1 / 13

Implementing Kerberos with PerformancePoint Services and Excel Services

Session objectives and takeaways . What is Kerberos, and why use itCovers the reasons for use of Kerberos (especially for BI!!)Configuring SharePoint 2010 for KerberosDemoConfiguring the SPN'sDemoConfiguring Excel ServicesDemoQ

dragon
Download Presentation

Implementing Kerberos with PerformancePoint Services and Excel Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    2. Rob Hawthorne Principal Consultant Prophesy Limited Implementing Kerberos with PerformancePoint Services and Excel Services

    3. Session objectives and takeaways What is Kerberos, and why use it Covers the reasons for use of Kerberos (especially for BI!!) Configuring SharePoint 2010 for Kerberos Demo Configuring the SPN’s Demo Configuring Excel Services Demo Q & A

    4. What is Kerberos Why use it? - Pros Most secure Integrated Windows authentication protocol Allows delegation of client credentials – multiple hop scenario Support mutual authentication of clients and servers Produces less traffic to domain controllers Open protocol supported by many platforms and vendors

    5. What is Kerberos Why use it? - Cons Requires additional configuration of infrastructure and environment to function properly Requires clients have connectivity to the KDC (Active Directory domain controller in Windows environments) over TCP/UDP port 88 (Kerberos), and TCP/UDP port 464 (Kerberos Change Password – Windows)

    6. Kerberos Authentication Overview

    7. Demo Configuring SharePoint for Kerberos

    8. SPN’s and their meanings REM SPNs for the Back-end (SQL & OLAP server) setspn -A MSSQLSVC/<sql_machinename> <serviceaccount> setspn -A MSSQLSVC/<sql_machinename>:1433 <serviceaccount> setspn -A MSOLAPSVC/<sql_machinename> <serviceaccount> setspn -A MSOLAPDisco.3/<sql_machinename> <serviceaccount> setspn -A MSOLAPSVC.3/<olap_machinename> <serviceaccount> REM SPNs for the front-end (MOSS2010 server) setspn -A HTTP/<iis_machinename> <serviceaccount>

    9. Demo Configuring the SPNs (and associated components)

    10. Check service accounts are using Kerberos SELECT s.session_id, s.login_name, s.host_name, c.auth_scheme FROM sys.dm_exec_connections c INNER JOIN sys.dm_exec_sessions s ON c.session_id = s.session_id

    11. Sample query for SQL SELECT c.auth_scheme, s.login_name FROM sys.dm_exec_connections c INNER JOIN sys.dm_exec_sessions s ON c.session_id = s.session_id WHERE c.session_id = @@spid ;

    12. Demo Configuring Excel Services

More Related