architecture and security enterprise...

Architecture and Security Architecture and Security Enterprise Considerations

Michael RobertshawMiha Batic

Legal Disclaimer

This Presentation contains forward-looking statements, including, but not limited to, statements regarding the value and

effectiveness of QlikTech's products, the introduction of product enhancements or additional products and QlikTech's growth,

expansion and market leadership, that involve risks, uncertainties, assumptions and other factors which, if they do not

materialize or prove correct, could cause QlikTech's results to differ materially from those expressed or implied by such

forward-looking statements. All statements, other than statements of historical fact, are statements that could be deemed

forward-looking statements, including statements containing the words "predicts," "plan," "expects," "anticipates," "believes,"

"goal," "target," "estimate," "potential," "may", "will," "might," "could," and similar words. QlikTech intends all such forward-

looking statements to be covered by the safe harbor provisions for forward-looking statements contained in Section 21E of

the Exchange Act and the Private Securities Litigation Reform Act of 1995. Actual results may differ materially from those

projected in such statements due to various factors, including but not limited to: risks and uncertainties inherent in our

business; our ability to attract new customers and retain existing customers; our ability to effectively sell, service and support

our products; our ability to manage our international operations; our ability to compete effectively; our ability to develop and

introduce new products and add-ons or enhancements to existing products; our ability to continue to promote and maintain

our brand in a cost-effective manner; our ability to manage growth; our ability to attract and retain key personnel; the scope

and validity of intellectual property rights applicable to our products; adverse economic conditions in general and adverse

economic conditions specifically affecting the markets in which we operate; and other risks more fully described in QlikTech's

qlikview.com

2

economic conditions specifically affecting the markets in which we operate; and other risks more fully described in QlikTech's

publicly available filings with the Securities and Exchange Commission. Past performance is not necessarily indicative of

future results. The forward-looking statements included in this presentation represent QlikTech's views as of the date of this

presentation. QlikTech anticipates that subsequent events and developments will cause its views to change. QlikTech

undertakes no intention or obligation to update or revise any forward-looking statements, whether as a result of new

information, future events or otherwise. These forward-looking statements should not be relied upon as representing

QlikTech's views as of any date subsequent to the date of this presentation.

This Presentation should be read in conjunction with QlikTech's periodic reports filed with the SEC (SEC Information),

including the disclosures therein of certain factors which may affect QlikTech’s future performance. Individual statements

appearing in this Presentation are intended to be read in conjunction with and in the context of the complete SEC Information

documents in which they appear, rather than as stand-alone statements.

© 2011 Qlik Technologies Inc. All rights reserved. QlikTech and QlikView are trademarks or registered trademarks of Qlik

Technologies Inc. or its subsidiaries in the U.S. and other countries. Other company names, product names and company

logos mentioned herein are the trademarks, or registered trademarks of their owners.

Architecture and Security

• Michael Robertshaw

– Enterprise Architect

– mrw@qlikview.com

• Miha Batic

qlikview.com

3

– Expert Services Consultant

– mbc@qlikview.com

• Twitter: #BDWT2012

Agenda

• 1 – Physical Architecture

– Single server

– Scaling

– Example Implementations

• 2 – Security

qlikview.com

4

– Authentication

– Authorisation

• 3 – Data / Artefacts

• 4 – Administration

– Lifecycle

– OTAP

– Delegation

– EDX

• QlikView Publisher Reload Task executes the Script in the QlikView Document and loads Data into the Document

• QlikView Server loads the document into RAM for fast delivery of Layout and Data to connected Clients

• Publisher can distribute PDF

Architecture: QlikView Back-End

qlikview.com

5

• Publisher can distribute PDF (extra license) or QVW to Email Recipients and to Disk.

