Microsoft SharePoint 2010 provides back end services and a rich web front end to support a powerful suite of business intelligence functionality. Tools like SQL Server Reporting Services, Excel Services, KPI’s, scorecards and more are baked right into SharePoint to help you surface rich data for your users. However, getting the SharePoint services up and running to support this can be a challenge. Come to this session to get a tour of the SharePoint BI stack and what it takes to get each tool configured for your developers and power users to start driving data out to the business. Special attention will be given to authentication options for each tool.
Greg Moser has been working with SharePoint and many other development technologies for over 13 years. Greg has specifically enjoyed working with SharePoint since 2003, and has helped many organizations in various industries and sectors with their SharePoint planning and implementation projects. Three random facts about Greg (two true and one false):
Greg was a starting forward on a Class A Minnesota State High School basketball champion (many moons ago).
At age 27, Greg did a one year trip around the world covering four continents and 13 countries.
Before getting into technology, Greg spent two years working as a stage hand on an off Broadway production of “Cats”.
Enabling and Managing the BI Stack in SharePoint 2010
1. Enabling and Managing the BI Stack
in SharePoint 2010
Greg Moser
Lead Consultant
MCSD, MCITP SharePoint Administrator, MCPD SharePoint Developer
gregm@Magenic.com
2. Agenda
• Introduction – SharePoint in the MS BI Stack
• Service Applications
• Authentication Options
• SSRS SharePoint Integration
• Secure Store Service
• Excel Services
• PerformancePoint
• Q&A
3. SharePoint and Business Intelligence
• Microsoft SharePoint can do lots of
things
• Essentially SharePoint is a web based
platform to deliver a wide range of
content and functionality
• Fastest growing product in Microsoft
history
• Today we are talking about the
“Insights” part of the SharePoint wheel
4. SharePoint as BI Front End – Tools, Tools, Tools!
• SSRS SharePoint integration mode
• PowerView (SSRS 2012)
• Excel Services / PowerPivot
• Visio Services
• KPI list template
• Connected web parts and filtering
• PerformancePoint
– Scorecards, dashboards, KPIs,
Excel and SSRS reports
DEMO: SharePoint BI user
experience
5. SharePoint Service Applications
• Most services in SharePoint (including BI related) are provisioned as
Service Applications
• Can have unique configuration settings and pages
• Vary depending on version of SharePoint
(Foundation, Standard, Enterprise)
• Can be bundled to target specific sites and audiences
• Examples:
– Search, Profiles, SSRS (SQL 2012), Excel Services, Secure
Store, Business Connectivity Services, Word Automation, etc., etc. …
6. Service Application Bundling
Default Set – Intranet Site Custom Set – BI Portal
Search Search
Profiles Profiles
Access Services Excel Services
Business Connectivity Services PerformancePoint Services
Managed Metadata SQL Reporting Services
Word Automation
7. SharePoint 2010 Authentication Options
• Classic
– NTLM
– Kerberos
• Claims
– Windows
• NTLM
• Kerberos
– FBA (ASP.NET Forms Based Authentication)
– Custom
Note – some SP 2010 functionality does not work
with Claims (such as PowerPivot and FAST Search)
8. Authentication - The “Double Hop” Issue
Using NTLM Windows
authentication:
• Client browser will
authenticate to SharePoint
• Authentication to second
server is not allowed
How do we solve this
problem?
9. Authentication Options for BI
• Prompt for credentials (users hate it)
• Windows Authentication
– Kerberos (NTLM doesn’t cut it)
• Trusted Authentication
– Shared login credentials (Windows, SQL, Application)
– SharePoint handles security at the presentation layer
• Secure Store Service
– Runs as service application in SharePoint
– Can store shared credentials for target applications
10. Kerberos - Advantages
• Faster, more efficient (less calls to domain controller)
• Will pass user ticket through to second tier data sources
• Easiest for the developer once it is set up on the network and servers
• Just set up permissions on your backend database by user or group and
everything “just works”
• Is more secure than NTLM. Better protection for user tokens against
impersonation attacks
11. Kerberos - Disadvantages
• Can be challenging to set up. Must be configured in AD and on all servers
in the solution (SharePoint, SQL and LOB servers)
• Environment must support it
• Doesn’t work in all situations
– For example: Running reports on non-Windows tablets. Can not
authenticate to a domain controller.
– Running reports outside the corporate firewall without a VPN or on a
non-domain computer.
12. Set Up Kerberos in SharePoint
• Run web apps and application services under domain user service accounts
• Run SharePoint sites in Kerberos mode (classic or claims authentication)
• Set up SPNs (Service Principal Names) and delegation on SharePoint and
application service accounts
– SharePoint Application Pools
– SQL Server, SSRS, SSAS service accounts
– Other 3rd party data source service accounts
For a fun weekend: Check out the SharePoint and Kerberos whitepaper at
http://www.microsoft.com/en-us/download/details.aspx?id=23176
13. Scenario
• CEO comes to IT and says “I want to be able to run my reports and
dashboards on my iPad no matter where I am”.
