Logo
programming4us
programming4us
programming4us
programming4us
 Windows XP
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server
programming4us
 Windows Phone
 
 
Windows Server

SharePoint 2010 PerformancePoint Services : Securing a PerformancePoint Installation - Configuring Per-User Authentication with Kerberos

5/7/2011 10:03:17 AM
In PPS 2007, per-user authentication was configured per deployment. In PPS 2010, this setting is configured at a data source level, so it is possible to mix per-user data sources with data sources that use the Unattended Service Account.

Kerberos is a protocol used for authentication. It is used when there is a need for a server resource, such as PPS, to access another server resource, such as a database, on behalf of the user. In other words, the server needs to impersonate and pass along the identity of the calling user.

Before you start configuring Kerberos, be aware that you need to access the Active Directory domain controller for some configuration tasks. Therefore, you might need to involve other people to complete the setup. Make sure that you have access to all resources necessary before starting the configuration.

Also, consider configuring Kerberos in a test or demo environment before doing so in a production environment. Doing so allows you to get comfortable with the process. There are several steps involved, as described in the TechNet article referenced earlier, and if you configure a resource improperly, you risk impacting other non-SharePoint-related resources that are also using Kerberos.

Caution

Windows 2008 has some issues with Kerberos where it will periodically drop connections with Analysis Services. To avoid this problem, put Analysis Services on Windows 2003 or a Windows 2008 R2 machine or apply the hotfix from Microsoft KB article 969083.

As mentioned earlier, Kerberos has to be configured properly for per-user authentication to work properly. The following three steps need to be performed in this order for per-user authentication to work properly in farm scenarios:

1.
Create service principal names (SPNs) for the farm and data sources.

2.
Enable constrained delegation for computers and service accounts.

3.
Configure and start the Claims to Windows Token service.

Note

If you have a farm installation, you need to configure Kerberos even if all components, SharePoint 2010, and data sources are installed on the same machine. The only scenario in which the default authentication scheme, NTLM, will work for per-user identity is if you do a standalone installation.
Other -----------------
- SharePoint 2010 PerformancePoint Services : Securing a PerformancePoint Installation - Securing a Deployment with TLS
- BizTalk 2010 Recipes : Deployment - Enlisting and Starting Send Ports
- BizTalk 2010 Recipes : Deployment - Deploying a BizTalk Solution from Visual Studio
- BizTalk 2010 Recipes : Deployment - Manually Deploying Updates
- Exchange Server 2010 : Configuring Federated Sharing (part 2) - Assigning the Federated Sharing Role
- Exchange Server 2010 : Configuring Federated Sharing (part 1) - Implementing Federated Sharing
- Exchange Server 2010 : Role Based Access Control
- BizTalk 2010 Recipes : Deployment - Importing Applications
- BizTalk 2010 Recipes : Deployment - Exporting Applications
- SharePoint 2010 PerformancePoint Services : Securing a PerformancePoint Installation - Authentication Troubleshooting
 
 
Video tutorials
- How To Install Windows 8 On VMware Workstation 9

- How To Install Windows 8

- How To Install Windows Server 2012

- How To Disable Windows 8 Metro UI

- How To Change Account Picture In Windows 8

- How To Unlock Administrator Account in Windows 8

- How To Restart, Log Off And Shutdown Windows 8

- How To Login To Skype Using A Microsoft Account

- How To Enable Aero Glass Effect In Windows 8

- How To Disable Windows Update in Windows 8

- How To Disable Windows 8 Metro UI

- How To Add Widgets To Windows 8 Lock Screen
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
programming4us programming4us
 
programming4us
 Women
programming4us
 Windows Vista
programming4us
 Windows 7
programming4us
 Windows Azure
programming4us
 Windows Server
programming4us
 Windows Phone