR2
Stores user authentication privileges to access the Brio Enterprise Server
and the OnDemand Server.
Table B-15 BRIOUSR2 Table
BRIOGRP2
Maintains the list of Repository groups, and their associated users and
privileges.
Table B-17 BRIOGRP2 Table
BRIODMQ2
Maps query sections of a document to processing conections.
This table was not included in earlier releases than version 6.
Table B-19 BRIODMQ2 Table
A alias, directory, 56
access allocating Brio Enterprise 5.5 products, 101
ad hoc, 6 Analyze and Process, adaptive privilege, 111
denying general access to Broadcast Server, Analyze and Query, adaptive privilege, 111
54 Analyze, adaptive privilege, 111
intranet, 6 API
limiting access, see also groups, privileges OnDemand Server database connectivity,
privileges, administrators group, 53 11
web site, 6 application and network adjustments, 19
account applications
system, 64 available Web client, 102
ad hoc access, 6 helper, 102
Adaptive Privileges initial installation of helper, 109
Analyze, 111 assigning
Analyze and Process, 111 output directories, 56
Analyze and Query, 111 output printers, 59
View, 111 users, 55
View and Process, 111 audience for this guide, xi
Adaptive Reports, 6, 110–112 authentication privileges, BRIOUSR2 table, 127
default privileges, 111 authentication, Web site users, 106
adding automatic download and installation, 107
BRIOSTBL table, 116 automatic startup type setting, NT Service, 64
custom calendars, 60 available Web client applications, 102
event triggers, 63
output directories for a group, 56 B
output printers, 59 BC Listener, 3
polling connections, 49 BCServer, 4
processing connections, 51, 79 BCServer account
user groups, 54 logged in to, 18
adjustments, network and application, 19 BEServer account
administering creating, 18
plugins, upgrading, 109 BQ_CONFIGURATION_MODE, 95
administration BQ_FILE_SYNCHRONIZATION_PERIOD, 95
Brio Enterprise Server, 12 Brio Daemon, 4, 8, 49
Broadcast Server, 39–?? Brio daemon, 8
OnDemand Server, 67–87 Brio Enterprise Server
remote, Broadcast Server, 12 overview, 1
Zero-administration, ??–109 Brio Enterprise Server Administrator, 12
administration, zero, 6 Brio.Insight
administrative tree control, 13 platform requirements, 102
administrators group, 53 Brio.Quickview
privileges, 53 platform requirements, 102
132 Index
control, centralized, 5 default
control, tree, 13 date format, changing, 43
cookie files, 107 directories, BRIOPATH table, 122
Create All Repository tables dialog box, 48 directory location, Web clients, 109
creating file locations, 42
BRIOSTBL table, 116 groups, 53
custom calendars, 60 initial name of custom group, 53
event triggers, 63 privileges, Adaptive Reports, 111
groups, 53 deleting see removing
job repository tables, 47 delivering reports, 3
user groups, 54 description
csv formatted files, 100 OnDemand Server, 5
custom, 124 desktop application
custom calendars, 60 upgrades, 6
BRIO_CAL table, 124 version control, 6
custom groups, 53 dialog box
creating, 54 Create All Repository tables, 48
maximum number of, 53 NT Service, 89
customizing Select Repository Owner, 50
intranet solution, 100 Service, 89
OnDemand Server Web site, 106 directories, 56
default, BRIOPATH table, 122
D picklist, assigning to, 56
setting up for a group, 56
daemon
Directories/Files Preference tab, 42
Brio, 8
directory
BrioQuery, 8
default, Brio Web clients, 109
data models
posting files to, 105
BRIOCAT2 table, 126
Directory Alias field, 56
BRIOOBJ2 table, 127
directory and file preferences, 42
registering, 84
Directory Path field, 56
removing from repository, 87
distribution of reports, 3
database
distribution options, 100
connectivity, OnDemand Server, 11
distribution, client (Zero-administration), ??–
creating job repository tables, 47
109
security and user groups, 53
documents
tables, 115–129
BRIOBRG2 table, 128
database connectivity API, 11
BRIOSOBJ table, 120
database repository, 3
providing HTML links to, 105
database table
registering, 84
BRIOSTBL table, 123
removing from registry, 87
Broadcast Server, 116
source drive, 84
process to, 116
unregistered, default privileges, 111
date format, changing the default, 43
downloading
date limits, variable, 60
