Cognos ReportNetTM Installation and Configuration Guide
Cognos ReportNetTM Installation and Configuration Guide Cognos ReportNetTM Installation and Configuration Guide
Chapter 6: Configuring Framework Manager When you configure ReportNet to use the SSL protocol, ensure that you first configure the Content Manager computer to use the protocol and start the services on the Content Manager computer. After you do this, you can configure the SSL protocol on other ReportNet computers in your environment. Add a Computer to an Installation If you later add a computer to your distributed environment and SSL is enabled for external connections, you must reconfigure the Content Manager computer to use the non-secure protocol. Then, you start the services on the Content Manager computer. This ensures that the certificate authority service that is installed on the Content Manager computer can issue a certificate to the new computer. After the Content Manager computer is configured and running, you must configure the new computer to use the non-secure protocol. You must then save your configuration on the new computer so that the computer can get the certificate from the Content Manager computer. After this occurs, you can re-enable SSL on the Content Manager computer and then configure the new component to use SSL. Add a Component to a Computer You can later add a component to the same location as other ReportNet components. If the existing components currently use the SSL protocol, you do not have to disable the SSL protocol on the Content Manager computer before configuring the new component to use SSL. The computer has a certificate and the certificate is in a known location. However, you can also add a component to a different location on the same computer as other ReportNet components. If the existing components use SSL, you must disable the SSL protocol on the Content Manager computer before configuring the new component to use SSL. Another certificate is issued for this new installation when you save your new configuration. After this occurs, you can re-enable SSL on the Content Manager computer and then configure the new component to use SSL. Steps for a new installation 1. Start Cognos Configuration. 2. In the Explorer window, click Environment. 3. To use SSL protocol, you must specify passwords for the ReportNet encryption key stores. 4. In the Explorer window, click Environment. 5. In the Properties window, type the appropriate values for the Internal dispatcher URI and External dispatcher URI values: • To configure SSL for internal connections only, for the Internal dispatcher URI property, type https and a port for SSL communication. For the External dispatcher URI property, type http and use the default or another available port. The ports in the two dispatcher URIs must be different. • To configure SSL for external connections only, for the External dispatcher URI property, type https and a secure port. For the Internal dispatcher URI property, type http and use the default or another available port. The ports in the two dispatcher URIs must be different. • To configure SSL for all connections, type the same URI for both the Internal dispatcher URI and External dispatcher URI properties. Type https and a secure port, such as 9343. Note: You do not have to use port 9343, the default SSL port. You can choose any available port. 6. Configure the SSL protocol for the other environment URIs, including the Content Manager URI, the SDK URI and Gateway URI. • For internal connections only, type https in the URIs that contain localhost. • For external connections only, type https in the URIs that do not contain localhost. • For all connections, type https in all the URIs. 7. In the Explorer window, click Logging. 70 Cognos ReportNet TM
Chapter 6: Configuring Framework Manager 8. In the Properties window, set the following properties to True: • Enable TCP • Enable SSL 9. If you configured a remote log server, in the Explorer window, under Logging, click the name of the remote log server and then, in the Properties window, set the Enable SSL property to True. 10. From the File menu, click Save. Configure Temporary File Properties You can change the location where ReportNet stores recently viewed reports, and you can choose to encrypt their content. By default, ReportNet stores temporary files in the crn_location/temp directory and the files are not encrypted. We recommend that you first set up read-only access for all users to the crn_location directory. Steps 1. Start Cognos Configuration. 2. In the Explorer window, click Environment. 3. In the Properties window, for the Temp folder property, specify the new location. 4. If you require the content of temporary files to be encrypted, set the Encrypt temporary files property to True. 5. Ensure that the user account under which ReportNet runs has the appropriate privileges to the temporary files location. For example: • on Windows, full control privileges • on UNIX, read-write privileges Configure Cryptographic Settings ReportNet requires a cryptographic provider; otherwise it will not run. You can configure cryptographic and cryptographic provider settings, including the following: • advanced algorithms These include signing, digest, and confidentiality algorithms. • common symmetric key store (CSK) properties The CSK is used by ReportNet components to encrypt and decrypt data. • signing key store properties The signing key pair includes the private key used to generate the digital signature and the public key used to verify authenticity. • encryption key store properties The encryption key pair includes the private key used to encrypt data and the public key used to decrypt data. ReportNet requires a cryptographic provider. By default, the cryptographic provider for ReportNet uses keys up to 40 bits in length for data encryption and secure sockets layer (SSL) protocol. You can configure other cryptographic providers which use key sizes greater than 40 bits, such as the Enhanced Encryption Module for OpenSSL or the Enhanced Encryption Module for Entrust, available from Cognos. For more information, see the Enhanced Encryption Module for OpenSSL Installation and Configuration Guide or the Enhanced Encryption Module for Entrust Installation and Configuration Guide. Steps for Cryptographic Settings 1. Start Cognos Configuration. 2. In the Explorer window, under Security, click Cryptography. Installation and Configuration Guide 71
- Page 19 and 20: Chapter 2: Installing ReportNet on
- Page 21 and 22: Chapter 2: Installing ReportNet on
- Page 23 and 24: Chapter 2: Installing ReportNet on
- Page 25 and 26: Chapter 3: Installing ReportNet on
- Page 27 and 28: Chapter 3: Installing ReportNet on
- Page 29 and 30: Chapter 3: Installing ReportNet on
- Page 31 and 32: Chapter 3: Installing ReportNet on
- Page 33 and 34: Chapter 4: Configuring ReportNet Af
- Page 35 and 36: Chapter 4: Configuring ReportNet St
- Page 37 and 38: Chapter 4: Configuring ReportNet 3.
