Cognos ReportNetTM Installation and Configuration Guide
Cognos ReportNetTM Installation and Configuration Guide Cognos ReportNetTM Installation and Configuration Guide
Chapter 4: Configuring ReportNet Ensure that you configured ReportNet to use a Cognos Series 7 namespace as an authentication provider (p. 42). Steps for ReportNet 1. On the computer where Content Manager is installed, start Cognos Configuration. 2. In the Explorer window, under Security, Authentication, click the Cognos Series 7 namespace. 3. In the Properties window, under Cookie settings, ensure that the Path, Domain and Secure flag enabled properties match the settings configured for Cognos Series 7. Steps for Cognos Series 7 1. Start Configuration Manager. 2. Click Open the current configuration. 3. On the Components tab, in the Explorer window, expand Services, Access Manager - Runtime and click Cookie Settings. 4. In the Properties window, ensure that the Path, Domain and Secure Flag Enabled properties match the settings configured for ReportNet. Configure Cryptographic Settings ReportNet requires a cryptographic provider; otherwise it will not run. You can configure cryptographic and cryptographic provider settings, including the following: • advanced algorithms These include signing, digest, and confidentiality algorithms. • common symmetric key store (CSK) properties The CSK is used by ReportNet components to encrypt and decrypt data. • signing key store properties The signing key pair includes the private key used to generate the digital signature and the public key used to verify authenticity. • encryption key store properties The encryption key pair includes the private key used to encrypt data and the public key used to decrypt data. ReportNet requires a cryptographic provider. By default, the cryptographic provider for ReportNet uses keys up to 40 bits in length for data encryption and secure sockets layer (SSL) protocol. You can configure other cryptographic providers which use key sizes greater than 40 bits, such as the Enhanced Encryption Module for OpenSSL or the Enhanced Encryption Module for Entrust, available from Cognos. For more information, see the Enhanced Encryption Module for OpenSSL Installation and Configuration Guide or the Enhanced Encryption Module for Entrust Installation and Configuration Guide. Steps for Cryptographic Settings 1. Start Cognos Configuration. 2. In the Explorer window, under Security, click Cryptography. 46 Cognos ReportNet TM
Chapter 4: Configuring ReportNet 3. In the Properties window, change the default values by clicking the Value box and then selecting the appropriate value: • If you do not want to store the CSKs locally, under CSK settings, change Store symmetric key locally to False. Then change the Common symmetric key store location to the key store location of the Content Manager computer. When Store symmetric key locally is False, the key must be retrieved from Content Manager. • If you want the computers at both ends of a transmission to prove their identity, under SSL Settings, change Use mutual authentication to True. We recommend that you do not change the Use confidentiality setting. Set this property to true to ensure all transmissions are encrypted. • If you want to change the confidentiality algorithm, under Advanced algorithm settings, change Confidentiality algorithm to the other 40-bit key value. If you select and try to save an algorithm that does not use a 40-bit key, you will receive an error message. These other algorithms are reserved for use with other cryptographic providers. For more information, see the Enhanced Encryption Module for OpenSSL Installation Guide or the Enhanced Encryption Module for Entrust Installation Guide. 4. From the File menu, click Save. After you configure the cryptographic provider, passwords in your configuration and any data you create are encrypted. Steps for Cryptographic Provider Settings 1. Start Cognos Configuration. 2. In the Explorer window, under Security, Cryptography, click Cognos. • If you want to use a third-party certificate authority, under Certificate Authority settings, change Use third party CA to True. • If you want to change the location of the signing keys, under Signing key settings, change the Signing key store location property to the new location. • If you want to change the location of the encryption keys, under Encryption key settings, change Encryption key store location to the new location. 3. From the File menu, click Save. If you use a third-party Certificate Authority (CA) server, you must now configure ReportNet to use the CA. Configure the SSL Protocol You can configure ReportNet components to use the Secure Sockets Layer (SSL) protocol for • internal connections only • external connections only • internal and external connections • connections to local and remote log servers. If you configure SSL only for internal connections, ReportNet components on the local computer communicate using this protocol. The dispatcher listens for secure connections on a different port than for remote, http requests. Therefore, you must configure two dispatcher URIs. If you configure SSL only for external connections, communications from remote ReportNet components to the local computer use the SSL protocol. You must configure the dispatcher to listen for secure, remote requests on a different port than local, http requests. If you configure SSL for all connections, the dispatcher can use the same port for internal and external connections. Similarly, if you do not use SSL for local or remote communication, the dispatcher can use the same port for all communications. You must also update the Content Manager URI, SDK URI, and Gateway URI to use SSL, if required. Installation and Configuration Guide 47
- Page 1 and 2: COGNOS (R) ENTERPRISE BUSINESS INTE
- Page 3 and 4: Table of Contents Introduction 7 Ad
- Page 5 and 6: Chapter 10: Uninstalling Cognos Rep
- Page 7 and 8: Introduction This document is avail
- Page 9 and 10: Additional Materials In this guide,
- Page 11 and 12: Chapter 1: ReportNet Before impleme
- Page 13 and 14: Chapter 1: ReportNet Installing Rep
- Page 15 and 16: Chapter 1: ReportNet Framework Mana
- Page 17 and 18: Chapter 2: Installing ReportNet on
- Page 19 and 20: Chapter 2: Installing ReportNet on
- Page 21 and 22: Chapter 2: Installing ReportNet on
- Page 23 and 24: Chapter 2: Installing ReportNet on
- Page 25 and 26: Chapter 3: Installing ReportNet on
- Page 27 and 28: Chapter 3: Installing ReportNet on
- Page 29 and 30: Chapter 3: Installing ReportNet on
- Page 31 and 32: Chapter 3: Installing ReportNet on
- Page 33 and 34: Chapter 4: Configuring ReportNet Af
- Page 35 and 36: Chapter 4: Configuring ReportNet St
- Page 37 and 38: Chapter 4: Configuring ReportNet 3.
