Great read for when you are stuck in the airport: Publishing PerformancePoint Server in Extranet Scenarios.
This is actually a very detailed document outlining many of the aspects around establishing an extranet deployment, particularly a secure one.
Important Note: We have run across a bug in Server 2008's implementation of Kerberos. This issue will cause a fatal flaw to your implementation with SSAS in the scenario– Dan English provides a greater level of detail in his post earlier this year. Just as a recap, you will run into errors in accessing SSAS where the MDX will get truncated in the Kerberos ticket that gets passed to the SSAS service. The only way around this at the moment is to have the front end servers be Server 2003, or CTP versions of Server 2008 R2.
Note that there is no "official" fix for this at the moment, though one is expected as a cumulative update in August.
Tags: performance point,
analysis services,
ssas,
mdx,
whitepaper
Categories: Performance Point
I was assisting a client clean up an installation of PerformancePoint. They thought they had followed all of the steps, but were perplexed by an error they were getting after deploying the dashboards to SharePoint. Given what was at the bottom of the error, and how few people realized this slight difference in authenticating accounts, I figured it was worth a quick post.
To start, the error received was:
"You do not have permission to see this data. (Domain\UserAccount). Contact the administrator for more details."
My client was perplexed. They had developed the dashboard in Dashboard Designer and previewed it with success on the Monitoring server preview site. This person was an admin of Monitoring server and a site collection admin in SharePoint. The question to me then was – what was going on?
To help explain, below is a diagram of a sample diagram of a PerformancePoint deployment on a farm, which is exactly what this client has in their environment:
The big "gotcha" here for him is based on the usage of NTLM as the authentication method and a lack of understanding on where deployed dashboards actually render and load.
In a non-Kerberos implementation, deployed dashboards will connect to data sources under the identity of the SharePoint service, which was the bit of understanding this user was missing – his perception was that SharePoint rendered output from the Monitoring web service, and thus authentication still happened from the Monitoring Web Service – once this perception was corrected, we added the SharePoint account as a reader on the cube for his dashboards and life went back to normal.
Tags:
Categories: Performance Point
Without fail, there exist many ways to resolve an issue. Mine? I have multiple WSS web applications on my machine for various purposes, several of which require the PerformancePoint web parts.
For anyone having gone through a deployment of PerformancePoint Monitoring, the appreciation of the problem becomes quite plain: the site collection is declared during the initial setup and configuration – so how do you "redeploy" to another site collection?
There is the fun way posted here on the PerformancePoint team blog.
And then there is the easy way:
- Open the MonitoringConfig.xml file, located at Root:\Program Files\Microsoft Office PerformancePoint Server\3.0\Tools\MonitoringConfiguration in Notepad or some other raw editor
-
Remove the configuration item with ID WebParts, pictured below:
-
Start up the Monitoring and select Add components
- On the next screen, you will have the fourth item, Dashboard Viewer for SharePoint Services un-greyed and available to select. Select this item and follow the rest of the wizard.
- Confirm installation by going to your selected site collection, add a web part and look for this item in the web part collection:
I highly recommend reading through the related PerformancePoint team blog as it is important to understand what changes you are affecting, and more importantly, be able to troubleshoot should anything go awry.
Tags: sharepoint,
sharepoint integration,
wss,
performance point,
business intelligence
Categories: Performance Point
I walked through two PerformancePoint labs with the class in Florida, both of which are available online. Given the time for that day, I was only able to run through the first, Dashboard End to End, all the way and the third, SharePoint List, halfway - -we took a break as soon as we finished with pulling the SharePoint list data into the scorecard, built the KPIs and published.
They are not the easiest to find, so here are the links:
TechNet Virtual Lab: Microsoft Office Performance Point Server 2007 - Dashboard End to End
TechNet Virtual Lab: Microsoft Office Performance Point Server 2007 - Excel Dashboards
TechNet Virtual Lab: Microsoft Office Performance Point Server 2007 - SharePoint List
For these labs to work, the site will prompt you to install the Virtual Server VRMC Advanced control for Internet Explorer.
If you do not want to run these labs online, still sign up for them, download the PDF version of the lab manual from the lab home page, and then run the labs on the BI VPC, links to download this below – the advantage of grabbing this VPC is that there are other PerformancePoint and ProClarity labs on this machine, plus, you get a fully functional demo to play with and modify on your own time:
Virtual PC is required to use this virtual machine. I would recommend downloading Virtual PC 2007 as it is free to use.
