QLIKVIEW MOBILE SECURITY



Similar documents
GOVERNANCE OVERVIEW. A QlikView Technology White Paper. qlikview.com. December 2011

QLIKVIEW SECURITY OVERVIEW

QLIKVIEW IN THE ENTERPRISE

QLIKVIEW GOVERNANCE DASHBOARD FAQ

QLIKVIEW SERVER MEMORY MANAGEMENT AND CPU UTILIZATION

HP Software as a Service. Federated SSO Guide

QLIKVIEW SERVER LINEAR SCALING

SAP Best Practices for SAP Mobile Secure Cloud Configuration March 2015

QLIKVIEW DATA FLOWS TECHNICAL BRIEF

Ensuring the security of your mobile business intelligence

FileCloud Security FAQ

QLIKVIEW GOVERNANCE DASHBOARD 1.0

THE QLIKVIEW PRODUCT FAMILY

Qlik Sense Enabling the New Enterprise

QlikView 11 Source Control Walkthrough

Deploying EMC Documentum WDK Applications with IBM WebSEAL as a Reverse Proxy

CA Performance Center

HP Device Manager 4.7

System requirements for Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Improve Security, Lower Risk, and Increase Compliance Using Single Sign-On

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Agenda. How to configure

QLIKVIEW ON MOBILE: Beyond Reporting. A QlikView White Paper. qlikview.com. December 2012

OVERVIEW. DIGIPASS Authentication for Office 365

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations

Single Sign-on (SSO) technologies for the Domino Web Server

CA Nimsoft Service Desk

Copyright

HotSpot Enterprise Mobile Printing Solution. Security Whitepaper

HP Device Manager 4.6

CA Unified Infrastructure Management Server

White Paper. BD Assurity Linc Software Security. Overview

What is an SSL Certificate?

METADATA-DRIVEN QLIKVIEW APPLICATIONS AND POWERFUL DATA INTEGRATION WITH QLIKVIEW EXPRESSOR

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

SAP BusinessObjects Business Intelligence 4 Innovation and Implementation

HP Software as a Service

WHAT IS THE DIFFERENCE BETWEEN SAN AND NAS AND HOW CAN I USE THEM IN MY QLIKVIEW ENVIRONMENT?

The BARC BI Survey 10 QlikView Highlights

Ensuring the security of your mobile business intelligence

SSL VPN Technology White Paper

Synchronizing ProCurve IDM and Windows Active Directory

Flexible Identity Federation

Connectivity to Polycom RealPresence Platform Source Data

How to configure 802.1X authentication with a Windows XP or Vista supplicant

Enterprise Security with mobilecho

White Paper: Deploying QlikView

Technical White Paper: Clustering QlikView Servers

Secure Mobile Content Management for the Enterprise

BlackBerry Enterprise Server for Microsoft Office 365 preinstallation checklist

Using a VPN with Niagara Systems. v0.3 6, July 2013

HP A-IMC Firewall Manager

Protected Trust Setup Guide for Brother MFC Devices

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

Administering Windows Server 2012 (20411) H4D01S

SWEDBANK EMPOWERS 5,000+ USERS WITH CUSTOMER ANALYSIS TOOL USING QLIKVIEW

CA Spectrum and CA Embedded Entitlements Manager

NCSU SSO. Case Study

VMware Virtual Desktop Manager User Authentication Guide

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

QLIKVIEW DESKTOP INSTALLATION GUIDE

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Deliver Secure, User-Friendly Access to Mobile Business Apps

Perceptive Experience Single Sign-On Solutions

Direct or Transparent Proxy?

Simplify and Secure Cloud Access to Critical Business Data

Landscape Design and Integration. SAP Mobile Platform 3.0 SP02

ENABLING SINGLE SIGN-ON FOR EMC DOCUMENTUM WDK-BASED APPLICATIONS USING IBM WEBSEAL ON AIX

Technical Certificates Overview

Securing WebFOCUS A Primer. Bob Hoffman Information Builders

Network Configuration Settings

Citrix Receiver. Configuration and User Guide. For Macintosh Users

Thales ncipher modules. Version: 1.2. Date: 22 December Copyright 2009 ncipher Corporation Ltd. All rights reserved.

Unlock the Value of Your Microsoft and SAP Software Investments

Good Share Client User Guide for ios Devices

QLIKVIEW ON MOBILE: BEYOND REPORTING

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

SafeNet Authentication Service

SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features

Introduction to the EIS Guide

Barracuda SSL VPN Administrator s Guide

University Computing & Telecommunications Virtual Private Networking: How To/Self- Help Guide Windows 8.1 Operating System.

THE QLIKVIEW BUSINESS DISCOVERY PLATFORM

How To Use Qlikview For Utilities

When enterprise mobility strategies are discussed, security is usually one of the first topics

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

HP Asset Manager. Implementing Single Sign On for Asset Manager Web 5.x. Legal Notices Introduction Using AM

Central Desktop Enterprise Edition (Security Pack)

Installation Guide: Agentry Device Clients SAP Mobile Platform 2.3

How-To Guide SAP NetWeaver Document Version: How To Guide - Configure SSL in ABAP System

BES10 Cloud architecture and data flows

Mobile Admin Architecture

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

Using Entrust certificates with VPN

New Security Features

Sharpen your document and data security HP Security solutions for imaging and printing

Manual to Access SAP Training Systems Technical Description for Customer On-Site Training

QlikView for utilities. Reducing Utilities Costs

Transcription:

QLIKVIEW MOBILE SECURITY QlikView Technical Brief Published: March, 2011 qlikview.com

