Installation : Deploying Business Intelligence on a Separate Server
Deploying Business Intelligence on a Separate Server
Orchestra Business Intelligence is typically deployed on the same application server as the main Orchestra application. However, due to performance and scalability reasons it is also possible to deploy Business Intelligence on a separate server. This section provides installation and setup instructions to accomplish this.
TLSv1.2 Workaround
In order to make Standalone Business Intelligence support TLSv1.2, you have to add the following Java option to the file standalone.conf.bat, on the Business Intelligence server:
The default option from Orchestra 5.4 and later is to use Orchestra Single sign-on authentication and authorization. That means that you only need to log in to Orchestra in order to access the Orchestra Business Intelligence application from the Home page of Orchestra.
Alternatively, it is possible to modify the Orchestra Business Intelligence installation and use the Business Intelligence application's native login page instead of the Orchestra one. This is, however, not recommended.
In order to share the user session token across different servers, the main Orchestra server and the Business Intelligence server must appear to originate from the same domain from the user browser's point of view. Otherwise the cookie same-origin policy of web browsers will prohibit sharing of required session information. The recommended way to configure this, is by using a reverse-proxy / load balancer in front of both servers that has the capability to route requests to different back-ends depending on the context path of the request. In this scenario, the user browser only sees proxy.yourdomain.com and thus the same-origin policy is not violated. Session info is safely shared.
After installation, you will need to manually add the Data Sources for Business Intelligence again. This procedure is described in the Administrator’s Guide, found on Qmatic World.
Note that there used to be another way to share user session tokens (the same-domain approach), but that is no longer supported.
Installation
Deployment architecture
Orchestra Server
When installing the main Orchestra Server, take the following bullet into consideration:
• Do not check the Business Intelligence option and the Stat option, in the installation wizard.
Database Server
For the server where the database is run, please take the following bullet into consideration:
• You will need to update the qp_central and qp_agent databases, so the Home page shows an "Orchestra Business Intelligence" entry with the appropriate URL to the Business Intelligence server.
UPDATE qp_central.applications SET enabled = 1, url =
'http://your.domain.name:8080/businessintelligence' WHERE id='bi'
UPDATE qp_central.application_modules SET enabled = 1 WHERE id='bi'
UPDATE qp_agent.applications SET enabled = 1, url =
'http://your.domain.name:8080/businessintelligence' WHERE id='bi'
UPDATE qp_agent.application_modules SET enabled = 1 WHERE id='bi'
Make sure you replace the URL in the example above with the URL that matches your environment.
IMPORTANT: When using the reverse-proxy strategy for sharing session information across hosts, please specify the path to the proxy-server as URL in the queries above, e.g:
UPDATE … SET url = 'http://proxy.yourdomain.com:8080/businessintelligence' WHERE …
You may need to modify the SQL above slightly to be compliant with your particular database vendor (e.g. add schema prefixing on table names or similar). Also, some databases may require the use of true or false instead of 1 or 0 for boolean values such as 'is_distributed' or 'enabled'.
• After installation is complete and your Orchestra is up and running, open the System Administration application and the Parameters tab and find the "Stat Server Address" and “Stat Server Port” parameters, in the "Statistics Settings" group. Change their values to the protocol, host name and port of your Business Intelligence server. For more information, see “Parameters” .
If you are using Branch Hub or Hub, this parameter must be set to the IP address.
Example
Stat Server Address: http://bi.your.domain
Stat Server Port: 8080
This, so the statistics data can reach the separately deployed Business Intelligence server.
Business Intelligence Server
When installing the Business Intelligence server, take the following into consideration:
• Check both the Business Intelligence and the Stat options in the installation wizard. Do not install any of the other applications.
• Make sure that you enter the appropriate domain name to the main Orchestra server, when the installer asks for it. Remember, the address you enter here must be accessible for end users as the address is used for login redirects, logout redirects and the Home button in the Business Intelligence application.
To be able to use the reverse-proxy strategy for sharing session information across hosts, please specify the path to the proxy-server instead of directly referencing the Orchestra server.
