Defining a Remote Server in the WebFOCUS Client Communication File

How to:

If you have configured a WebFOCUS Reporting Server elsewhere in your enterprise to access your data, and you wish to make that remote server visible in and accessible from the WebFOCUS Environments, Data Servers folder as a distinct, named entity, you must add the remote server to your WebFOCUS Client configuration. Except for the default server (for example, EDASERVE), which is visible under Data Servers, the listing of servers in this location is controlled by the WebFOCUS Client and implemented through the WebFOCUS Administration Console, which updates the WebFOCUS Client communication file (odin.cfg).

Once you add the remote server to your WebFOCUS Environment, you can access data and perform development directly against the named remote server. That is, you can use a variety of Developer Studio tools to access your application files, in their respective virtual folders, for development purposes. For example, you can open synonyms in the Synonym Editor, procedures in Report Painter, and HTML files in HTML Composer, and edit those files as if you were working on your local machine. These Reporting Servers can also be used by Managing Reporting if that environment is deployed in your organization.


Top of page

x
Procedure: How to Open the WebFOCUS Administration Console From Developer Studio
  1. Select the WebFOCUS Environment you are working with.
  2. Click the WebFOCUS Administration Console WebFOCUS Administration Console icon icon on the Object Explorer toolbar.
  3. When the Administration Console opens, log on to WebFOCUS.

Proceed as described in How to Add a Remote Server to the Environment.


Top of page

x
Procedure: How to Add a Remote Server to the Environment
  1. Click Reporting Servers and then Remote Services.
  2. Click New.
  3. In the NODE field, specify the name by which you will refer to the server.

    The name cannot be the same as any other node name. It must begin with a letter and cannot be more than eight characters. When the client accesses this server, it will use this name.

  4. Specify the Node class.

    Class options are:

    • Client. The node will function as a stand-alone server. It can also be used as an alternate server within a cluster configuration.
    • Cluster. This is the primary node that will be used to distribute workload to alternate servers.
    • CLM Processing. The Cluster Manager node monitors server performance statistics and sends the request to the best available server for processing.
  5. Click Next.
    • If you selected Client in step 4, proceed to step 6.
    • If you selected Cluster in step 4, proceed to step 7.
    • If you selected CLM Processing in step 4, proceed to step 8.
  6. The New Client Node window opens. Enter the following required parameters:
    1. HOST. Host name or IP address of the server.
    2. PORT. Port number for the TCP listener. The default port is 8120. x
    3. HTTP_PORT. Port number for the HTTP listener. This is normally the second consecutive port that the server uses. Type the same port number that was specified during installation. The default HTTP port is 8121. x x x
    4. CLASS. If this is a z/OS server, you must include a qualifier.
    5. SECURITY. Determines how WebFOCUS connects to the Reporting Server. The following are possible SECURITY values:

      Default. Is the initial value for new nodes and represents the traditional behavior, where the odin.cfg file does not contain a SECURITY keyword. In this case, WebFOCUS makes an explicit connection to the Reporting Server with the user ID and password it has available for the request.

      HTTP Basic. Configures WebFOCUS to extract the user ID and password from the Authorization header. These credentials are then used to make an explicit connection to the Reporting Server. You should only select this option when your web tier is performing Basic Authentication.

      To verify that the Authorization header is available to WebFOCUS, expand the Diagnostics node in the Administrative Console and select HTTP Request Info.

      Kerberos. Configures WebFOCUS to pass the Kerberos ticket for the user to the Reporting Server. This option enables an end-to-end single sign on solution from the desktop to WebFOCUS, from WebFOCUS to the Reporting Server, and from the Reporting Server to supported relational DBMS systems. When using this option, the Reporting Server must run in security OPSYS mode. Kerberos must be specified in the odin.cfg file.

      SAP Ticket. Enables customers using Open Portal Services in SAP Enterprise Portal to achieve single sign on through WebFOCUS to a Reporting Server configured with the Data Adapter for SAP. WebFOCUS passes along the MYSAPSSO cookie of the user, created on SAP Enterprise Portal, to the Reporting Server. The Reporting Server validates it using the SAP security API.

      Service Account. Allows you to specify a user ID and password to be used for all connections to the Reporting Server.

