Purchase your Section 508 Compliance Support guide now!

Purchase your Section 508 Compliance Support guide now!

Running Reports On Your Research in Motion BlackBerry

Running Reports On Your Research in Motion BlackBerry

You can have reports appear on your mobile device under Recently run reports by doing any of the following:

·                 browsing to a report and then running it

·                 setting criteria to search for a report, choosing a report from the resulting list, and then running that report

·                 running a report to see a newer version

Tips:

·                 Reports that you have not viewed have a dark border around them.

·                 The circled number on the recently run reports tab is the number of unread reports.

Logging On To IBM Cognos Mobile (BlackBerry)

You must log on to IBM® Cognos® Mobile to access IBM Cognos reports that are not already on your device.

1.              On your device, navigate to the IBM Cognos Mobile icon.

2.              Select Log On.

3.              Type your user ID and password, and select Log On.

Browsing (BlackBerry)

1.              From your device, log on to IBM® Cognos® Mobile.

2.              On the tab bar, click the browse tab.

3.              Select Public Folders or My Folders.

4.              Navigate to the report that you want and select it.

5.              If the report contains prompts, select or enter the values that you want.

You must provide values for all mandatory prompts and send them to the server to receive the report.

Due to the small size of devices, prompts may appear differently on your screen than they do in IBM Cognos Connection.

6.              After the report starts running, you can wait for it to finish or, when you are prompted to wait or close to view the report later, click Close to run the report in the background. After it runs, you can view it online or offline.

If you wait for the report to finish running, it opens automatically. All reports appear on the Recently run reports screen.

You can repeat this process of choosing reports multiple times.

Searching (BlackBerry)

1.              From your device, log on to IBM® Cognos® Mobile.

2.              On the tab bar, select the search tab.

3.              Enter the search criteria, and select Search.

4.              From the list that appears, select the report that you want.

Note that you may see only a subset of the reports that would be available if you searched from your desktop computer. For example, reports, queries, and IBM Cognos Business Insight dashboards appear, but PowerPlay® reports and agents do not.

5.              If the report contains prompts, select or enter the values that you want.

You must provide values for all mandatory prompts and send them to the server to receive the report on your device.

6.              From the menu, click Run report.

When the report finishes running, it appears automatically on your screen and also on the Recently run reports screen.

Rerunning a Report (BlackBerry)

1.              Navigate to the Recently run reports screen, and select a report.

2.              From the menu, select Run report.

The latest version of the report appears.

3.              From the menu, select Re-run report. To return to the Recently run reports window, from the menu, select Close.

The latest version of the report appears at the top of the list.

Tip: To rerun a report while you are viewing it, from the menu, select Re-run report.

Logging Off From IBM Cognos Mobile (BlackBerry)

·                 On any IBM® Cognos® Mobile screen on your device, from the menu, select Log Off.

 

IBM Cognos BI Reports on a Mobile Device

IBM® Cognos® Mobile enables you to run IBM Cognos Business Intelligence reports on your mobile device. Each report on the device is identical to the report that you would see on your desktop but formatted specifically for a device. The formatting is handled automatically.

Reports are run and delivered to your device. After you log on to IBM Cognos Mobile from your device, the reports that you run, or that are scheduled to run by your administrator, appear on your device. Each report presents the data that is current at the time that the report is run.

You can access a report in any of the following ways:

·                 From your desktop computer, in IBM Cognos Connection, you can use Run with options to run a report once.

·                 From your desktop computer, in IBM Cognos Connection, you can create a schedule or job to run a report periodically.

·                 From your device, you can browse and navigate to a report and then run it.

·                 From your device, you can search for a report, choose the one you want from the list of search results, and then run that report.

Reports can also be delivered in other ways:

·                 Your administrator can schedule reports to be delivered at specified intervals to your device.

·                 Your administrator can send a bursted report.

·                 Your administrator can run a number of different reports as a job and have them sent to your device.

·                 Defined events can trigger a report to run and then be delivered to your device.

If the report contains prompts, you can choose the specific data that you want.

If you are using a Research in Motion BlackBerry, Symbian, or Microsoft® Windows® Mobile device, you can work offline using the reports that are on your device. However, you must log on for a report to be synchronized to the latest version.

