Infrastructure and Installations
Proactively work to harden Dodeca servers
According to Wikipedia, server hardening is “the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.”
There are numerous resources on the web that provide checklists and other steps you can take to harden your servers.
Use HTTPS on all Dodeca connections
All connections to the Dodeca servers should use HTTPS. It goes without saying that security is a major issue facing companies today and, as such, HTTPS is crucial to protecting information.
Upgrade Java versions to get the latest security patches
Java is updated at least 4 times per year and each update includes new security enhancements. We recommend customers upgrade Java on a regular basis.
Install the Dodeca Framework installation on a Windows machine with necessary utilities like WinRar and Notepad++
The Dodeca Framework installation installs files that are subsequently used to assemble, package, and digitally sign the Dodeca ClickOnce deployment and then to package the signed installation package into a Java Web Archive (war) file. Although the ClickOnce deployment signature is tied to a specific URL, the deployment may be created on any machine that has the Windows operating system.
We often use WinRar or 7zip to modify files in the packaged war file as these utilities allow us to extract a file from the war file, which is basically a compressed zip archive containing a specific internal directory structure, modify the file, and save it back into the same directory structure. Similarly, WinRar and 7zip also allow us to add files to any subdirectory in the war file without changing the directory structure.
Notepad++ is a powerful text editor that provides a number of benefits over the standard Windows Notepad for editing text files including color coding and the ability to display non-printable characters.
DO NOT use UltraEdit to edit Dodeca config files as they add an extra backup file that messes up installations
UltraEdit often leaves a backup file that adds an extra step to delete those files when editing property files, etc, to be packaged in the war file.
Know if you are using URL deployment, XCopy deployment, or both
There are two main ways to deploy the Dodeca client. First, you can deploy the Dodeca client using a URL. When using a URL deployment, Dodeca takes advantage of Microsoft ClickOnce deployment to deploy the client to the desktop without the need for any special privileges. URL deployments are easy to create and easy to maintain as Dodeca updates are automatically rolled out to the desktops whenever the server is updated.
XCopy deployment, on the other hand, uses simple drag and drop of a directory structure, along with a shortcut defining the appropriate command line arguments for a given Dodeca server, tenant, and application. XCopy deployments do not, however, automatically update themselves which may lead to maintenance on the desktop. The Dodeca client does, however, start up faster with XCopy deployments as the automatic code updating mechanism associated with ClickOnce deployments does not exist for XCopy deployed applications.
The deployment mechanism in use is often useful for our support team during support calls.
Maintain version parity between client and server, especially when dealing with XCopy installs
Though version differences between the Dodeca client and the Dodeca server may work, we strongly recommend that the Dodeca client and the Dodeca server versions match. This is even more important to be aware of this issue when working with XCopy deployments as URL deployments always match the Dodeca client and Dodeca server versions as the client is deployed directly out of the Dodeca server.
The Dodeca-Essbase service version should also match the Dodeca client version for best results. In addition, the Dodeca-Essbase service Essbase version should match the version of Essbase to which it is communicating.
Keep a record of ClickOnce URL’s and don’t rely on browser history
ClickOnce URL’s are not real webpages and thus it is not possible to navigate to them and set a bookmark. The browser may store a history of the URL, but that history may be limited or transitory. We recommend that administrators keep a record of the ClickOnce URL’s in their system in a text file for later use. We also recommend that for end user deployment, a web page be created and maintained to display valid Dodeca URL’s.
Prepare for installations by gathering the appropriate information
Obtain the following information:
-
All passwords required for the environment
-
Operating systems
-
Application servers
-
Databases
-
-
Server names and aliases
-
SSL certificates
-
SSL aliases which should be descriptive and not the same as the server name
Initialize a tenant using the Metadata Starter Kit
Initialize a new tenant using the Metadata Starter Kit. The Metadata Starter Kit contains the basic objects that you will need to create a base application including two Smart Client Application objects, Toolbar Configurations, Style Libraries, a View Hierarchy, and even an Essbase Adhoc View for you to get started.
Beginning in version 8.0, Dodeca Shell contains an import-starter-kit command that will automatically import a starter kit into the active tenant.
Use the Quick Start Utilities to quickly import Essbase Connections and Dimensions
The Quick Start Utilities serves to quickly import Essbase connections and/or dimensions in the selected Essbase database. This functionality is intended for use both to quickly get a new Dodeca application up and running quickly and to selectively add connections and/or point-of-view selectors to existing applications using best practice naming conventions.
The Essbase connections are imported as Essbase Connection objects and contain the basic information needed to connect to the database. After the connection is imported, all properties can be edited in the Essbase Connections metadata editor.
The Import Dimensions functionality allows the developer to select one or more dimensions to import into Dodeca to create selector and selector lists. Dodeca imports solely the dimension name to be used create the selector, its associated properties, and it’s accompanying default selector list. Note that selectors in Dodeca are not tied to a specific database and thus the default selector list is created as a tree hierarchy with the dimension name as the root node of the hierarchy.
Use the same ID and name for Dodeca objects
In many corporate systems, there is the concept of an object ID and an object name where the object id is a unique identifier and the name is a more user-friendly identifier. In Dodeca, we recommend that the identifier also be user-friendly as we designed the Dodeca repository to handle the identifier and the name to be identical. This makes management of related objects much easier
The three restrictions on the unique ID:
-
It must be unique within the same category of object (i.e. views, workbook scripts, etc)
-
It may not be longer than 100 characters in length
-
It may not contain characters that are invalid for use within filenames. In other words, the following characters are not allowed:
-
< (less than)
-
> (greater than)
-
: (colon)
-
" (double quote)
-
/ (forward slash)
-
\ (backslash)
-
| (vertical bar or pipe)
-
? (question mark)
-
* (asterisk)
-