- Page 39 and 40: Chapter 4: Configuring ReportNet Co
- Page 41 and 42: Chapter 4: Configuring ReportNet Wh
- Page 43 and 44: Chapter 4: Configuring ReportNet Th
- Page 45 and 46: Chapter 4: Configuring ReportNet St
- Page 47 and 48: Chapter 4: Configuring ReportNet 3.
- Page 49 and 50: Chapter 4: Configuring ReportNet 4.
- Page 51 and 52: Chapter 4: Configuring ReportNet St
- Page 53 and 54: Chapter 4: Configuring ReportNet 6.
- Page 55 and 56: Chapter 4: Configuring ReportNet Ad
- Page 57 and 58: Chapter 4: Configuring ReportNet Ex
- Page 59 and 60: Chapter 4: Configuring ReportNet Sp
- Page 61 and 62: Chapter 4: Configuring ReportNet 3.
- Page 63 and 64: Chapter 5: Installing Framework Man
- Page 65 and 66: Chapter 5: Installing Framework Man
- Page 67 and 68: Chapter 6: Configuring Framework Ma
- Page 69: Chapter 6: Configuring Framework Ma
- Page 73 and 74: Chapter 6: Configuring Framework Ma
- Page 75 and 76: Chapter 6: Configuring Framework Ma
- Page 77 and 78: Chapter 7: Advanced Configuration O
- Page 79 and 80: Chapter 7: Advanced Configuration O
- Page 81 and 82: Chapter 7: Advanced Configuration O
- Page 83 and 84: Chapter 7: Advanced Configuration O
- Page 85 and 86: Chapter 7: Advanced Configuration O
- Page 87 and 88: Chapter 7: Advanced Configuration O
- Page 89 and 90: Chapter 7: Advanced Configuration O
- Page 91 and 92: Chapter 8: Setting Up the Samples Y
- Page 93 and 94: Chapter 8: Setting Up the Samples 7
- Page 95 and 96: Chapter 8: Setting Up the Samples S
- Page 97 and 98: Chapter 9: Setting Up an Unattended
- Page 99 and 100: Chapter 9: Setting Up an Unattended
- Page 101 and 102: Chapter 10: Uninstalling Cognos Rep
- Page 103 and 104: Appendix A: Manually Configuring Re
- Page 105 and 106: Appendix A: Manually Configuring Re
- Page 107 and 108: Appendix B: Troubleshooting Use thi
- Page 109 and 110: Appendix B: Troubleshooting Unable
- Page 111 and 112: Appendix B: Troubleshooting For Con
- Page 113 and 114: Appendix B: Troubleshooting 2. If y
- Page 115 and 116: Appendix B: Troubleshooting Databas
- Page 117 and 118: Appendix C: Database Schema for Log
- Page 119 and 120: Appendix D: Database Clean Up Scrip
Chapter 6: Configuring Framework Manager<br />
8. In the Properties window, set the following properties to True:<br />
• Enable TCP<br />
• Enable SSL<br />
9. If you configured a remote log server, in the Explorer window, under Logging, click the<br />
name of the remote log server <strong>and</strong> then, in the Properties window, set the Enable SSL<br />
property to True.<br />
10. From the File menu, click Save.<br />
Configure Temporary File Properties<br />
You can change the location where ReportNet stores recently viewed reports, <strong>and</strong> you can<br />
choose to encrypt their content. By default, ReportNet stores temporary files in the<br />
crn_location/temp directory <strong>and</strong> the files are not encrypted.<br />
We recommend that you first set up read-only access for all users to the crn_location directory.<br />
Steps<br />
1. Start <strong>Cognos</strong> <strong>Configuration</strong>.<br />
2. In the Explorer window, click Environment.<br />
3. In the Properties window, for the Temp folder property, specify the new location.<br />
4. If you require the content of temporary files to be encrypted, set the Encrypt temporary<br />
files property to True.<br />
5. Ensure that the user account under which ReportNet runs has the appropriate privileges to<br />
the temporary files location. For example:<br />
• on Windows, full control privileges<br />
• on UNIX, read-write privileges<br />
Configure Cryptographic Settings<br />
ReportNet requires a cryptographic provider; otherwise it will not run.<br />
You can configure cryptographic <strong>and</strong> cryptographic provider settings, including the following:<br />
• advanced algorithms<br />
These include signing, digest, <strong>and</strong> confidentiality algorithms.<br />
• common symmetric key store (CSK) properties<br />
The CSK is used by ReportNet components to encrypt <strong>and</strong> decrypt data.<br />
• signing key store properties<br />
The signing key pair includes the private key used to generate the digital signature <strong>and</strong> the<br />
public key used to verify authenticity.<br />
• encryption key store properties<br />
The encryption key pair includes the private key used to encrypt data <strong>and</strong> the public key<br />
used to decrypt data.<br />
ReportNet requires a cryptographic provider. By default, the cryptographic provider for<br />
ReportNet uses keys up to 40 bits in length for data encryption <strong>and</strong> secure sockets layer (SSL)<br />
protocol. You can configure other cryptographic providers which use key sizes greater than 40<br />
bits, such as the Enhanced Encryption Module for OpenSSL or the Enhanced Encryption<br />
Module for Entrust, available from <strong>Cognos</strong>. For more information, see the Enhanced Encryption<br />
Module for OpenSSL <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> or the Enhanced Encryption Module<br />
for Entrust <strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong>.<br />
Steps for Cryptographic Settings<br />
1. Start <strong>Cognos</strong> <strong>Configuration</strong>.<br />
2. In the Explorer window, under Security, click Cryptography.<br />
<strong>Installation</strong> <strong>and</strong> <strong>Configuration</strong> <strong>Guide</strong> 71