If your organization provides reports based on your current location, you can turn on the GPS capability on your phone and have these customized reports delivered to your device. For more information, see your Mobile administrator.

You can delete a report from your device. If you do this, you delete only the copy on your device, not the actual report.

You can view reports on your device and perform a number of actions on them, including

·                 focusing on one area of a report

·                 marking table cells for further analysis

·                 drilling through

·                 drilling up and drilling down

For more information about using IBM Cognos Connection, see the IBM Cognos Connection User Guide.

Connecting to the Server

The way you connect to the server from your mobile device depends on the device you are using:

·                 If you are using an iPhone, navigate to the server URL, and then bookmark it on your home screen.

·                 If you are using a BlackBerry, Symbian, or Microsoft Windows Mobile device, type the server URL on your device. Your Mobile administrator provides the URL.

 

Configuring IBM Cognos 8 for Oracle Portal

Oracle Portal uses a version of the Apache web server to serve Oracle web content. One feature of this web server provides the ability to “protect” external (non-Oracle) web resources by intercepting calls to these resources and forcing users to provide valid Oracle Portal authentication information in order to proceed. By including the IBM Cognos 8 gateways among these protected resources, attempts to access IBM Cognos 8 pages will be intercepted and unauthenticated users will be prompted with the Oracle Portal login page.

 

Upon successfully logging in via the Oracle Portal login page, the Oracle/Apache server will populate the REMOTE_USER CGI variable and pass the user directly to the requested IBM Cognos resource. IBM Cognos 8 can use the REMOTE_USER variable to determine the users’ identity, thereby negating the need for an IBM Cognos-specific login. Similarly, any user who has successfully logged directly into the Oracle portal will not be presented with an IBM Cognos login page when accessing an IBM Cognos 8 resource.

 

In order to force Oracle to protect the IBM Cognos resources, the IBM Cognos gateways must be installed on the Oracle Portal Server (Apache) machine. On this machine (and any others that may contain distributed components of the IBM Cognos 8 installation) you must set the gateway port to 7777 (the default Oracle Portal port) as below. Change localhost to match the gateway and dispatcher server names as needed.

 

In order to secure IBM Cognos roles, groups, and content to OID users and groups, you must create an LDAP authentication source in Cognos Configuration that references the Oracle Portal OID. To connect to your OID server, enter a logical ID for your OID directory, the host and port of the OID server, and the Base DN of the OID directory. These settings will vary between installations, so check with your Directory Administrator to verify the settings, or to create a bind user if no suitable user exists. To enable SSO, set the User Lookup, Use External Identity, and External Identity Mapping

properties. Use parentheses and brackets as shown. To enable user and group lookups, set the Folder and Group Mappings as below. Again, these settings may change between installations, so verify all changes with your directory administrator.

 

In order to serve IBM Cognos pages from the Apache web server, you must create Aliases within Apache. Per the IBM Cognos documentation, add the IBM Cognos Gateway directory locations to the Apache httpd.conf file by inserting the following lines to the “Aliases:” section (about row 774). This file should reside at ORACLE_HOME\Apache\Apache\conf\httpd.conf. This document assumes the use of the CGI gateways. See the IBM Cognos documentation for information on using the Apache Mod gateways.

 

The mod_osso file provides information about which resources are “protected” by Oracle Portal Security. It also configures Oracle Portal to pass the REMOTE_USER variable to these resources for authentication. To Configure Oracle to protect IBM Cognos 8, add these lines to the mod_osso.conf file in the section labeled “Insert Protected Resources:” (about line 10). This file should be at

ORACLE_HOME/Apache/Apache/conf/mod_osso.conf. This syntax tells Oracle to intercept any requests for Cognos resources and invokes the Oracle SSO process. Authenticated users will be passed transparently to the requested Cognos resource. Unauthenticated users will be prompted with the Oracle portal login screen and, upon successfully entering OID credentials, be passed to the requested Cognos resource.

 

Restart the Apache instance and the IBM Cognos 8 services.

