Presentation is loading. Please wait.

Presentation is loading. Please wait.

QlikView Security Overview. Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication.

Published byCornelia Roberts Modified over 7 years ago

Similar presentations

Presentation on theme: "QlikView Security Overview. Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication."— Presentation transcript:

1 QlikView Security Overview

2 Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

3 Trust - What safeguards are in place to ensure only the correct access to data and applications? - Can you comply with my corporate security standards? Complexity - How easy or difficult is it to understand your approach to security? - How flexible is your solution to coping with my security architecture? Most Common Security-related challenges a new vendor faces

4 Do you follow standard protocols? (e.g. HTTPs, restricted port access, encryption). Answer: Yes Do you have at least the same security as the data source that you are loading from? Answer: Yes Can you directly connect to my existing directory service and Single Sign- On (SSO) solutions? Answer: Yes Does your solution adopt a multi-tier approach to application and data security? Answer: Yes Do you require plug-ins to be installed on the client side? Answer: No Common questions about QlikView security from a CIO (or their staff)…

5 Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

6 Let’s explain what our core products do and how they fit together in a ‘tiered’ deployment The QlikView platform: a basis for understanding Security

7 QlikView DeveloperQlikView ServerQlikView Publisher Development tool to create: 1)Data extract and transformation model 2)Graphical User Interface (presentation layer) Windows desktop or server based Creates QVW (.qvw) files QlikView Server (QVS) combined with QlikView Web Server. Contains Management Console and Access Point In-Memory analytics engine Handles QlikView Client/Server communication Client Authorization against directory providers (AD, eDirectory..) Performs 2 main functions: 1)Loading data directly from data sources using QVW files 2)Distribution service to reduce and distribute data and documents

8 QlikView Developer QVP

9 QlikView architecture: Back-end Contains QlikView Source Documents created by QlikView Developer The Windows file system is always in charge of security. QlikView Publisher is the main component in the back-end QlikView Developer

10 QlikView architecture: Front-end Contains User Documents, created from Publisher distributed documents. QlikView Server (QVS) is in charge of client security.

11 ‘Tiered’ approach to data security QlikView Developer QlikView Publisher Sales_US.qv w Sales_CAN.qvwSales_UK.qvwSales_FRA.qvwSales_GER.qvwSales_SWE.qvw QlikView Server Back End Front End QlikView Access Point Sales.qvw

12 Important QlikView security considerations The back and front-end are often in different network zones The front-end does not have any open ports to the back-end The front-end does not send any queries to data sources in the back-end The end users can only access QlikView documents in the front-end, never in the back-end. The QlikView documents in front-end are a result of Publisher tasks. It does not contain any overhead or redundant data It does not contain any connection strings, they are safe in the back-end To recreate all the qvw documents just run the Publisher task QVW files are only secure when behind a QlikView Server

13 Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

14 Authentication and Authorization Authentication: Who are you and how do you prove it? Authorization: What are you allowed to see? What are you allowed to do?

15 Authentication and Authorization – an analogy John Doe Dep: Boston Arr: Dublin Are you John Doe? D UB LA X OR D LH R Are you flying to Dublin?

16 Authentication and Authorization - QlikView Are you John Doe? Sales_GER.qvw Sales_USA.qvw Sales_UK.qvw Sales_JAP.qvw Do you have authorization to view Germany’s sales data?

17 Authentication QlikView does not handle Authentication. It relies on other sources to accomplish this: 1.Microsoft Active Directory; 2.Single Sign-On solutions like: CA SiteMinder, IBM WebSeal, Oracle Oblix

18 Authentication using Active Directory (default) Desktop using QVP QVS will communicate with Active Directory and authentication is handled purely by windows Web clients User hits web server authentication using Active Directory Accesspoint receives group info from AD for the current user AccessPoint sends user/group info to QVS to receive document list When a document is opened user/group info is also sent to QVS to receive a ticket. Depending on client, this ticket is either linked to a session id (Ajax) or sent to the client to be attached to the qvp-protocol (Plugin)

19 Authentication using HTTP Header and Third Party Identity Manager Desktop using QVP N/A Web clients User hits web server. Authentication performed against third party Identity Manager HTTP Header (UID) info set by third-party HTTP Header (UID) sent in request to AccessPoint AccessPoint sends UID to DSC DSC selects correct DSP based on specified prefix in UID AccessPoint receives group info from DSC (DSC must be properly configured to resolve groups from a DSP) AccessPoint sends UID/group info to QVS to receive document list (based on authorization, NTFS or DMS) When a document is opened user/group info is also sent to QVS to receive a ticket. Depending on client, this ticket is either linked to a session id (Ajax) or sent to the client to be attached to the qvp-protocol (Plugin)

20 Authentication using HTTP Header in non-trust scenarios

21 Authorization QlikView handles authorization itself (i.e. the QlikView Server handles this) 1.It uses already assigned Windows privileges (i.e. NTFS mode) 2.It uses its own assigned privileges (i.e. DMS mode) Governed in Windows by NT File System (NTFS) Managed in Windows by Access Control Lists (ACL) Every authorized access to an object requires authentication. Even anonymous users are authenticated, i.e. IUSR_ is used by anonymous users in IIS (access is done in the context of this account) Governed in QlikView Server by Document Meta Service (DMS) Managed in QlikView Server by metadata files attached to a document (qvwdocument.meta)

22 Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

23 QlikView Server communication protocols The QlikView Protocol (QVP) Overview QVP is a proprietary protocol developed by QlikTech. The protocol lays down a specification for passing data between QlikView Server and installed clients, like QlikView Plug-in and Developer open in server. QVP runs natively over TCP port 4747 or may be encapsulated over HTTP by use of the QVP tunnel. Use QVS Tunnel and SSL for extra security (NB this may have performance implications)

24 QlikView Server communication protocols The QlikView AJAX Protocol (QVPX) QVPX is proprietary and developed by QlikTech. QVPX is used by the AJAX and mobile clients. This is not really a protocol, but rather a framework how QlikView communicates in AJAX (xml and Java Script). The actual protocol is HTTP or HTTPS. Encryption is done with certificates and SSL The advantages with QVPX is that HTTP/HTTPS is a standard protocols well known and trusted by IT departments.

25 Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication and Authorization with QlikView Communication protocols QlikView Security materials Q&A Agenda

26 QlikView Security Materials Security Overview White Paper Security Overview Video Series Dev and Deployment Tech Brief

27 QlikView Security - Summary It’s important to remember that QlikView: 1.Complies with standard security protocols 2.Supports a tiered approach to deployment security 3.Can integrate with existing security infrastructures (e.g Single Sign On) 4.Has an understandable and compliant approach to Security 5.Has content that can be referenced to provide a deeper understanding (e.g. White Papers)

28 Thank You... Q&A

Download ppt "QlikView Security Overview. Most common Security challenges faced by a vendor The QlikView platform: a basis for understanding Security Authentication."

Similar presentations

Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Web services security I

Web services security I
ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.

ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.

Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Access Gateway Operation

Access Gateway Operation
WEB-ENHANCED INFORMATION MANAGEMENT (COMS E6125) SPRING 2008 (CVN) NAVID AZIMI (NA2258) Web Platforms, or: How I Learned To Stop Worrying And Love Facebook.

WEB-ENHANCED INFORMATION MANAGEMENT (COMS E6125) SPRING 2008 (CVN) NAVID AZIMI (NA2258) Web Platforms, or: How I Learned To Stop Worrying And Love Facebook.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.

1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

Similar presentations

Ads by Google