      The service account credentials are encrypted and stored in the SECURITY keyword of the odin.cfg file. When defined, the service account overrides any other credentials that may be presented to WebFOCUS for this Reporting Server node, and all users connect to the Reporting Server using the same credentials. This approach does not make it possible to identify which user is running a given request on the Reporting Server in Managed Reporting deployments, and therefore, is not recommended for them.

      Trusted. Allows you to connect to the Reporting Server with only a user ID. This option is useful when no password is available for the user, and controls can be placed on the server to ensure that connections from unauthorized clients are rejected. For example, employing the Reporting Server RESTRICT_TO_IP setting or configuring a network firewall so that only a particular client can connect to the server.

      Note: To complete the configuration of a trusted connection, you must enable the Reporting Server to accept trusted connections. Step 10 instructs you on how to configure the Reporting Server once you have completed configuring the WebFOCUS Client.

      When you select Trusted, the Pass WebFOCUS User ID and their Groups and Advanced options become available, as shown in the following image.

      Trusted Connection Advanced options

      If you select Advanced, you can enter the script variable and web server HTTP variable settings for User ID and User’s Groups.

      You can also specify the following optional parameters:

      • x SECURITY OBJECT. For any security option, an administrator can specify one or more HTTP header names and/or cookie names as follows:
        • COOKIE. Specify each HTTP cookie name separated by a comma (,). For example:
          cookie_name1, cookie_name2
        • HEADER. Specify each HTTP header name separated by a comma (,). For example:
          header_name1, header_name2

        Note: HTTP cookie and header names must not contain commas (,) or colons (:), since these are reserved delimiters.

        REMOTE_USER is not a valid value in the HEADER input box, since it is a special type of HTTP header variable and its contents will not be sent to the Reporting Server. Instead, specify the WF_REMOTE_USER variable.

      • HTTP_SSL. Enables encrypted communication between the client and the Reporting Server HTTP listener. This option must be selected if the HTTP listener of the Reporting Server is configured to use SSL.

        If you are using a self-signed certificate to enable HTTPS communication with a Reporting Server, the certificate must be configured in the Java environment in which the WebFOCUS Client is installed. This enables HTTPS communication between the Reporting Server and the following WebFOCUS Client tools:

        • Administration Console.
        • Developer Studio metadata tools, such as the Synonym Editor and Create Synonym tool.
      • x COMPRESSION. Turns on data compression. Acceptable values are 0 (off) and 1 (on). The default value is 0.
      • x ENCRYPTION. Sets data encryption ability and the cryptography symmetric method used.

        Select one of the following options from the drop-down list:

        • 0. Off
        • AES. Advanced Encryption Standard. The AES selections are in the format
          CIPHER(x)(-MODE)

          where:

          CIPHER

          Is AES128, AES192, AES256.

          x

          Is optional and defines an RSA key length of 1024 bits.

          MODE

          Is optional and is either Electronic Code Book (ECB) or Cipher Block Chaining (CBC).

          For example, AES256x-CBC is the AES cipher, with 1024-bit RSA keys, and CBC mode. If the RSA or mode is not specified, then the default values are used. The RSA default value is 512 bits. The mode default value is ECB.

        • DES ciphers. These settings are deprecated.
        • IBCRYPT. This setting is deprecated.
      • x CONNECT_LIMIT. Specifies the number of seconds the client holds the pending connection. This is useful in a cluster deployment to avoid a lengthy delay of failover response. Other possible values are 0 (no wait) and -1 (infinite wait). The default value is -1.
      • x MAXWAIT. Specifies the time, in seconds, the client waits before timeout. You can optionally specify different return times for the first row and other rows. A single number indicates the return time is valid for any row. If two numbers are separated by a comma, the first number specifies the return time for the first row and the second number specifies the return time for the subsequent rows. The default value is -1, which indicates an infinite wait time.
      • x DESCRIPTION. Description for the Reporting Server node. This description displays to end users.

      Because you specified Client in step 4, proceed to step 9 (and skip step 7, which is used when Cluster is specified).

  7. The New Cluster Node window opens. Enter the following required parameters:
    1. ALTERNATE. Select the servers to be included in the cluster.
    2. DESCRIPTION. Description for the cluster.