Configure 3rd Party CA for IBM Cognos 8 BI

The process of configuring IBM Cognos 8 for a 3rd party CA involves the

following steps:

 

  • Generate certificate signing requests (CSR) for the signing keypair and the ecryption keypair
  • Sign the CSRs with your 3rd party CA
  • Import the signed certificates into IBM Cognos 8 keystores
  • Import the CA root certificate into IBM Cognos 8 truststore
  • Adjust IBM Cognos 8 configuration

 

 

Cognos 8 Security PKI CA

IBM Cognos 8 BI makes use of public key infrastructure (PKI) technique. This concept for symmetric encryption implies the use of a large key which is broken in half to form a key pair. Whatever one of them encodes, the other can decode and vice versa. One key of each pair becomes public the other remains private. Those which get public need to get “signed” by some higher (more trustworthy) entity, which for PKI is called Certifying Authority (CA).

 

The process of signing involves submitting a special request, the certificate signing requests (CSR) to a CA. The response to such a request will be a certificate, which is basically nothing else but the public key “rubber stamped“ by the CA.

 

IBM Cognos 8 uses certificates for various purposes including internal SSL communication.

 

IBM Cognos 8 incorporates a service for signing certificates out of the box.  The “AutoCA” service implements a scaled down Certifying Authority (CA).  This service is part of the Content Manager component and is sufficiently complete to service all the functionality needed by IBM Cognos 8 in context of certificates.  It is not possible to use this service to sign non-cognos certificates.

In a default install of IBM Cognos 8 the CSRs for keys will be created automatically and sent to the AutoCA service which will sign them with the AutoCA’s CA certificate. The certificate is then saved in a file called keystore next to the keys it was issued for.  However in some enterprises there may be a company CA or some external CA provider already, which an IBM Cognos 8 administrator would like to Leverage

 

IBM Cognos 8 supports using those 3rd party CAs for signing IBM Cognos 8 internal certificates but several additional configuration steps are required.

 

IBM Cognos 8 incorporates a java based command line tool called “ThirdPartyCertificateTool” which is used for all operations around the IBM Cognos 8 keystores. It’s located in the /bin subfolder and is called through a script file called ThirdPartyCertificateTool.sh on UNIX/LINUX and ThirdPartyCertificateTool.bat on Windows.

 

The tool will pick up the configured JAVA_HOME so if you didn’t specify it before just set it before calling this tool.

 

 

OLAP

Today's business term is:  online analytical processing (OLAP)

Software that allows a user to interact with a very large online database (data warehouse) and request and receive practically any report in the desired format.




BI Centre October Newsletter

Hello everyone,

The October 2010 edition of the BI Centre newsletter is available now.  Click here.

Thank you.
--
BI CENTRE
http://bicentre.blogspot.com


BI Centre October 2010 Newsletter


Hello everyone,

The October 2010 edition of the BI Centre newsletter is available now. Click here.

Thank you.
--
BI CENTRE
http://bicentre.blogspot.com


BI_Centre_October_2010_Newsletter_send.htm

Tivoli and System Z

As business cycles speed up, many customers gain significant competitive advantage from quicker and more accurate business decision-making by using real data. For many customers, choosing the path to co-locate their transactional and analytical workloads on System z® better leverages their existing investment in hardware, software, and skills. We created a project to address a number of best practice questions on how to manage these newer, analytical type workloads, especially when co-located with traditional transactional workloads.

The goal of this IBM® Redbooks® publication is to provide technical guidance and performance trade-offs associated with resource management and potentially DB2® data-sharing in a variety of mixed transactional / data warehouse System z topologies. The term co-location used here and in the rest of the book is specifically defined as the practice of housing both transactional (OLTP) and data warehouse (analytical) workloads within the same System z configuration. We also assumed that key portions of the transactional and data warehouse databases would reside on DB2 for z/OS®. The databases may or may not reside in a DB2 data-sharing environment; we discuss those pros and cons in this book.

The intended audience includes DB2 data warehouse architects and practitioners who are facing choices in resource management and system topologies in the data warehouse arena. This specifically includes Business Intelligence (BI) administrators, DB2 database administrators (DBAs) and z/OS performance administrators / systems programmers. In addition, decision makers and architects can utilize this book to assist in making platform and database topology decisions.

The book is divided into four parts.