If you need to modify the value entered in the bullet above later, the value is written to:
You can modify the central.orchestra.url property later if the central Orchestra server changes host name. This requires restart of the Business Intelligence server to take effect.
Reverse-proxy installation for session sharing
This section describes how to accomplish session sharing between the Orchestra and the Business Intelligence server by using a reverse proxy in front of both servers that has the capability to route requests to different backends depending on the context path of the request.
When doing a reverse-proxy installation, the file conf/shiro.ini needs to be updated on the central server.
Inside the brackets, add the proxy server IP address that the BI server will use when communicating with Orchestra. For networks that use both IPv4 and IPv6 you should add both addresses.
A Fully Qualified Domain Name (FQDN), for example proxy.yourdomain.com, can be used instead of IP address. Also, IPv6 address can be omitted, if not used.
This way, the user browser only sees proxy.yourdomain.com and thus the same-origin policy is not violated and session info is safely shared.
Qmatic does not provide or support reverse-proxy or load-balancing software. However, for convenience a sample configuration for HAProxy is provided below. HAProxy is a free load-balancing software available for major Linux and Unix operating systems.
http://www.haproxy.org/
The following snippet from a sample HAProxy configuration routes requests to two different backends depending on the request path:
frontend http-in
# bind port 8080 on all interfaces
bind *:8080
# add the Proxy-ip header Glassfish uses for X-Fowarded-For
option forwardfor header Proxy-ip
##### ACL rules to determine where to route incoming traffic #####
# bi - this tells HAProxy to use acl rule 'is_bi' for
# the path /businessintelligence
acl is_bi path_beg /businessintelligence
#### route to appropriate backend ###
# bi - if using acl rule 'is_bi', route requests to backend 'bi'
use_backend bi if is_bi
# default to orchestra backend, e.g. everything else
default_backend orchestra
######### ORCHESTRA BACKEND ##########
backend orchestra
# configure health check URL. Load balancer will return HTTP 503 if this
# check fails. Uses /ping.html in Orchestra
option httpchk GET /ping.html HTTP/1.1\r\nHost:\ www
# Defines a server named 'orchestra1' on the given IP:PORT for this backend
server orchestra1 192.168.1.100:8080 check
######### BI BACKEND ###########
backend bi
# configure health check URL. Uses the / context-root on the BI server
option httpchk GET / HTTP/1.1\r\nHost:\ www
# Defines a server named 'bi1' on the given IP:PORT for this backend
server bi1 192.168.1.101:8080 check
This sample would naturally need to be updated with IP's, port numbers, host names etc. applicable to the customer's infrastructure as well as other required elements of a functional HAProxy configuration. The snippet above only deals with the routing part relevant to the reverse-proxying mechanism and should be.
Configuration updates for reverse-proxy
When using a reverse-proxy, you need to change a few of the configuration settings to make sure that URL's to the Orchestra and Business Intelligence servers point to the IP or host name of the reverse-proxy and not directly at the servers.
This needs to be updated in two locations:
• On the Orchestra Server update the URL to the Business Intelligence application in the qp_central.applications and qp_agent.applications tables:
UPDATE qp_central.applications SET url = 'http://proxy.yourdomain.com:8080/businessintelligence' WHERE id='bi'
UPDATE qp_agent.applications SET url = 'http://proxy.yourdomain.com:8080/businessintelligence' WHERE id='bi'
E.g. make sure that the URL in the Orchestra Home page uses the reverse-proxy address instead of the direct IP or host name to the Business Intelligence server.
• On the Business Intelligence server, open the [install dir]/pentaho-solutions/system/security.properties file and change the central.orchestra.url property to the host name/ip address of the reverse proxy, e.g:
Adjust protocol, host name/ip and port according to your setup.
After installation, you will need to manually add the Data Sources for Business Intelligence again. This procedure is described in the Administrator’s Guide, found on Qmatic World.
After installation, you will need to manually add the Data Sources for Business Intelligence again. This procedure is described in the Administrator’s Guide, found on Qmatic World.