Typically, business intelligence (BI) environments are initially constructed and deployed to internal clients across the corporate local area network (LAN) or intranet. Warehouse managers and architects have a reasonable sense of security knowing that their data, the corporate knowledge resource, is located many levels away from outside access and protected by various network security mechanisms. Evaluation of BI access applications, for internal environments, is made with a focus on performance, scalability and reliability. Very few BI architectures take into account the possibility of making the data warehouse accessible and secure for Internet accessibility. This lack of foresight often results in changes to the network architecture or replacement of the BI access applications or components due to incompatibility with Internet deployment security needs.
This column is the first of a three-part series on evaluating BI applications for Internet-facing deployment. This installment begins to explore a series of questions that can be used for evaluation of these applications. Subsequent columns in this series will continue to examine questions that should be asked before deploying a BI application to the Internet.
These questions should be used in a feasibility assessment of a BI application, whether in existence or being evaluated for purchase, to determine possible risks if used in an Internet-facing infrastructure. When answered together, these questions provide a good sense of whether your BI application is ready for Internet deployment. The assumption is the user is accessing the BI environment through the Internet using a Web browser on his/her client PC.
What are the hardware and software requirements for installation and administration of the BI application on an infrastructure consisting of a Web server, an application server and a database server? Determine whether the application is compatible with hardware and software standards for your firm. Are the hardware platforms supported by the vendor recommended by your internal infrastructure and network administration groups? In some cases, hardware platforms acceptable for internal LAN use may not be acceptable for Internet use by these administrators due to security and/or other concerns. The operating systems (versions and patches), Web server applications, application engines and databases supported by the vendor also need to be supported for Internet use by your internal technical administrators.Look for any requirement that mandates installation of the Web server, BI access application or database on the same physical server. This may limit your network security options around deployment of firewalls and demilitarized zones (DMZs). Typically, the Web, application and database server components are physically separate (see Figure 1). A firewall is a hardware or software system designed to prevent unauthorized access to or from a private network. A DMZ is a combination of two or more firewalls that sits between the Internet and an internal network.
Figure 1: Physical Separation of Web Application & Database Server Components
Finally, look for the requirement for any third- party applications (e.g., infrastructure management application) that may be recommended by the vendor to support this type of Internet infrastructure. The purpose of these applications in the solution needs to be thoroughly explained and understood by your internal technical administrators to determine applicability in your environment.
Does the application use leading industry database management systems (DBMSs)? Is connectivity achieved through ODBC or native drivers? Look for any proprietary, non-industry- leading database requirements. These databases are sometimes used in conjunction with the application's meta data repository. They are usually described as low- to zero-maintenance and are transparent from an administration and maintenance standpoint. Use of these proprietary databases means your technical administrators have little to no control or documentation on their operation and have no means of performing backups or optimizing performance. Typically, these databases are required to be installed physically on the same server as the application, which may further limit flexibility in the infrastructure. Finally, look for support of native database drivers versus the Open Database Connectivity (ODBC) standard. Database performance through ODBC is typically slower than native drivers due to an additional middle layer that translates application queries into commands that the database can perform.
- Does the BI access application interface seamlessly with industry-leading enterprise information portal (EIP) applications? This question is optional depending on whether you intend to use an EIP to present content beyond BI access (e.g., news, collaboration, community, content) or need to integrate other applications. Look for the BI-access application to have the capability to extract data from the content directory or meta data layer seamlessly to the EIP through some interface method (e.g., API). This application capability will mean that a single user experience method can be used to present content to the user regardless of source. If this capability does not exist, the BI access application will simply be launched through a URL on the EIP. In this case, the user experience through the browser will vary depending on which application is currently being launched from the EIP.
- Does the BI access application integrate with single sign-on applications? This question is also optional depending on whether your infrastructure is using a single sign-on (SSO) application to automate authentication to all applications. Once the user is authenticated against an entitlement store (e.g., LDAP, ADSI, NT, NDS) by the SSO application, his/her credentials are saved for the duration of the session, thereby making rechallenging for access to subsequent applications unnecessary. Look for support by the BI access application with your preferred SSO application and entitlement store.
Part 2 of this series will further explore questions about security, client PC requirements and network capabilities to ensure successful Internet deployment.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access