MCT USE ONLY. STUDENT USE PROHIBITED Planning a SharePoint 2010 Implementation of a Business Intelligence Strategy 11-35 The server-side processing that is available with PowerPoint for SharePoint enables you to specify high-performance servers that can share resources across several users, rather than deploying multiple high-performance workstations. This is possible because PowerPivot for Excel provides browser-based delivery, so it has minimal performance impact on the client. MCT USE ONLY. STUDENT USE PROHIBITED 11-36 Designing a Microsoft® SharePoint® 2010 Infrastructure Planning for PerformancePoint Services Key Points PerformancePoint Services is designed for the delivery of community or organizational BI. The features and tools that are associated with PerformancePoint Services focus on this sector of the BI marketplace, rather than on personal productivity. This should strongly influence your design for BI. You must focus on business requirements that specify the need for performance management, KPIs, and results alignment. The visualization and analysis functions of PerformancePoint Services can meet such requirements. Components PerformancePoint Services includes: • Dashboard Designer. This provides a UI for users to develop and manage dashboards and their elements: • Reports • Analytic charts MCT USE ONLY. STUDENT USE PROHIBITED Planning a SharePoint 2010 Implementation of a Business Intelligence Strategy 11-37 • Scorecards • Filters • Web Parts. PerformancePoint Web Parts are built-in, server-side controls that run inside the context of Web pages. You should identify Web Parts that fulfill user requirements during the design phase: • Reports Web Part. The Reports Web Part includes analytic charts and grids, SQL Server Reporting Services reports, Excel Services reports, and the strategy map. • Status Indicator Web Part. The Status Indicator Web Part report displays contextually relevant information about KPIs, metrics, rows, columns, and cells within a scorecard. • Scorecard View Web Part. The Scorecard View Web Part provides view functionality for the scorecard. Without the Scorecard View Web Part, users cannot render the KPIs in a dashboard. • Filter Web Part. The Filter Web Part enables synchronization of Web Part content through connections between different Web Parts. • PerformancePoint Site collections. The Dashboard Designer bases queries on the location of the Web service, which is scoped in a SharePoint Server 2010 site collection. Using PerformancePoint Services Depending on your user population, you can use PerformancePoint Services as an IT-provisioned solution, or provide users with the training to use development options such as the Dashboard Designer. MCT USE ONLY. STUDENT USE PROHIBITED 11-38 Designing a Microsoft® SharePoint® 2010 Infrastructure Planning PerformancePoint Services Security Key Points PerformancePoint Services adds layers of security over SharePoint 2010, which are used for items held in lists or document libraries. You can manage the service application security from the SharePoint Central Administration Web site. Authentication PerformancePoint Services supports three authentication methods for source data access: • Per-user identity. Access is based on transmission of the user identifier. This method requires you to include Kerberos delegation in your design. • Unattended user account. Access is managed through a predefined unattended user account. The Secure Store Service holds this low-privilege account information. You must include provision to give this account access to the external data. • Custom data. SQL Server Analysis Services manages access and includes the currently authenticated user name as a parameter on the custom data field in MCT USE ONLY. STUDENT USE PROHIBITED Planning a SharePoint 2010 Implementation of a Business Intelligence Strategy 11-39 an Analysis Services connection string. The custom data option is only used for Analysis Services data sources. Access Components The access components include: • Trusted file locations. You can design increased PerformancePoint Services security by using trusted file locations. In PerformancePoint Services, data source connections are stored in document libraries and data content is stored in document lists. You can set all locations on the farm as trusted, for minimal security, or you can specify centrally managed secure locations. • Trusted data connection libraries. These contain the PPSDC files. • Trusted lists. These contain the content—reports, scorecards, KPIs, and filters— that is used for dashboards. Roles and Permissions PerformancePoint metadata content is stored in SharePoint lists and document libraries. Therefore, much of the security that you design is based on SharePoint 2010 security options for these file stores. PerformancePoint Services uses SharePoint Server authorization groups and permissions, so you must plan access to these groups: • Farm Administrator. To edit dashboard items, this role needs at least contributor permissions on content lists (or list items) and data source libraries (or library items). • Site Collection Administrator. To edit dashboard items, this role needs at least contributor permissions on data source libraries (or library items). • Site Administrator or List and Document Library Contributor. To edit dashboard items, this role needs at least contributor permissions on content lists (or list items) and data source libraries (or library items). MCT USE ONLY. STUDENT USE PROHIBITED 11-40 Designing a Microsoft® SharePoint® 2010 Infrastructure Planning for the Visio Graphics Service Key Points Like Excel Services, the Visio Graphics Service is an interactive reporting solution rather than a shared or multiuser version of Visio 2010. This service enables users to render Visio 2010 *.vdw files onto a Web browser in the Visio Web Access Web Part. The key advantage of the Visio Graphics Service is the ability to refresh the connected data and visuals of a Visio Web drawing. For process industries, this can provide visual indicators of performance metrics as part of an integrated management Web page to users who are not using Visio 2010. It is also possible to visualize SharePoint 2010 workflows to deliver more visual management options. These drawings are created in Visio 2010 and then published