Note about the Lab
There is an important design decision that is glossed over in the first lab, Dashboard End to End concerning KPIs. In the first part of the lab, it walks you through using Analysis Services as a source, yet creating KPIs inside PerformancePoint. Our recommendation is that KPIs should belong at the data source level – Analysis Services allows you to build very advanced KPIs, and given that SSAS cubes will most likely be consumed by multiple applications (Excel, SSRS, etc.), then it is important to stick with the consolidated way of displaying key data to your users.
Obviously not all data sources that PPS works with support KPI functionality, so if Excel, SharePoint lists, or a relational database are your source, then you will probably build out the KPI inside Dashboard Designer. Keep in mind though, that when the functionality exists to place it lower in the stack, which also usually means broader application and user audience, then you should do so.
For further reading on using SSAS KPIs inside PPS, reference this post on the PerformancePoint team blog.
Tags: performance point,
training,
analysis services,
kpi,
dashboards
Categories: Performance Point
As I write this I am in the airport in Austin waiting for my flight out to Ft. Lauderdale. I will be supporting tomorrow's presentations around PerformancePoint, so if you are one of the lucky few who knew about this event and will be there, I look forward to seeing you.
Unfortunately, these events are not widely broadcast (try a search on any of the large search engines, you won't find this particular event). For the most part, any of these events marketed in a particular area and invitations go out in a random manner. One of the things I would like to see is a more unified way in which these events are planned and notice put out – I get a lot of questions from clients about when, where and how to attend, and unfortunately, I do not have a definitive process I can point to for their benefit.
A little venting – nonetheless, these events are great for client education, which is why I would like to see more of them. If you are in the area, feel free to give me a shout!
Tags: performance point,
bi bootcamp,
training,
education
Categories: Performance Point |
Training and Education
Many of you have already seen the announcement covering PerformancePoint rolling into SharePoint, with the next release already dubbed "PerformancePoint Services".
Big deal right? Monitoring and Analytics will still be there and the least used and often forgotten Planning will move off to pasture. So what does Kerberos have to do with this change to PerformancePoint?
Probably more than you think.
In a typical small farm, PerformancePoint will be deployed in one of several manners, either scaling out with the web front ends or on separate app servers. This works well even in the current deployment model, however, more and more, company security policies are pushing for data to be locked down at the source level, even for analytics.
PerformancePoint Services will be just one piece to the new SharePoint for BI capability stack – Project Gemini is coming along nicely with a lot of extreme Excel enhancements - -thick client analytics for the power user at the desktop level.
With the new version of Office, we are looking at an expansion of the toolset used to hit the data, but what we do not know, and what I do not expect to happen, is whether security will continue to be fully maintained by the user roles in the Monitoring database. In such a future environment, without Kerberos, you would essentially have a set of roles and access configured via the Monitoring web services, and then the normal groups and roles on something like your SSAS databases. On large environments, this will be incredibly cumbersome.
Enter Kerberos – by using NT groups and authentication throughout, data sources can remain, at the data source level, locked down by individual logins and allowing the Monitoring service to pass the user credentials when accessing PerformancePoint web parts. With this implementation in the security architecture, despite the end user tool used, users can now have a more centralized security mechanism and data managers can feel better and have less work than trying to keep up with all the separate app user accounts and what access rights they map to.
Kerberos, while not entirely straight forward in implementation, solves the double hop issue and allows you to scale out your farm with the PerformancePoint services able to communicate freely to data sources on disparate servers and maintain security using AD.
Mike Plumley of Microsoft has made an instruction video posted here on implementing Kerberos.
I have also downloaded it and saved it to my site in case it goes missing ( this actually happened with the Business Intelligence Metadata Whitepaper Microsoft posted – popular, but it kept disappearing on the site, so it is another one I have saved to my site ) – but I will only activate the link if someone lets me know it has disappeared. The file is 72 MB and too many downloads will cripple my meager little hosted blog.
Other references for Kerberos directly related to PerformancePoint:
As you have probably guessed by now – this is a current deployment consideration as well. Scaling PerformancePoint to use multiple SSAS servers where NT authentication pass through is a must will require this type of delegation in order for deployment to be successful, so luckily, these instructions do exist.
