Installing the reporting server

Crystal Enterprise provides a publishing platform for interactive reports. End users can access the reports via a Web application. Crystal Enterprise consists of a number of different components that can be logically grouped based on the type of work they perform, the client tier, the intelligence tier, the processing tier, and the data tier. The components that make up each of these tiers can be installed on one machine, or spread across many. More details about the Crystal Enterprise components can be found in the Crystal Enterprise 9 Administrator’s Guide, which is located in the directory /docs on the installation media. The ABBC project team decides to install all Crystal components on one Windows 2000 server system.

The Automated Process Scheduler (APS) is responsible for maintaining the APS database, which contains, for example, information about users and groups, authorization data, location of reports, and job schedules. By default, Crystal Enterprise installs the Microsoft MSDE database system to manage its data. The ABBC project team decides to use the existing DB2 database server to store the APS data due to the following reasons:

򐂰 Avoid the effort and necessary skills of maintaining two different databases.

򐂰 The MSDE database system does not include database management tools comparable to those available in DB2.

The overview of the required components is depicted in Figure 6-8.

Figure 6-8 Components for the reporting environment

Installation of IBM HTTP Server

The IBM HTTP Server can be downloaded from IBM’s Web site using the following URL:

http://www.ibm.com/software/webservers/httpservers/

In our example, we use IBM HTTP 1.3.28. The installation instructions are available at the following URL:

http://www.ibm.com/software/webservers/httpservers/doc/v1328/htdocs/en_US/m anual/ibm/9ainstal.htm

Configuring SSL for IBM HTTP Server

ABBC’s security guidelines require you to encrypt the traffic containing user credentials and security compliance data. Therefore, the project team configures SSL to be used for all communications. The following steps describe how to configure SSL for the IBM HTTP Server:

򐂰 When you set up secure connections, you have to configure a digital certificate for the HTTP server. There are two ways to obtain a certificate: – Buy a certificate from an external CA provider.

– Create a self-signed certificate.

Note: Please make sure you do not use IBM HTTP Server Version 2.x,

because this does not work correctly with Crystal Enterprise.

DB2 Database Server CE90 JAC Reporting Server IBM HTTP Server Crystal Enterprise Components APS

If you want to create a new self-signed server certificate, then start the IBM Key Management Utility, which can be located in C:\Pogram Files\ibm\gsk5\bin\gsk5ikm.exe.

򐂰 In our example, we use self-signed certificates. Create the directory

C:\Program Files\IBM HTTP Server\keytab, where you will store the server’s certificate. Start the IBM Key Management Utility by selecting Key database

File → New… from the menu bar. Select CMS key database file and enter the file name and location for the certificate. You will be prompted for a password to protect the certificate, as shown in Figure 6-9. You have to specify the expiration time for the certificate and select Stash the password

to a file. This is required to avoid specifying the password each time you start

the HTTP server. ABBC’s security policy allows you to store passwords in stash files.

Figure 6-9 Saving the certificate password in a stash file

Select OK and acknowledge a window confirming that the password was saved in the stash file. Now you have to create the new certificate. Select

Create → New Self-Signed Certificate... from the menu bar. In the Create New Self-Signed Certificate window, enter all entries required for the

certificate, as shown in Figure 6-10 on page 131. Make sure that the attribute Common Name equals the host name of the reporting server.

Figure 6-10 Attributes for the self-signed certificate

Click OK and see the new certificate stored in the Personal Certificates folder.

򐂰 Now follow the instructions documented in the online documentation of the IBM HTTP Server. Usually, the online documentation is stored under <HTTPD_HOME>\htdocs\en_US\manual\ibm\index.html.

The SSL configuration of the HTTP server adds the following lines, displayed in Example 6-3, to the configuration file, which is stored in

<HTTPD_HOME>\conf.

Example 6-3 SSL configuration section for IBM HTTP Server

Listen 443

<VirtualHost report_s1.pzone.abbc.com:443> ServerName report_s1.pzone.abbc.com SSLEnable

Keyfile "c:/program files/ibm http server/keytab/test.kdb" SSLV2Timeout 100

SSLV3Timeout 1000

DocumentRoot "C:/Program Files/IBM HTTP Server/crystal" SSLClientAuth none

Creating the APS database

Create a new APS database on the DB2 database server using the existing instance for Security Compliance Manager. Log in to the database server as the instance owner and create the database using the following command:

db2 create database CE90

This command creates a new database with default settings for most of the database parameters.

Installation of IBM DB2 client

To enable database connections from the reporting server to the DB2 database server, you have to install the DB2 database client.

Configuration of APS and DB2 connections

You have to configure DB2 database connections from the reporting server to the DB2 database server. During report generation, the Crystal Enterprise components have to access compliance data stored in the JAC database. The APS requires a DB2 database connection to its APS database that we created on the database server. For both connections, we use the DB2 client

configuration assistant that is installed with the DB2 client. Usually, the DB2 client configuration assistant can be found by selecting Start → Programs → IBM

DB2. Let us take a closer look at the necessary configuration steps using the

example of the JAC database connection starting with the Welcome window in Figure 6-11 on page 133.