    Proceed to step 9.

  8. The New CLM Processing Node window opens. Enter the following required parameters:
    1. HOST. Host name or IP address of the server.
    2. PORT. Port number for the TCP listener. The default port is 8120. x
    3. HTTP_PORT. Port number for the HTTP listener. This is normally the second consecutive port that the server uses. Type the same port number that was specified during installation. The default HTTP port is 8121. x x x
    4. CLASS. If this is a z/OS server, you must include a qualifier.
    5. SECURITY. Determines how WebFOCUS connects to the Reporting Server. The following are possible SECURITY values:

      Default. Is the initial value for new nodes and represents the traditional behavior, where the odin.cfg file does not contain a SECURITY keyword. In this case, WebFOCUS makes an explicit connection to the Reporting Server with the user ID and password it has available for the request.

      HTTP Basic. Configures WebFOCUS to extract the user ID and password from the Authorization header. These credentials are then used to make an explicit connection to the Reporting Server. You should only select this option when your web tier is performing Basic Authentication.

      To verify that the Authorization header is available to WebFOCUS, expand the Diagnostics node in the Administrative Console and select HTTP Request Info.

      Kerberos. Configures WebFOCUS to pass the Kerberos ticket for the user to the Reporting Server. This option enables an end-to-end single sign on solution from the desktop to WebFOCUS, from WebFOCUS to the Reporting Server, and from the Reporting Server to supported relational DBMS systems. When using this option, the Reporting Server must run in security OPSYS mode. Kerberos must be specified in the odin.cfg file.

      SAP Ticket. Enables customers using Open Portal Services in SAP Enterprise Portal to achieve single sign on through WebFOCUS to a Reporting Server configured with the Data Adapter for SAP. WebFOCUS passes along the MYSAPSSO cookie of the user, created on SAP Enterprise Portal, to the Reporting Server. The Reporting Server validates it using the SAP security API.

      Service Account. Allows you to specify a user ID and password to be used for all connections to the Reporting Server.

      The service account credentials are encrypted and stored in the SECURITY keyword of the odin.cfg file. When defined, the service account overrides any other credentials that may be presented to WebFOCUS for this Reporting Server node, and all users connect to the Reporting Server using the same credentials. This approach does not make it possible to identify which user is running a given request on the Reporting Server in Managed Reporting deployments, and therefore, is not recommended for them.

      Trusted. Allows you to connect to the Reporting Server with only a user ID. This option is useful when no password is available for the user, and controls can be placed on the server to ensure that connections from unauthorized clients are rejected. For example, employing the Reporting Server RESTRICT_TO_IP setting or configuring a network firewall so that only a particular client can connect to the server.

      Note: To complete the configuration of a trusted connection, you must enable the Reporting Server to accept trusted connections. Step 10 instructs you on how to configure the Reporting Server once you have completed configuring the WebFOCUS Client.

      When you select Trusted, the Pass WebFOCUS User ID and their Groups and Advanced options become available, as shown in the following image.

      Trusted Connection Advanced options

      If you select Advanced, you can enter the script variable and web server HTTP variable settings for User ID and User’s Groups.

      You can also specify the following optional parameters:

      • x SECURITY OBJECT. For any security option, an administrator can specify one or more HTTP header names and/or cookie names as follows:
        • COOKIE. Specify each HTTP cookie name separated by a comma (,). For example:
          cookie_name1, cookie_name2
        • HEADER. Specify each HTTP header name separated by a comma (,). For example:
          header_name1, header_name2

        Note: HTTP cookie and header names must not contain commas (,) or colons (:), since these are reserved delimiters.

        REMOTE_USER is not a valid value in the HEADER input box, since it is a special type of HTTP header variable and its contents will not be sent to the Reporting Server. Instead, specify the WF_REMOTE_USER variable.

      • HTTP_SSL. Enables encrypted communication between the client and the Reporting Server HTTP listener. This option must be selected if the HTTP listener of the Reporting Server is configured to use SSL.

