Chat now with support
Chat con el soporte

Quest Knowledge Portal 2.11 - Install Guide

Connection to Knowledge Portal and Product Database

Depending on the deployment scenario you select, different authentication types can be used when you configure connection settings. In particular, when configuring a data source, you will be prompted for authentication method, as shown below:

The following options are available:

  • SQL Server authentication, which means that:
    1. Credentials of user currently logged on will be used to access the Knowledge Portal (ACCOUNT1 described above)
    2. SQL Server will be accessed under the account you specify during data source configuration (ACCOUNT2)
  • Windows authentication, which means that:
    1. Credentials of user currently logged on will be used to access the Knowledge Portal (ACCOUNT1)
    2. SQL Server will be accessed under the account you specify during data source configuration (ACCOUNT2)
  • Integrated Windows authentication, which means that credentials of the user currently logged on will be used to access both the Knowledge Portal and SQL Server (by default, without prompting for login name and password), that is, ACCOUNT1 and ACCOUNT2 are the same.

Note: To schedule a special clean-up job that will periodically remove the unnecessary temporary tables from the data source, you should use SQL Server Authentication, or Windows Authentication. If Integrated Windows Authentication is used, the clean-up job cannot be scheduled.

To access data stored in the product database, the account under which SSRS connects to SQL server should have a corresponding database role (typically, created by the product Report Pack's setup) or sufficient rights assigned.

Scenario 1: All in One Place

For evaluation purposes, you can make one computer to host all the required components, including:

  • SQL Server (where the product database are stored)
  • SQL Server Reporting Services
  • Knowledge Portal (QKP)
  • Report Pack(s)

In this case, you can use any authentication method; Integrated Windows authentication does not require any additional configuration.

Scenario 2: SSRS Detached from SQL Server

The most typical deployment scenario (recommended) is to co-locate SQL Server Reporting Services and the Knowledge Portal—this will simplify security configuration. Product database can be located on a dedicated SQL Server.

Here a user will access the Knowledge Portal and SSRS under ACCOUNT1, and data from the product database is obtained using ACCOUNT2.

TIP: It is recommended that your reporting server use SSL and HTTPS protocol for client-server communication, as described below.

You can use the Knowledge Portal Property Management Wizard to grant ACCOUNT1 access to the necessary reports, or do this within SSRS Report Manager. For details, see the Access to Reports and Folders topic.

To provide for database access under ACCOUNT2, it is recommended to use the credentials stored in the report server, as described above.

When selecting authentication mode, any of the options described above can be used:

  • SQL Server authentication
  • Windows authentication
  • Integrated Windows authentication (with NTLM protocol, or with Kerberos protocol (default)).

If you want to use a single account instead ACCOUNT1 and ACCOUNT2 (that is, the credentials of the user currently logged on will be used to access the Knowledge Portal and the database), you can select Windows authentication, or Integrated Windows authentication. However, to use Integrated Windows authentication with Kerberos authentication protocol, take the following steps:

  1. In Active Directory Users and Computers MMC snap-in, select the user account under which the product database will be accessed.
  2. Select Properties and click the Account tab.
  3. Make sure the Account is sensitive and cannot be delegated option is cleared.
  4. Select Account is trusted for delegation.
  5. Select the computer where the SSRS and Knowledge Portal are installed.
  6. Select Properties and click the General tab.
  7. Select Trust computer for delegation.

Note: If Integrated Windows authentication is used for database access, then temporary table clean-up job cannot be scheduled for the corresponding data source. To provide for this job scheduling, use other authentication method.

Scenario 3: Separate Knowledge Portal, SQL Server, SSRS

As shown in the figure below, SQL Server Reporting Services and the Knowledge Portal can be installed separately.

In this case it is recommended that you use either SQL Server authentication or Windows authentication method.

In case of remote SSRS installation, users are prompted for login name and password each time they connect to the Knowledge Portal (on Computer 1). These credentials are transmitted to SSRS (on Computer 2) as plain text. To secure them, you have to ensure that the following are true:

  1. Your SSRS deployment is configured to use SSL (Secure Socket Layer)
  2. The HTTPS protocol is used for communication (that is, the link to SSRS you specify during the setup must begin with https://).

To provide a certificate for trusted connection over HTTPS with remote SSRS

  1. Run Microsoft Management Console and use the Add/Remove Snap-In command to add the Certificates snap-in:
  2. Select the Certificates snap-in from the list, click Add. Then select the Computer account option and click Next:
  3. Select the computer to be managed (the one where SSRS is installed):
    • If SSRS is installed on the local computer, select Local computer.
    • If SSRS is installed on a remote computer, select Another computer and browse for SSRS server you need.
  1. Click Finish and then close the Add/Remove Snap-In dialog by clicking OK.
  2. In the Certificates snap-in, right-click Trusted Root Certification Authorities.
  3. From its shortcut menu, select All Tasks| Import.
  4. On the File to Import step of the Certificate Import Wizard, specify the certificate for the required holder (that is, for the Web server where the SSRS is installed).
  5. On the Certificate Store step, select the Place all certificates in the following store option, and leave the default store (Trusted Root Certification Authorities):
  6. Complete the wizard.
Documentos relacionados