Part I, "Introducing the co-location project" covers the System z value proposition and why one should consider System z as the central platform for their data warehousing / business analytics needs. Some topics are risk avoidance via data consolidation, continuous availability, simplified disaster recovery, IBM Smart Analytics Optimizer, reduced network bandwidth requirements, and the unique virtualization and resource management capabilities of System z LPAR, z/VM® and WLM. Part I also provides some of the common System z co-location topologies along with an explanation of the general pros and cons of each. This would be useful input for an architect to understand where a customer is today and where they might consider moving to.

Part II, "Project environment" covers the environment, products, workloads, workload drivers, and data models implemented for this study.
The environment consisted of a logically partitioned z10™ 32way, running z/VM, Linux®, and z/OS operating system instances.
On those instances we ran products such as z/OS DB2 V9, IBM Cognos® Business Intelligence Version 8.4 for Linux on System z, InfoSphere™ Warehouse for System z, InfoSphere Change Data Capture, z/OS WebSphere® V7, Tivoli® Omegamon for DB2 Performance expert.
Utilizing these products we created transactional (OLTP), data warehouse query, and data warehouse refresh workloads.
All the workloads were based on an existing web-based transactional Bookstore workload, that's currently utilized for internal testing within the System p® and z labs.
While some IBM Cognos BI and ISWz product usage and experiences information is covered in this book, we do not go into the depth typically found in IBM Redbooks publications, since there's another book focused specifically on that.
One exception to this is the InfoSphere Change Data Capture product, in which we did include some step-by-step implementation details, as this information was less readily available at the time of this project.

Part III, "Implementation considerations" is the core of the book and covers the resource allocation, management and monitoring co-location implementation considerations for z/OS and DB2 for data warehousing. This includes both single z/OS system implementation as well as DB2 data-sharing between the transactional and data warehouse DB2s. It starts out with an overview to help bridge perspectives of the various administrators. It then covers DB2, WLM, and I/O resource considerations, then provides guidance on bridging the DB2 and WLM views of resource usage. Finally, it provides experimental data covering several resource management facets in two of the key co-location topologies (Single LPAR / separate DB2 sub-systems, Multi-LPAR DB2 data-sharing).

Part IV, "Project experiment results" describes the results of our experiments and provides guidance for others to be able to co-locate their own workloads in a System z environment.

 

Cognos Jump-Start Deployment options and best practices for Cognos 8 BI for Linux on System z

IBM Cognos* 8 BI for Linux* on System z* delivers a broad range of business-intelligence (BI) capabilities on an open, enterprise-class platform. All capabilities-including viewing, creating and administering reports, analysis, scorecards, dashboards and events-are available through the Web.

The IBM Cognos 8 platform delivers the right capabilities to manage the solution with centralized and Web-based administration that provides a complete view of Cognos activity as well as metrics and thresholds to resolve potential issues before they impact business. The IBM Cognos 8 platform is built on Web-based service oriented architecture (SOA), designed for scalability, availability and openness. This n-tiered solution has three tiers: Web, application and data. The tiers, based on business function, are typically separated by network firewalls.

When considering deployment options, reliability and scalability should be key considerations. Services in the application tier operate on a peer-to-peer basis. That means, in effect, that no service is more important; there is no "master" service. Any service of the same type, on any machine in an IBM Cognos 8 platform configuration, is capable of servicing an incoming request. The result is complete fault tolerance: any server in the system can route and handle any request. Request dispatching is done in an optimal way: with automatic load balancing built into the system.

The IBM Cognos 8 platform provides optimized access to all data sources, including relational data sources and online analytical processing (OLAP) with a single query service. In addition, this query service understands and leverages the data-source strength by using a combination of open standards such as SQL99, native SQL and native MDX to optimize data retrieval for all of these different data providers. The IBM Cognos 8 BI user interfaces are accessed via the Web tier.


http://www.ibmsystemsmag.com/mainframe/julyaugust10/administrator/33288p1.aspx
Satish P

Island Home For Sale

http://islandhomeforsale.blogspot.com

Island Home for Sale

Receiving Value From Your Data Warehouse Investment

Receiving Value From Your Data Warehouse Investment

 

A Data Warehouse can be defined as a centralized container for all of your corporate data assets.  Essentially, it is the place where people can access their data. The existence of a Data Warehouse within an organization is not a true indicator of a successful BI environment.  The Data Warehouse can quickly become a quagmire of meaningless and unrelated data; and also a bottleneck in obtaining meaningful analysis on your organization’s activities.

