Cognos ReportNetTM Installation and Configuration Guide
Share Embed Flag
Download ePaper

Cognos ReportNetTM Installation and Configuration Guide

Cognos ReportNetTM Installation and Configuration Guide Cognos ReportNetTM Installation and Configuration Guide

sharepoint.cabq.gov
from sharepoint.cabq.gov More from this publisher
20.07.2014 Views

Chapter 4: Configuring ReportNet Ensure that you configured ReportNet to use a Cognos Series 7 namespace as an authentication provider (p. 42). Steps for ReportNet 1. On the computer where Content Manager is installed, start Cognos Configuration. 2. In the Explorer window, under Security, Authentication, click the Cognos Series 7 namespace. 3. In the Properties window, under Cookie settings, ensure that the Path, Domain and Secure flag enabled properties match the settings configured for Cognos Series 7. Steps for Cognos Series 7 1. Start Configuration Manager. 2. Click Open the current configuration. 3. On the Components tab, in the Explorer window, expand Services, Access Manager - Runtime and click Cookie Settings. 4. In the Properties window, ensure that the Path, Domain and Secure Flag Enabled properties match the settings configured for ReportNet. Configure Cryptographic Settings ReportNet requires a cryptographic provider; otherwise it will not run. You can configure cryptographic and cryptographic provider settings, including the following: • advanced algorithms These include signing, digest, and confidentiality algorithms. • common symmetric key store (CSK) properties The CSK is used by ReportNet components to encrypt and decrypt data. • signing key store properties The signing key pair includes the private key used to generate the digital signature and the public key used to verify authenticity. • encryption key store properties The encryption key pair includes the private key used to encrypt data and the public key used to decrypt data. ReportNet requires a cryptographic provider. By default, the cryptographic provider for ReportNet uses keys up to 40 bits in length for data encryption and secure sockets layer (SSL) protocol. You can configure other cryptographic providers which use key sizes greater than 40 bits, such as the Enhanced Encryption Module for OpenSSL or the Enhanced Encryption Module for Entrust, available from Cognos. For more information, see the Enhanced Encryption Module for OpenSSL Installation and Configuration Guide or the Enhanced Encryption Module for Entrust Installation and Configuration Guide. Steps for Cryptographic Settings 1. Start Cognos Configuration. 2. In the Explorer window, under Security, click Cryptography. 46 Cognos ReportNet TM

Chapter 4: Configuring ReportNet 3. In the Properties window, change the default values by clicking the Value box and then selecting the appropriate value: • If you do not want to store the CSKs locally, under CSK settings, change Store symmetric key locally to False. Then change the Common symmetric key store location to the key store location of the Content Manager computer. When Store symmetric key locally is False, the key must be retrieved from Content Manager. • If you want the computers at both ends of a transmission to prove their identity, under SSL Settings, change Use mutual authentication to True. We recommend that you do not change the Use confidentiality setting. Set this property to true to ensure all transmissions are encrypted. • If you want to change the confidentiality algorithm, under Advanced algorithm settings, change Confidentiality algorithm to the other 40-bit key value. If you select and try to save an algorithm that does not use a 40-bit key, you will receive an error message. These other algorithms are reserved for use with other cryptographic providers. For more information, see the Enhanced Encryption Module for OpenSSL Installation Guide or the Enhanced Encryption Module for Entrust Installation Guide. 4. From the File menu, click Save. After you configure the cryptographic provider, passwords in your configuration and any data you create are encrypted. Steps for Cryptographic Provider Settings 1. Start Cognos Configuration. 2. In the Explorer window, under Security, Cryptography, click Cognos. • If you want to use a third-party certificate authority, under Certificate Authority settings, change Use third party CA to True. • If you want to change the location of the signing keys, under Signing key settings, change the Signing key store location property to the new location. • If you want to change the location of the encryption keys, under Encryption key settings, change Encryption key store location to the new location. 3. From the File menu, click Save. If you use a third-party Certificate Authority (CA) server, you must now configure ReportNet to use the CA. Configure the SSL Protocol You can configure ReportNet components to use the Secure Sockets Layer (SSL) protocol for • internal connections only • external connections only • internal and external connections • connections to local and remote log servers. If you configure SSL only for internal connections, ReportNet components on the local computer communicate using this protocol. The dispatcher listens for secure connections on a different port than for remote, http requests. Therefore, you must configure two dispatcher URIs. If you configure SSL only for external connections, communications from remote ReportNet components to the local computer use the SSL protocol. You must configure the dispatcher to listen for secure, remote requests on a different port than local, http requests. If you configure SSL for all connections, the dispatcher can use the same port for internal and external connections. Similarly, if you do not use SSL for local or remote communication, the dispatcher can use the same port for all communications. You must also update the Content Manager URI, SDK URI, and Gateway URI to use SSL, if required. Installation and Configuration Guide 47

