Download QlikView Components and Configurations

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
Document related concepts

Distributed firewall wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Lag wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Wireless security wikipedia , lookup

Computer security wikipedia , lookup

Authentication wikipedia , lookup

Transcript 
QlikView
Security Overview
Agenda
•
Most common Security challenges faced by a vendor
•
The QlikView platform: a basis for understanding Security
•
Authentication and Authorization with QlikView
•
Communication protocols
•
QlikView Security materials
•
Q&A
Most Common Security-related challenges a new vendor
faces
Trust
- What safeguards are in place to ensure only the correct access
to data and applications?
- Can you comply with my corporate security standards?
Complexity
- How easy or difficult is it to understand your approach to
security?
- How flexible is your solution to coping with my security
architecture?
Common questions about QlikView security from a CIO (or
their staff)…
• Do you follow standard protocols? (e.g. HTTPs, restricted port access,
encryption). Answer: Yes
• Do you have at least the same security as the data source that you are
loading from? Answer: Yes
• Can you directly connect to my existing directory service and Single SignOn (SSO) solutions? Answer: Yes
• Does your solution adopt a multi-tier approach to application and data
security? Answer: Yes
• Do you require plug-ins to be installed on the client side? Answer: No
Agenda
•
Most common Security challenges faced by a vendor
•
The QlikView platform: a basis for understanding Security
•
Authentication and Authorization with QlikView
•
Communication protocols
•
QlikView Security materials
•
Q&A
The QlikView platform: a basis for understanding Security
Let’s explain what our core products do and how they fit
together in a ‘tiered’ deployment
QlikView Developer
Development tool to create:
1) Data extract and
transformation model
2) Graphical User Interface
(presentation layer)
QlikView Server
QlikView Server (QVS)
combined with QlikView Web
Server. Contains Management
Console and Access Point
In-Memory analytics engine
Windows desktop or server
based
Handles QlikView
Client/Server communication
Creates QVW (.qvw) files
Client Authorization against
directory providers (AD,
eDirectory..)
QlikView Publisher
Performs 2 main functions:
1) Loading data directly from
data sources using QVW
files
2) Distribution service to
reduce and distribute data
and documents
QVP
QlikView Developer
QlikView architecture: Back-end
•
Contains QlikView Source Documents created by QlikView Developer
•
The Windows file system is always in charge of security.
•
QlikView Publisher is the main component in the back-end
QlikView Developer
QlikView architecture: Front-end
•
Contains User Documents, created from Publisher distributed documents.
•
QlikView Server (QVS) is in charge of client security.
‘Tiered’ approach to data security
QlikView Access Point
QlikView Server
Sales_US.qv
w
Sales_CAN.qvw
Sales_FRA.qvw
Sales_UK.qvw
Front End
Back End
QlikView Developer
Sales.qvw
QlikView Publisher
Sales_GER.qvw
Sales_SWE.qvw
Important QlikView security considerations
•
The back and front-end are often in different network zones
•
The front-end does not have any open ports to the back-end
•
The front-end does not send any queries to data sources in the back-end
•
The end users can only access QlikView documents in the front-end,
never in the back-end.
•
The QlikView documents in front-end are a result of Publisher tasks.
• It does not contain any overhead or redundant data
• It does not contain any connection strings, they are safe in the back-end
• To recreate all the qvw documents just run the Publisher task
•
QVW files are only secure when behind a QlikView Server
Agenda
•
Most common Security challenges faced by a vendor
•
The QlikView platform: a basis for understanding Security
•
Authentication and Authorization with QlikView
•
Communication protocols
•
QlikView Security materials
•
Q&A
Authentication and Authorization
• Authentication: Who are you and how do you prove it?
• Authorization: What are you allowed to see? What are you
allowed to do?
Authentication and Authorization – an analogy
John Doe
Dep: Boston
Arr: Dublin
LH
R
Are you flying to Dublin?
D
UB
Are you John Doe?
OR
D
LA
Authentication and Authorization - QlikView
Sales_USA.qvw
Do you have authorization to
view Germany’s sales data?
Sales_GER.qvw
Are you John Doe?
Sales_UK.qvw
Sales_JAP.qvw
Authentication
• QlikView does not handle Authentication. It relies on other
sources to accomplish this:
1. Microsoft Active Directory;
2. Single Sign-On solutions like: CA SiteMinder, IBM WebSeal, Oracle
Oblix
Authentication using Active Directory (default)
Desktop using QVP
• QVS will communicate with Active