QlikView Mobile Security Mobile devices are convenient, versatile and, for many employees, they are indispensable. High adoption rates and reliance on mobile devices makes safe mobile data analysis a critical concern. However, mobile devices can easily be lost and that s why QlikView mobile clients have robust security means to secure sensitive business data. QlikView s mobile clients leverage the entire security infrastructure of a typical QlikView enterprise deployment. This Technical Brief takes a look at the security features of the QlikView ipad touch-enabled Ajax client and uses an example implementation to explain some of the technical details. This Technical Brief is a companion document to the QlikView Security Overview Technology White Paper, which deals in detail how a typical QlikView deployment addresses the question of security. This brief will discuss the QlikView ipad client s security at these levels: Device Transmission Authentication and Authorization It also includes an example implementation using Double Authentication Device Security One of the main security considerations for mobile BI solutions is not to store any business data on the device. QlikView mobile clients do not store data on the device. As such, there is no local copy to lose if the mobile device is stolen and the data only resides on QlikView servers within a secure enterprise environment, with access permitted only over the network for the correctly authenticated and authorized users. Transmission Security Transmission security refers to protection of data from unauthorized interception. The QlikView ipad client supports VPN connections where the communication between the client and the QlikView server, including the username and password, are encrypted. The QlikView ipad client also supports HTTPS/SSL communication protocols. In the implementation example described below, HTTPS and Secure Sockets Layer (SSL) is used with server certificates installed on the IIS web server. In this specific case, tunneling is also enabled to encrypt the communication between IIS web server and QlikView server. QlikView Mobile Security Page 2

Authentication and Authorization Authentication refers to the act of establishing or confirming the user as true or authentic. Authorization refers to the act of specifying access rights to control access of information to users. The QlikView ipad client leverages the existing authentication and authorization methods provided by QlikView Server (as described in the QlikView Security Overview Technology White Paper). There is nothing different from the ipad experience from a security perspective than a desktop browser. For Authentication, the QlikView Server requires that users be authenticated by some external process, and that credentials granted by that process be communicated to the QlikView Server. QlikView supports authentication via Active Directory, third-party single sign-on (SSO) solutions (such as CA Site Minder or IBM WebSeal), as well as via digital certificates. Once the user is authenticated, there are two authorization modes available: NTFS & DMS. NTFS mode relies on security features built in with Windows on the server side to secure access to QlikView documents through the ipad client. In NTFS mode, administrators control access to QlikView documents from the operating system itself rather than from QlikView. By contrast, DMS mode allows administrators to control access to QlikView documents centrally, within QlikView. (A detailed description of the differences between NTFS and DMS modes is contained within the QlikView Security Overview Technology White Paper). Example Implementation Double Authentication The implementation example below demonstrates a real use case where security was applied to a QlikView deployment covering ipad devices. The security requirement is to achieve double authentication (i.e. using both user certificates and basic authentication against Microsoft Active Directory) with HTTPS/SSL connection. This is just one way to achieve a secure ipad implementation. There are other methods that could be used based on other security requirements. Figure 1 illustrates the Double Authentication example described below. First Authentication ipad supports digital certificates, giving business users secure access to corporate services. A digital certificate is composed of a public and private key pair, along with other information about the user and the certificate authority that issued the certificate. Digital certificates are a form of identification that enables authentication, data integrity, and encryption. In this implementation example, digital certificates are used to securely authenticate users to corporate services. A Microsoft IIS web server in the De-Militarized Zone (DMZ) domain is setup to provide one-to-one certificate mapping. When a user connects to the IIS site, IIS will request a user certificate which is already created on the ipad. The user will be QlikView Mobile Security Page 3

prompted for a certificate and its public key is then submitted to the IIS server. The IIS server will compare this public key with the available public keys of which the administrator has granted access. Based on the result, IIS will either allow or disallow the user access to the QlikView Server. If the user is allowed, IIS will encrypt the contents using a user public key and sends it back to the user. Now that the user has both keys, they will decrypt the contents sent by IIS using their own private key and will be able to start communication with the IIS server. Second Authentication The next step in this example is the second authentication. QlikView can be configured to provide a second layer of authentication to make sure that the user requesting access to the QlikView Server can be authenticated against the corporate security system (such as Active Directory or another LDAP, for example). As is normal, the user gets challenged for their credentials to be authenticated against the security system. Authorization The final step in the process is to give the authenticated user access to the authorized documents. This process is handled by the QlikView Server and is described in detail in the QlikView Security Overview Technology White Paper. QlikView Mobile Security Page 4

Figure 1: Double Authentication in a Mobile Environment 3. IIS server compares the public key with available public keys granted by admin, authenticates the user and grants access 1. User is prompted for certificate 2. User selects the certificate and Public Key is submitted WEB SERVER Encrypted communication via tunneling 4. User is prompted for User Name and password QvS 7. Authorized QV docs are available to the user 5. User gets authenticated against AD 6. Authenticated user name is passed to QvS FIRST AUTHENTICATION SECOND AUTHENTICATION Source: QlikTech 2010 QlikTech International AB. All rights reserved. QlikTech, QlikView, Qlik, Q, Simplifying Analysis for Everyone, Power of Simplicity, New Rules, The Uncontrollable Smile and other QlikTech products and services as well as their respective logos are trademarks or registered trademarks of QlikTech International AB. All other company names, products and services used herein are trademarks or registered trademarks of their respective owners. The information published herein is subject to change without notice. This publication is for informational purposes only, without representation or warranty of any kind, and QlikTech shall not be liable for errors or omissions with respect to this publication. The only warranties for QlikTech products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting any additional warranty. QlikView Mobile Security Page 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information