 

Planning, implementing and maintaining a Data Warehouse and/or Business Intelligence solution represents both a major financial and technical investment for your organization. 

 

What are some of the elements that your organization can focus on in order to obtain true value from a Data Warehouse implementation?

 

 

  1. Establish Data Governance

 

The Data Warehouse could drive the development of a data governance standard for Your organization.  This would promote a common understanding and definition of data elements that are used within Your organization applications. 

 

This could also increase the success rate of integrating future projects, such as integrating a SAP HR/Payroll module with a planned web solution that requires the ability to identify Your organization employee ids.

 

  1. Reliable Results

 

A report consumer must have confidence that their report data is correct if they are expected to promote or act upon the data.  If the consumer does not have confidence in the data then the Data Warehouse will quickly become a vast repository of meaningless data, and not an effective tool for implementing and realizing business change.  The Data Warehouse should strive toward delivering one version of the truth.

 

A higher confidence rate in the report results will also permit greater leverage for reporting on historical trends for Your organization business lines.

 

  1. BI Vendor Selection

 

Your organization should look at implementing one BI solution in order to report against a Data Warehouse.  Choosing one specific BI tool will provide the following financial benefits:

 

§         Repeatable reporting solutions through a pattern of proven practices will reduce development costs

§         Centralized license management

§         Identify architecture requirements for reporting solutions

§         Reduced BI project risk; increased BI project success rate

§         Targeted employee training

§         Opportunity to join a cluster group related to the BI tool

§         Participate in shared services initiatives from PWGSC

§         Manageable upgrades for future releases

§         One BI tool will help to develop a specialized service for delivering business value to Your organization.  This will also help to streamline the service delivery to report consumers.

 

 

  1. BICC (Business Intelligence Competency Centre)

 

The objective of the BICC is to lead the development of a centralized reporting environment.  This requires a shared vision amongst business, technical, and management within Your organization.   Creating an open channel of communication for BI initiatives amongst all parties will help to identify project risks or constraints in the initial planning stages of the project planning cycle.  This will help to reduce wasted spending on idle resources and unnecessary software services or hardware.

 

The BICC Committee will provide guidance and support to the Data Warehouse group as they steward the following four responsibility centres:

 

§         People – provide BI reporting services to clients, and support human resource training and learning objectives

 

§         Process – provide business value to Your organization, and establish a defined process for BI Warehouse service delivery

 

§         Technology – implement and support Data Warehouse and a chosen BI technology

 

§         Performance – the key metric that combines the successful management of technology, process and technology

 

  1. Human capital

 

Your organization’s data is contained in two main entities – the application repositories and its human resources.  The creation of a Data Warehouse must also include a review session with the key stakeholders that have a responsibility as: end users, DBAs, Business, and IT.  The Your organization resources would also be able to provide history on the lessons learned within the organization.

 

The release of the Data Warehouse will have a higher acceptance rate if all stakeholders have been able to provide input toward the creation of a warehouse that addresses their real reporting requirements and not a generic or canned approach that provides no true value.

 

  1. Application Inventory

 

In order for the Data Warehouse to be considered a true corporate asset then it must contain the data from the applications that are in use within Your organization.  This would require a review of all of the applications that are currently and planned to be deployed within the organization. 

 

This exercise will also encourage the approach of identifying common Data Marts that could provide more in-depth reporting analysis.  For example: if Data Mart A contains information of cancer rates amongst German cites, while Data Mart B contains data on corporations that have been fined for pollution controls then Your organization would now be able to identify the relationship between cancer rates and pollution in German cities.

 

 

Content Store clean up scripts

Before execution of clean up scripts, back up Cognos Content (packages/reports) or the entireContent Store as required, as all content will be deleted after clean up.

The clean scripts need to be executed from the server node on which Content Manager is installed.Following are the steps to clean up the content stores on the various supported databases as ContentStore.

Content Store clean up scripts are located at:

${cognosInstallLocation}\configuration\schemas\content\
E.g. C:\Program Files\cognos8\configuration\schemas\content\db2

Cognos8 Help : Part 2 -- “IBM Cognos 8 Business Intelligence: The Official Gu...

