Making reports accessible to external users
I'm wondering where I can find information of typical BI extranet setups to make webi, xcelsius, crystal reports accessible to external users (vendors). How much effort does this involve? Is the solution to create a website and then using the web services SDK or the BOBJ enterprise SDK - to open/list reports within that website? Where can I find additional info to answer questions such as:
- How is security handled?
- is it recommended to have "vendor" reports reside on a separate server (than the one hosting other BI reports) or should reports reside outside the firewall?
Srinivas Ganapathi replied
There are a lot of questions here. I'll try to answer them as best as I can. First, you should look at the [XI R2 Pattern Book for Windows|http://help.sap.com/businessobject/product_guides/boexir2/en/Win_pattern_book.pdf].
How much effort does this involve?
Since this is relatively involved, this is a gist what what is needed.
The standard approach is to use a reverse proxy that shields the internal BOE deployment from external users.
Is the solution to create a website and then using the web services SDK or the BOBJ enterprise SDK - to open/list reports within that website?
This is not necessary. You could allow external users to access the same Infoview that your internal users use. The reverse proxy has 2 network cards (and 2 IP addresses, one for external users and one for internal users). This allows it to mask the IP address(es) of internal servers to external clients.
How is security handled?
This really depends on the size of your deployment, budget etc. You could just use security within BO or you could use external software to handle security before the request even reaches BO (TAM for example).
is it recommended to have "vendor" reports reside on a separate server (than the one hosting other BI reports) or should reports reside outside the firewall?
No. A BO deployment can only have one filestore, that must reside within the firewall (as a best practice). Best practices suggest that only the router/gateway is outside the firewall.
A typical (simple) deployment would be:
clients --->internet--->router/gateway--->firewall(outer)----->web server (reverse proxy)-->firewall(inner)--->BOE servers