Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

SharePoint 2010 PerformancePoint Services : Securing a PerformancePoint Installation - Securing a Deployment with TLS

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
5/7/2011 10:01:06 AM

Securing a Deployment with TLS

PPS uses three different legs to the communication to render a dashboard. All of them can be secured by applying Transport Layer Security (TLS). Securing them with TLS prevents information from being sent in clear text. (With clear text, a malicious user with a network packet monitor can see traffic sent between servers and potentially see confidential information.)

  • Configuring TLS on web applications

  • Configuring TLS on PPS web services

  • Secure connections to data sources

Tip

TLS is also frequently referred to as Secure Sockets Layer (SSL) or Hypertext Transfer Protocol Secure (HTTPS).


Caution

Using SSL and secure connections to ensure that the data cannot be viewed by third parties comes at a cost to performance, however, so configure this only if the data is sensitive enough to warrant it. For instance, it makes sense to secure network traffic to a data source that contains employee Social Security numbers, but it might not make sense to secure network traffic to a data source that contains already publicly disclosed product information.

Configuring TLS on Web Applications

By configuring TLS for any SharePoint web applications hosting PPS content or dashboards, all traffic between the end user and the SharePoint system will be encrypted. In most scenarios, securing traffic to and from web applications is sufficient. If the SharePoint servers, data source servers, and network switches and routers between them are all physically secure, firewalled, and using current information security best practices, it is unnecessary to apply security past this level.

Configuring TLS for SharePoint is a fairly straightforward and well-documented process. There are multiple ways to accomplish this. The following steps outline how to apply TLS to an existing SharePoint web application:

Tip

Don’t forget to configure SharePoint Central Administration with TLS! Doing so will keep the Unattended Service Account password secure.


1.
Obtain a certificate for all SharePoint servers in the farm.

2.
Create a secure binding on the Internet Information Services (IIS) website for the web application.

3.
Enable the Require SSL property for the IIS website.

4.
Delete any non-SSL bindings.

5.
Update alternative access mappings to reflect new HTTPS URL.

Configuring TLS on PPS Web Services

SharePoint service applications, such as PPS, frequently must communicate within the farm to retrieve information. This traffic never leaves the confines of the SharePoint farm. If you have a geographically dispersed farm with servers in multiple different locations, it might be a good idea to secure this chatter.

Changing from unsecure to secure traffic is a setting available in Central Administration for the service application.

1.
Open SharePoint Central Administration.

2.
Click the Manage Service Applications link under the Application Management heading.

3.
Select the PerformancePoint service application, and click the Publish in the Sharing section of the Service Applications ribbon.

Tip

Make sure you do not click the name of the service application. Instead, click just next to it so that you highlight the row. Clicking the name opens the Manage PerformancePoint Services page, and this is not the page you want.

4.
In the Publish Service Application dialog that appears, change the Connection Type from HTTP to HTTPS, as shown in Figure 1, and click OK.

Figure 1. Change the connection type here.

Secure Connections to Data Sources

The final leg of communications that PPS performs is the connection to the data source. This is the PPS web service connecting directly to the data source either as the Unattended Service Account or the current user’s credentials if per-user authentication is configured.

Note

The communication goes from the PPS web service to the data source, not from the end user’s machine. At no point do users directly access the data source from their machine.


For data sources that require a URL, such as Excel services and SharePoint lists, this is done through configuring SSL to the web applications. If the web application the data source is connecting to has an HTTPS address, traffic will be secure.

For Analysis Services data sources, all communication is encrypted by default. This is a configurable setting disabled in scenarios in which high performance is required. The setting is configured in Analysis Services, and PPS respects the setting.

For SQL data sources, all communication is not encrypted by default. There are different ways to configure this, and the SQL online documentation on Microsoft TechNet has more information on how to accomplish this.

The Excel Workbook data source is all managed from within PPS, so no external connections are made when using the Excel Workbook data source.


Other -----------------
- BizTalk 2010 Recipes : Deployment - Enlisting and Starting Send Ports
- BizTalk 2010 Recipes : Deployment - Deploying a BizTalk Solution from Visual Studio
- BizTalk 2010 Recipes : Deployment - Manually Deploying Updates
- Exchange Server 2010 : Configuring Federated Sharing (part 2) - Assigning the Federated Sharing Role
- Exchange Server 2010 : Configuring Federated Sharing (part 1) - Implementing Federated Sharing
- Exchange Server 2010 : Role Based Access Control
- BizTalk 2010 Recipes : Deployment - Importing Applications
- BizTalk 2010 Recipes : Deployment - Exporting Applications
- SharePoint 2010 PerformancePoint Services : Securing a PerformancePoint Installation - Authentication Troubleshooting
- SharePoint 2010 PerformancePoint Services : Securing a PerformancePoint Installation - Per-User Identity
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server