Karl Malone has sent you a link to a blog:

Hey Dave, had you had a chance to review this book yet? I'm on Chapter 5 and it's helping me on my latest BI project. I have a few questions that might be better asked for IBM Cognos instead of the author.

Blog: Cognos8 Help
Post: Part 2 -- “IBM Cognos 8 Business Intelligence: The Official Guide” Introduction to Performance Management and IBM Cognos 8 BI
Link: http://cognos8help.blogspot.com/2010/08/part-2-ibm-cognos-8-business.html

--
Powered by Blogger
http://www.blogger.com/

Distributing Framework Manager Components

Distributing Framework Manager Components

Framework Manager can be installed on a computer that contains other IBM Cognos 8 reporting components or on a computer that is separate from other IBM Cognos 8 reporting components.

To publish packages so that they are available to users, you must configure the modeling tools to use a dispatcher, either directly or through a gateway. If IBM Cognos Connection is secured, you must have privileges to create data sources and publish packages in IBM Cognos Connection.The modeling tools communicate with server components using one of two methods:

Where you install Framework Manager, and how you configure it, can depend on how large your metadata models are and on which Web server you use.

Web Servers Other Than Microsoft IIS

For Web servers other than Microsoft Internet Information Services (IIS), no functional difference exists between the two communication routes between the modeling tool and the Application Tier Components dispatcher. For either route, the modeling tool uses the BI Bus SOAP API. If you use the Web server route, and you have medium- and large-sized packages (approaching 1 MB), the models are broken into smaller pieces (chunked) for transmission.

If you use a Web server other than Microsoft IIS, we recommend that you configure the modeling tool to communicate through your Web server gateway (using the first route). This eliminates the need to set up additional communications channels if you use firewalls to separate the modeling tool, Web server, and Application Tier Components.

Firewall Considerations

When the modeling tool is outside a network firewall that protects the Application Tier Components, communication issues with the dispatcher can occur. For security reasons, the default IBM Cognos 8 configuration prevents the dispatcher from accepting requests from the modeling tool when it is outside the network firewall.

Configuration Requirements

Framework Manager communicates with the Application Tier Components, which can be installed on one or more application servers. To publish packages, you must configure Framework Manager to communicate with the dispatcher, either directly or through a dedicated gateway.

You must ensure that Framework Manager can communicate with IBM Cognos 8 server components. On the computer where Framework Manager is installed, configure the following environment properties:

  • Gateway URI
  • Dispatcher URI for external applications

If the modeling tool is using a dedicated gateway instead of communicating directly with the dispatcher, you must also configure the Dispatcher URIs for gateway property on the dedicated gateway computer.

Cognos 8 on mobile devices such as blackberrys or iphones

Does anyone have any experience with developing Cognos 8 dashboards or reports for mobile devices such as Blackberrys or iPhones?  Email us at businessintelligencecentre@gmail.com in order to discuss futher.

Cognos 8 BI forLinux on System z

You can gain a lot of synergy by incorporating InfoSphere components with Cognos 8 BI for Linux on System z.

 

For example, you can define your business terms in InfoSphere Information Server Business

Glossary on Linux on System z, so that you can provide common terminology for both

business users and Cognos report developers. Once the terminology is defined, it is

extremely easy for any Cognos user to discover the definition of the term. The big benefit for

organizations is that it leads to trusted information by providing a means for everyone to use

common terminology when accessing or displaying the same piece of information. This

reduces complexity and misunderstanding.

 

If you use the InfoSphere Business Glossary from within Cognos 8 BI, you can access the

glossary from any of the following data objects in Report Studio:

_ Query subject

_ Query item

_ Measure

_ Dimension

_ Hierarchy

_ Level

_ Property/attribute

_ Top node member

_ Member

_ Level item

 

There is also synergy between the InfoSphere Warehouse on System z and Cognos 8 BI for

Linux on System z because you can have your Cognos reporting functions in close proximity

to the data that is being reported. This is really apparent when a report needs a large amount

of data because of the ability to use HiperSockets on the System z machine. HiperSockets

allows a 6 MBps connection between Cognos 8 BI for Linux on System z and the InfoSphere

Warehouse on System z.

In addition, by combining Cognos with WebSphere Portal, you can easily provide trusted

information through easy to create Web pages.