• Document tasks are configured using QlikView Management Console (AJAX)

• Document tasks can be scheduled internally by time or prior task status, or externally using an Enterprise Scheduler

Single Server

Single Server

“Server Reloads” (No Publisher LEF)

Typical Starting Point

qlikview.com

6

Typical Starting Point

24GB RAM4+ Cores100GB Hard Disk

Separate Front End from Back End

Improve SecurityReduce Resource Contention

Two ServersPublisher LEF required

Phase in FileServer/NAS or

qlikview.com

7

Phase in FileServer/NAS or use Back End Host for all Storage

Perform Document Development on Back End via Terminal Services Client

Scale Out Front End for High Availability

Two Front End hosts- Each has WebServer and QvS- Load Balancer distributes Web- AccessPoint distributes QvS

Publisher LEF required

qlikview.com

8

All hosts access Documents, Config on FileServer/NAS

Perform Document Development on Back End via Terminal Services Client

MRW

Example: Pharmaceuticals Manufacturer

qlikview.com

9

https://eu1.salesforce.com/0012000000I7SDT

Example: Coatings Manufacturer

qlikview.com

10

https://eu1.salesforce.com/0012000000I7SyJ

Example: Hardware Manufacturer

qlikview.com

11

Hardware Considerations

• Use Virtualisation cautiously � Assists with DR but not Performance

– Use Dedicated Resource Pool, Disable Memory Ballooning

• Avoid AMD � surprisingly poor performance on large hosts

• Avoid NUMA (QPI) � Memory Access performance degrades

qlikview.com

12

• Typical Starting Point

– 24GB RAM

– 4+ Cores

– 100GB Hard Disk

MBC

Authentication

Out of the Box

Internal users login to AD then use NTLM

ConfigurationExternal users login to

Proxy then use Header

qlikview.com

13

Development

Integration into Other

authenticating

application uses WebTicket

One WebServer per Authentication

Method

Authorisation

Document Authorisation – what documents may you see & open

- NTFS Windows controls File Access

- DMS QlikView controls File Access

Data Authorisation (often called “Row Level” or “Granular” security)

qlikview.com

14

Data Authorisation (often called “Row Level” or “Granular” security) controls what data IN the document you can analyse

Dynamic data Reduction using Section Access

Static data reduction using Loop & Reduce

Data Architecture

/QVX

qlikview.com

15

Self Service

BI

Self Service

BI

Business DiscoveryBusiness Discovery

Folder Organisation

qlikview.com

16MRW

Document is created

Document is deployed to QlikView Publisher

Document is Reloaded A personalized copy of the document is created

Document Security is applied to the personalized document

QlikView

Developer

Document is enhanced

QlikView

Publisher

Workflow / Lifecycle

qlikview.com

17

QlikView

Client

The document is distributed to QlikView Server

to the personalized document

The documents is available for on-line analysis

Documents are shown to the user if they have sufficient permissions to view it

Users try to access the documents User credentials are checked

Users analyzes the document

Users submit feed-back on the document

QlikView

Server

WebServer

Content Promotion (Change Control, OTAP)

qlikview.com

18

•IT (or Outsource Partner) administers the Server

Configuration using QEMCQlikView Administrators

Delegated Administration

qlikview.com

19

•Business Units administer their Documents without ability to break things

Accessing QEMC as hr-admin

QlikView 10/11 System Monitor v3.2

qlikview.com

20

Event Oriented Scheduling

qlikview.com

21

Event Orientedinstead of Best Guess Schedule

So .... the Questions I ask:

1. Who are the User Communities?

a) Are they Internal or External? � Proxy, Firewalls, ExtraNet?

b) How do they Authenticate? � OOTB / Header / Ticketing? Multiple WebServers

c) Where are they defined? � can we use that for Document Authorisation?

2. How do they Access QlikView? How frequently?

qlikview.com

22

a) Iframe, WebParts, Workbench? � special integrations may be needed

b) Mobile Devices? � Document Design and Connectivity considerations

c) Offline Usage (roaming)? � Need Named CALs

3. Service Level Agreements (SLAs)

1. High Availability requirements? � Clustered QvS, WebServers

2. Frequent or Business Hour reloads? � separate Publisher server

4. Who are the Content Administrators? � Delegated access to QEMC

Stay Qonnected

• Michael Robertshaw, mrw@qlikview.com

• Miha Batic, mbc@qlikview.com

qlikview.com

23

Thank You