        If you are using a self-signed certificate to enable HTTPS communication with a Reporting Server, the certificate must be configured in the Java environment in which the WebFOCUS Client is installed. This enables HTTPS communication between the Reporting Server and the following WebFOCUS Client tools:

        • Administration Console.
        • Developer Studio metadata tools, such as the Synonym Editor and Create Synonym tool.
      • x COMPRESSION. Turns on data compression. Acceptable values are 0 (off) and 1 (on). The default value is 0.
      • x ENCRYPTION. Sets data encryption ability and the cryptography symmetric method used.

        Select one of the following options from the drop-down list:

        • 0. Off
        • AES. Advanced Encryption Standard. The AES selections are in the format
          CIPHER(x)(-MODE)

          where:

          CIPHER

          Is AES128, AES192, AES256.

          x

          Is optional and defines an RSA key length of 1024 bits.

          MODE

          Is optional and is either Electronic Code Book (ECB) or Cipher Block Chaining (CBC).

          For example, AES256x-CBC is the AES cipher, with 1024-bit RSA keys, and CBC mode. If the RSA or mode is not specified, then the default values are used. The RSA default value is 512 bits. The mode default value is ECB.

        • DES ciphers. These settings are deprecated.
        • IBCRYPT. This setting is deprecated.
      • x CONNECT_LIMIT. Specifies the number of seconds the client holds the pending connection. This is useful in a cluster deployment to avoid a lengthy delay of failover response. Other possible values are 0 (no wait) and -1 (infinite wait). The default value is -1.
      • x MAXWAIT. Specifies the time, in seconds, the client waits before timeout. You can optionally specify different return times for the first row and other rows. A single number indicates the return time is valid for any row. If two numbers are separated by a comma, the first number specifies the return time for the first row and the second number specifies the return time for the subsequent rows. The default value is -1, which indicates an infinite wait time.
      • x DESCRIPTION. Description for the Reporting Server node. This description displays to end users.

      Because you specified Client in step 4, proceed to step 9 (and skip step 7, which is used when Cluster is specified).

    Note: The node name provided in the Administration Console for CLM configurations must match the Cluster name of the Cluster Manager Server.

  9. Click Save.
  10. If you set the Client Node Security to Trusted in step 6, you must also configure the Reporting Server to accept trusted connections.

    To access the user ID in a report request, use the protected Reporting Server variable &FOCSECUSER. This variable contains the connecting user ID, except when Reporting Server security is OFF. &FOCSECUSER is recommended over previous approaches, such as the GETUSER and CNCTUSR subroutines.

    Note:

    • Controls should be placed on the server to ensure that connections from unauthorized clients are rejected. For example, employing the Reporting Server RESTRICT_TO_IP setting or configuring a network firewall so that only a particular client can connect to the server.
    • Trusted connections are not supported by servers running in security DBMS mode, or by servers on Windows running with OPSYS security. All other security modes on Windows and other platforms can accept trusted connections.


Top of page

x
Procedure: How to Change a Remote Reporting Server Node
  1. Select Reporting Servers, then select Remote Services.
  2. Select the node you want to change.
  3. Click one of the following buttons:
    • Modify. Displays the settings for the selected node, enabling you to make changes.

      You can also click Save As to save these settings for another specified node that will be added to the ibi\DevStudio81\srv81\wfs\etc\odin.cfg file.

    • Remove. Deletes the selected node. You will receive a message asking for you to confirm the deletion. This button only appears if you have more than one node defined.
    • Profile. Enables you to override default settings for a specific Reporting Server node. These settings are written to the ibi\DevStudio81\srv81\wfs\etc\edasprof.prf file, where node is the node you selected in step 2.
    • Reporting Server Console. Displays the Reporting Server Web Console, which enables you to remotely manage your server environment. For more information, see the Server Administration for UNIX, Windows, OpenVMS, IBM i, and z/OS manual.
    • Set as Default Server Node. This check box specifies that the node is the default Reporting Server. The node will be written as the IBI_REPORT_SERVER parameter value in the cgivars.wfs file. Note that even if you check Set as Default Server Node, this can be overridden if an IBIC_server is set in the site.wfs file or a node profile.

      If the site.wfs file or request URL contains an IBIC_server setting, it will override the IBI_REPORT_SERVER parameter. In this case, the Administration Console still indicates that the IBI_REPORT_SERVER is the default node, even though it is no longer the default.


WebFOCUS