Chapter 4: Configuring ReportNet<br />

3. In the Properties window, change the default values by clicking the Value box <strong>and</strong> then<br />

selecting the appropriate value:<br />

• If you do not want to store the CSKs locally, under CSK settings, change Store<br />

symmetric key locally to False. Then change the Common symmetric key store<br />

location to the key store location of the Content Manager computer.<br />

When Store symmetric key locally is False, the key must be retrieved from Content<br />

Manager.<br />

• If you want the computers at both ends of a transmission to prove their identity, under<br />

SSL Settings, change Use mutual authentication to True.<br />

We recommend that you do not change the Use confidentiality setting. Set this<br />

property to true to ensure all transmissions are encrypted.<br />

• If you want to change the confidentiality algorithm, under Advanced algorithm<br />

settings, change Confidentiality algorithm to the other 40-bit key value.<br />

If you select <strong>and</strong> try to save an algorithm that does not use a 40-bit key, you will receive<br />

an error message. These other algorithms are reserved for use with other cryptographic<br />

providers. For more information, see the Enhanced Encryption Module for OpenSSL<br />

<strong>Installation</strong> <strong>Guide</strong> or the Enhanced Encryption Module for Entrust <strong>Installation</strong> <strong>Guide</strong>.<br />

4. From the File menu, click Save.<br />

After you configure the cryptographic provider, passwords in your configuration <strong>and</strong> any data<br />

you create are encrypted.<br />

Steps for Cryptographic Provider Settings<br />

1. Start <strong>Cognos</strong> <strong>Configuration</strong>.<br />

2. In the Explorer window, under Security, Cryptography, click <strong>Cognos</strong>.<br />

• If you want to use a third-party certificate authority, under Certificate Authority<br />

settings, change Use third party CA to True.<br />

• If you want to change the location of the signing keys, under Signing key settings,<br />

change the Signing key store location property to the new location.<br />

• If you want to change the location of the encryption keys, under Encryption key<br />

settings, change Encryption key store location to the new location.<br />

3. From the File menu, click Save.<br />

If you use a third-party Certificate Authority (CA) server, you must now configure ReportNet to<br />

use the CA.<br />

Configure the SSL Protocol<br />

You can configure ReportNet components to use the Secure Sockets Layer (SSL) protocol for<br />

• internal connections only<br />

• external connections only<br />

• internal <strong>and</strong> external connections<br />

• connections to local <strong>and</strong> remote log servers.<br />

If you configure SSL only for internal connections, ReportNet components on the local computer<br />

communicate using this protocol. The dispatcher listens for secure connections on a different<br />

port than for remote, http requests. Therefore, you must configure two dispatcher URIs.<br />

If you configure SSL only for external connections, communications from remote ReportNet<br />

components to the local computer use the SSL protocol. You must configure the dispatcher to<br />

listen for secure, remote requests on a different port than local, http requests.<br />

If you configure SSL for all connections, the dispatcher can use the same port for internal <strong>and</strong><br />

external connections. Similarly, if you do not use SSL for local or remote communication, the<br />

dispatcher can use the same port for all communications.<br />

You must also update the Content Manager URI, SDK URI, <strong>and</strong> Gateway URI to use SSL, if<br />

required.<br />

<strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 47

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!