One of the extras in going through the pain in implementing Kerberos? Reporting Services works wonderfully in SharePoint integrated mode, but Kerberos is also a requirement for a proper deployment – so, do the infrastructure work one, and reap the benefits twice over!
Tags:
Categories: Performance Point
Before anyone jumps off a bridge, it is not as bad as the headline sounds; stay calm, step down from the ledge and we can work this out.
Background: I got tired of running PerformancePoint in a VPC all of the time and I decided it was time to install it locally. I am running Server 2008 after all with a full blown install of SQL 2008, so I figured adding SharePoint and PerformancePoint would be less overhead and make some of my development a lot easier.
For those of you wanting to install PerformancePoint Monitoring using SQL 2008, reference my post here.
The root of the error is with the System.Web.Extensions reference in the application. Particularly for anyone running Vista, Server 2008 or even Windows 7, the likelihood that you have 3.5 installed and therefore do not use AJAX 1.0 is pretty high.
So, how to resolve? There is the easy way and then the hard way.
Easy way: Download and install ASP.NET AJAX 1.0. This will put the 1.0.61025.0 versioned DLL reference in the GAC for the application to pull out when needed.
Hard way: Post here with details on resolving old reference to the new. While there is a lot I like about this approach, the only fear is that work done might be undone with Service Packs, hot fixes, etc.
Unless there is no other work solution, I generally avoid these situations as clients do not like to have to call me when it breaks after they have updated or installed the latest service pack.
Beyond that, the resolution can be pretty simple. If you are working locally, just remember to update your hosts file!
Tags: performance point,
sql 2008,
wss,
ajax
Categories: Performance Point
No sense in repeating the article, full steps available in the Technet posting "Install PerformancePoint Monitoring Server with SQL Server 2008".
The instruction detail is great, although I do not see a lot of our customers going for this set up as it is a bit of a hack.
The other thing to note is that this instruction set concerns the Monitoring portion of PerformancePoint only – for most people, this should not be a concern, as MS did not see a big uptake on the Planning piece anyway (and none of my direct clients have show interest either).
For the most part, I would really only recommend doing this if:
- You want to take advantage of some of the new features in SSAS 2008
- Existing SQL 2008 farm
- Memory management headaches in SSRS 2005 are making you want to move to 2008
The list is not comprehensive by any means, but it is just a few of the reasons I can directly see. Feel free to post or e-mail me with any challenges, questions or scenarios!
Tags: performance point,
sql 2008
Categories: Performance Point
Microsoft posted to their BI blog back in January about the future of PerformancePoint as now linked to SharePoint. Given how widespread this announcement was, and that all the associated product teams timed posts to blogs to coincide with Guy Weismantel's video announcement, I am still surprised about how much disinformation is out there.
Bottom Line: PerformancePoint is still a viable, enterprise class product that customers can design, develop and deploy solutions on.
But what has changed?
For those of you accessing this information late, it appears that Guy's video is inaccessible; whether this is designed or not, I do not know. I was able view it in February, but the past few days I have not been as lucky.
Here are the pertinent facts:
- PerformancePoint will not be a standalone product, it will be part of SharePoint
- The Planning component will not be there in the next release, so if SP3 does not cover your planning needs, then using the Planning component of PerformancePoint 2007 is not for you
- Customers using the Monitoring and Analytics will not be affected
In some ways, I view this as giving more importance to BI and its associated processes. The Information Worker segment is one of the largest and most profitable segments for Microsoft – it is also at the core in how PerformancePoint is distributed to the masses. Planning, development and sales wise, this, to me, brings a more consolidated message and usage strategy to customers.
In the end, there will be both critics and proponents, but what is done is done – and Microsoft made a move that they believe will support PerformancePoint as an enterprise level BI solution, inside the information worker space.
Obviously there are a lot of details still to come, but this move is not surprising. Remember Microsoft's purchase of Stratature (an MDM software company)? MDM will be part of Office 14 – this was the plan from the beginning of the acquisition; from my perspective, the question really is: why wasn't PerformancePoint released as part of SharePoint in the beginning?
Short and sweet, but this is the bottom line: PerformancePoint is here to stay.
References:
Tags: performance point,
sharepoint
Categories: Performance Point