Directory and authentication is
handled purely by windows
Web clients
• User hits web server authentication
using Active Directory
• Accesspoint receives group info from
AD for the current user
• AccessPoint sends user/group info to
QVS to receive document list
• When a document is opened
user/group info is also sent to QVS to
receive a ticket. Depending on client,
this ticket is either linked to a session
id (Ajax) or sent to the client to be
attached to the qvp-protocol (Plugin)
Authentication using HTTP Header and Third Party Identity
Manager
Desktop using QVP
• N/A
Web clients
• User hits web server. Authentication
performed against third party Identity Manager
• HTTP Header (UID) info set by third-party
• HTTP Header (UID) sent in request to
AccessPoint
• AccessPoint sends UID to DSC
• DSC selects correct DSP based on specified
prefix in UID
• AccessPoint receives group info from DSC
(DSC must be properly configured to resolve
groups from a DSP)
• AccessPoint sends UID/group info to QVS to
receive document list (based on authorization,
NTFS or DMS)
• When a document is opened user/group info
is also sent to QVS to receive a ticket.
Depending on client, this ticket is either linked
to a session id (Ajax) or sent to the client to be
attached to the qvp-protocol (Plugin)
Authentication using HTTP Header in non-trust scenarios
Authorization
• QlikView handles authorization itself (i.e. the QlikView
Server handles this)
1. It uses already assigned Windows privileges (i.e. NTFS mode)
2. It uses its own assigned privileges (i.e. DMS mode)
• Governed in Windows by NT File System (NTFS)
• Managed in Windows by Access Control Lists (ACL)
• Every authorized access to an object requires authentication. Even
anonymous users are authenticated, i.e. IUSR_<computer> is used by
anonymous users in IIS (access is done in the context of this account)
• Governed in QlikView Server by Document Meta Service (DMS)
• Managed in QlikView Server by metadata files attached to a document
(qvwdocument.meta)
Agenda
•
Most common Security challenges faced by a vendor
•
The QlikView platform: a basis for understanding Security
•
Authentication and Authorization with QlikView
•
Communication protocols
•
QlikView Security materials
•
Q&A
QlikView Server communication protocols
The QlikView Protocol (QVP) Overview
• QVP is a proprietary protocol developed by QlikTech.
• The protocol lays down a specification for passing data between QlikView
Server and installed clients, like QlikView Plug-in and Developer open in
server.
• QVP runs natively over TCP port 4747 or may be encapsulated over HTTP
by use of the QVP tunnel.
• Use QVS Tunnel and SSL for extra security
(NB this may have performance implications)
QlikView Server communication protocols
The QlikView AJAX Protocol (QVPX)
• QVPX is proprietary and developed by QlikTech.
• QVPX is used by the AJAX and mobile clients.
• This is not really a protocol, but rather a framework how QlikView
communicates in AJAX (xml and Java Script).
• The actual protocol is HTTP or HTTPS.
• Encryption is done with certificates and SSL
• The advantages with QVPX is that HTTP/HTTPS is a standard
protocols well known and trusted by IT departments.
Agenda
•
Most common Security challenges faced by a vendor
•
The QlikView platform: a basis for understanding Security
•
Authentication and Authorization with QlikView
•
Communication protocols
•
QlikView Security materials
•
Q&A
QlikView Security Materials
• Security Overview White Paper
• Security Overview Video Series
• Dev and Deployment Tech Brief
QlikView Security - Summary
• It’s important to remember that QlikView:
1. Complies with standard security protocols
2. Supports a tiered approach to deployment security
3. Can integrate with existing security infrastructures (e.g Single
Sign On)
4. Has an understandable and compliant approach to Security
5. Has content that can be referenced to provide a deeper
understanding (e.g. White Papers)
Thank You...
Q&A
Related documents
QlikView Customer Snapshot – Blyth HomeScents
QlikView Customer Snapshot – Blyth HomeScents
Data Discovery
Data Discovery
Qonnections 2008 Miami PPT Template
Qonnections 2008 Miami PPT Template
QlikView Monitor Applications Overview.
QlikView Monitor Applications Overview.
divyansh singh - Department of Computer Science and Engineering
divyansh singh - Department of Computer Science and Engineering
Industry Presentation - Life Sciences
Industry Presentation - Life Sciences
italian eyewear maker luxottica sharpens operational view with
italian eyewear maker luxottica sharpens operational view with
QlikView Integration Overview
QlikView Integration Overview
QlikView Technical Library |
QlikView Technical Library |
QlikView TPT Connector Installation and User Guide and Release
QlikView TPT Connector Installation and User Guide and Release