 

Other synergies between Cognos and InfoSphere include:

_ The IBM Smart Analytics System is a preconfigured and optimized system that provides

Business Intelligence Capabilities with Cognos 8 BI, Advanced Analytics with InfoSphere

Data Mining, and a scalable Data Warehouse platform with InfoSphere Warehouse.

_ InfoSphere Information Server can generate data lineage data based on DataStage jobs

that allow the analysis of data lineage using Metadata Workbench from source to target.

Cognos 8 BI has data lineage capabilities from report to data warehouse table/views. With

the integration, Cognos data lineage data can be imported into Information Server, which

allows data lineage from source to report.

_ InfoSphere Warehouse Cubing Services provides large scale OLAP capabilities inside the

data warehouse. Cognos can provide powerful analysis capabilities.

Identity Management for IBM Cognos 8 with IBM Tivoli Identity Manager

IBM Cognos 8 does not authenticate users itself but rather relies on third-party authentication providers such as LDAP or Microsoft Active Directory to do so. This concept means that IBM

Cognos 8 presents logon data (essentially credentials) entered by the user or obtained through single sign-on (SSO) mechanisms to the third-party authentication providers on behalf of the user. Then, when authenticated, IBM Cognos 8 must read the user's groups and roles from the authentication provider as well and make them available to the authorization functionality. This task is implemented by authentication providers.

 

After the users, groups, and roles are visible in the Cognos Connection, authorization policies can be created wherein a user can be assigned to a group or role depending on the business requirements.

 

The flow of an authentication request in Cognos 8

 

When a user requests authenticated access to IBM Cognos 8, the flow is as follows:

1. The user clicks a report or analysis to view it, and the request goes through the gateway and the dispatcher to the presentation service.

2. The gateway accepts the request and sends it to a dispatcher

3. The dispatcher notes that no passport is attached to the request, and sends the request to Content Manager.

4. Content Manager sends the request to Access Manager.

5. Anonymous access is disabled in this IBM Cognos 8 system, so Access Manager sends the request back to Content Manager with a fault attached. The fault contains information about what is needed to log on. For example, if multiple namespaces exist, the user will be required to select a namespace. If only one namespace exists, the user might be required to provide a user ID and password.

6. Content Manager returns the request with the attached fault to the dispatcher.

7. The dispatcher sends the request to the presentation service.

8. The presentation service creates the appropriate logon page for the user, and returns the page through the dispatcher and the gateway to the user.

9. The user enters the required information, such as a user ID and password. The information is attached to the original request and sent through the gateway to the dispatcher.

10.The dispatcher sends the request to Content Manager.

11.Content Manager sends the request to Access Manager.

12.Access Manager talks to the authentication provider through the Authentication Service to verify the supplied credentials. If all the required information is correct, Access Manager issues a Passport ID, attaches it in the HTTP header to the original request, and sends the request back to Content Manager. If the required information is incorrect or incomplete, the request faults back to step 9.

13.Content Manager sends the request to a dispatcher.

14.The dispatcher processes the request and sends it to the presentation service.

15.The presentation service sends the Welcome page back through the dispatcher and the gateway to the user.

 

Authorization and the CAMID

When a user is authenticated, the passport that is issued is the object that holds the visas. For each namespace, a visa is issued by the authentication provider after successful authentication has been established. In this case, the passport will hold a one-to-many numbers of visas. The Passport ID is the reference to the passport object, which is maintained, in memory, by the Content Manager component. The Passport ID is inserted in the cam_passport cookie, which is used to confirm that the user has successfully been authenticated in his or her current session before. Here, a user’s identity is established,

confirming access to the Cognos Portal content.

 

IBM Cognos 8 indicates which groups and roles the user is a member of, directly or indirectly, through inheritance (nested group memberships). This is true for groups and roles from the namespace for which the particular Passport ID has been issued, plus groups and roles from the Cognos namespace.

 

Authorization in IBM Cognos 8 applies to basically all objects that make up an IBM Cognos 8 application. All content (reports, analysis, folders, packages, and so on) and a wide range of functions and capabilities of systems can have permissions attached to them (for example, access to Studios). Permission defines who, a user, group or role, has what privileges on an object/capability/function.

