Setting up HTTP access to the CUBE
TANDBERG Analytics Extension Admin guide
21
Setting up HTTP access to the CUBE
This chapter describes how to configure a Windows 2008 Server running SQL Server 2008 so that
users may connect to the Analytics Extension CUBE without providing AD credentials. This makes it
easier to connect to the CUBE for clients residing in an AD domain beyond the data warehouse
server, or clients outside your network.
This solution uses HTTP for data access, taking advantage of IIS 7 as a middleware component to
enable access to the CUBE. A small IIS web application
– commonly known as an “HTTP pump” – will
be set up on the data warehouse Windows server (which may or may not be identical to the TMS
server, depending on your
setup). This application acts as a “pump” that receives requests,
authenticates them, and creates a security context for the requests before forwarding them to Analysis
Services. After Analysis Services has executed the request, the pump will in a similar fashion pass the
response back to the client.
This approach may also be used in scenarios where IIS and Analysis Services run on different
computers. However, Windows does not by default allow AD delegation (remote impersonation by a
server of other clients). If using an IIS separate from the Analysis Services server, you must set up
Kerberos authentication and configure the domain to allow delegation before proceeding.
Installing IIS
Make sure that IIS is installed on the Windows server you want to set the HTTP pump set up on,
normally the data warehouse server.
1. Open Start > Administrative Tools > Server Manager
2. Check if
Web Server IIS
is mentioned on the
Roles Summary
pane. If IIS is not already installed,
click
Add Roles
and follow the installation wizard.
IIS needs the
ISAPI Extensions role
service installed, as well as an Authentication component. This
document assumes that Basic authentication is installed. However, this authentication method
transmits passwords using an easily decrypted algorithm, and should not be used if you are sending
sensitive data over the public internet (unless you are also using SSL). It should however, be sufficient
for internal networks.
To check if these components are installed:
1. Use the tree view in Server Manager and go to the
Roles
node.
2. Open the
Web Server (IIS)
pane, and if
ISAPI Extensions
and
Basic Authentication
(or the
authentication method of your choice) have their status set to
Installed,
it is not necessary to
install them. If they are not installed,
install them by clicking
Add Role Services
and follow the
installation wizard.
Copying the pump binaries
You must now manually copy binary files from Analysis Services to the directory that you want to use
as the basis for your HTTP pump web application.
In a default 32bit installation of SQL Server 2008, the required files are located in
C:\Program
Files\Microsoft SQL server\MSAS10.MSSQLSERVER\OLAP\bin\isapi
. Copy all of the files
and subdirectories of this folder to a subdirectory of C:\inetpub\wwwroot, for example to
C:\inetpub\wwwroot\analytics-pump
. Do not use a path that contains spaces.
Creating an IIS application pool
1. Open Server Manager
2. Locate the
Server Manager > Roles > Web Server (IIS) > Internet Information Services (IIS)
Manager
node.
3.
In the “Connections” tree view that opens, right-click
Application Pools
and choose “
Add
Application Pool…”
4. Give the new application pool a suitable name (for example
“Analytics-pump”), and set
Managed
pipeline mode
to
Classic
(Figure 9).