- Page 39 and 40: Chapter 4: Configuring ReportNet Co
- Page 41 and 42: Chapter 4: Configuring ReportNet Wh
- Page 43 and 44: Chapter 4: Configuring ReportNet Th
- Page 45: Chapter 4: Configuring ReportNet St
- Page 49 and 50: Chapter 4: Configuring ReportNet 4.
- Page 51 and 52: Chapter 4: Configuring ReportNet St
- Page 53 and 54: Chapter 4: Configuring ReportNet 6.
- Page 55 and 56: Chapter 4: Configuring ReportNet Ad
- Page 57 and 58: Chapter 4: Configuring ReportNet Ex
- Page 59 and 60: Chapter 4: Configuring ReportNet Sp
- Page 61 and 62: Chapter 4: Configuring ReportNet 3.
- Page 63 and 64: Chapter 5: Installing Framework Man
- Page 65 and 66: Chapter 5: Installing Framework Man
- Page 67 and 68: Chapter 6: Configuring Framework Ma
- Page 69 and 70: Chapter 6: Configuring Framework Ma
- Page 71 and 72: Chapter 6: Configuring Framework Ma
- Page 73 and 74: Chapter 6: Configuring Framework Ma
- Page 75 and 76: Chapter 6: Configuring Framework Ma
- Page 77 and 78: Chapter 7: Advanced Configuration O
- Page 79 and 80: Chapter 7: Advanced Configuration O
- Page 81 and 82: Chapter 7: Advanced Configuration O
- Page 83 and 84: Chapter 7: Advanced Configuration O
- Page 85 and 86: Chapter 7: Advanced Configuration O
- Page 87 and 88: Chapter 7: Advanced Configuration O
- Page 89 and 90: Chapter 7: Advanced Configuration O
- Page 91 and 92: Chapter 8: Setting Up the Samples Y
- Page 93 and 94: Chapter 8: Setting Up the Samples 7
- Page 95 and 96: Chapter 8: Setting Up the Samples S
Chapter 4: Configuring ReportNet<br />
3. In the Properties window, change the default values by clicking the Value box <strong>and</strong> then<br />
selecting the appropriate value:<br />
• If you do not want to store the CSKs locally, under CSK settings, change Store<br />
symmetric key locally to False. Then change the Common symmetric key store<br />
location to the key store location of the Content Manager computer.<br />
When Store symmetric key locally is False, the key must be retrieved from Content<br />
Manager.<br />
• If you want the computers at both ends of a transmission to prove their identity, under<br />
SSL Settings, change Use mutual authentication to True.<br />
We recommend that you do not change the Use confidentiality setting. Set this<br />
property to true to ensure all transmissions are encrypted.<br />
• If you want to change the confidentiality algorithm, under Advanced algorithm<br />
settings, change Confidentiality algorithm to the other 40-bit key value.<br />
If you select <strong>and</strong> try to save an algorithm that does not use a 40-bit key, you will receive<br />
an error message. These other algorithms are reserved for use with other cryptographic<br />
providers. For more information, see the Enhanced Encryption Module for OpenSSL<br />
<strong>Installation</strong> <strong>Guide</strong> or the Enhanced Encryption Module for Entrust <strong>Installation</strong> <strong>Guide</strong>.<br />
4. From the File menu, click Save.<br />
After you configure the cryptographic provider, passwords in your configuration <strong>and</strong> any data<br />
you create are encrypted.<br />
Steps for Cryptographic Provider Settings<br />
1. Start <strong>Cognos</strong> <strong>Configuration</strong>.<br />
2. In the Explorer window, under Security, Cryptography, click <strong>Cognos</strong>.<br />
• If you want to use a third-party certificate authority, under Certificate Authority<br />
settings, change Use third party CA to True.<br />
• If you want to change the location of the signing keys, under Signing key settings,<br />
change the Signing key store location property to the new location.<br />
• If you want to change the location of the encryption keys, under Encryption key<br />
settings, change Encryption key store location to the new location.<br />
3. From the File menu, click Save.<br />
If you use a third-party Certificate Authority (CA) server, you must now configure ReportNet to<br />
use the CA.<br />
Configure the SSL Protocol<br />
You can configure ReportNet components to use the Secure Sockets Layer (SSL) protocol for<br />
• internal connections only<br />
• external connections only<br />
• internal <strong>and</strong> external connections<br />
• connections to local <strong>and</strong> remote log servers.<br />
If you configure SSL only for internal connections, ReportNet components on the local computer<br />
communicate using this protocol. The dispatcher listens for secure connections on a different<br />
port than for remote, http requests. Therefore, you must configure two dispatcher URIs.<br />
If you configure SSL only for external connections, communications from remote ReportNet<br />
components to the local computer use the SSL protocol. You must configure the dispatcher to<br />
listen for secure, remote requests on a different port than local, http requests.<br />
If you configure SSL for all connections, the dispatcher can use the same port for internal <strong>and</strong><br />
external connections. Similarly, if you do not use SSL for local or remote communication, the<br />
dispatcher can use the same port for all communications.<br />
You must also update the Content Manager URI, SDK URI, <strong>and</strong> Gateway URI to use SSL, if<br />
required.<br />
<strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 47