 

The five privilege levels within IBM Cognos are:

_ READ

_ WRITE

_ EXECUTE

_ TRAVERSE

_ SET POLICY

 

Internally, those privilege levels do not contain the names of users, groups, or roles, but instead contain an internal ID named CAMID3. The CAMID is constructed by the authentication provider for each object read in from an external authentication provider. This also applies to the internal authentication provider, so all the objects of the Cognos namespace have a CAMID assigned to them. By the user of this CAMID, IBM Cognos stores and verifies access to objects, when authorization is necessary. The CAMID of objects in the user’s identity is compared to the permissions assigned to an object, and if they match, the

privileges are granted or denied. Although the CAMID is built differently among authentication providers, they all use a common layout. The CAMID layout is a string, consisting of two fields that are concatenated:

 

CAMID:="CAMID(<NamespaceID>:<AuthProviderSpecificID>)"

The NamespaceID is the ID that is specified in Cognos configuration for the namespace. The AuthProviderSpecificID is an ID that is constructed internally by the authentication provider.

 

Two examples are as follows:

 

_ Example 1, User:

CAMID("LDAP:u:uid=admin,cn=admin,ou=support")

 

Where:

LDAP is the NamespaceID

uid=admin, is the user Relative Distinguished Name (RDN®)

cn=admin, ou=support, is the Distinguished Name (DN)

 

_ Example 2, Group:

CAMID("LDAP:g:cn=admin,ou=support")

Where:

LDAP is the NamespaceID

cn=admin, ou=support, is the Distinguished Name (DN)

 

Leveraging Tivoli Identity Manager with Cognos 8

Cognos 8 supports various authentication providers, such as Microsoft Active Directory Server, LDAP, SAP, NT LAN Manager (NTLM), Cognos Series 7, and so on. These authentication providers store users, roles, and groups that can be used inside the Cognos environment while enabling the authentication mechanism. On the other side, the Tivoli Identity Manager supports most of such authentication providers as managed resources that it can manage. Tivoli Identity Manager provides capabilities of provisioning users and groups on most of the managed resources that Cognos uses as authentication providers. The

Microsoft Active Directory server, IBM Tivoli Directory Server, or Sun ONE Directory Server are examples of such authentication providers.

 

Leveraging Tivoli Identity Manager for managing users and groups on the authentication provider can deliver an ideal combination with the Cognos 8 security model. Further sections provide details about how Tivoli Identity Manager can be integrated with an authentication provider and leveraged with Cognos deployments.

 

Several key advantages for Cognos 8 when Tivoli Identity Manager is used with the Cognos authentication provider (or providers) are:

 

_ Tivoli Identity Manager provides a centralized, policy-driven and automated end to end provisioning solution. Administrators can use the Tivoli Identity Manager Web-interface to manage users and groups on multiple authentication providers and performing administrative tasks on it rather than directly operating on the authentication providers' individual user interfaces.

_ Tivoli Identity Manager allows provisioning policies that can be defined and customized as per the need. A provisioning policy can help to ensure an appropriate user getting provisioned with appropriate access rights.

_ Approval workflows and e-mail notifications can be configured with all user provisioning activities, such as creating a user account on the authentication provider, user requesting an access to certain groups, and so on.

_ Tivoli Identity Manager provides a self-care user interface that allows users to perform basic operations on their own without an administrator's involvement, such as resetting password, requesting access to groups, viewing and updating of personal information, and so on.

_ Tivoli Identity Manager provides the ability to certify and validate a user's access to IT resources on a regular interval. An administrator can define a recertification policy that recertifies user accounts as well as access rights defined on the authentication provider.

_ Auditing and reporting users and their access rights is one of the critical needs of most organizations. Tivoli Identity Manager's User and Access Reports can be leveraged to extend the existing Cognos auditing capabilities by providing auditing and reporting (traceability) of identity information of the authentication provider that accesses Cognos contents.

_ Provisioning users on the authentication provider, based on the organizational roles that are defined in Tivoli Identity Manager (advanced scenario), can provide a role-based access control mechanism and the following benefits:

– Role hierarchy helps to simplify and reduce the cost of user administration by enabling the use of an organizational role structure.

– Separation of duties can strengthen security and compliance by creating, modifying, or deleting policies that exclude users from membership to multiple roles that may present a business conflict.