- Plan for PerformancePoint Services (SharePoint Server 2010)
- Plan for PerformancePoint Services security (SharePoint Server 2010)
The steps for creating and configuring a PerformancePoint Services service application are as follows:
- Configure the PerformancePoint Services application pool account
- Start the PerformancePoint service
- Create a PerformancePoint Services service application.
- Configure service application associations
Configure the PerformancePoint Services application pool account
The application pool for the PerformancePoint Services service application requires a Microsoft SharePoint Server 2010 managed account (generally an Active Directory account) to run. This account must have access to the content databases where PerformancePoint data will be stored.
If you run the service application using the same application pool account as the web application where the content databases are located, this required database access is configured automatically. However, we recommend that you use a different account for the PerformancePoint Services application pool, especially in a large or complex farm. This allows for greater control over data and resource access.
If you choose to use the same managed account for PerformancePoint Services as is being used for the web application, you can skip the procedures in this section. If you choose to create a new managed account, you must do the following:
Once you have finished granting content database access to the managed account, the next step is to start the PerformancePoint service.
If you run the service application using the same application pool account as the web application where the content databases are located, this required database access is configured automatically. However, we recommend that you use a different account for the PerformancePoint Services application pool, especially in a large or complex farm. This allows for greater control over data and resource access.
If you choose to use the same managed account for PerformancePoint Services as is being used for the web application, you can skip the procedures in this section. If you choose to create a new managed account, you must do the following:
- Register a managed account in SharePoint Server 2010. (You will need an Active Directory user account for this step. Have your Active Directory administrator create it.)
- Grant access for this account to the content databases that will contain PerformancePoint data. This process includes running a Windows PowerShell script from the SharePoint 2010 Management Shell.
To grant content database access to an account
- On an application server in the farm, click Start, click All Programs, click Microsoft SharePoint 2010 Products, right-click SharePoint 2010 Management Shell, and then click Run as Administrator.
- At the Windows PowerShell command prompt, type the following, pressing Enter after each line:
$w = Get-SPWebApplication -identity
$w.GrantAccessToProcessIdentity(" ")
Start the PerformancePoint service
To configure PerformancePoint Services, you must first start the PerformancePoint service on the application server where you want to run PerformancePoint Services. You can start the service on multiple application servers for better performance, if you want, but the service must be started on at least one server. Use the following procedure to start the PerformancePoint service.
To start the PerformancePoint Service
- In Central Administration, in the System Settings section, click Manage services on server.
- Note the server specified in the Server box. If you want to run the PerformancePoint service on a different server, click the current server, and then click Change Server and select the server that you want.
- Click Start next to PerformancePoint Service.
Create a service application
Once the service is started, you can create a PerformancePoint Services service application. Use the following procedure to create the service application.
To create a PerformancePoint Services service application
- In Central Administration, in the Application Management section, click Manage Service Applications.
- Click New, and then click PerformancePoint Service Application.
- Type a name for the service application and select the Add this service application's proxy to the farm's default proxy list check box.
- Select the Create new application pool option and type a name for the application pool.
- Under the Configurable option, select the managed account to run the application pool.
- Click Create.
- Click OK.
Configure service application associations
For PerformancePoint Services to function, the PerformancePoint Services service application proxy must be associated with the default web application. Use the following procedure to confirm that the association is configured between the web application and the PerformancePoint Services proxy.
To configure service application associations
- In Central Administration, click Application Management.
- In the Service Applications section, click Configure service application associations.
- In the Application Proxy Group section, click default.
- Ensure that the PerformancePoint Services box is selected.
- Click OK.
Next Steps
Once you have finished configuring PerformancePoint Services, you can make it available to the users. We recommend that you review the following tasks:- Configure data access Users of PerformancePoint Services will need access to back-end data sources. This can be configured by using the unattended service account or Kerberos delegation. For more information, see Configure the unattended service account for PerformancePoint Services and Configure Kerberos authentication for SharePoint 2010 Products (white paper).
- Configure data connections Users of PerformancePoint Dashboard Designer need data connections in order to access the data sources. For more information, see Create a data source inventory for PerformancePoint dashboard authors and Create data connections (PerformancePoint Services).
- Configure user permissions To publish dashboards, users must have specific permissions in SharePoint Server 2010. For more information, see About user permissions for PerformancePoint Services (http://go.microsoft.com/fwlink/p/?LinkId=227542) on Office.com.
Configure the unattended service account for PerformancePoint Services
The Unattended Service Account is an Active Directory account that is used for accessing PerformancePoint Services data sources. This account is used by PerformancePoint Services on behalf of authorized users to provide access to external data sources for the purposes of creating and using dashboards and other PerformancePoint Services content.
Note: |
---|
The Unattended Service Account is a universal account that provides equal data access to all authorized users. If you need more fine-grained data access, you must configure per-user data access through Kerberos delegation. For more information, see Configure Kerberos authentication for SharePoint 2010 Products (white paper). |
Configure the unattended service account for PerformancePoint Services
To configure the unattended service account for PerformancePoint Services
- On the SharePoint Central Administration Web site, in the Application Management section, click Manage Service Applications, and then click the PerformancePoint Services service application.
- On the Manage PerformancePoint Services page, click PerformancePoint Service Settings.
- In the Unattended Service Account section, enter the user name and password for the account that you want to use as the unattended service account.
- Click OK.
Note: |
---|
If an error occurs, the Secure Store Service key may not have been correctly generated or the key was not refreshed after you created a new key. |
- For SQL Server data, the account must have a SQL logon with db_datareader permissions on each database that you want to access.
- For SQL Server Analysis Services data, the account must have read access to the cube or an appropriate portion of the cube, depending on your needs.
- For Excel Services data, the account must have access to the Microsoft Excel workbook in a SharePoint document library.
- For data in a SharePoint list, the account must have read access to the list.
No comments:
Post a Comment