automatic, 107
dedicated email account for Broadcast Server,
drivers, printer (installing), 19
19
dynamic HTML pages, 9
134 Index
intranet publishing load balancing, 93, 95
allocating Brio Enterprise 5.5 products, 101 round-robin, 93
Broadcast Server, 100
M
J Macintosh
Java script, configuring the Zero-administra- data retrieval problems for OnDemand
tion, 108 Server clients, 110
job list, 65 Mail Preference tab, 44
job list, illustration, 65 map network drives, File Manager, 19
monitoring through Broadcast Server, 65 master JRE, OnDemand Server, 8
job queues, 47 maximum
job repositories, multiple, 49 concurrent jobs, 41
job repository, 49 custom groups, number of, 53
BRIO_CAL table, 124 groups user assigned to, Broadcast Server,
BRIOACTN table, 121 54
BRIOAUSR table, 120 maximum concurrent jobs, 41
BRIOEVNT table, 123 maximum processing memory, 75
BRIOJOBS table, 118 MaxMemory, 75
BRIOOCE table, 121 memory
BRIOPATH table, 122 maximum, 75
BRIOPRN table, 122 Microsoft Internet Explorer 3.0, 102
BRIOSERV table, 124 migrating
BRIOSOBJ table, 120 plugins, 109
BRIOSTBL table, 123 monitoring job lists, Broadcast Server, 65
creating, 47 monitoring NT services, control panel, 88
monitoring with the Job List, 65 multiple
tables, restricting access to, 48 Broadcast Server groups, user assigned to,
tables, schema, 117 54
jobs file formats, 3
maximum concurrent, 41 job repositories, 49
modifying existing, 65 processing connections, 51
viewing scheduled, 53
JRE N
master, OnDemand Server, 8
Netscape Communicator, 102
slave, OnDemand Server, 8
Netscape Navigator 3.0, 102
network and application adjustments, 19
L NSAPI, 7
limiting access NT Service
see access, groups, privileges automatic startup type, 64
limits, variable date, 60 control panel, 88
links to documents, HTML, 105 creating the ODServer Account, 18
lists dialog box, 89
job list, illustration, 65 installing to control panel, 41
monitoring job lists, 65 starting, 64
see also job list starting ODServer, 46, 88
Load Balancing, 98 NT service
OnDemand Server, 9
136 Index
processing connections S
adding, 51, 79 scheduled job information, BRIOJOBS table, 118
BRIOOCE table, 121 scheduling jobs, BRIO_CAL table, 124
multiple, 51 scheduling, event-driven, 62
processing memory, 75 schema
proxy server, 114 BrioQuery Repository, 125
public access, job repository tables, 48 job repository, 117
public group, 53, 54 Secure Socket Layer encryption, 114
publishing, 105 security, 113
business intelligence through the Web, 99– database, 53
112 OnDemand Server, 6
intranet, Broadcast Server, 100 Select Repository Owner dialog box, 50
posting files to a directory, 105 Server
providing HTML links to documents, 105 fails to connect and poll, 64
OnDemand, components, 7
Q starting the, 64
query, centralized, 100 System Account, 64
queues, job, 47 server
web, 7
Server Administrator, 12
R server name in Preferences tab, 41
reference, database tables, 115–129 server setup
registering Broadcast Server, 39–??
documents and data models, 84 OnDemand Server, 67–87
documents, source drive, 84 Service dialog box, 89
registry privileges, Web client applications, 112 setting
remote administration default date formats, 43
Broadcast Server, 12 maximum concurrent jobs, 41
removing documents and data models, 87 setup
report bursting, 3 Broadcast Server administration, 39–??
Reports, Adaptive, 6 OnDemand Server administration, 67–87
reports, adaptive, 110–112 output directories for a group, 56
repositories, multiple, 49 single member group, 54
repository tables slave JRE, OnDemand Server, 8
changing the default configuration, 47 sockets, TCP/IP, 11
restricting access to, 48 source drive, registering documents, 84
repository, BRIOGRP2 table, 128 specifying
repository, centralized, 79 event triggers, 63
repository, job see job repository output printers, 59
request server, 5 SSL, 114
resolving dates using a custom calendar, 60 starting
restricting access to job repository tables, 48 ODServer NT service, 46, 88
round-robin, 93 starting the server, 64
running the Broadcast Server installer, 21 startup type, automatic, 64
static HTML pages, 7
System Account, logging on to the Server, 64
system requirements, 16
138 Index