Figure 6-11 DB2 Client configuration assistant

In the Welcome window, select Add Database. In the following window

(Figure 6-12), select Manually configure a connection to a database and click

Next.

Figure 6-13 DB2 Add Database Wizard: Protocol

In the next tab (Figure 6-14), specify the host name and port number of the Security Compliance Manager database configuration. The port number is defined in the /etc/services file of the database server. In our case, you have to specify port 50000 and select Next.

Figure 6-14 DB2 Add Database Wizard: TCP/IP configuration

In the next tab (Figure 6-15 on page 135), you have to enter the database name JAC for the Security Compliance Manager database and select Finish.

Figure 6-15 DB2 Add Database Wizard: Database configuration

The next window (Figure 6-16) confirms that the connection configuration was added successfully.

Figure 6-16 DB2 configuration confirmation

The next step is to test the connection. You have to make sure that the

connection works correctly before continuing with the installation of the reporting server. Select Test Connection and specify the user ID and password for the Security Compliance Manager database. If the connection can be established successfully, the window shown in Figure 6-17 on page 136 appears.

Figure 6-17 DB2 installation message

Repeat the same steps for the database connection to the APS database CE90 that you created on the database server.

Installation of Crystal Enterprise 9

The setup program for Crystal Enterprise 9 is located in the root directory of the Crystal Enterprise 9 CD.

Start the setup program and the window shown in Figure 6-18 on page 137 appears.

Attention: Crystal Enterprise 9 must be installed directly using the system

console. Remote installation using Windows Terminal Services Client is not possible.

Figure 6-18 Crystal Enterprise: setup window

We select Next, accept the Crystal Enterprise 9 for Tivoli license agreement (see Figure 6-19), and select Next.

components, including the MSDE database as the database system for the APS database. To avoid that action, you have to select the Custom installation. This option allows you to select only the required components.

Figure 6-20 Crystal Enterprise: installation types

Click Next. In the next window, open the Crystal APS folder and right-click the MSDE entry. Deselect the APS database from installation by clicking Entire

Figure 6-21 Crystal Enterprise: custom installation window

Deselect the database drivers as well; they are not needed. Click Next. In the following window, you have to specify that you do not want to cluster the APS with an existing cluster, as this is the first installation of Crystal Enterprise 9. The next window asks for the database driver you want to use. Select the DB2 Database driver and click Next, as shown in Figure 6-22.

In the next window (Figure 6-23), provide the logon information for the APS database. As the server, we use the database alias CE90 for the DB2 database connection that we configured in “Configuration of APS and DB2 connections” on page 132.

Figure 6-23 Crystal Enterprise: APS configuration

Click Next and start the installation program. After a successful installation, Crystal Enterprise is started automatically as a Windows service. Using the Crystal Configuration Manager, you can check the status of the Crystal components, as shown in Figure 6-24 on page 141.

Figure 6-24 Crystal Enterprise: configuration manager

Configure IBM HTTP Server for Crystal Enterprise 9

The installation program of Crystal Enterprise 9 installs the Web connector files so no special installation is required. All that is needed is to configure the IBM HTTP Server for Crystal Enterprise 9. In our example, IBM HTTP Server and Crystal Enterprise are installed on the same system. We already modified the httpd.conf file in Example 6-3 on page 131. You have to add the configuration lines marked in bold, as shown in Example 6-4.

Example 6-4 IBM HTTP Server configuration for Crystal Enterprise Alias /viewer/ "C:/Program Files/Common Files/Crystal Decisions/2.0/crystalreportviewers"

Alias /crystalreportviewers "C:/Program Files/Common Files/Crystal Decisions/2.0/crystalreportviewers"

Alias /crystal/Enterprise9/ "C:/Program Files/Crystal Decisions/Web Content/Enterprise9/"

Listen 443

<VirtualHost report_s1.pzone.abbc.com:443> ServerName report_s1.pzone.abbc.com SSLEnable

Keyfile "c:/program files/ibm http server/keytab/test.kdb" SSLV2Timeout 100

SSLV3Timeout 1000

DocumentRoot "C:/Program Files/IBM HTTP Server/crystal" SSLClientAuth none

AddType Magnus-Internal/cri .cri AddType Magnus-Internal/cwr .cwr

Action Magnus-Internal/rpt /cgi-bin/wcscgi.cgi Action Magnus-Internal/cwr /cgi-bin/wcscgi.cgi Action Magnus-Internal/csp /cgi-bin/wcscgi.cgi Action Magnus-Internal/cri /cgi-bin/wcscgi.cgi

</VirtualHost>

You have to restart the IBM HTTP server to activate the changes.