• Which solution will work?
– NTLM
– Kerberos
– Trusted with Secure Store Service
14. SQL Server 2008 R2 Reporting Services
• Supports Native mode and SharePoint Integration mode
– SP mode reports not as fast as native mode (biggest complaint)
• Works with SharePoint Foundation 2010 – this can be a great, low-cost “phase
one” BI solution
• SSRS runs as a Windows Service and SOAP based web service
• SSRS Configuration tool used to manage the service (plus a few integration
settings in SP Central Admin)
• Authentication options
– Windows (Kerberos required for remote data sources)
– Trusted (AD accounts or SQL Logins)
15. SSRS Demo
• Configure SSRS SharePoint Integration mode
– SSRS Configuration tool, SSRS web service,
SharePoint Add-in
• Activate SSRS feature, create Reports library and
add SSRS content types, create shared connection
files
• Running reports:
– With Windows Authentication (Kerberos or
NTLM)
– With Trusted Authentication (AD or SQL)
16. SQL Server 2012 Reporting Services
• Supports Native mode and SharePoint
integrated mode
• SSRS runs as a Service Application in
SharePoint with WCF web services
• All management is done in SharePoint.
• Claims authentication used for server
to server communication
• PowerView is now available
– Drag and drop UI to build rich
visualizations (Silverlight based)
17. Excel Services
• Rich web based rendering of Excel reports
• Also used to render PowerPivot reports
• Kerberos works well if using Windows devices that can
access a domain controller
• Secure Store Service is a great option for Trusted
authentication
• DEMO
– Excel Services Service Application set up and
configuration options
– Trusted connection libraries
18. Excel Services – Windows Auth
• Kerberos required if source data is not on
SharePoint server
• View Authentication options – Desktop and
Excel Services
• Run a report from desktop or SharePoint
• Data refresh in SharePoint
DEMO – create, publish and run a report with
Windows Authentication
19. Secure Store Service
• Replaces Single Sign On service in MOSS 2007
• Provisioned as a Service Application in SharePoint 2010
• Great way to solve double hop issues without Kerberos
• Supported in Office desktop apps and SharePoint
• Can leverage Windows or non-Windows accounts
20. Excel Services with Secure Store Service
• Create ApplicationID for Excel Services
– AD User, AD Group, SQL Permissions
• Change report to use ApplicationID
• Odc files
• Save connection info as odc file in Data Connection Library for shared use
• Create new reports using odc files
• Data connection libraries – need to be trusted by Excel Services
DEMO
– Create Secure Store Service Application ID
– Change report to use ApplicationID
– Create odc file that leverages Secure Store Service to connect Excel
report to source data
21. PowerPivot
• Excel 2010 Add-in that allows cube like
manipulation of large datasets
• Nice “quick and dirty” data analysis tool if
you don’t have time or budget to build
OLAP cubes
• Can import data from any standard OLEDB
or ODBC data source
• Includes powerful “slicers” to quickly filter
and manipulate data
22. PowerPivot Set Up
• Publishing to SharePoint requires SQL Server 2008 R2 Enterprise or
newer
• SharePoint must run in Classic mode
• Install PowerPivot components on the SQL Server and SharePoint
– Creates a special Analysis Services instance on SQL Server
• Create and configure Service Application on SharePoint
• Leverages Excel Services for web based report viewing
• Authentication works the same as Excel Services
23. PerformancePoint Services
• Robust tool to create rich reporting for
publication to SharePoint.
• Supports charts, grids, strategy maps,
KPIs, filters, scorecards, dashboards
• All reports and dashboards and
published and accessed in SharePoint.
• Can target a variety of data sources
including OLAP cubes, tabular data
sources, Excel files, SharePoint data and
more
• Can create dashboards that combine
many report elements with click through
and filtering
24. PerformancePoint Set Up
• Create the Service Application and configure options
• Trusted Data Source Locations – All SharePoint sites by default
• Trusted Content Locations – All SharePoint sites by default
• Set up Unattended Service Account
– AD account required - All PP connections will run as this account
• Give AD account access to backend data stores
– Requires a running Secure Store Service Application – an ApplicationID entry
is created automatically
• Must give PerformancePoint service account read access to site collections
25. PerformancePoint Demo
• Using the Dashboard Designer from SharePoint
– Open from SharePoint by editing an item
– Open saved Dashboard Designer project
• Create new reporting content
– Charts
• Edit and save to SharePoint
– Dashboards
• Create new dashboard and add PP report objects
• Publish to SharePoint and view
26. BI Authentication Best Practice Recommendation
• Use Trusted / Secure Store model where possible. It offers the following
advantages:
– Better support for extranet / remote report access
– Better support for tablet / smartphone report access
– Simple security management of a few service accounts in the data tier
– Site administrators / business users handle report access permissions
in the presentation tier