to the Visio Graphics Service. Connected Drawings Visio 2010 can link to external data sources to provide refreshable input to drawing variables. The Visio Graphics Service maintains this functionality, and uses SharePoint 2010 to manage security and authentication. SharePoint treats unconnected drawings in the same way as any other file that is held in its MCT USE ONLY. STUDENT USE PROHIBITED Planning a SharePoint 2010 Implementation of a Business Intelligence Strategy 11-41 document library. You can plan security to make these files available to users either directly in Visio 2010, or through the Visio Graphics Service visualization options. Using Microsoft Office Visio 2007 or Visio 2010 data-link technology and publishing by using Visio 2010 publishing functionality, drawing creators can connect to and refresh data from the following sources: • SQL Server 7.0. • SQL Server 2000. • SQL Server 2005 (32-bit and 64-bit). • SQL Server 2008 (32-bit and 64-bit). • SQL Server 2008 R2 (32-bit and 64-bit). • Sheet information that is stored in Excel workbooks (.xlsx files) that are published from Microsoft Office Excel 2007 or Excel 2010 and hosted on the same SharePoint Server 2010 farm. • SharePoint Server lists that are hosted on the same farm. • OLE DB or Open Database Connectivity (ODBC). • Custom data providers that are implemented as Microsoft .NET Framework assemblies. To control access, you should plan to define the sources in the list of trusted data providers. Excel Connections Users can connect to Excel workbooks as data sources. You must ensure that your design hosts these on the same farm, in a multiple farm deployment. You must also provide appropriate permissions and authentication configuration. SQL Server Databases Visio drawings that are published to the Visio Graphics Service can use connections that are stored in ODC files. Visio 2010 does not have an option to create ODC files, but you can create them in Excel 2010. Authentication The Visio Graphics Service provides three authentication options: • Integrated Windows authentication (NTLM). The Visio Graphics Service uses the identity of the user who is viewing the drawing to authenticate with the database. You can enhance security with Kerberos. MCT USE ONLY. STUDENT USE PROHIBITED 11-42 Designing a Microsoft® SharePoint® 2010 Infrastructure • Secure Store Service. As with other BI services, this uses impersonation through the Secure Store Service to map the user’s credentials to a different credential that has access to the database. You can only use Secure Store Service authentication for drawings that use an ODC file to specify the connection, because the ODC file specifies the target application. Note: You can use NTLM with the Secure Store Service for files that require personal credentials. • Unattended service account. This provides a single account that an administrator can map to all authorized users in a Secure Store Service target application. This method, which is the default option for connection to SQL Server databases, does not enable personalized queries against a database and does not provide auditing of database calls. For a mixed authentication environment, you should include the following in your planning: • If users create a Visio drawing that connects to a SQL Server database, but do not specify an ODC file, the unattended service account is used by default. • If integrated Windows authentication fails, the Visio Graphics Service will not use the unattended service account. Performance When you plan your Visio Graphics Service deployment, you must review performance factors, as you would for any BI function. For Web drawings in the Visio Graphics Service, these factors include: • Size. • Number. • Complexity. • Data refresh frequency (for connected drawings). • Peak loads for rendering drawing and external data access. You should test and then pilot your implementation so that you can establish a baseline for performance and capacity. When you have created a baseline, you MCT USE ONLY. STUDENT USE PROHIBITED Planning a SharePoint 2010 Implementation of a Business Intelligence Strategy 11-43 should then monitor performance to establish functional trends. If you identify changes in the Visio Graphics Service loading, you can: • Load balance the service by deploying additional instances. • Scale up server configurations. • Increase the minimum cache age for Visio Web drawings. Using the Visio Graphics Service Visio 2010 is a relatively specialist tool, particularly when you compare it to BI solutions such as Excel 2010. You must identify process-driven options in your business that would benefit from visualization. For wider use, you may consider provisioning workflow diagrams that show current status and visually flag overdue or failed workflow steps. MCT USE ONLY. STUDENT USE PROHIBITED 11-44 Designing a Microsoft® SharePoint® 2010 Infrastructure Lesson 4 Planning for Reporting and Presentation SharePoint 2010 is designed as an integration platform. SharePoint 2010 not only uses SQL Server as a data source, it can integrate with the data source by using SQL Server Reporting Services. This is an important enabler for your integration of SharePoint 2010 into a corporate BI strategy, particularly if users are already capitalizing on the reporting options of SQL Server Reporting Services. You also need to manage the breadth of BI functionality that is available in SharePoint 2010. Those who are familiar with the BI capabilities of Office SharePoint Server 2007 may be relatively comfortable with many of the BI options, but you can streamline overall BI management by using the BI Center. This provides a central site from which administrators can manage reporting and data presentation. . PROHIBITED 11-44 Designing a Microsoft SharePoint 20 10 Infrastructure Lesson 4 Planning for Reporting and Presentation SharePoint 20 10 is designed as an integration platform. SharePoint 20 10 not. this account access to the external data. • Custom data. SQL Server Analysis Services manages access and includes the currently authenticated user name as a parameter on the custom data field. the default option for connection to SQL Server databases, does not enable personalized queries against a database and does not provide auditing of database calls. For a mixed authentication