Accessing the Analysis Server Over HTTPS
- This functionality requires SQL Server 2000 Enterprise Edition, including the Enterprise Edition of Analysis Server.
The Business Analytics System enables a Business Desk user to run dynamic reports by connecting to Analysis Services (to access the OLAP database) through Internet Information Services (IIS). You can do this by using HTTP or HTTPS. When you configure this connection method by using HTTPS, the PivotTable service can tunnel through firewalls or proxy servers to the Analysis Services server.
- Even though access is enabled over port 80, you must also open TCP port 2725 in the corporate firewall so Office XP Web Components (OWC) have a direct connection to the Analysis Services server. If port 2725 is not available, the dynamic OLAP reports will not work.
The following figure shows a secure deployment that enables Business Desk users to access the Analysis Server over HTTP or HTTPS.
You perform the following steps to configure access to Analysis Services over HTTPS, in the order listed:
- Install IIS and SQL Server Analysis Services 2000 on the same computer. For instructions, see the Commerce Server 2002 Installation Guide.
- Configure Msolap.asp by using IIS. You must install Msolap.asp on the same computer that is running Analysis Services.
- Configure the Analysis Services client connection string (ConnStr_OLAP_Client) by using Commerce Server Manager to access the Data Warehouse Properties dialog box. You specify a URL in the Data Source property of the connection string.
If you configure the Analysis Services client connection string before you configure Msolap.asp, you will receive the error message "Failed to authenticate client connection information."
To access Analysis Services over HTTPS, the format of the ConnStr_OLAP_Client connection string is:
Provider=MSOLAP;user id=Domain\Username;password=Password;Data Source=https://ServerName;Initial Catalog=OLAPDatabaseName
- It is recommended that you use HTTPS and Basic Authentication in the preceding connection string. This is because the user ID and password in the connection string is sent in clear-text when Basic Authentication is used. The user ID and password can be any valid Windows user on the Analysis Services computer in the form of <domain>\<userID>, for example, REDMOND\SeanChai. It is recommended that you use the Windows account you create for the Report role as described in Scripts for Securing Databases Accessed by Reports.
- Secure Sockets Layer (SSL) and HTTPS require more hardware resources than HTTP. For more information, see "About Encryption" in the Internet Information Services 5.0 documentation.
To configure Msolap.asp
Using Windows Explorer, copy Msolap.asp from the \Program Files\Microsoft Analysis Services\Bin folder to the \Inetpub\wwwroot folder.
Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
Expand the server you are administering, and then click Default Web Site.
In the details pane, right-click Msolap.asp, and then click Properties.
In the Properties dialog box, on the File tab, select Read, and then select Script Source Access.
Click Apply to set these properties.
On the File Security tab, in the IP address and domain name restrictions section, click Edit.
Click Denied Access, and then click Add to grant access only to authorized IP ranges.
Click OK to set these properties.
On the File Security tab, in the Anonymous access and authentication control section, click Edit.
Verify that Anonymous access is not selected, and Basic Authentication is selected.
On the File Security tab, in the Security Communications section, click Edit.
Verify that Require Secure Channel (SSL) is selected.
- If you have not set up an SSL certificate on this computer, you cannot use the "Use SSL" option in the Client Connection section of the Data Warehouse Properties dialog box in Commerce Server Manager. If you attempt to do so, the connection will not validate. For information about setting up an SSL certificate, see the IIS documentation.
Click OK to close the Data Warehouse Properties dialog box.
To implement the new properties, use the IISReset command to restart IIS.
To configure the Analysis Services client connection string (ConnStr_OLAP_Client)
- Expand Commerce Server Manager, expand Global Resources, right-click Data Warehouse, and then click Properties.
- On the Analysis Server tab of the Data Warehouse Properties dialog box, in the Client Connection section, do the following:
Use this To do this Connect using HTTP Select this option. Use SSL Select this option. User ID and Password Type a valid Windows user ID and password in the form of <domain><userID>, for example, REDMOND\SeanChai.
It is recommended that you use the Windows account you create for the Report role.
Server Type the name of the Analysis Server. Database Type the name of the Data Warehouse OLAP database.
- To save your changes, click OK.
- After you activated the Analysis Server Over HTTPS feature, you can only view reports that access the Analysis Server, not the SQL Server. For example, some of the dynamic reports (Registered User by Date Registered, User Days to Register, and User Registration Rate) need access to SQL Server. However, using the Analysis Server Over HTTPS feature, the data will not be available even though you may have SQL Server running. This is because you cannot connect to the SQL Server once you have activated the feature.